CYBER LAW COURSE MATERIAL KAMKUS COLLEGE OF LAW GHAZIABAD

Strictly for Internal Circulation‐ KCL CYBER LAW COURSE MATERIAL KAMKUS COLLEGE OF LAW GHAZIABAD 1 Strictly for Internal Circulation‐ KCL CYBE...
Author: Oswald Lucas
17 downloads 4 Views 2MB Size
Report
Download PDF
Strictly for Internal Circulation‐ KCL

CYBER LAW

COURSE MATERIAL

KAMKUS COLLEGE OF LAW GHAZIABAD 1

Strictly for Internal Circulation‐ KCL

CYBER LAWS UNIT- I Basics of Computer- Input/ Output, Memory, Storage Device- CPU, Operating System, Meaning of Formatting and Processing of Datas, Data Representation, CPU and its working, Computer Languages and Software, Network and Data Communications, Internet and Online Resources.

UNIT- II Role of law in cyber world- right to speech and expression on the internet, Authority of government to regulate internet (Internet Censorship), Ethics, Etiquette and Privacy in Cyber World.

UNIT- III Regulatory Framework of Telecommunications in a. The Indian Telegraph Act, 1885 b. Telecom Regulatory Authority of India Act, 1999

UNIT- IV The Information Technology Act, 2000- its objects, scope, legal recognition of electronic records and digital signatures, security of electronic records and procedure there to.

UNIT- V Offences and penalties under the I.T. Act, Controller (Appointment, function and power Cyber Regulation Appellate Tribunals (composition and powers).

2

Strictly for Internal Circulation‐ KCL

CYBER LAWS INFORMATION TECHNOLOGY IS ENCOMPASSING ALL WALKS OF LIFE ALL OVER THE WORLD

Since the beginning of civilization, man has always been motivated by the need to make progress and better the existing technologies. This has led to tremendous development and progress which has been a launching pad for further developments. Of all the significant advances made by mankind from the beginning till date, probably the most important of them is the development of Internet. However, the rapid evolution of Internet has also raised numerous legal issues and questions. As the scenario continues to be still not clear, countries throughout the world are resorting to different approaches towards controlling, regulating and facilitating electronic communication and commerce.

The Parliament of India has passed its first Cyberlaw, the Information Technology Act, 2000 which provides the legal infrastructure for E-commerce in India. The said Act has received the assent of the President of India and has become the law of the land in India. At this juncture, it is relevant for us to understand what the IT Act, 2000 offers and its various perspectives. The object of The Information Technology Act, 2000 as defined therein is as under :"To provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Banker's Book Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto."

3

Strictly for Internal Circulation‐ KCL

CYBER LAWS UNIT -1 BASICS OF COMPUTER

INTRODUCTION The word “computer” comes from the word “compute” which means to calculate. Hence, a computer is normally considered to be a calculating device, which can perform arithmetic operations at enormous speed. Infact, the original objective for inventing the computer was to create a fast calculating machine. However, more than 80% of the work done by computers today is of non-mathematical or nonnumerical nature. Hence, to define a computer merely as a calculating device is to ignore over 80% of its functions. More accurately, a computer may be defined as a device, which operates upon data. Data comes in various shapes and sizes, depending upon the type of computer application. A computer can store, process and retrieve data as and when desired. The fact that computers process data is so fundamental that many people have started calling it a data processor. The name data processor is more inclusive because modern computers not only compute in the usual sense, but also perform other functions with the data, which flow to and from them. For example, data processors may gather data from various incoming sources, merge (process of mixing or putting together) them all, sort (process of arranging in some sequence- ascending or descending) them in the desired order, and finally print them in the desired format. None of these operations involve the arithmetic operations normally associated with the computing device, but the term computer is often applied anyway. The activity of processing data using a computer is called data processing. Data processing consists of three sub-activities- capturing the input data, manipulating the data and managing the output results. As used in data processing, information is data arranged in an order and form, which is useful to the people who receive it. Hence, data is the raw material used as input to data processing and information is the processed data obtained as the output of data processing. 4

Strictly for Internal Circulation‐ KCL

DEFINITIONS OF COMPUTER

“Computer is a fast operating electronic device which automatically accepts and store input data, process them and produces results under the direction of a detailed step by step program”. “Computer is an automatic electronic apparatus for making calculator or controlling operations that are expressible in numerical or logical terms”. “The computer is an electronic device designed in such a way it automatically accepts and stores input data, process them and produce the desired output”. “The computer is an electronic device which converts raw data into valid (or) meaningful information”. “The computer may be defined as an electronic device, then, that operates upon information data”.

5

Strictly for Internal Circulation‐ KCL

MAIN CHARACTERISTICS OF COMPUTER Celerity (High Speed):A computer is a very fast device. It can perform in a few seconds, the amount of work that a human being can do in an entire year- if he worked day and night and did nothing else. A computer does in one minute what would take a man his entire lifetime. While talking about the speed of a computer, we do not talk in terms of seconds or even milliseconds. Our units of speed are the microseconds, the nano seconds and even the picoseconds. A powerful computer is capable of performing several billion simple arithmetic operations per second. Authenticity (Accuracy) It denoted the accuracy of the computer. They are reliable and robust. The accuracy of a computer is consistently high and the degree of accuracy of a particular computer depends upon its design. It ever makes a mistake. Most probably the error occurs due to the user rather than the computer. There may be certain hardware mistake but with the advanced technique in hand they are overcome. Example: Only accurate robots are used to perform the operations for the patients since human hands are not flexible for making operations. Spontaneous (Automatic) The computers are automatic. It may execute the process without any intervention of user once they are assigned to a work. Once the data or instruction are fetched from the secondary devices such as optical disks, hard disks etc. Immediately they get stored into RAM (primary memory) and then sequentially they get executed. However, computers being machines cannot start themselves. They cannot go out and find their own problems and solutions. They have to be instructed. That is, a computer works from a programme of coded instructions, which specify exactly how a particular job is to be done. Some of the other characteristics of computers such as speed and accuracy are due to the fact that they are automatic and work on a problem without any human intervention.

Pertinacity (Endurance) This denotes that the computers never get tried as the humans do. If there are surplus amount of executions to be made then each and every execution will be executed at the same time period. They can perform their assigned task without taking any refreshment. Example: Computers which are used for controlling the satellites. 6

Strictly for Internal Circulation‐ KCL

Adaptabilty (Versatile) In our day to day life computers has been a part, with their extended flexibility they are used, all over the world. They can be used as personal computers, for home uses, for business oriented tasks, weather forecasting, space explorations, teaching, railways, banking, medicine etc. All Modern computers can perform different kind of tasks simultaneously.

Storehouse (Memory) Secondary storage devices are the key for the data storage. They store the data for which the user wants to retrieve these data for future use. The examples for various secondary devices are Floppy disk, Optical disks (CS and DVD), Zip drives, Thumb drives etc. The data of smaller size can be easily fetched and they can be copied to the primary memory (RAM). Example: Data Warehousing made by IBM.

Cheaper (Reduction of cost) Computers are short term investment in order to achieve a long term gain. Though the investment is high they reduce the cost of each and every transaction. They reduce man power and leads to an elegant and efficient way for computing various tasks.

Needs a User interface The only drawback of computer is it cannot make the decision of its own. It needs a guidance to enhance the process. After all computers is a machine. It possesses no intelligence of its own. Its I.Q. is zero at least until today. It has to be told what to do and in what sequence. Hence only the user can determine what tasks a computer will perform. A computer cannot take its own decision in this regard.

No Feelings The computers are devoid of emotions. They have no feelings and no instincts because they are machines. Although men have succeeded in building a memory for the computer, but no computer possesses the equivalent of a human heart and soul. The judgments is based on the instructions given to them in the form of programmes that are written by us. 7

Strictly for Internal Circulation‐ KCL

BASIC COMPUTER ORGANIZATION Even though the size, shape, performance, reliability and cost of computers have been changing over the years, the basic logical structure (based on the stored programme concept) as proposed by Von Neumann, has not changed. No matter what shape and size of computer we are talking about, all computer systems perform the following five basic operations, for converting raw input data into information, which is useful to their users: 1. INPUTTING- The process of entering data and instructions into the computer system. 2. STORING- Saving data and instructions to make them readily available for initial or additional processing as and when required. 3. PROCESSING- Performing arithmetic operations (add, subtract, multiply, divide etc) or logical operations (Comparisons like equal to, less than, greater than etc) on data, to convert them into useful information. 4. OUTPUTTING- The process of producing useful information or results for the user, such as a printed report or visual display. 5. CONTROLLING- Directing the manner and sequence in which all of the above operations are performed.

INPUT UNIT- Data and instructions must enter the computer system, before any computation can be performed on the supplied data. This task is performed by the input unit, which links the external environment with computer system. Data and instructions enter input units in forms, which depend upon the particular device used. For example, data are entered from a keyboard in a manner similar to typing and this differs from the way in which data are entered through a scanner, which is another type of input device. The following functions are performed by an input unit:a. It accepts (or reads) the instructions and data from the outside world. b. It converts these instructions and data in computer acceptable form. c. It supplies the converted instructions and data to the computer system for further processing.

Various types of input devices have been developed so far. These input devices comprise the Input Unit of computer system. Some commonly used input devices are described below:8

Strictly for Internal Circulation‐ KCL

1. KEYBOARD-

It is the most common input device used for almost all computer application areas. It looks like a traditional typewriter containing various keys including alphanumeric keys (alphabets and numbers), punctuation keys (symbols) and special keys (Control key, Alt key, Tab key, Function keys, Capslock, Enter key etc.) The first keyboard was developed in 1800 century and named as QWERTY Keyboards. These keyboards are classified as: a. Original PC Keyboard- 84 keys. b. AT Keyboard (Advanced Technology) 101 or 104 keys c. Multimedia Keyboard- 120-140 keys. Every key on keyboard has its specific function. Nowadays, ergonomic keyboards are also used which are helpful for painless typing. 2. MOUSE

Mouse is not a specific input device, but actually it is the pointing device. It input the data or instructions by pointing them on computer screen. The mouse was invented by Douglas Engelbart in 1963. It is an object containing a ball underneath. This ball is moved on the plane surface to handle the cursor movement on screen. The cursor is the pointer (arrow shaped) used to select an object (data/instruction) on screen. It is very helpful for graphic designing like pencil, brush etc. the mouse may be mechanical (controlled by ball movement) or optical (controlled by laser beam). Mouse pad is required to move the mouse because it provides the smooth surface. 3. TRACKBALL

9

Strictly for Internal Circulation‐ KCL

It is also a pointing device and very much similar to mouse. Actually, it is an inverted mouse, having ball upside. This ball is scrolled to handle the cursor on screen. 4. JOYSTICK

It is a lever like structure used to point somewhere on screen. It works for moving the cursor to a specific direction. The cursor movement stops by upright position of joystick. 5. DIGITIZING TABLET

Digitizer and Pen Puck It is also called digitizer, graphic tablet, touch tablet or tablet. It is used to draw the sketches into computer system. The digitizing tablets consists of an electronic tablet and a cursor. The cursor is also known as Puck having 4-16 buttons. The pen draws the sketches on tablet. 6. LIGHT PEN

10

Strictly for Internal Circulation‐ KCL

It is a pen like device which uses the photosensitive cell to select/ point an object on screen. 7. TOUCH SCREEN

It is a computer screen, which inputs the touch-senses. Here the finger is used to point any object on screen directly by the user.

8. TOUCH PAD

Generally it is used with portable computers as the mouse or any other pointing device. The pointer moves on the screen, as the finger moves on pad. 9. DIGITAL CAMERA

11

Strictly for Internal Circulation‐ KCL

This camera is used to put images as input to the computer. It can store the images as digital files further in computer system. 10. SCANNER

Flat Bed Scanner

Handy Scanner

It is an input device, able to receive/ read the readymade data (printed on paper) from user in the given format. It receives the image of written data, digitizes it and creates bitmap for the image. These scanners are of various types. These may be Flat Bed Scanner or Handy Scanner. STORAGE UNIT- The data and instructions, which are entered into the computer system through input units, have to be stored inside the computer before the actual processing starts. Similarly, the results produced by the computer after the processing, must also be kept somewhere inside the computer system, before being passed on to the output units. The specific functions of the storage unit are to be hold (store):a. The data and instructions required for processing (received from input devices) b. Intermediate results of processing c. Final Results of processing, before these results are released to an output device. The storage unit of all computers is comprised of the following two types of storage:1. Primary Storage – The primary storage also known as main memory is used to hold pieces of program instructions and data, intermediate results of processing and recently produced results of processing of the jobs, which the computer system is currently working on. These pieces of information are represented electronically in the main memory chips circuitry and while it remains in the main memory, the central processing unit can access it directly at a very fast speed. However, the primary storage can hold information only while the computer system is on. As soon as the computer system is switched off or reset, the information held in the primary storage disappears. Moreover, the primary storage normally has limited storage capacity, because it is very expensive. The primary storage of modern computer systems is made up of semiconductor devices.

12

Strictly for Internal Circulation‐ KCL

The primary memory has direct link with input unit and output unit. It stores the input data, calculation results. This primary memory is classified into two types of memory as follows:a. RAM (Random Access Memory) This memory is used to read and write at any part of the memory but it stores the data temporarily till the steady flow of electricity. The data in RAM is lost, as soon as the power supply is off. So, RAM is also called volatile memory. In computer systems, two types of RAM is found:i.

Dynamic RAM (DRAM) - DRAM needs to be refreshed every time a new data is stored or more than 1000 times per second. ii. Static RAM (SRAM) – it is required to refresh rarely. So, it is faster than DRAM. It is more expensive than DRAM. b. ROM (READ ONLY MEMORY) This memory allows read only operation on data. It is a memory chip having prerecorded data provided by manufacturing company. The data written on the ROM chip cannot be removed. So, it stores the data permanently within itself without being effected by power-supply failure. Hence, it is called Non-Volatile Memory. A small ROM chip is the integral part of most of computers having the special programmes (used for booting i.e. start up of the computer). There are various types of ROM available as follows:i.

PROM (Programmable Read Only Memory) - PROM chip allows to store the programs/ data only once onto itself. These program/ data remain in the memory always. It is previous manufactured blank, but later the programmes are written on this memory. ii. EPROM- (Electrically Programmable Read Only Memory) - It is a special type of memory, whose contents can be reprogrammed by exposing it to UV light. iii. EEPROM (Electrically Erasable Programmable Read Only Memory) - this memory can be erased by electrical charge. Data can be erased as required but data can be written only once. The reprogramming is possible. iv. Flash Memory- It is the extension of EEPROM in which the reprogramming or erasing is done on a block of memory (differing from EEPROM) 2. Secondary Storage – The secondary storage also known as auxiliary storage is used to take care of the limitations of the primary storage. That is, it is used to supplement the limited storage capacity and the volatile characteristic of primary storage. This is because secondary storage is much cheaper than primary storage and it can retain information even when computer system is switched off or reset. The secondary storage is normally used to hold the programme instructions, data and information of these jobs, on which the

13

Strictly for Internal Circulation‐ KCL

computer system is not working on currently but needs to hold them for processing later. The most commonly used secondary storage medium is the magnetic disk. Commonly used secondary storage devices are magnetic tape, magnetic disk, optical disk etc. a. Magnetic Tape It is similar to audio tape containing a plastic strip coated with magnetic material. The data is encoded on the magnetic material in the form of electric current: conduction state (ON) represents ONE (1) and non-conduction state (OFF) represents ZERO (0). This type of data encoding is called Binary Data Storage. The data can be stored in binary form in the computer system.

The magnetic tapes are with large storage capacity and inexpensive but there is a drawback with their use. The magnetic tapes are sequential access storage media, i.e. tape must go through all previous data for reaching upto a specific data. So these are very slow in processing. It can store data from 60 MB to 24 GB. b. Magnetic Discs These are the direct access storage media, where the accessing of a data is much faster because there is no need to go through all previous data for reaching a specific data. In this type of storage devices, there is present a round diskette (round disk) of plastic material coated with magnetic ink on which data encoding is done. The magnetic disks are commonly of three types: Winchester disk, Floppy Disk, Hard Disk. i. ii.

iii.

Winchester Disk- It is the earlier type of disk developed by IBM. It can store 30 MB of data. But now, it is rarely used. Floppy Disk- It is a magnetic disk made up of soft material coated with magnetic ink. It is covered in a plastic jacket. It is called floppy because it flopps on waving, but these are very useful for data transportation, because of small size. These are very much inexpensive, but with a limited storage space. Hard Disk- These are the magnetic disk which can hold much more data than the floppy disk. A typical hard disk can store the data from 10 MB to several GB but these are not easily portable. 14

Strictly for Internal Circulation‐ KCL

Floppy

Floppy

Hard Disk

A hard disk consists of many platters (diskette type). Each platter has read/ write heads for each side except upper and lower platter. The upper surface of uppermost platter and lower surface of lowermost platter do not have any read/ write head. The data is stored on racks and each platter has equal number of tracks. The read/write heads are used to read and write data from and to the disk. There are two types of head systems with hard disk as Fixed Head System and Movable Head System.

c. Optical Disc The data can be read from and write to the optical disk by laser beam. These disks are able to store large amount of data into GB. These are available as CD-ROM, WORM (Write Once Read Many) erasable optical disks.

In CD-ROM, data can be stored once and then read only. These are called compact disks- Read Only Memory. These can store data from 600 MB to 1 GB. A special device called CD-ROM player is used to read the data from CD-ROM.

PROCESSING UNIT- When the data is received by the computer; it is first stored in the memory of computer. The storage of data is necessary, so that we can use the in future when required. This stored data is further send for processing i.e. analysis. The processing means actual operation on data after analyzing it. The processing device is responsible for the processing operations.

15

Strictly for Internal Circulation‐ KCL

It is the part of computer system, where actual computing operations take place. The input data is used by such computations and then the result is sent to the output unit. So, it is the main part of computer system which operates on the programme instructions and called as Central Processing Unit (CPU). It works like the brain of computer system which handles all the computing operations. CPU consists of 3 parts as: The Memory Unit, Control Unit and The Arithmetic and Logical Unit. a. Memory Unit (MU) - The memory unit is considered as the part of CPU but some scientists keep it as the separate unit of computer system having inter-relation to the control unit. The memory unit lies among input unit, output unit and control unit. The input data is firstly stored in the memory. The data to be produced as output is also stored in memory. The intermediate results of calculations are also stored in the memory. b. Control Unit (CU) - The unit controls all other units of the computer system. It instructs the input unit to receive the data and also to store the data. Similarly, it controls the data flow from memory to ALU and vice-versa. It also controls the data flow to output unit. The Control Unit works as the Nervous System for the entire computer system. c. Arithmetic and Logical Unit- It is the unit of computer system, responsible for all calculation works, arithmetic as well as logical. The control unit (CU) supplies the calculative data to ALU, so that ALU can perform the arithmetic operations (addition, subtraction, multiplication, division etc) and also logical operations (comparisons and decision making). After performing the calculations, the result is again stored to the memory unit by control unit. OUTPUT UNIT- The job of an output is just the reverse of that of an input unit. It supplies the information obtained from data processing to the outside world. Hence, it links the computer with the external environment. As computers work with binary code, the results produced are also in the binary form. Hence, before supplying the results to the outside world, they must be converted to human acceptable (readable) form. This task is accomplished by units called output interfaces. The following functions are performed by an output unit:a. It accepts the results produced by the computer, which are in coded form, and hence cannot be easily understood by us. b. It converts these coded results to human acceptable readable form. c. It supplies the converted results to the outside world. The output data is produced for the user by many output devices. The output is produced in the meaningful form. There are various output devices present in the market. Some of them are discussed below:1. MONITOR

16

Strictly for Internal Circulation‐ KCL

It is the most common output device which displays the output on screen. It produces the soft copy output. The monitors are of two types on the basis of colours it produces: b. Monochrome- These monitors display the result in two colours, i.e. black/ white, green/ black or amber/black. c. Gray Scale- it is a monochrome type of the monitor. But it displays the output using different shades of gray, made by combination of black and white. d. Colour Monitor- It can display the output in many colours, ranging from 16 to 1 million colours. These are also called RGB monitors because they work on three colour signals- Red, Green and Blue. It consists of a vacuum tube with three electron guns each for red, green and blue colours. The monitors are also classified on the basis of signal received as analog and digital:a.

Analog Monitor- These are traditional type of colour monitors. These are based on CRT Technology (Cathode Ray Tube). These work like the television screen and accept analog signal.

b.

Digital Monitor- The digital monitor receives the digital signal and uses CRT technology. The data is received from video adapter. These are fast and produce clear images. These are of different types as CGA (Colour Graphics Array) and SVGA (Super VGA).

The screen size of monitor is measured in diagonal inches. The resolution of monitor indicates the pixel arrangements on screen. The pixel is a small point in an image and represent the quality of picture.

2. PRINTER

17

Strictly for Internal Circulation‐ KCL

Printer is another output device which can produce hard copy output to be printed on paper. There are different types of printers available.

Classification of Printer on the Basis of Speed:The printers of different varieties are able to print the data at various speeds:a. Character Printer- These printers are able to print only one character at a time. These work like that of type writer. The examples are Daisy Wheel Printer, Dot Matrix Printers and Inkjet Printers. b. Line Printer- Line Printers are used to print large amount of data. These are fast speed printers ranging from 300 to 2500 lines per minute. Drum printers and Chain printers are examples of this type. c. Page Printer- These are very high speed printers which produce high quality output. Their speed ranges from 10-25 pages per minute. Their examples are laser printers.

Drum Printer

Chain Printer

Classification of Printer on the Basis of Print Quality:The various printers use different printing technologies. So the print quality is also different for those outputs. The print quality classifies the printers into two types:a. Impact Printer- The impact printers produce the output by using typewriter approach. This approach hammers the data against paper and inked ribbon. The Daisy Wheel Printer, Dot Matrix Printer, Drum Printer, Chain Printer are the example of impact printer. b. Non- Impact Printer- The non impact printer do not hit the ribbon to print. They use inkjet, thermal, chemical, electrostatic technologies to print the output. The Inkjet Printers and Laser Printers belong to this category.

18

Strictly for Internal Circulation‐ KCL

Laser Printer

Inkjet Printer

Dot Matrix Printer

3. PLOTTER

The plotter is the hard copy output device. It can be used to draw maps, wave structures etc. on paper by suing pen. The Plotters are of two types as Drum Plotter and Flatbed Plotter. In drum plotter, a drum rotates to produce vertical motion and the paper is fixed on this drum. Many pen holders are attached to produce horizontal motion. The simultaneous movements of drum and pens produce the design on paper. In flatbed plotter, the paper is fixed over a flat table. The pen holders are allowed to move to design the graphics on paper.

THE SYSTEM CONCEPT A system is a group of integrated parts, which have the common purpose of achieving some objectives. Hence the following three characteristics are key to a system: 19

Strictly for Internal Circulation‐ KCL

1. A system has more than one element. 2. All the elements of a system are logically related. 3. All the elements of a system are controlled in a manner to achieve the system goal. Since a computer is made up of integrated components (input, output, storage and CPU) which work together to perform the steps called for in the programme being executed, it is a system. The input or output units cannot function, until they receive signals from the CPU. Similarly, the storage unit or the CPU alone is of no use. Hence, the usefulness of each unit depends on other units and can be realized only when all units are put together (integrated) to form a system.

CONCLUSION 1. All computer systems perform the following five basic operations for converting raw input data into useful information- inputting, storing, processing, outputting and controlling. 2. The Input Unit allows data and instructions to be fed to the computer system from the outside world, in computer acceptable form. 3. The Input Interfaces transform the input data and instructions fed to the computer, through its input devices, into the binary codes, which are acceptable to the computer. 4. The output unit allows the computer system to supply the information obtained from data processing to the outside world in human acceptable (readable) form. 5. The storage unit of a computer system holds the data and instructions to be processed and the intermediate and final results of processing. The two types of storage are primary and secondary storage. As compared to primary storage, secondary storage is slower in operation, larger in capacity, cheaper in price and can retain information even when the computer system is switched off or reset. 6. During data processing, the actual execution of the instructions takes place in the Arithmetic Logic Unit (ALU) of a computer system. 7. The control unit of a computer system manages and coordinates the operations of all the other components of the computer system. 8. The control unit and the arithmetic logic unit of a computer system are jointly known as the Central Processing Unit (CPU) which serves as the brain of the computer system and is responsible for controlling the operations of all other units of the system. 9. A computer is often referred to as a computer system, because it is made up of integrated components (input, output, storage and CPU), which work together to perform the steps called for in the program being executed. 20

Strictly for Internal Circulation‐ KCL

21

Strictly for Internal Circulation‐ KCL

OPERATING SYSTEM Introduction The 1960’s definition of an operating system is “the software that controls the hardware”. In brief, an operating system is the set of programs that controls a computer. Some examples of operating systems are UNIX, Mach, MS-DOS, MS-Windows, Windows/NT, Chicago, OS/2, MacOS, VMS, MVS, and VM. Controlling the computer involves software at several levels. We will differentiate kernel services, library services, and application-level services, all of which are part of the operating system. Processes run Applications, which are linked together with libraries that perform standard services. The kernel supports the processes by providing a path to the peripheral devices. The kernel responds to service calls from the processes and interrupts from the devices. The core of the operating system is the kernel, a control program that functions in privileged state (an execution context that allows all hardware instructions to be executed), reacting to interrupts from external devices and to service requests and traps from processes. Generally, the kernel is a permanent resident of the computer. It creates and terminates processes and responds to their request for service. Operating Systems are resource managers. The main resource is computer hardware in the form of processors, storage, input/output devices, communication devices, and data. Some of the operating system functions are: implementing the user interface, sharing hardware among users, allowing users to share data among themselves, preventing users from interfering with one another, scheduling resources among users, facilitating input/output, recovering from errors, accounting for resource usage, facilitating parallel operations, organizing data for secure and rapid access, and handling network communications. Objectives of Operating Systems Modern Operating systems generally have following three major goals. Operating systems generally accomplish these goals by running processes in low privilege and providing service calls that invoke the operating system kernel in high-privilege state. @

To hide details of hardware by creating abstraction An abstraction is software that hides lower level details and provides a set of higher-level functions. An operating system transforms the physical world of devices, instructions, memory, and time into virtual world that is the result of abstractions built by the operating system. There are several reasons for abstraction.

