1

Unit 1

Cyber world: an overview, internet and online resources, security of information, digitalsignature, intellectual property (IP), historical background of IP, IPR governance,

National patent offices, the world intellectual property organization (WIPO)

Cyber world:

Some think cyber world is the world of online computers and communications which implies today's fast-moving high-technology world online. That is one way to look at it if you are into abstractions and distractions. We are interested in something more tangible and real; so we've redefined the term to give it the power and meaning that it deserves.

The Cyber World -1. An online world where users have the mechanisms in place to transact any business or personal activity as easily and freely as they can transact them in the physical world. 2. An environment for sophisticated online computing. 3. The futuristic online world of computing. This obviously means the cyber world does not exist. Up to now we’ve been having a lot of fun online using a web of documents and data. After 20 years of surfing, maybe it's time to get serious. It seems we've gotten ourselves caught in a web and we don’t know how to get out.

The Cyber World is a digital extension of yourself interacting with a digital extension of our real world in a Virtual environment. It should be obvious you can’t build virtual extensions on a web or web pages. We have to have something much more sophisticated.

 These digital extensions will give the ordinary user extraordinary capabilities compared to today’s standards. The Cyber World will allow the internet to move to a more advanced level of online computing. Things like voting, attending classes, purchasing homes and automobiles, court proceedings, job interviews, grocery shopping, Medical care and diagnostics, computer and home appliance maintenance and diagnostics, real time monitoring and enforcement of cyber-crime, etc., will all be done online with ease. Many expected the web to produce all these things, but the dot com meltdown was the first sign that web technology was not up to the challenge. This is the simple part. Maybe not so simple for the web but we are dealing with a super technology. The Cyber World's goals and capabilities will reach much higher. The Cyber World has the ability to set the human race free. Free from itself, business and government. If there is one thing we've learned from the web, is that freedom will grow anything. It is like fertilizer. The Internet enhanced by the Web is the purest expression of Freedom and Democracy the world has ever known. Yet, there are people who want to limit this freedom in order to control it - in order to make money. This is backwards. It's very simple, you only need a little imagination. Because we live in digital age, it is no longer necessary to divide and conquer to profit. In a digital age, this will only lead to failure. There is a new recipe for profiting in the digital age. Adding Freedom = Big Profits. No one says no to freedom and yes to slavery. The Internet enhanced by the Cyber World will give the human race true Freedom and Autonomy.

2

Internet and online resources:

In general, Web pages and documents on the Internet that provide useful information. While an online resource is typically data and educational in nature, any support software available online can also be considered a resource.

We use the term "electronic resources" to refer to a variety of resources available online. This includes our online collections of magazine and newspaper articles, encyclopaedias, financial and investment resources, online language learning systems, business directories, practice tests and study guides, and live, web-based, one-on-one tutoring. 

These   and many more  are paid and some are free of charge. You just need to log in with your computer. These resources are available 24 hours a day, seven days a week, from any computer with an Internet connection.

Online sources are informational resources found on the Internet. They include the websites of professional organizations, electronic versions of reference books, academic journals and periodicals, and even blogs. Online sources are great for research, as long as you put in the work to determine which sources are reliable! This is a multi-step process that involves figuring out a particular source’s publisher, author, bias, depth, accuracy, and timeliness.

Security of information:

Information Security is a multidisciplinary area of study and professional activity which is concerned with the development and implementation of security mechanisms of all available types (technical, organisational, human-oriented and legal) in order to keep information in all its locations (within and outside the organisation's perimeter) and, consequently, information systems, where information is created, processed, stored, transmitted and destroyed, free from threats.

Security of information can be defined in following ways:

Integrity

In information security, data integrity means maintaining and assuring the accuracy and consistency of data over its entire life-cycle. This means that data cannot be modified in an unauthorized or undetected manner. This is not the same thing as referential integrity in databases, although it can be viewed as a special case of consistency as understood in the classic ACID model of transaction processing. Information security systems typically provide message integrity in addition to data confidentiality.

Availability

For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. High availability systems aim to remain available at all times,

3

preventing service disruptions due to power outages, hardware failures, and system upgrades. Ensuring availability also involves preventing denial-of-service attacks, such as a flood of incoming messages to the target system essentially forcing it to shut down.

Authenticity

In computing and information security, it is necessary to ensure that the data, transactions, communications or documents (electronic or physical) are genuine. It is also important for authenticity to validate that both parties involved are who they claim to be. Some information security systems incorporate authentication features such as "digital signatures", which give evidence that the message data is genuine and was sent by someone possessing the proper signing key.

Non-repudiation

In law, non-repudiation implies one's intention to fulfil their obligations to a contract. It also implies that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction.

It is important to note that while technology such as cryptographic systems can assist in non-repudiation efforts, the concept is at its core a legal concept transcending the realm of technology. It is not, for instance, sufficient to show that the message matches a digital signature signed with the sender's private key, and thus only the sender could have sent the message and nobody else could have altered it in transit. The alleged sender could in return demonstrate that the digital signature algorithm is vulnerable or flawed, or allege or prove that his signing key has been compromised. The fault for these violations may or may not lie with the sender himself, and such assertions may or may not relieve the sender of liability, but the assertion would invalidate the claim that the signature necessarily proves authenticity and integrity and thus prevents repudiation.

Digital signature:

A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, such that the sender cannot deny having sent the message (authentication and non-repudiation) and that the message was not altered in transit (integrity). Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering. (More in shivani.)

Intellectual property:

Intellectual property (IP) is a legal term that refers to creations of the mind. Examples of intellectual property include music, literature, and other artistic works; discoveries and inventions; and words, phrases, symbols, and designs. Under intellectual property laws, owners of intellectual property are granted certain exclusive rights. Some common types of intellectual property rights (IPR) are copyright, patents, and industrial design rights; and the rights that protect trademarks, trade dress, and in some jurisdictions trade secrets. Intellectual property rights are themselves a form of property, called intangible property.

4

Although many of the legal principles governing IP and IPR have evolved over centuries, it was not until the 19th century that the term intellectual property began to be used, and not until the late 20th century that it became commonplace in the majority of the world. The Statute of Monopolies (1624) and the British Statute of Anne (1710) are now seen as the origins of patent law and copyright respectively, firmly establishing the concept of intellectual property.

Historical background of IP:

The first known use of the term intellectual property dates to 1769, when a piece published in the Monthly Review used the phrase. The first clear example of modern usage goes back as early as 1808, when it was used as a heading title in a collection of essays.

The German equivalent was used with the founding of the North German Confederation whose constitution granted legislative power over the protection of intellectual property (Schutz des geistigen Eigentums) to the confederation. When the administrative secretariats established by the Paris Convention (1883) and the Berne Convention (1886) merged in 1893, they located in Berne, and also adopted the term intellectual property in their new combined title, the United International Bureaux for the Protection of Intellectual Property.

The organization subsequently relocated to Geneva in 1960, and was succeeded in 1967 with the establishment of the World Intellectual Property Organization (WIPO) by treaty as an agency of the United Nations. According to Lemley, it was only at this point that the term really began to be used in the United States (which had not been a party to the Berne Convention), and it did not enter popular usage until passage of the Bayh-Dole Act in 1980.

Until recently, the purpose of intellectual property law was to give as little protection possible in order to encourage innovation. Historically, therefore, they were granted only when they were necessary to encourage invention, limited in time and scope.

The importance of intellectual property was first recognized in the Paris Convention for the Protection of Industrial Property (1883) and the Berne Convention for the Protection of Literary and Artistic Works (1886). Both treaties are administered by the World Intellectual Property Organization (WIPO).

IPR governance:

Intellectual property rights (IPR) are among the key institutions that influence innovative activity. US patent reforms in the early 1980s put IPR at the forefront of domestic policy debates. Since then, the US has endeavoured to embed IPR into trade negotiations, thereby thrusting it onto the international scene. And although there has been a massive global movement toward stronger IPR, its relative merits remain unclear. This project seeks to understand the evolving role of domestic IPR in a context of increasing globalization.

A better understanding of the effect of IPR on innovation will allow policy makers to design more optimal national property rights regimes. The project will also inform the creation of multilateral agreements on IPR and examine whether the effects of IPR on innovation depend

5

on the country’s level of development, thus informing policies aimed at international development. Research for this project began in 2012.

National patent offices:

A patent office is a governmental or intergovernmental organization which controls the issue of patents. In other words, "patent offices are government bodies that may grant a patent or reject the patent application based on whether or not the application fulfils the requirements for patentability."

A patent office is a government body that is responsible for approving or denying any patent applications submitted by applicants for inventions. Once an application has been approved by the office, the applicant is granted the exclusive right to make, use, or sell the invention for a set period of time. Typically, a patent office is staffed by people who have been formally registered to practice before the office. These individuals are often also licensed attorneys.

Most offices grant patents that are effective only within the borders of their own countries. If an applicant is granted a patent in one country, he or she must generally submit a separate application to an office in each foreign country in order to get foreign patent rights. Most countries have their own patent rules and charge filing fees. As a result, filing a patent with multiple foreign offices can be an expensive undertaking.

Many patent offices have designated a specific process for the filing of patents. In general, an applicant is first required to search a database of patent records in order to determine whether another person has already patented his or her invention. If the invention hasn’t been patented, the applicant can submit an application to the office. The office will undertake a patent prosecution, during which it determines whether the patent will be granted or denied.

If the patent is denied, the applicant usually has the right to appeal the decision to an appeals board. The applicant is normally responsible for paying any fees associated with the application process. The patent office may also charge fees for maintaining or renewing a patent.

In addition to approving patents, a patent office publishes and distributes information relating to patents, and it records instances in which a patent holder assigns his or her invention to another person or entity. It also serves as an official record custodian. In this capacity, it may retain a database of national and international records. Additionally, a patent office generally provides the public with a facility to search and inspect patents already on file.

In some countries, patent offices are more generally referred to as intellectual property offices. In addition to reviewing patent applications, they also handle issues relating to trademarks and copyrights. A trademark is a type of protection offered for logos that differentiate a particular product or service. Copyrights are granted to protect certain works, such as a literary, artistic, or musical creation.

6

WIPO:

The World Intellectual Property Organization (WIPO) is one of the 17 specialized agencies of the United Nations.

WIPO was created in 1967 "to encourage creative activity, to promote the protection of intellectual property throughout the world."

WIPO currently has 188 member states, administers 26 international treaties, and is headquartered in Geneva, Switzerland. The current Director-General of WIPO is Francis Gurry, who took office on October 1, 2008. 186 of the UN Members as well as the Holy See and Niue are Members of WIPO. Non-members are the states of Marshall Islands, Federated States of Micronesia, Nauru, Palau, Solomon Islands, South Sudan and Timor-Leste. Palestine has observer status.

Established in 1967, the World Intellectual Property Organization (WIPO) is an international organization dedicated to helping ensure that the rights of creators and owners of intellectual property are protected worldwide, and that inventors and authors are therefore recognized and rewarded for their ingenuity. This international protection acts as a spur to human creativity, pushing back the limits of science and technology and enriching the world of literature and the arts. By providing a stable environment for marketing products protected by intellectual property, it also oils the wheels of international trade. WIPO works closely with its Member States and other constituents to ensure the intellectual property system remains a supple and adaptable tool for prosperity and well-being, crafted to help realize the full potential of created works for present and future generations.Promotion of IP

As part of the United Nations system of specialized agencies, WIPO serves as a forum for its Member States to establish and harmonize rules and practices for the protection of intellectual property rights. WIPO also services global registration systems for trademarks, industrial designs and appellations of origin, and a global filing system for patents. These systems are under regular review by WIPO’s Member States and other stakeholders to determine how they can be improved to better serve the needs of users and potential users. Many industrialized nations have intellectual property protection systems that are centuries old. Among newer or developing countries, however, many are in the process of building up their patent, trademark and copyright legal frameworks and intellectual property systems. With the increasing globalization of trade and rapid changes in technological innovation, WIPO plays a key role in helping these systems to evolve through treaty negotiation; legal and technical assistance; and training in various forms, including in the area of enforcement. WIPO works with its Member States to make available information on intellectual property and outreach tools for a range of audiences –from the grassroots level through to the business sector and policymakers – to ensure its benefits are well recognized, properly understood and accessible to all.

How is WIPO funded?WIPO is a largely self-financed organization, generating more than 90 percent of its annual budget through its widely used international registration and filing systems, as well as through its publications and arbitration and mediation services. The remaining funds come from contributions by Member States.

7

UNIT-2

Introduction about the cyber space, cyber law, regulation of cyber space, scope of cyber-laws: ecommerce; online contracts; IPRs (copyright, trademarks and software

patenting), E-taxation; e-governance and cyber-crimes, Cyber law in India with special reference to Information Technology Act, 2000.

Introduction about the cyber space:

Cyberspace is "the notional environment in which communication over computer networks occurs." The word became popular in the 1990s when the uses of the internet, networking, and digital communication were all growing dramatically and the term "cyberspace" was able to represent the many new ideas and phenomena that were emerging. The parent term of cyberspace is "cybernetics", derived from the Ancient Greek word which means steersman, governor, pilot, or rudder, “cyberspace” is introduced by William Gibson a science fiction writer.

As a social experience, individuals can interact, exchange ideas, share information, provide social support, conduct business, direct actions, create artistic media, play games, engage in political discussion, and so on, using this global network. They are sometimes referred to as cybernauts.

Unlike most computer terms, "cyberspace" does not have a standard, objective definition. Instead, it is used to describe the virtual world of computers. For example, an object in cyberspace refers to a block of data floating around a computer system or network. With the advent of the Internet, cyberspace now extends to the global network of computers. So, after sending an e-mail to your friend, you could say you sent the message to her through cyberspace. However, use this term sparingly, as it is a popular newbie term and is well overused.

The term cyberspace has become a conventional means to describe anything associated with the Internet and the diverse Internet culture. The United States government recognizes the interconnected information technology and the interdependent network of information technology infrastructures operating across this medium as part of the US national critical infrastructure. Amongst individuals on cyberspace, there is believed to be a code of shared rules and ethics mutually beneficial for all to follow, referred to as cyberethics.

A metaphor for describing the non-physical terrain created by computer systems. Online systems, for example, create a cyberspace within which people can communicate with one another (via e-mail), do research, or simply window shop. Like physical space, cyberspace contains objects (files, mail messages, graphics, etc.) and different modes of transportation and delivery. Unlike real space, though, exploring cyberspace does not require any physical movement other than pressing keys on a keyboard or moving a mouse.

Some programs, particularly computer games, are designed to create a special cyberspace, one that resembles physical reality in some ways but defies it in others. In its extreme form, called virtual reality, users are presented with visual, auditory, and even tactile feedback that makes cyberspace feel real.

