Let me share some thing about the law governing cyber space in India.
The cyber world is governed by the Information Technology Act, 2000 in India. Although it has been amended by The Information Technology (amendment) Act, 2008, I shall first go through the provisions of the original statute.
This statute was enacted in compliance with the model law on Electronic Commerce adopted by the United Nations General Assembly vide resolution No. A/RES/51/162, which recommends, inter alia, that all states give favourable consideration to the said Model Law when they enact or revise their laws relating to IT.
The act in its object clause states that it is “ An Act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce", which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.” However it deals with many more provisions relating to IT. As far as the application of this act is concerned, it has no geographical boundaries. It may be applied to incidents even outside the territory of India.
The major chapters under the act include:-
1.Definitions.
2.Electronic Governance.
3.Electronic Records.
4.Digital Signatures.
5.Certifying Authorities.
6.Cyber Regulations Appellate Tribunal.
7.Offences Related to Computers.
8.Miscellaneous Provisions.
Let us now go into some details of the aforestated provisions.
In the first Chapter of the Act, and under Section 2, there are definitions of various terms with are used under the act. The most important definitions covered under this chapter may be listed as follows:-
A. Under Section 2 (1)(a):- ‘Access’ “with its grammatical variations and cognate expressions means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network;”
B. Under Section 2 (1)(d):- ‘Affixing Digital Signature’ “with its grammatical variations and cognate expressions means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of digital signature”
C. Under Section 2 (1)(f):- ‘Asymmetric crypto system’ means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature;
D. Under Section 2 (1)(i):- ‘Computer’ means any electronic magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network;
E. Under Section 2 (1)(j):- ‘Computer Network’ means the interconnection of one or more computers through-
a. the use of satellite, microwave, terrestrial line or other communication media; and
b. terminals or a complex consisting of two or more interconnected computers whether or not the interconnection is continuously maintained.
F. Under Section 2 (1)(k):- ‘computer resource’ means computer, computer system, computer network, data, computer data base or software;
G. Under Section 2 (1)(l):- ‘computer system’ means a device or collection of devices, including input and output support devices and excluding calculators which are not programmable and capable of being used in conjunction with external files, which contain computer programmes, electronic instructions, input data and output data, that performs logic, arithmetic, data storage and retrieval, communication control and other functions;
H. Under Section 2 (1)(o):- ‘data’ means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalized manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer;
I. Under Section 2 (1)(p):- ‘digital signature’ means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3;{Section 3 talks About Authentication of electronic records Defined below.}
J. Under Section 2 (1)(r):- ‘electronic form’ with reference to information means any information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device;
K. Under Section 2 (1)(t):- ‘electronic record’ means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche;
L. Under Section 2 (1)(u):- ‘function’, in relation to a computer, includes logic, control arithmetical process, deletion, storage and retrieval and communication or telecommunication from or within a computer;
M. Under Section 2 (1)(v):- ‘information’ includes data, text, images, sound, voice, codes, computer programmes, software and databases or micro film or computer generated micro fiche;
In Chapter III of the act it deals with e-Governance. The term Electronic Governance, most commonly referred as e-Governance means setting up an easy, cheap and transparent relationship among people and the government using the electronic media. Internet plays the most vital role in carrying out of e-Governance. In e-Government, people are linked with the government by the internet. Sections 4 to 10 deal with provisions like legal recognition of electronic records, legal recognition of digital signatures, retention of electronic records etc.
Chapter IV deals with Attribution, Acknowledgement and dispatch of electronic records.
Chapter VII talks about Digital Signature Certificates.
The main concern of common people using Computers or Computer systems is dealt with in Chapter XI where different kinds of Computer related offences have been defined and the penalty for such offence is prescribed. These crimes are often named as White Collar Crimes and mainly need intellect.
Section 66 (1) talks about Hacking with Computer System, it states that “Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hack.” Here due attention must be paid to the three words in bold i.e. destroys, deletes and alters. These three words have much more bigger ambit than it seems to a common man. These three kinds of actions can lead to theft, misappropriation, forgery, fraud, introduction of viruses, Trojan horses, logic bombs etc. The persons committing such offences are referred to as Hackers. There are various kinds of hackers viz.
i. Code Hackers:- They know computer like their backyard and they can use the computer in any manner they wish.
ii. Crackers:- They gain access into computer systems by circumventing operating systems’ security.
iii. Phreakers:- They use their vast internet knowledge to hack.
iv. CyberPunks:- They have expertise in Cryptography.
