1

Unit 1
Cyber world: an overview, internet and online resources, security of information, digital
signature, intellectual property (IP), historical background of IP, IPR governance,
National patent offices, the world intellectual property organization (WIPO)
Cyber world:
Some think cyber world is the world of online computers and communications which implies
today's fast-moving high-technology world online. That is one way to look at it if you are into
abstractions and distractions. We are interested in something more tangible and real; so we've
redefined the term to give it the power and meaning that it deserves.
The Cyber World 1. An online world where users have the mechanisms in place to transact any business or
personal activity as easily and freely as they can transact them in the physical world.
2. An environment for sophisticated online computing.
3. The futuristic online world of computing.
This obviously means the cyber world does not exist. Up to now weve been having a lot of
fun online using a web of documents and data. After 20 years of surfing, maybe it's time to
get serious. It seems we've gotten ourselves caught in a web and we dont know how to get
out.
The Cyber World is a digital extension of yourself interacting with a digital extension of our
real world in a Virtual environment. It should be obvious you cant build virtual extensions
on a web or web pages. We have to have something much more sophisticated.
These digital extensions will give the ordinary user extraordinary capabilities compared to
todays standards. The Cyber World will allow the internet to move to a more advanced level
of online computing. Things like voting, attending classes, purchasing homes and
automobiles, court proceedings, job interviews, grocery shopping, Medical care and
diagnostics, computer and home appliance maintenance and diagnostics, real time monitoring
and enforcement of cyber-crime, etc., will all be done online with ease. Many expected the
web to produce all these things, but the dot com meltdown was the first sign that web
technology was not up to the challenge. This is the simple part. Maybe not so simple for the
web but we are dealing with a super technology. The Cyber World's goals and capabilities
will reach much higher. The Cyber World has the ability to set the human race free. Free from
itself, business and government. If there is one thing we've learned from the web, is that
freedom will grow anything. It is like fertilizer. The Internet enhanced by the Web is the
purest expression of Freedom and Democracy the world has ever known. Yet, there are
people who want to limit this freedom in order to control it - in order to make money. This is
backwards. It's very simple, you only need a little imagination. Because we live in digital age,
it is no longer necessary to divide and conquer to profit. In a digital age, this will only lead to
failure. There is a new recipe for profiting in the digital age. Adding Freedom = Big Profits.
No one says no to freedom and yes to slavery. The Internet enhanced by the Cyber World
will give the human race true Freedom and Autonomy.

Internet and online resources:

In general, Web pages and documents on the Internet that provide useful information. While
an online resource is typically data and educational in nature, any support software available
online can also be considered a resource.
We use the term "electronic resources" to refer to a variety of resources available online. This
includes our online collections of magazine and newspaper articles, encyclopaedias, financial
and investment resources, online language learning systems, business directories, practice
tests and study guides, and live, web-based, one-on-one tutoring.
These and many more are paid and some are free of charge. You just need to log in with your
computer. These resources are available 24 hours a day, seven days a week, from any
computer with an Internet connection.
Online sources are informational resources found on the Internet. They include the websites
of professional organizations, electronic versions of reference books, academic journals and
periodicals, and even blogs. Online sources are great for research, as long as you put in the
work to determine which sources are reliable! This is a multi-step process that involves
figuring out a particular sources publisher, author, bias, depth, accuracy, and timeliness.

Security of information:
Information Security is a multidisciplinary area of study and professional activity which is
concerned with the development and implementation of security mechanisms of all available
types (technical, organisational, human-oriented and legal) in order to keep information in all
its locations (within and outside the organisation's perimeter) and, consequently, information
systems, where information is created, processed, stored, transmitted and destroyed, free from
threats.
Security of information can be defined in following ways:
Integrity
In information security, data integrity means maintaining and assuring the accuracy and
consistency of data over its entire life-cycle. This means that data cannot be modified in an
unauthorized or undetected manner. This is not the same thing as referential integrity in
databases, although it can be viewed as a special case of consistency as understood in the
classic ACID model of transaction processing. Information security systems typically provide
message integrity in addition to data confidentiality.
Availability
For any information system to serve its purpose, the information must be available when it is
needed. This means that the computing systems used to store and process the information, the
security controls used to protect it, and the communication channels used to access it must be
functioning correctly. High availability systems aim to remain available at all times,

preventing service disruptions due to power outages, hardware failures, and system upgrades.
Ensuring availability also involves preventing denial-of-service attacks, such as a flood of
incoming messages to the target system essentially forcing it to shut down.
Authenticity
In computing and information security, it is necessary to ensure that the data, transactions,
communications or documents (electronic or physical) are genuine. It is also important for
authenticity to validate that both parties involved are who they claim to be. Some information
security systems incorporate authentication features such as "digital signatures", which give
evidence that the message data is genuine and was sent by someone possessing the proper
signing key.
Non-repudiation
In law, non-repudiation implies one's intention to fulfil their obligations to a contract. It also
implies that one party of a transaction cannot deny having received a transaction nor can the
other party deny having sent a transaction.
It is important to note that while technology such as cryptographic systems can assist in nonrepudiation efforts, the concept is at its core a legal concept transcending the realm of
technology. It is not, for instance, sufficient to show that the message matches a digital
signature signed with the sender's private key, and thus only the sender could have sent the
message and nobody else could have altered it in transit. The alleged sender could in return
demonstrate that the digital signature algorithm is vulnerable or flawed, or allege or prove
that his signing key has been compromised. The fault for these violations may or may not lie
with the sender himself, and such assertions may or may not relieve the sender of liability, but
the assertion would invalidate the claim that the signature necessarily proves authenticity and
integrity and thus prevents repudiation.
Digital signature:
A digital signature is a mathematical scheme for demonstrating the authenticity of a digital
message or document. A valid digital signature gives a recipient reason to believe that the
message was created by a known sender, such that the sender cannot deny having sent the
message (authentication and non-repudiation) and that the message was not altered in transit
(integrity). Digital signatures are commonly used for software distribution, financial
transactions, and in other cases where it is important to detect forgery or tampering. (More in
shivani.)
Intellectual property:
Intellectual property (IP) is a legal term that refers to creations of the mind. Examples of
intellectual property include music, literature, and other artistic works; discoveries and
inventions; and words, phrases, symbols, and designs. Under intellectual property laws,
owners of intellectual property are granted certain exclusive rights. Some common types of
intellectual property rights (IPR) are copyright, patents, and industrial design rights; and the
rights that protect trademarks, trade dress, and in some jurisdictions trade secrets. Intellectual
property rights are themselves a form of property, called intangible property.

Although many of the legal principles governing IP and IPR have evolved over centuries, it
was not until the 19th century that the term intellectual property began to be used, and not
until the late 20th century that it became commonplace in the majority of the world. The
Statute of Monopolies (1624) and the British Statute of Anne (1710) are now seen as the
origins of patent law and copyright respectively, firmly establishing the concept of
intellectual property.

Historical background of IP:

The first known use of the term intellectual property dates to 1769, when a piece published in
the Monthly Review used the phrase. The first clear example of modern usage goes back as
early as 1808, when it was used as a heading title in a collection of essays.
The German equivalent was used with the founding of the North German Confederation
whose constitution granted legislative power over the protection of intellectual property
(Schutz des geistigen Eigentums) to the confederation. When the administrative secretariats
established by the Paris Convention (1883) and the Berne Convention (1886) merged in
1893, they located in Berne, and also adopted the term intellectual property in their new
combined title, the United International Bureaux for the Protection of Intellectual Property.
The organization subsequently relocated to Geneva in 1960, and was succeeded in 1967 with
the establishment of the World Intellectual Property Organization (WIPO) by treaty as an
agency of the United Nations. According to Lemley, it was only at this point that the term
really began to be used in the United States (which had not been a party to the Berne
Convention), and it did not enter popular usage until passage of the Bayh-Dole Act in 1980.
Until recently, the purpose of intellectual property law was to give as little protection possible
in order to encourage innovation. Historically, therefore, they were granted only when they
were necessary to encourage invention, limited in time and scope.
The importance of intellectual property was first recognized in the Paris Convention for the
Protection of Industrial Property (1883) and the Berne Convention for the Protection of
Literary and Artistic Works (1886). Both treaties are administered by the World Intellectual
Property Organization (WIPO).
IPR governance:
Intellectual property rights (IPR) are among the key institutions that influence innovative
activity. US patent reforms in the early 1980s put IPR at the forefront of domestic policy
debates. Since then, the US has endeavoured to embed IPR into trade negotiations, thereby
thrusting it onto the international scene. And although there has been a massive global
movement toward stronger IPR, its relative merits remain unclear. This project seeks to
understand the evolving role of domestic IPR in a context of increasing globalization.
A better understanding of the effect of IPR on innovation will allow policy makers to design
more optimal national property rights regimes. The project will also inform the creation of

multilateral agreements on IPR and examine whether the effects of IPR on innovation depend
on the countrys level of development, thus informing policies aimed at international
development. Research for this project began in 2012.
National patent offices:
A patent office is a governmental or intergovernmental organization which controls the issue
of patents. In other words, "patent offices are government bodies that may grant a patent or
reject the patent application based on whether or not the application fulfils the requirements
for patentability."
A patent office is a government body that is responsible for approving or denying any patent
applications submitted by applicants for inventions. Once an application has been approved
by the office, the applicant is granted the exclusive right to make, use, or sell the invention
for a set period of time. Typically, a patent office is staffed by people who have been formally
registered to practice before the office. These individuals are often also licensed attorneys.
Most offices grant patents that are effective only within the borders of their own countries. If
an applicant is granted a patent in one country, he or she must generally submit a separate
application to an office in each foreign country in order to get foreign patent rights. Most
countries have their own patent rules and charge filing fees. As a result, filing a patent with
multiple foreign offices can be an expensive undertaking.
Many patent offices have designated a specific process for the filing of patents. In general, an
applicant is first required to search a database of patent records in order to determine whether
another person has already patented his or her invention. If the invention hasnt been
patented, the applicant can submit an application to the office. The office will undertake a
patent prosecution, during which it determines whether the patent will be granted or denied.
If the patent is denied, the applicant usually has the right to appeal the decision to an appeals
board. The applicant is normally responsible for paying any fees associated with the
application process. The patent office may also charge fees for maintaining or renewing a
patent.
In addition to approving patents, a patent office publishes and distributes information relating
to patents, and it records instances in which a patent holder assigns his or her invention to
another person or entity. It also serves as an official record custodian. In this capacity, it may
retain a database of national and international records. Additionally, a patent office generally
provides the public with a facility to search and inspect patents already on file.
In some countries, patent offices are more generally referred to as intellectual property
offices. In addition to reviewing patent applications, they also handle issues relating to
trademarks and copyrights. A trademark is a type of protection offered for logos that
differentiate a particular product or service. Copyrights are granted to protect certain works,
such as a literary, artistic, or musical creation.

WIPO:
The World Intellectual Property Organization (WIPO) is one of the 17 specialized
agencies of the United Nations.
WIPO was created in 1967 "to encourage creative activity, to promote the protection of
intellectual property throughout the world."
WIPO currently has 188 member states, administers 26 international treaties, and is
headquartered in Geneva, Switzerland. The current Director-General of WIPO is Francis
Gurry, who took office on October 1, 2008. 186 of the UN Members as well as the Holy See
and Niue are Members of WIPO. Non-members are the states of Marshall Islands, Federated
States of Micronesia, Nauru, Palau, Solomon Islands, South Sudan and Timor-Leste.
Palestine has observer status.
Established in 1967, the World Intellectual Property Organization (WIPO) is an international
organization dedicated to helping ensure that the rights of creators and owners of intellectual
property are protected worldwide, and that inventors and authors are therefore recognized and
rewarded for their ingenuity. This international protection acts as a spur to human creativity,
pushing back the limits of science and technology and enriching the world of literature and
the arts. By providing a stable environment for marketing products protected by intellectual
property, it also oils the wheels of international trade. WIPO works closely with its Member
States and other constituents to ensure the intellectual property system remains a supple and
adaptable tool for prosperity and well-being, crafted to help realize the full potential of
created works for present and future generations.
Promotion of IP
As part of the United Nations system of specialized agencies, WIPO serves as a forum for its
Member States to establish and harmonize rules and practices for the protection of
intellectual property rights. WIPO also services global registration systems for trademarks,
industrial designs and appellations of origin, and a global filing system for patents. These
systems are under regular review by WIPOs Member States and other stakeholders to
determine how they can be improved to better serve the needs of users and potential users.
Many industrialized nations have intellectual property protection systems that are centuries
old. Among newer or developing countries, however, many are in the process of building up
their patent, trademark and copyright legal frameworks and intellectual property systems.
With the increasing globalization of trade and rapid changes in technological innovation,
WIPO plays a key role in helping these systems to evolve through treaty negotiation; legal
and technical assistance; and training in various forms, including in the area of enforcement.
WIPO works with its Member States to make available information on intellectual property
and outreach tools for a range of audiences from the grassroots level through to the business
sector and policymakers to ensure its benefits are well recognized, properly understood and
accessible to all.
How is WIPO funded?
WIPO is a largely self-financed organization, generating more than 90 percent of its annual
budget through its widely used international registration and filing systems, as well as

through its publications and arbitration and mediation services. The remaining funds come
from contributions by Member States.
UNIT-2
Introduction about the cyber space, cyber law, regulation of cyber space, scope of cyberlaws: ecommerce; online contracts; IPRs (copyright, trademarks and software
patenting), E-taxation; e-governance and cyber-crimes,
Cyber law in India with special reference to Information Technology Act, 2000.
Introduction about the cyber space:
Cyberspace is "the notional environment in which communication over computer networks
occurs." The word became popular in the 1990s when the uses of the internet, networking,
and digital communication were all growing dramatically and the term "cyberspace" was able
to represent the many new ideas and phenomena that were emerging. The parent term of
cyberspace is "cybernetics", derived from the Ancient Greek word which means steersman,
governor, pilot, or rudder, cyberspace is introduced by William Gibson a science fiction
writer.
As a social experience, individuals can interact, exchange ideas, share information, provide
social support, conduct business, direct actions, create artistic media, play games, engage in
political discussion, and so on, using this global network. They are sometimes referred to as
cybernauts.
Unlike most computer terms, "cyberspace" does not have a standard, objective definition.
Instead, it is used to describe the virtual world of computers. For example, an object in
cyberspace refers to a block of data floating around a computer system or network. With the
advent of the Internet, cyberspace now extends to the global network of computers. So, after
sending an e-mail to your friend, you could say you sent the message to her through
cyberspace. However, use this term sparingly, as it is a popular newbie term and is well
overused.
The term cyberspace has become a conventional means to describe anything associated with
the Internet and the diverse Internet culture. The United States government recognizes the
interconnected information technology and the interdependent network of information
technology infrastructures operating across this medium as part of the US national critical
infrastructure. Amongst individuals on cyberspace, there is believed to be a code of shared
rules and ethics mutually beneficial for all to follow, referred to as cyberethics.
A metaphor for describing the non-physical terrain created by computer systems. Online
systems, for example, create a cyberspace within which people can communicate with one
another (via e-mail), do research, or simply window shop. Like physical space, cyberspace
contains objects (files, mail messages, graphics, etc.) and different modes of transportation
and delivery. Unlike real space, though, exploring cyberspace does not require any physical
movement other than pressing keys on a keyboard or moving a mouse.
Some programs, particularly computer games, are designed to create a special cyberspace,
one that resembles physical reality in some ways but defies it in others. In its extreme form,

called virtual reality, users are presented with visual, auditory, and even tactile feedback that
makes cyberspace feel real.

