CLASSIFICATION OF CYBER CRIMES Crime is a social phenomenon. Crime is an act that is prohibited by law.

Cyber crime is the most latest and complicated problem in the cyber space. A generalized definition of cyber crime is unlawful acts wherein the computer is either a tool or target or both. Cyber crimes can be classified on various basis such as on the basis of: (a) subject of crime (b) against whom crime is committed and (c) on the basis of temporal nature of criminal activities being carried out on computers and Internet. The subject of cyber crime may be broadly classified under the following three groups: (i) Against individuals -It may be against individual persons or their property. Following are the crimes, which can be committed against Individual persons: a.Harassment via e-mails b.Cyber-stalking c.Dissemination of obscene material d.Defamation e.Unauthorized control/access over computer system f.Indecent exposure; g.Email spoofing h.Cheating and Fraud.

Following are the crimes which can be committed against individual property: a.Computer vandalism b.Transmitting virus c.Netrespass d.Unauthorized control/access over computer system e.Intellectual Property crimes f.Internet time thefts. (ii) Against organization -It may be against the Government, a firm, a company or a group of individuals. Following are the crimes against an organization: a.Unauthorized control/access over computer system b.Possession of unauthorized information c.Cyber terrorism against the government organization d.Distribution of pirated software. (iii) Against the society at large -Following are the crimes: a.Pornography (largely child pornography) b.Polluting the youth through indecent exposure c.Trafficking d.Financial crimes e.Sale of illegal articles f.Online gambling g.Forgery.

The above lists are not exhaustive. A Cyber crime includes traditional activities like theft, forgery and fraud whenever a computer is involved. In addition to these, crimes like cyber stalking, hacking, unauthorized access, denial-ofservice attack, malicious crime (including use of virus), E-mail bombing, Salami attacks, Data didling, Web jacking, Cyber Pornography etc. are the other cyber crimes which are popular, which have emerged due to increasing use of computers and Internet. A. On the basis of commission of traditional crimes, cyber crimes can be classified into following categories, viz., (i) Cyber Theft -In a cyber theft a person dishonestly moves something from a computer which belongs to another person without his permission. For eg., by breaking into the computer of a bank situated in some part of the globe and removing the money from one account and putting it in another account of the same bank or another bank. Here there is no physical act, which constitutes a theft. (ii) Cyber trespass -The information stored in the Internet might be protected using passwords. These passwords are the fences. Breaking a fence and entering into someone elses property is punishable. (iii) Cyber Violence -If the impact of the cyber activity of a person or group of persons have violent

effects upon another person or a social group or a country then it can be called as cyber violence. These types of activities may not have a direct physical impact, but the victim feels the impact. (iv) Cyber Obscenity14-This is the extension of the principles embodied in the sections 292 and 293 of the Indian Penal Code. Here the obscene materials are published in the Internet. Governments all over the world are now trying to find methods to regulate cyber crimes. These nations try to do it by either applying an Internet specific law or by extending the application of existing criminal laws. (v) Cyber forgery and fraud -Fake mark sheets, revenue stamps etc. can be made by using high quality scanners and printers. In October 1995, Economic offences Wing of Crime Branch, Mumbai seized 22,000 counterfeit share certificates of Eight reputed companies worth Rs. 34.47 crores. These certificates were prepared using desktop publication systems. The most familiar crime on Internet is fraud. There are so many areas in which this crime may manifest itself. Auction fraud is one such in which the seller posts and advertises about an item in an auction site. The buyer agrees to buy the item and forwards the money. But the seller fails to deliver the item to him owing to theft. Phishing is another scheme used to collect information from unsuspecting individuals in order to commit identity theft or those crimes that are associated with fake identity. eg. credit card fraud etc.

(vi) Intellectual Property Crimes -Intellectual property includes among other things trademarks, patents, designs and copyright. Intellectual property crimes naturally mean violation of laws regarding to these rights. They include online infringement of trademarks, copyright, theft of source code etc. B. On the basis of emergence of new crimes, cyber crimes can be classified into following categories viz. (i) Cyber stalking-Cyber-stalking is done using Internet messaging service or any other electronic means to stalk someone. Cyber-stalkers follow the victims online activities. They gather information, initiate contacts and make threats by following the victims online activities. Cyber-stalkers target victims by using bulletin boards, chat rooms, Spam and online forums. They post defamatory statements about their stalking targets on their web pages to make the victims react to it and thereby initiating contacts. Once the victim responds to this, the stalkers will trace the victims online activities. Cyber stalking situations can extend to physical stalking and the victim may experience abusive phone calls, threatening mails, obscene mails and physical assault. (ii) Cyber Pornography- This offence includes pornographic websites, pornographic magazines produced using computers and the channel used to transmit and download these materials. The first case of this type of offence is that a student of Air Force Balbharati School, New Delhi, created a