8

Cyber law:

Cyber law or Internet law is a term that encapsulates the legal issues related to use of the Internet. It is less a distinct field of law than intellectual property or contract law, as it is a domain covering many areas of law and regulation.Cyber Law is the law governing cyber space. Cyber space is a very wide term and includes computers, networks, software, data storage devices (Such as hard disks, USB disks etc.), the Internet, websites, emails and even electronic devices such as cell phones, ATM machines etc. Law encompasses the rules of conduct:

1. That have been Approved by the government, and 2. Which are in Force over a certain territory, and 3. Which must be obeyed by all persons on that territory.

Violation of these rules could lead to government action such as imprisonment or fine or an order to pay compensation. Cyber law encompasses laws relating to:1. Cyber Crimes 2. Electronic and Digital Signatures 3. Intellectual Property 4. Data Protection and Privacy

Cybercrimes are unlawful acts where the computer is used either as a tool or a target or both. The enormous growth in electronic commerce (e-commerce) and online share trading has led to a phenomenal spurt in incidents of cyber-crime. To prevent these crimes and to maintain the fair usage of the internet cyber laws are designed.

Cyber law include some of the major laws:

1. Copyright lawIn relation to computer software, computer Source code, websites, cell phone content etc.

2. Software and source code Licences

3. Trademark lawWith relation to domain names, Meta tags, Mirroring, framing, linking etc.

4. Semiconductor law Which relates to the protection of Semiconductor integrated circuits design and layouts,

5. Patent lawIn relation to computer hardware and software.

Data protection and privacy laws aim to achieve a fair balance between the privacy rights of the individual and the interests of data controllers such as banks, hospitals, email service providers etc. These laws seek to address the challenges to privacy caused by collecting, storing and transmitting data using new technologies.In early times, there was no statute in India for governing Cyber Laws involving privacy issues, jurisdiction issues, intellectual property rights issues and a number of other legal

9

questions. With the tendency of misusing of technology, there arisen a need of strict statutory laws to regulate the criminal activities in the cyber world and to protect the true sense of technology "INFORMATION TECHNOLOGY ACT, 2000" [ITA- 2000] was enacted by Parliament of India to protect the field of e-commerce, e-governance, e-banking as well as penalties and punishments in the field of cyber-crimes. The above Act was further amended in the form of IT Amendment Act, 2008 [ITAA-2008]

Need for Cyber Law

There are various reasons why it is extremely difficult for conventional law to cope with cyberspace. Some of these are discussed below.

1. Cyberspace is an intangible dimension that is impossible to govern and regulate using conventional law.

2. Cyberspace has complete disrespect for jurisdictional boundaries. A person in India could break into a bank’s electronic vault hosted on a computer in USA and transfer millions of Rupees to another bank in Switzerland, all within minutes. All he would need is a laptop computer and a cell phone.

3. Cyberspace handles gigantic traffic volumes every second. Billions of emails are crisscrossing the globe even as we read this, millions of websites are being accessed every minute and billions of dollars are electronically transferred around the world by banks every day.

4. Cyberspace is absolutely open to participation by all. A ten-year-old in Bhutan can have a live chat session with an eight-year-old in Bali without any regard for the distance or the anonymity between them.

5. Cyberspace offers enormous potential for anonymity to its members. Readily available encryption software and stenographic tools that seamlessly hide information within image and sound files ensure the confidentiality of information exchanged between cyber-citizens.

6. Cyberspace offers never-seen-before economic efficiency. Billions of dollars’ worth of software can be traded over the Internet without the need for any government licenses, shipping and handling charges and without paying any customs duty.

7. Electronic information has become the main object of cyber-crime. It is characterized by extreme mobility, which exceeds by far the mobility of persons, goods or other services. International computer networks can transfer huge amounts of data around the globe in a matter of seconds.

8. A software source code worth crores of rupees or a movie can be pirated across the globe within hours of their release.

9. Theft of corporeal information (e.g. books, papers, CD ROMs, floppy disks) is easily covered by traditional penal provisions. However, the problem begins when electronic records are copied quickly, inconspicuously and often via telecommunication facilities. Here the “original” information, so to say, remains in the “possession” of the “owner” and yet information gets stolen.

10

Regulation of cyber space:

Four models for regulation in cyber space are:

Norms / EducationIn order to function and be accepted in a society, a person will live by its norms. You believe in the role of educating people so that new norms may develop as new technology is used.As an example of the change of attitudes that result from education programs you might look back on smoking ads that once portrayed cigarette smokers as beautiful, sophisticated, sexy people with the ads of today, where a blackened sponge is wrung out to show the impact of smoking on the lungs.Once education creates a new norm, community behaviour it is regulated by peer and social pressure. Norms can involve the adoption of “rules” for regulating behaviour. These rules may not have the force of law but they create a level of behaviour that anyone wanting to be accepted in that group ought to adopt.People that breach norms may incur sanctions. These sanctions do not have the force that penalties or custodial sentences might have in a legal setting. The sanction when imposed may result in an infringer being placed outside a norm group. On showing contrition, particularly where there contrition is matched by entry into a re-education program about the norm, the infringer may be readmitted. Usually a body or entity that is a part of the group will make findings about any infringements and the sanction that ought to apply.The norms that come about as a result of education may need to be put into writing. In a technological era this writing might take the form of Acceptable Use Policies, Terms of Engagement and other polices that act as a norm but may not be legally enforceable like a Contract. Over time norms, can be made into law through legislation or litigation (case law).LawYou believe in parliament’s capacity to make laws to regulate the behaviour of its citizens. Where parliaments are silent, the courts will make precedents.People who break the law suffer sanctions - these can be civil penalties of loss of money when an infringing party is ordered to pay damages to another. There is also criminal law through which you believe society establishes what constitutes acceptable and unacceptable behaviour. Unacceptable behaviour is regulated through a sentencing regime – lesser offences might incur fines and bonds, more serious ones some form of custodial sentence. You are satisfied that if parliament makes a law then it is made by the people. What is parliament if nothing other than a representative body of the people as expressed at elections?Once a matter becomes law the law itself ought to be black letter – it ought to be clearly understood, free from doubt and dispute. Breaches should result in similar punishments.ArchitectureYou believe in the power of human to design systems that regulate behaviour. To control speeding in a back street you would design and build speed humps. In a digital world you believe in the power of software code to be able to create a form of regulation. For example, you might design a technological protection measure in your software that prevents a program with a licence of ten users from allowing an eleventh user to open it over a network.You find education / norms too slow to bring about change. You find law too expensive. You can design the world you want and have people regulate their behaviour because such restrictions in behaviour are inherent in what you have created. You consider yourself a geek and technological master of non-technical people who use other forms of regulation.

11

You also realise that if you can regulate behaviour through design then your product will be more valuable. You usually work in the private sector though increasing your skills might be sought in publicly owned entities wanting to develop monitoring and surveillance systems.

Market ForcesYou are convinced that market forces regulate behaviour. If a manufacturer creates an unsafe product this will become known to the market and consumers will not purchase these products. If a software designer wants to copyright and licence his or her work, then the market will determine if the software is worth buying as compared with that of competitors. Markets will determine what survives and what doesn't in the market place. Market forces also use price as a form of regulation. It is said consumers regulate their behaviour based on a cost/benefit analysis. For example, at least theoretically, as the price of petrol rises, consumers will travel less in their cars and take public transport, or push for its installation. In its purest form, you believe that free markets, rather than government, will best regulate human activity.

Scope of cyber laws:

Cyber law is that stream of law where all the cyber-crimes such as theft, fraud, etc. all of which are subject to the Indian Penal Code are addressed by the Information Technology Act, 2000. With advanced technology and changing times, almost all the processes are now going on IT platform. This is giving rise to increase of cyber-crimes in India as well as abroad.

Cyber-crimes are broadly categorized in two different categories:

(1)   Using a computer to target other computer – for e.g. Virus attacks, hacking, etc.

(2)   Using a computer to commit crimes – for e.g. Credit card frauds, cyber terrorism, etc.

Cyber-crime is a criminal exploitation of the internet. A misconduct that is committed against an individual or groups of individuals with an unlawful intention to hurt the position of the victim or cause any mental or physical harm to the victim directly or indirectly by using advanced IT and related sources such as Internet and mobile phones is termed as cyber-crime. Such crimes may be harmful for a country.

All these activities leading to crimes have given rise to a relatively new field in law for protecting the interests of an individual which is called cyber law. Cyber law is important because it touches almost all aspects of transactions and activities on and concerning the Internet, the World Wide Web and Cyberspace.

Cyber law is concerned with every individual these days. This is primarily because we all use internet in some or the other form daily. Internet is used when we create any account online, while performing e-commerce transactions, net banking, sending or receiving emails, surfing the net to take out some important information, etc.

There are several advantages of Cyber Law to protect the individuals from getting trapped in any cyber violations. The IT Act 2000 provides several guidelines in this regard.

Organizations shall now be able to carry out e-commerce using the legal infrastructure provided by the laws.

12

The laws throws open the doors for the entry of corporate companies in the business of being Certifying Authorities for issuing Digital Signatures Certificates.

Under the IT Act, 2000, it shall now be possible for corporates to have a statutory remedy in case if anyone breaks into their computer systems or network and cause loss.

The laws now allows Government to issue notification on the web thus indicating e-governance.

These laws also addresses the important issues of security, which are so critical to the success of electronic transactions.

It is to be noted that since cyber law cannot be restricted to a geographical area, therefore, a single transaction may involve the laws of at least three authorities: (1) the laws of the state/nation in which the user resides, (2) the laws of the state/nation that apply where the server hosting the transaction is located, and 3) the laws of the state/nation which apply to the person or business with whom the transaction takes place.

There is a tremendous scope of cyber law in India as the number of activities through internet is on increase with the changing times, the requirement for cyber laws and their application is gathering momentum and hence the career option as a cyber-lawyer seems very lucrative option for students.

Ecommerce:

Electronic commerce, commonly known as e-commerce or ecommerce, is trading in products or services using computer networks, such as the Internet.

E-commerce (electronic commerce or EC) is the buying and selling of goods and services, or the transmitting of funds or data, over an electronic network, primarily the Internet. These business transactions occur either business-to-business, business-to-consumer, consumer-to-consumer or consumer-to-business. The terms e-commerce and e-business are often used interchangeably. The term e-tail is also sometimes used in reference to transactional processes around online retail.

E-commerce is conducted using a variety of applications, such as email, fax, online catalogues and shopping carts, Electronic Data Interchange (EDI), File Transfer Protocol, and Web services. Most of this is business-to-business, with some companies attempting to use email and fax for unsolicited ads (usually viewed as spam) to consumers and other business prospects, as well as to send out e-newsletters to subscribers.

The benefits of e-commerce include its around-the-clock availability, the speed of access, a wider selection of goods and services, accessibility, and international reach. It’s perceived downsides include sometimes-limited customer service, not being able to see or touch a product prior to purchase, and the necessitated wait time for product shipping.

To ensure the security, privacy and effectiveness of e-commerce, businesses should authenticate business transactions, control access to resources such as webpages for registered or selected users, encrypt communications and implement security technologies such as the Secure Sockets Layer.

13

Online contracts:

An electronic contract is an agreement created and "signed" in electronic form -- in other words, no paper or other hard copies are used. For example, you write a contract on your computer and email it to a business associate, and the business associate emails it back with an electronic signature indicating acceptance. An e-contract can also be in the form of a "Click to Agree" contract, commonly used with downloaded software: The user clicks an "I Agree" button on a page containing the terms of the software license before the transaction can be completed.

Since a traditional ink signature isn't possible on an electronic contract, people use several different ways to indicate their electronic signatures, including typing the signer's name into the signature area, pasting in a scanned version of the signer's signature, clicking an "I accept" button, or using cryptographic "scrambling" technology.

Though lots of people use the term "digital signature" for any of these methods, it's becoming standard to reserve the term "digital signature" for cryptographic signature methods and to use "electronic signature" for other paperless signature methods.

Online contracts have become common. E-signature laws have made the electronic contract and signature as legally valid as a paper contract. It has been estimated that roughly 110 electronic contracts are signed every second. From a legal point of view, in India, E-contracts are governed by the Indian contract act (1872), according to which certain conditions need to be fulfilled while formulating a valid contact. Certain sections in information Technology Act (2000) also provide for validity of online contract.

Opting Out of Electronic Contracts

While the federal e-signature law makes paper unnecessary in many situations, it also gives consumers and businesses the right to continue to use paper where desired. The law provides a means for consumers who prefer paper to opt out of using electronic contracts.

Prior to obtaining a consumer's consent for electronic contracts, a business must provide a notice indicating whether paper contracts are available and informing consumers that if they give their consent to use electronic documents, they can later change their mind and request a paper agreement instead. The notice must also explain what fees or penalties might apply if the company must use paper agreements for the transaction. And the notice must indicate whether the consumer's consent applies only to the particular transaction at hand, or to a larger category of transactions between the business and the consumer -- in other words, whether the business has to get consent to use e-contracts/signatures for each transaction.

A business must also provide a statement outlining the hardware and software requirements to read and save the business's electronic documents. If the hardware or software requirements change, the business must notify consumers of the change and give consumers the option (penalty-free) to revoke their consent to using electronic documents.

Although the e-signature law doesn't force consumers to accept electronic documents from businesses, it poses a potential disadvantage for low-tech citizens by allowing businesses to collect additional fees from those who opt for paper.

14

Contracts That Must Be on Paper

To protect consumers from potential abuses, electronic versions of the following documents are invalid and unenforceable:

wills, codicils, and testamentary trusts documents relating to adoption, divorce, and other family law matters court orders, notices, and other court documents such as pleadings or motions notices of cancellation or termination of utility services notices of default, repossession, foreclosure, or eviction notices of cancellation or termination of health or life insurance benefits product recall notices affecting health or safety, and Documents required by law to accompany the transportation of hazardous materials.

These documents must be provided in traditional paper and ink format.

Consumer Concerns

Although it is expected that secure methods of electronic signatures will be become as commonplace and safe as credit cards, some consumer advocates are concerned that if a consumer uses an unsecure signature method (such as a scanned image of a handwritten signature), identity thieves could intercept it online and use it for fraudulent purposes.

IPRs (copyright, trademarks and software patenting):

Intellectual property rights are the rights given to persons over the creations of their minds. They usually give the creator an exclusive right over the use of his/her creation for a certain period of time.Intellectual property law deals with the rules for securing and enforcing legal rights to inventions, designs, and artistic works. Just as the law protects ownership of personal property and real estate, so too does it protect the exclusive control of intangible assets.

