Workshop on Information Security & Cyber laws
Agenda Introduction about “S & N” What is need of Information Security? Introduction to Cyber Crime & Cyber Law Types of various Cyber Crime along with IT act 2000 (amended 2008) Precaution & Prevention while working on digital world. How to approach law enforcement agencies? Question & Answer Session
INTRODUCTION
THE LAW FIRM Abhay Nevagi & Associates Inception: From Kolhapur Expansion: Pune & Mumbai, Supreme Court Team comprises of 30 advocates with addition of senior members Areas of Practice: Apart from general litigation/non-litigation, niche areas Electricity laws, Banking laws, Media laws, Due Diligence, FEMA, Corporate litigation, CYBER LAWS
THE NEED FOR TECHNICAL KNOW-HOW The Firm started handling cases under cyber laws. Lack of understanding of new law and absence of qualified technical personnel Lack of knowledge across; Complainant/Accused/Investigation/Prosecut-ion/Defence To bridge this gap: Stickman & Nevagi Cyber Forensic Investigation Services Pvt. Ltd. was founded
Stickman & Nevagi Cyber Forensic Investigation Services Pvt.Ltd S & N is one of the first companies in India combining Technical expertise of Stickman Consulting, Australia & legal acumen of Abhay Nevagi & Associates in the field of Information Security.
Object of any law - to regulate human conduct, or to deal with a mischief.
CYBER LAWS [ 1. Legal recognition for transactions carried out by means of Electronic Data Interchange and other means of Electronic Communication - E-Commerce. 2. Use of Alternatives to paper based methods of communication and storage of communication, to facilitate Electronic Filing of Documents with the Government Agency - E-Governance.
The Information Technology Act, 2000 is based on the model law on electronic commerce adopted by the United Nations Covenant on International Trade Law (UNICITRAL). Information and Knowledge is power.
As internet reach accelerates vulnerability to cyber threats rise Technical , Legal, Security and Political Issues created Boundary between public and private blurred Cyber War – sabotage – operations of government and industries ,espionage of commertial data knowledge and subversions using social media All by some one sitting in front of blue screen
1969 : pivotal year – man sent on moon and Arpanet was born – a professor in one American University sent a message from his computer massage ushering information revolution through internet Internet – cheaper faster and no boundaries Tim Lee invented World Wide Web Today almost 3rd of humanity is online
I.T. governs all aspects of our daily life positive effects as well as negative sides
The I.T. Amendment Act 2008 Aims at protection of personal data and information , and implementation of security practices The Amendment deals with new forms of crime like publishing sexually explicit materials in electronic form ,video voyeurism and breach of confidentiality and leakage of data by intermediary ,e commerce frauds like personation known as phishing ,identity theft and offensive messages through communication services
It should be kept in mind that the provisions of the Cyber Law should not be made so stringent that it may retard the growth of the industry and prove to be counter productive.
LAW, SCIENCE AND TECHNOLOGY INTERACTION
No writing, signature, registration yet acceptance of electronic documents. Recognition to the electronic record - Potential of reduction of corruption in Govt. and public sector.
TYPES OF ELECTRONIC COMMERCE - Business to Consumer - Business to Business - Consumer to Consumer - Consumer to Business
ADVANTAGES OF CYBER LAWS 1. Legal frame work for E-Commerce and E-Governance. 2. Validity to E-mails. 3. Validity to Digital Signatures 4. Opportunity to Companies to be Certifying Authorities for issuing Digital Signatures. 5. Government can issue Notifications, Acts, Rules etc. on web. 6. Addresses important issues of Security.
CYBER CRIME - Motive behind the crime. - Greed - Publicity - Revenge - Adventure - Desire to access forbidden information - Destructive Mind Set - Wants to sale n/w security services
DISTINCT FEATURES OF CYBER CRIMES 1. One against Millions. 2. Global Crime 3. Sans Mobility 4. Richest Crime 5. Computer as a Instrument of Crime. 6. Technology Driven 7. Counter Product of information and communication technologies 8. Transcends Geographical boundries 9. Singapore allows Electronic Divorce.
PREVENTION OF CYBER CRIME 1. To prevent cyber staking avoid disclosing any information pertaining to oneself. This is as good as disclosing your identity to strangers in public place. 2. Always avoid sending any photograph online particularly to strangers an chat friends as there have been incidents of misuse of the photographs. 3. Always use latest and up date anti virus software to guard against virus attacks. 4. Always keep back up volumes so that one may not suffer data loss in case of virus contamination.
5. Never send your credit card number to any site that is not secured, to guard against frauds. 6. Always keep a watch on the sites that your children are accessing to prevent any kind of harassment or depravation in children. 7. It is better to use a security programme that gives control over the cookies and send information back to the site as leaving the cookies unguarded might prove fatal. 8. Web site owners should watch traffic and check any irregularity on the side. Putting host-based intrusion detection devices on servers may do this. 9. Use of firewalls may be beneficial. 10. Web servers running public sites must be physically separate protected from internal corporate network.
The Information Technology Act, 2000 - Applicability to offence or contravention committed outside India (borderless world) - Recognition of Digital Signatures and Electronic Records and Electronic filing of documents (E-Governance & E-Commerce) - Creation of Authorities - Offences and Penalties upto One Crore Rupees - Amendments to the Indian Penal Code, Indian Evidence, Act, Banker's Books Evidence Act, Reserve Bank of India Act - Web site - invitation to offer
S. 4 Legal recognition of electronic records :- Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is - (a) rendered or made available in an electronic form; and (b) accessible so as to be usable for a subsequent reference.
Section 65: Tampering with computer source document: Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another or conceal, destroy or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, shall be punishable with imprisonment up to three years, or with fine which may extend upto two lakh rupees, or with both. Explanation: For the purpose of this section, "computer source code" means the listing of programmes, computer commands, design and layout and programme analysis of computer source in any form.
Sec.67 Publishing of Information which is obscene in electronic form : Whoever publisher or transmits or cause to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to 1 lakh rupees and in event of second or subsequent conviction with imprisonment of either description for a term which may extend to 10 years and with fine which may extend to 2/- lakh rupees.
NETWORK SERVICE PROVIDERS NOT TO BE LIABLE IN CERTAIN CASES Sec.79. Network Service Providers not to be liable in certain cases - For the removal of doubts, it is hereby declared that no person providing any service as a network service provider shall be liable under this Act, rules or regulations made thereunder for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention. Example - Bazee.com
OFFENCES Sec.66 Hacking with Computer System : 1) Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking. 2) Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend upto two lakh rupees or with both.
Section 85 offences by companies -- (1) Where a person committing a contravention of any of the provisions of this Act or any rule, direction or order made thereunder is a company, every person who, at the time the contravention was committed, was in charge of, and was responsible to, the company for the conduct business of the company as well as the company, shall be guilty of the contravention and shall be liable to be proceeded against and punished accordingly.
PROVIDED that nothing contained in this sub-section shall render any such person liable to punishment if he proves that the contravention took place without his knowledge or that he exercised all due diligence to prevent such contravention.
(2) Notwithstanding anything contained in sub-section (1), where a contravention of any of the provisions of this Act or of any rule, direction or order made thereunder has been committed by a company and it is proved that the contravention has taken place with the consent or connivance of, or is attributable to any neglect or the part of, any director, manager, secretary or other officer of the company, such director, manager secretary or other officer shall also be deemed to be guilty of the contravention and shall be liable to be proceeded against and punished accordingly.
Explanation: For the purpose of this section: (i) "company" means any body corporate and includes a firm or other association of individuals; and (ii) "director", in relation to a firm, means a partner in the firm.