Section 66 (2) penalizes the offence of hacking with imprisonment up to three years and/or fine which may extend upto two lakh rupees.
Section 67 deals with Pornography as an offence. It states that “Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to one lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to ten years and also with fine which may extend to two lakh rupees.”
Section 70 deals with Protected Systems. Sub-section 1 states that The appropriate Government may, by notification in the Official Gazette, declare that any computer, computer system or computer network to be a protected system and Sub-section 3 states that any person who secures access or attempts to secure access to a protected system in contravention of the provisions of this section shall be punished with imprisonment of either description for a term which may extend to ten years and shall also be liable to fine.
Section 76 talks about Confiscation, it states that Any computer, computer system, floppies, compact disks, tape drives or any other accessories related thereto, in respect of which any provision of this Act, rules, orders or regulations made thereunder has been or is being contravened, shall be liable to confiscation.
The act gives a police officer not below the rank of Deputy Superintendent of Police authority to investigate any case relating to cyber crime under this act.
Under chapter XIII provisions like power of police officer to enter and search the premises where cyber crime is committed or is likely to be committed.
Now I would like to make a reference to the Information Technology (Amendment) Act,2008. The act has been enforced in 2009. It has made some very important changes in the original statute. Some of such changes can be enlisted as under:
The cyber world is governed by the Information Technology Act, 2000 in India. Although it has been amended by The Information Technology (amendment) Act, 2008, I shall first go through the provisions of the original statute.
This statute was enacted in compliance with the model law on Electronic Commerce adopted by the United Nations General Assembly vide resolution No. A/RES/51/162, which recommends, inter alia, that all states give favourable consideration to the said Model Law when they enact or revise their laws relating to IT.
The act in its object clause states that it is “ An Act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce", which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.” However it deals with many more provisions relating to IT. As far as the application of this act is concerned, it has no geographical boundaries. It may be applied to incidents even outside the territory of India.
The major chapters under the act include:-
1.Definitions.
2.Electronic Governance.
3.Electronic Records.
4.Digital Signatures.
5.Certifying Authorities.
6.Cyber Regulations Appellate Tribunal.
7.Offences Related to Computers.
8.Miscellaneous Provisions.
Let us now go into some details of the aforestated provisions.
In the first Chapter of the Act, and under Section 2, there are definitions of various terms with are used under the act. The most important definitions covered under this chapter may be listed as follows:-
A. Under Section 2 (1)(a):- ‘Access’ “with its grammatical variations and cognate expressions means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network;”
B. Under Section 2 (1)(d):- ‘Affixing Digital Signature’ “with its grammatical variations and cognate expressions means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of digital signature”
C. Under Section 2 (1)(f):- ‘Asymmetric crypto system’ means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature;
D. Under Section 2 (1)(i):- ‘Computer’ means any electronic magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network;
E. Under Section 2 (1)(j):- ‘Computer Network’ means the interconnection of one or more computers through-
a. the use of satellite, microwave, terrestrial line or other communication media; and
b. terminals or a complex consisting of two or more interconnected computers whether or not the interconnection is continuously maintained.
F. Under Section 2 (1)(k):- ‘computer resource’ means computer, computer system, computer network, data, computer data base or software;
G. Under Section 2 (1)(l):- ‘computer system’ means a device or collection of devices, including input and output support devices and excluding calculators which are not programmable and capable of being used in conjunction with external files, which contain computer programmes, electronic instructions, input data and output data, that performs logic, arithmetic, data storage and retrieval, communication control and other functions;
H. Under Section 2 (1)(o):- ‘data’ means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalized manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer;
I. Under Section 2 (1)(p):- ‘digital signature’ means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3;{Section 3 talks About Authentication of electronic records Defined below.}
J. Under Section 2 (1)(r):- ‘electronic form’ with reference to information means any information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device;
K. Under Section 2 (1)(t):- ‘electronic record’ means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche;
L. Under Section 2 (1)(u):- ‘function’, in relation to a computer, includes logic, control arithmetical process, deletion, storage and retrieval and communication or telecommunication from or within a computer;
M. Under Section 2 (1)(v):- ‘information’ includes data, text, images, sound, voice, codes, computer programmes, software and databases or micro film or computer generated micro fiche;
In Chapter III of the act it deals with e-Governance. The term Electronic Governance, most commonly referred as e-Governance means setting up an easy, cheap and transparent relationship among people and the government using the electronic media. Internet plays the most vital role in carrying out of e-Governance. In e-Government, people are linked with the government by the internet. Sections 4 to 10 deal with provisions like legal recognition of electronic records, legal recognition of digital signatures, retention of electronic records etc.