website and dedicated to the school. The website contained text materials with explicit sexual details about girls and teachers of the school. They were classified on the basis of their sexual preferences. This when realized by one of the girls, her father registered a case under the section 67 of the IT Act, 2000 with Delhi Police Cyber Crime Cell. The police arrested the student and he was kept at Timarpur (Delhi) juvenile home and the juvenile home granted him bail after one week. (iii) Unauthorized access- Access control refers to restring the entrance to a property, or a room of an authorized person. Access control by mechanical means can be achieved by using keys and card access system. Therefore, unauthorized access means any kind of access without permission of the authorized owner or the person in charge of a computer, computer system or computer network. So switching on a computer system without the permission of the person in charge of a computer system would also be an unauthorized access. Common techniques used for unauthorized access are: Packet sniffing, tempest attack, password cracking and buffer overflow. Packet Sniffing-This is a technology used by crackers and forensic experts. Sniffing is done on the basis of data transmission. The data is transmitted in the form of packets called datagrams on the network. These packets are of varying sizes depending on the network bandwidth. Each packet has a header and the header contains information about the source, destination, protocol,

size of the packet, total number of packets and unique number of the packet. Data carried is in an encrypted format. When the data is transmitted the packets travel through a number of layers of the OSI model. The network layer in the OSI model is responsible for preparing the packets for transmission. The hackers attack at this level. Suppose if A and B are engaged in transmission and C wants to intercept the transmission, C would intercept the data packets and translate them back from cipher mode of data to the actual data. For this C use the technology called Packet Sniffing. For using this technology one should know the IP address of either parties involved in the communication. Sniffers are then applied to the network layer of the victim IP address. Sniffer is invisible for anyone on either side of the network. It only screens the data packets, copies the encrypted data and then translates the encrypted data into original form for the adversary. Sniffer attaches itself to the network devices like the modem or the Network Interface Card (NIC) that is used by the victim computer to send and receive data. The most famous sniffers are ADMsniff-v08, AntiSniff-101, anti_sniff_researchv1-1-2, Spynet etc. Tempest attack-It is the ability to monitor the electromagnetic emissions from the computer for reconstructing the data. This allows remote monitoring of network cables or remotely viewing monitors. TEMPEST is the abbreviation of Transient Electromagnetic Pulse Emanation

Standard. Any object which is appropriately equipped placed near the target can pick up all the keystrokes and messages displayed on the computer monitor. By properly shielding computer equipment and network cabling, one can be overcome TEMPEST attacks. Password cracking-A password is used by a user for authentication. The user must know the password in order to gain access. It is a secret consisting of multiple words. For every access, password information is checked. To crack a password means to bypass a protection scheme or to decrypt a password. In UNIX operating system, the passwords were stored in a file. This file is readable, but the passwords were encrypted in such a manner that a person can test whether a password is valid or not? But decryption is impossible. A program crack was used to test all the words in the dictionary against the passwords in the file. This will find out all the users whose passwords were chosen from the dictionary. Password crackers uses this to guess passwords. Another form of password cracking attack is brute force attack. This method is more time consuming than the other. In this method, all possible combinations of letters, numbers and symbols are tried out one by one till the password is found. Buffer overflow-This is the most common way of breaking into a computer. It is also known as buffer overrun, input overflow or unchecked buffer overflow. This method involves giving input

excessive data into a computer. The excess data overflows into the other areas of the computer memory. This will allow the hacker to insert executable code along with the input, enabling the hacker to break into the computer. (iv) Hacking -One of the most popular cyber crime is hacking. The reality is that no computer system in the world is secure from the threat of hacking. Any and every system in the world can be hacked. Under Section 66 of IT Act Hacking is defined as Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking. Hacker is described as any amateur computer programmer18 who discovered ways to make software run more efficiently. The term hacker describes anyone who writes computer programmes, modifies computer hardware, with computers or electronic devices for fun and often can be considered as expert on the subject. Hackers will hack the problem until they get the solution. The recent definition of a hacker is that the one who maliciously breaks into computer networks with the intent to steal data or tamper files. This is considered to be a crime. The some of the essential ingredients of hacking are the intention to cause wrongful loss or damage to any person, knowledge that wrongful loss or damage will be caused to any person due to this act, the information residing in