22

Strictly for Internal Circulation‐ KCL

First, the code needed to control peripheral devices is not standardized. Operating systems provide subroutines called device drivers that perform operations on behalf of programs for example, input/output operations. Second, the operating system introduces new functions as it abstracts the hardware. For instance, operating system introduces the file abstraction so that programs do not have to deal with disks. Third, the operating system transforms the computer hardware into multiple virtual computers, each belonging to a different program. Each program that is running is called a process. Each process views the hardware through the lens of abstraction. Fourth, the operating system can enforce security through abstraction. @

To allocate resources to processes (Manage resources) An operating system controls how processes (the active agents) may access resources (passive entities).

@

Provide a pleasant and effective user interface The user interacts with the operating systems through the user interface and usually interested in the “look and feel” of the operating system. The most important components of the user interface are the command interpreter, the file system, on-line help, and application integration. The recent trend has been toward increasingly integrated graphical user interfaces that encompass the activities of multiple processes on networks of computers.

One can view Operating Systems from two points of views: Resource manager and Extended machines. Form Resource manager point of view Operating Systems manage the different parts of the system efficiently and from extended machines point of view Operating Systems provide a virtual machine to users that is more convenient to use. The structurally Operating Systems can be design as a monolithic system, a hierarchy of layers, a virtual machine system, an exokernel, or using the client-server model. The basic concepts of Operating Systems are processes, memory management, I/O management, the file systems, and security.

MEANING OF FORMATTING AND PROCESSING OF DATAS 23

Strictly for Internal Circulation‐ KCL

Introduction Computer data processing is any process that uses a computer program to enter data and summarize, analyze or otherwise convert data into usable information. The process may be automated and run on a computer. It involves recording, analyzing, sorting, summarizing, calculating, disseminating and storing data. Because data is most useful when well-presented and actually informative, data-processing systems are often referred to as information systems. Nevertheless, the terms are roughly synonymous, performing similar conversions; dataprocessing systems typically manipulate raw data into information, and likewise information systems typically take raw data as input to produce information as output. Data processing may or may not be distinguished from data conversion, when the process is merely to convert data to another format, and does not involve any data manipulation. Data Analysis When the domain from which the data are harvested is a science or an engineering field, data processing and information systems are considered terms that are too broad and the more specialized term data analysis is typically used. This is a focus on the highly-specialized and highly-accurate algorithmic derivations and statistical calculations that are less often observed in the typical general business environment. In these contexts data analysis packages like DAP, gretl or PSPP are often used. This divergence of culture is exhibited in the typical numerical representations used in data processing versus numerical; data processing's measurements are typically represented by integers or by fixed-point or binary-coded decimal representations of numbers whereas the majority of data analysis's measurements are often represented by floatingpoint representation of rational numbers. Processing Basically, data is nothing but unorganized facts and which can be converted into useful information. This process of converting facts to information is Processing. Practically all naturally occurring processes can be viewed as examples of data processing systems where "observable" information in the form of pressure, light, etc. are converted by human observers into electrical signals in the nervous system as the senses we recognize as touch, sound, and vision. Even the interaction of non-living systems may be viewed in this way as rudimentary information processing systems. Conventional usage of the terms data processing and information systems restricts their use to refer to the algorithmic derivations, logical deductions, and statistical calculations that recur perennially in general business environments, rather than in the more expansive sense of all conversions of real-world measurements into real-world information in, say, an organic biological system or even a scientific or engineering system.

Elements of Data Processing 24

Strictly for Internal Circulation‐ KCL

In order to be processed by a computer, data needs first be converted into a machine readable format. Once data is in digital format, various procedures can be applied on the data to get useful information. Data processing may involve various processes, including: @ @ @ @ @

Data summarization Data aggregation Data validation Data tabulation Statistical analysis

25

Strictly for Internal Circulation‐ KCL

DATA REPRESENTATION Introduction Data Representation refers to the methods used internally to represent information stored in a computer. Computers store lots of different types of information: @ @ @ @

numbers text graphics of many varieties (stills, video, animation) sound

At least, these all seem different to us. However, all types of information stored in a computer are stored internally in the same simple format: a sequence of 0's and 1's. How can a sequence of 0's and 1's represent things as diverse as your photograph, your favorite song, a recent movie, and your term paper? It all depends on how we interpret the information. Computers use numeric codes to represent all the information they store. These codes are similar to those you may have used as a child to encrypt secret notes: ExampleLet 1 stand for A, 2 stand for B, etc. With this code, any written message can be represented numerically. The codes used by computers are a bit more sophisticated, and they are based on the binary number system (base two) instead of the more familiar (for the moment, at least!) decimal system. Computers use a variety of different codes. Some are used for numbers, others for text, and still others for sound and graphics. Memory Structure in Computer @

Memory consists of bits (0 or 1) a single bit can represent two pieces of information

@

Bytes (=8 bits) a single byte can represent 256 = 2x2x2x2x2x2x2x2 = 28 pieces of information

@

Words (=2,4, or 8 bytes) a 2 byte word can represent 2562 pieces of information (approximately 65 thousand). 26

Strictly for Internal Circulation‐ KCL

@

Byte addressable - each byte has its own address.

Binary Numbers Normally we write numbers using digits 0 to 9. This is called base 10. However, any positive integer (whole number) can be easily represented by a sequence of 0's and 1's. Numbers in this form are said to be in base 2 and they are called binary numbers. Base 10 numbers use a positional system based on powers of 10 to indicate their value. The number 123 is really 1 hundred + 2 tens + 3 ones. The value of each position is determined by ever-higher powers of 10, read from left to right. Base 2 works the same way, just with different powers. The number 101 in base 2 is really 1 four + 0 twos + 1 one (which equals 5 in base 10). For more of a comparison, click here. Text Text can be represented easily by assigning a unique numeric value for each symbol used in the text. For example, the widely used ASCII code (American Standard Code for Information Interchange) defines 128 different symbols (all the characters found on a standard keyboard, plus a few extra), and assigns to each a unique numeric code between 0 and 127. In ASCII, an "A" is 65," B" is 66, "a" is 97, "b" is 98, and so forth. When you save a file as "plain text", it is stored using ASCII. ASCII format uses 1 byte per character 1 byte gives only 256 (128 standard and 128 non-standard) possible characters The code value for any character can be converted to base 2, so any written message made up of ASCII characters can be converted to a string of 0's and 1's. Graphics Graphics that are displayed on a computer screen consist of pixels: the tiny "dots" of color that collectively "paint" a graphic image on a computer screen. The pixels are organized into many rows on the screen. In one common configuration, each row is 640 pixels long, and there are 480 such rows. Another configuration (and the one used on the screens in the lab) is 800 pixels per row with 600 rows, which is referred to as a "resolution of 800x600." Each pixel has two properties: its location on the screen and its color. A graphic image can be represented by a list of pixels. Imagine all the rows of pixels on the screen laid out end to end in one long row. This gives the pixel list, and a pixel's location in the list corresponds to its position on the screen. A pixel's color is represented by a binary code, and consists of a certain number of bits. In a monochrome (black and white) image, only 1 bit is needed per pixel: 0 for black, 1 for white, for example. A 16 color image requires 4 bits per pixel. Modern display hardware allows for 24 bits per pixel, which provides an astounding array of 16.7 million possible colors for each pixel!

27

Strictly for Internal Circulation‐ KCL

Compression Files today are so information-rich that they have become very large. This is particularly true of graphics files. With so many pixels in the list, and so many bits per pixel, a graphic file can easily take up over a megabyte of storage. Files containing large software applications can require 50 megabytes or more! This causes two problems: it becomes costly to store the files (requires many floppy disks or excessive room on a hard drive), and it becomes costly to transmit these files over networks and phone lines because the transmission takes a long time. In addition to studying how various types of data are represented, you will have the opportunity today to look at a technique known as data compression. The basic idea of compression is to make a file shorter by removing redundancies (repeated patterns of bits) from it. This shortened file must of course be de-compressed - have its redundancies put back in - in order to be used. However, it can be stored or transmitted in its shorter compressed form, saving both time and money.

CENTRAL PROCESSING UNIT (CPU) & ITS WORKING Some Basic Goals The main objective of the CPU is to perform mathematical calculations on binary numbers; still there are other goals of using CPU as well. It can provide high throughput for multiple programs. It is aimed to consume less power with better performance. It provides viable connectivity to develop more advance and parallel systems. The cost is less and the performance is more. It can be redesigned and converted to small size, in order to increase the performance of the system, lower the cost and increase the speed of the system. It can provide very good compatibility with very large scale integrated circuits, which helps in compressing the transistors on one chip and hence the speed of system is enhanced. This is because tiny transistors switch in a fast and swift manner. The early designs of CPU were based on clock rate however today micro electrical designs are more popular. Key CPU Gears CPU is the central working unit for any computer however it is designed to perform various functions. The main focus of the CPU is on the areas such as control units which further manages the data paths, it also monitors cache and registers, it helps in managing clock distribution management, performs Pad transceiver circuitry and the supervision of logic gate cell library the popularly used logic styles include microprogramming, finite state machines and programmable logic array. The CPU can be customized or cannot be. The CPU which is designed for commercial purposes is build to achieve high frequency with low power indulgence and high speed. Main Design of CPU 28

Strictly for Internal Circulation‐ KCL

CPU is a complex design which is comprised of many hardware components like motherboard and circuits. This machine works by receiving set of instructions, logic gates are used to execute and follow the set of instructions. This set of instructions is commonly known as a program. The representation of numbers in a processor is based on the design of the CPU. The early design of the CPU allowed only numeral and decimal system to represent the numbers. However the design of the modern CPUs allows them to present numbers in binary form. The performance of the CPU is dependent upon the clock rate. The working and design of the most CPUs is based on the synchronization of the signal. This signal is usually known as clock signal helps in determining the movement of the electrical signal to the circuits of the CPU. The designers use it to determine the correct period of the clock signals. Besides the logical working the structure of the CPU has control unit, logical unit and registers. There are number of registers in a CPU like program counter, instruction register, accumulator and process status register. The control unit is helpful in managing instructions and flow of data within the parts of the computer. It also helps in regulating the time of the processing. The design and working of the arithmetic logic unit is complicated. It is ALU which helps the CPU to perform calculations and take logical decisions. The registers have their own assigned duties to perform like the accumulator stores ultimate and midway results of the calculation. His magic machine is small in size, complex in design but is really powerful and swift. How Computers Work: The CPU and Memory

29

Strictly for Internal Circulation‐ KCL

The Central Processing Unit (CPU)

Computers use two types of storage: Primary storage and secondary storage. The CPU interacts closely with primary storage, or main memory, referring to it for both instructions and data. For this reason this part of the reading will discuss memory in the context of the central processing unit. Technically, however, memory is not part of the CPU. Recall that a computer's memory holds data only temporarily, at the time the computer is executing a program. Secondary storage holds permanent or semi-permanent data on some external magnetic or optical medium. The diskettes and CD-ROM disks that you have seen with personal computers are secondary storage devices, as are hard disks. Since the physical attributes of secondary storage devices determine the way data is organized on them, we will discuss secondary storage and data organization together in another part of our on-line readings.

Now let us consider the components of the central processing unit. 1. The Control Unit The control unit of the CPU contains circuitry that uses electrical signals to direct the entire computer system to carry out, or execute, stored program instructions. Like an orchestra leader, the control unit does not execute program instructions; rather, it directs other parts of the system to do so. The control unit must communicate with both the arithmetic/logic unit and memory. 2. The Arithmetic/Logic Unit

30

Strictly for Internal Circulation‐ KCL

The arithmetic/logic unit (ALU) contains the electronic circuitry that executes all arithmetic and logical operations. The arithmetic/logic unit can perform four kinds of arithmetic operations, or mathematical calculations: addition, subtraction, multiplication, and division. As its name implies, the arithmetic/logic unit also performs logical operations. A logical operation is usually a comparison. The unit can compare numbers, letters, or special characters. The computer can then take action based on the result of the comparison. This is a very important capability. It is by comparing that a computer is able to tell, for instance, whether there are unfilled seats on airplanes, whether charge- card customers have exceeded their credit limits, and whether one candidate for Congress has more votes than another. Logical operations can test for three conditions: @

@

@

Equal-to condition. In a test for this condition, the arithmetic/logic unit compares two values to determine if they are equal. For example: If the number of tickets sold equals the number of seats in the auditorium, then the concert is declared sold out. Less-than condition. To test for this condition, the computer compares values to determine if one is less than another. For example: If the number of speeding tickets on a driver's record is less than three, then insurance rates are $425; otherwise, the rates are $500. Greater-than condition. In this type of comparison, the computer determines if one value is greater than another. For example: If the hours a person worked this week are greater than 40, then multiply every extra hour by 1.5 times the usual hourly wage to compute overtime pay.

The following table summarizes the characteristics of the various kinds of data storage in the storage hierarchy. Storage

Speed

Capacity

Registers

Fastest

Lowest

RAM

Hard Disk

Highest

No

High

No

Low

Low

Yes

Very High

Very Low

Yes

Very Fast Low/Moderate

Floppy Disk Very Slow Moderate

Relative Cost ($) Permanent?

How the CPU Executes Program Instructions The Central Processing Unit, in association with memory, executes a computer program. In fact, 31

Strictly for Internal Circulation‐ KCL

most computers today can execute only one instruction at a time, though they execute it very quickly. Many personal computers can execute instructions in less than one-millionth of a second, whereas those speed demons known as supercomputers can execute instructions in less than one-billionth of a second.

Machine Cycle

Before an instruction can be executed, program instructions and data must be placed into memory from an input device or a secondary storage device (the process is further complicated by the fact that the data will probably make a temporary stop in a register). Once the necessary data and instruction are in memory, the central processing unit performs the following four steps for each instruction: 1. The control unit fetches (gets) the instruction from memory. 2. The control unit decodes the instruction (decides what it means) and directs that the necessary data be moved from memory to the arithmetic/logic unit. These first two steps together are called instruction time, or I-time. 3. The arithmetic/logic unit executes the arithmetic or logical instruction. That is, the ALU is given control and performs the actual operation on the data. 4. The arithmetic/logic unit stores the result of this operation in memory or in a register. Steps 3 and 4 together are called execution time, or E-time. The control unit eventually directs memory to release the result to an output device or a secondary storage device. The combination of I-time and E-time is called the machine cycle.

32

Strictly for Internal Circulation‐ KCL

The Machine Cycle in Action

33

Strictly for Internal Circulation‐ KCL

COMPUTER LANGUAGES A computer language is the means by which instructions and data are transmitted to computers. Put another way, computer languages are the interface between a computer and a human being. There are various computer languages, each with differing complexities. For example, the information that is understandable to a computer is expressed as zeros and ones (i.e., binary language). However, binary language is incomprehensible to humans. Computer scientists find it far more efficient to communicate with computers in a higher level language.

Block-structured language Block-structured language grew out of research leading to the development of structured programming. Structured programming is based on the idea that any computer program can be written using only three arrangements of the information. The arrangements are called sequential, selection, and iteration. In a sequential arrangement, each programming instruction (statement) is executed one after the other. This order is vital. The execution of the second statement is dependent on the prior execution of the first statement. There is more flexibility built into the selection arrangement, where choices are typically made with an IF...THEN...ELSE structure. Iteration is also known as loop structure. Loop structures specify how many times a loop will be executed. In other words, a command can be executed a number of times until the task is completed. PASCAL, ALGOL, and MODULA-2 are examples of block-structured languages. Examples of non-block structured languages are BASIC, FORTRAN, and LISP. Refinements of BASIC and FORTRAN produced more structured languages. Block-structured languages rely on modular construction. A module is a related set of commands. Each module in a block-structured language typically begins with a "BEGIN" statement and ends with an "END" statement.

Computer Languages - First-generation Language First-generation language is the lowest level computer language. Information is conveyed to the computer by the programmer as binary instructions. Binary instructions are the equivalent of the on/off signals used by computers to carry out operations. The language consists of zeros and ones. In the 1940s and 1950s, computers were programmed by scientists sitting before control panels equipped with toggle switches so that they could input instructions as strings of zeros and ones.

Computer Languages - Second-generation Language 34

Strictly for Internal Circulation‐ KCL

Assembly or assembler language was the second generation of computer language. By the late 1950s, this language had become popular. Assembly language consists of letters of the alphabet. This makes programming much easier than trying to program a series of zeros and ones. As an added programming assist, assembly language makes use of mnemonics, or memory aids, which are easier for the human programmer to recall than are numerical codes. Second-generation language arose because of the programming efforts of Grace Hopper, an American computer scientist and Naval officer. Hopper developed FLOW-MATIC, a language that made programming easier for the naval researchers using the ENIAC computer in the 1940s. FLOW-MATIC used an English-based language, rather than the on-off switch language the computer understood. FLOW-MATIC was one of the first "high-level" computer languages. A high-level computer language is one that is easier for humans to use but which can still be translated by another program (called a compiler) into language a computer can interpret and act on.

Computer Languages - Third-generation Language The introduction of the compiler in 1952 spurred the development of third-generation computer languages. These languages enable a programmer to create program files using commands that are similar to spoken English. Third-level computer languages have become the major means of communication between the digital computer and its user. By 1957, the International Business Machine Corporation (IBM) had created a language called FORTRAN (FORmula TRANslater). This language was designed for scientific work involving complicated mathematical formulas. It became the first high-level programming language (or "source code") to be used by many computer users. Within the next few years, refinements gave rise to ALGOL (ALGOrithmic Language) and COBOL (COmmon Business Oriented Language). COBOL is noteworthy because it improved the record keeping and data management ability of businesses, which stimulated business expansion. In the early 1960s, scientists at Dartmouth College in New Hampshire developed BASIC (Beginner's All-purpose Symbolic Instruction Code). This was the first widespread computer language designed for and used by nonprofessional programmers. BASIC enjoyed widespread popularity during the 1970s and 1980s, particularly as personal computers grew in use.

35

Strictly for Internal Circulation‐ KCL

Computer Languages - Fourth-generation Language Fourth-generation languages attempt to make communicating with computers as much like the processes of thinking and talking to other people as possible. The problem is that the computer still only understands zeros and ones, so a compiler and interpreter must still convert the source code into the machine code that the computer can understand. Fourth-generation languages typically consist of English-like words and phrases. When they are implemented on microcomputers, some of these languages include graphic devices such as icons and onscreen push buttons for use during programming and when running the resulting application. Many fourth-generation languages use Structured Query Language (SQL) as the basis for operations. SQL was developed at IBM to develop information stored in relational databases. Eventually, it was adopted by the American National Standards Institute (ANSI) and later by the International Standards Organization (ISO) as a means of managing structured, factual data. Many database companies offer an SQL-type database because purchasers of such databases seek to optimize their investments by buying open databases, i.e., those offering the greatest compatibility with other systems. This means that the information systems are relatively independent of vendor, operating system, and computer platform. Examples of fourth-generation languages include PROLOG, an artificial intelligence language that applies rules to data to arrive at solutions; and OCCAM and PARLOG, both parallelprocessing languages. Newer languages may combine SQL and other high-level languages. IBM's Sonnet is being modified to use sound rather than visual images as a computer interface.

36

Strictly for Internal Circulation‐ KCL

DATA COMMUNICATION AND NETWORKING DATA COMMUNICATION

For communication of information and message we use telephone and postal communication systems. Similarly data and information from one computer system can be transmitted to other systems across geographical areas. Thus data transmission is the movement of information using some standard methods. These methods include electrical signals carried along a conductor, optical signals along an optical fibers and electromagnetic areas. The data is represented by binary digit or bit has only two values Os and 1s. Infact, anything which computer deals with 0s and 1s. Data communication concerns itself with the transmission (sending and receiving) of information between two locations by means of electrical signals. The two types of electronic signals are ANALOG and DIGITAL. Data communication is the name given to the communication where exchange of information takes place in the form of 0s and 1s over some kind of media such as wire or wireless. The subject- data communication deals with the technology, tools, products and equipment to make this happen. Basic elements of a communication system The following are the basic requirements for working of a communication system:1. The sender (source) who creates the message to be transmitted. 2. A medium that carries the message. 3. The receiver (sink) who receives the message. In data communication, four basic terms are frequently used. They are:a. Data- a collection of facts in raw forms that become information after processing. b. Signals- Electric or electromagnetic encoding of data. c. Signaling- Propagation of signals across a communication medium. 37

Strictly for Internal Circulation‐ KCL

d. Transmission- Communication of data achieved by the processing of signals.

COMMUNICATION PROTOCOLS The computers send and receive data across communication links through data communication software. It is this software that enables us to communicate with other systems. The data communication software instructs computer systems and devices as to how exactly data is to be transferred from one place to another. The procedure of data transformation in the form of software is commonly known as protocol. The data transmission software or protocols perform the following functions for the efficient and error free transmission of data:a. Data Sequencing- A long message to be transmitted is broken into smaller packets of fixed size for error free data transmission. b. Data Routing- it is the process of finding the most efficient route between source and destination before sending the data. c. Flow Control- all machines are not equally efficient in terms of speed. Hence the flow control regulates the process of sending data between fast sender and slow receiver. d. Error Control- Error detecting and recovering is the one of the main functions of communication software. It ensures that data are transmitted without any error.

DATA TRANSMISSION MODES 1. Analog and Digital Signal 2. Asynchronous and Synchronous Transmission Analog and Digital Signal Data is transmitted from one point to another point by means of electrical signals that may be in digital and analog form. In analog signal, the transmission power varies over a continuous range with respect to sound, light and radio waves. On the other hand, a digital signal may assume only discrete set of values within a given range. Examples are computer and computer related equipment. Analog signal is measured in Volts and its frequency is in Hertz (Hz). A digital signal, is a sequence of voltage represented in binary form. When digital data are to be sent over an analog form the digital signal must be converted to analog form. So the technique by which a digital signal is converted to analog form is known as modulation and the reverse process, that is the conversion of analog signal to its digital form is known as demodulation. The device, which converts digital signal into analog and reverse is known as modem. 38

Strictly for Internal Circulation‐ KCL

Asynchronous and Synchronous Transmission Data transmission through a medium can be either asynchronous or synchronous. In asynchronous transmission data is transmitted character by character as you go on typing on a keyboard. Hence there are irregular gaps between characters. However, it is cheaper to implement, as we do not have to save the data before sending. In synchronous mode, the saved data is transmitted block by block. Each block can contain many characters. Synchronous transmission is well suited for remote communication between a computer and related devices like card reader and printers.

39

Strictly for Internal Circulation‐ KCL

COMPUTER NETWORK A computer network is interconnection of various computer systems located at different places. In computer network two or more computers are linked together with a medium and data communication devices for the purpose of communication data and sharing resources. The computer that provides resources to other computers on a network is known as server. In the network, the individual computers, which access shared network resources are known as nodes.

TYPES OF NETWORKS There are many different types of networks. However, from an end user’s point of view there are two basic types:¾ LANs- Local Area Networks The computers are geographically close together (that is in the same building). LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected to other LANs over any distance via telephone lines and radio waves. A system of LANs connected in this way is called a Wide Area Network (WAN).

Most LANs as shown connect workstations and personal computers. Each node (individual computer) in a LAN has its own CPU with which it executes programs but it is also able to access data and devices anywhere on the LAN This means that many users can share expensive devices, such as laser printers, as well as data. Users can also the LAN to communicate with each other, by sending e-mail or engaging in chart sessions. There are many different types of LANs – token- ring networks, Ethernets and Arcnets being the most common for PCs.

40

Strictly for Internal Circulation‐ KCL

LANs are capable of transmitting data at very fast rates, much faster than data can be transmitted over a telephone line: but the distance are limited and there is also a limit on the number of computers that can be attached to a single LAN.

¾

WANs- Wide Area Networks

The computers are further apart and are connected by telephone lines or radio waves. A WAN is a computer network that spans a relatively large geographical area. Typically, a WAN consists of two or more local area networks (LANs). Computers connected to a wide area network are often connected through public networks, such as the telephone system. They can also be connected through leased lines or satellites. The largest WAN in existence is the Internet.