Intellectual property rights include patents, copyright, industrial design rights, trademarks, trade dress, and in some jurisdictions trade secrets

Copyright:

This is a property right, which subsists in literary and artistic works that are original intellectual creations. Works covered by copyright include, but are not limited to novels, poems, plays, reference works, articles, computer programmes, databases, films, musical compositions, paintings, drawings, photographs, sculpture, architecture, advertisements, maps and technical drawings.

Copyright protects all literary and artistic works that we create whilst using our intelligence and our imagination provided it is expressed in a tangible form. The people who are the creators are usually called ‘authors’ even if they are really painters, photographers, writers, artists, composers etc. . Copyright laws grant authors, and other creators protection for their literary and artistic creations, generally referred to as “works”.

15

A closely associated field is “neighbouring rights” or “related rights”, or rights that encompass rights similar or identical to those of copyright, although sometimes these can be limited and of shorter duration.

In Trinidad and Tobago ‘works of mas’ are also protected by copyright. The term ‘works of mas’ involves a combination of tangible manifestation, such as a physical costume and intangible manifestation such as a style of dance, a style of oratory, etc. This provision is intended to protect producers of works of mas especially as it relates to Trinidad and Tobago Carnival celebrations.

Trademarks:

A trademark is a sign capable of distinguishing the goods or services of one enterprise from those of other enterprises. Trademarks date back to ancient times when craftsmen used to put their signature or "mark" on their products.In principle, a trademark registration will confer an exclusive right to the use of the registered trademark. This implies that the trademark can be exclusively used by its owner, or licensed to another party for use in return for payment. Registration provides legal certainty and reinforces the position of the right holder, for example, in case of litigation.The term of trademark registration can vary, but is usually ten years. It can be renewed indefinitely on payment of additional fees. Trademark rights are private rights and protection is enforced through court orders.A word or a combination of words, letters, and numerals can perfectly constitute a trademark. But trademarks may also consist of drawings, symbols, three-dimensional features such as the shape and packaging of goods, non-visible signs such as sounds or fragrances, or colour shades used as distinguishing features – the possibilities are almost limitless.Trademarks are registered at a national or territory level with an appointed government body and may take anywhere between 6 and 18 months to be processed. At the national/regional level, trademark protection can be obtained through registration, by filing an application for registration with the national/regional trademark office and paying the required fees. At the international level, you have two options: either you can file a trademark application with the trademark office of each country in which you are seeking protection, or you can use WIPO’s Madrid System.Registered trademarks may be identified by the abbreviation ‘TM’, or the ‘®’ symbol. (It is illegal to use the ® symbol or state that the trademark is registered until the trademark has in fact been registered).

Software patenting:

Patents:-Generally speaking, a patent provides the patent owner with the right to decide how - or whether - the invention can be used by others. In exchange for this right, the patent owner makes technical information about the invention publicly available in the published patent document.A Patent is an exclusive right granted for an invention, which is a product or a process that either provides a new way of doing something, or offers a new technical solution to a problem. It provides protection for the invention, preventing others from manufacturing, using and trading it. The owner is required to disclose technical information to the public sufficient for persons with average skill in the art to manufacture and use the technology.

16

Necessity and barriers are essential to human creativity. Inventors and organizations put much time, effort and resources into their inventions. Patents give inventors incentives in the form of recognition and the opportunity for fair economic rewards. They also provide a spur to others, wishing to use a protected technology, to find other solutions to the problem solved by a particular patent. Nearly 80% of all new patents are improvements upon older technologies. An underlying consideration is that this is usually part of business strategy. They are taken to generate some sort of benefit for the owner. The patent process is expensive.

What cannot be patented:-

Patents are open to most areas of science and technology but some areas are excluded from patentability. These are: -

Ideas, hypotheses, discoveries (of things already existing in nature), scientific theories and mathematical methods.

Rules of games, lottery systems, methods for performing mental acts, teaching methods and organizational procedures.

Diagnostic, therapeutic and surgical methods used on the human and animal body. Literary, dramatic, musical or artistic works or any aesthetic creation whatsoever. The presentation of information. Inventions, the exploitation of which would be contrary to public order or morality,

also cannot be patented. Modern society relies heavily on computer technology.  Without software, a computer

cannot operate.  Software and hardware work in tandem in today’s information society.  So it is no wonder that intellectual property protection of software is crucial not only for the software industry, but for other businesses as well.

The intellectual property protection of computer software has been highly debated at the national and international level.  For example, in the European Union (EU), a draft Directive on the Patentability of Computer-implemented Inventions has been discussed in order to harmonize the interpretation of the national patentability requirements for computer software-related inventions, including the business methods carried out via the computer.  These discussions show divergent views among stakeholders in Europe.  Furthermore, the Internet raises complex issues regarding the enforcement of patents, as patent protection is provided on a country-by-country basis, and the patent law of each country only takes effect within its own borders.

In many countries, computer programs, whether in source or object code, are protected under copyright. The major advantage of copyright protection lies in its simplicity.  Copyright protection does not depend on any formalities such as registration or the deposit of copies in the 151 countries party to the Berne Convention for the Protection of Literary and Artistic Works.  This means that international copyright protection is automatic - it begins as soon as a work is created.  Also, a copyright owner enjoys a relatively long period of protection, which lasts, in general, for the life of the author plus 50 or, in certain countries, 70 years after the author’s death.

17

In contrast, a patent must be applied for, in principle, in each country in which you seek patent protection.  In order to enjoy patent protection, an application for a patent shall comply with both formal and substantive requirements, and a patented invention shall be disclosed to the public. These requirements can be legally and technically complex, and their compliance often requires a legal expert’s assistance.

E-taxation:

Electronic tax filing, or e-filing, is a system for submitting tax documents to a revenue service electronically, often without the need to submit any paper documents.E-Government consists of various fast moving fields, E Taxation being a very specific one of them. E-Taxation means trans-organizational processes with data transfer (upload and download) between the IT systems of the professionals and those of the tax authorities. These processes imply organizational, semantic and technical interoperability, service-oriented architecture etc. E-Taxation also has to support tax authority processes: workflow systems and electronic record management on the one hand, knowledge management and automated risk analysis to assess the credibility of tax returns on the other hand. Tax inspectors need support for checking the accounting data of taxpayers, but also for fighting against illegal employment, tax evasion and social security fraud at construction sites. Tax laws and procedures differ from one country to another. Nevertheless, in order to exchange experiences and good practices, it is necessary to bring together scientists, practitioners and users operating in the field of E-Taxation. It is the aim of this publication to foster these exchange processes, especially between academia and practice, but also between different European and non-European countries.

The Internet has changed many of the fundamental and long standing concepts of direct and

indirect taxation. Governments all over the World are grappling with the various issues of

taxation raised by e-commerce. This is because of lack of comprehensive understanding of:

• The communication technologies

• The complex nature of business offered through Internet business, etc.

• The modus operandi of Internet business, etc. has made the operation of tax

legislations more difficult. 

The Information Technology Act, 2000, which is the first legislation to deal with e-commerce

is quite silent about tax system. Substantial amount of state revenue which is generated

through direct and indirect taxes is lost when Internet transaction remain untaxed7. A way is

to be found to tackle this relevant problem.

For the development of rational tax policy one should understand the nature of industry.

Some of the peculiarities of Internet are"11.

18

• It is a network of networks and it cannot be controlled or owned by one person.

• This network of networks is capable of rapidly transmitting packets from one

computer to another.

• No human involvement is necessary to transmit data from one computer to another.

• The Internet can re-route itself if one computer is connected to the net. Content wise

the Internet is very rich.

• The world-wide web environment provides a user friendly graphical interface.

• A simple click is sufficient to obtain vast information anywhere in the World.

• It encompasses all territorial and geographical limitations

Keeping these unique qualities of the Internet in mind one should try to visualise the issues

concerning the taxes on the net.

E-business for taxation is an intriguing concept. It crosses nine trillions. In these

circumstances, it seems an imperative for revenue authorities to examine the approach and

policy towards taxation of e-commerce more comprehensively than they have to date. 

In India the tax policies should be carefully formulated based on a policy that is clear and transparent and is consistent with the international norm of characterisation of revenues. The Government should honour the principle of neutrality as laid down by the OECD in characterisation of income from e-commerce transactions.

E-governance and cyber-crimes:

Electronic governance or e-governance is the application of information and communication technology (ICT) for delivering government services, exchange of information communication transactions, integration of various stand-alone systems and services between government-to-customer (G2C), government-to-business (G2B), government-to-government (G2G) as well as back office processes and interactions within the entire government framework. Through e-governance, government services will be made available to citizens in a convenient, efficient and transparent manner. The three main target groups that can be distinguished in governance concepts are government, citizens and businesses/interest groups. In e-governance there are no distinct boundaries.[2]

Generally four basic models are available – government-to-citizen (customer), government-to-employees, government-to-government and government-to-business.

As a matter of fact, the governance of ICTs requires most probably a substantial increase in regulation and policy-making capabilities, with all the expertise and opinion-shaping processes along the various social stakeholders of these concerns. So, the perspective of the

19

e-governance is "the use of the technologies that both help governing and have to be governed".[3] The Public-Private Partnership (PPP) based e-governance projects are hugely successful in India. United Telecoms Limited known as UTL is a major player in India on PPP based e-governance projects. Each project had mammoth state-wide area networks in these states.

Many countries are looking forward to for a corruption-free government. E-government is one-way communication protocol whereas e-governance is two-way communication protocol. The essence of e-governance is to reach the beneficiary and ensure that the services intended to reach the desired individual has been met with. There should be an auto-response to support the essence of e-governance, whereby the Government realizes the efficacy of its governance. E-governance is by the governed, for the governed and of the governed.

Establishing the identity of the end beneficiary is a challenge in all citizen-centric services. Statistical information published by governments and world bodies does not always reveal the facts. The best form of e-governance cuts down on unwanted interference of too many layers while delivering governmental services. It depends on good infrastructural setup with the support of local processes and parameters for governments to reach their citizens or end beneficiaries. Budget for planning, development and growth can be derived from well laid out e-governance systems

Cybercrimes:-

In Simple way we can say that cybercrime is unlawful acts wherein the computer is either a tool or a target or both. Cyber-crimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code. The abuse of computers has also given birth to a gamut of new age crimes that are addressed by the Information Technology Act, 2000.

In cyber-crime, ICT devices are either the target or the means of the crime, or are incidental to it. Most cyber-crimes are not new crimes. Often the only difference is that the evidences are in electronic form or that the tools used to commit the crimes are ICT tools. Indeed most of the crimes committed today involve some amount of evidence in the electronic form such as phone calls, messages, emails, electronic files etc. Most cyber-crime cases are booked in India under the provisions of the Indian Penal Code (IPC) and laws on economic offenses, and only very few under the Information Technology Act 2000. However, the Information Technology Act 2000 has enabling provisions for admissibility of electronic evidences in the courts of law.

Unlike traditional crime, cyber-crime is not restricted by geographical boundaries. Indeed, often cyber criminals operate from other countries.

Information warfare is now a recognized national threat. Indeed, “IT disaster” is among is the newest additions to the man-made disasters. This brings out the need of strong international cooperation on real-time basis to tackle cyber-crimes. Many companies do not report to authorities about attacks on their networks out of fear of adverse publicity and losing the confidence of the clients. Companies also fear that authorities may seize their servers, and

20

that the servers will remain with government functionaries for long time, which will cause them serious financial loss. However, such sweeping of the problem under the carpet will only make the criminals more and more emboldened.

Cyber law in India with special reference to Information Technology Act, 2000:

In May 2000, both the houses of the Indian Parliament passed the Information Technology Bill. The Bill received the assent of the President in August 2000 and came to be known as the Information Technology Act, 2000. Cyber laws are contained in the IT Act, 2000.

This Act aims to provide the legal infrastructure for e-commerce in India. And the cyber laws have a major impact for e-businesses and the new economy in India. So, it is important to understand what are the various perspectives of the IT Act, 2000 and what it offers.

The Information Technology Act, 2000 also aims to provide for the legal framework so that legal sanctity is accorded to all electronic records and other activities carried out by electronic means. The Act states that unless otherwise agreed, an acceptance of contract may be expressed by electronic means of communication and the same shall have legal validity and enforceability. Some highlights of the Act are listed below:

Chapter-II of the Act specifically stipulates that any subscriber may authenticate an electronic record by affixing his digital signature. It further states that any person can verify an electronic record by use of a public key of the subscriber.

Chapter-III of the Act details about Electronic Governance and provides inter alia amongst others that where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is -rendered or made available in an electronic form; and accessible so as to be usable for a subsequent reference.

The said chapter also details the legal recognition of Digital Signatures.

Chapter-IV of the said Act gives a scheme for Regulation of Certifying Authorities. The Act envisages a Controller of Certifying Authorities who shall perform the function of exercising supervision over the activities of the Certifying Authorities as also laying down standards and conditions governing the Certifying Authorities as also specifying the various forms and content of Digital Signature Certificates. The Act recognizes the need for recognizing foreign Certifying Authorities and it further details the various provisions for the issue of license to issue Digital Signature Certificates.

Chapter-VII of the Act details about the scheme of things relating to Digital Signature Certificates. The duties of subscribers are also enshrined in the said Act.

Chapter-IX of the said Act talks about penalties and adjudication for various offences. The penalties for damage to computer, computer systems etc. has been fixed as damages by way of compensation not exceeding Rs. 1,00,00,000 to affected persons. The Act talks of appointment of any officers not below the rank of a Director to the Government of India or an equivalent officer of state government as an Adjudicating Officer who shall adjudicate whether any person has made a contravention of any of the provisions of the said Act or rules

21

framed there under. The said Adjudicating Officer has been given the powers of a Civil Court.

Chapter-X of the Act talks of the establishment of the Cyber Regulations Appellate Tribunal, which shall be an appellate body where appeals against the orders passed by the Adjudicating Officers, shall be preferred.

Chapter-XI of the Act talks about various offences and the said offences shall be investigated only by a Police Officer not below the rank of the Deputy Superintendent of Police. These offences include tampering with computer source documents, publishing of information, which is obscene in electronic form, and hacking.

The Act also provides for the constitution of the Cyber Regulations Advisory Committee, which shall advice the government as regards any rules, or for any other purpose connected with the said act. The said Act also proposes to amend the Indian Penal Code, 1860, the Indian Evidence Act, 1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act, 1934 to make them in tune with the provisions of the IT Act.

Advantages of Cyber LawsThe IT Act 2000 attempts to change outdated laws and provides ways to deal with cybercrimes. We need such laws so that people can perform purchase transactions over the Net through credit cards without fear of misuse. The Act offers the much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records.

In view of the growth in transactions and communications carried out through electronic records, the Act seeks to empower government departments to accept filing, creating and retention of official documents in the digital format. The Act has also proposed a legal framework for the authentication and origin of electronic records / communications through digital signature.