the computer resource must be destroyed or deleted or altered or diminished in value or utility or are affected injuriously. (v) Denial of Service Attack -This is a type of cyber crime which is initiated by sending excessive demands to a victims computer, exceeding the limit that the servers can handle and thereby making the servers crash. Flooding a computer resource with more request than it can handle, will cause the resource to crash thereby denying authorized users the service offered by the resources. It is very difficult to control such attacks. The major examples of denial-of service attacks are those which brought down websites like CNN, Yahoo Amazon etc. (vi) Virus and Worms Attacks -Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. Viruses affect the data on the computer by deleting or altering it whereas Worms do not need the host to attach themselves to. Worms make functional copies of themselves and do this repeatedly till they acquire all the available space on a computers memory. VBS_LOVELETTER also known as Love Bug or the I LOVE YOU virus utilized the addresses in Microsoft Outlook and e-mailed itself to those addresses. The e-mail which was sent out had "ILOVEYOU" in its subject line. The attachment file was named "LOVE-LETTER-FOR-YOU. TXT.vbs". People who opened the e-mail attachment were conquered by the subject line and those who had some knowledge of viruses, did not notice the tiny

.vbs extension and believed the file to be a text file. The message in the e-mail was "kindly check the attached LOVELETTER coming from me". VBS_LOVELETTER first selects certain files and then inserts its own code instead of the original data contained in the file. This way it creates everincreasing versions of itself. (vii) Email Spoofing -An email is said to be spoofed if that appears to originate from one source but actually has been sent from another source. It can cause many damage to a persons reputation and can also put them in troubles. (viii) Logic Bombs -Logic bombs are event dependent programs. They are used to do something only when a particular event occurs. Some of the viruses also may be termed as logic bombs because they work only on a particular date. (ix) Salami Attacks -This type of attacks are mainly seen in the financial area. This attack makes so small alterations so that it would go completely unnoticed. E.g. the Ziegler case wherein a logic bomb was introduced in the banks system, which deducted 10 cents from every account and deposited it in a particular account. In this case, the man first created a logic bomb into the banks system. Logic bombs are programmes that will get activated only at the occurrence of an event. Logic bomb was programmed to take ten cents from all the accounts in the bank and put them into the account of the person with name Ziegler. The amount withdrawn from each of the accounts in the bank was so small that neither of the account

holders nor the bank officials noticed the fault. This was brought to the notice of the bank when a person by name Zygler opened his account in that bank and so large amount of money transferred to his account every Saturday. Bank authorities revealed the entire scheme. (x) Data Diddling -This type of attack involves altering raw data just before a computer processes it and then changing it back after the processing is completed. Electricity Boards in India have been victims to data diddling programs inserted when private parties were computerizing their systems. (xi) Email Bombing -Email bombing involves sending a large number of e-mails to the victim resulting in the victims email account (in case of an individual) or mail servers (in case of a company or an email service provider) crashing. Eg: is the case of a foreigner who had been residing in Simla for thirty years and wanted to avail a scheme introduced by the Simla Housing Board to buy land at lower rates. He made an application, but it was rejected on the ground that the scheme was available only for citizens of India. This made him angry enough to sent thousands of mails to the Simla Housing Board and repeatedly kept sending e-mails till their server crashed. (xii) Trojan Attacks -This term has its origin in the word Trojan horse. In software field, this means an unauthorized programme, which passively gains control over anothers system by representing itself as an authorised programme. The most common form of installing a Trojan is through e-mail. E.g. a

Trojan was installed in the computer of a film director in the U.S. while chatting. The cyber criminal, through the web cam installed in the computer, obtained her nude photographs and started harassing the lady director. (xiii) Web Jacking -This term is derived from hi jacking. This occurs when someone forcefully takes the control of a website. In these types of offences the hacker gains access and control over the other website by bypassing the password. The hacker may even change the information on the site. The actual owner of the site does not have any control over the information on the site. A case of web jacking is the gold fish case. In this case the site was hacked and the information pertaining to gold fish was changed. Further a ransom of US $ 1 million was demanded as ransom. Thus, web jacking is a process whereby control over the site of another is made backed by some consideration for it. (ixv) Cyber Terrorism -Both cyber crime and cyber terrorism are criminal acts. But cyber crime is different from cyber terrorism in many aspects. Cyber crime is a domestic issue, which may sometimes have some international consequences whereas cyber terrorism is certainly of a global concern. It includes both domestic as well as international consequences. The terrorist attacks on the Internet are by hate e-mails, denial-of-service attacks, attacks on sensitive computer networks etc. The recent example are of Osama Bin Laden, the LTTE, attack on Americas army development

