Proceeding of the 3rd International Conference on Informatics and Technology, 2009

Role of Cyber Law and Its Usefulnes In Indian IT Industry

$SXUED.XPDU5R\.DO\DQ'DV

ABSTRACT

The word “cyber law” encompasses all the cases, statutes and constitutional provisions that affect
persons and institutions who control the entry to cyberspace, provide access to cyberspace, create the
hardware and software which enable people to access cyberspace or use their own devices to go
“online” and enter cyberspace. In simple way we can say that cyber crime is unlawful acts wherein the
computer is either a tool or a target or both. Cyber crimes can involve criminal activities that are
traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to
the Indian Penal Code. The abuse of computers has also given birth to a gamut of new age crimes that
are addressed by the Information Technology Act, 2000.

Keywords : Cyber Law, Cyber Crime, Cyber Forensics, information security, IT Act.

1.0 Introduction
Success i n any fi eld of h uman activity le ads to crim e th at ne eds m echanisms to c ontrol it. L egal
provisions sho uld prov ide a ssurance to users, empowerment to la w enforcement a gencies an d
deterrence to criminals. The law is as stringent as its enforcement. Crime is no longer limited to space,
time or a gr oup of p eople. Cyber sp ace cre ates mora l, civ il a nd cr iminal wrongs. It has now given a
new way to express criminal tendencies. Back in 1990, less than 100,000 people were able to log on
to the Internet w orldwide. Now a round 50 0 milli on people are h ooked u p to surf the n et aroun d the
globe. Until recently, many information technology (IT) professionals lacked awareness of and interest
in th e c yber c rime p henomenon. In ma ny cases, l aw enforcement officers h ave lacked th e to ols
needed to tack le th e pr oblem; old laws di dn’t quit e fit the crimes b eing c ommitted, n ew la ws ha dn’t
quite caught up to the realit y of what was happening, and there were few court preced ents to look to
for guidance. Furthermore, debates over privacy issues hampered the ability of enforcement agents to
gather th e evi dence ne eded to prosecut e these new cases. F inally, the re was a c ertain amo unt of
antipathy—or at the l east, d istrust—between the t wo m ost importa nt players in an y effective fig ht
against cyber crime: law enforcement agencies and computer professionals. Yet close cooperation
between the two is crucial if we are to control the c yber crime problem and make the Internet a safe
“place” for its users. Law enforcement personnel understand the criminal mindset and know the basics
of gatheri ng e vidence an d b ringing offen ders to justice. IT personnel understand c omputers a nd
networks, ho w the y work, an d ho w to track do wn i nformation on th em. Each h as half of the ke y t o
defeating t he cyber crim inal. IT profession als n eed good defin itions of cybercrime in order to kn ow
when (and what) to re port to police, but law enforcement agencies must have statutory definitions of
specific crimes in order to charg e a crimin al with a n offense. T he first step in spec ifically d efining
individual c ybercrimes is to sort all the acts that can be cons idered c ybercrimes i nto orga nized
categories.

1.1 Why Cyber Law ?

When Internet was developed, the fo unding fathers of Internet hardly had any inclination that Internet
could transform itself into an all pervading revolution which could be misused for criminal activities and
which required regulation. T oday, there are many disturbing thin gs h appening in c yberspace. D ue to
the anonymous nature of th e Internet, it is possible to engage into a variety of crimi nal activities with
impunity a nd people with in telligence, h ave b een gr ossly m isusing t his asp ect of th e Intern et to
perpetuate criminal activities in cyberspace. Hence the need for Cyber Laws.

1.2 What is the importance of Cyber Laws ?

Cyber Law [1] is importa nt because it touc hes almost all aspects of trans actions and activities on and
concerning the Internet, the World Wide Web and Cyberspace. Initially it may seem that Cyber Law is
a very technical field and that it do es not have any bearing to m ost activities in Cyberspace. But the
actual truth is that nothing could be further than the truth. Whether we realize it or not, every action and
every reaction in Cyberspace has some legal and Cyber legal perspectives.

©Informatics '09, UM 2009 RDT6 - ϭϵϳ

 Proceeding of the 3rd International Conference on Informatics and Technology, 2009