Cyber law:
Cyber law or Internet law is a term that encapsulates the legal issues related to use of the
Internet. It is less a distinct field of law than intellectual property or contract law, as it is a
domain covering many areas of law and regulation.
Cyber Law is the law governing cyber space. Cyber space is a very wide term and includes
computers, networks, software, data storage devices
(Such as hard disks, USB disks etc.), the Internet, websites, emails and even electronic
devices such as cell phones, ATM machines etc.
Law encompasses the rules of conduct:
1. That have been Approved by the government, and
2. Which are in Force over a certain territory, and
3. Which must be obeyed by all persons on that territory.
Violation of these rules could lead to government action such as imprisonment or fine or an
order to pay compensation.
Cyber law encompasses laws relating to:
1. Cyber Crimes
2. Electronic and Digital Signatures
3. Intellectual Property
4. Data Protection and Privacy
Cybercrimes are unlawful acts where the computer is used either as a tool or a target or both.
The enormous growth in electronic commerce (e-commerce) and online share trading has led
to a phenomenal spurt in incidents of cyber-crime. To prevent these crimes and to maintain
the fair usage of the internet cyber laws are designed.
Cyber law include some of the major laws:
1. Copyright law
In relation to computer software, computer Source code, websites, cell phone content etc.
2. Software and source code Licences
3. Trademark law
With relation to domain names, Meta tags, Mirroring, framing, linking etc.
4. Semiconductor law
Which relates to the protection of Semiconductor integrated circuits design and layouts,
5. Patent law
In relation to computer hardware and software.

Data protection and privacy laws aim to achieve a fair balance between the privacy rights of
the individual and the interests of data controllers such as banks, hospitals, email service
providers etc. These laws seek to address the challenges to privacy caused by collecting,
storing and transmitting data using new technologies.
In early times, there was no statute in India for governing Cyber Laws involving privacy
issues, jurisdiction issues, intellectual property rights issues and a number of other legal
questions. With the tendency of misusing of technology, there arisen a need of strict statutory
laws to regulate the criminal activities in the cyber world and to protect the true sense of
technology "INFORMATION TECHNOLOGY ACT, 2000" [ITA- 2000] was enacted by
Parliament of India to protect the field of e-commerce, e-governance, e-banking as well as
penalties and punishments in the field of cyber-crimes. The above Act was further amended
in the form of IT Amendment Act, 2008 [ITAA-2008]
Need for Cyber Law
There are various reasons why it is extremely difficult for conventional law to cope with
cyberspace. Some of these are discussed below.
1. Cyberspace is an intangible dimension that is impossible to govern and regulate using
conventional law.
2. Cyberspace has complete disrespect for jurisdictional boundaries. A person in India could
break into a banks electronic vault hosted on a computer in USA and transfer millions of
Rupees to another bank in Switzerland, all within minutes. All he would need is a laptop
computer and a cell phone.
3. Cyberspace handles gigantic traffic volumes every second. Billions of emails are
crisscrossing the globe even as we read this, millions of websites are being accessed every
minute and billions of dollars are electronically transferred around the world by banks every
day.
4. Cyberspace is absolutely open to participation by all. A ten-year-old in Bhutan can have a
live chat session with an eight-year-old in Bali without any regard for the distance or the
anonymity between them.
5. Cyberspace offers enormous potential for anonymity to its members. Readily available
encryption software and stenographic tools that seamlessly hide information within image
and sound files ensure the confidentiality of information exchanged between cyber-citizens.
6. Cyberspace offers never-seen-before economic efficiency. Billions of dollars worth of
software can be traded over the Internet without the need for any government licenses,
shipping and handling charges and without paying any customs duty.
7. Electronic information has become the main object of cyber-crime. It is characterized by
extreme mobility, which exceeds by far the mobility of persons, goods or other services.
International computer networks can transfer huge amounts of data around the globe in a
matter of seconds.
8. A software source code worth crores of rupees or a movie can be pirated across the globe
within hours of their release.

10

9. Theft of corporeal information (e.g. books, papers, CD ROMs, floppy disks) is easily
covered by traditional penal provisions. However, the problem begins when electronic
records are copied quickly, inconspicuously and often via telecommunication facilities. Here
the original information, so to say, remains in the possession of the owner and yet
information gets stolen.
Regulation of cyber space:
Four models for regulation in cyber space are:
Norms / Education
In order to function and be accepted in a society, a person will live by its norms. You believe
in the role of educating people so that new norms may develop as new technology is used.
As an example of the change of attitudes that result from education programs you might look
back on smoking ads that once portrayed cigarette smokers as beautiful, sophisticated, sexy
people with the ads of today, where a blackened sponge is wrung out to show the impact of
smoking on the lungs.
Once education creates a new norm, community behaviour it is regulated by peer and social
pressure. Norms can involve the adoption of rules for regulating behaviour. These rules
may not have the force of law but they create a level of behaviour that anyone wanting to be
accepted in that group ought to adopt.
People that breach norms may incur sanctions. These sanctions do not have the force that
penalties or custodial sentences might have in a legal setting. The sanction when imposed
may result in an infringer being placed outside a norm group. On showing contrition,
particularly where there contrition is matched by entry into a re-education program about the
norm, the infringer may be readmitted. Usually a body or entity that is a part of the group will
make findings about any infringements and the sanction that ought to apply.
The norms that come about as a result of education may need to be put into writing. In a
technological era this writing might take the form of Acceptable Use Policies, Terms of
Engagement and other polices that act as a norm but may not be legally enforceable like a
Contract. Over time norms, can be made into law through legislation or litigation (case law).
Law
You believe in parliaments capacity to make laws to regulate the behaviour of its citizens.
Where parliaments are silent, the courts will make precedents.
People who break the law suffer sanctions - these can be civil penalties of loss of money
when an infringing party is ordered to pay damages to another. There is also criminal law
through which you believe society establishes what constitutes acceptable and unacceptable
behaviour. Unacceptable behaviour is regulated through a sentencing regime lesser offences
might incur fines and bonds, more serious ones some form of custodial sentence. You are
satisfied that if parliament makes a law then it is made by the people. What is parliament if
nothing other than a representative body of the people as expressed at elections?
Once a matter becomes law the law itself ought to be black letter it ought to be clearly
understood, free from doubt and dispute. Breaches should result in similar punishments.
Architecture
You believe in the power of human to design systems that regulate behaviour. To control
speeding in a back street you would design and build speed humps. In a digital world you
believe in the power of software code to be able to create a form of regulation. For example,
you might design a technological protection measure in your software that prevents a
program with a licence of ten users from allowing an eleventh user to open it over a network.

11

You find education / norms too slow to bring about change. You find law too expensive. You
can design the world you want and have people regulate their behaviour because such
restrictions in behaviour are inherent in what you have created. You consider yourself a geek
and technological master of non-technical people who use other forms of regulation.
You also realise that if you can regulate behaviour through design then your product will be
more valuable. You usually work in the private sector though increasing your skills might be
sought in publicly owned entities wanting to develop monitoring and surveillance systems.
Market Forces
You are convinced that market forces regulate behaviour. If a manufacturer creates an unsafe
product this will become known to the market and consumers will not purchase these
products. If a software designer wants to copyright and licence his or her work, then the
market will determine if the software is worth buying as compared with that of competitors.
Markets will determine what survives and what doesn't in the market place. Market forces
also use price as a form of regulation. It is said consumers regulate their behaviour based on a
cost/benefit analysis. For example, at least theoretically, as the price of petrol rises,
consumers will travel less in their cars and take public transport, or push for its installation. In
its purest form, you believe that free markets, rather than government, will best regulate
human activity.
Scope of cyber laws:
Cyber law is that stream of law where all the cyber-crimes such as theft, fraud, etc. all of
which are subject to the Indian Penal Code are addressed by the Information Technology Act,
2000. With advanced technology and changing times, almost all the processes are now going
on IT platform. This is giving rise to increase of cyber-crimes in India as well as abroad.
Cyber-crimes are broadly categorized in two different categories:
(1) Using a computer to target other computer for e.g. Virus attacks, hacking, etc.
(2) Using a computer to commit crimes for e.g. Credit card frauds, cyber terrorism, etc.
Cyber-crime is a criminal exploitation of the internet. A misconduct that is committed against
an individual or groups of individuals with an unlawful intention to hurt the position of the
victim or cause any mental or physical harm to the victim directly or indirectly by using
advanced IT and related sources such as Internet and mobile phones is termed as cyber-crime.
Such crimes may be harmful for a country.
All these activities leading to crimes have given rise to a relatively new field in law for
protecting the interests of an individual which is called cyber law. Cyber law is important
because it touches almost all aspects of transactions and activities on and concerning the
Internet, the World Wide Web and Cyberspace.
Cyber law is concerned with every individual these days. This is primarily because we all use
internet in some or the other form daily. Internet is used when we create any account online,
while performing e-commerce transactions, net banking, sending or receiving emails, surfing
the net to take out some important information, etc.

12

There are several advantages of Cyber Law to protect the individuals from getting trapped in
any cyber violations. The IT Act 2000 provides several guidelines in this regard.

Organizations shall now be able to carry out e-commerce using the legal infrastructure
provided by the laws.

The laws throws open the doors for the entry of corporate companies in the business
of being Certifying Authorities for issuing Digital Signatures Certificates.

Under the IT Act, 2000, it shall now be possible for corporates to have a statutory
remedy in case if anyone breaks into their computer systems or network and cause
loss.

The laws now allows Government to issue notification on the web thus indicating egovernance.

These laws also addresses the important issues of security, which are so critical to the
success of electronic transactions.

It is to be noted that since cyber law cannot be restricted to a geographical area, therefore, a
single transaction may involve the laws of at least three authorities: (1) the laws of the
state/nation in which the user resides, (2) the laws of the state/nation that apply where the
server hosting the transaction is located, and 3) the laws of the state/nation which apply to the
person or business with whom the transaction takes place.
There is a tremendous scope of cyber law in India as the number of activities through internet
is on increase with the changing times, the requirement for cyber laws and their application is
gathering momentum and hence the career option as a cyber-lawyer seems very lucrative
option for students.
Ecommerce:
Electronic commerce, commonly known as e-commerce or ecommerce, is trading in
products or services using computer networks, such as the Internet.
E-commerce (electronic commerce or EC) is the buying and selling of goods and services, or
the transmitting of funds or data, over an electronic network, primarily the Internet. These
business transactions occur either business-to-business, business-to-consumer, consumer-toconsumer or consumer-to-business. The terms e-commerce and e-business are often used
interchangeably. The term e-tail is also sometimes used in reference to transactional
processes around online retail.
E-commerce is conducted using a variety of applications, such as email, fax, online
catalogues and shopping carts, Electronic Data Interchange (EDI), File Transfer Protocol, and
Web services. Most of this is business-to-business, with some companies attempting to use
email and fax for unsolicited ads (usually viewed as spam) to consumers and other business
prospects, as well as to send out e-newsletters to subscribers.

13

The benefits of e-commerce include its around-the-clock availability, the speed of access, a
wider selection of goods and services, accessibility, and international reach. Its perceived
downsides include sometimes-limited customer service, not being able to see or touch a
product prior to purchase, and the necessitated wait time for product shipping.
To ensure the security, privacy and effectiveness of e-commerce, businesses should
authenticate business transactions, control access to resources such as webpages for
registered or selected users, encrypt communications and implement security technologies
such as the Secure Sockets Layer.
Online contracts:
An electronic contract is an agreement created and "signed" in electronic form -- in other
words, no paper or other hard copies are used. For example, you write a contract on your
computer and email it to a business associate, and the business associate emails it back with
an electronic signature indicating acceptance. An e-contract can also be in the form of a
"Click to Agree" contract, commonly used with downloaded software: The user clicks an "I
Agree" button on a page containing the terms of the software license before the transaction
can be completed.
Since a traditional ink signature isn't possible on an electronic contract, people use several
different ways to indicate their electronic signatures, including typing the signer's name into
the signature area, pasting in a scanned version of the signer's signature, clicking an "I
accept" button, or using cryptographic "scrambling" technology.
Though lots of people use the term "digital signature" for any of these methods, it's becoming
standard to reserve the term "digital signature" for cryptographic signature methods and to
use "electronic signature" for other paperless signature methods.
Online contracts have become common. E-signature laws have made the electronic contract
and signature as legally valid as a paper contract. It has been estimated that roughly 110
electronic contracts are signed every second. From a legal point of view, in India, E-contracts
are governed by the Indian contract act (1872), according to which certain conditions need to
be fulfilled while formulating a valid contact. Certain sections in information Technology Act
(2000) also provide for validity of online contract.
Opting Out of Electronic Contracts
While the federal e-signature law makes paper unnecessary in many situations, it also gives
consumers and businesses the right to continue to use paper where desired. The law provides
a means for consumers who prefer paper to opt out of using electronic contracts.
Prior to obtaining a consumer's consent for electronic contracts, a business must provide a
notice indicating whether paper contracts are available and informing consumers that if they
give their consent to use electronic documents, they can later change their mind and request a
paper agreement instead. The notice must also explain what fees or penalties might apply if
the company must use paper agreements for the transaction. And the notice must indicate
whether the consumer's consent applies only to the particular transaction at hand, or to a

14

larger category of transactions between the business and the consumer -- in other words,
whether the business has to get consent to use e-contracts/signatures for each transaction.
A business must also provide a statement outlining the hardware and software requirements
to read and save the business's electronic documents. If the hardware or software
requirements change, the business must notify consumers of the change and give consumers
the option (penalty-free) to revoke their consent to using electronic documents.
Although the e-signature law doesn't force consumers to accept electronic documents from
businesses, it poses a potential disadvantage for low-tech citizens by allowing businesses to
collect additional fees from those who opt for paper.
Contracts That Must Be on Paper
To protect consumers from potential abuses, electronic versions of the following documents
are invalid and unenforceable:

wills, codicils, and testamentary trusts

documents relating to adoption, divorce, and other family law matters

court orders, notices, and other court documents such as pleadings or motions

notices of cancellation or termination of utility services

notices of default, repossession, foreclosure, or eviction

notices of cancellation or termination of health or life insurance benefits

product recall notices affecting health or safety, and

Documents required by law to accompany the transportation of hazardous materials.

These documents must be provided in traditional paper and ink format.

Consumer Concerns
Although it is expected that secure methods of electronic signatures will be become as
commonplace and safe as credit cards, some consumer advocates are concerned that if a
consumer uses an unsecure signature method (such as a scanned image of a handwritten
signature), identity thieves could intercept it online and use it for fraudulent purposes.
IPRs (copyright, trademarks and software patenting):
Intellectual property rights are the rights given to persons over the creations of their minds.
They usually give the creator an exclusive right over the use of his/her creation for a certain
period of time.