system during Iraq war etc. Cyber terrorism can be defined to be the premeditated use of disruptive activities, or the threat thereof, in cyber space, with the intention to further social ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives. Another definition may be attempted to cover every act of cyber terrorism. A terrorist means a person who indulges in wanton killing of persons or in violence or in disruption of services or means of communications essential to the community or in damaging property with the view to-putting the public or any section of the public in fear or, affecting adversely the harmony between different religious, racial, lingual or regional groups or castes or communities or ;coercing or overawing the government established by law or; endangering the sovereignty and integrity of the nation and a cyber terrorist is the person who uses the computer system as a means or ends to achieve the above objectives. Every act done in pursuance thereof is an act of cyber terrorism. (xv) Computer Vandalism -This involves destroying or damaging the property of another. Computer vandalism include any kind of physical harm done to the computer of any person. These acts may take the form of the theft of a computer, some part of a computer or a peripheral attached to the computer or by physically damaging a computer or its peripherals.

CYBER WORLD: AN OVERVIEW This paper provides an overview of cyber world with reference toThe Internet and online resources Security of Information Digital Signature UNDERSTANDING THE SCOPE OF COMPUTERS IN OUR DAILY LIFE There is no doubt, that in todays world, computer are used everywhere, when we mean everywhere, it could be your local shopping center, computer center, be it your railway reservations, airlines reservation, micro-wave ovens, even your phones. Institutions like banks, not only ease the use of banks, but also give us flexibility to bank from virtually anywhere. With a swipe from your plastic money (Debit/Credit Cards), it fetches balance information from your banks account and there you go, you just purchased the commodity without even bothering, how many gadgets, complex security codes went through and did helped you to purchase.

BASIC/ FUNDAMENTAL PRINCIPLE OF COMPUTER When they (electronic gadgets) receive an input, they definitely give an output after some calculations, whether we realize or not. Eg: Our Caller Id Telephone in Fixed Line, not only tells the number but it is also able to tell the name of the person. It stores and recalls, whenever the bell rings, it knows what to be displayed on screen of your telephone.

THE E- ZONE There could be numerous such examples where our life has been attached with e. Be it mail that got converted to e-mail, your banking became ebanking, commerce became e-commerce, and so on. This e- stands for Electronics. Now that makes better sense, Electronic mail called as E-Mail. Electronic Banking called as E-Banking etc. Similarly, when we speak of Cyber, it is a prefix, derived from cybernetics (a Greek word meaning "the art of steering"), used to describe the entire range of things made available through the use of a computer. Earlier it was used in fiction stories, but now its commonly used. For example: cyber-phobia is an irrational fear of computers, cyberspace is the virtual (nonphysical) space created by computer systems. But when we talk about some terms like cyberspace in terms of our scope, we combine not only the humans, computers (hardware and/or software), but also to the extent that one (computer) is almost capable to do that. Mostly, this term is associated with science fiction, as simply as a computer is not capable of thinking.

WHERE DID THE COMPUTER COME FROM? As we say, necessity is the mother of invention and un-fortunately, the computers are invention of Cold Wars. In beginning, they are humongous, very large in size, would cover a size of a football ground, and may be bigger. But as computers can be trusted more than humans if we give a repeated task, it definitely supersedes humans in certain area. As a matter of fact, they instate discipline in work. One has to follow certain guidelines to attain a job done from computers. Let us take a small example, when banking was done manually, Customers could have a personal touch on the banker, but since computers are in place, it would work at same speed even if its a new customer, or his relative. Im sure, flight bookings and their management couldnt have been better as we have the facility to book, tickets, get best fares. This facility is not only extended to our computers at home, but also extended to our mobile phones which is always in network. Moreover, the art of communication, which helps in transfer of information /data from any place to any place. Gone are the days when one had to make a school projects, business presentations, now-adays, one can search projects, themes and then continue to add wings to ones concept.