1.3 Advantages of Cyber Laws

The IT Act 2000 [2] attem pts to cha nge o utdated la ws a nd prov ides ways to deal with c yber crim es.
We ne ed such la ws so that people ca n perform purc hase trans actions over the Net through cr edit
cards without fear of misuse. The Act offers the m uch-needed legal framework so that information is
not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic
records. In vie w of the gr owth in transacti ons an d com munications c arried out thro ugh e lectronic
records, the Act seeks to em power government departments to acce pt filing, creating and retention of
official documents in th e d igital form at. T he Act has also pro posed a le gal fram ework for the
authentication and origin of electronic records / communications through digital signature.
* F rom the pe rspective of e- commerce i n Indi a, the IT Act 2000 a nd it s provisi ons c ontain man y
positive aspects. Firstly, the i mplications of these pr ovisions for t he e-businesses would be that emai l
would now be a valid and legal form of c ommunication in our country that can be duly produced and
approved in a court of law.
* Companies shall now be able to carry out electronic commerce using the legal infrastructure provided
by the Act.
* Dig ital s ignatures h ave be en given l egal validity and sanctio n i n the Act.
* T he Act throws op en the doors for the entr y of corporate comp anies in the b usiness of be ing
Certifying
Authorities for issuing Digital Signatures Certificates.
* T he Act now allows Gov ernment to issue notif ication on the web thus heralding e-gov ernance.
* The Act enables the com panies to file an y form, application or an y other document with any office,
authority, body or a gency o wned or c ontrolled by the ap propriate Gover nment in el ectronic f orm b y
means of su ch electro nic form as ma y be pr escribed b y t he appro priate Government.
* T he IT Act also ad dresses the im portant is sues of s ecurity, which are s o critical to the success of
electronic transactions. The Act has g iven a legal definition to the concept of secur e digital signatures
that would be required to have been passed through a system of a security procedure, as stipulated by
the
Government at a later date.
* Under the IT Act, 2000, it shall now be possible for corporates to have a statutory remedy in case if
anyone breaks into their co mputer s ystems or network and caus es damages or co pies data. T he
remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore.

1.4 About Cyber Law

The cyber law, in any country of the World, cannot be effective unless the concerned legal system has
the following three pre requisites:
(1) A sound Cyber Law regime,
(2) A sound enforcement machinery, and
(3) A sound judicial system.
Let us analyse the Indian Cyber law on the above parameters.
(1) Sound Cyber Law regime: The Cyber law in India can be found in the form of IT Act, 2000. Now the
IT Act, as ori ginally enacted, was s uffering f rom vari ous l oopholes a nd la cunas. T hese “grey areas”
were excusable since India introduced the law recently and every law needs some time to mature an d
grow. It was understood that over a per iod of ti me it w ill gr ow a nd further amen dments will b e
introduced to make it compatible with the International standards. It is important to realise that we need
“qualitative la w” and not “quantitative l aws”. In other words, one si ngle Act can fulfil the n eed of the
hour provided we give it a “dedicated and futuristic treatment”. The dedicated law essentially requires a
consideration of “public interest” as aga inst interest of fe w influential segments. Further, the futuristic
aspect requires an additional exercise and pain of deciding the trend th at may be faced in future. T his
exercise is not needed while legislating for traditional laws but the nature of cyber space is suc h that
we h ave to tak e ad ditional pr ecautions. Si nce the Inter net is bo undary l ess, an y person sitting in an
alien territor y can do h avoc with th e co mputer s ystem of India. For instanc e, the Informatio n
Technology is much more advanced in other countries. If India does not shed its traditional core that it
will be vulnerable to numerous cyber threats in the future. The need of the hour is not only to consider
the “contemporary standards” of the countries having developed Information Technology standards but
to “anticipate” future threats as well in advance. Thus, a “futuristic aspect’ of the current law has to be
considered.Now the big question is whether India is following this approach? Unfortunately, the answer
is in NEGATIVE. Firstly, the IT Act was deficient in certain aspects, though that was bound to happen.
However, inste ad of bri nging the suita ble amendments, the Prop osed IT Act, 2000 am endments [3]
have further “diluted” the criminal provisions of the Act. The “national interest” was ignored for the sake
of “commercial expediencies”. The proposed amendments have made the IT Act a “tiger without teeth”
and a “remedy worst than malady”.

©Informatics '09, UM 2009 RDT6 - ϭϵϴ

 Proceeding of the 3rd International Conference on Informatics and Technology, 2009

(2) A sound enforcement machinery: A law might have been properly enacted and may be theoretically
effective too b ut it is useles s unless e nforced in its true letter and sp irit. The la w e nforcement
machinery in India is not well equipped to deal with cyber law offences and contraventions. They must
be trained appropriately and should be provided with suitable technological support.
(3) A so und judicial system: A sound judicial system is the backbone for preserving the law and order
in a s ociety. It is commo nly misunderstood that it is th e “ sole” r esponsibility of the “B ench” alone t o
maintain law and order. That is a misleading notion and the “Bar” is equally responsible for maintaining
it. This essentially means a rigorous training of the members of both the Bar and the Bench. The fact is
that the c yber law is in its infa ncy stage in In dia hence not much Jud ges and Lawyers are aware of it.
Thus, a sound c yber la w tra ining of the Ju dges and Lawyers is the n eed of the h our. In short, the
dream for a n “Ideal C yber La w i n Indi a” requir es a “ considerable” amou nt of time, mone y and
resources. In the present state of things, it may take five more ye ars to appreciate its application. The
good n ews is that Govern ment has s anctioned a co nsiderable amo unt as a grant to brin g e-
governance within the judicial functioning. The need of the hour is to appreciate the difference between
mere “comp uterisation” an d “c yber la w l iteracy”. T he judges a nd l awyers must b e trained in th e
contemporary l egal issu es lik e c yber law so that their enfo rcement in India is effective. With all th e
challenges that India is fac ing in education and training, e-learning has a lot of a nswers and needs to
be a ddressed seriously b y t he cou ntries planners and pr ivate in dustry a like. E-lear ning can pr ovide
education to a large population not having access to it.