15

Intellectual property law deals with the rules for securing and enforcing legal rights to
inventions, designs, and artistic works. Just as the law protects ownership of personal
property and real estate, so too does it protect the exclusive control of intangible assets.
Intellectual property rights include patents, copyright, industrial design rights, trademarks,
trade dress, and in some jurisdictions trade secrets
Copyright:
This is a property right, which subsists in literary and artistic works that are original
intellectual creations. Works covered by copyright include, but are not limited to novels,
poems, plays, reference works, articles, computer programmes, databases, films, musical
compositions, paintings, drawings, photographs, sculpture, architecture, advertisements, maps
and technical drawings.
Copyright protects all literary and artistic works that we create whilst using our intelligence
and our imagination provided it is expressed in a tangible form. The people who are the
creators are usually called authors even if they are really painters, photographers, writers,
artists, composers etc. . Copyright laws grant authors, and other creators protection for their
literary and artistic creations, generally referred to as works.
A closely associated field is neighbouring rights or related rights, or rights that
encompass rights similar or identical to those of copyright, although sometimes these can be
limited and of shorter duration.
In Trinidad and Tobago works of mas are also protected by copyright. The term works of
mas involves a combination of tangible manifestation, such as a physical costume and
intangible manifestation such as a style of dance, a style of oratory, etc. This provision is
intended to protect producers of works of mas especially as it relates to Trinidad and Tobago
Carnival celebrations.
Trademarks:
A trademark is a sign capable of distinguishing the goods or services of one enterprise from
those of other enterprises. Trademarks date back to ancient times when craftsmen used to put
their signature or "mark" on their products.
In principle, a trademark registration will confer an exclusive right to the use of the registered
trademark. This implies that the trademark can be exclusively used by its owner, or licensed
to another party for use in return for payment. Registration provides legal certainty and
reinforces the position of the right holder, for example, in case of litigation.
The term of trademark registration can vary, but is usually ten years. It can be renewed
indefinitely on payment of additional fees. Trademark rights are private rights and protection
is enforced through court orders.
A word or a combination of words, letters, and numerals can perfectly constitute a trademark.
But trademarks may also consist of drawings, symbols, three-dimensional features such as the
shape and packaging of goods, non-visible signs such as sounds or fragrances, or colour
shades used as distinguishing features the possibilities are almost limitless.
Trademarks are registered at a national or territory level with an appointed government body
and may take anywhere between 6 and 18 months to be processed. At the national/regional
level, trademark protection can be obtained through registration, by filing an application for
registration with the national/regional trademark office and paying the required fees. At the

16

international level, you have two options: either you can file a trademark application with the
trademark office of each country in which you are seeking protection, or you can use WIPOs
Madrid System.
Registered trademarks may be identified by the abbreviation TM, or the symbol. (It is
illegal to use the symbol or state that the trademark is registered until the trademark has in
fact been registered).
Software patenting:
Patents:Generally speaking, a patent provides the patent owner with the right to decide how - or
whether - the invention can be used by others. In exchange for this right, the patent owner
makes technical information about the invention publicly available in the published patent
document.
A Patent is an exclusive right granted for an invention, which is a product or a process that
either provides a new way of doing something, or offers a new technical solution to a
problem. It provides protection for the invention, preventing others from manufacturing,
using and trading it. The owner is required to disclose technical information to the public
sufficient for persons with average skill in the art to manufacture and use the technology.
Necessity and barriers are essential to human creativity. Inventors and organizations put much
time, effort and resources into their inventions. Patents give inventors incentives in the form
of recognition and the opportunity for fair economic rewards. They also provide a spur to
others, wishing to use a protected technology, to find other solutions to the problem solved by
a particular patent. Nearly 80% of all new patents are improvements upon older technologies.
An underlying consideration is that this is usually part of business strategy. They are taken to
generate some sort of benefit for the owner. The patent process is expensive.
What cannot be patented:Patents are open to most areas of science and technology but some areas are excluded from
patentability. These are:

Ideas, hypotheses, discoveries (of things already existing in nature), scientific theories
and mathematical methods.

Rules of games, lottery systems, methods for performing mental acts, teaching
methods and organizational procedures.

Diagnostic, therapeutic and surgical methods used on the human and animal body.

Literary, dramatic, musical or artistic works or any aesthetic creation whatsoever.

The presentation of information.

Inventions, the exploitation of which would be contrary to public order or morality,

also cannot be patented.

Modern society relies heavily on computer technology. Without software, a computer

cannot operate. Software and hardware work in tandem in todays information

17

society. So it is no wonder that intellectual property protection of software is crucial

not only for the software industry, but for other businesses as well.

The intellectual property protection of computer software has been highly debated at the
national and international level. For example, in the European Union (EU), a draft Directive
on the Patentability of Computer-implemented Inventions has been discussed in order to
harmonize the interpretation of the national patentability requirements for computer softwarerelated inventions, including the business methods carried out via the computer. These
discussions show divergent views among stakeholders in Europe. Furthermore, the Internet
raises complex issues regarding the enforcement of patents, as patent protection is provided
on a country-by-country basis, and the patent law of each country only takes effect within its
own borders.
In many countries, computer programs, whether in source or object code, are protected under
copyright. The major advantage of copyright protection lies in its simplicity. Copyright
protection does not depend on any formalities such as registration or the deposit of copies in
the 151 countries party to the Berne Convention for the Protection of Literary and Artistic
Works. This means that international copyright protection is automatic - it begins as soon as
a work is created. Also, a copyright owner enjoys a relatively long period of protection,
which lasts, in general, for the life of the author plus 50 or, in certain countries, 70 years after
the authors death.
In contrast, a patent must be applied for, in principle, in each country in which you seek
patent protection. In order to enjoy patent protection, an application for a patent shall comply
with both formal and substantive requirements, and a patented invention shall be disclosed to
the public. These requirements can be legally and technically complex, and their compliance
often requires a legal experts assistance.
E-taxation:
Electronic tax filing, or e-filing, is a system for submitting tax documents to a revenue
service electronically, often without the need to submit any paper documents.
E-Government consists of various fast moving fields, E Taxation being a very specific one of
them. E-Taxation means trans-organizational processes with data transfer (upload and
download) between the IT systems of the professionals and those of the tax authorities. These
processes imply organizational, semantic and technical interoperability, service-oriented
architecture etc. E-Taxation also has to support tax authority processes: workflow systems
and electronic record management on the one hand, knowledge management and automated
risk analysis to assess the credibility of tax returns on the other hand. Tax inspectors need
support for checking the accounting data of taxpayers, but also for fighting against illegal
employment, tax evasion and social security fraud at construction sites. Tax laws and
procedures differ from one country to another. Nevertheless, in order to exchange experiences
and good practices, it is necessary to bring together scientists, practitioners and users
operating in the field of E-Taxation. It is the aim of this publication to foster these exchange
processes, especially between academia and practice, but also between different European
and non-European countries.

18

The Internet has changed many of the fundamental and long standing concepts of direct and
indirect taxation. Governments all over the World are grappling with the various issues of
taxation raised by e-commerce. This is because of lack of comprehensive understanding of:
The communication technologies
The complex nature of business offered through Internet business, etc.
The modus operandi of Internet business, etc. has made the operation of tax
legislations more difficult.
The Information Technology Act, 2000, which is the first legislation to deal with e-commerce
is quite silent about tax system. Substantial amount of state revenue which is generated
through direct and indirect taxes is lost when Internet transaction remain untaxed7. A way is
to be found to tackle this relevant problem.
For the development of rational tax policy one should understand the nature of industry.
Some of the peculiarities of Internet are"11.
It is a network of networks and it cannot be controlled or owned by one person.
This network of networks is capable of rapidly transmitting packets from one
computer to another.
No human involvement is necessary to transmit data from one computer to another.
The Internet can re-route itself if one computer is connected to the net. Content wise
the Internet is very rich.
The world-wide web environment provides a user friendly graphical interface.
A simple click is sufficient to obtain vast information anywhere in the World.
It encompasses all territorial and geographical limitations
Keeping these unique qualities of the Internet in mind one should try to visualise the issues
concerning the taxes on the net.

19

E-business for taxation is an intriguing concept. It crosses nine trillions. In these

circumstances, it seems an imperative for revenue authorities to examine the approach and
policy towards taxation of e-commerce more comprehensively than they have to date.
In India the tax policies should be carefully formulated based on a policy that is clear and
transparent and is consistent with the international norm of characterisation of revenues. The
Government should honour the principle of neutrality as laid down by the OECD in
characterisation of income from e-commerce transactions.
E-governance and cyber-crimes:
Electronic governance or e-governance is the application of information and
communication technology (ICT) for delivering government services, exchange of
information communication transactions, integration of various stand-alone systems and
services between government-to-customer (G2C), government-to-business (G2B),
government-to-government (G2G) as well as back office processes and interactions within
the entire government framework. Through e-governance, government services will be made
available to citizens in a convenient, efficient and transparent manner. The three main target
groups that can be distinguished in governance concepts are government, citizens and
businesses/interest groups. In e-governance there are no distinct boundaries.[2]
Generally four basic models are available government-to-citizen (customer), governmentto-employees, government-to-government and government-to-business.
As a matter of fact, the governance of ICTs requires most probably a substantial increase in
regulation and policy-making capabilities, with all the expertise and opinion-shaping
processes along the various social stakeholders of these concerns. So, the perspective of the
e-governance is "the use of the technologies that both help governing and have to be
governed".[3] The Public-Private Partnership (PPP) based e-governance projects are hugely
successful in India. United Telecoms Limited known as UTL is a major player in India on
PPP based e-governance projects. Each project had mammoth state-wide area networks in
these states.
Many countries are looking forward to for a corruption-free government. E-government is
one-way communication protocol whereas e-governance is two-way communication
protocol. The essence of e-governance is to reach the beneficiary and ensure that the services
intended to reach the desired individual has been met with. There should be an auto-response
to support the essence of e-governance, whereby the Government realizes the efficacy of its
governance. E-governance is by the governed, for the governed and of the governed.
Establishing the identity of the end beneficiary is a challenge in all citizen-centric services.
Statistical information published by governments and world bodies does not always reveal
the facts. The best form of e-governance cuts down on unwanted interference of too many
layers while delivering governmental services. It depends on good infrastructural setup with
the support of local processes and parameters for governments to reach their citizens or end
beneficiaries. Budget for planning, development and growth can be derived from well laid
out e-governance systems

20

Cybercrimes:In Simple way we can say that cybercrime is unlawful acts wherein the computer is either a
tool or a target or both. Cyber-crimes can involve criminal activities that are traditional in
nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the
Indian Penal Code. The abuse of computers has also given birth to a gamut of new age crimes
that are addressed by the Information Technology Act, 2000.
In cyber-crime, ICT devices are either the target or the means of the crime, or are incidental
to it. Most cyber-crimes are not new crimes. Often the only difference is that the evidences
are in electronic form or that the tools used to commit the crimes are ICT tools. Indeed most
of the crimes committed today involve some amount of evidence in the electronic form such
as phone calls, messages, emails, electronic files etc. Most cyber-crime cases are booked in
India under the provisions of the Indian Penal Code (IPC) and laws on economic offenses,
and only very few under the Information Technology Act 2000. However, the Information
Technology Act 2000 has enabling provisions for admissibility of electronic evidences in the
courts of law.

Unlike traditional crime, cyber-crime is not restricted by geographical boundaries.

often cyber criminals operate from other countries.

Indeed,

Information warfare is now a recognized national threat. Indeed, IT disaster is among is the
newest additions to the man-made disasters. This brings out the need of strong international
cooperation on real-time basis to tackle cyber-crimes. Many companies do not report to
authorities about attacks on their networks out of fear of adverse publicity and losing the
confidence of the clients. Companies also fear that authorities may seize their servers, and
that the servers will remain with government functionaries for long time, which will cause
them serious financial loss. However, such sweeping of the problem under the carpet will
only make the criminals more and more emboldened.
Cyber law in India with special reference to Information Technology Act, 2000:
In May 2000, both the houses of the Indian Parliament passed the Information Technology
Bill. The Bill received the assent of the President in August 2000 and came to be known as
the Information Technology Act, 2000. Cyber laws are contained in the IT Act, 2000.
This Act aims to provide the legal infrastructure for e-commerce in India. And the cyber laws
have a major impact for e-businesses and the new economy in India. So, it is important to
understand what are the various perspectives of the IT Act, 2000 and what it offers.
The Information Technology Act, 2000 also aims to provide for the legal framework so that
legal sanctity is accorded to all electronic records and other activities carried out by electronic
means. The Act states that unless otherwise agreed, an acceptance of contract may be
expressed by electronic means of communication and the same shall have legal validity and
enforceability. Some highlights of the Act are listed below:
Chapter-II of the Act specifically stipulates that any subscriber may authenticate an electronic
record by affixing his digital signature. It further states that any person can verify an

21

electronic record by use of a public key of the subscriber.

Chapter-III of the Act details about Electronic Governance and provides inter alia amongst
others that where any law provides that information or any other matter shall be in writing or
in the typewritten or printed form, then, notwithstanding anything contained in such law, such
requirement shall be deemed to have been satisfied if such information or matter is rendered or made available in an electronic form; and accessible so as to be usable for a
subsequent reference.
The said chapter also details the legal recognition of Digital Signatures.
Chapter-IV of the said Act gives a scheme for Regulation of Certifying Authorities. The Act
envisages a Controller of Certifying Authorities who shall perform the function of exercising
supervision over the activities of the Certifying Authorities as also laying down standards and
conditions governing the Certifying Authorities as also specifying the various forms and
content of Digital Signature Certificates. The Act recognizes the need for recognizing foreign
Certifying Authorities and it further details the various provisions for the issue of license to
issue Digital Signature Certificates.
Chapter-VII of the Act details about the scheme of things relating to Digital Signature
Certificates. The duties of subscribers are also enshrined in the said Act.
Chapter-IX of the said Act talks about penalties and adjudication for various offences. The
penalties for damage to computer, computer systems etc. has been fixed as damages by way
of compensation not exceeding Rs. 1,00,00,000 to affected persons. The Act talks of
appointment of any officers not below the rank of a Director to the Government of India or an
equivalent officer of state government as an Adjudicating Officer who shall adjudicate
whether any person has made a contravention of any of the provisions of the said Act or rules
framed there under. The said Adjudicating Officer has been given the powers of a Civil Court.
Chapter-X of the Act talks of the establishment of the Cyber Regulations Appellate Tribunal,
which shall be an appellate body where appeals against the orders passed by the Adjudicating
Officers, shall be preferred.
Chapter-XI of the Act talks about various offences and the said offences shall be investigated
only by a Police Officer not below the rank of the Deputy Superintendent of Police. These
offences include tampering with computer source documents, publishing of information,
which is obscene in electronic form, and hacking.
The Act also provides for the constitution of the Cyber Regulations Advisory Committee,
which shall advice the government as regards any rules, or for any other purpose connected
with the said act. The said Act also proposes to amend the Indian Penal Code, 1860, the
Indian Evidence Act, 1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank of
India Act, 1934 to make them in tune with the provisions of the IT Act.
Advantages of Cyber Laws
The IT Act 2000 attempts to change outdated laws and provides ways to deal with

22

cybercrimes. We need such laws so that people can perform purchase transactions over the
Net through credit cards without fear of misuse. The Act offers the much-needed legal
framework so that information is not denied legal effect, validity or enforceability, solely on
the ground that it is in the form of electronic records.
In view of the growth in transactions and communications carried out through electronic
records, the Act seeks to empower government departments to accept filing, creating and
retention of official documents in the digital format. The Act has also proposed a legal
framework for the authentication and origin of electronic records / communications through
digital signature.
From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain
many positive aspects. Firstly, the implications of these provisions for the e-businesses would
be that email would now be a valid and legal form of communication in our country that can
be duly produced and approved in a court of law.
Companies shall now be able to carry out electronic commerce using the legal infrastructure
provided by the Act.
Digital signatures have been given legal validity and sanction in the Act.
The Act throws open the doors for the entry of corporate companies in the business of being
Certifying Authorities for issuing Digital Signatures Certificates.
The Act now allows Government to issue notification on the web thus heralding egovernance.
The Act enables the companies to file any form, application or any other document with any
office, authority, body or agency owned or controlled by the appropriate Government in
electronic form by means of such electronic form as may be prescribed by the appropriate
Government.
The IT Act also addresses the important issues of security, which are so critical to the success
of electronic transactions. The Act has given a legal definition to the concept of secure digital
signatures that would be required to have been passed through a system of a security
procedure, as stipulated by the Government at a later date.
Under the IT Act, 2000, it shall now be possible for corporates to have a statutory remedy in
case if anyone breaks into their computer systems or network and causes damages or copies
data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs.
1 crores.