CYBER LAWS: A NEW BEGINNING As discussed above, cyberspace is an emerging digital medium and requires a set of laws to regulate human behaviour in the cyberspace. The body of such laws can be referred to as cyber laws. It is obligatory to note that the basic objective of cyber laws is to regulate human behaviour and not technology. Cyber laws are technology intensive laws, advocating the use but not the misuse of technology. The idea is to articulate that the rule of law exists in cyberspace. Cyberspace requires cyber law. It would be a misnomer to suggest that cyber laws are meant to check the human behaviour in cyberspace only. Any physical act, which gets translated into violation of any right of a person in digital medium (cyberspace), would be treated as cyberspace violations. Let us not forget that it is the technology platform and its application, which separates cyberspace from physical world. For example, A, a person with a criminal intent uses computer or computer network to defraud another person, B then in such a case A could be punished under cyber law provisions. It was his actions in the physical world, which got manifested in the cyberspace. Cyber law encompasses a wide variety of legal issues related to the use of communication technology. It addresses issues of cyber space and covers the rights and responsibilities of Netizens who are the citizens of Cyber Space. Cyber law

includes legal issues that affect persons and institutions who control the entry to cyber space, provide access to cyber space, create hardware and software which enable people to access cyber space or to use their own devices to enter cyber space. Absence of physical boundaries in cyberspace may lead to a situation where the basis of morality and culture will be shaken in society. The morals of a society could vary from the morals of another society. The Internet being a global communication media can encroach upon the morality of a society. With the advent of Internet people can view and download obscene materials irrespective of their age. Even if the true address of the host website is known, an Indian court cannot punish the offenders who are in a foreign country. The publication of obscene material may not be an offence in the country where the server of the host website is situated. The fact that the criterion for punishment differs from countries to countries adds to this problem. For eg., in USA, the obscenity test is based on the contemporary community standards of the nation. There is no barrier to publish any material, which matches their contemporary community standards. There are currently two main statutes, which govern online criminal liabilitythe classic Indian Penal Code, 1860 and the Information Technology (IT) Act,2000. The main objective of this Act is to regulate and control affairs of cyber world in an effective manner. IT Act deals with various crimes

in chapter IX and XI. In the coming part of this work, let us explore the various provisions of IT Act that is capable of dealing with the various types of cyber crimes.

DEFINING CYBER LAW The word cyber law encompasses all the cases, statutes and constitutional provisions that affect persons and institutions who control the entry to cyberspace, provide access to cyberspace, create the hardware and software which enable people to access cyberspace or use their own devices to go online and enter cyberspace. If one examines the aforesaid definition, basic concept of cyber laws evolves around the phrase: access to cyberspace. How one can access cyberspace? The requirement from the point of user is: (a) a computer system with a modem facility, a telephone line and an Internet hours usage pack from a network service provider; or (b) a computer system with a modem facility and a broadband connection from a network service provider. Without such basic hardware and software tools, one cannot access cyberspace. Public and private institutions in the form of Government(s), hardware manufacturers and software application providers act as a gatekeepers of cyberspace. Access is granted to those, who have got the necessary tools to access cyberspace. With a click of a mouse or punching keystrokes, gates of cyberspace are opened for the users. It is just a click-of a- mouse that separates an individual from physical space to cyberspace. Any illegal, wrongful or dishonest act committed in cyberspace would be covered under

the cyber law provisions. Let us take an example of a person, X. By click of a mouse, he moves to a website based in New York and purchases goods; again by a click of a mouse, he moves to a website based in Hong Kong and purchases goods; and once again by a click of a mouse, he moves to a website based in Paris. Suppose X has used a forged global credit card to make purchases in New York, Hong Kong and Paris. Did X commit an offence? Yes, he did, but this would fall under the category of cyber fraud, rather than a case of a physical fraud and X would be tried under the cyber criminal provisions. The effectiveness of cyber law comes from the fact that it legally binds actions of any individual using computer, computer system or computer networks.

CYBER LAW IN INDIA The flourishing synergy arising between organized crimes and the Internet has increased the insecurity of the digital world. In the following segment, my attempt would be to evaluate the existing laws in India to prevent cyber crimes. There are two main statutes that govern the online criminal liabilities are the Indian Penal Code, 1860 and the Information Technology (IT) Act, 2000. The IT Act, was passed and enforced on 17th May 2000. Its objective was to legalize ecommerce and it further amends the Indian Penal code 1860, Indian Evidence Act 1872, the Bankers Book Evidence Act 1891, and the Reserve Bank of India Act 1934. The aim behind this is to make these Acts compatible with the Act of 2000 so that, they may control the affairs of the cyber world in an effective manner.