Chapter IV deals with Attribution, Acknowledgement and dispatch of electronic records.
Chapter VII talks about Digital Signature Certificates.
The main concern of common people using Computers or Computer systems is dealt with in Chapter XI where different kinds of Computer related offences have been defined and the penalty for such offence is prescribed. These crimes are often named as White Collar Crimes and mainly need intellect.
Section 66 (1) talks about Hacking with Computer System, it states that “Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hack.” Here due attention must be paid to the three words in bold i.e. destroys, deletes and alters. These three words have much more bigger ambit than it seems to a common man. These three kinds of actions can lead to theft, misappropriation, forgery, fraud, introduction of viruses, Trojan horses, logic bombs etc. The persons committing such offences are referred to as Hackers. There are various kinds of hackers viz.
i. Code Hackers:- They know computer like their backyard and they can use the computer in any manner they wish.
ii. Crackers:- They gain access into computer systems by circumventing operating systems’ security.
iii. Phreakers:- They use their vast internet knowledge to hack.
iv. CyberPunks:- They have expertise in Cryptography.
Section 66 (2) penalizes the offence of hacking with imprisonment up to three years and/or fine which may extend upto two lakh rupees.
Section 67 deals with Pornography as an offence. It states that “Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to one lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to ten years and also with fine which may extend to two lakh rupees.”
Section 70 deals with Protected Systems. Sub-section 1 states that The appropriate Government may, by notification in the Official Gazette, declare that any computer, computer system or computer network to be a protected system and Sub-section 3 states that any person who secures access or attempts to secure access to a protected system in contravention of the provisions of this section shall be punished with imprisonment of either description for a term which may extend to ten years and shall also be liable to fine.
Section 76 talks about Confiscation, it states that Any computer, computer system, floppies, compact disks, tape drives or any other accessories related thereto, in respect of which any provision of this Act, rules, orders or regulations made thereunder has been or is being contravened, shall be liable to confiscation.
The act gives a police officer not below the rank of Deputy Superintendent of Police authority to investigate any case relating to cyber crime under this act.
Under chapter XIII provisions like power of police officer to enter and search the premises where cyber crime is committed or is likely to be committed.
Now I would like to make a reference to the Information Technology (Amendment) Act,2008. The act has been enforced in 2009. It has made some very important changes in the original statute. Some of such changes can be enlisted as under:
- The definition chapter has included in it the definition of “cyber cafe” as, any facility from where access to the internet is offered by any person in the ordinary course of business to the members of the
public. - The term 'Digital Signature' has been coupled with the term 'Electronic Signature' .
- The power for investigation of Cyber Crime cases has been given to all officers with the rank of a Police Inspector and above him.
- The maximum amount of compensation has been raised from Rs. 1 Crore to Rs. 5 Crores.
- Special strict penal provisions have been made with reference to 'Child Pornography'.
- The term Communication Device now includes mobiles, PDAs, a combination of both or any other device that can store, transmit and handle text, audio and video files.
To conclude it can be commented that although there is a strict law governing different kinds of electronic crimes referred to as cyber crimes but they have not got due implementation nationwide. Although, there are laws to deal with serious cyber crimes buy the administration lacks power to control and nab notorious criminals. In many areas and as evident in many cases, computers and internet experts have proved themselves as boons to the nation, but still we may find many people committing crimes using computers, many knowingly and many unknowingly. It is very important to know the laws relating to such offences and punishments on breaching those laws.
-Krishanu Ray
No comments:
Post a Comment