23

UNIT-3
Introduction to computer and cyber-crimes. Cyber-crimes and related concepts,
distinction between cyber-crimes and conventional crimes, Cyber criminals and their
objectives. Kinds of cyber-crimes cyber stalking; cyber pornography, forgery and fraud,
crime related to IPRs, cyber-terrorism; computer vandalism etc. Cyber forensics,
computer forensics and the law, forensic evidence, computer forensic tools.
Introduction to computer and cyber-crimes:
Cyber-crimes and related concepts:
Distinction between cybercrimes and conventional crimes:
Cyber criminals and their objectives:
Kinds of cybercrimes:
Cyber stalking:
Cyber pornography:
Forgery and fraud:
Crime related to IPRs:

24

Cyber terrorism:
In Simple way we can say that cyber-crime is unlawful acts wherein the computer is either a
tool or a target or both
Computer crime, cybercrime, e-crime, hi-tech crime or electronic crime generally refers to
criminal activity where a computer or network is the source, tool, target, or place of a crime.
These categories are not exclusive and many activities can be characterized as falling in one
or more category. Additionally, although the terms computer crime or cybercrime are more
properly restricted to describing criminal activity in which the computer or network is a
necessary part of the crime, these terms are also sometimes used to include traditional crimes,
such as fraud, theft, blackmail, forgery, and embezzlement, in which computers or networks
are used to facilitate the illicit activity.
Computer crime or cybercrime can broadly be defined as criminal activity involving an
information technology infrastructure, including illegal access (unauthorized access), illegal
interception (by technical means of non-public transmissions of computer data to, from or
within a computer system), data interference (unauthorized damaging, deletion, deterioration,
alteration or suppression of computer data), systems interference (interfering with the
functioning of a computer system by inputting, transmitting, damaging, deleting,
deteriorating, altering or suppressing computer data), misuse of devices, forgery (ID theft),
and electronic fraud.
Cyber-crimes can involve criminal activities that are traditional in nature, such as theft, fraud,
forgery, defamation and mischief, all of which are subject to the Indian Penal Code. The
abuse of computers has also given birth to a gamut of new age crimes that are addressed by
the Information Technology Act, 2000.
The subject of cyber-crime may be broadly classified under the following three groups. They
are1. Against Individuals
A. their person &
b. their property of an individual
2. against Organization
a. Government
c. Firm, Company, Group of Individuals.
3. Against Society at large
The following are the crimes, which can be committed against the followings group
Against Individuals:

25

i. Harassment via e-mails.

ii. Cyber-stalking.
iii. Dissemination of obscene material.
iv. Defamation.
v. Unauthorized control/access over computer system.
vi. Indecent exposure
vii. Email spoofing
viii. Cheating & Fraud

Against Individual Property: i. Computer vandalism.

ii. Transmitting virus.
iii. Netrespass
iv. Unauthorized control/access over computer system.
v. Intellectual Property crimes
vi. Internet time thefts

Against Organization: i. Unauthorized control/access over computer system

ii. Possession of unauthorized information.
iii. Cyber terrorism against the government organization.
iv. Distribution of pirated software etc.

Against Society at large: i. Pornography (basically child pornography).

ii. Polluting the youth through indecent exposure.
iii. Trafficking
iv. Financial crimes
v. Sale of illegal articles
vi. Online gambling
vii. Forgery

We can categorize Cyber-crimes in two ways in context of computers

The Computer as a Target:-using a computer to attack other computers.

26

E.g. Hacking, Virus/Worm attacks, DOS attack etc.

The computer as a weapon:-using a computer to commit real world crimes.
E.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography etc.
Cyber Crime regulated by Cyber Laws or Internet Laws.
Technical Aspects
Technological advancements have created new possibilities for criminal activity, in particular
the criminal misuse of information technologies such as
a. Unauthorized access & Hacking:Access means gaining entry into, instructing or communicating with the logical, arithmetical,
or memory function resources of a computer, computer system or computer network.
Unauthorized access would therefore mean any kind of access without the permission of
either the rightful owner or the person in charge of a computer, computer system or computer
network.
Every act committed towards breaking into a computer and/or network is hacking. Hackers
write or use ready-made computer programs to attack the target computer. They possess the
desire to destruct and they get the kick out of such destruction. Some hackers hack for
personal monetary gains, such as to stealing the credit card information, transferring money
from various bank accounts to their own account followed by withdrawal of money.
By hacking web server taking control on another persons website called as web hijacking
b. Trojan Attack:The program that act like something useful but do the things that are quiet damping. The
programs of this kind are called as Trojans.
The name Trojan horse is popular.
Trojans come in two parts, a Client part and a Server part. When the victim (unknowingly)
runs the server on its machine, the attacker will then use the Client to connect to the Server
and start using the Trojan.
TCP/IP protocol is the usual protocol type used for communications, but some functions of
the Trojans use the UDP protocol as well.
c. Virus and Worm attack:A program that has capability to infect other programs and make copies of itself and spread
into other programs is called virus.

27

Programs that multiply like viruses but spread from computer to computer are called as
worms.
Viruses are programs that attach themselves to a computer or a file and then circulate
themselves to other files and to other computers on a network. They usually affect the data on
a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to
attach themselves to. They merely make functional copies of themselves and do this
repeatedly till they eat up all the available space on a computer's memory. E.g. love bug virus,
which affected at least 5 % of the computers of the globe. The losses were accounted to be $
10 million. The world's most famous worm was the Internet worm let loose on the Internet by
Robert Morris sometime in 1988. Almost brought development of Internet to a complete
halt.
d. E-mail & IRC related crimes:1. Email spoofing
Email spoofing refers to email that appears to have been originated from one source when it
was actually sent from another source.
2. Email Spamming
Email "spamming" refers to sending email to thousands and thousands of users - similar to a
chain letter.
3 Sending malicious codes through email
E-mails are used to send viruses, Trojans etc. through emails as an attachment or by sending a
link of website which on visiting downloads malicious code.
4. Email bombing
E-mail "bombing" is characterized by abusers repeatedly sending an identical email message
to a particular address.
This kind of activity refers to sending large numbers of mail to the victim, which may be an
individual or a company or even mail servers there by ultimately resulting into crashing.
5. Sending threatening emails
6. Defamatory emails
7. Email frauds
8. IRC related
Three main ways to attack IRC are: "verbal8218; #8220; attacks, clone attacks, and flood
attacks.

28

e. Denial of Service attacks:Flooding a computer resource with more requests than it can handle. This causes the resource
to crash thereby denying access of service to authorized users.
Examples include
Attempts to "flood" a network, thereby preventing legitimate network traffic
Attempts to disrupt connections between two machines, thereby preventing access to a
service
Attempts to prevent a particular individual from accessing a service
Attempts to disrupt service to a specific system or person.
Distributed DOS
A distributed denial of service (DoS) attack is accomplished by using the Internet to break
into computers and using them to attack a network.
Hundreds or thousands of computer systems across the Internet can be turned into zombies
and used to attack another system or website.
Types of DOS
There are three basic types of attack:
a. Consumption of scarce, limited, or non-renewable resources like NW bandwidth,
RAM, CPU time. Even power, cool air, or water can affect.
b. Destruction or Alteration of Configuration Information
c. Physical Destruction or Alteration of Network Components
e. Pornography:The literal meaning of the term 'Pornography' is describing or showing sexual acts in order
to cause sexual excitement through books, films, etc.
This would include pornographic websites; pornographic material produced using computers
and use of internet to download and transmit pornographic videos, pictures, photos, writings
etc.
Adult entertainment is largest industry on internet. There are more than 420 million
individual pornographic webpages today.

29

Research shows that 50% of the web-sites containing potentially illegal contents relating to
child abuse were Pay-Per-View. This indicates that abusive images of children over Internet
have been highly commercialized.
Pornography delivered over mobile phones is now a burgeoning business, driven by the
increase in sophisticated services that deliver video clips and streaming video, in addition to
text and images.
Effects of Pornography
Research has shown that pornography and its messages are involved in shaping attitudes and
encouraging behaviour that can harm individual users and their families.
Pornography is often viewed in secret, which creates deception within marriages that can lead
to divorce in some cases.
In addition, pornography promotes the allure of adultery, prostitution and unreal expectations
that can result in dangerous promiscuous behaviour.
Some of the common, but false messages sent by sexualized culture.
Sex with anyone, under any circumstances, any way it is desired, is beneficial and does not
have negative consequences.
Women have one value - to meet the sexual demands of men.
Marriage and children are obstacles to sexual fulfilment.
Everyone is involved in promiscuous sexual activity, infidelity and premarital sex.
Pornography Addiction
Dr. Victor Cline, an expert on Sexual Addiction, found that there is a four-step progression
among many who consume pornography.
1. Addiction: Pornography provides a powerful sexual stimulant or aphrodisiac effect,
followed by sexual release, most often through masturbation.
2. Escalation: Over time addicts require more explicit and deviant material to meet their
sexual "needs."
3. Desensitization: What was first perceived as gross, shocking and disturbing, in time
becomes common and acceptable.
4. Acting out sexually: There is an increasing tendency to act out behaviours viewed in
pornography.
g. Forgery:-

30

Counterfeit currency notes, postage and revenue stamps, mark sheets etc. can be forged using
sophisticated computers, printers and scanners.
Also impersonate another person is considered forgery.
h. IPR Violations:Intellectual property consists of a bundle of rights. Any unlawful act by which the owner is
deprived completely or partially of his rights is an offence. The common form of IPR
violation may be said to be software piracy, copyright infringement, trademark and service
mark violation, theft of computer source code, etc.
The Hyderabad Court has in a land mark judgement has convicted three people and
sentenced them to six months imprisonment and fine of 50,000 each for unauthorized
copying and sell of pirated software.
Violations of IPR can be classified as a form of white-collar crime, specifically a
white-collar theft or fraud. For example, the illegal reproduction of a movie for the purpose
of selling counterfeited copies to others for profit is a WCC under this definition because it
involves the acquisition of property through deception, or fraud, for business or personal
advantage. The sale of counterfeited drugs also involves deception about the manufacturer or
content for illegal financial gain, and the illegal use of a trade secret to develop a marketable
product involves deception concerning the true ownership an idea or information. In addition,
IPR violations can be used to facilitate other WCCs, such as
Investment fraud (e.g., using a trademark of a legitimate company to deceive
investors);
Money laundering (e.g., concealing funds acquired from counterfeit goods sales);
Fraudulent sales (e.g., creating a bogus Web site to deceive customers);
Identity theft (e.g., using personal information acquired from a misappropriated
database or solicited using a misappropriated trademark of a legitimate company);
Other online scams (e.g., fraudulently acquiring donations using the seal of the
American Red Cross);
Racketeering (e.g., organized efforts to misappropriate IP); and
Tax evasion (e.g., failing to report income acquired through IP violations).
One of the greatest public concerns about IPR violations (as a form of WCC) is the threat to
public health and safety, not only in foreign countries but also in the United States
Licensing violations are among the most prevalent examples of intellectual property rights
infringement. Other examples include plagiarism, software piracy, and corporate espionage.
Cyber Squatting- Domain names are also trademarks and protected by ICANNs domain
dispute resolution policy and also under trademark laws.
Cyber Squatters registers domain name identical to popular service providers domain so as
to attract their users and get benefit from it.
Ipr violations occurs if we violate any of the following rights
1. Copyright

31

2. Trademark
3. Patents
4. Trade secrets
I. Cyber Terrorism:At this juncture a necessity may be felt that what is the need to distinguish between cyber
terrorism and cyber-crime. Both are criminal acts. However there is a compelling need to
distinguish between both these crimes. A cyber-crime is generally a domestic issue, which
may have international consequences, however cyber terrorism is a global concern, which has
domestic as well as international consequences. The common form of these terrorist attacks
on the Internet is by distributed denial of service attacks, hate websites and hate emails,
attacks on sensitive computer networks, etc. Technology savvy terrorists are using 512-bit
encryption, which is next to impossible to decrypt. The recent example may be cited of
Osama Bin Laden, the LTTE, attack on Americas army deployment system during Iraq war.
Cyber terrorism may be defined to be the premeditated use of disruptive activities,
or the threat thereof, in cyber space, with the intention to further social, ideological,
religious, political or similar objectives, or to intimidate any person in furtherance of
such objectives
Another definition may be attempted to cover within its ambit every act of cyber
terrorism.
A terrorist means a person who indulges in wanton killing of persons or in violence or
in disruption of services or means of communications essential to the community or in
damaging property with the view to
(1) Putting the public or any section of the public in fear; or
(2) Affecting adversely the harmony between different religious, racial, language or
regional groups or castes or communities; or
(3) Coercing or overawing the government established by law; or
(4) Endangering the sovereignty and integrity of the nation
And a cyber-terrorist is the person who uses the computer system as a means or ends to
achieve the above objectives. Every act done in pursuance thereof is an act of cyber
terrorism.
It is generally understood to mean unlawful attacks and threats of attack against computers,
networks, and the information stored therein when done to intimidate or coerce a government
or its people in furtherance of political or social objectives. 1 Examples include attacks that
lead to death or bodily injury, explosions, plane crashes, water contamination, or severe
economic loss.

32

Targeted attacks on military installations, power plants, air traffic control, banks, trail traffic
control, telecommunication networks are the most likely targets. Others like police, medical,
fire and rescue systems etc.
Cyber terrorism is an attractive option for modern terrorists for several reasons.
1. It is cheaper than traditional terrorist methods.
2. Cyber terrorism is more anonymous than traditional terrorist methods.
3. The variety and number of targets are enormous.
4. Cyber terrorism can be conducted remotely, a feature that is especially appealing to
terrorists.
5. Cyber terrorism has the potential to affect directly a larger number of people.
j. Banking/Credit card Related crimes:In the corporate world, Internet hackers are continually looking for opportunities to
compromise a companys security in order to gain access to confidential banking and
financial information.
Use of stolen card information or fake credit/debit cards are common.
Bank employee can grab money using programs to deduce small amount of money from all
customer accounts and adding it to own account also called as salami.
k. E-commerce/ Investment Frauds:Sales and Investment frauds. An offering that uses false or fraudulent claims to solicit
investments or loans, or that provides for the purchase, use, or trade of forged or counterfeit
securities.
Merchandise or services that were purchased or contracted by individuals online are never
delivered.
The fraud attributable to the misrepresentation of a product advertised for sale through an
Internet auction site or the non-delivery of products purchased through an Internet auction
site.
Investors are enticed to invest in this fraudulent scheme by the promises of abnormally high
profits.
l. Sale of illegal articles:This would include trade of narcotics, weapons and wildlife etc., by posting information on
websites, auction websites, and bulletin boards or simply by using email communication.