From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain many positive aspects. Firstly, the implications of these provisions for the e-businesses would be that email would now be a valid and legal form of communication in our country that can be duly produced and approved in a court of law.

Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act.

Digital signatures have been given legal validity and sanction in the Act.

The Act throws open the doors for the entry of corporate companies in the business of being Certifying Authorities for issuing Digital Signatures Certificates.

The Act now allows Government to issue notification on the web thus heralding e-governance.

The Act enables the companies to file any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in electronic form by means of such electronic form as may be prescribed by the appropriate

22

Government.

The IT Act also addresses the important issues of security, which are so critical to the success of electronic transactions. The Act has given a legal definition to the concept of secure digital signatures that would be required to have been passed through a system of a security procedure, as stipulated by the Government at a later date.

Under the IT Act, 2000, it shall now be possible for corporates to have a statutory remedy in case if anyone breaks into their computer systems or network and causes damages or copies data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crores.

23

UNIT-3Introduction to computer and cyber-crimes. Cyber-crimes and related concepts,

distinction between cyber-crimes and conventional crimes, Cyber criminals and their objectives. Kinds of cyber-crimes cyber stalking; cyber pornography, forgery and

fraud, crime related to IPRs, cyber-terrorism; computer vandalism etc. Cyber forensics, computer forensics and the law, forensic evidence, computer forensic tools.

Introduction to computer and cyber-crimes:Cyber-crimes and related concepts:Distinction between cybercrimes and conventional crimes:Cyber criminals and their objectives:Kinds of cybercrimes:Cyber stalking:Cyber pornography:Forgery and fraud:Crime related to IPRs:Cyber terrorism:

In Simple way we can say that cyber-crime is unlawful acts wherein the computer is either a tool or a target or both

Computer crime, cybercrime, e-crime, hi-tech crime or electronic crime generally refers to criminal activity where a computer or network is the source, tool, target, or place of a crime. These categories are not exclusive and many activities can be characterized as falling in one or more category. Additionally, although the terms computer crime or cybercrime are more properly restricted to describing criminal activity in which the computer or network is a necessary part of the crime, these terms are also sometimes used to include traditional crimes, such as fraud, theft, blackmail, forgery, and embezzlement, in which computers or networks are used to facilitate the illicit activity.

Computer crime or cybercrime can broadly be defined as criminal activity involving an information technology infrastructure, including illegal access (unauthorized access), illegal interception (by technical means of non-public transmissions of computer data to, from or within a computer system), data interference (unauthorized damaging, deletion, deterioration, alteration or suppression of computer data), systems interference (interfering with the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data), misuse of devices, forgery (ID theft), and electronic fraud.

Cyber-crimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code. The abuse of computers has also given birth to a gamut of new age crimes that are addressed by the Information Technology Act, 2000.

The subject of cyber-crime may be broadly classified under the following three groups. They are-

1. Against Individuals 

24

A. their person &b. their property of an individual 

2. against Organization

a. Governmentc. Firm, Company, Group of Individuals.

3. Against Society at large 

 The following are the crimes, which can be committed against the followings group 

Against Individuals: –

i. Harassment via e-mails.ii. Cyber-stalking.iii. Dissemination of obscene material.iv. Defamation.v. Unauthorized control/access over computer system.vi. Indecent exposurevii. Email spoofing viii. Cheating & Fraud

Against Individual Property: - 

i. Computer vandalism.ii. Transmitting virus.iii. Netrespassiv. Unauthorized control/access over computer system.v. Intellectual Property crimesvi. Internet time thefts

Against Organization: -

i. Unauthorized control/access over computer systemii. Possession of unauthorized information.iii. Cyber terrorism against the government organization.iv. Distribution of pirated software etc.

Against Society at large: -

25

i.     Pornography (basically child pornography).ii.    Polluting the youth through indecent exposure.iii.   Traffickingiv. Financial crimesv. Sale of illegal articlesvi. Online gamblingvii. Forgery

We can categorize Cyber-crimes in two ways in context of computers

The Computer as a Target:-using a computer to attack other computers.

E.g. Hacking, Virus/Worm attacks, DOS attack etc.

The computer as a weapon:-using a computer to commit real world crimes.

E.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography etc.

Cyber Crime regulated by Cyber Laws or Internet Laws.

Technical Aspects

Technological advancements have created new possibilities for criminal activity, in particular the criminal misuse of information technologies such as

a. Unauthorized access & Hacking:-

Access means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network.

Unauthorized access would therefore mean any kind of access without the permission of either the rightful owner or the person in charge of a computer, computer system or computer network.

Every act committed towards breaking into a computer and/or network is hacking. Hackers write or use ready-made computer programs to attack the target computer. They possess the desire to destruct and they get the kick out of such destruction. Some hackers hack for personal monetary gains, such as to stealing the credit card information, transferring money from various bank accounts to their own account followed by withdrawal of money.

By hacking web server taking control on another person’s website called as web hijacking

b. Trojan Attack:-

The program that act like something useful but do the things that are quiet damping. The programs of this kind are called as Trojans.

26

The name Trojan horse is popular.

Trojans come in two parts, a Client part and a Server part. When the victim (unknowingly) runs the server on its machine, the attacker will then use the Client to connect to the Server and start using the Trojan.

TCP/IP protocol is the usual protocol type used for communications, but some functions of the Trojans use the UDP protocol as well.

c. Virus and Worm attack:-

A program that has capability to infect other programs and make copies of itself and spread into other programs is called virus.

Programs that multiply like viruses but spread from computer to computer are called as worms.

Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer's memory. E.g. love bug virus, which affected at least 5 % of the computers of the globe. The losses were accounted to be $ 10 million. The world's most famous worm was the Internet worm let loose on the Internet by Robert Morris sometime in 1988.  Almost brought development of Internet to a complete halt.

d. E-mail & IRC related crimes:-

1. Email spoofing

Email spoofing refers to email that appears to have been originated from one source when it was actually sent from another source.

2. Email Spamming

Email "spamming" refers to sending email to thousands and thousands of users - similar to a chain letter.

3 Sending malicious codes through email

E-mails are used to send viruses, Trojans etc. through emails as an attachment or by sending a link of website which on visiting downloads malicious code.

4. Email bombing

E-mail "bombing" is characterized by abusers repeatedly sending an identical email message to a particular address.

27

This kind of activity refers to sending large numbers of mail to the victim, which may be an individual or a company or even mail servers there by ultimately resulting into crashing.

5. Sending threatening emails

6. Defamatory emails

7. Email frauds

8. IRC related

Three main ways to attack IRC are: "verbalâ⦣8218; Ŧ#8220; attacks, clone attacks, and flood attacks.

e. Denial of Service attacks:-

Flooding a computer resource with more requests than it can handle. This causes the resource to crash thereby denying access of service to authorized users.

Examples include

Attempts to "flood" a network, thereby preventing legitimate network traffic

Attempts to disrupt connections between two machines, thereby preventing access to a service

Attempts to prevent a particular individual from accessing a service

Attempts to disrupt service to a specific system or person.

Distributed DOS

A distributed denial of service (DoS) attack is accomplished by using the Internet to break into computers and using them to attack a network.

Hundreds or thousands of computer systems across the Internet can be turned into “zombies” and used to attack another system or website.

Types of DOS

There are three basic types of attack:

a. Consumption of scarce, limited, or non-renewable resources like NW bandwidth, RAM, CPU time. Even power, cool air, or water can affect.

b. Destruction or Alteration of Configuration Information

c. Physical Destruction or Alteration of Network Components

e. Pornography:-

28

The literal meaning of the term 'Pornography' is “describing or showing sexual acts in order to cause sexual excitement through books, films, etc.”

This would include pornographic websites; pornographic material produced using computers and use of internet to download and transmit pornographic videos, pictures, photos, writings etc.

Adult entertainment is largest industry on internet. There are more than 420 million individual pornographic webpages today.

Research shows that 50% of the web-sites containing potentially illegal contents relating to child abuse were ‘Pay-Per-View’. This indicates that abusive images of children over Internet have been highly commercialized.

Pornography delivered over mobile phones is now a burgeoning business, “driven by the increase in sophisticated services that deliver video clips and streaming video, in addition to text and images.”

Effects of Pornography

Research has shown that pornography and its messages are involved in shaping attitudes and encouraging behaviour that can harm individual users and their families.

Pornography is often viewed in secret, which creates deception within marriages that can lead to divorce in some cases.

In addition, pornography promotes the allure of adultery, prostitution and unreal expectations that can result in dangerous promiscuous behaviour.

Some of the common, but false messages sent by sexualized culture.

Sex with anyone, under any circumstances, any way it is desired, is beneficial and does not have negative consequences.

Women have one value - to meet the sexual demands of men.

Marriage and children are obstacles to sexual fulfilment.

Everyone is involved in promiscuous sexual activity, infidelity and premarital sex.

Pornography Addiction

Dr. Victor Cline, an expert on Sexual Addiction, found that there is a four-step progression among many who consume pornography.

1. Addiction: Pornography provides a powerful sexual stimulant or aphrodisiac effect, followed by sexual release, most often through masturbation.

2. Escalation: Over time addicts require more explicit and deviant material to meet their sexual "needs."

29

3. Desensitization: What was first perceived as gross, shocking and disturbing, in time becomes common and acceptable.

4. Acting out sexually: There is an increasing tendency to act out behaviours viewed in pornography.

g. Forgery:-

Counterfeit currency notes, postage and revenue stamps, mark sheets etc. can be forged using sophisticated computers, printers and scanners.

Also impersonate another person is considered forgery.

h. IPR Violations:-

Intellectual property consists of a bundle of rights. Any unlawful act by which the owner is deprived completely or partially of his rights is an offence. The common form of IPR violation may be said to be software piracy, copyright infringement, trademark and service mark violation, theft of computer source code, etc.

 The Hyderabad Court has in a land mark judgement has convicted three people and sentenced them to six months imprisonment and fine of 50,000 each for unauthorized copying and sell of pirated software.

Violations of IPR can be classified as a form of white-collar crime, specifically a

white-collar theft or fraud. For example, the illegal reproduction of a movie for the purpose of selling counterfeited copies to others for profit is a WCC under this definition because it involves the acquisition of property through deception, or fraud, for business or personal advantage. The sale of counterfeited drugs also involves deception about the manufacturer or content for illegal financial gain, and the illegal use of a trade secret to develop a marketable product involves deception concerning the true ownership an idea or information. In addition, IPR violations can be used to facilitate other WCCs, such as

▪ Investment fraud (e.g., using a trademark of a legitimate company to deceive investors);

▪ Money laundering (e.g., concealing funds acquired from counterfeit goods sales); ▪ Fraudulent sales (e.g., creating a bogus Web site to deceive customers); ▪ Identity theft (e.g., using personal information acquired from a misappropriated database or solicited using a misappropriated trademark of a legitimate company); ▪ Other online scams (e.g., fraudulently acquiring donations using the seal of the American Red Cross); ▪ Racketeering (e.g., organized efforts to misappropriate IP); and ▪ Tax evasion (e.g., failing to report income acquired through IP violations).

One of the greatest public concerns about IPR violations (as a form of WCC) is the threat to public health and safety, not only in foreign countries but also in the United States

Licensing violations are among the most prevalent examples of intellectual property rights infringement. Other examples include plagiarism, software piracy, and corporate espionage.

30

Cyber Squatting- Domain names are also trademarks and protected by ICANN’s domain dispute resolution policy and also under trademark laws.

Cyber Squatters registers domain name identical to popular service provider’s domain so as to attract their users and get benefit from it.

Ipr violations occurs if we violate any of the following rights

1. Copyright

2. Trademark

3. Patents

4. Trade secrets

I. Cyber Terrorism:-

  At this juncture a necessity may be felt that what is the need to distinguish between cyber terrorism and cyber-crime. Both are criminal acts. However there is a compelling need to distinguish between both these crimes. A cyber-crime is generally a domestic issue, which may have international consequences, however cyber terrorism is a global concern, which has domestic as well as international consequences.  The common form of these terrorist attacks on the Internet is by distributed denial of service attacks, hate websites and hate emails, attacks on sensitive computer networks, etc.  Technology savvy terrorists are using 512-bit encryption, which is next to impossible to decrypt. The recent example may be cited of – Osama Bin Laden, the LTTE, attack on America’s army deployment system during Iraq war.

Cyber terrorism may be defined to be “ the premeditated use of disruptive activities, or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives”

  Another definition may be attempted to cover within its ambit every act of cyber terrorism.

A terrorist means a person who indulges in wanton killing of persons or in violence or in disruption of services or means of communications essential to the community or in damaging property with the view to –

(1) Putting the public or any section of the public in fear; or

(2) Affecting adversely the harmony between different religious, racial, language or regional groups or castes or communities; or

(3) Coercing or overawing the government established by law; or

(4) Endangering the sovereignty and integrity of the nation

31

And a cyber-terrorist is the person who uses the computer system as a means or ends to achieve the above objectives. Every act done in pursuance thereof is an act of cyber terrorism.

It is generally understood to mean unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives. 1 Examples include attacks that lead to death or bodily injury, explosions, plane crashes, water contamination, or severe economic loss.

Targeted attacks on military installations, power plants, air traffic control, banks, trail traffic control, telecommunication networks are the most likely targets. Others like police, medical, fire and rescue systems etc.

Cyber terrorism is an attractive option for modern terrorists for several reasons.

1. It is cheaper than traditional terrorist methods.

2. Cyber terrorism is more anonymous than traditional terrorist methods.

3. The variety and number of targets are enormous.

4. Cyber terrorism can be conducted remotely, a feature that is especially appealing to terrorists.

5. Cyber terrorism has the potential to affect directly a larger number of people.

j. Banking/Credit card Related crimes:-

In the corporate world, Internet hackers are continually looking for opportunities to compromise a company’s security in order to gain access to confidential banking and financial information.

Use of stolen card information or fake credit/debit cards are common.

Bank employee can grab money using programs to deduce small amount of money from all customer accounts and adding it to own account also called as salami.

k. E-commerce/ Investment Frauds:-

Sales and Investment frauds. An offering that uses false or fraudulent claims to solicit investments or loans, or that provides for the purchase, use, or trade of forged or counterfeit securities.

Merchandise or services that were purchased or contracted by individuals online are never delivered.

The fraud attributable to the misrepresentation of a product advertised for sale through an Internet auction site or the non-delivery of products purchased through an Internet auction site.

32

Investors are enticed to invest in this fraudulent scheme by the promises of abnormally high profits.

l. Sale of illegal articles:-

This would include trade of narcotics, weapons and wildlife etc., by posting information on websites, auction websites, and bulletin boards or simply by using email communication.