In addition to these types, the following characteristics are also used to categorize different types of networks. ¾ TOPOLOGY The geometric arrangement of a computer system. Common toplogies include bus, star and ring. ¾ PROTOCOL The protocol defines a common set of rules and signals that computers on the network use to communicate. One of the most popular protocols for LANs is called Ethernet. Another popular LAN protocol for PCs is the IBM token ring network. ¾ ARCHITECTURE Networks can be broadly classified as using either peer- to – peer or client/ server architecture. Computers on network are sometimes called nodes. Computers and devices that allocate resources for a network are called servers. ¾ NETWORK TOPOLOGIES 41

Strictly for Internal Circulation‐ KCL

Topology is the geometric arrangement of the computers in a network. Common topologies include star, ring and bus. ¾ STAR NETWORK The star network is frequently used to connect one or more small computers or peripheral devices to a large host computer or CPU. Many organizations use the star network or a variation of it in a time-sharing system in which several users are able to share a central processor.

Star network is frequently used in a LAN to connect several micro computers to a central unit that works as a communications controller. Access and control of star network typically is maintained by a polling system. Polling means that the central computer or communications controller “polls” or asks each device in the network if it has a message to send and then allows each in turn to transmit data.

¾ RING NETWORK

The ring network is a Local Area Network whose topology is a ring- can be as simple as circle or point-to-point connections of computers at dispersed locations, with no central host computer or communications controller. That is, all of the nodes are connected in a closed loop. Messages travel around the ring, with each node reading those messages addressed to it. One of the advantages of ring networks is that they can span larger distance than other types of networks, such as bus networks because each node regenerates messages as they pass through it. 42

Strictly for Internal Circulation‐ KCL

¾ BUS NETWORK Bus networks are similar to ring network that the ends are not connected. All communications are carried on a common cable or bus and are available to each device on the network.

Access and control of bus networks are typically maintained by a method called contention, whereby if a line is unused, a terminal or device can transmit its message at will but if two or more terminals initiate messages simultaneously, they must stop and transmit again at different intervals.

INTERNET AND ONLINE RESOURCES The Internet has created a new economic ecosystem, the e-commerce marketplace, and it has become the virtual main street of the world. Providing a quick and convenient way of exchanging goods and services both regionally and globally, e-commerce has boomed. Today, ecommerce has grown into a huge industry with online retail generating revenues with consumerdriven (B2C) online transactions impacting industries from travel services to consumer electronics, from books and media distribution to sports & fitness. With more than 70% of Indians using the Internet on a daily basis for private and/or business use and the rest of the world also beginning to catch on, e-commerce's global growth curve is not likely to taper off anytime soon. In the last decade, many startup e-commerce companies have rapidly stolen market share from traditional retailers and service providers, pressuring these established traditional players to deploy their own commerce websites or to alter company strategy in retaliation. This effect is most pronounced in travel services and consumer electronics. As traditional brick and mortar firms continue to lose market share to e-commerce players, they will likely see continued declines in their revenues, operating margins, and profits. It is important to note that most ecommerce players are at a competitive advantage to retailers. They have lower operating 43

Strictly for Internal Circulation‐ KCL

expenses and better inventory management due to operating in a virtual commerce environment. For example, Amazon.com (AMZN) has revenue per employee of nearly $850k while its retail counterpart, Best Buy (BBY), generates revenue per employee of only $270k. Clearly, ecommerce vendors will have the most to gain if they successfully disrupt retail customer acquisition, disintermediate distributors/resellers, and under-price retail establishments. As a consequence of e-commerce vendor gains, financial transaction processors and parcel shipping companies are among ancillary vendors who will gain.

44

Strictly for Internal Circulation‐ KCL

IMPORTANT QUESTIONS UNIT – 1 Basic of Computer / Internet / Application Q.1.

What is Computer? What are its components? Explain in detail.

Q.2.

What is Internet? Who are Internet Service Provides?

Q.3.

How Internet is differ from Intranet?

Q.4.

How to determine the Regulatory Authority who will be hearing and deciding claim petitions?

Q.5.

Explain the World Wide Web? How it governs its functions?

Q.6.

How to make electronic documents more secure? How to maintain its authenticity?

Q.7.

Illustrate the Fire Wall and how it functions. What it its purpose?

Q.8.

Discuss in short : @ LAN @ WAN @ WWW

Q.9.

What is CPU? How it functions?

Q.10.

List the Web security threats?

Q.11.

List the computer languages in detail.

Q.12

What is the essence of Operating System?

Q.13

Explain the term Online Resources?

45

Strictly for Internal Circulation‐ KCL

UNIT -2 ROLE OF LAW IN CYBER WORLD ROLE OF LAW IN CYBER WORLD Since the beginning of civilization, man has always been motivated by the need to make progress and better the existing technologies. This has led to tremendous development and progress which has been a launching pad for further development. Internet is believed to be full of anarchy and a system of law and regulation there it seems contradictory. However, cyber space is being governed by a system of law called cyber law. Cyber law is a generic term which refers to all the legal and regulatory aspects of internet. Cyber law is a constantly evolving process as the internet grows numerous legal issue arises. As one of the most important issue concerning cyber space today is that of cyber crime. As the category of cyber crimes, relate to cyber crimes against the cyber terrorism is the distinct kind of crime in this category. The growth of internet has shown that the medium of cyber space is being used by individuals and groups to threaten the internationals governments as also to terrorize the citizens of a country. The crime manifest itself into terrorism when as individual cracks into a govt./military maintained website. Since cyber crime is newly specialized field growing in cyber laws, a lot of development has to taken place in terms of putting into place the relevant legal mechanism for controlling and preventing cyber crime. As the internet has grown in a very rapid, arbitrary and unplanned manner, of this unplanned nature of internet, it was felt initially that internet is a system of anarchy and no useful purpose would be solved total lack of disorder control in trying to do the same. As it is also essential to introduce laws against computer crime and such other cyber laws would help build the national information infrastructure, the laws have to take into consideration the emergency use of electronic data inter change (EDI), Electronic commerce Electronic fund transfer, Electronic cash, copyright and digital intellectual property rights. Various emerging technologies are stated: 1) Prevention of computer crime 2) Digital signatures 3) Copyright and digital intellectual property 4) Electronic governance 5) Computerization of land records 46

Strictly for Internal Circulation‐ KCL

6) Cryptography & encryption To protect the “DATA” relating to law- will be conducted by cyber law: Data protection has been defined to include: @ The legal safeguards of people rights to see what information may be held about them in a computer data base. @ Protection of thefts destruction or damage of software and data held in a computer memory. @ Eg: Govt. departments and commercial companies hold personal data in computers. In order to provide a favourable legal environment for the commerce activities, the IT act 2000 has been enacted. It provides legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication commonly referred of ecommerce which involves the use of alternatives of paper based methods of communication & storage of information. OBJECTIVES OF ACT 1. It provides a legal recognition for transaction carried out by electronic communication commonly referred as e-commerce which involve the use of alternative of paper based on methods of communication & storing of information. 2. To facilitate electronic filing of document with govt. departments. 3. To facilitate electronic storage of data. APPLICATION OF ACT This act shall not apply to negotiable instruction or power of attorney, will & codicil, documental under immovable property, documental under immovable property such other documents or transactions may be notified by the central Govt. is official gazette. Acc. to NATIONAL INFORMATION TECHOLOGY POLICY: It states that there is an urgent need not only to computerize departments or ministers but a central mechanism is required so that govt. can get feedback from citizen only in India. The outdated Indian laws require a quick change. It is also essential to introduce laws require cyber crimes and other cyber laws that would help building the national information structures. Law plays an important role in growth of information technologies, law has to take into consideration in emergence of EDI (Electronic data internet), e-commerce electronic fund transfer copyright & digital IPR. ROLE OF LAW:

47

Strictly for Internal Circulation‐ KCL

1. Where any law requires that any information or matter should be in the type written or printed from the such requirement shall be deemed to be satisfied, if it is in an electronic form 2. Where any law requires that information or document or other matter authenticated by signature, such requirement shall be deemed to have been satisfied if it is authenticated by means of digital signatures affixed in such manner as may be prescribed by rules framed by the central govt. 3. The filing of any form application or other document creation, retention or preservation of records issue or grant of any license or permit/receipt or payment in govt. offices and its agencies may be done through the electronic form. 4. Where any law provides that document records or information shall be retained for any specified period then that requirement shall be deemed to have been same as retained in electronic form. 5. Where any law requires the publication of any rule regulation, order bye-law, notification or any other matter should be published in the official gazette such registration shall be satisfied if same is done in electronic forms.

FREE SPEECH IN CYBERSPACE Article 19 of the Universal Declaration of Human Rights calls for the protection of free expression in all media. In comparison to traditional print-based media, the accessibility and relative anonymity of cyber space has torn down traditional barriers between an individual and his or her ability to publish. Any person with an internet connection has the potential to reach an audience of millions with little-to-no distribution costs. Yet this new form of highly accessible authorship in cyber space raises questions and perhaps magnifies legal complexities relating to the freedom and regulation of speech in cyberspace. These complexities have taken many forms, three notable examples being the Jake Baker incident, in which the limits of obscene Internet postings were at issue, the controversial distribution of the DeCSS code, and Gutnick v Dow Jones, in which libel laws were considered in the context of online publishing. The last example was particularly significant because it epitomized the complexities inherent to applying one country's laws (nation-specific by definition) to the internet (international by nature). In 2003, Jonathan Zittrain considered this issue in his paper, "Be Careful What You Ask For: Reconciling a Global Internet and Local Law".

RIGHT TO SPEECH AND EXPRESSION 48

Strictly for Internal Circulation‐ KCL

ON THE INTERNET OR NATIONAL SECURITY The development of technology in the communication industry over the last decade has witnessed the emergence of several relatively new legal and ethical issues. With the development of internet into a global market place the world has seen news speedy means of communication. Communication speech & expression constitute some of the most basic liberties of the individual. In the Indian context U/A 19(1) (a) of the constitution recognises them as freedom right to speech. But no right is absolute one of the conditions when restrictions may be imposed on the right speech expression is national security How does Internet activities causes threat to national security? Encryption & cryptography the two modes of communication possess a threat to National integrity. @ The process of encryption is like sending a postal mail to another party with a code lock on the envelope the code which is known only to the sender and the recipient @ The field of cryptography deals with study of secret codes. Thus, while encryption is the actual process cryptography involves the study of the same and is of wider connotation. @ The practice of encryption and its study cryptography provides individual with means of communication that no third party can understand unless specifically permitted by the communicators themselves. @ Such technology is however liable to be misused by individuals to carry on clandestine operations to the detriment of national security. The volume and varying nature of transactions also raises the issue of security concerns as to the political, social & economic, health of the nation. @ Cryptography, if used to code messages containing such vital information b/w the individuals regarding to the state security raises security concerns. Technology is a double edged sword on the one hand it enable to maintain privacy & freedom of speech & expression & on the other hand the same techniques can be decipheral to the integrity & soul of the nation. The other cyber offences such as Hacking with computer system may cause threat to national security. Computer hacking is the accessing of a computer system W/O the express/ implied permission of the owner of that computer system. Through the offence of hacking the govt. related informations on the internet or on websites of govt. May be targetted by studying their security features and tools to gain authorized access & impair the normal functioning of a computer or computer system. The information so received through the , illegal access to the govt. websites may be transmitted thereby, raising security concerns.

Legislative measure to protect the National Security 49

Strictly for Internal Circulation‐ KCL

1. U/A 19 (2) of constitution: Imposes reasonable restrictions or the ground of threat to sovereignty of nation but there must be balancing of rights & duties. The restrictions may be imposed only when there is a legitimate threat to nation. 2. U/S 69 of IT, Act 2000: The controller of certifying authority has power to encrypt or decrypt any information from the computer if it is threat to the integrity & sovereignty of nation. The possessor of the information i.e. data subject has to across all information he has & in case, he does not cooperate - he can be punished for not following the directions of controller.

ETHICS @ In legal way and its prospectus are a very wide terms and very much intermingled. These cannot be confined by works. Ethics and morality in different circumstances can notes varied and complex meaning. Each and everything which is opposed to public policy. Against public welfare and which may disturb public tranquility may be termed to be immoral and unethical. @ In past terms such as imperlism colonism, apartheid which were burning issues have given way to cyber crime, hacking , cyber ethics etc. @ Today in the present era we need to evolve “cyber jurisdiction” based on which we can evaluate and criticize cyber ethics. @ Many businesses have devised guidelines for the use of information technology and computer systems may computer related professional groups have also published guidelines for their members. @ Most organization and school guidelines encourage all system users to act responsibility ethically and legally when using computers and to follows accepted rules of online etiquette as well federal & state laws. @ The computers ethics institute is research education and policy study organization with members from the IT professional and from academic, corporate and public policy communities. @ As ethics shows the guidelines as it prohibit (a) Using a computer to harm others (b) Snooping in others people files (c) Using a computer to steal (d) Copying or using proprietary software without paying for it. FUNCTIONS: The govt. has regulated various certifying authorities to run by the controller, deputy controller and Assistant controller shall discharge functions of Central Govt: 50

Strictly for Internal Circulation‐ KCL

Functions performance by controller :1. Certifying public keys of the certifying authority. 2. Laying down the standards to be maintained by users. 3. Specifying the qualification and experience of the employees of the certifying authority. 4. Specifying the conditions subject to which the certifying authorities should conduct their business. 5. Specifying the content of written/ printed or visual material and advertisement that may be distributed used a of digital signatures 6. Specifying the form / content of digital signature- the key. 7. Specifying the form & manner in which Accounts are to be maintained by CA. 8. Terms & Conditions on which auditors may be appointed & remunerated. 9. Facilities - electronic system. 10. Specifying the manner in which certifying authorities should conduct their dealing with subscribers. 11. Resolving the interest, laying down duties and supervising the activities. 12. CA shall make use of software/ hardware/ procedures that are required. 13. Provide reasonable level of reliability in its services which are reasonable suitable. 14. Adhere to security procedure to ensure the secrecy privacy.

IMPORTANT QUESTIONS UNIT – 2 ROLE OF LAW IN CYBERSPACE Q.1.

Explain the theories of Governance?

51

Strictly for Internal Circulation‐ KCL

Q.2.

How the growth of Cyber Space is expanding increasing?

Q.3.

Discuss the relationship between Law of contract and Cyber Space.

Q.4.

How Law of Tort is influence by Cyber Crime & its Laws.

Q.5.

Is there any provision for Internet Crimes and what remedial actions are being taken to prevent them?

Q.6.

How Human Rights are connected with field of cyber Law? What rights are enumerated in the I.T. Act 2000?

Q.7.

Explain Cyber Terrorism.

Q.8.

What are the various modes by which online Disputes can be resolved easily?

Q.9.

How human Being’s ethics is concerned with Cyber Space?

Q.10.

Explain in detail E-Governance.

UNIT -3 THE INDIAN TELEGRAPH ACT, 1885

52

Strictly for Internal Circulation‐ KCL

The Indian Telegraph Act, 1885 was enacted 115 years back with the main object being "to give power to the Government and to any company or person licensed under section 4 of the Indian Telegraph Act, 1876, and specially empowered in this behalf, to place telegraph lines under or over property belonging whether to private persons or to public bodies." The preamble of the Telegraph Act says that it is an act to amend to the law relating to telegraphs in India.

DEFINITIONS - SECTION 3 (1) "telegraph" means any appliance, instrument, material or apparatus used or capable of use for transmission or reception of signs, signals, writing, images and sounds or intelligence of any nature by wire, visual or other electro-magnetic emissions, Radio waves or Hertzian waves, galvanic, electric or magnetic means. Explanation. – "Radio waves" or "Hertzian waves" means electro-magnetic waves of frequencies lower than 3,000 giga-cycles per second propagated in space without artificial guide;] (2) "telegraph officer" means any person employed either permanently or temporarily in connection with a telegraph established, maintained or worked by [the Central Government] or by a person licensed under this Act; (3) "message" means any communication sent by telegraph, or given to telegraph officer to be sent by telegraph or to be delivered; (4) "telegraph line" means a wire or wires used for the purpose of a telegraph, with any casing, coating, tube or pipe enclosing the same, and any appliances and apparatus connected therewith for the purpose of fixing or insulating the same; (5) "post" means a post, pole, standard, stay, strut or other above ground contrivance for carrying, suspending or supporting a telegraph line; (6) "telegraph authority" means the Director General of [Posts and Telegraphs], and includes any officer empowered by him to perform all or any of the functions of the telegraph authority under this Act; (7) "local authority" means any municipal committee, district board, body of port commissioner or other authority legally entitled to, or entrusted by" the Central or any State Government] with, the control, management of any municipal or local fund. The Indian Telegraph Act, 1885 is a law in India that governs the use of telegraphy, phones, communication, radio, telex and fax in India. It gives the Government of India exclusive privileges of establishing, maintaining and working telegraphs. It also authorizes the government to tap phone lines under appropriate conditions

LEGAL FRAMEWORK 53

Strictly for Internal Circulation‐ KCL

Telecommunication is an item in the Union List, implying that only central government can make laws relating to the subject. The following are the major legislations pertaining to the telecommunication sector:¾ Indian Telegraph Act, 1885 ¾ Indian Wireless Telegraphy Act 1933 ¾ Telecommunications Regulatory Authority of India Act 1997 The Indian Telegraph Act, 1885 was the only statute that could be used to regulate modern telephony as “telegraph” was defined as any apparatus for transmission or reception of signals, images and sounds by wire, visual or other electric magnetic emissions. According to the Act, the central government has the exclusive right to be an operator and a licensing authority for establishing, maintaining and working telegraphs but it may grant licences to establish, maintain or work a telegraph within any part of India. These licenses may be revoked. All the initial licences were granted under this Act and this has leased to a series of legal challenges. The Indian Wireless Telegraphy Act 1933 provides that no person may possess wireless telegraphy apparatus unless such person has been issued a licence under the Indian Telegraph Act, 1885. Any person in possession of a wireless transmitter in contravention of the provisions of the Indian Telegraph Act will be liable with fine and / or imprisonment. The central government has the authority to make rules for the purpose of carrying into effect the provisions of the Act. The Telecommunications Regulatory Authority of India Act 1997 provided for the establishment of the Telecommunications Regulatory Authority of India. The powers under Section 11 (1) (d) which empowered the TRAI to frame regulations, was interpreted in January 2000 by the High Court of New Delhi. The High Court held that the TRAI was merely a recommendatory body and struck down the Telecommunications Regulatory Authority’s regulations specifically higher charges payable by fixed telephone subscribers and revenue sharing arrangements. The National Telecommunications Policy 1999 defines the role of the Telecommunications Regulatory Authority as strong and independent regulator with comprehensive powers and clear authority to effectively evolve and implement a regulatory framework and adequate safeguards to ensure fair competition and protection of consumer interests. The government is not bound to follow the recommendations of the TRAI in the following areas:a. The need and timing of new service providers. b. The terms and conditions of a licence to a service provider. c. The revocation of a licence for non-compliance of terms and conditions.

54

Strictly for Internal Circulation‐ KCL

d. The measures to facilitate competition. e. The type of equipment to be used by service providers f. The efficient management of spectrum.

PRIVILEGES AND POWERS OF THE GOVERNMENT

SECTION 4- Exclusive privilege in respect of telegraphs, and power to grant licences: 1. Within India, the Central Government shall have the exclusive privilege of establishing, maintaining and working telegraphs: Provided that the Central Government may grant a licence, on such conditions and in consideration of such payments as it thinks fit, to any person to establish, maintain or work a telegraph within any part of India: Provided further that the Central Government may, by rules invade under this Act and published in the Official Gazette, permit, subject to such restrictions and conditions as it thinks fit, the establishment, maintenance and working: (a) of wireless telegraphs on ships within Indian territorial waters and on aircraft within or above India, or Indian territorial waters, and (b) of telegraphs other than wireless telegraphs within any part of India. 2.

The Central Government may, by notification in the Official Gazette, delegate to the telegraph authority all or any of its powers under the first proviso to sub-section (1). The exercise by the telegraph authority of any power so delegated shall be subject to such restrictions and conditions as the Central Government may, by the notification, think fit to impose.

SECTION 5- Power for Government to take possession of licensed telegraphs and to order interception of messages: On the occurrence of any public emergency, or in the interest of the public safety, the Central Government or a State Government, or any officer specially authorised in this behalf by the Central Government or a State Government, may, if satisfied that it is necessary or expedient so to do, ¾ Take temporary possession (for so long as the public emergency exists or the interest of the public safety requires the taking of such action) of any telegraph establishes, maintained or worked by any person licensed under this Act.

55

Strictly for Internal Circulation‐ KCL

¾ If satisfied that it is necessary or expedient so to do in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign states or public order or for preventing incitement to the commission of an offence, for reasons to be recorded in writing, by order, direct that any message or class of messages to or from any person or class of persons, or relating to any particular subject, brought for transmission by or transmitted or received by any telegraph, shall not be transmitted, or shall he intercepted or detained, or shall be disclosed to the Government making the order or an officer thereof mentioned in the order: Provided that the press messages intended to be published in India of correspondents accredited to the Central Government or a State Government shall not be intercepted or detained, unless their transmission has been prohibited under this sub-section. SECTION 6- Power to establish telegraph on land of Railway Company: Any Railway Company, on being required so to do by the Central Government, shall permit the Government to establish and maintain a telegraph upon any part of the land of the Company, and shall give every reasonable facility for working the same. SECTION 6A-Power to notify rates for transmission of messages to countries outside India: (1) The Central Government may, from time to time, by order, notify the rates at which, and the other conditions and restrictions subject to which messages shall be transmitted to any country outside India. (2) In notifying the rates under sub-section (l), the Central Government shall have due regard to all or any of the following factors, namely:i. the rates for the time being in force, for transmission of messages, in countries outside India; ii. the foreign exchange rates for the time being in force; iii. the rates for the time being in force for transmission of messages within India; iv. such other relevant reactors as the Central Government may think fit in the circumstances of the case. SECTION- 7. Power to make rules for the conduct of telegraphs: (1) The Central Government may, from time to time, by notification in the Official Gazette, make rules consistent with this Act for the conduct of all or any telegraphs, established, maintained or worked by the Government or by persons licensed under this Act. (2) Rules under this section may provide for all or any of the following among other matters, that is to say:

(a) the rates at which, a lid the other conditions and restrictions subject to which, messages shall he transmitted [within India]; 56

Strictly for Internal Circulation‐ KCL

(b) the precautions to be taken for preventing the improper interception or disclosure of messages-, (c) the period for which, and the conditions subject to which, telegrams and other documents belonging to, or being in the custody of, telegraph officers shall be preserved; (d) the fees to be charged for searching for telegrams or other documents in the custody of any telegraph officer; (e) the conditions and restrictions subject to which any telegraph line, appliance or apparatus for telegraphic communication shall he established, maintained, worked, repaired, transferred, shifted, withdrawn or disconnected;] (ee) the charges in respect of any application for providing any telegraph line, appliance or apparatus; (f) the charges in respect of- (i) the establishment, maintenance, working, repair, transfer or shifting of any telegraph line, appliance or apparatus; (ii) the services of operators operating such line, appliances or apparatus; (g) the matters in connection with the transition from a system whereunder rights and obligations relating to the establishment, maintenance, working, repair, transfer or shifting of any telegraph line, appliance or apparatus for telegraphic communication attach by virtue of any agreement to a system wherunder such rights and obligations attach by virtue of rules made under this section; (h) the time at which, the manner in which, the conditions under which and the persons by whom the rates, charges and fees mentioned in this sub-section shall be paid and the furnishing of security for the payment of such rates, charges and fees; (i) the payment of compensation to the Central Government for any loss incurred in connection with the provision of any telegraph line, appliance or apparatus for the benefit of any person(a) where the line, appliance or apparatus is, after it has been connected for use, given up by that person before the expiration of the period fixed by these rules, or (b) where the work done for the purpose of providing the line, appliance, or apparatus is, before it is connected for use, rendered abortive by some act or omission on the part of that person; (j) the principles according to which and the authority by whom the compensation referred to in clause (i) shall be assessed; (jj) the qualifications to be possessed and the examinations, if any, to be passed by the persons employed for the establishment, maintenance or working of any telegraph and the fees to be charged for admission to such examinations; and 57

Strictly for Internal Circulation‐ KCL

(k) any other matter for which provision is necessary for the proper and efficient conduct of all or any telegraphs under this Act. (3) When making rules for the conductor any telegraph established, maintained or worked by any person licensed under this Act, the Central Government may by the rules prescribe fines for any breach of the same: Provided that the fines so prescribed shall not exceed the following limits, namely:(i) when the person licensed under this Act is punishable for the breach, one thousand rupees, and in the case of a continuing breach a further fine of two hundred rupees for every day after the first during the whole or any part of which the breach continues; (ii) when a servant of the person so licensed, or any other person, is punishable for the breach, one-fourth of the amounts specified in clause (i). (4) Nothing in this section or in any rules made hereunder shall be construed as(a) precluding the Central Government from entering into all agreement with a person for the establishment, maintenance and working by that Government on terms and conditions specified in the agreement, of any telegraph line, appliance or apparatus for the purpose of affording means of telegraphic communication, where having regard to the number of the lines, appliance or apparatus required by that person for telegraphic communication, it is necessary or expedient to enter into such agreement with him, or (b) subjecting the Central Government to any obligation to provide any telegraph line, appliance or apparatus for the purpose of affording means of telegraphic communication. (5) Every rule made under this section shall he laid as soon as may be after it is made before each House of Parliament while it is in session for a total period of thirty days which may be comprised in one session or in two or three successive sessions, and if, before the expiry of the session immediately following the session or the successive sessions aforesaid, both Houses agree in making any modification in the rule, or both the Houses agree that the rule should not be made, the rule shall thereafter have effect only in such modified form or be of no effect, as the case may be; so however, that any such modification or annulment shall be without prejudice to the validity of anything previously done under that rule. SECTION- 7B. Arbitration of disputes: 1) Except as otherwise expressly provided in this Act, if any dispute concerning any telegraph line, appliance or apparatus arises between the telegraph authority and the person for whose benefit the line, appliance or apparatus is, or has been, provided, the dispute shall be determined by arbitration and shall, for the purposes of such determination, be referred to an arbitrator appointed by the Central Government either specially for the determination of that dispute of generally for the determination of disputes under this section.