WHAT CYBER LAWS MIGHT TEACH? The purpose of studying cyber laws is crucial from todays perspective, as technology has become part of our everyday existence. Study of cyber laws would provide:

SENSE OF SECURITY The study of cyber law provides a sense of security to the learner. It brings in a level of confidence in the sense that it would make the learner knowledgeable about what are his rights in cyberspace and would become aware of what constitutes a wrongful behaviour. Further, he would become aware of the legal remedies available to him in case of violation of his rights in cyberspace. It would help the learner to appreciate technology as a law abiding citizen.

GLOBAL RECOGNITION Cyber law is a common usage term in the legal parlance. It includes legislations such as: Information Technology law, Computer law, Internet law, E-commerce law, E-transactions law, Digital signature law, Electronic Signature law etc. Irrespective of the nationality of cyber law legislation(s) presently available in the world, the fact is that all such legislations are based on mother law, i.e., The United Nations Commission on International Trade Law (UNCITRAL) Model Law on E-commerce, 1996. It makes Cyber law 24 education scalable, globally. In other words, knowledge of cyber laws of one country would help in understanding similar laws elsewhere.

VALUE ADDITION To a learner, knowledge of cyber laws would be a value addition, irrespective of his professional qualifications and would certainly help the learner to move up on the value chain. Cyber law education does not call for any specialized knowledge either in law or technology. It is a valuable resource to meet challenges and explore opportunities in the global village. Learning about cyber laws is an opportunity to be in sync with the present day world. Many believe that cyberspace simply cannot be regulated. They argue that behaviour in cyberspace, is beyond governments reach. The anonymity and multijurisdictionality of cyberspace makes control by government in cyberspace impossible. This belief about cyberspace is wrong. It is wrong to assume that its architecture cannot be changed or that government cannot take steps to change this architecture.

INTERNATIONAL INSTRUMENTS RELATING TO CYBER CRIMES A EUROPEN CONVENTION ON CYBER CRIMES The European Convention on Cyber Crime came into force in June 2001 to address the urgent need to pursue a common criminal policy against cybercrimes. The Council of Europe, along with the U.S., Canada and Japan signed a Convention on Cyber crime. The Convention has three aims: to harmonize substantive law; to align procedural laws and to implement an effective system of international co-operation. It is the first international treaty on crimes committed via the Internet and other computer networks. However, the main focus of the Convention is to deal with infringements of copyright, computer-related fraud, child pornography and violations of network security. The Convention tends to deal with these problems by providing for a common perception on cyber crime, authentication of cyber crime acts, jurisdiction and international cooperation in dealing with it. The Convention contains four chapters. First chapter dealing with definitions whereas second chapter specifies the measures that are to be taken by the signing nations. The third chapter makes it mandatory for the nations to cooperate with each other to deal effectively with the cyber crime. The fourth chapter provides for signature by the parties to the Convention.

In chapter 1, the Convention defines the terms such as Computer System, Computer data, Service provider and Traffic data. The chapter 2 deals with the measures to be taken at the National Level. The measures relates to Substantive Criminal Law, Procedural Law and Jurisdiction. The first section of chapter II deals with measures relating to substantive criminal law is divided into 5 titles. The Titles 1 deals with Offences against the confidentiality, integrity and availability of computer data and systems, contained in articles 2 to 6. This makes it mandatory for the state parties to the Convention to recognizes following as offences under domestic law: i. unauthorised intentional access to a computer system, ii. unauthorised intentional interception, made by technical means, of nonpublic transmissions of computer data to, from or within a computer system, iii. intentional damaging, deletion, deterioration, alteration or suppression of computer data without right. iv. intentional and unauthorised serious hindering of the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data, v. intentional and unauthorised production, sale, procurement for use, import, distribution or otherwise making available of a device, including a computer program, designed or adapted primarily

for the purpose of committing any of the offences mentioned in (i) to (iv) above, vi. intentional and unauthorised production, sale, procurement for use, import, distribution or otherwise making available of a computer password, access code, or similar data by which the whole or any part of a computer system is capable of being accessed with intent that it be used for the purpose of committing any of the offences mentioned in (i) to (iv) above, vii. the possession of an item referred to in paragraphs (v) and (vi) above, with intent that it be used for the purpose of committing any of the offences mentioned in (i) to (iv) above. Title 2 relates to Computer-related offences and contains articles 7 and 8. These articles stipulate that each country shall establish the following as offences under domestic law: i. intentionally and unauthorizedly modifying or destroying data in any manner so as to fabricate false evidence, ii. intentionally and unauthorizedly causing loss of property to another by any interference with the functioning of a computer system, or with fraudulent or dishonest intent of procuring, without right, an economic benefit for oneself or for another. Title 3 relates to Content-related Offences and contains articles 9. This article stipulates that each party shall establish child pornography, promoted and procured in any manner, as offences under domestic law if done intentionally and unauthorizedly.