Research shows that number of people employed in this criminal area. Daily peoples receiving so many emails with offer of banned or illegal products for sale.

m. Online gambling:-

There are millions of websites hosted on servers abroad that offer online gambling. In fact, it is believed that many of these websites are actually fronts for money laundering.

n. Defamation: -

Defamation can be understood as the intentional infringement of another person's right to his good name. It is an act of imputing any person with intent to lower the person in the estimation of the right-thinking members of society generally or to cause him to be shunned or avoided or to expose him to hatred, contempt or ridicule. Cyber defamation is not different from conventional defamation except the involvement of a virtual medium. E.g. the mail account of Rohit was hacked and some mails were sent from his account to some of his batch mates regarding his affair with a girl with intent to defame him.

Cyber Stacking:-

Cyber stalking involves following a person’s movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc.

In general, the harasser intends to cause emotional distress and has no legitimate purpose to his communications.

p. Pedophiles:-

Also there are persons who intentionally prey upon children. Especially with a teen they will let the teen know that fully understand the feelings towards adult and in particular teen parents.

They earns teens trust and gradually seduce them into sexual or indecent acts.

Pedophiles lure the children by distributing pornographic material, then they try to meet them for sex or to take their nude photographs including their engagement in sexual positions.

q. Identity Theft: -

Identity theft is the fastest growing crime in countries like America.

33

Identity theft occurs when someone appropriates another's personal information without their knowledge to commit theft or fraud.

Identity theft is a vehicle for perpetrating other types of fraud schemes.

r. Data diddling:-

Data diddling involves changing data prior or during input into a computer.

In other words, information is changed from the way it should be entered by a person typing in the data, a virus that changes data, the programmer of the database or application, or anyone else involved in the process of having information stored in a computer file.

It also include automatic changing the financial information for some time before processing and then restoring original information.

s. Theft of Internet Hours:-

Unauthorized use of Internet hours paid for by another person.

By gaining access to an organisation's telephone switchboard (PBX) individuals or criminal organizations can obtain access to dial-in/dial-out circuits and then make their own calls or sell call time to third parties.

Additional forms of service theft include capturing 'calling card' details and on-selling calls charged to the calling card account, and counterfeiting or illicit reprogramming of stored value telephone cards.

t. Theft of computer system (Hardware):-

This type of offence involves the theft of a computer, some part(s) of a computer or a peripheral attached to the computer.

u. Physically damaging a computer system:-

Physically damaging a computer or its peripherals either by shock, fire or excess electric supply etc.

v. Breach of Privacy and Confidentiality

Privacy

Privacy refers to the right of an individual/s to determine when, how and to what extent his or her personal data will be shared with others.

Breach of privacy means unauthorized use or distribution or disclosure of personal information like medical records, sexual preferences, financial status etc.

Confidentiality

34

It means non-disclosure of information to unauthorized or unwanted persons.

In addition to Personal information some other type of information which useful for business and leakage of such information to other persons may cause damage to business or person, such information should be protected.

Generally for protecting secrecy of such information, parties while sharing information forms an agreement about the procedure of handling of information and to not to disclose such information to third parties or use it in such a way that it will be disclosed to third parties.

Many times party or their employees leak such valuable information for monitory gains and causes breach of contract of confidentiality.

Special techniques such as Social Engineering are commonly used to obtain confidential information.

Computer Fraud

Computer fraud is any dishonest misrepresentation of fact intended to induce another to do or refrain from doing something which causes loss. In this context, the fraud will result in obtaining a benefit by:

* altering computer input in an unauthorized way. This requires little technical expertise and is not an uncommon form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes;* altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions: this is difficult to detect;* altering or deleting stored data; or* altering or misusing existing system tools or software packages, or altering or writing code for fraudulent purposes. This requires real programming skills and is not common

Manipulating banking systems to make unauthorized identity theft with reference to ATM fraud

Internet fraud:

Internet fraud is committed in several ways. The FBI and police agencies worldwide have people assigned to combat this type of fraud; according to figures from the FBI, U.S. companies' losses due to Internet fraud in 2003 surpassed US$500 million. In some cases, fictitious merchants advertise goods for very low prices and never deliver. However, that type of fraud is minuscule compared to criminals using stolen credit card information to buy goods and services.

The Internet serves as an excellent tool for investors, allowing them to easily and inexpensively research investment opportunities. But the Internet is also an excellent tool for fraudsters.

Computer vandalism:

35

Vandalism means deliberately destroying or damaging property of another. Thus computer vandalism may include within its purview any kind of physical harm done to the computer of any person. These acts may take the form of the theft of a computer, some part of a computer or a peripheral attached to the computer or by physically damaging a computer or its peripherals.Computer vandalism is a program that performs malicious function such as extracting a user's password or other data or erasing the hard disk. A vandal differs from a virus, which attaches itself to an existing executable program. The vandal is the full executing entity itself which can be downloaded from the Internet in the form of an ActiveX control, Java applet, browser plug-in or e-mail attachment.A vandal is an executable file, usually an applet or an ActiveX control, associated with a Web page that is designed to be harmful, malicious, or at the very least inconvenient to the user. Since such applets or little application programs can be embedded in any HTML file, they can also arrive as an e-mail attachment or automatically as the result of being pushed to the user. Vandals can be viewed as viruses that can arrive over the Internet stuck to a Web page. Vandals are sometimes referred to as "hostile applets."

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Vandals can be harmful in two general ways:

They can get access to sensitive information within the computer system where they execute, such as passwords and encryption keys.

They can cause loss or denial of service within the local computer system. For example, they can flood the system with data so that it runs out of memory, or they can slow down Internet connections.

The best way to protect yourself against a hostile applet is to know who you are downloading a Web page from or who has sent you an HTML page as an e-mail attachment. Major corporate Web sites or major Web publishers are unlikely to be the source of a vandal (but it can happen). One recent scam in late 1997 involved a pornography site that invited the downloading of a page whose ActiveX control reconnected the user to the Web through an expensive international phone number. In another incident, a group of German crackers demonstrated an ActiveX control that could transfer funds from one bank account to another without having to enter a user identification number.

Cyber forensics:Computer forensics, is the application of scientifically proven methods to gather, process, interpret, and to use digital evidence to provide a conclusive description of cybercrime activities.  Cyber forensics also includes the act of making digital data suitable for inclusion into a criminal investigation. Today cyber forensics is a term used in conjunction with law enforcement, and is offered as courses at many colleges and universities worldwide.

Cyber Forensics provide the following services nationally to Police Forces, Legal Sector and Corporate's

36

Corporate Investigations

Disciplinary Tribunals Personnel Issues Company Policy Infringement

Civil Litigation (including single joint)

Intellectual Property Theft Contract Disputes

Criminal Proceedings (defence & prosecution)

Fraud Murder

 

Cyber Forensics provides highly regarded expert computer forensic investigation services and unimpeachable expert witness testimony.

Customised services to suit any organisation’s needs.

Procedures developed for maximum forensic integrity, combined with expertise, to achieve optimum results in litigation.

Cases include, Murder, Rape, Fraud, Blackmail, and Computer misuse, Libel-Malicious Email, Internet Pornography and Intellectual Property Theft.

Forensics experts are trained to use a variety of forensic tools including, EnCase®, X-Ways Forensics and Cyber Examiner.

Reports contain precise, jargon-free language, supported by a glossary of terms. Where appropriate, appendices covering technical material required by opposing experts are included.

Integrity Confidentiality Security assured

Computer forensics and the law:

What is Computer Forensics? If you manage or administer information systems and networks, you should understand computer forensics. Forensics is the process of using scientific knowledge for collecting, analysing, and presenting evidence to the courts. (The word forensics means “to bring to the court.”) Forensics deals primarily with the recovery and analysis of latent evidence. Latent

37

evidence can take many forms, from fingerprints left on a window to DNA evidence recovered from blood stains to the files on a hard drive.

Because computer forensics is a new discipline, there is little standardization and consistency across the courts and industry. As a result, it is not yet recognized as a formal “scientific” discipline. We define computer forensics as the discipline that combines elements of law and computer science to collect and analyse data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law.

Why is Computer Forensics Important? Adding the ability to practice sound computer forensics will help you ensure the overall integrity and survivability of your network infrastructure. You can help your organization if you consider computer forensics as a new basic element in what is known as a “defence-in-depth” approach to network and computer security. For instance, understanding the legal and technical aspects of computer forensics will help you capture vital information if your network is compromised and will help you prosecute the case if the intruder is caught.

Computer forensics is also important because it can save your organization money. Many managers are allocating a greater portion of their information technology budgets for computer and network security. International Data Corporation (IDC) reported that the market for intrusion-detection and vulnerability-assessment software will reach 1.45 billion dollars in 2006. In increasing numbers, organizations are deploying network security devices such as intrusion detection systems (IDS), firewalls, proxies, and the like, which all report on the security status of networks.

Forensic evidence:From a technical standpoint, the main goal of computer forensics is to identify, collect, preserve, and analyse data in a way that preserves the integrity of the evidence collected so it can be used effectively in a legal case.

What are some typical aspects of a computer forensics investigation? First, those who investigate computers have to understand the kind of potential evidence they are looking for in order to structure their search.

Crimes involving a computer can range across the spectrum of criminal activity, from child pornography to theft of personal data to destruction of intellectual property. Second, the investigator must pick the appropriate tools to use. Files may have been deleted, damaged, or encrypted, and the investigator must be familiar with an array of methods and software to prevent further damage in the recovery process.

System administrators and security personnel must also have a basic understanding of how routine computer and network administrative tasks can affect both the forensic process (the potential admissibility of evidence at court) and the subsequent ability to recover data that may be critical to the identification and analysis of a security incident.Security professionals need to consider their policy decisions and technical actions in the context of existing laws. For instance, you must have authorization before you monitor and collect information related to a computer intrusion. There are also legal ramifications to using security monitoring tools

38

Computer forensics is a relatively new discipline to the courts and many of the existing laws used to prosecute computer-related crimes, legal precedents, and practices related to computer forensics are in a state of flux. New court rulings are issued that affect how computer forensics is applied. The best source of information in this area is the United States Department of Justice’s Cyber Crime web site. The site lists recent court cases involving computer forensics and computer crime, and it has guides about how to introduce computer evidence in court and what standards apply. The important point for forensics investigators is that evidence must be collected in a way that is legally admissible in a court case.

Increasingly, laws are being passed that require organizations to safeguard the privacy of personal data. It is becoming necessary to prove that your organization is complying with computer security best practices. If there is an incident that affects critical data, for instance, the organization that has added a computer forensics capability to its arsenal will be able to show that it followed a sound security policy and potentially avoid lawsuits or regulatory audits.

Computer forensic tools:

These tools generally differ in functionality, complexity and cost. In terms of functionality, some tools are designed to serve a single purpose [4] while others offer a suite of functions.Therefore, the functionalities offered by a tool are exactly what lead to its complexities. These complexities can either be related to design and algorithmic complexity or ease-of-use; in some instances, a tool can offer great functionality but fall short because of a complex interface. Cost is the final distinguishing factor. Some of the market-leading commercial products cost thousands of dollars while other tools are completely free [4]. With these limiting factors (functionality, complexity, and cost) in mind, the computer forensic expert now needs to evaluate the criticality of the crime and choose an appropriate tool(s) to help with his/her investigation.

Various tools are:

Disk Imaging:Disk imaging is an important functionality since investigations should never be conducted on original storage media. Hence, disk imaging is used to protect the integrity of any storage media to be investigated. If a storage medium’s integrity is not maintained, results of an investigation could be rendered null and void in a court of law since defence attorneys are then able to bring the investigative process under question. Hashing and hash functions then become important since they offer a guarantee that an imaged device is actually the same as the original.

Hashing functions:Hash functions form the foundation of the internal verification mechanism used by forensic tools to guarantee the integrity of the original media and the resulting image file. A hash function H is a transformation that takes an input m and returns a fixed-size string, which is called the hash value h. That is, h is the result of the hashing function being applied onto the input mHashing functions are of 2 types-

i) Secure Hash Algorithm (SHA) 1ii) Message Digest 5 (MD5)

39

PC Inspector File Recovery:PC Inspector File Recovery is a freely available forensic tool. This tool serves two main purposes. Firstly, to reveal the contents of all storage media attached to the computer system and, secondly, to recover any deleted data from the media.

Encase®:Encase is a commercial forensic tool developed by Guidance Software. It was introduced to the forensics market in 1998. Encase’s functionalities include disk imaging, data verification and data analysis. An important feature is the recovery of data through the inspection of unallocated spaces. We must remember that these unallocated spaces could contain information relevant to an investigation.Vital information such as last access, time created, and last modifications of a file are all provided by this tool.

Forensic Tool Kit:

Forensic Tool Kit is a commercial forensics tool developed by AccessData. This tool allows the CFS to view all files on the chosen storage device. A function of this tool includes immediate generation of hash values for files that are viewed within an investigation.

Unlike the above mentioned forensic tools, Forensic Tool Kit does not support data recovery.Since the data discovery functionality of the tool is not effective, data analysis and recovery are both affected. In light of all this, it is important to mention that all investigations were conducted on a trial version of Forensic Tool Kit. Therefore, it is our view that the full version does incorporate more effective and comprehensive functionality

FTK Imager:

FTK Imager is a commercial tool offered by AccessData. Its main function is to view and to image storage devices. Data recovery can be attained in most instances as a result of the tool’s ability to effectively preview these storage devices. It is worth noting that the tool’s effectiveness at data recovery depends largely on the time when the file was actually deleted. The tool is also able to generate either MD5 or SHA hash values of all visible and accessible files. In particular, the MD5 hash value is generated and presented to the investigator as part of the completed process notification to guarantee the integrity of the original files.

Difference between cyber and conventional crimes:

In comparison to physical theft and cyber theft of data in financial institutions, there are a variety of differences and similarities. First, the intention by thief’s in both endeavours is to steal funds that are not their own. However, the physical theft leaves behind forensic evidence that is normally quite clear. Digital theft sometimes does not leave behind clear trails of evidence that can both be accounted for quickly after a crime occurs or can be traced back forensically to the originator of the crime. Furthermore, once physical thefts occur, a return to the crime scene is normally not standard protocol by a thief. However, if sensitive or private data is taken during a digital crime, such as user names, passwords, social security numbers, credit card numbers, account numbers, et cetera, and the crime goes unnoticed, this information can be used to perpetrate further crimes.