58

Strictly for Internal Circulation‐ KCL

(2) The award of the arbitrator appointed under sub-section (1) shall be conclusive between the parties to the dispute and shall not be questioned in any Court. SECTION- 8. Revocation of licences: The Central Government may, at any time, revoke any license granted under section 4, on the breach of any of the conditions therein contained, or in default of payment of any consideration payable there under. SECTION- 9. Government not responsible for loss or damage: The Government shall not be responsible for any loss or damage which may occur in consequence of any telegraph officer failing in his duty with respect to the receipt, transmission or delivery of any message; and no such officer shall be responsible for any such loss or damage, unless he causes the same negligently, maliciously or fraudulently.

59

Strictly for Internal Circulation‐ KCL

PENALTIES SECTION 20. Establishing, maintaining or working unauthorized telegraph: (1) If any person establishes, maintains or works a telegraph within India in contravention of the provisions of section 4 or otherwise than as permitted by rules made under that section, he shall be punished, if the telegraph is a wireless telegraph, with imprisonment which may extend to three years, or with fine, or with both, and, in any other case, with a fine which may extend to one thousand rupees. (2) Notwithstanding anything contained in the Code of Criminal Procedure, 1898 (5 of 1898), offences under this section in respect of a wireless telegraph shall, for the purposes of the said Code, he bailable and non-cognizable. (3) When any person is convicted of all offence punishable under this section, the court before which he is convicted may direct that the telegraph in respect of which the offence has been committed, or any part of such telegraph, be forfeited to Government. SECTION 20A. Breach of condition of license: If the holder of a license granted under section 4 contravenes any condition contained in his license, he shall be punished with fine which may extend to one thousand rupees, and with a further fine which may extend to five hundred rupees for every week during which the breach of the condition continues. SECTION 21. Using un-authorized telegraphs: lf any person, knowing or having reason to believe that a telegraph has been established or is maintained or worked in contravention of this Act, transmits or receives any ,message by such telegraph, or performs any service incidental thereto, or delivers any message for transmission by such telegraph or accepts delivery of any message sent thereby, he shall be punished with fine which may extend to fifty rupees.

SECTION 22. Opposing establishment of telegraphs on railway land: If a Railway Company, or an officer of a Railway Company, neglects or refuses to comply with the provisions of section 6, it or he shall be punished with fine which may extend to one thousand rupees for every day during which the neglect or refusal continues. SECTION 23- Intrusion into signal-room, trespass in telegraph office or obstruction: lf any person- (a) without permission of competent authority, enters the signal-room of a telegraph office of the Government, or of a person licensed under this Act, or (b) enters a fenced enclosure round such a telegraph office in contravention of any rule or notice not to do so, or (c) refuses to quit such room or enclosure on being requested to do so by any officer or servant employed therein, or (d) wilfully obstructs or impedes any such officer or servant in the performance of his duty, he shall be punished with fine which may extend to five hundred rupees. SECTION 24- Unlawfully attempting to learn contents of messages:

60

Strictly for Internal Circulation‐ KCL

If any person does any of the acts mentioned in section 23 with the intention of unlawfully learning the contents of any message, or of committing any offence punishable under this act, he may (in addition to the fine with which he is punishable under section 23) be punished with imprisonment for a term which may extend to one year. SECTION 25- Intentionally damaging or tampering with telegraphs: If any person, intending- (a) to prevent or obstruct, the transmission or delivery of any message, or (b) to intercept or to acquaint himself with the contents of any message, or (c) to commit mischief, damages, removes, tampers with or touches any battery, machinery, telegraph lines, post or other thing whatever, being part of or used in or about any telegraph be punished with imprisonment for a term which may extend to three months, or with fine which may extend to one hundred rupees, or with both. SECTION 29A- Penalty: If any person, without due authority,- (a) makes or issues any document of a nature reasonably calculated to cause it to be believed that the document has been issued by, or under the authority of, the Director-General of Posts and Telegraphs, or (b) makes on any document any mark in imitation of, or similar to, or purporting to be, any stamp or mark of any telegraph office under the Director-General of Posts and Telegraphs, or a mark of a nature reasonably calculated to cause it to be believed that the document so marked has been issued, by or under the authority of, the Director-General of Posts and Telegraphs, he shall he punished with fine which may extend to fifty rupees. SECTION 30- Retaining a message delivered by mistake: If any person fraudulently retains, or wilfully secrets, makes away with or detains a message which ought to have been delivered to some other person, or, being required by a telegraph officer to deliver up any such message, neglects or refuses to do so, he shall be punished with imprisonment for a terms which may extend to two years, or with fine, or with both. SECTION- 31- Bribery: A telegraph officer shall be deemed a public servant within the meaning of sections 161, 162, 163, 164 and 165 of the Indian Penal Code, 1860 (45 of 1860); and in the definition of "legal remuneration" contained in the said section 161, the word "Government", shall, for the purposes of this Act, be deemed to include a person licensed under this Act. 32. Attempts to commit offences: Whoever attempts to commit any offence punishable under this Act shall he punished with the punishment herein provided for the offence.

CONSUMER FORUM HAS NO JURISDICTION

61

Strictly for Internal Circulation‐ KCL

ON TELEPHONE MATTERS Telecommunications service becomes essential for day-to-day activities of the people. The number of users of this service is on the increase now-a-days. The grievances experienced by the consumers are also not less. Indian Telegraph Act, 1885 provides a dispute mechanism for the consumers. Sec.7-B of Indian Telegraph Act Provides arbitration for settlement of disputes. The said section provides that except as otherwise expressly provided in the Act, if any dispute concerning any telegraph line, appliance arises between the telegraph authority and the person or whose benefit the line, appliance or apparatus is, or has been provided, the dispute shall be determined by arbitration and shall, for the purpose of such determination, be referred to an arbitrator appointed by the Central Government either specifically for the determination of the dispute or generally for the determination of disputes under this section. The award of the arbitrator appointed shall be conclusive between the parties to the dispute and shall not be questioned in any court. The term ‘telegraph authority’ means the service provider. The Consumer Protection Act, 1986 provides relief to consumers where there is deficiency in service provided by the service provider. Sec. 3 of the Consumer Protection Act, 1986 provides that the provisions of the said Act are in addition to the existing laws and not in derogation of the provisions of the existing laws. Accordingly the Consumer Protection Act is not having an overriding effect of the provisions of Indian Telegraph Act. But in many cases the State Commissions, National Commission held that Consumer Forum is having jurisdiction to entertain complaints on telecom. Matters despite the provisions contained in Sec. 7-B of Indian Telegraph Act. The High Court, Kerala in ‘General Manager, Telecom V. M. Krishenan’ – AIR 2000 Kerala 250 held that section 7-B of the Indian Telegraphs Act does not oust the jurisdiction of Consumer Commission or for a vis-à-vis cases pertaining to telephone appliances, apparatus or services. Remedy given under section 3 of the Consumer Protection Act is additional remedy which is not in derogation of the other acts. In ‘Secretary, Thirumurugan Co-operative Agricultural Society V. M. Lalitha’ – 2004 (1) Supreme 326 the Supreme Court held that the plea of ousting the jurisdiction of courts/tribunals as per the mandates of section 90 of the Co-operative Societies Act was negative so far as the operation of Consumer Protection Act was concerned. The Supreme Court further held that having due regard to the scheme of the Act and purpose to be achieved to protect the interest of the consumers better, the provisions are to be interpreted broadly, positively and purposefully in the context of the present case to give meaning to additional extended jurisdiction, particularly when sectkion3 seeks to provide remedy under the Act in addition to other remedies provided under other acts unless there is clear bar. In ‘M.A. Suherwardy V. District Manager, Telecom District and another’ -2009 (4) CPR 58 the State Commission, Jammu & Kashmir held that the Telegraph Act was enacted 100 years ago when the Consumer Protection act was not enacted. Parliament at the time of enacting the Act knew that there are special acts like Telegraph Act, Cooperative Societies Act, Advocates Act, Arbitration Act, Contract Act, etc., but did not create any bar in section 3 of the Act. In view of 62

Strictly for Internal Circulation‐ KCL

this matter, now the choice is with the consumer either to come under section 3 of the Act or section 7-B of the Telegraph Act. However the court further held that the Court did not lose the sight of the fact that excessive billing cannot be determined in the absence of expert opinion but adverting to the facts of the present case, the Court found that the alleged excessive billing has been made in a casual and cavalry manner by violating the rules and procedure of the Telecom Department. But the Supreme Court decided differently. In ‘General Manager, Telecom. V. M. Krishnan and another’ in Civil Appeal No. 7687 of 2004 decided on 1st September, 2009 BSNL filed appeal against the full bench judgment dated 14.02.2003 of the High Court of Kerala at Ernakulam whereby the Writ Appeal filed by the appellant has been dismissed. The dispute in this case was regarding non payment of telephone bill for the telephone connection provided to the respondent No. 1 and for the said non payment of the bill the telephone was disconnected. The subscribed aggrieved against the disconnection filed a complaint before the District Consumer Forum, Kozhikode which allowed the complaint and directed the appellant to reconnect the telephone and pay compensation of Rs.5,000/- with interest @ 12% per annum from the date of filing the complaint. Against this the appellant filed a writ petition before the High Court of Kerala challenging the jurisdiction of the consumer forum. The said writ petition was dismissed by the single Judge of the High Court. The appellant field a writ appeal before the Division Bench of the High Court which felt that the matter required consideration by a larger bench and the matter was placed before the Full Bench. The Full Bench of the High Court has dismissed the writ appeal. The Supreme Court held that in their opinion that there is a special remedy provision in Section 7-B of the Indian Telegraph Act regarding disputes in respect of telephone bills, then the remedy under the Consumer Protection Act is by implication barred. Rule 413 of the Telegraph Rules provide that all services relating to telephone are subject to Telegraph Rules. A telephone connection can be disconnected by the Telegraph Authority for default of payment under Rule 443 of the Rules. It is well settled that the special law overrides the general law. Hence in the opinion of the Supreme Court the High Court was not correct in approach. The Supreme Court agreed with the view taken by the National Commission in ‘Chairman, Thiruvalluvar Transport Corporation V. Consumer Protection Council’ (1995) 2 SCC 479 that the National Commission has no jurisdiction to adjudicate upon claims for compensation arising out of the motor vehicles accidents. The Supreme Court allowed the appeal. Thus the Consumer Forum is having no jurisdiction over the telephone services rendered to the consumers.

TELECOM REGULATORY AUTHORITY OF INDIA ACT, 1999 INTRODUCTION

63

Strictly for Internal Circulation‐ KCL

The Telecom Regulatory Authority of India or TRAI (established 1997) is the independent regulator established by the Government of India to regulate the telecommunications business in India. The Telecom Sector in India has, over the last few years witnessed a significant growth and the number of subscribers are very large. Increasingly, the subscriber base is also extending to the rural areas. There is also intense competition amongst service providers with the objective of improving their subscriber base. From time to time, the Telecom Regulatory Authority of India has been issuing various regulations and orders to protect the interests of the consumers of telecom services. It is important that consumers are aware of these so that their rights and privileges can be effectively safeguarded.

HISTORY The Telecom Regulatory Authority of India (TRAI) was established in 1997 through an Act of Parliament, viz, The Telecom Regulatory Authority of India Act, 1997. The mission of Telecom Regulatory Authority of India (TRAI) is to ensure that the interests of consumers are protected and at the same time to nurture conditions for growth of telecommunications, broadcasting and cable services in a manner and at a pace which will enable India to play a leading role in the emerging global information society. For achieving these objectives, the Authority issues from time to time regulations, directions, orders or guidelines with the focus on: ¾ Transparency in decision making by affording an opportunity to all stake holders. ¾ Providing consumer with adequate choice, affordable tariffs and high quality of service. ¾ Promoting level playing field and fair competition among service providers. ¾ Access to world class quality telecommunications, broadcasting and cable services. ¾ Promoting efficiency in operations in all the tiers of the industry. ¾ Adoption of emerging technologies within the framework of a technology neutral policy. ¾ Ensuring technical compatibility and effective interconnection between service providers.

TRAI gives highest importance for consumer protection as it is embodied in the preamble to the Act, reproduced below:“An Act to provide for the establishment of the Telecom Regulatory Authority of India and the Telecom Disputes Settlement and Appellate Tribunal to regulate the telecommunication services, adjudicate disputes, dispose of appeals and to protect the interests of service providers and 64

Strictly for Internal Circulation‐ KCL

consumers of telecom sector to promote and ensure orderly growth of the telecom sector and for matters connected therewith or incidental thereto.” The framework for consumer protection, mandated as one of the functions of TRAI under the TRAI Act, is as under:“Lay down the standards of quality of service to be provided by the service providers and ensure the quality of service and conduct the periodical survey of such service provided by the service providers so as to protect interest of the consumers of telecommunication service”. TELECOM REGULATORY AUTHORITY OF INDIA ESTABLISHMENT AND WORKING ¾ CONSTITUTION An independent body consisting of a Chairman, a minimum of two Members and maximum of six members (All seven in position at present). TRAI consists of a chairperson, 2 whole time members, and 2 part time members. The chairperson of Telecommunication Regulatory Authority of India is Sh. Nripendra Misra, the whole time members are Sh. A. K. Sawheny and Sh. R. N. Prabhakar, and the part time members are Dr. Rajiv Kumar and Prof. N. Balakrishnan. ¾ FUNCTIONS OF TRAI a. Need and timing for introduction of new service providers. b. Terms and conditions of licence to service providers. c. Revocation of licence for non-compliance of terms & conditions of a licence. d. Type of equipment to be used by service providers. ENSURING a. Technical compatibility and effective interconnection between different service providers. b. Compliance of terms and conditions of licence. c. Effective compliance of universal service obligations.

¾ TARIFF SETTING & RELATED FUNCTIONS

65

Strictly for Internal Circulation‐ KCL

a. By order notify in the official gazette the rates at which the telecommunication service within India and outside India shall be provided including the rates at which messages will be transmitted to any country outside India. b. Regulate arrangements among service providers for sharing their revenue derived from providing telecommunication services. c. Levy fees and other charges at such rates and in respect of such services as may be determined by regulations.

¾ OTHER FUNCTIONS a. Lay down the time period for providing local and long distance circuits for telecommunication different service providers. b. c. Monitor the quality of service and conduct periodical survey of such services. d. Inspect the equipment used in the network and recommend the type of equipment to be used by the service providers. e. Maintain Register of Interconnect Agreement and of all such other matters as may be provided in the regulations f. Protect the interest of consumers of telecommunication service. g. Facilitate competition & promote efficiency in the operation of telecommunication services so as to facilitate growth in such services. h. Perform such other functions including such administrative and financial functions as may be entrusted to it by the Central Govt. or as may be necessary.

¾ POWERS WITH TRAI Settle Dispute (Powers of a Court in-certain class of cases) a. b. c. d. e. f.

Frame Regulations Levy Fees Fix Tariffs Call for Information Institute Enquiries Sanction prosecution for disobedience.

¾ INDEPENDENT REGULATOR TRAI's role as an independent and effective regulator has been ensured through the following provisions in the TRAI Act:-

66

Strictly for Internal Circulation‐ KCL

(a) Chairperson and Members of the Authority are to be appointed by the Central Government after satisfying that the persons to be appointed do not have any financial or other interest as is likely to affect prejudicially their functions as members of the Authority. (b) The term of appointment of Chairperson and Members is fixed at 5 years. (c) Terms and conditions of appointment of Members once fixed cannot be changed to their disadvantage. (d) Members are barred from holding any office under State/ Central Governments for life. Commercial employment cannot be taken up for two years after demitting office. Scope of commercial employment includes consultancy work in any sector. (e) The Central Government may remove from office any member on grounds of -- Insolvency -- Incapacity -- Conviction for offences involving Moral turpitude. -- In case of conflict of interest and abuse of powers, removal will be possible only after an enquiry by the Supreme Court of India.

¾ POWERS TO ISSUE DIRECTIVES Govt. has the Authority to issue directives, but only after consultation with the Authority. a. Transparency in working All decisions/ orders to be published and included in the Annual Report to be placed before the Parliament. Decision - making to be transparent. b. Source of Funding Financial requirements to be met from grants sanctioned after due appropriation by Parliament. The Authority can generate additional resource by levying fees etc. c. Working/ Implementation Telecommunications liberalization policy in India has two major shortcomings (a)

sequencing of the reform process

67

Strictly for Internal Circulation‐ KCL

(b)

non-separation of the policy making and service provision functions of the Government, giving rise to a conflict of interest in these roles.

This gave rise to Litigation by the Government on the jurisdiction of TRAI in the matter of its recommendatory and dispute settlement powers. Presently at the stage of second appeal in the Delhi High Court. d. The present predicament Telecom services & segments in which liberalization has been undertaken so far in this sector are, from all accounts, crisis ridden - mobile cellular sector, basic services sector, paging services. Other value-added services such as E-mail etc which were liberalized earlier have fared no better. There is an emerging consensus that the genesis of this crisis is the abnormally high licence fees by the successful bidders. That is only a part of the story. The whole licensing policy, including in particular the terms and conditions of licenses, the institutional arrangement for implementation and enforcement of licensing conditions and response time to the problems of the new entrants are also responsible for the present state of affairs. Options to resolve the crisis - hold the existing licensees to their commitments by revoking their licences for non-performance of their obligations under licences including in particular payment of licence fee, and start afresh on a new basis. An excellent option provided a quick and clean exit of the existing licensees is possible, but given the existing structure of the licences, their one-sided -nature and laches on the part of the licensor in regard to the provision of resource etc the prospects of prolonged legal battles cannot be ruled out.

TELECOMMUNICATION REGULATIONS Telecom Consumers Protection & redressal of Grievances Regulations, 2007 (3 of 2007) There is no provision in the TRAI Act for redressal of individual consumer complaints by the Authority. As per the TRAI Act, individual complaints are maintainable before the consumer disputes redressal fora/ commissions established under Consumer Protection Act 1986. Taking cognizance of the fact that going to a dispute redressal forum or commission is time consuming and also costly compared to the telecom issues at stake, the Authority through the Telecom Consumers Protection and Redressal of Grievances Regulation 2007 has sought to establish an institutional mechanisms for resolution of consumers’ grievances, within the company at the level of Call Centre, Nodal Officer and Appellate Authority.

68

Strictly for Internal Circulation‐ KCL

FEATURES a. Provision of Call Centre ¾ The first level for the consumers to register their complaint is the Call Centre. ¾ Consumers can contact the Call Centre of service provider on toll free numbers. ¾ The call centre has to communicate the docket number of the complaint to the consumer after registration. ¾ Complaints pertaining to fault repair, service disruption and disconnection of service have to be attended within a maximum period of 3 days. ¾ Other complaints to be attended by the Call Centre within a maximum period of 7 days, subject to time limits laid down in Regulations on Quality of Service. ¾ The call centre has to intimate the action taken on the complaint and also the contact details of the Nodal Officer (including his name, telephone no. and address) to the customer.

b. Provision of Nodal Officer ¾ In case, the consumer is not satisfied with the redressal of the grievance at the Call Centre level or in case the Call Centre does not attend to the complaint within the prescribed time limit, he can approach the Nodal Officer for redressal of his grievance. ¾ All grievances received by the Nodal Officer with respect to fault repair, service disruption and disconnection of service to be got redressed within a maximum period of 3 days. ¾ Other grievances to be redressed by the Nodal Officer within a maximum period of 10 days of the registration of the grievance. ¾ Nodal Officers to communicate within three days from date of the receipt of the complaint, the unique complaint number to the consumer. ¾ Intimate the consumer about the resolution or decision thereon within the time limit specified. c. Provision of Appellate Authority ¾ In case the consumer is still not satisfied with the redressal of his grievance by the Nodal Officer within the time limit specified or no reply is received regarding resolution of the complaint from Nodal Officer, he can appeal to the appellate authority of the service provider for redressal of his grievance. ¾ Appellate Authority to decide every appeal within 3 months. d. Manual of Practice for handling Consumer Complaints ¾ The service provider has to publish a manual of practice for handing consumer complaints containing the terms and conditions of service, details of call centre, Nodal Officer and Appellate Authority including time limits for redressal of 69

Strictly for Internal Circulation‐ KCL

grievances and other authority including time limits for redressal of grievances and other information which is affects the consumers and provide the same to each consumer at the time of his subscription to the service.

TELECOM DISPUTES SETTLEMENT Under the TRAI Act, the authority responsible to settle disputes between a service provider and a group of consumers is the “ Telecom Disputes Settlement and Appellate Tribunal” (TDSAT) set up by the Central Government. The relevant provisions are :The Central Government shall by notification establish an Appellate Tribunal to be known as the “ Telecom Disputes Settlement and Appellate Tribunal” (TDSAT) to1. Adjudicate any disputea. Between a licensor and a licensee b. Between two or more service providers c. Between a service provider and a group of consumers 2. Hear and dispose of appeal against any direction, decision or order of the authority under this Act. TRAI (Telecommunication Regulatory Authority of India) issues huge numbers of directives, regulations, and orders that deal with various subjects such as interconnection, service quality, and tariff. The various powers and functions of TRAI (Telecommunication Regulatory Authority of India) are that the authority recommend the timing and need for the introduction of a service provider that is new, ensure successful inter- connection and technical compatibility between various service providers, and suggest the conditions and terms on which license would be provided to a service provider. Further the various powers and functions of TRAI are that the authority sees that conditions and terms that it has formulated are being followed, regulate the arrangements between the service providers in order to ensure that they share the revenue that are derived from supplying telecommunication services, and suggest license revocation when there is noncompliance of conditions and terms of the license. The various powers and functions of Telecommunication Regulatory Authority of India are that the authority promotes efficiency and encourage competition in the telecommunication operation services in order to encourage growth in the services, in the telecommunication services protect the consumers interest, and lay down the period of time for providing long distance and local telecommunication circuits between various different service providers. Also the various powers and functions of TRAI (Telecommunication Regulatory Authority of India) are make an inspection of the various equipments that are being used in the network, recommend the kind of equipments that the service providers must use, monitor the service quality, and also conduct survey periodically of the service that is being provided by the service providers.

70

Strictly for Internal Circulation‐ KCL

TRAI (Telecommunication Regulatory Authority of India) powers and functions includes settlement of disputes that arise between service providers, maintaining a register of the agreements that are interconnected, and give advice to the government at the center on subjects that are connected with the development of the telecommunication technology. Further the various functions and powers of TRAI are charge fees at rates that may be fixed by regulations, perform functions that the central government may entrust, and also carry out functions that are necessary according to the TRAI Act, 1997. TRAI (Telecommunication Regulatory Authority of India) has been set up by the government of India in order to ensure the growth of the telecommunications sector in the country. The Telecommunication Regulatory Authority of India thus should make all efforts to encourage the growth of the telecommunications sector in the country for this will ensure that the country will play an important role in the emerging world information society.

IMPORTANT QUESTIONS UNIT – 3 REGULATORY FRAMEWORK OF TELECOMMUNICATIONS Q.1.

What are the privileges and powers of the Government under Indian Telegraph Act, 1885?

Q.2.

Explain Section- 9 Why Government is not responsible for loss or damage ?

Q.3.

What are the penalties for following :a. Establishing, maintaining or working unauthorized telegraph: b. Breach of condition of license c. Using un-authorized telegraphs 71

Strictly for Internal Circulation‐ KCL

d. Opposing establishment of telegraphs on railway land e. Intrusion into signal-room, trespass in telegraph office or obstruction f. Unlawfully attempting to learn contents of messages g. Intentionally damaging or tampering with telegraphs h. Retaining a message delivered by mistake i. Bribery Q.4.

What is the aim of Telecom Regulatory Authority of India Act, 1999

Q.5.

What is the constitution of TRAI?

Q.6.

Which powers are vested with TRAI?

Q.7.

How disputes are settled of TRAI? Is there any telecom regulatory body?

Q.8.

Highlight the main essence of TRAI and its regulatory body.

UNIT -4 THE INFORMATION TECHNOLOGY ACT, 2000 INTRODUCTION An Act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce", which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.

72

Strictly for Internal Circulation‐ KCL

Whereas the General Assembly of the United Nations by resolution A/RES/51/162, dated the 30th January, 1997 has adopted the Model Law on Electronic Commerce adopted by the United Nations Commission on International Trade Law; and whereas the said resolution recommends inter alia that all States give favourable consideration to the said Model Law when they enact or revise their laws, in view of the need for uniformity of the law applicable to alternatives to papercased methods of communication and storage of information; and whereas it is considered necessary to give effect to the said resolution and to promote efficient delivery of Government services by means of reliable electronic records. be it enacted by Parliament in the Fifty-first Year of the Republic of India.