33

Research shows that number of people employed in this criminal area. Daily peoples
receiving so many emails with offer of banned or illegal products for sale.
m. Online gambling:There are millions of websites hosted on servers abroad that offer online gambling. In fact, it
is believed that many of these websites are actually fronts for money laundering.
n. Defamation: Defamation can be understood as the intentional infringement of another person's right to his
good name. It is an act of imputing any person with intent to lower the person in the
estimation of the right-thinking members of society generally or to cause him to be shunned
or avoided or to expose him to hatred, contempt or ridicule. Cyber defamation is not different
from conventional defamation except the involvement of a virtual medium. E.g. the mail
account of Rohit was hacked and some mails were sent from his account to some of his batch
mates regarding his affair with a girl with intent to defame him.
Cyber Stacking:Cyber stalking involves following a persons movements across the Internet by posting
messages (sometimes threatening) on the bulletin boards frequented by the victim, entering
the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc.
In general, the harasser intends to cause emotional distress and has no legitimate purpose to
his communications.
p. Pedophiles:Also there are persons who intentionally prey upon children. Especially with a teen they will
let the teen know that fully understand the feelings towards adult and in particular teen
parents.
They earns teens trust and gradually seduce them into sexual or indecent acts.
Pedophiles lure the children by distributing pornographic material, then they try to meet them
for sex or to take their nude photographs including their engagement in sexual positions.
q. Identity Theft: Identity theft is the fastest growing crime in countries like America.
Identity theft occurs when someone appropriates another's personal information without their
knowledge to commit theft or fraud.
Identity theft is a vehicle for perpetrating other types of fraud schemes.
r. Data diddling:-

34

Data diddling involves changing data prior or during input into a computer.
In other words, information is changed from the way it should be entered by a person typing
in the data, a virus that changes data, the programmer of the database or application, or
anyone else involved in the process of having information stored in a computer file.
It also include automatic changing the financial information for some time before processing
and then restoring original information.
s. Theft of Internet Hours:Unauthorized use of Internet hours paid for by another person.
By gaining access to an organisation's telephone switchboard (PBX) individuals or criminal
organizations can obtain access to dial-in/dial-out circuits and then make their own calls or
sell call time to third parties.
Additional forms of service theft include capturing 'calling card' details and on-selling calls
charged to the calling card account, and counterfeiting or illicit reprogramming of stored
value telephone cards.
t. Theft of computer system (Hardware):This type of offence involves the theft of a computer, some part(s) of a computer or a
peripheral attached to the computer.
u. Physically damaging a computer system:Physically damaging a computer or its peripherals either by shock, fire or excess electric
supply etc.
v. Breach of Privacy and Confidentiality
Privacy
Privacy refers to the right of an individual/s to determine when, how and to what extent his or
her personal data will be shared with others.
Breach of privacy means unauthorized use or distribution or disclosure of personal
information like medical records, sexual preferences, financial status etc.
Confidentiality
It means non-disclosure of information to unauthorized or unwanted persons.
In addition to Personal information some other type of information which useful for business
and leakage of such information to other persons may cause damage to business or person,
such information should be protected.

35

Generally for protecting secrecy of such information, parties while sharing information forms
an agreement about the procedure of handling of information and to not to disclose such
information to third parties or use it in such a way that it will be disclosed to third parties.
Many times party or their employees leak such valuable information for monitory gains and
causes breach of contract of confidentiality.
Special techniques such as Social Engineering are commonly used to obtain confidential
information.
Computer Fraud
Computer fraud is any dishonest misrepresentation of fact intended to induce another to do or
refrain from doing something which causes loss. In this context, the fraud will result in
obtaining a benefit by:
* altering computer input in an unauthorized way. This requires little technical expertise and
is not an uncommon form of theft by employees altering the data before entry or entering
false data, or by entering unauthorized instructions or using unauthorized processes;
* altering, destroying, suppressing, or stealing output, usually to conceal unauthorized
transactions: this is difficult to detect;
* altering or deleting stored data; or
* altering or misusing existing system tools or software packages, or altering or writing code
for fraudulent purposes. This requires real programming skills and is not common
Manipulating banking systems to make unauthorized identity theft with reference to ATM
fraud
Internet fraud:
Internet fraud is committed in several ways. The FBI and police agencies worldwide have
people assigned to combat this type of fraud; according to figures from the FBI, U.S.
companies' losses due to Internet fraud in 2003 surpassed US$500 million. In some cases,
fictitious merchants advertise goods for very low prices and never deliver. However, that type
of fraud is minuscule compared to criminals using stolen credit card information to buy goods
and services.
The Internet serves as an excellent tool for investors, allowing them to easily and
inexpensively research investment opportunities. But the Internet is also an excellent tool for
fraudsters.
Computer vandalism:
Vandalism means deliberately destroying or damaging property of another. Thus computer
vandalism may include within its purview any kind of physical harm done to the computer of
any person. These acts may take the form of the theft of a computer, some part of a computer
or a peripheral attached to the computer or by physically damaging a computer or its
peripherals.

36

Computer vandalism is a program that performs malicious function such as extracting a

user's password or other data or erasing the hard disk. A vandal differs from a virus, which
attaches itself to an existing executable program. The vandal is the full executing entity itself
which can be downloaded from the Internet in the form of an ActiveX control, Java applet,
browser plug-in or e-mail attachment.
A vandal is an executable file, usually an applet or an ActiveX control, associated with a Web
page that is designed to be harmful, malicious, or at the very least inconvenient to the user.
Since such applets or little application programs can be embedded in any HTML file, they
can also arrive as an e-mail attachment or automatically as the result of being pushed to the
user. Vandals can be viewed as viruses that can arrive over the Internet stuck to a Web page.
Vandals are sometimes referred to as "hostile applets."
By submitting your personal information, you agree to receive emails regarding relevant
products and special offers from TechTarget and its partners. You also agree that your
personal information may be transferred and processed in the United States, and that you
have read and agree to the Terms of Use and the Privacy Policy.
Vandals can be harmful in two general ways:

They can get access to sensitive information within the computer system where they
execute, such as passwords and encryption keys.

They can cause loss or denial of service within the local computer system. For
example, they can flood the system with data so that it runs out of memory, or they
can slow down Internet connections.

The best way to protect yourself against a hostile applet is to know who you are downloading
a Web page from or who has sent you an HTML page as an e-mail attachment. Major
corporate Web sites or major Web publishers are unlikely to be the source of a vandal (but it
can happen). One recent scam in late 1997 involved a pornography site that invited the
downloading of a page whose ActiveX control reconnected the user to the Web through an
expensive international phone number. In another incident, a group of German crackers
demonstrated an ActiveX control that could transfer funds from one bank account to another
without having to enter a user identification number.

Cyber forensics:
Computer forensics, is the application of scientifically proven methods to gather, process,
interpret, and to use digital evidence to provide a conclusive description of cybercrime
activities. Cyber forensics also includes the act of making digital data suitable for inclusion
into a criminal investigation. Today cyber forensics is a term used in conjunction with law
enforcement, and is offered as courses at many colleges and universities worldwide.
Cyber Forensics provide the following services nationally to Police Forces, Legal Sector and
Corporate's
Corporate Investigations

Disciplinary Tribunals

37

Personnel Issues

Company Policy Infringement

Civil Litigation (including single joint)

Intellectual Property Theft

Contract Disputes

Criminal Proceedings (defence & prosecution)

Fraud

Murder

Cyber Forensics provides highly regarded expert computer forensic investigation services and
unimpeachable expert witness testimony.
Customised services to suit any organisations needs.
Procedures developed for maximum forensic integrity, combined with expertise, to achieve
optimum results in litigation.
Cases include, Murder, Rape, Fraud, Blackmail, and Computer misuse, Libel-Malicious
Email, Internet Pornography and Intellectual Property Theft.
Forensics experts are trained to use a variety of forensic tools including, EnCase, X-Ways
Forensics and Cyber Examiner.
Reports contain precise, jargon-free language, supported by a glossary of terms. Where
appropriate, appendices covering technical material required by opposing experts are
included.

Integrity

Confidentiality

Security assured

Computer forensics and the law:

What is Computer Forensics?

38

If you manage or administer information systems and networks, you should understand
computer forensics. Forensics is the process of using scientific knowledge for collecting,
analysing, and presenting evidence to the courts. (The word forensics means to bring to the
court.) Forensics deals primarily with the recovery and analysis of latent evidence. Latent
evidence can take many forms, from fingerprints left on a window to DNA evidence
recovered from blood stains to the files on a hard drive.
Because computer forensics is a new discipline, there is little standardization and consistency
across the courts and industry. As a result, it is not yet recognized as a formal scientific
discipline. We define computer forensics as the discipline that combines elements of law and
computer science to collect and analyse data from computer systems, networks, wireless
communications, and storage devices in a way that is admissible as evidence in a court of
law.
Why is Computer Forensics Important?
Adding the ability to practice sound computer forensics will help you ensure the overall
integrity and survivability of your network infrastructure. You can help your organization if
you consider computer forensics as a new basic element in what is known as a defence-indepth approach to network and computer security. For instance, understanding the legal and
technical aspects of computer forensics will help you capture vital information if your
network is compromised and will help you prosecute the case if the intruder is caught.
Computer forensics is also important because it can save your organization money. Many
managers are allocating a greater portion of their information technology budgets for
computer and network security. International Data Corporation (IDC) reported that the
market for intrusion-detection and vulnerability-assessment software will reach 1.45 billion
dollars in 2006. In increasing numbers, organizations are deploying network security devices
such as intrusion detection systems (IDS), firewalls, proxies, and the like, which all report on
the security status of networks.
Forensic evidence:
From a technical standpoint, the main goal of computer forensics is to identify, collect,
preserve, and analyse data in a way that preserves the integrity of the evidence collected so
it can be used effectively in a legal case.
What are some typical aspects of a computer forensics investigation? First, those who
investigate computers have to understand the kind of potential evidence they are looking for
in order to structure their search.
Crimes involving a computer can range across the spectrum of criminal activity, from child
pornography to theft of personal data to destruction of intellectual property. Second, the
investigator must pick the appropriate tools to use. Files may have been deleted, damaged,
or encrypted, and the investigator must be familiar with an array of methods and software to
prevent further damage in the recovery process.
System administrators and security personnel must also have a basic understanding of how
routine computer and network administrative tasks can affect both the forensic process (the
potential admissibility of evidence at court) and the subsequent ability to recover data that
may be critical to the identification and analysis of a security incident.

39

Security professionals need to consider their policy decisions and technical actions in the
context of existing laws. For instance, you must have authorization before you monitor and
collect information related to a computer intrusion. There are also legal ramifications to using
security monitoring tools
Computer forensics is a relatively new discipline to the courts and many of the existing laws
used to prosecute computer-related crimes, legal precedents, and practices related to
computer forensics are in a state of flux. New court rulings are issued that affect how
computer forensics is applied. The best source of information in this area is the United States
Department of Justices Cyber Crime web site. The site lists recent court cases involving
computer forensics and computer crime, and it has guides about how to introduce computer
evidence in court and what standards apply. The important point for forensics investigators is
that evidence must be collected in a way that is legally admissible in a court case.
Increasingly, laws are being passed that require organizations to safeguard the privacy of
personal data. It is becoming necessary to prove that your organization is complying with
computer security best practices. If there is an incident that affects critical data, for instance,
the organization that has added a computer forensics capability to its arsenal will be able to
show that it followed a sound security policy and potentially avoid lawsuits or regulatory
audits.
Computer forensic tools:
These tools generally differ in functionality, complexity and cost. In terms of functionality,
some tools are designed to serve a single purpose [4] while others offer a suite of functions.
Therefore, the functionalities offered by a tool are exactly what lead to its complexities.
These complexities can either be related to design and algorithmic complexity or ease-of-use;
in some instances, a tool can offer great functionality but fall short because of a complex
interface. Cost is the final distinguishing factor. Some of the market-leading commercial
products cost thousands of dollars while other tools are completely free [4]. With these
limiting factors (functionality, complexity, and cost) in mind, the computer forensic expert
now needs to evaluate the criticality of the crime and choose an appropriate tool(s) to help
with his/her investigation.
Various tools are:
Disk Imaging:
Disk imaging is an important functionality since investigations should never be conducted on
original storage media. Hence, disk imaging is used to protect the integrity of any storage
media to be investigated. If a storage mediums integrity is not maintained, results of an
investigation could be rendered null and void in a court of law since defence attorneys are
then able to bring the investigative process under question. Hashing and hash functions then
become important since they offer a guarantee that an imaged device is actually the same as
the original.
Hashing functions:
Hash functions form the foundation of the internal verification mechanism used by forensic
tools to guarantee the integrity of the original media and the resulting image file. A hash
function H is a transformation that takes an input m and returns a fixed-size string, which is
called the hash value h. That is, h is the result of the hashing function being applied onto the
input m

40

Hashing functions are of 2 typesi)

Secure Hash Algorithm (SHA) 1
ii)
Message Digest 5 (MD5)
PC Inspector File Recovery:
PC Inspector File Recovery is a freely available forensic tool. This tool serves two main
purposes. Firstly, to reveal the contents of all storage media attached to the computer system
and, secondly, to recover any deleted data from the media.
Encase:
Encase is a commercial forensic tool developed by Guidance Software. It was introduced to
the forensics market in 1998. Encases functionalities include disk imaging, data verification
and data analysis. An important feature is the recovery of data through the inspection of
unallocated spaces. We must remember that these unallocated spaces could contain
information relevant to an investigation.
Vital information such as last access, time created, and last modifications of a file are all
provided by this tool.
Forensic Tool Kit:
Forensic Tool Kit is a commercial forensics tool developed by AccessData. This tool allows
the CFS to view all files on the chosen storage device. A function of this tool includes
immediate generation of hash values for files that are viewed within an investigation.
Unlike the above mentioned forensic tools, Forensic Tool Kit does not support data recovery.
Since the data discovery functionality of the tool is not effective, data analysis and recovery
are both affected. In light of all this, it is important to mention that all investigations were
conducted on a trial version of Forensic Tool Kit. Therefore, it is our view that the full
version does incorporate more effective and comprehensive functionality
FTK Imager:
FTK Imager is a commercial tool offered by AccessData. Its main function is to view and to
image storage devices. Data recovery can be attained in most instances as a result of the
tools ability to effectively preview these storage devices. It is worth noting that the tools
effectiveness at data recovery depends largely on the time when the file was actually deleted.
The tool is also able to generate either MD5 or SHA hash values of all visible and accessible
files. In particular, the MD5 hash value is generated and presented to the investigator as part
of the completed process notification to guarantee the integrity of the original files.
Difference between cyber and conventional crimes:
In comparison to physical theft and cyber theft of data in financial institutions, there are a
variety of differences and similarities. First, the intention by thiefs in both endeavours is to
steal funds that are not their own. However, the physical theft leaves behind forensic
evidence that is normally quite clear. Digital theft sometimes does not leave behind clear
trails of evidence that can both be accounted for quickly after a crime occurs or can be traced
back forensically to the originator of the crime. Furthermore, once physical thefts occur, a
return to the crime scene is normally not standard protocol by a thief. However, if sensitive