"Child pornography" includes pornographic material that visually depicts: a. a minor(The term "minor" includes all persons less than 18 years of age. The domestic law may, however, require a lower age-limit, which shall be not less than 16 years.) engaged in sexually explicit conduct; b. a person appearing to be a minor engaged in sexually explicit conduct; c. realistic images representing a minor engaged in sexually explicit conduct. Title 4 relates to Offences Related to Infringements of Copyright and Related Rights and contains article 10.This article stipulates that a Convention Country shall establish proper legal framework for addressing infringement of copyright and related rights. Title 5 relates to Ancillary Liability and Sanctions and contains articles 11 to 13 about abetment and attempt to commit offences and corporate liability (Four conditions need to be met for liability to attach: (1) one of the offences described in the Convention must have been committed, (2) the offence must 5 have been committed for the benefit of the legal person, (3) a natural person who has a high position in the organization must have committed the offence, (4) the person who has a leading position must have acted on a power of representation or an authority to take decisions or to exercise control) .

Section 2 of chapter II dealing with Procedural law again is divided into five titles. Title 1 relates to Common provisions, contained in articles 14 and 15, which confer obligations upon a convention country to establish the powers and procedures for the purpose of "specific criminal investigations or proceedings". The state parties are also under obligation to balance the requirements of law enforcement with the protection of human rights and liberties while exercising those powers. Title 2 relates to Expedited preservation of stored computer data, contained in articles 16 and 17. The articles require each party to enact laws to preserve computer data, which is particularly vulnerable to loss or modification. The state party is required to enact suitable laws in respect of traffic data that is to be preserved under article 16. Such laws should ensure the expeditious preservation of traffic data regardless of whether one or more service providers were involved in the transmission of that communication. And also ensure the expeditious disclosure to the Partys competent authority or a person designated by that authority, of a sufficient amount of traffic data to enable the Party to identify the service providers and the path through which the communication was transmitted. Title 3 relates to production order under article 18 whereas Title 4 relates to Search and Seizure of Stored Computer Data contained in article 19 under which a convention country is required to

empower its competent authorities to search or access a computer system and computer-data storage medium in which computer data may be stored in its territory. The power must extend to data in other computer systems in the territory provided that it is lawfully accessible from or available to the initial system. The domestic law must empower the seizure and copying of the accessed computer data and also empower the ordering of knowledgeable persons to give suitable assistance. Title 5 relates to Real-time Collection of Computer Data contained in articles 20 and 21 requiring a convention country to enact legislation to compel a service provider to collect, record or co-operate and assist competent authorities in the collection or recording of traffic data or content data, in real-time, associated with specified communications in its territory transmitted by means of a computer system. It is, however, optional for the domestic law to ensure the real-time collection or recording of traffic data associated with specified communications in its territory. Last section 3 of Chapter II deals with Jurisdiction, contained in article 22, which requires each party to enact legislation to establish jurisdiction over any offence established in accordance with articles 2 11 of this Convention, when the offence is committed: in its territory; or on board a ship flying the flag of that Party; or on board an aircraft registered under the laws of that

Party; or by one of its nationals, if the offence is punishable under criminal law where it was committed or if the offence is committed outside the territorial jurisdiction of any State. Chapter III dealing with International Cooperation is divided into two sections comprising of general principles and certain specific principles of international cooperation. Section 1 dealing with General Principles is spread over in four titles of which Title 1 General Principles Relating to International Co-operation consisted of article 23 mandates that the parties shall co-operate with each other, in accordance with: i. the provisions of this chapter, ii. through application of relevant international instruments on international co-operation in criminal matters, iii. arrangements agreed on the basis of uniform or reciprocal legislation, and iv. domestic laws Title 2 is entitled Principles Relating to Extradition consisted of article 24. It makes it obligatory for the state parties to include the offence created in this Convention in their extradition treaties. They are required to declare these offences as extraditable provided that they are punishable under the laws of both parties concerned by deprivation of liberty for a maximum period of at least one year, or by a more severe penalty. The Convention permits that the extradition shall be subject to the conditions provided for by the law of the requested party or by