SPECIFIC OF THE ACT Information technology Act 2000 consisted of 94 sections segregated into 13 chapters. Four schedules form part of the Act. In the 2008 version of the Act, there are 124 sections (excluding 5 sections that have been omitted from the earlier version) and 14 chapters. Schedule I and II have been replaced. Schedules III and IV are deleted. The Information Technology Act, 2000 also aims to provide for the legal framework so that legal sanctity is accorded to all electronic records and other activities carried out by electronic means. The Act states that unless otherwise agreed, an acceptance of contract may be expressed by electronic means of communication and the same shall have legal validity and enforceability. Some highlights of the Act are listed below: Chapter-II of the Act specifically stipulates that any subscriber may authenticate an electronic record by affixing his digital signature. It further states that any person can verify an electronic record by use of a public key of the subscriber. Chapter-III of the Act details about Electronic Governance and provides inter alia amongst others that where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is -rendered or made available in an electronic form; and accessible so as to be usable for a subsequent reference. The said chapter also details the legal recognition of Digital Signatures. Chapter-IV of the said Act gives a scheme for Regulation of Certifying Authorities. The Act envisages a Controller of Certifying Authorities who shall perform the function of exercising supervision over the activities of the Certifying Authorities as also laying down standards and conditions governing the Certifying Authorities as also specifying the various forms and content of Digital Signature Certificates. The Act recognizes the need for recognizing foreign Certifying Authorities and it further details the various provisions for the issue of license to issue Digital Signature Certificates. 73

Strictly for Internal Circulation‐ KCL

Chapter-VII of the Act details about the scheme of things relating to Digital Signature Certificates. The duties of subscribers are also enshrined in the said Act. Chapter-IX of the said Act talks about penalties and adjudication for various offences. The penalties for damage to computer, computer systems etc. has been fixed as damages by way of compensation not exceeding Rs. 1,00,00,000 to affected persons. The Act talks of appointment of any officers not below the rank of a Director to the Government of India or an equivalent officer of state government as an Adjudicating Officer who shall adjudicate whether any person has made a contravention of any of the provisions of the said Act or rules framed there under. The said Adjudicating Officer has been given the powers of a Civil Court. Chapter-X of the Act talks of the establishment of the Cyber Regulations Appellate Tribunal, which shall be an appellate body where appeals against the orders passed by the Adjudicating Officers, shall be preferred. Chapter-XI of the Act talks about various offences and the said offences shall be investigated only by a Police Officer not below the rank of the Deputy Superintendent of Police. These offences include tampering with computer source documents, publishing of information, which is obscene in electronic form, and hacking.

The Act also provides for the constitution of the Cyber Regulations Advisory Committee, which shall advice the government as regards any rules, or for any other purpose connected with the said act. The said Act also proposes to amend the Indian Penal Code, 1860, the Indian Evidence Act, 1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act, 1934 to make them in tune with the provisions of the IT Act.

ESSENCE OF THE ACT :The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. We need such laws so that people can perform purchase transactions over the Net through credit cards without fear of misuse. The Act offers the much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records. In view of the growth in transactions and communications carried out through electronic records, the Act seeks to empower government departments to accept filing, creating and retention of official documents in the digital format. The Act has also proposed a legal framework for the authentication and origin of electronic records / communications through digital signature. From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain many positive aspects. Firstly, the implications of these provisions for the e-businesses would be that email would now be a valid and legal form of communication in our country that can be duly produced and approved in a court of law.

74

Strictly for Internal Circulation‐ KCL

Information Technology Act 2000 addressed the following issues: 1. 2. 3. 4.

Legal Recognition of Electronic Documents Legal Recognition of Digital Signatures Offenses and Contraventions Justice Dispensation Systems for Cybercrimes

ITA 2008 (Information Technology Amendment Act 2008) as the new version of Information Technology Act 2000 is often referred has provided additional focus on Information Security. It has added several new sections on offences including Cyber Terrorism and Data Protection.

SCOPE OR 2 SIDES OF INDIAN CYBER LAW OR IT ACT OF INDIA

Cyber laws are meant to set the definite pattern, some rules and guidelines that defined certain business activities going on through internet legal and certain illegal and hence punishable. The IT Act 2000, the cyber law of India, gives the legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records. One cannot regard government as complete failure in shielding numerous e-commerce activities on the firm basis of which this industry has got to its skies, but then the law cannot be regarded as free from ambiguities. MMS porn case in which the CEO of bazee.com (an Ebay Company) was arrested for allegedly selling the MMS clips involving school children on its website is the most apt example in this reference. Other cases where the law becomes hazy in its stand includes the case where the newspaper Mid-Daily published the pictures of the Indian actor kissing her boyfriend at the Bombay nightspot and the arrest of Krishan Kumar for illegally using the internet account of Col. (Retd.) J.S. Bajwa. The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. Successful Reasons for which it was framed.

75

Strictly for Internal Circulation‐ KCL

1. The E-commerce industry carries out its business via transactions and communications done through electronic records. It thus becomes essential that such transactions be made legal. Keeping this point in the consideration, the IT Act 2000 empowers the government departments to accept filing, creating and retention of official documents in the digital format. The Act also puts forward the proposal for setting up the legal framework essential for the authentication and origin of electronic records / communications through digital signature. 2. The Act legalizes the e-mail and gives it the status of being valid form of carrying out communication in India. This implies that e-mails can be duly produced and approved in a court of law, thus can be a regarded as substantial document to carry out legal proceedings. 3. The act also talks about digital signatures and digital records. These have been also awarded the status of being legal and valid means that can form strong basis for launching litigation in a court of law. It invites the corporate companies in the business of being Certifying Authorities for issuing secure Digital Signatures Certificates. 4. The Act now allows Government to issue notification on the web thus heralding egovernance. 5. It eases the task of companies of the filing any form, application or document by laying down the guidelines to be submitted at any appropriate office, authority, body or agency owned or controlled by the government. This will help in saving costs, time and manpower for the corporates. 6. The act also provides statutory remedy to the corporates in case the crime against the accused for breaking into their computer systems or network and damaging and copying the data is proven. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore ($200,000). 7. Also the law sets up the Territorial Jurisdiction of the Adjudicating Officers for cyber crimes and the Cyber Regulations Appellate Tribunal. 8. The law has also laid guidelines for providing Internet Services on a license on a nonexclusive basis. The IT Law 2000, though appears to be self sufficient, it takes mixed stand when it comes to many practical situations. It looses its certainty at many places like: 1. The law misses out completely the issue of Intellectual Property Rights, and makes no provisions whatsoever for copyrighting, trade marking or patenting of electronic information and data. The law even doesn’t talk of the rights and liabilities of domain name holders, the first step of entering into the e-commerce. 2. The law even stays silent over the regulation of electronic payments gateway and segregates the negotiable instruments from the applicability of the IT Act, which may have major effect on the growth of e-commerce in India. It leads to make the banking and financial sectors irresolute in their stands. 3. The act empowers the Deputy Superintendent of Police to look up into the investigations and filling of charge sheet when any case related to cyber law is called. This approach is likely to result in misuse in the context of Corporate India as companies have public offices which would come within the ambit of "public place" under the Act. As a result, companies will not be able to escape potential harassment at the hands of the DSP.

76

Strictly for Internal Circulation‐ KCL

4. Internet is a borderless medium; it spreads to every corner of the world where life is possible and hence is the cyber criminal. Then how come is it possible to feel relaxed and secured once this law is enforced in the nation?? * The IT Act is silent on filming anyone’s personal actions in public and then distributing it electronically. It holds ISPs (Internet Service Providers) responsible for third party data and information, unless contravention is committed without their knowledge or unless the ISP has undertaken due diligence to prevent the contravention. * For example, many Delhi based newspapers advertise the massage parlors; and in few cases even show the ‘therapeutic masseurs’ hidden behind the mask, who actually are prostitutes. Delhi Police has been successful in busting out a few such rackets but then it is not sure of the action it can take…should it arrest the owners and editors of newspapers or wait for some new clauses in the Act to be added up?? Even the much hyped case of the arrest of Bajaj, the CEO of Bazee.com, was a consequence of this particular ambiguity of the law. One cannot expect an ISP to monitor what information their subscribers are sending out, all 24 hours a day. Cyber law is a generic term, which denotes all aspects, issues and the legal consequences on the Internet, the World Wide Web and cyber space. India is the 12th nation in the world that has cyber legislation apart from countries like the US, Singapore, France, Malaysia and Japan.

LEGAL RECOGNITION TO ELECTRONIC RECORDS BY DIGITAL SIGNATURE Definition and Meaning of Digital Signature [Section 2(1) (p)] Section 2(1) (p) of the Information Technology Act defines the tem Digital Signature. As per this, “Digital Signature” means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provision of Sec.3. SECTION 3 deals with the authentication of electronic records. This section provides the conditions subject to which any electronic records may be authenticated by mans of affixing Digital signature. The digital signature is treated in following two different steps: Electronic record is converted into a message digest by using a mathematical function known as Hash Function, which digitally freezes the electronic records and the electronic record. Any tampering with the contents of the electronic record will immediately invalidate the digital signature. By digital signature the identity of the person affixing it is authenticated through the use of Private Key which is attached to the message digest and which can be verified by any person who has the Public key corresponding to such private key.

77

Strictly for Internal Circulation‐ KCL

Grounds of Revocation of Digital Signature Certificate by the Certifying Authority Section 38 of the Act, deals with the revocation of the digital signature certificate under certain circumstances. A certifying authority may revoke the digital signature certificate in the following cases: a) Where a material fact represented in the digital signature certificate is false or has been concealed; b) Where a requirement of the issuance of the digital signature certificate was not satisfied; c) Where the certifying authority’s security system was compromised affecting digital signature reliability; d) Where the subscriber has been declared insolvent or dead

Secure Electronic Records and Secure Digital Signatures

SECTION- 14. Secure electronic record. Where any security procedure has been applied to an electronic record at a specific point of time. then such record shall be deemed to be a secure electronic record from such point of time to the time of verification. SECTION- 15. Secure digital signature. If, by application of a security procedure agreed to by the parties concerned, it can be verified that a digital signature, at the time it was affixed, was@ unique to the subscriber affixing it. @ capable of identifying such subscriber. @ created in a manner or using a means under the exclusive control of the subscriber and is linked to the electronic record to which it relates in such a manner that if the electronic record was altered the digital signature would be invalidated. then such digital signature shall be deemed to be a secure digital signature. SECTION- 16. Security procedure. The Central Government shall for the purposes of this Act prescribe the security procedure having regard to commercial circumstances prevailing at the time when the procedure was used, including@ the nature of the transaction. @ the level of sophistication of the parties with reference to their technological capacity. @ the volume of similar transactions engaged in by other parties. @ the availability of alternatives offered to but rejected by any party. @ the cost of alternative procedures, and @ the procedures in general use for similar types of transactions or communications.

78

Strictly for Internal Circulation‐ KCL

79

Strictly for Internal Circulation‐ KCL

DIGITAL SIGNATURES

Electronic Record 1. Very easy to make copies 2. Very fast distribution 3. Easy archiving and retrieval 4. Copies are as good as original 5. Easily modifiable 6. Environmental Friendly Because of 4 & 5 together, these lack authenticity

Why Digital Signatures? • To provide Authenticity, Integrity and Non-repudiation to electronic documents • To use the Internet as the safe and secure medium for e-Commerce and e-Governance

What is Digital Signature? @ Hash value of a message when encrypted with the private key of a person is his digital signature on that e-Document o Digital Signature of a person therefore varies from document to document thus ensuring authenticity of each word of that document. o As the public key of the signer is known, anybody can verify the message and the digital signature @ Each individual generates his own key pair @ [Public key known to everyone & Private key only to the owner] @ Each individual generates his own key pair @ [Public key known to everyone & Private key only to the owner] @ Public Key – Used to verify the digital signature

80

Strictly for Internal Circulation‐ KCL

Encryption Caesar Cipher

3 changes lcdjuhh

The shift is linear and equidistributed

I agree i+3=l Space=c [+3]

Key Cipher The shift is linear (cyclic)

k.n.gupta 62 k+2=m (dot)=e [+6] n=w [+9]

269 mewam3rzjba

Char a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 . (Dot) Space

1 b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 .

2 c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 .

3 4 5 d e f e f g f g h g h i h i j i j k j k l k l m l mn mn o n o p o p q p q r q r s r s t s t u t u v u v w v wx wx y x y z y z 0 z 0 1 0 1 2 1 2 3 2 3 4 3 4 5 4 5 6 5 6 7 6 7 8 7 8 9 8 9. 9. . a a b a b c a b c d a b c d e

6 g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 . a b c d e f

7 h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 . a b c d e f g

8 i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 . a b c d e f g h

9 j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 . a b c d e f g h i

81

Strictly for Internal Circulation‐ KCL

ENCRYPTION

DECRYPTION

Message 1

Encrypted Message 1

Encrypted Message 1

Message 1

Central to the growth of e-commerce and egovernance is the issue of trust in electronic environment.

9a46894335be49f0b9cab28d755aaa9cd98571b 275bbb0adb405e6931e856ca3e5e569edd13528 5482

9a46894335be49f0b9cab28d755aaa9cd985 71b275bbb0adb405e6931e856ca3e5e569e dd135285482

Central to the growth of e-commerce and egovernance is the issue of trust in electronic environment.

Message 2

Same Key

SYMMETRIC

The Internet knows no geographical boundaries. It has redefined time and space. Advances in computer and telecommunication technologies have led to the explosive growth of the Internet. This in turn is affecting the methods of communication, work, study, education, interaction, leisure, health, governance, trade and commerce.

Encrypted Message 2

a520eecb61a770f947ca856cd675463f1c95 a9a2b8d4e6a71f80830c87f5715f5f5933497 8dd7e97da0707b48a1138d77ced56feba2b4 67c398683c7dbeb86b854f120606a7ae1ed9 34f5703672adab0d7be66dccde1a763c736c Different Keys b9001d0731d541106f50bb7e54240c40ba7 [Keys of a pair – Public and Private] 80b7a553bea570b99c9ab3df13d75f8ccfddd eaaf3a749fd1411

ASYMMETRIC [PKI]

Encrypted Message 2

a520eecb61a770f947ca856cd675463f1c95a9a2b 8d4e6a71f80830c87f5715f5f59334978dd7e97da 0707b48a1138d77ced56feba2b467c398683c7db eb86b854f120606a7ae1ed934f5703672adab0d7 be66dccde1a763c736cb9001d0731d541106f50b b7e54240c40ba780b7a553bea570b99c9ab3df13 d75f8ccfdddeaaf3a749fd1411

Message 2

The Internet knows no geographical boundaries. It has redefined time and space. Advances in computer and telecommunication technologies have led to the explosive growth of the Internet. This in turn is affecting the methods of communication, work, study, education, interaction, leisure, health, governance, trade and commerce.

82

Strictly for Internal Circulation‐ KCL

Signed Messages Message Message

Message Message ++ signature signature

Sent thru’ Internet

Hash Hash

Message Message ++ Signature Signature

if COMPARE COMPARE

Signe M ess d age

SIGN SIGNhash hash With WithSender’s Sender’s Private Privatekey key

Sender

Calculated Calculated Hash Hash

OK

Signatures verified

Hash Hash

Receiver

Decrypt Decrypt Signature Signature With WithSender’s Sender’s Public PublicKey Key

Public Key Infrastructure (PKI) •

Some Trusted Agency is required which certifies the association of an individual with the key pair. Certifying Authority (CA)



This association is done by issuing a certificate to the user by the CA Public key certificate (PKC)



All public key certificates are digitally signed by the CA

Certifying Authority •

Must be widely known and trusted



Must have well defined Identification process before issuing the certificate



Provides online access to all the certificates issued



Provides online access to the list of certificates revoked 83

Strictly for Internal Circulation‐ KCL



Displays online the license issued by the Controller



Displays online approved Certification Practice Statement (CPS)



Must adhere to IT Act/Rules/Regulations and Guidelines

Paper

IDRBT Certificate

Electronic

84

Strictly for Internal Circulation‐ KCL

PAPER SIGNATURES V/S DIGITAL SIGNATURES

VS.

PARAMETER

PAPER

ELECTRONIC

Authenticity

May be forged

Can not be copied

Integrity

Signature Signature depends on the contents independent of the of the document document

Non-repudiation

Handwriting expert needed Error prone

Any computer user Error free

Trust Path • Controller is the Root certifying authority responsible for regulating Certifying Authorities (CAs) •

Controller certifies the association of CA with his public key

• Certifying Authority (CA) is the trusted authority responsible for creating or certifying identities. • CA certifies the association of an individual with his public key

Role of controller Controller of Certifying Authorities as the “Root” Authority certifies the technologies, infrastructure and practices of all the Certifying Authorities licensed to issue Digital Signature Certificates.

85

Strictly for Internal Circulation‐ KCL

Legitimacy and Use of Digital Signatures:

The Act has adopted the Public Key Infrastructure (PKI) for securing electronic transactions. As per Section 2(1)(p) of the Act, a digital signature means an authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the other provisions of the Act. Thus a subscriber can authenticate an electronic record by affixing his digital signature. A private key is used to create a digital signature whereas a public key is used to verify the digital signature and electronic record. They both are unique for each subscriber and together form a functioning key pair. Section 5 provides that when any information or other matter needs to be authenticated by the signature of a person, the same can be authenticated by means of the digital signature affixed in a manner prescribed by the Central Government. Under Section 10, the Central Government has powers to make rules prescribing the type of digital signature, the manner in which it shall be affixed, the procedure to identify the person affixing the signature, the maintenance of integrity, security and confidentiality of electronic records or payments and rules regarding any other appropriate matters. Furthermore, these digital signatures are to be authenticated by Certifying Authorities (CAs) appointed under the Act. These authorities would inter alia, have the license to issue Digital Signature Certificates (DSCs). The applicant must have a private key that can create a digital signature. This private key and the public key listed on the DSC must form the functioning key pair. Once the subscriber has accepted the DSC, he shall generate the key pair by applying the security procedure. Every subscriber is under an obligation to exercise reasonable care and caution to retain control of the private key corresponding to the public key listed in his DSC. The subscriber must take all precautions not to disclose the private key to any third party. If however, the private key is compromised, he must communicate the same to the Certifying Authority (CA) without any delay. Writing requirements: Section 4 of the Act states that when under any particular law, if any information is to be provided in writing or typewritten or printed form, then notwithstanding that law, the same information can be provided in electronic form which can also be accessed for any future reference. This non-obstante provision will make it possible to enter into legally binding contracts on-line! Attribution, Acknowledgement and Dispatch of Electronic Records: Chapter IV of the Act explicates the manner in which electronic records are to be attributed, acknowledged and dispatched. These provisions play a vital role while entering into agreements electronically. 86

Strictly for Internal Circulation‐ KCL

Section 11 states that an electronic record shall be attributed to the originator as if it was sent by him or by a person authorised on his behalf or by an information system programmed to operated on behalf of the originator. As per Section 12, the addressee may acknowledge the receipt of the electronic record either in a particular manner or form as desired by the originator and in the absence of such requirement, by communication of the acknowledgement to the addresses or by any conduct that would sufficiently constitute acknowledgement. Normally if the originator has stated that the electronic record will be binding only on receipt of the acknowledgement, then unless such acknowledgement is received, the record is not binding. However, if the acknowledgement is not received within the stipulated time period or in the absence of the time period, within a reasonable time, the originator may notify the addressee to send the acknowledgement, failing which the electronic record will be treated as never been sent. Section 13 specifies that an electronic record is said to have been dispatched the moment it leaves the computer resource of the originator and said to be received the moment it enters the computer resource of the addressee. Utility of electronic records and digital signatures in Government Audits Agencies: According to the provisions of the Act, any forms or applications that have to be filed with the appropriated Government office or authorities can be filed or any licence, permit or sanction can be issued by the Government in an electronic form. Similarly, the receipt or payment of money can also take place electronically. Moreover, any documents or records that need to be retained for a specific period may be retained in an electronic form provided the document or record is easily accessible in the same format as it was generated, sent or received or in another format that accurately represents the same information that was originally generated, sent or received. The details of the origin, destination, date and time of the dispatch or receipt of the record must also be available in the electronic record. Furthermore, when any law, rule, regulation or byelaw has to be published in the Official Gazette of the Government, the same can be published in electronic form. If the same are published in printed and electronic form, the date of such publication will be the date on which it is first published. However, the above mentioned provisions do not give a right to anybody to compel any Ministry or Department of the Government to use electronic means to accept, issue, create, retain and preserve any document or execute any monetary transaction. Nevertheless, if these electronic methods are utilised, the Government will definitely save a lot of money on paper! Regulation of Certifying Authorities (CAs): A CA is a person who has been granted a license to issue digital signature certificates. These CAs are to be supervised by the Controller of CAs appointed by the Central Government. Deputy 87

Strictly for Internal Circulation‐ KCL

or Assistant Controllers may also assist the Controller. The Controller will normally regulate and monitor the activities of the CAs and lay down the procedure of their conduct. The Controller has the power to grant and renew licenses to applicants to issue DSCs and at the same time has the power to even suspend such a license if the terms of the license or the provisions of the Act are breached. The CAs have to follow certain prescribed rules and procedures and must comply with the provisions of the Act. Issuance, Suspension and Revocation of Digital Signature Certificates (DSCs): As per Section 35, any interested person shall make an application to the CA for a DSC. The application shall be accompanied by filing fees not exceeding Rs. 25,000 and a certification practice statement or in the absence of such statement, any other statement containing such particulars as may be prescribed by the regulations. After scrutinising the application, the CA may either grant the DSC or reject the application furnishing reasons in writing for the same. While issuing the DSC, the CA must inter alia, ensure that the applicant holds a private key which is capable of creating a digital signature and corresponds to the public key to be listed on the DSC. Both of them together should form a functioning key pair. The CA also has the power to suspend the DSC in public interest on the request of the subscriber listed in the DSC or any person authorised on behalf of the subscriber. However, the subscriber must be given an opportunity to be heard if the DSC is to be suspended for a period exceeding fifteen days. The CA shall communicate the suspension to the subscriber. There are two cases in which the DSC can be revoked. Firstly, as per Section 38 (1), it may be revoked either on the request or death of the subscriber or when the subscriber is a firm or company, on the dissolution of the firm or winding up of the company. Secondly, according to Section 38(2), the CA may suo moto revoke it if some material fact in the DSC is false or has been concealed by the subscriber or the requirements for issue of the DSC are not fulfilled or the subscriber has been declared insolvent or dead et al. A notice of suspension or revocation of the DSC must be published by the CA in a repository specified in the DSC.

Summary • Each individual has a pair of keys • Public key of each individual is certified by a CA (Certifying Authority) • Public keys of CAs are certified by the Controller • Public key of the Controller is self certified • Public keys of everyone are known to all concerned and are also available on the web • Certification Practice Statement is displayed on the web site 88

Strictly for Internal Circulation‐ KCL

Applications in Judiciary 1. 2. 3. 4. 5.

Instant posting of judgment on the web. Secured electronic communications within judiciary Authentic archiving of Judicial records Submission of affidavits Giving certified copies of the Judgment

Applications in Telecommunications A. Subscribers ¾ Subscriber’s services management • STD/ISD, Opening, Closing, Initializing Password ¾ Shifting of telephones, Accessories (Clip, Cordless) ¾ Small Payments through telephones bills • Books, gifts, Internet purchases ¾ Mobile Authentication of SMS • Share market trading, Intra/Inter office instructions ¾ Mobile Phones as Credit cards • Mobile operator can venture into credit card business B. Internal ¾ Intra/Inter offices authentic communications • OBs, approvals, Instructions, requests ¾ Procurement of material • Calling/Receiving bids, Purchase orders, Payment instructions ¾ Network Management functions • Change of configuration, Blocking/unblocking routes

CYBER SECURITY STRATEGY-

89

Strictly for Internal Circulation‐ KCL

A cyber security strategy has been outlined by DIT [Department of Information Technology] to address the strategic objectives for securing country's cyber space and is being implemented through the following major initiatives: a) Security Policy, Compliance and Assurance b) Security Incident Early Warning & Response c) Security training skills/competence development & user end awareness. d) Security R&D for Securing the Infrastructure, meeting the domain specific needs and enabling technologies e) Security Promotion & Publicity

Consistent with the need, the primary objectives for securing country's cyber space are: a) Preventing cyber attacks against the country's critical infrastructures b) Reduce national vulnerability to cyber attacks c) Minimize damage and recovery time from cyber attacks Actions to secure cyberspace include: a) b) c) d)

Forensics and attack attribution Protection of networks and systems critical to national security Early watch and warnings Protection against organized attacks capable of inflicting debilitating damage to the economy e) Research and technology development that will enable the critical infrastructure organizations to secure their IT assets To pursue the strategic objectives the following major initiatives have been identified: a) b) c) d)

Security Policy, Compliance and Assurance Security Incident - Early Warning & Response Security training - skills/competence development & user end awareness. Security R&D for Securing the Infrastructure, meeting the domain specific needs and enabling technologies 90

Strictly for Internal Circulation‐ KCL

e) Security - Promotion & Publicity

IMPORTANT QUESTIONS UNIT – 4 INFORMATION TECHNOLOGY ACT, 2000 Q.1.

What are the objects, scope of Information Technology Act 2000?

91

Strictly for Internal Circulation‐ KCL

Q.2.

Discuss the scope of I.T. ACT, 2000

Q.3.

Is there any legal sanctity of Electronic Commerce ?

Q.4.

What do you mean by digital signatures? Is there any threat of using digital signatures?

Q.5.

How digital signatures are granted?

Q.6.

Is there any dispute settlement mechanism for grievance of digital signature users?