41

or private data is taken during a digital crime, such as user names, passwords, social security
numbers, credit card numbers, account numbers, et cetera, and the crime goes unnoticed, this
information can be used to perpetrate further crimes.
With regard to the penalty phase of cybercrime versus physical crime, there appears to be an
apparent disparity. As in most white-collar crime, the judicial system is generally more
lenient during sentencing due to the lack of physical threat or harm. Normally, value is a
consideration during the penalty phase of white-collar crime, whereby the total value of
goods stolen impacts sentencing. If a person with a handgun steals a thousand dollars from a
store clerk and shoots the clerk in the shoulder, but an 18-year old hacker steals $10,000 from
a bank in Utah, would 15-year sentences for both crimes be sufficient for the public to
perceive that justice has been served? Ultimately, there will almost always be a disparity in
sentencing between violent and white-collar crime due to the threat of violence and harm to
the person versus the value of the theft. However, as cybercrimes become more transnational and values increase exponentially, the international community, judicial systems, and
public outcry will begin to change perceptions and more than likely adjust sentencing
parameters to align with local and international perceptions.
Perhaps one way of viewing cybercrimes is that they are digital versions of traditional
offenses. It appears that many cybercrimes could be considered traditional, or real world,
crimes if not for the incorporated element of virtual or cyberspace. Indeed, many of these socalled cybercrimes can be easily likened to traditional crimes. For instance, identity theft can
occur in both physical and cyber arenas. While these crimes may occur through differing
mechanisms, in both circumstances the criminal intent (profit) and outcome (stolen
personally identifiable information) are the same.
In the real world, a criminal can steal a victims wallet or mail including documents
containing personally identifiable information. In April 2011, two men were
sentenced for leading a criminal enterprise that stole credit and debit cards from
mailboxes in affluent neighbourhoods in South Florida. The thieves then used the
cards to make large purchases and cash withdrawals from the cards, costing victims
$786,000.17 in another case, from September 2010, the leaders of a mail theft and
identity theft ring were sentenced for stealing mail from mailboxes in more than 50
residences and law firms in Washington, DC. The thieves took checks and documents
containing personally identifiable information (PII) to cash forged checks at local
banks.
In the cyber world, a computer hacker can easily steal this same PIIelectronically
rather than physically. In September 2012, two Romanian nationals pleaded guilty to
participating in an international, multimillion-dollar scheme to remotely hack into
and steal payment card data from hundreds of U.S. merchants computers.
Defendants remotely hacked into POS systems and then, also remotely, installed
keystroke loggers. These devices illegally captured victims credit card information
when the cards were swiped by the merchants, and then this information was
transferred electronically to the fraudsters. The defendants stole information from
about 6,000 victims and sold this information for a profit. In another case, two
defendants were sentenced in July 2010 for using peer-to-peer (P2P) software to
search file sharing networks, stealing victims account information and passwords.
The defendants used this information to access victims bank accounts and transfer
funds to prepaid credit cards in the defendants names.
In some instances, it may seem that law enforcement struggles to keep up with developments
in the virtual world, which transform routine activities once driven by paper records in the
real world. As a result, criminals are often prosecuted using laws intended to combat crimes

42

in the real world. As Department of Justice (DOJ) officials have pointed out, federal laws to
prosecute computer-related crimes are not necessarily as ample or broad as those used to
confront their traditional counterparts.
UNIT-4
Regulation of cyber-crimes, Issues relating to investigation, issues relating to
jurisdiction, issues relating to evidence, relevant provisions under Information
Technology Act 2000, Indian penal code, pornography Act and evidence Act etc.
Regulation of cybercrimes:
The ever increasing use of computers, networks and the Internet has led to the need for
regulation in the fields of cybercrime, cyber security and national security.
As the extent of commerce transacted over cyberspace continues to grow, along with
increasing reliance on information technology to derive cost-efficiencies, the risk exposures
to enterprises have increased.
Regulators from several countries in Asia have strengthened existing data privacy and
cybercrime laws or created new ones in response to the increasing frequency and severity of
cyber-attacks in the region. Companies with single or multinational operations in Asia must
keep pace with the changing regulatory landscape, as governments enhance existing laws,
create new laws, and step up enforcement, increasing risk exposures for companies who are
the subject of a cyber-attack, misuse or mishandle customer data.
As crime increasingly has a digital component, legislators in the United States have
responded by strengthening and broadening legislation to address the threats; the Computer
Fraud and Abuse act is a prime example. Center researchers examine the impact of this and
other laws and regulation on cybercrime, asking whether particular provisions achieve their
desired results and/or produce costly, unintended side effects. The goal of this work is to
arrive at generalizations about the types of laws and regulations that are effective at deterring
fraud and promoting security.
In India, The Information Technology Act of 2000 addresses a range of cybercrimes, such as
hacking, viruses, email scams, Dodos, forgery, cyber terrorism, identity theft, phishing, and ecommerce fraud.
In 2013, the government went one step further by announcing a National Cyber Security
Policy aimed at setting up an agency to protect the public and private infrastructures from
cyber-attacks and safeguarding the personal information of web users, financial and banking
information, and sovereign data. How this policy will be executed remains to be seen. India is
also working on a new piece of legislation on privacy, which provides for the protection of
data and personal privacy.
Relevant law:The Information Technology Act, 2000.
Information Technology Act Amendment (Reasonable Security Practices and Procedures
and Sensitive Personal Data or Information) Rules, 2011.
RBI Regulation: DBOD.COMP.BC.No. 130/07.03.23/2000-01
Issues relating to investigation:
The law enforcement agencies were bound by some ground rules before the evolution of
cybercrimes. There were established procedures for investigation and prosecution of all types

43

of crimes. In case of traditional crimes, large number of physical evidence is generally

available at the scene of crime. Collection of such physical evidence required at lot of
common sense and a little technical knowledge. Forensic help could also be provided since
laboratory examination procedures are fully established. The crime scene is also confined to a
relatively smaller place.
Today, with the advancement of technology, crimes have become more complex and
criminals more sophisticated as their modus operandi is incomparable to the traditional
investigation methods. Information technology provides an opportunity to the criminals to
commit traditional crimes like cheating, fraud, theft, credit card frauds, embezzlement of
bank deposits, industrial and political espionage, cyber terrorism etc. and at the same time it
helps in committing non-traditional and information technology related crimes like attacks
against the security of critical infrastructures like tale communication, banking and on
emergency services. Such crimes may be committed through computer networks across the
national borders, affecting not only individuals, but they may instead result in compromising
the security and the economy of the nation.
In this information technology age, the criminal investigation procedures require radical
changes to handle the errant computer users effectively. Today, the crime investigators are
faced with the problem of collection of appropriate evidence in computer storage media and
data communication system.
It requires a cohesive well trained and well equipped force of investigators operating and cocoordinating at national and international level. This change in crime scenario would also
necessitate major changes in the related forensic procedures as well as in the outlook of
judiciary. Present era of fast changing technologies well soon derail the criminal justice
system and make the whole exercise futile, if appropriate steps are not taken urgently.
The law enforcement agencies throughout the world are mainly facing three types of
problems/issues in their fight against the cyber-crimes.
Issues relating to jurisdiction:
Cyber-crimes are crimes truly with have o boundary. Information technology has turned the
world into a global village. The advent of Internet has put everyone within the reach of other.
The cyber-criminal have scant regard for national or local jurisdictions.
Section 75 of the Information Technology Act is Indian answer to jurisdictional blues. This
Section extends the influence of Information Technology Act, 2000 over the entire world
keeping in view the nature of cyber crimes
However, the problem is not as simple as it appears. The difficulty arises in implementing
extra-territorial jurisdiction. The problem will arise as to actual conducting of investigation
and trail. Internal territorial problems can be solved such problem invariably arises in
international arena. The first point is how far the nations are willing to help one another.
Police investigations abroad are stifled by a variety of factor, including the desire to protect
individual of certain nationalities. The procedure also involves a request by the court of one
country to its counterpart in another. Collection of information in cyber matters requires
searches and confiscation of delicate material that needs speedy and expert handling.
Assistance in such areas is slow and half-hearted despite there being bets relations among
countries.
Also, Section 75 has potential to create problems, as an act that occurred overseas may have
no connection in India except the use of some remote computer resource located here, this,
which is quite common in internet relations, may be brought within the purview of our laws.
How it is justifiable to start criminal proceedings against a foreigner who has not committed
any act on Indian Territory? It is submitted that jurisdiction of IT Act shall not extend to those

44

cases where the accused and victims are foreigners and the offence is committed outside the
territory of India.
For trail in India of any foreign national, he can be demanded from has parent country only
when the same facts also constitute an offence in that country. For example, pornography is
not illegal in Amsterdam (Holland), any person transmitting obscene material in India cannot
be brought to India and tried under the I.T. Act of 2000 despite the same being an offence
here,. Gambling and obscenity laws provide criminal sanctions of individual within their
jurisdiction. For example, if the person placing the bet and the bookie is in a country such as
the UK where gambling on cricket is legal, and if the bet is placed from a computer in India
how can get police department effectively act on this crime in India?
The extradition treaties are not generally there. Even when there is any such extradition
treaty, offender can be extradited to India only when the same facts also constituted an
offence in other legal system and too after the testing of facts and offence by the legal
systems of both the countries. It will be a protracted battle. A number of Kashmiri terrorists
are hacking Indian sites from Pakistan. Due to political differences least cooperation is
expectable from Pakistan. It has different definitions of crime. Any act of cyber terrorism will
be offence in Indian but they are categorized as freedom fighters by Pakistan. So they cannot
be brought to book.
A pertinent question arises whether a judgment passed by an Indian court in matter relating to
a person/company situated abroad but duly covered under the provisions of the I.T. Act of
2000 would be acceptable to foreign courts. If the judgments delivered by Indian Court
cannot be enforced then whole exercise of trial and punishments would turn out to be futile.
In case of India, the absence of internationally accepted jurisdiction treaty or convention, the
desire to bring the cyber-criminal book from any corner of the world is just a dream which is
far from reality. The problem will be more acute as India is still not the signatory of the
International Cyber Crime Treaty, It does not enjoy the privileges accorded to signatory
nations in the detection investigation and prosecution of cyber-crimes.
There is no universally accepted definition of cyber-crime. The cyber-crime in a country may
not be termed as a cyber-crime in another. There are only 13 countries that have cyber-crime
laws. This puts enormous pressure on the law enforcement agencies in obtaining international
co-operation. The absence of such laws is like shielding the criminals from the legal
provisions and providing them safe haven to continue with their evil deeds. Further, the rate
at which cyber-crimes are increasing in the world, it is necessary for the criminal justice to
demonstrate that quick and severe punishment would be awarded to those involved in such
criminal activities. What we need is the rule of law at an international level and a universal
legal framework which is equal to the worldwide reach of internet. It is therefore, necessary
to make appropriate dynamic laws pertaining to cyber-crime. It cannot take the usual snails
pace of law making since the technology changes at a very fast rate. The laws made today for
yesterday technology might become outdated by the time they are checked. It is submitted
that universally accepted definition of cybercrime shall be made and an international treaty
on cyber-crime shall be made and shall be signed by the entire countries of the world in order
to tackle menace of cyber crime
Issues relating to evidence:
To effectively combat the cyber-crime, it is not sufficient to successfully investigate the crime
and nab the criminal, but more important is to prosecute and administer justice, according to
the law of land. This requires an effective legal frame work, which fully supports the

45

detection and prosecution of cyber criminals. The traditional techniques for investigation of
cyber-crime and the prosecution procedures are inadequate. The judiciary must also
appreciate the intricacies of the digital evidence that is collected and presented in the courts
of law, in spite of the technical and operational hurdles the investigator faces.
1. Victims and Witnesses Unawareness
The first impediment that is faced by investigators is of securing the co-operation of
complainants and witnesses. It is now well-documented that the victims of crimes of this
nature are reluctant to report them to the police. Ernst and Young found in its 8th Global
Survey of business fraud, that only one quarter of frauds were reported to the police and only
28% of these respondents were satisfied with the resultant investigation.
2. Identifying Suspects
Another problem faced by cyber-crime investigators is the identification of suspects.
Occasionally, this can lead to considerable problems when the wrong person is arrested.
Digital technologies enable people to disguise their identity in a wide range of ways making
it difficult to know with certainty as to who was using a computer from which illegal
communications came. This problem is more prevalent in business environment where
multiple people may have access to a personal computer and where passwords are known or
shared, than in private home where it can often be assumed who the person was and who was
using the computer because of circumstantial evidence.
This problem of identifying suspects may be resolved by traditional investigative techniques,
such as the use of video surveillance or gathering indirect circumstantial evidence that locates
accused at the terminal at a particular time and day.
This problem may be also solved by the use of biometric means of identification. At present
few computers have biometric user authentication systems such as fingerprint scanner when
logging on. When they become more widespread, problems of identification may be reduced.
DNA samples which can be gathered from keyboards may be used to identity an individual
with a particular computer in some cases.
3. Locating and Securing Relevant Material
Considerable difficulties arise in locating and securing electronic evidence as the mere act of
switching on or off a computer may alter critical evidence and associated time and date
records. It is also necessary to search through vast quantities of data in order to locate the
information being sought. Todays cyber investigators are faced with many problems because
digital evidence is highly fragile, bits are easier to temper than paper, can easily be altered,
manipulated and destroyed. So chain of custody of these needs is to be maintained and all
digital evidence need to be authenticated.
Difficult problems arise in obtaining digital evidence in cyber-crime cases, although in some
ways computers have made the process easier through the ability to conduct searches of hard
drives remotely via the Internet. Some of the main difficulties, however, relate to obtaining
permission to conduct such a search, securing the relevant access device such as a password,
decrypting data that have been encrypted, and imaging a hard drive without interfering with
the evidence.
There is also the practical problem of conducting searches quickly so that data cannot be
removed.
4. Problems of Encryption
A difficult problem faced by cyber-crime investigators is concerning the data that have been
encrypted by accused who refuse to provide the decryption key or password.

46

Relevant provisions under Information Technology Act 2000:

The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) is an Act
of the Indian Parliament (No 21 of 2000) notified on 17 October 2000. It is the primary law
in India dealing with cybercrime and electronic commerce. It is based on the United Nations
Model Law on Electronic Commerce 1996.
In May 2000, both the houses of the Indian Parliament passed the Information Technology
Bill. The Bill received the assent of the President in August 2000 and came to be known as
the Information Technology Act, 2000. Cyber laws are contained in the IT Act, 2000.
This Act aims to provide the legal infrastructure for e-commerce in India. And the cyber laws
have a major impact for e-businesses and the new economy in India. So, it is important to
understand what are the various perspectives of the IT Act, 2000 and what it offers.
The Information Technology Act, 2000 also aims to provide for the legal framework so that
legal sanctity is accorded to all electronic records and other activities carried out by electronic
means. The Act states that unless otherwise agreed, an acceptance of contract may be
expressed by electronic means of communication and the same shall have legal validity and
enforceability. Some highlights of the Act are listed below:
Chapter-II of the Act specifically stipulates that any subscriber may authenticate an electronic
record by affixing his digital signature. It further states that any person can verify an
electronic record by use of a public key of the subscriber.
Chapter-III of the Act details about Electronic Governance and provides inter alia amongst
others that where any law provides that information or any other matter shall be in writing or
in the typewritten or printed form, then, notwithstanding anything contained in such law, such
requirement shall be deemed to have been satisfied if such information or matter is rendered or made available in an electronic form; and accessible so as to be usable for a
subsequent reference.
The said chapter also details the legal recognition of Digital Signatures.
Chapter-IV of the said Act gives a scheme for Regulation of Certifying Authorities. The Act
envisages a Controller of Certifying Authorities who shall perform the function of exercising
supervision over the activities of the Certifying Authorities as also laying down standards and
conditions governing the Certifying Authorities as also specifying the various forms and
content of Digital Signature Certificates. The Act recognizes the need for recognizing foreign
Certifying Authorities and it further details the various provisions for the issue of license to
issue Digital Signature Certificates.
Chapter-VII of the Act details about the scheme of things relating to Digital Signature
Certificates. The duties of subscribers are also enshrined in the said Act.
Chapter-IX of the said Act talks about penalties and adjudication for various offences. The
penalties for damage to computer, computer systems etc. has been fixed as damages by way
of compensation not exceeding Rs. 1,00,00,000 to affected persons. The Act talks of

47

appointment of any officers not below the rank of a Director to the Government of India or an
equivalent officer of state government as an Adjudicating Officer who shall adjudicate
whether any person has made a contravention of any of the provisions of the said Act or rules
framed there under. The said Adjudicating Officer has been given the powers of a Civil Court.
Chapter-X of the Act talks of the establishment of the Cyber Regulations Appellate Tribunal,
which shall be an appellate body where appeals against the orders passed by the Adjudicating
Officers, shall be preferred.
Chapter-XI of the Act talks about various offences and the said offences shall be investigated
only by a Police Officer not below the rank of the Deputy Superintendent of Police. These
offences include tampering with computer source documents, publishing of information,
which is obscene in electronic form, and hacking.
The Act also provides for the constitution of the Cyber Regulations Advisory Committee,
which shall advice the government as regards any rules, or for any other purpose connected
with the said act. The said Act also proposes to amend the Indian Penal Code, 1860, the
Indian Evidence Act, 1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank of
India Act, 1934 to make them in tune with the provisions of the IT Act.