40

With regard to the penalty phase of cybercrime versus physical crime, there appears to be an apparent disparity. As in most white-collar crime, the judicial system is generally more lenient during sentencing due to the lack of physical threat or harm. Normally, value is a consideration during the penalty phase of white-collar crime, whereby the total value of goods stolen impacts sentencing. If a person with a handgun steals a thousand dollars from a store clerk and shoots the clerk in the shoulder, but an 18-year old hacker steals $10,000 from a bank in Utah, would 15-year sentences for both crimes be sufficient for the public to perceive that justice has been served? Ultimately, there will almost always be a disparity in sentencing between violent and white-collar crime due to the threat of violence and harm to the person versus the value of the theft. However, as cybercrimes become more trans-national and values increase exponentially, the international community, judicial systems, and public outcry will begin to change perceptions and more than likely adjust sentencing parameters to align with local and international perceptions.Perhaps one way of viewing cybercrimes is that they are digital versions of traditional offenses. It appears that many cybercrimes could be considered traditional, or real world, crimes if not for the incorporated element of virtual or cyberspace. Indeed, many of these so-called cybercrimes can be easily likened to traditional crimes. For instance, identity theft can occur in both physical and cyber arenas. While these crimes may occur through differing mechanisms, in both circumstances the criminal intent (profit) and outcome (stolen personally identifiable information) are the same.

In the real world, a criminal can steal a victim’s wallet or mail including documents containing personally identifiable information. In April 2011, two men were sentenced for leading a criminal enterprise that stole credit and debit cards from mailboxes in affluent neighbourhoods in South Florida. The thieves then used the cards to make large purchases and cash withdrawals from the cards, costing victims $786,000.17 in another case, from September 2010, the leaders of a mail theft and identity theft ring were sentenced for stealing mail from mailboxes in more than 50 residences and law firms in Washington, DC. The thieves took checks and documents containing personally identifiable information (PII) to cash forged checks at local banks.

In the cyber world, a computer hacker can easily steal this same PII—electronically rather than physically. In September 2012, two Romanian nationals pleaded guilty “to participating in an international, multimillion-dollar scheme to remotely hack into and steal payment card data from hundreds of U.S. merchants’ computers.” Defendants remotely hacked into POS systems and then, also remotely, installed “keystroke loggers.” These devices illegally captured victims’ credit card information when the cards were swiped by the merchants, and then this information was transferred electronically to the fraudsters. The defendants stole information from about 6,000 victims and sold this information for a profit. In another case, two defendants were sentenced in July 2010 for using peer-to-peer (P2P) software to search file sharing networks, stealing victims’ account information and passwords. The defendants used this information to access victims’ bank accounts and transfer funds to prepaid credit cards in the defendants’ names.

In some instances, it may seem that law enforcement struggles to keep up with developments in the virtual world, which transform routine activities once driven by paper records in the real world. As a result, criminals are often prosecuted using laws intended to combat crimes in the real world. As Department of Justice (DOJ) officials have pointed out, federal laws to prosecute computer-related crimes are not necessarily as ample or broad as those used to confront their traditional counterparts.

41

UNIT-4Regulation of cyber-crimes, Issues relating to investigation, issues relating to

jurisdiction, issues relating to evidence, relevant provisions under Information Technology Act 2000, Indian penal code, pornography Act and evidence Act etc.

Regulation of cybercrimes:

The ever increasing use of computers, networks and the Internet has led to the need for regulation in the fields of cybercrime, cyber security and national security.As the extent of commerce transacted over cyberspace continues to grow, along with increasing reliance on information technology to derive cost-efficiencies, the risk exposures to enterprises have increased. Regulators from several countries in Asia have strengthened existing data privacy and cybercrime laws or created new ones in response to the increasing frequency and severity of cyber-attacks in the region. Companies with single or multinational operations in Asia must keep pace with the changing regulatory landscape, as governments enhance existing laws, create new laws, and step up enforcement, increasing risk exposures for companies who are the subject of a cyber-attack, misuse or mishandle customer data.As crime increasingly has a digital component, legislators in the United States have responded by strengthening and broadening legislation to address the threats; the Computer Fraud and Abuse act is a prime example.  Center researchers examine the impact of this and other laws and regulation on cybercrime, asking whether particular provisions achieve their desired results and/or produce costly, unintended side effects.  The goal of this work is to arrive at generalizations about the types of laws and regulations that are effective at deterring fraud and promoting security. In India, The Information Technology Act of 2000 addresses a range of cybercrimes, such as hacking, viruses, email scams, Dodos, forgery, cyber terrorism, identity theft, phishing, and e-commerce fraud.

In 2013, the government went one step further by announcing a National Cyber Security Policy aimed at setting up an agency to protect the public and private infrastructures from cyber-attacks and safeguarding the personal information of web users, financial and banking information, and sovereign data. How this policy will be executed remains to be seen. India is also working on a new piece of legislation on privacy, which provides for the protection of data and personal privacy.

Relevant law:-„The Information Technology Act, 2000.„Information Technology Act Amendment (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.„RBI Regulation: DBOD.COMP.BC.No. 130/07.03.23/2000-01

Issues relating to investigation:

The law enforcement agencies were bound by some ground rules before the evolution of cybercrimes. There were established procedures for investigation and prosecution of all types of crimes. In case of traditional crimes, large number of physical evidence is generally available at the scene of crime. Collection of such physical evidence required at lot of common sense and a little technical knowledge. Forensic help could also be provided since

42

laboratory examination procedures are fully established. The crime scene is also confined to a relatively smaller place.Today, with the advancement of technology, crimes have become more complex and criminals more sophisticated as their modus operandi is incomparable to the traditional investigation methods. Information technology provides an opportunity to the criminals to commit traditional crimes like cheating, fraud, theft, credit card frauds, embezzlement of bank deposits, industrial and political espionage, cyber terrorism etc. and at the same time it helps in committing non-traditional and information technology related crimes like attacks against the security of critical infrastructures like tale communication, banking and on emergency services. Such crimes may be committed through computer networks across the national borders, affecting not only individuals, but they may instead result in compromising the security and the economy of the nation. In this information technology age, the criminal investigation procedures require radical changes to handle the errant computer users effectively. Today, the crime investigators are faced with the problem of collection of appropriate evidence in computer storage media and data communication system. It requires a cohesive well trained and well equipped force of investigators operating and co-coordinating at national and international level. This change in crime scenario would also necessitate major changes in the related forensic procedures as well as in the outlook of judiciary. Present era of fast changing technologies well soon derail the criminal justice system and make the whole exercise futile, if appropriate steps are not taken urgently.The law enforcement agencies throughout the world are mainly facing three types of problems/issues in their fight against the cyber-crimes.

Issues relating to jurisdiction:

Cyber-crimes are crimes truly with have o boundary. Information technology has turned the world into a global village. The advent of Internet has put everyone within the reach of other. The cyber-criminal have scant regard for national or local jurisdictions.Section 75 of the Information Technology Act is Indian answer to jurisdictional blues. This Section extends the influence of Information Technology Act, 2000 over the entire world keeping in view the nature of cyber crimesHowever, the problem is not as simple as it appears. The difficulty arises in implementing extra-territorial jurisdiction. The problem will arise as to actual conducting of investigation and trail. Internal territorial problems can be solved such problem invariably arises in international arena. The first point is how far the nations are willing to help one another. Police investigations abroad are stifled by a variety of factor, including the desire to protect individual of certain nationalities. The procedure also involves a request by the court of one country to its counterpart in another. Collection of information in cyber matters requires searches and confiscation of delicate material that needs speedy and expert handling. Assistance in such areas is slow and half-hearted despite there being bets relations among countries.Also, Section 75 has potential to create problems, as an act that occurred overseas may have no connection in India except the use of some remote computer resource located here, this, which is quite common in internet relations, may be brought within the purview of our laws. How it is justifiable to start criminal proceedings against a foreigner who has not committed any act on Indian Territory? It is submitted that jurisdiction of IT Act shall not extend to those cases where the accused and victims are foreigners and the offence is committed outside the territory of India.

43

For trail in India of any foreign national, he can be demanded from has parent country only when the same facts also constitute an offence in that country. For example, pornography is not illegal in Amsterdam (Holland), any person transmitting obscene material in India cannot be brought to India and tried under the I.T. Act of 2000 despite the same being an offence here,. Gambling and obscenity laws provide criminal sanctions of individual within their jurisdiction. For example, if the person placing the bet and the bookie is in a country such as the UK where gambling on cricket is legal, and if the bet is placed from a computer in India how can get police department effectively act on this crime in India?

The extradition treaties are not generally there. Even when there is any such extradition treaty, offender can be extradited to India only when the same facts also constituted an offence in other legal system and too after the testing of facts and offence by the legal systems of both the countries. It will be a protracted battle. A number of Kashmiri terrorists are hacking Indian sites from Pakistan. Due to political differences least cooperation is expectable from Pakistan. It has different definitions of crime. Any act of cyber terrorism will be offence in Indian but they are categorized as freedom fighters by Pakistan. So they cannot be brought to book. A pertinent question arises whether a judgment passed by an Indian court in matter relating to a person/company situated abroad but duly covered under the provisions of the I.T. Act of 2000 would be acceptable to foreign courts. If the judgments delivered by Indian Court cannot be enforced then whole exercise of trial and punishments would turn out to be futile. In case of India, the absence of internationally accepted jurisdiction treaty or convention, the desire to bring the cyber-criminal book from any corner of the world is just a dream which is far from reality. The problem will be more acute as India is still not the signatory of the International Cyber Crime Treaty, It does not enjoy the privileges accorded to signatory nations in the detection investigation and prosecution of cyber-crimes.

There is no universally accepted definition of cyber-crime. The cyber-crime in a country may not be termed as a cyber-crime in another. There are only 13 countries that have cyber-crime laws. This puts enormous pressure on the law enforcement agencies in obtaining international co-operation. The absence of such laws is like shielding the criminals from the legal provisions and providing them safe haven to continue with their evil deeds. Further, the rate at which cyber-crimes are increasing in the world, it is necessary for the criminal justice to demonstrate that quick and severe punishment would be awarded to those involved in such criminal activities. What we need is the rule of law at an international level and a universal legal framework which is equal to the worldwide reach of internet. It is therefore, necessary to make appropriate dynamic laws pertaining to cyber-crime. It cannot take the usual snail’s pace of law making since the technology changes at a very fast rate. The laws made today for yesterday technology might become outdated by the time they are checked. It is submitted that universally accepted definition of cybercrime shall be made and an international treaty on cyber-crime shall be made and shall be signed by the entire countries of the world in order to tackle menace of cyber crime

Issues relating to evidence:

To effectively combat the cyber-crime, it is not sufficient to successfully investigate the crime and nab the criminal, but more important is to prosecute and administer justice, according to the law of land. This requires an effective legal frame work, which fully supports the detection and prosecution of cyber criminals. The traditional techniques for investigation of cyber-crime and the prosecution procedures are inadequate. The judiciary

44

must also appreciate the intricacies of the digital evidence that is collected and presented in the courts of law, in spite of the technical and operational hurdles the investigator faces.

1. Victims and Witnesses’ Unawareness The first impediment that is faced by investigators is of securing the co-operation of complainants and witnesses. It is now well-documented that the victims of crimes of this nature are reluctant to report them to the police. Ernst and Young found in its 8th Global Survey of business fraud, that only one quarter of frauds were reported to the police and only 28% of these respondents were satisfied with the resultant investigation.

2. Identifying Suspects Another problem faced by cyber-crime investigators is the identification of suspects. Occasionally, this can lead to considerable problems when the wrong person is arrested.Digital technologies enable people to disguise their identity in a wide range of ways making it difficult to know with certainty as to who was using a computer from which illegal communications came. This problem is more prevalent in business environment where multiple people may have access to a personal computer and where passwords are known or shared, than in private home where it can often be assumed who the person was and who was using the computer because of circumstantial evidence.This problem of identifying suspects may be resolved by traditional investigative techniques, such as the use of video surveillance or gathering indirect circumstantial evidence that locates accused at the terminal at a particular time and day.This problem may be also solved by the use of biometric means of identification. At present few computers have biometric user authentication systems such as fingerprint scanner when logging on. When they become more widespread, problems of identification may be reduced. DNA samples which can be gathered from keyboards may be used to identity an individual with a particular computer in some cases.

3. Locating and Securing Relevant MaterialConsiderable difficulties arise in locating and securing electronic evidence as the mere act of switching on or off a computer may alter critical evidence and associated time and date records. It is also necessary to search through vast quantities of data in order to locate the information being sought. Today’s cyber investigators are faced with many problems because digital evidence is highly fragile, bits are easier to temper than paper, can easily be altered, manipulated and destroyed. So chain of custody of these needs is to be maintained and all digital evidence need to be authenticated.Difficult problems arise in obtaining digital evidence in cyber-crime cases, although in some ways computers have made the process easier through the ability to conduct searches of hard drives remotely via the Internet. Some of the main difficulties, however, relate to obtaining permission to conduct such a search, securing the relevant access device such as a password, decrypting data that have been encrypted, and imaging a hard drive without interfering with the evidence. There is also the practical problem of conducting searches quickly so that data cannot be removed.

4. Problems of Encryption A difficult problem faced by cyber-crime investigators is concerning the data that have been encrypted by accused who refuse to provide the decryption key or password.

45

Relevant provisions under Information Technology Act 2000:

The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) is an Act of the Indian Parliament (No 21 of 2000) notified on 17 October 2000. It is the primary law in India dealing with cybercrime and electronic commerce. It is based on the United Nations Model Law on Electronic Commerce 1996.

In May 2000, both the houses of the Indian Parliament passed the Information Technology Bill. The Bill received the assent of the President in August 2000 and came to be known as the Information Technology Act, 2000. Cyber laws are contained in the IT Act, 2000.

This Act aims to provide the legal infrastructure for e-commerce in India. And the cyber laws have a major impact for e-businesses and the new economy in India. So, it is important to understand what are the various perspectives of the IT Act, 2000 and what it offers.

The Information Technology Act, 2000 also aims to provide for the legal framework so that legal sanctity is accorded to all electronic records and other activities carried out by electronic means. The Act states that unless otherwise agreed, an acceptance of contract may be expressed by electronic means of communication and the same shall have legal validity and enforceability. Some highlights of the Act are listed below:

Chapter-II of the Act specifically stipulates that any subscriber may authenticate an electronic record by affixing his digital signature. It further states that any person can verify an electronic record by use of a public key of the subscriber.

Chapter-III of the Act details about Electronic Governance and provides inter alia amongst others that where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is -rendered or made available in an electronic form; and accessible so as to be usable for a subsequent reference.

The said chapter also details the legal recognition of Digital Signatures.

Chapter-IV of the said Act gives a scheme for Regulation of Certifying Authorities. The Act envisages a Controller of Certifying Authorities who shall perform the function of exercising supervision over the activities of the Certifying Authorities as also laying down standards and conditions governing the Certifying Authorities as also specifying the various forms and content of Digital Signature Certificates. The Act recognizes the need for recognizing foreign Certifying Authorities and it further details the various provisions for the issue of license to issue Digital Signature Certificates.