Q.7.

How digital signatures are secured and protected?

Q.8.

What are the security provisions for Electronic Records under I.T. Act ?

Q.9.

Discuss the procedure relating to revocation of digital signature ?

UNIT -5 OFFENCES & PENALTIES UNDER THE I.T. ACT 92

Strictly for Internal Circulation‐ KCL

COMBATING CYBER CRIMESLAW & ENFORCEMENT IN INDIA „ Computer Crime, E-Crime, Hi-Tech Crime or Electronic Crime is where a computer is the target of a crime or is the means adopted to commit a crime. „ Most of these crimes are not new. Criminals simply devise different ways to undertake standard criminal activities such as fraud, theft, blackmail, forgery, and embezzlement using the new medium, often involving the Internet

COMPUTER VULNERABILITY „ „ „ „ „

Computers store huge amounts of data in small spaces Ease of access Complexity of technology Human error One of the key elements that keeps most members of any society honest is fear of being caught — the deterrence factor. Cyberspace changes two of those rules. First, it offers the criminal an opportunity of attacking his victims from the remoteness of a different continent and secondly, the results of the crime are not immediately apparent. „ Need new laws and upgraded technology to combat cyber crimes

Cyber Crimes Cyber crime refers to crimes committed using computers and the internet. Passion drives a person to steal information from sites, or cause damage to, a computer or computer network for his own benefits. Greed drives some persons to indulge in denial of service attacks for the purpose of extortion which may eventually result in significant damage both to the system and the profitability of the site targeted. Skills and innate gullibility lead to fraudulent behaviour of a criminal no matter how it is committed. 1. Software Piracy

93

Strictly for Internal Circulation‐ KCL

Software piracy is very common in cyberspace across the globe. Software piracy is the illegal reproduction and distribution of software applications whether for business or personal use. 2. Hacking A hacker is an unauthorized user who attempts or gains access to an information system. There are three kinds of hackers : white hat, black hat and grey hat.White hat hackers are ethical hackers involved in penetration testing. Normally they work for a company to try to break into the company system so that loopholes can be found and fixed. Black hat hackers or crackers cause damage after intrusion and or steal/modify data, insert viruses etc. Grey hat hackers typically ethical but occasionally violate ethics and hack into networks, stand alone computers and or software. 3. Computing viruses, worms and malwares Crackers hack and damage the system or network like changing information, inserting malwares viruses, worms etc. Most computer viruses are destructive when activated under certain conditions such as when the user opens an attachment to email or executes a file. Types of viruses: boot viruses, program viruses, stealth viruses, polymorphic viruses, macro viruses. Worms are self contained and self replicating malicious computer program. Worms harm the network and consume bandwidth. 4. Corporate espionage It is the theft of trade secrets through illegal means such as wire taps, bribery and cyber intrusions. 5. Money Laundering Money laundering is transferring illegally acquired money through financial and other systems so that it appears to be legally acquired. Some of the techniques for money laundering are: a) Transfer to an overseas country with less stringent banking regulations and then moving it back into his country via loans on which the borrower has to pay interest which can be deducted from his taxes. b) Transfer cash into goods like real estate, luxury items etc. c) Smurfing or breaking large sums into smaller sums and depositing them into different amounts maximum permissible for deposit at a time. 6. Identity Theft Obtaining identity information without permission and later using it to purchase goods or services fraudulently. Criminals use dumpster diving, shoulder surfing methods for committing this crime. 7. Phishing Criminals play tricksters by sending emails and solicit confidential information or impersonate some authority and get such information. Such information is used fraudulently. 8. Denial of service attack Denial of services results when a criminal crashes email account, network or website by bombarding the same with malicious intentions. It proves to be expensive to the owner of the web based business. 9. Child pornography Child pornography is use of images of minors engaged in sexually explicit conduct. It is illegal to display child pornography on the internet. 10. Cyber Stalking Cyber stalking is willful, malicious and repeated following or harassing of another person usually with explicit threat of violence against the victim or his family. In many cases the cyber stalker and the victim would have had a prior relationship and the stalking would be for settling personal scores. Cyber Crime control in India

94

Strictly for Internal Circulation‐ KCL

Indian Parliament has enacted Information Technology Act, 2000, a comprehensive act to deal with cyber crimes in India. The Information Technology Act has been amended in 2008 to make the Act more effective.

Offences Under The It Act 2000:

Section 65. Tampering with computer source documents: Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer Programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the being time in force, shall be punishable with imprisonment up to three year, or with fine which may extend up to two lakh rupees, or with both.

Object: The object of the section is to protect the “intellectual property” invested in the computer. It is an attempt to protect the computer source documents (codes) beyond what is available under the Copyright Law

Essential ingredients of the section: 1. Knowingly or intentionally concealing , 2. Knowingly or intentionally destroying, 3. Knowingly or intentionally altering, 4. Knowingly or intentionally causing others to conceal, 5. Knowingly or intentionally causing another to destroy, 6. Knowingly or intentionally causing another to alter. This section extends towards the Copyright Act and helps the companies to protect their source code of their programmes.

ISSUE OF JURISDICTION IN COMPUTER CRIME Cyber jurisdiction is the extension of principles of international jurisdiction into the cyber space. Cyber space has no physical boundaries. Jurisdiction is the power of court to hear & determine a case without jurisdiction a courts judgment is ineffective & unimportant such jurisdiction is essentially of 2 types: 95

Strictly for Internal Circulation‐ KCL

a) Subject matter jurisdiction b) Personal jurisdiction The whole trouble with internet jurisdiction is the presence of a multiple parties in various parts of the world who have only virtual news with each other. Jurisdiction based on CPC: -Under CPC or more courts may have jurisdiction to deal with a subject matter having regard to the location of immovable property, place of residence or work of a defendant or place where cause of action has arisen. To formulate whether the jurisdiction of the courts is exclusive or non-exclusive in the internet setting must involve the jurisdictional principles as given in the CPC as follows: a) Pecuniary b) Subject matter c) Territorial d) Cause of action There is convention on cyber crime in Budapest on 23 Nov, 2001, as it was first ever international treaty or criminal offence on criminal as criminal of committed against or with the help of computers on such as internet. The preamble of the convention states that the objective is to have a common policy aim at the protection of society. Cyber crime by adopting appropriate and postering international cooperation The convention deals in particular with offences related to infringement of copyright, computer related fraud child pornography and offences connected & with network security. Extraditionable offence:- Procedures are designed not only to ensure that criminals are returned from one country to another but also to protect the rights of those who are accused of crimes by requisiting country. Sufficient evidence has to be produced to show a prima facie case against the accused and the rule of specially protects the accused from being tried for any crime other than that for which he was extradition. Daya Singh lahoria Vs. VOI A fugitive brought into his country under an extradition decree can be tried only for the offences & the criminal courts of India will have no jurisdiction to try such fugitive for any other offence. The convention on cyber crime has made cyber crime extraditable offences. The offence is extraditable if punishment under the laws in both contracting parties by imprisonment for more than 1 year or by penalty. As it is significant to note that almost every kind cyber crime have been made extraditable under the convention. Moreover convention has the force of international law behind it, as to investigate search seize, arrest, prosecute & extradiate cyber criminals for cyber crimes a proper legal framework as given in it. Examples:1)Indian airlines was defrauded of several lakh rupees when open-ended tickets for shorter sectors were issued in fictitious names by some staff. Member’s computer records were tempered with to show longer sectors & refunds obtained.

96

Strictly for Internal Circulation‐ KCL

2) In the purulia Arms Drop case, the main players used the internet extensively for international communication, planning logistics. 3) Post-Pokhran centre computers system & pulled out vital data. 4) Computer professionals who prepared the software in an MBBS examination were found responsible for altering data by manipulating the computer’s corrector reader. They had been giving an upward revision of scores to students is return for a hefty fee.

CASE LAWS: 1. Frios v/s State of Kerela Facts: In this case it was declared that the FRIENDS application software as protected system. The author of the application challenged the notification and the constitutional validity of software under Section 70. The court upheld the validity of both. It included tampering with source code. Computer source code the electronic form, it can be printed on paper. Held: The court held that Tampering with Source code are punishable with three years jail and or two lakh rupees fine of rupees two lakh rupees for altering, concealing and destroying the source code. 2. Syed Asifuddin case: Facts: In this case the Tata Indicom employees were arrested for manipulation of the electronic 32- bit number (ESN) programmed into cell phones theft were exclusively franchised to Reliance Infocom. Held: Court held that Tampering with source code invokes Section 65 of the Information Technology Act. 3. Parliament Attack Case: Facts: In this case several terrorist attacked on 13 December, 2001Parliament House. In this the Digital evidence played an important role during their prosecution. The accused argued that computers and evidence can easily be tampered and hence should not be relied. In Parliament case several smart device storage disks and devices, a Laptop were recovered from the truck intercepted at Srinagar pursuant to information given by two suspects. The laptop included the evidence of fake identity cards, video files containing clips of the political leaders with the background of Parliament in the background shot from T.V news channels. In this case design of Ministry of Home Affairs car sticker, there was game “wolf pack” with user name of ‘Ashiq’. There was the name in one of the fake identity cards used by the terrorist. No back up was taken therefore it was challenged in the Court.

97

Strictly for Internal Circulation‐ KCL

Held: Challenges to the accuracy of computer evidence should be established by the challenger. Mere theoretical and generic doubts cannot be cast on the evidence. Section 66. Hacking with the computer system: (1) Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking. (2) Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both. Explanation: The section tells about the hacking activity. Essential ingredients of the section: 1. Whoever with intention or knowledge. 2. Causing wrongful loss or damage to the public or any person. 3. Destroying or altering any information residing in a computer resource. 4. Or diminishes its value or utility or. 5. Affects it injuriously by any means. Penalties: Punishment: Imprisoned up to three years and Fine: which may extend up to two lakh rupees or with both.

Case Laws:

1. R v/s Gold & Schifreen In this case it is observed that the accused gained access to the British telecom Prestl Gold computers networks file amount to dishonest trick and not criminal offence. 2. R v/s Whiteley. In this case the accused gained unauthorized access to the Joint Academic Network (JANET) and deleted, added files and changed the passwords to deny access to the authorized users. The perspective of the section is not merely protect the information but to protect the integrity and security of computer resources from attacks by unauthorized person seeking to enter such 98

Strictly for Internal Circulation‐ KCL

resource,

whatever

may

be

the

intention

or

motive.

Cases Reported In India: Official website of Maharastra government hacked. The official website of the government of Maharashtra was hacked by Hackers Cool Al- Jazeera, and claimed them they were from Saudi Arabia.

Section 67. Publishing of obscene information in electronic form: Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstance, to read see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to one lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to ten years and also with fine which may extend to two lakh rupees. Essential ingredients of this section: 1. Publishing or transmitting, or causing to be published, pornographic material in electronic form. Penalties: Punishment: (1) On first conviction --- imprisonment which may extend up to five years. Fine: up to on first conviction which may extend to one lakh rupees. (2) On second conviction ---- imprisonment up to which may extend to ten years and Fine which may extend up to two lakh rupees. Case Laws: 1. The State of Tamil Nadu v/s Suhas Katti. Facts: This case is about posting obscene, defamatory and annoying message about a divorcee woman in the Yahoo message group. E-mails were forwarded to the victim for information by the accused through a false e- mail account opened by him in the name of the victim. These postings resulted in annoying phone calls to the lady. Based on the complaint police nabbed the accused. He was a known family friend of the victim and was interested in marrying her. She married to another person, but that marriage ended in divorce and the accused started contacting her once again. And her reluctance to marry him he started harassing her through internet. Held: The accused is found guilty of offences under section 469, 509 IPC and 67 of IT Act 2000 and the accused is convicted and is sentenced for the offence to undergo RI for 2 years under 469 99

Strictly for Internal Circulation‐ KCL

IPC and to pay fine of Rs.500/-and for the offence u/s 509 IPC sentenced to undergo 1 year Simple imprisonment and to pay fine of Rs.500/- and for the offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to pay fine of Rs.4000/- All sentences to run concurrently.” The accused paid fine amount and he was lodged at Central Prison, Chennai. This is considered the first case convicted under section 67 of Information Technology Act 2000 in India. 2. In a recent case, a groom's family received numerous emails containing defamatory information about the prospective bride. Fortunately, they did not believe the emails and chose to take the matter to the police. The sender of the emails turned out to be the girl's step-father, who did not want the girl to get married, as he would have lost control over her property, of which he was the legal guardian. 2. Avnish Bajaj (CEO of bazzee.com – now a part of the eBay group of companies) case. Facts: There were three accused first is the Delhi school boy and IIT Kharagpur Ravi Raj and the service provider Avnish Bajaj. The law on the subject is very clear. The sections slapped on the three accused were Section 292 (sale, distribution, public exhibition, etc., of an obscene object) and Section 294 (obscene acts, songs, etc., in a public place) of the Indian Penal Code (IPC), and Section 67 (publishing information which is obscene in electronic form) of the Information Technology Act 2000. In addition, the schoolboy faces a charge under Section 201 of the IPC (destruction of evidence), for there is apprehension that he had destroyed the mobile phone that he used in the episode. These offences invite a stiff penalty, namely, imprisonment ranging from two to five years, in the case of a first time conviction, and/or fines. Held: In this case the Service provider Avnish Bajaj was later acquitted and the Delhi school boy was granted bail by Juvenile Justice Board and was taken into police charge and detained into Observation Home for two days.

4. DASKHINA Kannada police have solved the first case of cyber crime in the district. A press release by Dakshina Kannada Police said here on Saturday that a Father at a Christian institution in the city had approached the Superintendent of Police with a complaint that he was getting offensive and obscene e-mails. Police said that all the three admitted that they had done this to tarnish the image of the Father. As the three tendered an unconditional apology to the Father and gave a written undertaking that they would not repeat such act in future, the complainant withdrew his complaint. Following this, the police dropped the charges against the culprit. The release said that sending of offensive and obscene e-mails is an offence under the Indian Information Technology Act 2000. If the charges are framed.

100

Strictly for Internal Circulation‐ KCL

Section 68. Power of controller to give directions: (1) The Controller may, by order, direct a Certifying Authority or any employee of such Authority to take such measures or cease carrying on such activities as specified in the order if those are necessary to ensure compliance with the provisions of this Act, rules or any regulations made there under. (2) Any person who fails to comply with any order under sub-section (1) shall be guilty of an offence and shall be liable on conviction to imprisonment for a term not exceeding three years or to a fine not exceeding two lakh rupees or to both. The under this section is non-bailable & cognizable. Penalties: Punishment: imprisonment Fine: not exceeding two lakh rupees.

up

to

a

term

not

exceeding

three

years

Section 69. Directions of Controller to a subscriber to extend facilities to decrypt information: (1) If the Controller is satisfied that it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence; for reasons to be recorded in writing, by order, direct any agency of the Government to intercept any information transmitted through any computer resource. (2) The subscriber or any person in charge of the computer resource shall, when called upon by any agency which has been directed under sub-section (1), extend all facilities and technical assistance to decrypt the information. (3) The subscriber or any person who fails to assist the agency referred to in subsection (2) shall be punished with an imprisonment for a term which may extend to seven years. Penalties: Punishment: imprisonment for a term which may extend to seven years. The offence is cognizable and non- bailable.

Section 70. Protected System: (1) The appropriate Government may, by notification in the Official Gazette, declare that any computer, computer system or computer network to be a protected system. (2) The appropriate Government may, by order in writing, authorize the persons who are authorized to access protected systems notified under sub-section (1).

101

Strictly for Internal Circulation‐ KCL

(3) Any person who secures access or attempts to secure access to a protected system in contravention of the provision of this section shall be punished with imprisonment of either description for a term which may extend to ten years and shall also be liable to fine. Explanation: This section grants the power to the appropriate government to declare any computer, computer system or computer network, to be a protected system. Only authorized person has the right to access to protected system. Penalties: Punishment: the imprisonment which may extend to ten years and fine. Section 71. Penalty for misrepresentation: (1) Whoever makes any misrepresentation to, or suppresses any material fact from, the Controller or the Certifying Authority for obtaining any license or Digital Signature Certificate, as the case may be, shall be punished with imprisonment for a term which may extend to two years, or which fine which may extend to one lakh rupees, or with both. Penalties: Punishment: imprisonment which may extend to two years Fine: may extend to one lakh rupees or with both. Section 72. Penalty for breach of confidentiality and privacy: Save as otherwise provide in this Act or any other law for the time being in force, any person who, in pursuance of any of the powers conferred under this Act, rules or regulation made there under, has secured assess to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses such material to any other person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both. Explanation: This section relates to any to nay person who in pursuance of any of the powers conferred by the Act or it allied rules and regulations has secured access to any: Electronic record, books, register, correspondence, information, document, or other material. If such person discloses such information, he will be punished with punished. It would not apply to disclosure of personal information of a person by a website, by his email service provider. Penalties: Punishment: term which may extend to two years. Fine: one lakh rupees or with both. Section 73. Penalty for publishing Digital Signature Certificate false in certain particulars: (1) No person shall publish a Digital Signature Certificate or otherwise make it available to any other person with the knowledge that-

102

Strictly for Internal Circulation‐ KCL

(a) The Certifying Authority listed in the certificate has not issued it; or (b) The subscriber listed in the certificate has not accepted it; or (c) The certificate has been revoked or suspended, unless such publication is for the purpose of verifying a digital signature created prior to such suspension or revocation. (2) Any person who contravenes the provisions of sub-section (1) shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both. The Certifying authority may also suspend the Digital Signature Certificate if it is of the opinion that the digital signature certificate should be suspended in public interest. A digital signature may not be revoked unless the subscriber has been given opportunity of being heard in the matter. On revocation the Certifying Authority need to communicate the same with the subscriber. Such publication is not an offence it is the purpose of verifying a digital signature created prior to such suspension or revocation. Penalties: Punishment imprisonment of a term of which may extend to two years. Fine: fine may extend to 1 lakh rupees or with both.

Case Laws: 1. Bennett Coleman & Co. v/s Union of India. In this case the publication has been stated that ‘publication means dissemination and circulation’. In the context of digital medium, the term publication includes and transmission of information or data in electronic form.

Section 74. Publication for fraudulent purpose: Whoever knowingly creates, publishes or otherwise makes available a Digital Signature Certificate for any fraudulent or unlawful purpose shall be punished with imprisonment for a term which may extend to two years, or with fine which extend to one lakh rupees, or with both.

Explanation: This section prescribes punishment for the following acts: Knowingly creating a digital signature certificate for any i. fraudulent purpose or, ii. unlawful purpose. Knowingly publishing a digital signature certificate for any i. fraudulent purpose or ii. unlawful purpose 103

Strictly for Internal Circulation‐ KCL

Knowingly making available a digital signature certificate for any i. fraudulent purpose or ii. unlawful purpose. Penalties: Punishment: imprisonment for a term up to two years. Fine: up to one lakh or both.

Section 75. Act to apply for offence or contravention committed outside India:

(1) Subject to the provisions of sub-section (2), the provisions of this Act shall apply also to any offence or contravention committed outside India by any person irrespective of his nationality. (2) For the purposes of sub-section (1), this Act shall apply to an offence or Contravention committed outside India by any person if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India.

Case Laws: R v/s Governor of Brixton prison and another. Facts: In this case the Citibank faced the wrath of a hacker on its cash management system, resulting in illegal transfer of funds from customers account in to the accounts of the hacker, later identified as Valdimer Levin and his accomplices. After Levin was arrested he was extradite to the United States. One of the most important issues was jurisdictional issue, the ‘place of origin’ of the cyber crime. Held: The Court helds that the real- time nature of the communication link between Levin and Citibank computer meant that Levin’s keystrokes were actually occurring on the Citibank computer. It is thus important that in order to resolve the disputes related to jurisdiction, the issue of territoriality and nationality must be placed by a much broader criteria embracing principles of reasonableness and fairness to accommodate overlapping or conflicting interests of states, in spirit of universal jurisdiction.

Section 76. Confiscation: Any computer, computer system, floppies, compact disks, tape drives or any other accessories related thereto, in respect of which any provisions of this Act, rules, orders or regulations made there under has been or is being contravened, shall be liable to confiscation :

104

Strictly for Internal Circulation‐ KCL

Provided that where it is established to the satisfaction of the court adjudicating the confiscation that the person in whose possession, power or control of any such computer, computer system, floppies, compact disks, tape drives or any other accessories relating thereto is found is not responsible for the contravention of the provisions of this Act, rules orders or regulations made there under, the court may, instead of making an order for confiscation of such computer, computer system, floppies, compact disks, tape drives or any other accessories related thereto, make such other order authorized by this Act against the person contravening of the provisions of this Act, rules, orders or regulations made there under as it may think fit. 77. Penalties or confiscation not to interfere with other punishments: No penalty imposed or confiscation made under this Act shall prevent the imposition of any other punishment to which the person affected thereby is liable under any other law for the time being in force. 78. Power to investigate offences: Notwithstanding anything contained in the Code of Criminal Procedure, 1973, a police officer not below the rank of Deputy Superintendent of Police shall investigate any offence under this Act. Conclusion: Due to the increase in the digital technology various offences has also increased. Since new-new technology come everyday, the offences has also increased therefore the IT Act 2000 need to be amended in order to include those offences which are now not included in the Act. In India cyber crime is of not of high rate therefore we have time in order to tighten the cyber laws and include the offences which are now not included in the IT Act 2000. TYPES OF CYBER CRIMES

Crime against Government

Crime against property

Crime against persons

Computer Viruses „ Viruses „ A computer virus is a computer program that can infect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of it. Note that a program does not have to perform outright damage (such as deleting or corrupting files) in order to be called a "virus".

105

Strictly for Internal Circulation‐ KCL

Viruses

Boot record infectors

File Infectors

Boot and File viruses

COMBATING CYBER CRIMES „ Technological measures-Public key cryptography, Digital signatures ,Firewalls, honey pots „ Cyber investigation- Computer forensics is the process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable in courts of law. „ These rules of evidence include admissibility (in courts), authenticity (relation to incident), completeness, reliability and believability. „ Legal framework-laws & enforcement

Cyber crimes Web jacking

Hacking

Information Theft

E-mail bombing

Salami attacks

Denial of Service attacks

Trojan attacks

INTERNATIONAL INITIATIVES „ Representatives from the 26 Council of Europe members, the United States, Canada, Japan and South Africa in 2001 signed a convention on cybercrime in efforts to enhance international cooperation in combating computer-based crimes. „ The Convention on Cybercrime, drawn up by experts of the Council of Europe, is designed to coordinate these countries' policies and laws on penalties on crimes in cyberspace, define the formula guaranteeing the efficient operation of the criminal and judicial authorities, and establish an efficient mechanism for international cooperation. „ In 1997, The G-8 Ministers agreed to ten "Principles to Combat High-Tech Crime" and an "Action Plan to Combat High-Tech Crime."

106

Strictly for Internal Circulation‐ KCL

Main objectives„ „ „ „ „

Create effective cyber crime laws Handle jurisdiction issues Cooperate in international investigations Develop acceptable practices for search and seizure Establish effective public/private sector interaction

FREQUENCY OF INCIDENTS OF CYBER CRIMES IN INDIA Cyber Crime Statistics The following cyber crime statistics illustrate of some of the general trends in the field of hi-tech crimes. Marked increases in cyber crime statistics result in an increasing need for professionals capable of responding to and investigating cyber crimes, and conducting computer forensic examinations of evidence in these cases. Cyber Crime Statistics from the 2006 Internet Crime Report* ¾ ¾ ¾ ¾ ¾ ¾ ¾ ¾

In 2006, the Internet Crime Complaint Center received and processed over 200,000 complaints. More than 86,000 of these complaints were processed and referred to various local, state, and federal law enforcement agencies. Most of these were consumers and persons filing as private persons. Total alleged dollar losses were more than $194 million. Email and websites were the two primary mechanisms for fraud. Although the total number of complaints decreased by approximately 7,000 complaints from 2005, the total dollar losses increased by $15 million. The top frauds reported were auction fraud, non-delivery of items, check fraud, and credit card fraud. Top contact mechanisms for perpetrators to victims were email (74%), web page (36%), and phone (18%) (there was some overlap).

* The Internet Crime Complaint Center is a clearinghouse for online economic crime complaints. It is maintained by the National White Collar Crime Center and the Federal Bureau of Investigations. To review the results of the study, visit the National White Collar Crime Center’s site. Cyber Crime Statistics from the 12th Annual Computer Crime and Security Survey* 107

Strictly for Internal Circulation‐ KCL

¾ ¾

Between 2006 and 2007 there was a net increase in IT budget spent on security. Significantly, however, the percentage of IT budget spent on security awareness training was very low, with 71% of respondents saying less than 5% of the security budget was spent on awareness training, 22% saying less than 1% was spent on such training. ¾ 71% of respondents said their company has no external insurance to cover computer security incident losses. ¾ 90% of respondents said their company experienced a computer security incident in the past 12 months. ¾ 64% of losses were due to the actions of insiders at the company. The top 3 types of attack, ranked by dollar losses, were: ¾ financial fraud ($21.1 million) ¾ viruses/worms/trojans ($8.4 million) ¾ system penetration by outsiders ($6.8 million) * The complete results of this study, as well as past studies, which are conducted annually by the Computer Security Institute, can be found at the CSI website www.gocsi.com . Interestingly, these statistics are compiled from voluntary responses of computer security professionals. Thus, there is certainly an inference that the damages due to computer security incidents are much higher than those cited here, as companies without responding security professionals undoubtedly were the victim of computer security incidents. Cyber Crime Statistics from the Online Victimization of Youth, Five Years Later study* ¾ Increasing numbers of children are being exposed to unwanted sexual materials online. ¾ Reports of online sexual solicitations of youth decreased while reports of aggressive sexual solicitation of youth did not (perhaps indicating that some prevention and education measures may be working, while the most serious offenders may not be deterred). ¾ Online child solicitation offenses are rarely reported to any authority. ¾ Incidents of online harassment and bullying increased. *This is an empirical study based on approximately 1500 surveys conducted with online youth in 2005 that were compared to the results of a similar study in 2001. The study was conducted by the National Center for Missing and Exploited Children, the Crimes Against Children Research Center, and the Office for Juvenile Justice and Delinquency Prevention at the United States Department of Justice. The complete results of the study can be found here http://www.missingkids.com.