Indian penal code:

The Indian security system has been one that has gone through a lot of tests and examinations
throughout the time. This is due to the political as well as the social situation and standing of
the country. India is a land of diverse cultures and traditions. It is a place where people from
various religions as well as ethnic backgrounds live together. As a result of these, there might
arise certain disputes amongst the people. The cultural diversity is such that there are disputes
and clashes of interest between different states, ethnic to particular cultural consortiums.
There are also many intrusions from neighbouring countries and terrorist organizations. Then,
there is the issue of the Naxalites as well as the day to day common crimes. To counter all
such crimes and breach of law, a document has been formulated, that covers each of these
situations separately and lists out the penalties for those found guilty under any of the
mentioned offences. This is document is known as the Indian Penal Code. The Indian penal
code is also applicable to the state of Jammu and Kashmir.
The Indian Penal code, in its basic form, is a document that lists all the cases and
punishments that a person committing any crimes is liable to be charged with. It covers any
Indian citizen or a person of Indian origin. The exception here is that any kind of military or
the armed forces crimes cannot be charged based on the Indian Penal Code. Military as well
as the armed forces have a different dedicated list of laws and the Indian Penal Code does not
have the privilege to supersede any part of it. The Indian Penal Code also has the power to
charge for any crimes committed by a person who is an Indian citizen on any means of
transport belonging to India-an Indian aircraft or an Indian ship.
Indian Penal Code (IPC) is the main criminal code of India. It is a comprehensive code
intended to cover all substantive aspects of criminal law. The code was drafted in 1860 on the
recommendations of first law commission of India established in 1834 under the Charter Act
of 1833 under the Chairmanship of Thomas Babington Macaulay.[1] [2] [3] It came into force in
British India during the early British Raj period in 1862. However, it did not apply
automatically in the Princely states, which had their own courts and legal systems until the

48

1940s. The Code has since been amended several times and is now supplemented by other
criminal provisions. Based on IPC, Jammu and Kashmir has enacted a separate code known
as Ranbir Penal Code (RPC).
After the departure of the British, the Indian Penal Code was inherited by Pakistan as well,
much of which was formerly part of British India, and there it is now called the Pakistan
Penal Code. Even after the independence of Bangladesh (Formerly known as East Pakistan)
from Pakistan (Formerly known as West Pakistan), it continued in force there. It, the Indian
Penal Code, was also adopted by the British colonial authorities in Burma, Ceylon (now Sri
Lanka), the Straits Settlements (now part of Malaysia), Singapore and Brunei, and remains
the basis of the criminal codes in those countries. The Ranbir Penal Code applicable in that
state of Jammu and Kashmir of India, is also based on this Code.
The draft of the Indian Penal Code was prepared by the First Law Commission, chaired by
Thomas Babington Macaulay in 1834 and was submitted to Governor-General of India
Council in 1837. Its basis is the law of England freed from superfluities, technicalities and
local peculiarities.
The Indian Penal Code of 1860, sub-divided into twenty three chapters, comprises five
hundred and eleven sections. The Code starts with an introduction, provides explanations and
exceptions used in it, and covers a wide range of offences.
There are sections related to Dowry Laws and jurisdictions in India, as well as there are
several sections that concern various types of criminal laws. The Indian Penal Code is thus
the most fundamental document of all the law enforcer as well as the entire judiciary in India.
Pornography Act:
Pornography or obscenity is very sensitive issue all over the world yet there is no settled
definition of the word under any law. What is nude art or sexually explicit thing for one
person may be obscene or porn for another. Hence, it is very difficult to define What is
porn?
There have been many attempts to limit the availability of pornographic content on the
Internet by governments and law enforcement bodies all around the world but with little
effect. Classic example is a website, www.incometaxpune.com, prima facie, it looks a
website of Income tax department of Pune City, but actually its a porn site. Though it was
blocked many times by law enforcement agencies in India, it is still available with obscene
contains.
Pornography on the Internet is available in different formats. These range from pictures and
short animated movies, to sound files and stories. The Internet also makes it possible to
discuss sex, see live sex acts, and arrange sexual activities from computer screens. Although
the Indian Constitution guarantees the fundamental right of freedom of speech and
expression; it has been held that a law against obscenity is constitutional. The Supreme Court
has defined obscene as offensive to modesty or decency; lewd, filthy, repulsive.

49

Section 67 of the Information Technology Act, 2000 penalizes cyber pornography. Other
Indian laws that deal with pornography include the Indecent Representation of Women
(Prohibition) Act and the Indian Penal Code.
Section 67 reads as under:Whoever publishes or transmits or causes to be published or transmitted in the electronic
form, any material which is lascivious or appeals to the prurient interest or if its effect is such
as to tend to deprave and corrupt persons who are likely, having regard to all relevant
circumstances, to read, see or hear the matter contained or embodied in it, shall be punished
on first conviction with imprisonment of either description for a term which may extend to
three years and with fine which may extend to five lakh rupees and in the event of second or
subsequent conviction with imprisonment of either description for a term which may extend
to five years and also with fine which may extend to ten lakh rupees.
This section explains what is considered to be obscene and also lists the acts in relation to
such obscenity that are illegal.
Explanation
Any material in the context of this section would include video files, audio files, text files,
images, animations etc. These may be stored on CDs, websites, computers, cell phones etc.

Lascivious is something that tends to excite lust.

Appeals to, in this context, means arouses interest.
Prurient interest is characterized by lustful thoughts.
Effect means to produce or cause some change or event.
Tend to deprave and corrupt in the context of this section means to lead someone to
become morally bad.
Persons here refers to natural persons (men, women, children) and not artificial persons
(such as companies, societies etc.).

To be considered obscene for the purpose of this section, the matter must satisfy at least one
of the following conditions:-

it must tend to excite lust, or

it must arouse interest in lustful thoughts, or

It must cause a person to become morally bad.

50

The above conditions must be satisfied in respect of a person who is the likely target of the
material.
Illustration
Sameer launches a website that contains information on sex education. The website is
targeted at higher secondary school students. Pooja is one such student who is browsing the
said website. Her illiterate young maid servant happens to see some explicit photographs on
the website and is filled with lustful thoughts.
This website would not be considered obscene. This is because it is most likely to be seen by
educated youngsters who appreciate the knowledge sought to be imparted through the
photographs. It is under very rare circumstances that an illiterate person would see these
explicit images.
Acts those are punishable in respect of obscenity:Publishing means to make known to others. It is essential that at least one natural person
(man, woman or child) becomes aware or understands the information that is published.
Simply putting up a website that is never visited by any person does not amount to
publishing.
Transmitting means to pass along convey or spread. It is not necessary that the
transmitter actually understands the information being transmitted.
Information in the electronic form includes websites, songs on a CD, movies on a DVD,
jokes on a cell phone, photo sent as an email attachment etc.
The punishment provided under this section is as under:

First offence: Simple or rigorous imprisonment up to 3 years and fine up to Rs 5

lakh.
Subsequent offence: Simple or rigorous imprisonment up to 5 years and fine up to Rs
10 lakh.

Amendments of 2008 introduced new Section on Cyber pornography i.e. Section 67A.

The Section makes publishing or transmitting of sexually explicit act or conduct illegal with a
punishment of imprisonment up to five years and with fine which may extend to ten lakh
rupees for first offence and seven years for subsequent offences.
Hence, the Section makes publishing or transmission of blue films, audio sex clips, pictures,
magazines and any other material in the electronic form involving sexually explicit acts
illegal.
Evidence Act:
The Indian Evidence Act, originally passed by the Imperial Legislative Council in 1872,
during the British Raj, contains a set of rules and allied issues governing admissibility of
evidence in the Indian courts of law.

51

The enactment and adoption of the Indian Evidence Act was a path-breaking judicial measure
introduced in India, which changed the entire system of concepts pertaining to admissibility
of evidences in the Indian courts of law. Until then, the rules of evidences were based on the
traditional legal systems of different social groups and communities of India and were
different for different people depending on caste, religious faith and social position. The
Indian Evidence Act introduced a standard set of law applicable to all Indians.
The law is mainly based upon the firm work by Sir James Fitzjames Stephen, who could be
called the founding father of this comprehensive piece of legislation.
The Indian Evidence Act, identified as Act no. 1 of 1872,[2] and called the Indian Evidence
Act, 1872, has eleven chapters and 167 sections, and came into force 1 September 1872. At
that time, India was a part of the British Empire. Over a period of more than 125 years since
its enactment, the Indian Evidence Act has basically retained its original form except certain
amendments from time to time.
When India gained independence on 15 August 1947, the Act continued to be in force
throughout the Republic of India and Pakistan, except the state of Jammu and Kashmir.[3]
Then, the Act continues in force in India, but it was repealed in Pakistan in 1984 by the
Evidence Order 1984 (also known as the "Qanun-e-Shahadat"). It also applies to all judicial
proceedings in the court, including the court martial. However, it does not apply on affidavits
and arbitration.
This Act is divided into three parts and there are 11 chapters in total under this Act.[2]
Part 1
Part 1 deals with relevancy of the facts. There are two chapters under this part: the first
chapter is a preliminary chapter which introduces to the Evidence Act and the second chapter
specifically deals with the relevancy of the facts.
Part 2
Part 2 consists of chapters from 3 to 6. Chapter 3 deals with facts which need not be proved,
chapter 4 deals with oral evidence, chapter 5 deals with documentary evidence and chapter 6
deals with circumstances when documentary evidence has been given preference over the
oral evidence.
Part 3
The last part, that is part 3, consists of chapter 7 to chapter 11. Chapter 7 talks about the
burden of proof. Chapter 8 talks about estoppel, chapter 9 talks about witnesses, chapter 10
talks about examination of witnesses, and last chapter which is chapter 11 talks about
improper admission and rejection of evidence.

52

UNIT-V
Copyright issues in cyberspace: linking, framing, protection of content on web site,
International treaties, trademark issues in cyberspace: domain name dispute, cybersquatting, uniform dispute resolution policy, computer software and related IPR issues
Copyright issues in cyberspace:
Copyright laws protect original works, but not ideas or facts. The Copyright Act of 1976
grants exclusive rights to the copyright holder. A copyright protects original works such as:
literary works, musical works, dramatic works, pantomimes & choreographed works,
pictorial, graphic, and sculptural works, motion pictures and other audio-visual works, sound
recordings, architectural works, compilations (databases for example), written words on a
website, and software programs on a website. The copyright holder has exclusive rights such
as reproduction, derivative works (being allowed to alter it), distribution, performance, and
display, audio & video transmission.
Copyright is automatically created on original works. You do not need to file to create a
copyright. But it may be a good idea to file a copyright to establish a public record of it and if
you ever want to pursue an infringement suit, it will need to have been filed. You can visit
copyright.gov/forms to download a copyright form. A common-law copyright is created
automatically on publication, so registration is not required to use the symbol. The proper
way to state that something is copyrighted is to use the symbol, the copyright or
abbreviated version (Copr.), the year of first publication, and the name of the copyright
owner. For example: Copyright 2007 Off the Page Creations.
Copyrights that were created after January 1, 1978 have protection during the life of the
author plus 70 years. In the case of more than one author, the period of protection is the term
of 70 years after the death of the last surviving member. In a case of 'Work-Made-For-Hire',
the protection term is 95 years from first publication or 120 years from the year of creation
(whichever comes first). Once copyrights expire they become part of the public domain and
are free to use by anyone. But don't assume just because something doesn't have a copyright
symbol, that it is free to use.
In a 'Work-Made-For-Hire' the person that hires someone to create (design a logo for
example) something for them, the person hiring is the person who holds the copyright, not the
designer or author. If the work was prepared by an employee within his job duties as
requested by his/her boss and not for a customer, the employer holds the copyright because
the employee was hired to do it for the employer and it was part of his/her job duties.
An odd variation to the 'Work-Made-For-Hire' rule is websites (including the 'look & feel',
the software, scripts, graphics & the text). If someone hires a web designer to create their
website, the website designer holds the copyright, unless it is specified otherwise in the
contract. Most companies state that the hiring party holds the contract (as we state in our
contract), but it's a good idea to verify who will hold copyright to the website before signing
anything.

53

Fair Use
'Fair Use' allows limited use of a copyrighted work. Some examples of what are considered
'fair use' are: teaching, criticism, comment, news reporting, and research. Only a court can
decide if a copyrighted works use was considered 'fair use'.
What You Can't Do

Copy pictures to use on your brochure or website that you found on the internet (even
if you put up the copyright line of who holds the copyright, this is considered
infringement)

Purchase a license to use a photo on your brochure, then continue to use it on your
website, flyers, and postcards unless it is stated in the license

Copy text out of a book or off from a website and use it verbatim

Put music on your website without permission

Post an article without permission, even if it's about you

Use an image by linking to it rather than copying it (This is still copyright

infringement)

What You Should Do

Purchase photos to use that are 'copyright free' and follow the license for the uses

Or get permission from the copyright holder to use photos

Purchase 'copyright free' music and follow the license for the uses

Get permission to use articles from the writer & publisher

You should ask permission to link to someone's website

Copyright infringers may face civil liability and also criminal liability for felony copyright
infringement if it is wilful, and for financial gain, or by reproducing and distributing a large
amount.
Linking:
Most often, a website will connect to another in the form of a link (also known as a
hypertext link), a specially coded word or image that when clicked upon, will take a Web
user to another Web page. A link can take the user to another page within the same site (an
internal link), or to another site altogether (an external link).