Chapter-VII of the Act details about the scheme of things relating to Digital Signature Certificates. The duties of subscribers are also enshrined in the said Act.

Chapter-IX of the said Act talks about penalties and adjudication for various offences. The penalties for damage to computer, computer systems etc. has been fixed as damages by way of compensation not exceeding Rs. 1,00,00,000 to affected persons. The Act talks of appointment of any officers not below the rank of a Director to the Government of India or an equivalent officer of state government as an Adjudicating Officer who shall adjudicate

46

whether any person has made a contravention of any of the provisions of the said Act or rules framed there under. The said Adjudicating Officer has been given the powers of a Civil Court.

Chapter-X of the Act talks of the establishment of the Cyber Regulations Appellate Tribunal, which shall be an appellate body where appeals against the orders passed by the Adjudicating Officers, shall be preferred.

Chapter-XI of the Act talks about various offences and the said offences shall be investigated only by a Police Officer not below the rank of the Deputy Superintendent of Police. These offences include tampering with computer source documents, publishing of information, which is obscene in electronic form, and hacking.

The Act also provides for the constitution of the Cyber Regulations Advisory Committee, which shall advice the government as regards any rules, or for any other purpose connected with the said act. The said Act also proposes to amend the Indian Penal Code, 1860, the Indian Evidence Act, 1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act, 1934 to make them in tune with the provisions of the IT Act.

Indian penal code:

The Indian security system has been one that has gone through a lot of tests and examinations throughout the time. This is due to the political as well as the social situation and standing of the country. India is a land of diverse cultures and traditions. It is a place where people from various religions as well as ethnic backgrounds live together. As a result of these, there might arise certain disputes amongst the people. The cultural diversity is such that there are disputes and clashes of interest between different states, ethnic to particular cultural consortiums. There are also many intrusions from neighbouring countries and terrorist organizations. Then, there is the issue of the Naxalites as well as the day to day common crimes. To counter all such crimes and breach of law, a document has been formulated, that covers each of these situations separately and lists out the penalties for those found guilty under any of the mentioned offences. This is document is known as the Indian Penal Code. The Indian penal code is also applicable to the state of Jammu and Kashmir.The Indian Penal code, in its basic form, is a document that lists all the cases and punishments that a person committing any crimes is liable to be charged with. It covers any Indian citizen or a person of Indian origin. The exception here is that any kind of military or the armed forces crimes cannot be charged based on the Indian Penal Code. Military as well as the armed forces have a different dedicated list of laws and the Indian Penal Code does not have the privilege to supersede any part of it. The Indian Penal Code also has the power to charge for any crimes committed by a person who is an Indian citizen on any means of transport belonging to India-an Indian aircraft or an Indian ship.

Indian Penal Code (IPC) is the main criminal code of India. It is a comprehensive code intended to cover all substantive aspects of criminal law. The code was drafted in 1860 on the recommendations of first law commission of India established in 1834 under the Charter Act of 1833 under the Chairmanship of Thomas Babington Macaulay.[1] [2] [3] It came into force in British India during the early British Raj period in 1862. However, it did not apply automatically in the Princely states, which had their own courts and legal systems until the

47

1940s. The Code has since been amended several times and is now supplemented by other criminal provisions. Based on IPC, Jammu and Kashmir has enacted a separate code known as Ranbir Penal Code (RPC).

After the departure of the British, the Indian Penal Code was inherited by Pakistan as well, much of which was formerly part of British India, and there it is now called the Pakistan Penal Code. Even after the independence of Bangladesh (Formerly known as East Pakistan) from Pakistan (Formerly known as West Pakistan), it continued in force there. It, the Indian Penal Code, was also adopted by the British colonial authorities in Burma, Ceylon (now Sri Lanka), the Straits Settlements (now part of Malaysia), Singapore and Brunei, and remains the basis of the criminal codes in those countries. The Ranbir Penal Code applicable in that state of Jammu and Kashmir of India, is also based on this Code.

The draft of the Indian Penal Code was prepared by the First Law Commission, chaired by Thomas Babington Macaulay in 1834 and was submitted to Governor-General of India Council in 1837. Its basis is the law of England freed from superfluities, technicalities and local peculiarities.

The Indian Penal Code of 1860, sub-divided into twenty three chapters, comprises five hundred and eleven sections. The Code starts with an introduction, provides explanations and exceptions used in it, and covers a wide range of offences.

There are sections related to Dowry Laws and jurisdictions in India, as well as there are several sections that concern various types of criminal laws. The Indian Penal Code is thus the most fundamental document of all the law enforcer as well as the entire judiciary in India.

Pornography Act:

Pornography or obscenity is very sensitive issue all over the world yet there is no settled definition of the word under any law. What is nude art or sexually explicit thing for one person may be obscene or porn for another. Hence, it is very difficult to define “What is porn?”

There have been many attempts to limit the availability of pornographic content on the Internet by governments and law enforcement bodies all around the world but with little effect. Classic example is a website, www.incometaxpune.com, prima facie, it looks a website of Income tax department of Pune City, but actually it’s a porn site. Though it was blocked many times by law enforcement agencies in India, it is still available with obscene contains.

Pornography on the Internet is available in different formats. These range from pictures and short animated movies, to sound files and stories. The Internet also makes it possible to discuss sex, see live sex acts, and arrange sexual activities from computer screens. Although the Indian Constitution guarantees the fundamental right of freedom of speech and expression; it has been held that a law against obscenity is constitutional. The Supreme Court has defined obscene as “offensive to modesty or decency; lewd, filthy, repulsive”.

48

Section 67 of the Information Technology Act, 2000 penalizes cyber pornography. Other Indian laws that deal with pornography include the Indecent Representation of Women (Prohibition) Act and the Indian Penal Code.

 Section 67 reads as under:-

Whoever publishes or transmits or causes to be published or transmitted in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to three years and with fine which may extend to five lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.

 This section explains what is considered to be obscene and also lists the acts in relation to such obscenity that are illegal.

 Explanation

Any material in the context of this section would include video files, audio files, text files, images, animations etc. These may be stored on CDs, websites, computers, cell phones etc.

 

Lascivious is something that tends to excite lust.

Appeals to, in this context, means “arouses interest”.

Prurient interest is characterized by lustful thoughts.

Effect means to produce or cause some change or event.

Tend to deprave and corrupt in the context of this section means “to lead someone to become morally bad”.

Persons here refers to natural persons (men, women, children) and not artificial persons (such as companies, societies etc.).

 

To be considered obscene for the purpose of this section, the matter must satisfy at least one of the following conditions:-

 

it must tend to excite lust, or it must arouse interest in lustful thoughts, or It must cause a person to become morally bad.

 The above conditions must be satisfied in respect of a person who is the likely target of the material.

49

Illustration 

Sameer launches a website that contains information on sex education. The website is targeted at higher secondary school students. Pooja is one such student who is browsing the said website. Her illiterate young maid servant happens to see some explicit photographs on the website and is filled with lustful thoughts.

This website would not be considered obscene. This is because it is most likely to be seen by educated youngsters who appreciate the knowledge sought to be imparted through the photographs. It is under very rare circumstances that an illiterate person would see these explicit images.

Acts those are punishable in respect of obscenity:-

“Publishing” means “to make known to others”. It is essential that at least one natural person (man, woman or child) becomes aware or understands the information that is published. Simply putting up a website that is never visited by any person does not amount to publishing.

“Transmitting” means to pass along convey or spread. It is not necessary that the “transmitter” actually understands the information being transmitted.

Information in the electronic form includes websites, songs on a CD, movies on a DVD, jokes on a cell phone, photo sent as an email attachment etc.

The punishment provided under this section is as under:-

First offence: Simple or rigorous imprisonment up to 3 years and fine up to Rs 5 lakh.

Subsequent offence: Simple or rigorous imprisonment up to 5 years and fine up to Rs 10 lakh.

Amendments of 2008 introduced new Section on Cyber pornography i.e. Section 67A.

 

The Section makes publishing or transmitting of sexually explicit act or conduct illegal with a punishment of imprisonment up to five years and with fine which may extend to ten lakh rupees for first offence and seven years for subsequent offences.

Hence, the Section makes publishing or transmission of blue films, audio sex clips, pictures, magazines and any other material in the electronic form involving sexually explicit acts illegal.

Evidence Act:

The Indian Evidence Act, originally passed by the Imperial Legislative Council in 1872, during the British Raj, contains a set of rules and allied issues governing admissibility of evidence in the Indian courts of law.

The enactment and adoption of the Indian Evidence Act was a path-breaking judicial measure introduced in India, which changed the entire system of concepts pertaining to admissibility

50

of evidences in the Indian courts of law. Until then, the rules of evidences were based on the traditional legal systems of different social groups and communities of India and were different for different people depending on caste, religious faith and social position. The Indian Evidence Act introduced a standard set of law applicable to all Indians.

The law is mainly based upon the firm work by Sir James Fitzjames Stephen, who could be called the founding father of this comprehensive piece of legislation.

The Indian Evidence Act, identified as Act no. 1 of 1872,[2] and called the Indian Evidence Act, 1872, has eleven chapters and 167 sections, and came into force 1 September 1872. At that time, India was a part of the British Empire. Over a period of more than 125 years since its enactment, the Indian Evidence Act has basically retained its original form except certain amendments from time to time.When India gained independence on 15 August 1947, the Act continued to be in force throughout the Republic of India and Pakistan, except the state of Jammu and Kashmir.[3] Then, the Act continues in force in India, but it was repealed in Pakistan in 1984 by the Evidence Order 1984 (also known as the "Qanun-e-Shahadat"). It also applies to all judicial proceedings in the court, including the court martial. However, it does not apply on affidavits and arbitration.

This Act is divided into three parts and there are 11 chapters in total under this Act.[2]

Part 1

Part 1 deals with relevancy of the facts. There are two chapters under this part: the first chapter is a preliminary chapter which introduces to the Evidence Act and the second chapter specifically deals with the relevancy of the facts.

Part 2

Part 2 consists of chapters from 3 to 6. Chapter 3 deals with facts which need not be proved, chapter 4 deals with oral evidence, chapter 5 deals with documentary evidence and chapter 6 deals with circumstances when documentary evidence has been given preference over the oral evidence.

Part 3

The last part, that is part 3, consists of chapter 7 to chapter 11. Chapter 7 talks about the burden of proof. Chapter 8 talks about estoppel, chapter 9 talks about witnesses, chapter 10 talks about examination of witnesses, and last chapter which is chapter 11 talks about improper admission and rejection of evidence.

51

UNIT-V

Copyright issues in cyberspace: linking, framing, protection of content on web site,International treaties, trademark issues in cyberspace: domain name dispute, cyber-

squatting, uniform dispute resolution policy, computer software and related IPR issues

Copyright issues in cyberspace:

Copyright laws protect original works, but not ideas or facts. The Copyright Act of 1976 grants exclusive rights to the copyright holder. A copyright protects original works such as: literary works, musical works, dramatic works, pantomimes & choreographed works, pictorial, graphic, and sculptural works, motion pictures and other audio-visual works, sound recordings, architectural works, compilations (databases for example), written words on a website, and software programs on a website. The copyright holder has exclusive rights such as reproduction, derivative works (being allowed to alter it), distribution, performance, and display, audio & video transmission.

Copyright is automatically created on original works. You do not need to file to create a copyright. But it may be a good idea to file a copyright to establish a public record of it and if you ever want to pursue an infringement suit, it will need to have been filed. You can visit copyright.gov/forms to download a copyright form. A common-law copyright is created automatically on publication, so registration is not required to use the © symbol. The proper way to state that something is copyrighted is to use the © symbol, the copyright or abbreviated version (Copr.), the year of first publication, and the name of the copyright owner. For example: © Copyright 2007 Off the Page Creations.

Copyrights that were created after January 1, 1978 have protection during the life of the author plus 70 years. In the case of more than one author, the period of protection is the term of 70 years after the death of the last surviving member. In a case of 'Work-Made-For-Hire', the protection term is 95 years from first publication or 120 years from the year of creation (whichever comes first). Once copyrights expire they become part of the public domain and are free to use by anyone. But don't assume just because something doesn't have a copyright symbol, that it is free to use.

In a 'Work-Made-For-Hire' the person that hires someone to create (design a logo for example) something for them, the person hiring is the person who holds the copyright, not the designer or author. If the work was prepared by an employee within his job duties as requested by his/her boss and not for a customer, the employer holds the copyright because the employee was hired to do it for the employer and it was part of his/her job duties.

An odd variation to the 'Work-Made-For-Hire' rule is websites (including the 'look & feel', the software, scripts, graphics & the text). If someone hires a web designer to create their website, the website designer holds the copyright, unless it is specified otherwise in the contract. Most companies state that the hiring party holds the contract (as we state in our contract), but it's a good idea to verify who will hold copyright to the website before signing anything.

52

Fair Use

'Fair Use' allows limited use of a copyrighted work. Some examples of what are considered 'fair use' are: teaching, criticism, comment, news reporting, and research. Only a court can decide if a copyrighted works use was considered 'fair use'.

What You Can't Do

Copy pictures to use on your brochure or website that you found on the internet (even if you put up the copyright line of who holds the copyright, this is considered infringement)

Purchase a license to use a photo on your brochure, then continue to use it on your website, flyers, and postcards unless it is stated in the license

Copy text out of a book or off from a website and use it verbatim Put music on your website without permission Post an article without permission, even if it's about you Use an image by linking to it rather than copying it (This is still copyright

infringement)

What You Should Do

Purchase photos to use that are 'copyright free' and follow the license for the uses Or get permission from the copyright holder to use photos Purchase 'copyright free' music and follow the license for the uses Get permission to use articles from the writer & publisher You should ask permission to link to someone's website

Copyright infringers may face civil liability and also criminal liability for felony copyright infringement if it is wilful, and for financial gain, or by reproducing and distributing a large amount.

Linking:

Most often, a website will connect to another in the form of a link (also known as a “hypertext” link), a specially coded word or image that when clicked upon, will take a Web user to another Web page. A link can take the user to another page within the same site (an “internal link”), or to another site altogether (an “external link”).

You do not need permission for a regular word link to another website’s home page. If there is some concern over the link, most issues can be squared away by having the linked site sign a linking agreement that gives permission for your link.

Linking is the practice of linking to the internal pages of a website, bypassing introductory pages as well as other material that would normally precede the linked page. By deep linking into a website, a person is able to navigate to the linked page without going through introductory pages that normally include things like advertisements and banners that provide the website with income. As a result of deep linking, many small businesses have suffered because of this loss of advertisement income. In addition, when one website deep links into

53

another website, users could be confused into thinking that the two websites are related to each other.