REPORTED CASES

108

Strictly for Internal Circulation‐ KCL

ƒ

State Versus Amit Pasari and Kapil Juneja

ƒ

Delhi Police o M/s Softweb Solutions o Website www.go2nextjob.com hosted o Complaint of hacking by web hosting service

ƒ

State Versus Joseph Jose o Delhi Police o Hoax email- purporting planting of 6 bombs in Connaught place

ƒ

State Versus Aneesh Chopra o Delhi Police o 3 company websites hacked o Accused : an ex-employee

ƒ

State Versus K R Vijayakumar o Bangalore Cyber Crime Police Station, 2001 o Criminal Intimidation of employers and crashing the company’s server o Phoenix Global Solutions

WHAT IS INDIA INC’S BIGGEST THREAT? „ Cyber crime is now a bigger threat to India Inc than physical crime. In a recent survey by IBM, a greater number of companies (44%) listed cyber crime as a bigger threat to their profitability than physical crime (31%). The cost of cyber crime stems primarily from loss of revenue, loss of market capitalisation, damage to the brand, and loss of customers, in that order. About 67% local Chief Information Officers (CIOs) who took part in the survey perceived cyber crime as more costly, compared to the global benchmark of 50%. COMBATING CYBER CRIME-INDIAN LEGAL FRAMEWORK „ Information Technology Act, 2000-came into force on 17 October 2000 „ Extends to whole of India and also applies to any offence or contravention there under committed outside India by any person {section 1 (2)} „ read with Section 75- Act applies to offence or contravention committed outside India by any person irrespective of his nationality, if such act involves a computer, computer system or network located in India „ Section 2 (1) (a) –”Access” means gaining entry into ,instructing or communicating with the logical, arithmetic or memory function resources of a computer, computer resource or network „ IT Act confers legal recognition to electronic records and digital signatures (section 4,5 of the IT Act,2000)

CIVIL WRONGS UNDER IT ACT

109

Strictly for Internal Circulation‐ KCL

„ Chapter IX of IT Act, Section 43 „ Whoever without permission of owner of the computer – Secures access (mere U/A access) „ Not necessarily through a network –

Downloads, copies, extracts any data



Introduces or causes to be introduced any viruses or contaminant



Damages or causes to be damaged any computer resource „ Destroy, alter, delete, add, modify or rearrange „ Change the format of a file



Disrupts or causes disruption of any computer resource „ Preventing normal continuance of



Denies or causes denial of access by any means „ Denial of service attacks



Assists any person to do any thing above „ Rogue Websites, Search Engines, Insiders providing vulnerabilities



Charges the services availed by a person to the account of another person by tampering or manipulating any computer resource „ Credit card frauds, Internet time thefts



Liable to pay damages not exceeding Rs. One crore to the affected party



Investigation by „ ADJUDICATING OFFICER „ Powers of a civil court

CYBER CRIMES PUNISHABLE UNDER VARIOUS INDIAN LAWS „ Sending pornographic or obscene emails are punishable under Section 67 of the IT Act. „ An offence under this section is punishable on first conviction with imprisonment for a term, which may extend to five years and with fine, which may extend to One lakh rupees. „ In the event of a second or subsequent conviction the recommended punishment is imprisonment for a term, which may extend to ten years and also with fine which may extend to Two lakh rupees. „ Emails that are defamatory in nature are punishable under Section 500 of the Indian Penal Code (IPC), which recommends an imprisonment of upto two years or a fine or both. „ Threatening emails are punishable under the provisions of the IPC pertaining to criminal intimidation, insult and annoyance (Chapter XXII), extortion (Chapter XVII) „ Email spoofing Email spoofing is covered under provisions of the IPC relating to fraud, cheating by personation (Chapter XVII), forgery (Chapter XVIII)

110

Strictly for Internal Circulation‐ KCL

OFFENCES & PENALTY COVERED UNDER IT ACT 2000

Chapter IX Section Offences

Compensation / Punishment or Both

43

Compensation for Damage to Computer, Computer System etc.

44

Penalty for Failure to furnish information, returns etc.

45

Not exceeding Rs. 1 Crore

fails to furnish the same

Rs.1.5 Lakhs for each such failure

fails to file return or furnish the same within the time specified

Rs. 5000 per day

fails to maintain the same

10,000 for every day

Residuary Penalty

25000

Chapter XI Section Offences

Compensation / Punishment or Both

65

Tampering with Source codes/documents

2 lakhs/3yrs or Both

66

Computer related offencesIf any person, dishonestly or fraudulently, without permission of the owner or of any other person who is in charge of a computer resource.

5 lakhs/2yrs or Both

accesses downloads, copies or 2 lakhs/1yr or Both extracts any data, denies or causes the denial of access causes to be introduced any computer contaminant

67

Publishing in electronic form of information which is obscene

5 lakhs/2yrs or Bothin second or subsequent conviction 10lakhs/5yrs or Both

68

Power Of Controller to give directions

2 lakhs/3yrs or Both

Failure to cooperate in Decryption to the Government regulatory agencies

(7 years)

68A 69

111

Strictly for Internal Circulation‐ KCL

70

Securing/Attempting to secure access to a Protected System

(10 years)

71

Misrepresentation of facts to Certifying Authorities

1 lakhs/2yrs or Both

72

Breach of secured access to any electronic not exceeding Rs. 25 lakhs Confidentiality and record, book, register, Privacy correspondence, information, document or other material without the consent of the person concerned. if any intermediary discloses Rs. 25 lakhs also 2lakhs/1Yr or Both information or material to any other person, without the consent of its subscriber and with intent to cause injury to him. Whoever intentionally captures or 1 lakh/2yrs or Both broadcasts an image of an individual violating the privacy of that individual.

74

Publication of Electronic Signature Certificate for Fraudulent Purpose

75

Act to apply for offence or contravention committed outside India

(2 Years/1 lakh)

REGULATION OF CERTIFYING AUTHORITIES 17. APPOINTMENT OF CONTROLLER AND OTHER OFFICERS. 1. The Central Government may, by notification in the Official Gazette, appoint a Controller of Certifying Authorities for the purposes of this Act and may also by the same or subsequent notification appoint such number of Deputy Controllers and Assistant Controllers as it deems fit. 2. The Controller shall discharge his functions under this Act subject to the general control and directions of the Central Government. 3. The Deputy Controllers and Assistant Controllers shall perform the functions assigned to them by the Controller under the general superintendence and control of the Controller. 4. The qualifications, experience and terms and conditions of service of Controller, Deputy Controllers and Assistant Controllers shall be such as may be prescribed by the Central Government. 112

Strictly for Internal Circulation‐ KCL

5. The Head Office and Branch Office of the office of the Controller shall be at such places as the Central Government may specify, and these may be established at such places as the Central Government may think fit. 6. There shall be a seal of the Office of the Controller. SECTION 18- FUNCTIONS OF CONTROLLER. 1. The Controller may perform all or any of the following functions, namely: 2. exercising supervision over the activities of the Certifying Authorities. 3. certifying public keys of the Certifying Authorities. 4. laying down the standards to be maintained by the Certifying Authorities. 5. specifying the qualifications and experience which employees of the Certifying Authorities should possess. 6. specifying the conditions subject to which the Certifying Authorities shall conduct their business. 7. specifying the contents of written, printed or visual materials and advertisements that may be distributed or used in respect of a Digital Signature Certificate and the public key. 8. specifying the form and content of a Digital Signature Certificate and the key. 9. specifying the form and manner in which accounts shall be maintained by the Certifying Authorities. 10. specifying the terms and conditions subject to which auditors may be appointed and the remuneration to be paid to them. 11. facilitating the establishment of any electronic system by a Certifying Authority either solely or jointly with other Certifying Authorities and regulation of such systems. 12. specifying the manner in which the Certifying Authorities shall conduct their dealings with the subscribers. 13. resolving any conflict of interests between the Certifying Authorities and the subscribers. 14. laying down the duties of the Certifying Authorities. 15. maintaining a data base containing the disclosure record of every Certifying Authority containing such particulars as may be specified by regulations, which shall be accessible to public.

113

Strictly for Internal Circulation‐ KCL

114

Strictly for Internal Circulation‐ KCL

ARTICLE ON CYBER TERRORISM Cyber terrorism is the premeditated use of disruptive activities, or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives. Computers and the internet are becoming an essential part of our daily life. They are being used by individuals and societies to make their life easier. They use them for storing information, processing data, sending and receiving messages, communications, controlling machines, typing, editing, designing, drawing, and almost all aspects of life. The most deadly and destructive consequence of this helplessness is the emergence of the concept of “cyber terrorism”. The traditional concepts and methods of terrorism have taken new dimensions, which are more destructive and deadly in nature. In the age of information technology the terrorists have acquired an expertise to produce the most deadly combination of weapons and technology, which if not properly safeguarded in due course of time, will take its own toll. The damage so produced would be almost irreversible and most catastrophic in nature. In short, we are facing the worst form of terrorism popularly known as "Cyber Terrorism". The expression "cyber terrorism" includes an intentional negative and harmful use of the information technology for producing destructive and harmful effects to the property, whether tangible or intangible, of others. For instance, hacking of a computer system and then deleting the useful and valuable business information of the rival competitor is a part and parcel of cyber terrorism. The definition of "cyber terrorism" cannot be made exhaustive as the nature of crime is such that it must be left to be inclusive in nature. The nature of "cyberspace” is such that new methods and technologies are invented regularly; hence it is not advisable to put the definition in a straightjacket formula or pigeons hole. In fact, the first effort of the Courts should be to interpret the definition as liberally as possible so that the menace of cyber terrorism can be tackled stringently and with a punitive hand. The law dealing with cyber terrorism is, however, not adequate to meet the precarious intentions of these cyber terrorists and requires a rejuvenation in the light and context of the latest developments all over the world. A. Definition of Cyber TerrorismThe word “cyber terrorism” refers to two elements: cyberspace and terrorism. Another word for cyberspace is the “virtual world” i,e a place in which computer programs function and data moves. Terrorism is a much used term, with many definitions. For the purposes of this presentation, we will use the United States Department of State definition:” The term ‘terrorism’ means premeditated, politically motivated violence perpetrated against noncombatant targets by sub national groups or clandestine agents.” 115

Strictly for Internal Circulation‐ KCL

If we combine these definitions, we construct a working definition such as the following: “Cyber terrorism is the premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against noncombatant targets by sub national groups or clandestine agents.” The basic definition of Cyber-terrorism subsumed over time to encompass such things as simply defacing a web site or server, or attacking non-critical systems, resulting in the term becoming less useful. There is also a train of thought that says cyber terrorism does not exist and is really a matter of hacking or information warfare. Some disagree with labeling it terrorism proper because of the unlikelihood of the creation of fear of significant physical harm or death in a population using electronic means, considering current attack and protective technologies. B. Who are cyber terrorists? From American point of view the most dangerous terrorist group is Al-Qaeda which is considered the first enemy for the US. According to US official’s data from computers seized in Afghanistan indicate that the group has scouted systems that control American energy facilities, water distribution, communication systems, and other critical infrastructure. After April 2001 collision of US navy spy plane and Chinese fighter jet, Chinese hackers launched Denial of Service (DoS) attacks against American web sites. A study that covered the second half of the year 2002 showed that the most dangerous nation for originating malicious cyber attacks is the United States with 35.4% of the cases down from 40% for the first half of the same year. South Korea came next with 12.8%, followed by China 6.2% then Germany 6.7% then France 4%. The UK came number 9 with 2.2%. According to the same study, Israel was the most active country in terms of number of cyber attacks related to the number of internet users. There are so many groups who are very active in attacking their targets through the computers. The Unix Security Guards (USG) a pro Islamic group launched a lot of digital attacks in May 2002. Another group called World's Fantabulas Defacers (WFD) attacked many Indian sites. Also there is another pro Pakistan group called Anti India Crew (AIC) who launched many cyber attacks against India.

C. Why do they use cyber attacks?

Cyber terrorist prefer using the cyber attack methods because of many advantages for it. It is Cheaper than traditional methods. The action is very difficult to be tracked. They can hide their personalities and location. 116

Strictly for Internal Circulation‐ KCL

There are no physical barriers or check points to cross. They can do it remotely from anywhere in the world. They can use this method to attack a big number of targets. They can affect a large number of people. D. Forms of cyber terrorism(I) Privacy violation: The law of privacy is the recognition of the individual's right to be let alone and to have his personal space inviolate. The right to privacy as an independent and distinctive concept originated in the field of Tort law, under which a new cause of action for damages resulting from unlawful invasion of privacy was recognized. In recent times, however, this right has acquired a constitutional status, the violation of which attracts both civil as well as criminal consequences under the respective laws. The intensity and complexity of life have rendered necessary some retreat from the world. Man under the refining influence of culture, has become sensitive to publicity, so that solitude and privacy have become essential to the individual. Modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury. Right to privacy is a part of the right to life and personal liberty enshrined under Article 21 of the Constitution of India. With the advent of information technology the traditional concept of right to privacy has taken new dimensions, which require a different legal outlook. To meet this challenge recourse of Information Technology Act, 2000 can be taken. The various provisions of the Act aptly protect the online privacy rights of the citizens. Certain acts have been categorized as offences and contraventions, which have tendency to intrude with the privacy rights of the citizens. (II) Secret information appropriation and data theft: The information technology can be misused for appropriating the valuable Government secrets and data of private individuals and the Government and its agencies. A computer network owned by the Government may contain valuable information concerning defence and other top secrets, which the Government will not wish to share otherwise. The same can be targeted by the terrorists to facilitate their activities, including destruction of property. It must be noted that the definition of property is not restricted to moveables or immovable alone. In R.K. Dalmia v Delhi Administration the Supreme Court held that the word "property" is used in the I.P.C in a much wider sense than the expression "movable property". There is no good reason to restrict the meaning of the word "property" to moveable property only, when it is used without any qualification. Whether the offence defined in a particular section of IPC can be committed in respect of any particular kind of property, will depend not on the interpretation of the word "property" but on the fact whether that particular kind of property can be subject to the acts covered by that section. 117

Strictly for Internal Circulation‐ KCL

(III) Demolition of e-governance base: The aim of e-governance is to make the interaction of the citizens with the government offices hassle free and to share information in a free and transparent manner. It further makes the right to information a meaningful reality. In a democracy, people govern themselves and they cannot govern themselves properly unless they are aware of social, political, economic and other issues confronting them. To enable them to make a proper judgment on those issues, they must have the benefit of a range of opinions on those issues. Right to receive and impart information is implicit in free speech. This, right to receive information is, however, not absolute but is subject to reasonable restrictions which may be imposed by the Government in public interest. (IV) Distributed denial of services attack: The cyber terrorists may also use the method of distributed denial of services (DDOS) to overburden the Government and its agencies electronic bases. This is made possible by first infecting several unprotected computers by way of virus attacks and then taking control of them. Once control is obtained, they can be manipulated from any locality by the terrorists. These infected computers are then made to send information or demand in such a large number that the server of the victim collapses. Further, due to this unnecessary Internet traffic the legitimate traffic is prohibited from reaching the Government or its agencies computers. This results in immense pecuniary and strategic loss to the government and its agencies. It must be noted that thousands of compromised computers can be used to simultaneously attack a single host, thus making its electronic existence invisible to the genuine and legitimate citizens and end users. The law in this regard is crystal clear. (V) Network damage and disruptions: The main aim of cyber terrorist activities is to cause networks damage and their disruptions. This activity may divert the attention of the security agencies for the time being thus giving the terrorists extra time and makes their task comparatively easier. This process may involve a combination of computer tampering, virus attacks, hacking, etc. E. The danger of cyber terrorismCyber terrorists can destroy the economy of the country by attacking the critical infrastructure in the big towns such as electric power and water supply, still the blackout of the North Western states in the US in Aug. 15, 2003 is unknown whether it was a terrorist act or not, or by attacking the banks and financial institutions and play with their computer systems. Cyber terrorists can endanger the security of the nation by targeting the sensitive and secret information (by stealing, disclosing, or destroying). F. The Impact of Cyber Terrorism- a brief idea

118

Strictly for Internal Circulation‐ KCL

The intention of a cyber terrorism attack could range from economic disruption through the interruption of financial networks and systems or used in support of a physical attack to cause further confusion and possible delays in proper response. Although cyber attacks have caused billions of dollars in damage and affected the lives of millions, we have yet witness the implications of a truly catastrophic cyber terrorism attack. What would some of the implications be? Direct Cost Implications • Loss of sales during the disruption • Staff time, network delays, intermittent access for business users • Increased insurance costs due to litigation • Loss of intellectual property - research, pricing, etc. • Costs of forensics for recovery and litigation • Loss of critical communications in time of emergency. Indirect Cost Implications • Loss of confidence and credibility in our financial systems • Tarnished relationships& public image globally • Strained business partner relationships - domestic and internationally • Loss of future customer revenues for an individual or group of companies • Loss of trust in the government and computer industry G. Indian law & Cyber terrorismIn India there is no law, which is specifically dealing with prevention of malware through aggressive defense. Thus, the analogous provisions have to be applied in a purposive manner. The protection against malware attacks can be claimed under the following categories: (1) Protection available under the Constitution of India, and (2) Protection available under other statutes. (1) Protection under the Constitution of India: The protection available under the Constitution of any country is the strongest and the safest one since it is the supreme document and all other laws derive their power and validity from it. If a law satisfies the rigorous tests of the Constitutional validity, then its applicability and validity cannot be challenge and it becomes absolutely binding. The Constitutions of India, like other Constitutions of the world, is organic and living in nature and is capable of molding itself as per the time and requirements of the society.

119

Strictly for Internal Circulation‐ KCL

(2) Protection under other statutes: The protection available under the Constitution is further strengthened by various statutory enactments. These protections can be classified as: (A) Protection under the Indian Penal Code (I.P.C), 1860, and (B) Protection under the Information Technology Act (ITA), 2000. H. ConclusionThe problems associated with the use of malware are not peculiar to any particular country as the menace is global in nature. The countries all over the world are facing this problem and are trying their level best to eliminate this problem. The problem, however, cannot be effectively curbed unless popular public support and a vigilant judiciary back it. The legislature cannot enact a law against the general public opinion of the nation at large. Thus, first a public support has to be obtained not only at the national level but at the international level as well. The people all over the world are not against the enactment of statutes curbing the use of malware, but they are conscious about their legitimate rights. Thus, the law to be enacted by the legislature must take care of public interest on a priority basis. This can be achieved if a suitable technology is supported by an apt legislation, which can exclusively take care of the menace created by the computers sending the malware. Thus, the self-help measures recognized by the legislature should not be disproportionate and excessive than the threat received by the malware. Further, while using such self-help measures the property and rights of the general public should not be affected. It would also not be unreasonable to demand that such self-help measures should not themselves commit any illegal act r omission. Thus, a self-help measure should not be such as may destroy or steal the data or secret information stored in the computer of the person sending the malware. It must be noted that two wrongs cannot make a thing right. Thus, a demarcating line between self-help and taking law in one’s own hand must be drawn. In the ultimate analysis we must not forget that self-help measures are “watchdogs and not blood-hounds”, and their purpose should be restricted to legitimate and proportionate defensive actions only. In India, fortunately, we have a sound legal base for dealing with malware and the public at large has no problem in supporting the self-help measures to combat cyber terrorism and malware.

120

Strictly for Internal Circulation‐ KCL

COMPOSITION OF CYBER REGULATION APPELLATE TRIBUNAL Under Information Technology Act 2000

ESTBALISHMENT BY WHOM AND HOW Section- 48. Establishment of Cyber Appellate Tribunal. (1) The Central Government shall, by notification, establish one or more appellate tribunals to be known as the Cyber Regulations Appellate Tribunal. (2) The Central Government shall also specify, in the notification referred to in sub-section (1), the matters and places in relation to which the Cyber Appellate Tribunal may exercise jurisdiction. Though the aforesaid sub-section (1) provides for appointment of one or more appellate tribunals by the Central Government but the language of the Rule 13 of the Cyber Regulations Tribunal (Procedure) Rules, 2000 makes it clear that there shall only be one tribunal and it shall ordinarily hold its sittings at New Delhi. If at any time, the Presiding Officer of the Tribunal is satisfied that circumstances exist which render it necessary to have sittings of the Tribunal at any place other than New Delhi, he may direct to hold the sittings at any such appropriate place. The Tribunal shall notify to the parties the date and place of hearing of the application (Rule 12). Union of India Vs. Paras Laminates (P) Ltd. (1990) 4SCC 453 The Supreme Court held that there is no doubt that the Tribunal functions as a court within the limits of its jurisdiction. It has all the powers conferred expressly by the statute. Furthermore, being a judicial body, it has all those incidental and ancillary powers which are necessary to make fully effective the express grant of statutory powers. The powers of Tribunal are no doubt limited. Its area of jurisdiction is clearly defined, but within the bounds of its jurisdiction, it has all the powers expressly and implied granted. COMPOSITION AND QUALITIES

Section- 49. Composition of Cyber Appellate Tribunal.

121

Strictly for Internal Circulation‐ KCL

A Cyber Appellate Tribunal shall consist of one person only (hereinafter referred to as the Presiding Officer of the Cyber Appellate Tribunal) to be appointed, by notification, by the Central Government. A Cyber Appellate Tribunal is headed by one person only, called the Presiding Officer being appointed by notification by the Central Government. The Cyber Appellate Tribunal does not constitute an “expert body”.

PROCEDURE OF APPOINTMENT OF ITS MEMBERS

Section- 50. Qualifications for appointment as Presiding Officer of the Cyber Appellate Tribunal. A person shall not be qualified for appointment as the Presiding Officer of a Cyber Appellate Tribunal unless he (a) is, or has been. or is qualified to be, a Judge of a High Court; or (b) is or has been a member of the Indian Legal Service and is holding or has held a post in Grade I of that Service for at least three years. The aforesaid section identifies the qualifications necessary for appointment as Presiding Officer of the Cyber Appellate Tribunal. The focus is primarily on the legal rather than on technical qualifications. Thus, the tribunal ought to be doubly careful while interfering with the Controller or the Adjudicating Officers findings on facts.