54

You do not need permission for a regular word link to another websites home page. If there
is some concern over the link, most issues can be squared away by having the linked site sign
a linking agreement that gives permission for your link.
Linking is the practice of linking to the internal pages of a website, bypassing introductory
pages as well as other material that would normally precede the linked page. By deep linking
into a website, a person is able to navigate to the linked page without going through
introductory pages that normally include things like advertisements and banners that provide
the website with income. As a result of deep linking, many small businesses have suffered
because of this loss of advertisement income. In addition, when one website deep links into
another website, users could be confused into thinking that the two websites are related to
each other.
Framing:
Unlike linking, framing is a relatively recent phenomenon, introduced by Netscape in Version
2 of its Navigator product. A framing site, by virtue of certain commands in its HTML code,
links to another site, displaying that site within a window or frame. The frame itself is
comprised of content from the framing site. In contrast to generic hyperlinking, in the case of
framing, the user remains at the framing site and views content from both sites. The address
that the user's browser displays may continue to be that of the framing site. The user may be
unaware that the content in the frame comes from another site. This difference between
linking and framing may make trademark liability more likely for sites that frame rather than
merely hyperlink.
Sites are increasingly challenging those who frame them.
Protection of content on web site:
Websites are particularly open to abuse, especially theft of content and images. You should
assume that files will be accessed randomly, downloaded as individual chunks, and
distributed out of context. It is therefore important to include a copyright notice on as many
individually deliverable items as possible:

Image file properties should include a notice.

Under Windows for example, right clicking on an image will allow you to bring up
the properties dialogue where you may enter details about the file, (though this will
only work with certain file types). More typically, your image software will provide a
way to insert comments into the file; this is preferred as these are harder to remove.

Every page should contain a notice in the visible text (text shown on screen), or at
least link to your notice in the body of the page.

Every delivered file should include a notice in non-visible text.

For example, in HTML files and CSS style sheets a copyright notice can be included
as a comment.

55

Watermarking may be worth considering if you have a lot of valuable images on your site.
Websites are one of the easiest things to copy, particularly any written content and images, so
registration is particularly important.
Copyscape is a useful tool that will compare your web pages to others indexed by Google and
return any it finds with matching text.
Here are four things you can do to protect your property from
thieves online:
1. Include the copyright symbol on all pages of your website and your content like ebooks and PDF downloads. This will deter those who innocently think its ok to copy
your stuff without realising its an infringement.
2. Use Copyscape a duplicate content checker to search the internet for copies of your
web or blog pages. You pop your page address in the search box and it will scan the
web for copies. Note that it searches each page individually not a whole website.
3. If you have a WordPress site try a plug in called WP-Copyprotect. This locks your
blog so text and images cant be highlighted, copy and pasted. This works on the
assumption that anyone wanting to steal your blog post or text from your website will
be too lazy to re-type it out for themselves.
4. Protect your online products, photos and images using a Creative Commons license.
You can get one set up in seconds for free to protect ebooks, images and other
materials for that extra bit of security.
International treaties:
The Convention on Cybercrime, also known as the Budapest Convention on Cybercrime
or the Budapest Convention, is the first international treaty seeking to address Internet and
computer crime by harmonizing national laws, improving investigative techniques, and
increasing cooperation among nations. It was drawn up by the Council of Europe in
Strasbourg, France, with the active participation of the Council of Europe's observer states
Canada and Japan.
The Convention is the first international treaty on crimes committed via the Internet and other
computer networks, dealing particularly with infringements of copyright, computer-related
fraud, child pornography, hate crimes, and violations of network security.[6] It also contains a
series of powers and procedures such as the search of computer networks and lawful
interception.
Its main objective, set out in the preamble, is to pursue a common criminal policy aimed at
the protection of society against cybercrime, especially by adopting appropriate legislation
and fostering international cooperation.
The Convention and its Explanatory Report was adopted by the Committee of Ministers of
the Council of Europe at its 109th Session on 8 November 2001. It was opened for signature
in Budapest, on 23 November 2001 and it entered into force on 1 July 2004.As of October

56

2014, 44 states have ratified the convention, while a further nine states had signed the
convention but not ratified it.
On 1 March 2006 the Additional Protocol to the Convention on Cybercrime came into force.
Those States that have ratified the additional protocol are required to criminalize the
dissemination of racist and xenophobic material through computer systems, as well as threats
and insults motivated by racism or xenophobia.
Trademark issues in cyberspace:
A trademark is a word, name, symbol, device, or combination of, used by someone to identify
his product. Trademarks arise from 'use' and do not have to be registered to be considered
trademarked. There are good reasons to register a trademark though. One reason, like
copyrights, it establishes a public record. The second reason is that it needs to be registered in
order to file for trademark infringement. It also helps to establish trademark in other countries
and to stop imports of infringing foreign goods from entering the country. A trademark is
valid indefinitely, but if not maintained it can be lost and fall into public domain. For
instance, if a trademark becomes a common phrase, then it will be deemed lost and the
trademarked term considered common usage (Aspirin, Allen Wrench, Granola, and Yo-Yo are
just a few examples).
Trademark registration begins with the U.S. Patent and Trademark Office (P.T.O.).
Registering a trademark can take more than a year after the application is filed. There is an
extensive research involved to ensure that a similar trademark does not already exist.
Once the trademark goes through, the symbol identifies a trademark as registered with the
U.S. P.T.O. The proper way to write this is - " Registered in the U.S. Patent and Trademark
Office", or the abbreviation - "Reg. U.S. Pat. And Tm. Off." If it is not yet officially
registered with the P.T.O., the symbol should be used instead.
Trademarks are protected from infringement and also dilution. Infringement of a trademark
means that there is another that is too similar and it is confusing. Dilution of a mark would be
because the public has a strong association with the original trademark and the other would
take away from that association.
It is not considered infringement to make fun of a copyrighted or trademarked work as long
as it is apparent that it is not the original, but a parody. You cannot create a domain name
similar to another and make fun of it, because it would not be evident that it was a joke until
the user actually reached the website.
Trademarks should not be used in meta-tags (the hidden keyword tags on a web page), or in a
pay-per click ad campaign. There have been cases where this was considered infringement.
Domain name dispute:
Domain names are simply the addresses of the Internet. E-mail is sent and web pages are
found through the use of domain names. As an example, the web address for the Microsoft
web site is www.microsoft.com, while Bill Gates might have an e-mail address such as
bill@microsoft.com (both using the "microsoft.com" domain name). Without the domain

57

name, a computer would have no idea where to look for a web page, and e-mail routers
would not be able to send e-mail. Of course, domain names are more than just addresses,
since they can be selected by the "addressee" and are usually closely associated with a
particular service or product.
Because of the increasing popularity of the Internet, companies have realized that having a
domain name that is the same as their company name or the name of one of their products can
be an extremely valuable part of establishing an Internet presence. As explained above, a
company wishing to acquire a domain name must file an application with the appropriate
agency. Before doing so, a search is done to see if their desired domain name is already taken.
A good site for doing such a search is provided by Network Solutions. When a company finds
that the domain name corresponding to their corporate name or product trademark is owned
by someone else, the company can either choose a different name or fight to get the domain
name back from its current owners.
Some well publicized examples of these types of domain names disputes are:

candyland.com: Both Hasbro and an adult entertainment provider desired the

candyland.com domain name. Hasbro was too late to register the name itself, but it is
never too late to sue (well, almost never). The domain name is now safely in the
hands of Hasbro.

mcdonalds.com: This domain name was taken by an author from wired magazine who
was writing a story on the value of domain names. In his article, the author requested
that people contact him at ronald@mcdonalds.com with suggestions of what to do
with the domain name. In exchange for returning the domain name to McDonalds, the
author convinced the company to make a charitable contribution.

micros0ft.com: The company Zero Micro Software obtained a registration for

micros0ft.com (with a zero in place of the second 'o'), but the registration was
suspended after Microsoft filed a protest. When the domain name went abandoned for
non-payment of fees, the domain name was picked up by someone else: Vision
Enterprises of Roanoke, TX

mtv.com: The MTV domain name was originally taken by MTV video jockey Adam
Curry. Although MTV originally showed little interest in the domain name or the
Internet, when Adam Curry left MTV the company wanted to control the domain
name. After a federal court action was brought, the dispute settled out of court.

peta.org: An organization entitled "People Eating Tasty Animals" obtained the

peta.org domain name, much to the disgust of the better know People for the Ethical
Treatment of Animals. This domain name was suspended, but as of May 2000 the
domain name was still registered in the name of People Eating Tasty Animals.

roadrunner.com: When NSI threatened to suspend the roadrunner.com domain name

after a protest by Warner Brothers, the New Mexico Internet access provider who was
using the domain name filed suit to prevent the suspension. Although the access
provider was able to prevent the suspension, a joint venture company involving Time
Warner, MediaOne, Microsoft, Compaq, and Advance/Newhouse eventually obtained
the domain name.

58

taiwan.com: The mainland China news organization Xinhua was allowed to register
the domain name taiwan.com, much to the disgust of the government of Taiwan.

Cyber-squatting:
Cybersquatting (also known as domain squatting), according to the United States federal
law known as the Anticybersquatting Consumer Protection Act, is registering, trafficking in,
or using an Internet domain name with bad faith intent to profit from the goodwill of a
trademark belonging to someone else. The cybersquatter then offers to sell the domain to the
person or company who owns a trademark contained within the name at an inflated price.
The term is derived from "squatting", which is the act of occupying an abandoned or
unoccupied space or building that the squatter does not own, rent, or otherwise have
permission to use. Cybersquatting, however, is a bit different in that the domain names that
are being "squatted" are (sometimes but not always) being paid for through the registration
process by the cybersquatters. Cybersquatters usually ask for prices far greater than that at
which they purchased it. Some cybersquatters put up derogatory remarks about the person or
company the domain is meant to represent in an effort to encourage the subject to buy the
domain from them. Others post-paid links via advertising networks to the actual site that the
user likely wanted, thus monetizing their squatting.
Cybersquatters sometimes register variants of popular trademarked names, a practice known
as typosquatting.
Another strategy is as follows: Internet domain name registrations are for a fixed period of
time. If the owner of a domain name doesn't re-register the name with an internet registrar
prior to the domain's expiration date, then the domain name can be purchased by anybody
else after it expires.[1] At this point the registration is considered lapsed. A cybersquatter may
use automated software tools to register the lapsed name the instant it is lapsed. This strategy
is also known as renewal snatching, extension exaggeration, and alert angling.
To control this UDRP is formed.
Uniform dispute resolution policy:
The Uniform Domain Name Dispute Resolution Policy (UDRP) is a cost-effective and faster
alternative to a lawsuit, when there is a domain name dispute that needs to be resolved. This
was set up by the Internet Corporation for Assigned Names and Numbers (ICANN), the
group responsible for domain name registration.
The UDRP currently applies to all generic top level domains (.aero, .asia, .nyc, etc...),[1] some
country code top-level domains, and some legacy top level domains (.com, .net, .org, etc...) in
specific circumstances.
The UDRP was launched on 1 December 1999, and the first case determined under it by
WIPO was World Wrestling Federation Entertainment, Inc v. Michael Bosman, involving the
domain name worldwrestlingfederation.com.

59

When a registrant chooses a domain name, the registrant must "represent and warrant",
among other things, that registering the name "will not infringe upon or otherwise violate the
rights of any third party", and agree to participate in an arbitration-like proceeding should any
third party assert such a claim.
Critics claim that the UDRP process favours large corporations and that their decisions often
go beyond the rules and intent of the dispute resolution policy. A UDRP complaint may be
initiated at UDRP proceeding with an approved dispute resolution service provider. A victim
of cybersquatting may also file an InterNIC Registrar Problem Report regarding a
cybersquatter posing as a registrar.
Court systems can also be used to sort out claims of cybersquatting, but jurisdiction is often a
problem, as different courts have ruled that the proper location for a trial is that of the
plaintiff, the defendant, or the location of the server through which the name is registered.
Countries such as China and Russia do not view cybersquatting in the same way or degree
that US law does. People often choose the UDRP (Uniform Dispute Resolution Process)
created by ICANN because it is usually quicker and cheaper ($2,000 to $3,000 in costs and
fees vs. $10,000 or more) than going to court, but courts can and often do overrule UDRP
decisions.
Under UDRP policy, successful complainants can have the names deleted or transferred to
their ownership (which means paying regular renewal fees on all the names or risk their being
registered by someone else).
There is a great difference between the old NSI policy and the UDNDRP. The ICANN policy
forbids registration of the domain name if:
i. The domain name is identical or confusingly similar to another's mark.
ii. The entity registering the domain name has no legitimate right to it.
iii. The domain name was registered and used in bad faith.
Computer software and related IPR issues:
IPRs in the computer industry are affected by the following areas:
1. Contract/License
2. Copyright and Related Rights
3. Undisclosed Information (Trade Secret)
4. Patents
5. Trademarks
6. Layout - designs (Topographies) of Integrated Circuits

60

The first four have an impact on computer software. The fifth one (trademarks) and the sixth
one (layout-designs) are more relevant to the Internet and to computer hardware rather than to
the computer software.

'Contract/ license' is general law that governs conditions in any transactions. It is

equally applicable to the computer software.

'Copyright' lies in the description; it is the form of expression of ideas: this

expression may be by artistic, or dramatic, or literary, or musical work; it may be, by
films, pictures and sound recordings too. It is governed by the Copyright Act, 1957.

Undisclosed information/ trade secret is a secret. It must not be of public or

general knowledge in the trade. It may consist of any formula, pattern, device or
compilation of information which gives an advantage over competitors who do not
know or use it. It implies some novelty though not of the same degree as in the patent
law, as that does not possess novelty is usually known.

PROTECTION OF SOURCE CODE

Source code is a kind of description; a description of the computer program. If it is published
then it is a literary work within the Copyright Act and is so protected. If it is not published
then it is protected as a trade secret though only, the writer/ owner of the work has the
right/copyright to publish it.
In proprietary software, the source code is generally never published; it is secret: it is
protected as a trade secret.
PROTECTION OF OBJECT CODE
In India amending the Copyright Act in pursuance of TRIPS by two amending Acts namely
Act no. 38 of 1994 and Act no. 49 of 1999. The definition of the 'literary work' in section 2(o)
of the Copyright Act was amended to include computer programme as well as computer
database. The result is that not only the computer programme (subject code as well as object
code) but computer database is also protected as a copyright.
PATENTS
Patentability of computer software is controversial as well as debatable.
Patents can be granted for inventions. The word invention {section 2(1) (j) of the Patents
Act} read with the word inventive step {Section (1) (ga) of the Patents Act} means a new
product or process that is capable of industrial application. Invention must be novel and
useful. It should not be obvious to a person skilled in the art. It must be a significant advance
in the state of the art; it should not be an obvious change from what is already known.
Generally this is the global law but is being applied differently in different countries (see
Endnote-1, for relevant part of TRIPS).
There are intellectual property issues associated with four elements of a software program:
1. Program function - whether the algorithm is performed by the hardware or the
software,

61

2. External design - the conventions for communication between the program

and the user or other programs,
3. User interfaces - the interactions between the program and the user,
4. Program code - the implementation of the function and external design of the
program.
The scope of copyright protection for computer programs depends in part on the
interpretation of Section 102(b) of the Copyright Act. There are a number of existing views of
the application of existing law to user interfaces. One interpretation of the law is that user
interfaces are inherently functional and therefore not copyrightable subject matter. The other
view is that user interfaces may be protected by copyright because they could be thought to
fall under the compilations or audio-visual works. Another approach to protecting user
interfaces through copyright law is to consider the user interface as part of the program itself.
Databases are protected under copyright law as compilations. Under the copyright law, a
compilation is defined as a work formed by the collection and assembling of pre-existing
materials of data that are selected, coordinated, or arranged in such a way that the resulting
work as a whole constitutes an original work of authorship (17 USC Section 101).

Regards:Hard Rocker
IT BRANCH

ALL THE BEST