applicable extradition treaties, including the grounds on which the requested party may refuse extradition. Title 3 is entitled General Principles Relating to Mutual Assistance and consists of articles 25 and 26 require the parties to assist each other for investigation and enact laws to carry out obligations set forth in articles 27 35. Title 4 is titled Procedures pertaining to mutual assistance requests in the absence of applicable international agreements and consists of articles 27 and 28. These articles apply where there is no mutual assistance treaty or arrangement on the basis of uniform or reciprocal legislation in force between the requesting and requested parties. Section 2 of Chapter III lays down Specific Provisions for cooperation. This section is spread over to four titles. Title 1 is entitled Mutual assistance regarding provisional measures and consists of article 29 and 30 allows Parties to request another Party to order or otherwise obtain the expeditious preservation of electronic data, in respect of which the requesting Party intends to submit a request for mutual assistance with respect to the search or similar access, seizure or similar securing, or disclosure of the data. For the purposes of responding to a request, dual criminality shall not be required as a condition to providing such preservation (A Party that requires dual criminality as a condition for responding to such a request may reserve the right

to refuse the request for preservation under this article in cases where it has reason to believe that at the time of disclosure the condition of dual criminality cannot be fulfilled. Title 2 is entitled Mutual Assistance Regarding Investigative Powers and contains articles 31 to 34 providing that a party may request another party to search or similarly access, seize or similarly secure, and disclose data stored by means of a computer system located within the territory of the requested party, including data that has been preserved pursuant to article 29. Title 3 is entitled 24/7 Network and contains article 35. This article requires each party to designate a point of contact available on a 24 hour, 7-day per week basis providing immediate assistance (Such assistance includes facilitating, or, if permitted by its domestic law and practice, directly carrying out: (a) provision of technical advice; (b) preservation of data pursuant to articles 29 and 30; and (c) collection of evidence, giving of legal information, and locating of suspects.) for: (i). investigations or proceedings concerning criminal offences related to computer systems and data, and (ii). the collection of evidence in electronic form of a criminal offence. A partys point of contact is required to have the capacity to carry out communications with the point of contact of another party on an expedited basis.

If the point of contact designated by a party is not part of that partys authority or authorities responsible for international mutual assistance or extradition, the point of contact shall ensure that it is able to co-ordinate with such authority or authorities on an expedited basis. Each party shall ensure that trained and equipped personnel are available in order to facilitate the operation of the network. Chapter IV Signature and Entry into force talks about the signature and mode of bringing the Convention into force.

AMENDMENTS OF VARIOUS ACTS Indian Penal Code provided for offences relating to documents. Section 91 of the Act has amended those provisions in order include even offences relating to electronic records. Accordingly, the definition of the expression electronic record was inserted under section 29A. Other provisions amended are sections 167, 172, 173, 175, 192, 204, 463, 464, 466, 468, 469, 476, and 477A [Schedule I of the Act]. Section 92 of the Act provides for the amendment of Indian Evidence Act, 1872 in order to take care of admissibility of electronic records along with paper based documents in the courts. Important provisions amended are sections 3, 22, 34, 35, 131. And sections 47A, 59, 65A and 65B, 67A, 73A, 81A, 85A, 85B, 85C, 88A, 90A were inserted [Schedule II of the Act]. The Act has also amended the Bankers Book Evidence Act, 1891 [Section 93 read with Schedule III of the Act], and the Reserve Bank of India Act, 1934 [Section 94 read with Schedule IV of the Act] in order to provide for maintenance of bankers book in electronic forms and facilitate fund transfer through electronic means. In addition, special provisions have been made under the Act to give overriding effect to it and to protect the actions taken in good faith. Presiding Officer and other officers and employees of the

CRAT, and Controller, Deputy Controller and Assistant Controller are considered as public servants within the meaning of section 21 of the Indian Penal Code, 1860. Thus, the IT Act, as whole, mainly provides legal framework for the promotion of E-governance and E-commerce in the country. Provisions have also been made to prohibit and punish computer related offences and matters incidental thereto.

BIBLIOGRAPHY 1. Age of Cyber Crime, Handbook of Cyber Law, Macmillan India Ltd, 2000, Pg 126- 145. 2. Beware! Sexual Abuse Gets Virtual, Suhit Kelkar, Times News Network , Monday, Aug. 30, 2004. 3. Computer Crime and Abuses Report (India) 2002-02, Asian School of Cyber Laws, March 1, 2003. 4. Computer Security , Crime and Ethic, Computer Today , P. 1298-1309.