Section- 51. Term of office The Presiding Officer of a Cyber Appellate Tribunal shall hold office for a term of five years from the date on which he enters upon his office or until he attains the age of sixty-five years, whichever is earlier. It provides a five year term for the Presiding Officer of a Cyber Appellate Tribunal. The term starts from the date on which he enters upon his office. It will last for five years or until he attains the age of sixty-five years, whichever is earlier. Section- 52. Salary, allowances and other terms and conditions of service of Presiding Officer. The salary and allowances payable to, and the other terms and conditions of service including pension, gratuity and other retirement benefits of, the Presiding Officer of a Cyber Appellate Tribunal shall be such as may be prescribed: 122

Strictly for Internal Circulation‐ KCL

Provided that neither the salary and allowances nor the other terms and conditions of service of the Presiding Officer shall be varied to his disadvantage after appointment. Under Section 87(2) (r) of the Act, the Central Government has the power to make rules regarding the salary, allowances and the other terms and conditions of service of the Presiding Officer. The Central Government has notified the Cyber Regulations Appellate Tribunal (Salary, Allowances and other terms and conditions of service of Presiding Officer) Rules, 2003 it has laid that Presiding Officer shall be paid such salary and allowances as admissible to a Secretary to the Government of India, including all the benefits that a Secretary is entitled to. Section- 53. Filling up of vacancies. If, for reason other than temporary absence, any vacancy occurs in the office n the Presiding Officer of a Cyber Appellate Tribunal, then the Central Government shall appoint another person in accordance with the provisions of this Act to fill the vacancy and the proceedings may be continued before the Cyber Appellate Tribunal from the stage at which the vacancy is filled. Being the first stage of appeal, the office of the Presiding Officer of a Cyber Appellate Tribunal is an important one. It directs the Central Government to appoint another person in case of occurrence of any vacancy in the office of the Presiding Officer in accordance with the provisions of the Act. The objective of this is to maintain the continuity of the appellate process that begins with filing of application to the Registrar of Cyber Appellate Tribunal. Section- 54. Resignation and removal. (1) The Presiding Officer of a Cyber Appellate Tribunal may, by notice in writing under his hand addressed to the Central Government, resign his office: Provided that the said Presiding Officer shall, unless he is permitted by the Central Government to relinquish his office sooner, continue to hold office until the expiry of three months from the date of receipt of such notice or until a person duly appointed as his successor enters upon his office or until the expiry of his term of office, whichever is the earliest. (2) The Presiding Officer of a Cyber Appellate Tribunal shall not be removed from his office except by an order by the Central Government on the ground of proved misbehaviour or incapacity after an inquiry made by a Judge of the Supreme Court in which the Presiding Officer concerned has been informed of the charges against him and given a reasonable opportunity of being heard in respect of these charges. (3) The Central Government may, by rules, regulate the procedure for the investigation of misbehaviour or incapacity of the aforesaid Presiding Officer. It is for the Central Government to relieve him on the receipt of such notice or permit him to continue to hold office until the expiry of three months from the date of receipt of such notice or until a person duly appointed as his successor enters upon his office or until the expiry of his term of office, whichever is the earliest. 123

Strictly for Internal Circulation‐ KCL

Under S.87 (2) (s) of the Act, the Central Government has the power to make rules regarding the procedure for investigation of misbehaviour or incapacity of the Presiding Officer. Recently in the Official Gazette, the Central Government has published Cyber Regulation Appellate Tribunal (Procedure for Investigation of Misbehaviour for Investigation of Misbehaviour or Incapacity of Presiding Officer) Rules, 2003 to regulate the procedure for the investigation of misbehaviour of incapacity of the presiding officer. Section- 56. Staff of the Cyber Appellate Tribunal. (1) The Central Government shall provide the Cyber Appellate Tribunal with such officers and employees as that Government may think fit. (2) The officers and employees of the Cyber Appellate Tribunal shall discharge their functions under general superintendence of the Presiding Officer. (3) The salaries, allowances and other conditions of service of the officers and employees or the Cyber Appellate Tribunal shall be such as may be prescribed by the Central Government. The office of Cyber Appellate Tribunal is like an organization where the officers and employees discharge their respective functions under general superintendence of the Presiding Officer. Under S.87 (2) (t) of the Act, the Central Government has the power to make rules regarding the salary and allowances and other conditions of service of other officers and employees of the Tribunal. Till date, no such rules have been made by the Central Government. POWERS AND DUTIES Section- 55. Orders constituting Appellate Tribunal to be final and not to invalidate its proceedings. No order of the Central Government appointing any person as the Presiding Officer of a Cyber Appellate Tribunal shall be called in question in any manner and no act or proceeding before a Cyber Appellate Tribunal shall be called in question in any manner on the ground merely of any defect in the constitution of a Cyber Appellate Tribunal. It takes away the power of the judicial review by giving the Central Government a carte blanche to appoint any person as the Presiding Officer of a Cyber Appellate Tribunal, without being questioned in any manner. It is considered a privilege of the Executive to appoint any person as the Presiding Officer of a Cyber Appellate Tribunal. Furthermore, no act or proceeding before a Cyber Appellate Tribunal shall be called in question in any manner on the ground merely of any defect in the constitution of a Cyber Appellate Tribunal. The provision indicates that it is a pre-emptive method employed by the legislature to protect Cyber Appellate Tribunal’s judicial processes/ proceedings from getting bogged down under frivolous/ unnecessary litigation merely on the pretext of some defect in the constitution of a Cyber Appellate Tribunal. 124

Strictly for Internal Circulation‐ KCL

Section- 57. Appeal to Cyber Appellate Tribunal. (1) Save as provided in sub-section (2), any person aggrieved by an order made by Controller or an adjudicating officer under this Act may prefer an appeal to a Cyber Appellate Tribunal having jurisdiction in the matter. (2) No appeal shall lie to the Cyber Appellate Tribunal from an order made by an adjudicating officer with the consent of the parties. (3) Every appeal under sub-section (1) shall be filed within a period of tony-five days from the date on which a copy of the order made by the Controller or the adjudicating officer is received by the person aggrieved and it shall be in such form and be accompanied by such fee as may be prescribed: Provided that the Cyber Appellate Tribunal may entertain an appeal after the expiry of the said period of forty-five days if it is satisfied that there was sufficient cause tor not filing it within that period. (4) On receipt of an appeal under sub-section (1), the Cyber Appellate Tribunal may, after giving the parties to the appeal, an opportunity of being heard, pass such orders thereon as it thinks fit, confirming, modifying or setting aside the order appealed against. (5) The Cyber Appellate Tribunal shall send a copy of every order made by it to" the parties to the appeal and to the concerned Controller or adjudicating officer. (6) The appeal filed before the Cyber Appellate Tribunal under sub-section (1) shall be dealt with by it as expeditiously as possible and endeavour shall be made by it to dispose of the appeal finally within six months from the date of receipt of the appeal. Right of appeal is the creature of a statute and it is for the legislature to decide whether the right of appeal should be given unconditional to an aggrieved party or it should be conditionally given. Chappan Vs. Moidin Kutti 25ILR (1899) 22 Mad 68 The two things which are required to constitute appellate jurisdiction are the existence of the relation of superior and inferior court and the power on the part of the former, to review decisions of the latter. It grants an unconditional right of appeal to any aggrieved party, who has been aggrieved by an order made by Controller or an adjudicating officer under this Act. It has included even those persons who were not even the original contesting parties (complainant/defendant) before the Controller or Adjudicating Officer in a given case. Moreover, Rule 3(4) (a) of the Cyber Regulation Appellate Tribunal (Procedure) Rules, 2000 deals with subject of Joinder of Appeals. It states that persons against whom similar orders, in similar matters have been passed by the Controller or the Adjudicating Officer may file a joint 125

Strictly for Internal Circulation‐ KCL

appeal. It is important to look into Order I, Rule 1 who may be joined as plaintiffs of the Code of Civil Procedure, 1908 provisions for Joinder of appeals before the Tribunal. Furthermore, the Cyber Appellate Tribunal does not allow any aggrieved person to file an appeal if it has been against the order made by an adjudicating officer with the consent of the original contesting parties (complainant/defendant). Vedabai Vs. Shantaram Baburao Patil (2001) 9 SCC 106 The Supreme Court has observed that in exercising discretion under S.5 of the Limitation Act the courts should adopt a pragmatic approach. The courts has to exercise the discretion on the facts of each case keeping in mind that in construing the expression “sufficient cause” the principle of advancing substantial justice is of prime importance. Section- 58. Procedure and powers of the Cyber Appellate Tribunal. (1) The Cyber Appellate Tribunal shall not be bound by the procedure laid down by the Code of civil Procedure, 1908 but shall be guided by the principles of natural justice and, subject to the other provisions of this Act and of any rules, the Cyber Appellate Tribunal shall have powers to regulate its own procedure including the place at which it shall have its sittings. (2) The Cyber Appellate Tribunal shall have, for the purposes of discharging its functions under this Act, the same powers as are vested in a civil court under the Code of Civil Procedure, 1908, while trying a suit, in respect of the following matters, namely: (a) Summoning and enforcing the attendance of any person and examining him on oath; (b) Requiring the discovery and production of documents or other electronic records; (c) Receiving evidence on affidavits; (d) Issuing commissions for the examination of witnesses or documents; (e) Reviewing its decisions; (f) Dismissing an application for default or deciding it ex pane; (g) Any other matter which may be prescribed. (3) Every proceeding before the Cyber Appellate Tribunal shall be deemed to be a judicial proceeding within the meaning of sections 193 and 228, and for the purposes of section 196 of the Indian Penal Code and the Cyber Appellate Tribunal shall be deemed to be a civil court for the purposes of section 195 and Chapter XXVI of the Code of Criminal Procedure, 1973. The Cyber Appellate Tribunal is not bound by the procedure laid down by the Code of Civil Procedure, 1908 and instead it shall be guided by the principles of natural justice. The principle of natural justice revolve around the premise that the authority should hear the person concerned before passing any decision, direction or order against him. Further Cyber Appellate Tribunal shall have powers to regulate its own procedure including the place at which it shall have its sittings. Cellular Operators Association of India Vs. Union of India (2003) 3 SCC 186

126

Strictly for Internal Circulation‐ KCL

It is an established law that in the absence of any procedure laid down the provisions of the Code of Civil Procedure should be followed. Maharashtra Vs. Marwanjee F. Desai (2002) 2 SCC 318 Supreme Court has held that power of authority to summon witnesses, enforce their attendance, examine them on oath or require discovery and production of documents show the quasi judicial nature of proceedings before the authority. It states that by virtue of Ss. 193 and 228 of the Indian Penal Code, all proceedings before the Cyber Appellate Tribunal shall be deemed to be judicial proceedings. Section- 59. Right to legal representation. The appellant may either appear in person or authorise one or more legal practitioners or any of its officers to present his or its case before the Cyber Appellate Tribunal. The Act is an empowering legislation as it empowers to appellant a choice for legal representation. The legislative intent behind such a provision is to empower the appellant to exercise his option keeping in view the technical complexity of the subject matter. Section- 60. Limitation. The provisions of the Limitation Act, 1963, shall, as far as may be, apply to an appeal made to the Cyber Appellate Tribunal. Shamrao Suryavanshi Vs. Pralhad Bhairoba Suryavanshi (2002) 3 SCC 676 Supreme Court held that the established rule of limitation is that law of limitation is not applicable to a plea taken in defence unless expressly a provision is made in the statute.... the Limitation Act does not extinguish a defence, but only bars the remedy. Section- 61. Civil court not to have jurisdiction. No court shall have jurisdiction to entertain any suit or proceeding in respect of any matter which an adjudicating officer appointed under this Act or the Cyber Appellate Tribunal constituted under this Act is empowered by or under this Act to determine and no injunction shall be granted by any court or other authority in respect of any action taken or to be taken in pursuance of any power conferred by or under this Act. The Act empowers both Adjudicating Officer and Cyber Appellate Tribunal to have an exclusive jurisdiction to entertain any suit and proceeding in respect of any matter under this Act. It excludes the jurisdiction of civil courts to entertain any suit or proceeding in respect of any matter. Dhruv Green Field Ltd. Vs. Hukam Singh (2002) 6 SCC 416 127

Strictly for Internal Circulation‐ KCL

Supreme Court held that the jurisdiction of courts to try all suits of civil nature is very expensive as is evident from the plain language of S.9 of CPC. This is because of the principle ubi jus ibi remedium. It is only where cognizance of a specified type of suit is barred by a statute either expressly or impliedly that the jurisdiction of the civil court would be ousted to entertain such a suit. The general principle is that a statute excluding the jurisdiction of civil courts should be construed strictly. Section- 62. Appeal to High Court. Any person aggrieved by any decision or order of the Cyber Appellate Tribunal may file an appeal to the High Court within sixty days from the date of communication of the decision or order of the Cyber Appellate Tribunal to him on any question of fact or law arising out of such order Provided that the High Court may, if it is satisfied that the appellant was prevented by sufficient cause from filing the appeal within the said period, allow it to be filed within a further period not exceeding sixty days. (1) The Central Government shall, by notification, establish one or more appellate tribunals to be known as the Cyber Regulations Appellate Tribunal. (2) The Central Government shall also specify, in the notification referred to in sub-section (1), the matters and places in relation to which the Cyber Appellate Tribunal may exercise jurisdiction. The Act provides a second forum of appeal in the form of High Court (the first being Cyber Appellate Tribunal) to any person aggrieved by any decision or order of the Cyber Appellate Tribunal. An appeal is to be filed within 60 days from the date of communication of the decision. Cellular Operators Association of India Vs. Union of India (2003)3SCC The Supreme Court held that if a jurisdictional question or the extent thereof is disputed before a tribunal, the tribunal must necessarily decide it unless the statute provides otherwise. Only when a question of law or mixed question of fact and law are decided by a tribunal, the High Court or the Supreme Court can exercise its power of judicial review. Section- 63. Compounding of contraventions. (1) Any contravention under this Chapter may, either before or after the institution of adjudication proceedings, be compounded by the Controller or such other officer as may be specially authorised by him in this behalf or by the adjudicating officer, as the case may be, subject to such conditions as the Controller or such other officer or the adjudicating officer may specify: Provided that such sum shall not, in any case, exceed the maximum amount of the penalty which may be imposed under this Act for the contravention so compounded. 128

Strictly for Internal Circulation‐ KCL

(2) Nothing in sub-section (1) shall apply to a person who commits the same or similar contravention within a period of three years from the date on which the first contravention, committed by him, was compounded. (3) Where any contravention has been compounded under sub-section (1), no proceeding or further proceeding, as the case may be, shall be taken against the person guilty of such contravention in respect of the contravention so compounded. The compounding contraventions would be under Penalties and Adjudication as it may be either before or after the institution of adjudication proceedings. It provides that the maximum amount of the penalty, which may be imposed under this Act for the contravention, so compounded not to exceed One Crore of Rupees. If a person commits the same or similar contravention within a period of three years from the date on which the first contravention, committed by him, shall not be compounded by the Controller or such officer. Any contravention committed after the expiry of a period of three years from the date on which the contravention was previously compounded shall be deemed to be a first contravention. The compounding of a contravention signifies that the person against whom the contravention has been committed has received some gratification, not necessary of a pecuniary character, to act as an inducement for his desiring to abstain from prosecution. This if a contravention is compounded, it shall result into an acquittal. Section- 64. Recovery of penalty A penalty imposed under this Act, if it is not paid, shall be recovered as an arrear of land revenue and the licence or the Digital Signature Certificate, as the case may be, shall be suspended till the penalty is paid. The penalty amount on account of contraventions must not exceed one crore rupees. In case of a person’s inability to pay the penalty amount imposed under the act, the same shall be recovered, as an arrear of land revenue and the licence or Digital Signature Certificate, as the case may be shall remain suspended till the penalty is paid. Section-75. Act to apply for offence or contravention committed outside India. - (1) Subject to the provision of sub-section (2), the provisions of this Act shall apply also to any offence or contravention committed outside India by any person irrespective of his nationality. (2) For the purposes of sub-section(1), this act shall apply to an offence or contravention committed outside India by any person if the act or conduct constituting located in India. Section- 76. Confiscation. - Any computer, computer system, floppies, compact disks, tape drives or nay other accessories related thereto, in respect of the if which any provision of this Act, rule, orders or regulations made thereunder has been or is being contravened, shall be liable to confiscation: 129

Strictly for Internal Circulation‐ KCL

Provided that where it is established to the satisfaction of the court adjudicating the confiscation that the person in whose possession, power or control of any such computer, computer system, floppies, compact disks, tape drives or any other accessories relating thereto is found is not responsible for the contravention of the provisions of this Act, rules, orders or regulations made there under, the court may, instead of making an order for confiscation of such computer, computer system, floppies, compact disks, tape drives or any other accessories related thereto, make such other order authorised by this Act against the person contravening of the provisions of this Act, rules, orders or regulations made there under as it may think fit.

CYBER REGULATION ADVISORY COMMITTEE The Cyber Regulation Advisory Committee (CRAC) (Section-88) is consist of a Chairperson and other official and non official members representing the interests principally affected or having special knowledge of the subject matter. The Committee will advise the Central Government either generally as regards any rules or for any rules or for any other purposes as well as the Controller of Certifying Authority (CCA) in framing the regulations under the Act. The establishment and constitution of this Committee has an important role to play in the growth of information technology law along the right lines.

Section- 88. Constitution of Advisory Committee. - (1) The Central Government shall, as soon as may be after the commencement of this Act, constitute a Committee called the Cyber Regulations Advisory Committee. (2) The Cyber Regulations Advisory Committee shall consist of a Chairperson and such number of other official and non-official members representing the interests principal affected or having special knowledge of the subject-matter as the Central Government may deem fit. (3) The Cyber Regulations Advisory Committee shall advice- (a) The Central Government either generally as regards any rules or for any other purpose connected with this Act. (4) There shall be paid to the non-official members of such Committee such travelling and other allowances as the Central Government may fix.

130

Strictly for Internal Circulation‐ KCL

131

Strictly for Internal Circulation‐ KCL

IMPORTANT QUESTIONS UNIT – 5 OFFENCES & PENALTIES UNDER INFORMATION TECHNOLOGY ACT, 2000 Q.1.

What are the Regulatory Authorities under Information Technology Act 2000?

Q.2.

Discuss the working of Cyber Regulation Appellate Tribunal and explain its powers.

Q.3.

What are Cyber Crimes? What are its types?

Q.4.

What are the challenges of cyber Crimes?

Q.5.

What would be the penalty / adjudication if the crime is related to :(1) Damage to Computer, Computer System etc. (2) For failing to furnish any document, return on report to the controlled / Certifying Authority. (3) Offences for which no penalty is separately provided. (4) Tampering with computer source documents. (5) Hacking (6) Publication of obscene Material in electronic from. (7) For Mis-representation or suppression of any Material fact from the controller / Certifying Authority. (8) For break of confidentiality & privacy.

Q.6.

Briefly explain the role of Certifying Authorities under IT Act 2000?

Q.7.

What is Cyber-Squatting? Explain how it is established that a person has wrongfully registered a domain name.

Q.8.

Explain briefly

Q.9.

What is the jurisdiction of Cyber Crimes?

Q10.

Critically analyze the judicial interpretation / intervention for protection and prevention from cyber offenders.

Q.11.

What are online transactions and types of online transactions? What requirements do your need for transaction security?

@ @ @ @

Hacking Phishing Obscenity Digital Signatures

132

Strictly for Internal Circulation‐ KCL

SUGGESTIONS AND CONCLUSION SUGGESTIONS The Act has not really catered to issues such as intellectual property rights (IPR), privacy and data protection and content regulation. The mushrooming of internet companies and availability of various sites with millions of pages of information and data has opened a new era of information flow and a pandora box on copyright. It has neither talked about the infringement of intellectual property rights of other entitles nor does it speak about the copying of the content provided by ISP or net service provider. The Act does not talk about the liability of a person but only speaks of the liability of the intermediary for the third party data and information. The IT Act also does not apply to negotiable instruments, trusts, testamentary dispositions (in other words you cannot have a will distributing your assets in an electronic format) and contracts for conveyance of immovable property. Its scope is wide enough as it applies to offences or contravention committed outside India and to any person irrespective of nationality, if the offence involves a computer, computer system or computer network located in India. This raises several international jurisdictional issues. Moreover, to implement this clause, ideally India should sign extradition treaties with other countries to deal with cyber crime While referring to hacking, the words used are `intent’. Proving intent in a court of law is likely to be difficult as it is a subjective term. The suggestion that cyber-cafes should be forced to maintain details about all persons visiting the cafe and the web-sites accessed by them have been considered unnecessary by critics. There is a section of the act, which allows an officer of the rank of deputy superintendent of police to search and arrest without a warrant. This section has caused concern. The Cyber Appellate Tribunal is a one member body. He has the statutory authority to examine the correctness, legality or propriety of the decision or order passed by the Controller of Certifying Authorities or the Adjudicating Officer under the Act. But by looking into the various provisions under the Chapter X- Cyber Regulations Appellate Tribunal it seems that it would have been more appropriate and effective if instead of being a one member body, the Tribunal could have been an “expert body” (Commission) consisting of members having varied qualifications to appreciate the legal, technical and factual questions involved in the appeals in the first appellate stage itself.

133

Strictly for Internal Circulation‐ KCL

CONCLUSION

The introduction of the internet has brought the tremendous changes in our lives. People of all fields are increasingly using the computers to create, transmit and store information in the electronic form instead of the traditional papers, documents. Information stored in electronic forms has many advantages, it is cheaper, easier to store, easier to retrieve and for speedier to connection. Though it has many advantages, it has been misused by many people in order to gain themselves or for sake or otherwise to harm others. The high and speedier connectivity to the world from any place has developed many crimes and these increased offences led to the need of law for protection. Some countries have been rather been vigilant and formed some laws governing the net. In order to keep in pace with the changing generation, the Indian Parliament passed the law --- Information Technology Act 2000. The IT Act 2000 has been conceptualized on the United Nations Commissions on International Trade Law (UNCITRAL) Model Law. Though legal provisions necessary for facilitating the e-commerce and checking the cyber crimes have been brought into the Statute Book of the Country for facilitating the e-governance, but legal mechanism for checking cyber crimes as provided in the I.T. Act has yet not been made operational. The Cyber Appellate Tribunal has not yet been made operational. Though its new Office and the Court Room of the Cyber Regulation Appellate Tribunal inaugurated on 27th July, 2009 but only on paper. Our Justice Delivery System depends heavily on Doctrine of precedent. In criminal trials, lawyers have to cite the decisions of the higher courts in similar matters in support of their arguments. But in the absence of decisions relating to cyber related crimes in the country, our own jurisprudence has yet not been developed and hence, in cases relating to cyber offences, one has to depend on foreign decisions on similar issues. Though a number of cases have been registered in different parts of the country such as sending obscene SMSs to film actresses in Mumbai, sending threatening E-mails by terrorists groups etc., FIRs have been lodged and criminal investigations or trial is in progress, but no final decision has yet been reported in any of such cases. It has now been realised that there are still gaps in legal provisions relating to e-governance and cyber crimes. Thus it is a high time that Ministry of Communications and Information Technology should make serious efforts to bring out necessary amendments in IT Act for rectifying the shortcomings in I.T. Act or should suggest for a separate legislation, if needed and serious efforts should be made to make the Cyber Appellate Tribunal operational. Efforts should also be made to conduct suitable training programmes for investigating officers to provide them necessary training for investigating the cyber related crimes so that more and more trained persons may be available for investigating and adjudicating the cyber related crimes. Through this, I urge the Ministry of Communications and Information Technology, Government of India for filling the gaps in existing cyber laws and for strengthening the legal machinery for adjudicating the cyber crimes expeditiously.

134

Strictly for Internal Circulation‐ KCL

SUGGESTED READINGS 1. Information Technology Act 2000- BARE ACT. 2. Information Technology Act- Dr. Pawan Duggal 3. Information Technology Act- Vakul Sharma 1. Information Technology Act 2000. 2. Cyber Regulations Appellate Tribunal (Procedure) Rules, 2000 3. Cyber Regulations Appellate Tribunal (Salary, Allowances and other terms and conditions of service of Presiding Officer) Rules, 2003 4. Information Technology (Other powers of Civil Court vested in Cyber Appellate Tribunal) Rules 2003. 5. Information Technology (Qualification and Experience of Adjudicating Officers and Manner of Holding Enquiry) Rules, 2003. 6. Information Technology (Security Procedure) Rules, 2004 7. Information Technology (Other Standards) Rules, 2003. 8. Information Technology Act- Dr. Pawan Duggal 9. Information Technology Act- Vakul Sharma 10. Commentary on Information Technology Act- Apar Gupta 11. Privacy and the concept of data protection in India- Chetan Nagendra, Chartered Secretary, July 2003. 12. Cyber Crime: Prevention & Investigation, CBI Bulletin- Dr. S.C. Agarwal-June 2002 13. www.mit.gov.in 14. www.cyberlawtimes.com 15. www.cyberlawindia.com 16. www.cyberforensics.in/pages/services 17. www.vakilno1.com 18. www.legalserviceindia.com 19. www.legalhelp.com 20. www.eprocurement.gov.in 21. www.naavi.org 22. www.hindu.com 135

Suggest Documents

ENGLISH - II BA. LLB. 5 YR. (2-SEM) CURSE MATERIAL KAMKUS COLLEGE OF LAW GHAZIABAD

ENGLISH - II BA. LLB. 5 YR. (2-SEM) CURSE MATERIAL KAMKUS COLLEGE OF LAW GHAZIABAD
Read more
LAW OF SUCCESS COURSE

LAW OF SUCCESS COURSE
Read more
COLLEGE OF LAW. Scholarship

COLLEGE OF LAW. Scholarship
Read more
Computer Ethics and Cyber Law

Computer Ethics and Cyber Law
Read more
Nepalese Cyber Law : An Overview

Nepalese Cyber Law : An Overview
Read more
International Environmental Law Course

International Environmental Law Course
Read more
EMPLOYMENT LAW COURSE OUTLINE

EMPLOYMENT LAW COURSE OUTLINE
Read more
International Environmental Law course

International Environmental Law course
Read more
Boston College Law Review

Boston College Law Review
Read more
Boston College Law Review

Boston College Law Review
Read more
Gonzaga University School of Law Military Law Course Syllabus

Gonzaga University School of Law Military Law Course Syllabus
Read more
Boston College Law Review

Boston College Law Review
Read more
Boston College Law Review

Boston College Law Review
Read more
Boston College Law Review

Boston College Law Review
Read more
Boston College Law Review

Boston College Law Review
Read more
MICHIGAN STATE UNIVERSITY COLLEGE OF LAW INTERNATIONAL LAW REVIEW

MICHIGAN STATE UNIVERSITY COLLEGE OF LAW INTERNATIONAL LAW REVIEW
Read more
Smart Cyber Practices In Law Firms

Smart Cyber Practices In Law Firms
Read more
China passes controversial Cyber Security Law

China passes controversial Cyber Security Law
Read more
Scholarly FAMU Law. Florida A&M University College of Law. Randall S. Abate Florida A & M University College of Law,

Scholarly FAMU Law. Florida A&M University College of Law. Randall S. Abate Florida A & M University College of Law,
Read more
UNIVERSITY OF ILLINOIS COLLEGE OF LAW

UNIVERSITY OF ILLINOIS COLLEGE OF LAW
Read more
Course Guide Applied Law BTEC

Course Guide Applied Law BTEC
Read more
Course Handbook Entry. BULAW1502 Fundamentals of Law

Course Handbook Entry. BULAW1502 Fundamentals of Law
Read more
Government Law College Recruitment Handbook

Government Law College Recruitment Handbook
Read more
Georgia State University College of Law

Georgia State University College of Law
Read more