Framing:

Unlike linking, framing is a relatively recent phenomenon, introduced by Netscape in Version 2 of its Navigator product. A framing site, by virtue of certain commands in its HTML code, links to another site, displaying that site within a window or frame. The frame itself is comprised of content from the framing site. In contrast to generic hyperlinking, in the case of framing, the user remains at the framing site and views content from both sites. The address that the user's browser displays may continue to be that of the framing site. The user may be unaware that the content in the frame comes from another site. This difference between linking and framing may make trademark liability more likely for sites that frame rather than merely hyperlink.

Sites are increasingly challenging those who frame them.

Protection of content on web site:

Websites are particularly open to abuse, especially theft of content and images. You should assume that files will be accessed randomly, downloaded as individual chunks, and distributed out of context. It is therefore important to include a copyright notice on as many individually deliverable items as possible:

Image file properties should include a notice.

Under Windows for example, right clicking on an image will allow you to bring up the properties dialogue where you may enter details about the file, (though this will only work with certain file types). More typically, your image software will provide a way to insert comments into the file; this is preferred as these are harder to remove.

Every page should contain a notice in the visible text (text shown on screen), or at least link to your notice in the body of the page.

Every delivered file should include a notice in non-visible text.

For example, in HTML files and CSS style sheets a copyright notice can be included as a comment.

Watermarking may be worth considering if you have a lot of valuable images on your site.

Websites are one of the easiest things to copy, particularly any written content and images, so registration is particularly important.Copyscape is a useful tool that will compare your web pages to others indexed by Google and return any it finds with matching text.

Here are four things you can do to protect your property from thieves online:

54

1. Include the copyright symbol on all pages of your website and your content like e-books and PDF downloads. This will deter those who innocently think its ok to copy your stuff without realising it’s an infringement.

2. Use Copyscape a duplicate content checker to search the internet for copies of your web or blog pages. You pop your page address in the search box and it will scan the web for copies. Note that it searches each page individually not a whole website.

3. If you have a WordPress site try a plug in called WP-Copyprotect. This ‘locks’ your blog so text and images can’t be highlighted, copy and pasted. This works on the assumption that anyone wanting to steal your blog post or text from your website will be too lazy to re-type it out for themselves.

4. Protect your online products, photos and images using a Creative Commons license. You can get one set up in seconds for free to protect ebooks, images and other materials for that extra bit of security.

International treaties:

The Convention on Cybercrime, also known as the Budapest Convention on Cybercrime or the Budapest Convention, is the first international treaty seeking to address Internet and computer crime by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations. It was drawn up by the Council of Europe in Strasbourg, France, with the active participation of the Council of Europe's observer states Canada and Japan.

The Convention is the first international treaty on crimes committed via the Internet and other computer networks, dealing particularly with infringements of copyright, computer-related fraud, child pornography, hate crimes, and violations of network security.[6] It also contains a series of powers and procedures such as the search of computer networks and lawful interception.

Its main objective, set out in the preamble, is to pursue a common criminal policy aimed at the protection of society against cybercrime, especially by adopting appropriate legislation and fostering international cooperation.

The Convention and its Explanatory Report was adopted by the Committee of Ministers of the Council of Europe at its 109th Session on 8 November 2001. It was opened for signature in Budapest, on 23 November 2001 and it entered into force on 1 July 2004.As of October 2014, 44 states have ratified the convention, while a further nine states had signed the convention but not ratified it.

On 1 March 2006 the Additional Protocol to the Convention on Cybercrime came into force. Those States that have ratified the additional protocol are required to criminalize the dissemination of racist and xenophobic material through computer systems, as well as threats and insults motivated by racism or xenophobia.

Trademark issues in cyberspace:

A trademark is a word, name, symbol, device, or combination of, used by someone to identify his product. Trademarks arise from 'use' and do not have to be registered to be considered

55

trademarked. There are good reasons to register a trademark though. One reason, like copyrights, it establishes a public record. The second reason is that it needs to be registered in order to file for trademark infringement. It also helps to establish trademark in other countries and to stop imports of infringing foreign goods from entering the country. A trademark is valid indefinitely, but if not maintained it can be lost and fall into public domain. For instance, if a trademark becomes a common phrase, then it will be deemed lost and the trademarked term considered common usage (Aspirin, Allen Wrench, Granola, and Yo-Yo are just a few examples).

Trademark registration begins with the U.S. Patent and Trademark Office (P.T.O.). Registering a trademark can take more than a year after the application is filed. There is an extensive research involved to ensure that a similar trademark does not already exist.

Once the trademark goes through, the ® symbol identifies a trademark as registered with the U.S. P.T.O. The proper way to write this is - "® Registered in the U.S. Patent and Trademark Office", or the abbreviation - "Reg. U.S. Pat. And Tm. Off." If it is not yet officially registered with the P.T.O., the ™ symbol should be used instead.

Trademarks are protected from infringement and also dilution. Infringement of a trademark means that there is another that is too similar and it is confusing. Dilution of a mark would be because the public has a strong association with the original trademark and the other would take away from that association.

It is not considered infringement to make fun of a copyrighted or trademarked work as long as it is apparent that it is not the original, but a parody. You cannot create a domain name similar to another and make fun of it, because it would not be evident that it was a joke until the user actually reached the website.

Trademarks should not be used in meta-tags (the hidden keyword tags on a web page), or in a pay-per click ad campaign. There have been cases where this was considered infringement.

Domain name dispute:

Domain names are simply the addresses of the Internet. E-mail is sent and web pages are found through the use of domain names. As an example, the web address for the Microsoft web site is www.microsoft.com, while Bill Gates might have an e-mail address such as bill@microsoft.com (both using the "microsoft.com" domain name). Without the domain name, a computer would have no idea where to look for a web page, and e-mail routers would not be able to send e-mail. Of course, domain names are more than just addresses, since they can be selected by the "addressee" and are usually closely associated with a particular service or product.Because of the increasing popularity of the Internet, companies have realized that having a domain name that is the same as their company name or the name of one of their products can be an extremely valuable part of establishing an Internet presence. As explained above, a company wishing to acquire a domain name must file an application with the appropriate agency. Before doing so, a search is done to see if their desired domain name is already taken. A good site for doing such a search is provided by Network Solutions. When a company finds that the domain name corresponding to their corporate name or product trademark is owned by someone else, the company can either choose a different name or fight to get the domain name back from its current owners.

56

Some well publicized examples of these types of domain names disputes are:

candyland.com : Both Hasbro and an adult entertainment provider desired the candyland.com domain name. Hasbro was too late to register the name itself, but it is never too late to sue (well, almost never). The domain name is now safely in the hands of Hasbro.

mcdonalds.com : This domain name was taken by an author from wired magazine who was writing a story on the value of domain names. In his article, the author requested that people contact him at ronald@mcdonalds.com with suggestions of what to do with the domain name. In exchange for returning the domain name to McDonalds, the author convinced the company to make a charitable contribution.

micros0ft.com : The company Zero Micro Software obtained a registration for micros0ft.com (with a zero in place of the second 'o'), but the registration was suspended after Microsoft filed a protest. When the domain name went abandoned for non-payment of fees, the domain name was picked up by someone else: Vision Enterprises of Roanoke, TX

mtv.com : The MTV domain name was originally taken by MTV video jockey Adam Curry. Although MTV originally showed little interest in the domain name or the Internet, when Adam Curry left MTV the company wanted to control the domain name. After a federal court action was brought, the dispute settled out of court.

peta.org : An organization entitled "People Eating Tasty Animals" obtained the peta.org domain name, much to the disgust of the better know People for the Ethical Treatment of Animals. This domain name was suspended, but as of May 2000 the domain name was still registered in the name of People Eating Tasty Animals.

roadrunner.com : When NSI threatened to suspend the roadrunner.com domain name after a protest by Warner Brothers, the New Mexico Internet access provider who was using the domain name filed suit to prevent the suspension. Although the access provider was able to prevent the suspension, a joint venture company involving Time Warner, MediaOne, Microsoft, Compaq, and Advance/Newhouse eventually obtained the domain name.

taiwan.com : The mainland China news organization Xinhua was allowed to register the domain name taiwan.com, much to the disgust of the government of Taiwan.

Cyber-squatting:

Cybersquatting (also known as domain squatting), according to the United States federal law known as the Anticybersquatting Consumer Protection Act, is registering, trafficking in, or using an Internet domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else. The cybersquatter then offers to sell the domain to the person or company who owns a trademark contained within the name at an inflated price.

The term is derived from "squatting", which is the act of occupying an abandoned or unoccupied space or building that the squatter does not own, rent, or otherwise have permission to use. Cybersquatting, however, is a bit different in that the domain names that are being "squatted" are (sometimes but not always) being paid for through the registration process by the cybersquatters. Cybersquatters usually ask for prices far greater than that at which they purchased it. Some cybersquatters put up derogatory remarks about the person or

57

company the domain is meant to represent in an effort to encourage the subject to buy the domain from them. Others post-paid links via advertising networks to the actual site that the user likely wanted, thus monetizing their squatting.

Cybersquatters sometimes register variants of popular trademarked names, a practice known as typosquatting.

Another strategy is as follows: Internet domain name registrations are for a fixed period of time. If the owner of a domain name doesn't re-register the name with an internet registrar prior to the domain's expiration date, then the domain name can be purchased by anybody else after it expires.[1] At this point the registration is considered lapsed. A cybersquatter may use automated software tools to register the lapsed name the instant it is lapsed. This strategy is also known as renewal snatching, extension exaggeration, and alert angling.

To control this UDRP is formed.

Uniform dispute resolution policy:

The Uniform Domain Name Dispute Resolution Policy (UDRP) is a cost-effective and faster alternative to a lawsuit, when there is a domain name dispute that needs to be resolved. This was set up by the Internet Corporation for Assigned Names and Numbers (ICANN), the group responsible for domain name registration.The UDRP currently applies to all generic top level domains (.aero, .asia, .nyc, etc...),[1] some country code top-level domains, and some legacy top level domains (.com, .net, .org, etc...) in specific circumstances.The UDRP was launched on 1 December 1999, and the first case determined under it by WIPO was World Wrestling Federation Entertainment, Inc v. Michael Bosman, involving the domain name worldwrestlingfederation.com.When a registrant chooses a domain name, the registrant must "represent and warrant", among other things, that registering the name "will not infringe upon or otherwise violate the rights of any third party", and agree to participate in an arbitration-like proceeding should any third party assert such a claim.Critics claim that the UDRP process favours large corporations and that their decisions often go beyond the rules and intent of the dispute resolution policy. A UDRP complaint may be initiated at UDRP proceeding with an approved dispute resolution service provider. A victim of cybersquatting may also file an InterNIC Registrar Problem Report regarding a cybersquatter posing as a registrar.

Court systems can also be used to sort out claims of cybersquatting, but jurisdiction is often a problem, as different courts have ruled that the proper location for a trial is that of the plaintiff, the defendant, or the location of the server through which the name is registered. Countries such as China and Russia do not view cybersquatting in the same way or degree that US law does. People often choose the UDRP (Uniform Dispute Resolution Process) created by ICANN because it is usually quicker and cheaper ($2,000 to $3,000 in costs and fees vs. $10,000 or more) than going to court, but courts can and often do overrule UDRP decisions.

Under UDRP policy, successful complainants can have the names deleted or transferred to their ownership (which means paying regular renewal fees on all the names or risk their being registered by someone else).

58

There is a great difference between the old NSI policy and the UDNDRP. The ICANN policy forbids registration of the domain name if:

i. The domain name is identical or confusingly similar to another's mark.

ii. The entity registering the domain name has no legitimate right to it.

iii. The domain name was registered and used in bad faith.

Computer software and related IPR issues:

IPRs in the computer industry are affected by the following areas:

1. Contract/License2. Copyright and Related Rights3. Undisclosed Information (Trade Secret)4. Patents5. Trademarks6. Layout - designs (Topographies) of Integrated Circuits

The first four have an impact on computer software. The fifth one (trademarks) and the sixth one (layout-designs) are more relevant to the Internet and to computer hardware rather than to the computer software.

'Contract/ license' is general law that governs conditions in any transactions. It is equally applicable to the computer software.

'Copyright' lies in the description; it is the form of expression of ideas: this expression may be by artistic, or dramatic, or literary, or musical work; it may be, by films, pictures and sound recordings too. It is governed by the Copyright Act, 1957.

‘Undisclosed information/ trade secret’ is a secret. It must not be of public or general knowledge in the trade. It may consist of any formula, pattern, device or compilation of information which gives an advantage over competitors who do not know or use it. It implies some novelty though not of the same degree as in the patent law, as that does not possess novelty is usually known.

PROTECTION OF SOURCE CODE

Source code is a kind of description; a description of the computer program. If it is published then it is a literary work within the Copyright Act and is so protected. If it is not published then it is protected as a trade secret though only, the writer/ owner of the work has the right/copyright to publish it.In proprietary software, the source code is generally never published; it is secret: it is protected as a trade secret.

PROTECTION OF OBJECT CODEIn India amending the Copyright Act in pursuance of TRIPS by two amending Acts namely Act no. 38 of 1994 and Act no. 49 of 1999. The definition of the 'literary work' in section 2(o) of the Copyright Act was amended to include computer programme as well as computer

59

database. The result is that not only the computer programme (subject code as well as object code) but computer database is also protected as a copyright.

PATENTS

Patentability of computer software is controversial as well as debatable.Patents can be granted for inventions. The word ‘invention’ {section 2(1) (j) of the Patents Act} read with the word ‘inventive step’ {Section (1) (ga) of the Patents Act} means a new product or process that is capable of industrial application. Invention must be novel and useful. It should not be obvious to a person skilled in the art. It must be a significant advance in the state of the art; it should not be an obvious change from what is already known. Generally this is the global law but is being applied differently in different countries (see Endnote-1, for relevant part of TRIPS).

There are intellectual property issues associated with four elements of a software program:

1. Program function - whether the algorithm is performed by the hardware or the software,

2. External design - the conventions for communication between the program and the user or other programs,

3. User interfaces - the interactions between the program and the user,4. Program code - the implementation of the function and external design of the

program.

The scope of copyright protection for computer programs depends in part on the interpretation of Section 102(b) of the Copyright Act. There are a number of existing views of the application of existing law to user interfaces. One interpretation of the law is that user interfaces are inherently functional and therefore not copyrightable subject matter. The other view is that user interfaces may be protected by copyright because they could be thought to fall under the compilations or audio-visual works. Another approach to protecting user interfaces through copyright law is to consider the user interface as part of the program itself.Databases are protected under copyright law as compilations. Under the copyright law, a compilation is defined as a work formed by the collection and assembling of pre-existing materials of data that are selected, coordinated, or arranged in such a way that the resulting work as a whole constitutes an original work of authorship (17 USC Section 101).

Regards:-

Hard RockerIT BRANCH

ALL THE BEST