1.5 Cyber Crime

Computer crime, cyber crime [4] , e-crime, hi-tech crime or electronic crime generally refers to criminal
activity where a computer or net work is the source, tool, target, or place of a crim e. These categories
are not e xclusive an d man y activities ca n be char acterized as fal ling in on e or more cate gory.
Additionally, although th e te rms comput er crime or c ybercrime are more pr operly restricted t o
describing cri minal activit y in which th e co mputer or net work is a n ecessary part of the crim e, thes e
terms are also sometimes us ed to include t raditional crimes, such as fraud, theft, blackmail, forger y,
and embezzlement, in which computers or networks are used to facilitate the illicit activity.
Computer cri me can broadly be d efined as crimin al a ctivity i nvolving an i nformation tech nology
infrastructure, i ncluding il legal access (u nauthorized acc ess), illeg al interception (b y tec hnical m eans
of non-public transmissions of computer data to, from or within a c omputer system), data interference
(unauthorized damaging, deletion, deterioration, alteration or suppression of comp uter data), systems
interference (interfering with the functioning of a computer system by inputting, transmitting, damaging,
deleting, det eriorating, alterin g or suppr essing comp uter d ata), misuse of devices, forge ry (ID theft),
and electronic fraud.

1.6 We can categorize Cyber crimes in two ways

The Computer as a Target :-using a computer to attack other computers.
e.g. Hacking, Virus/Worm attacks, DOS attack etc.
The computer as a weapon :-using a computer to commit real world crimes.
e.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography etc.

1.7 Technical Aspects

Technological advancements have created new possibilities for criminal activity, in particular the
criminal misuse of information technologies such as
1.7.1 Unauthorized access & Hacking
Access me ans g aining en try in to, i nstructing or commu nicating with t he l ogical, ar ithmetical, or
memory function resources of a computer, computer system or computer network [5].
Unauthorized access would therefore mea n a ny ki nd of access without the p ermission of e ither t he
rightful owner or the person in charge of a computer, computer system or computer network. Every act
committed to wards br eaking i nto a com puter and/or network is hacki ng. Hackers write or use re ady-
made computer programs to attack the target com puter. They possess the desire to destruct and they
get the kick o ut of such des truction. Some hackers hack for persona l monetar y g ains, such as to
stealing the cr edit card inf ormation, transf erring money from various bank acc ounts to their o wn
account followed by withdrawal of money.
By hacking web server taking control on another persons website called as web hijacking [6].

1.7.2 Trojan Attack

The program that act like s omething useful but do the thi ngs that are q uiet damping. The programs of
this kind are called as Trojans.The name Trojan Horse is popular.Trojans come in two parts, a Client
part and a Server part. When the victim (unknowingly) runs the server on its machine, the attacker will
then us e the Client to co nnect to the Ser ver an d st art u sing th e troj an.TCP/IP protocol is th e us ual

©Informatics '09, UM 2009 RDT6 - ϭϵϵ

 Proceeding of the 3rd International Conference on Informatics and Technology, 2009

protocol t ype used f or com munications, but some fu nctions of th e troj ans us e th e U DP protoc ol as
well.
1.7.3 Virus and Worm attack
A program that has capability to infect other programs and make copies of itself and s pread into other
programs is called virus. Programs that multiply like viruses but spread from computer to computer are
called as worms.
1.7.4 E-mail & IRC related crimes
1.7.4.1 Email spoofing
Email spoofing refers to email that appears to have been originated from one source when it was
actually sent from another source.
1.7.4.2 Email Spamming
Email "spamming" [7] refers to sending email to thousands and thousands of users - similar to a chain
letter.
1.7.4.3 Sending malicious codes through email
E-mails are used to send viruses,Trojans etc through emails as an attachment or by sending a link of
website which on visiting downloads malicious code.
1.7.4.4 Email bombing
E-mail " bombing" is char acterized b y abusers rep eatedly s ending an i dentical email message to a
particular address.
1.7.4.5 Sending threatening emails
1.7.4.6 Defamatory emails
1.7.4.7 Email frauds
1.7.4.8 IRC related
Three main ways to attack IRC are: "verbal attacks, clone attacks, and flood attacks.
1.7.5 Denial of Service attacks
Flooding a co mputer r esource with mor e r equests th an i t can handle. This causes th e res ource t o
crash thereby denying access of service to authorized users.
1.7.5.1 Examples include
attempts to "flood" a network, thereby preventing legitimate network traffic
attempts to disrupt connections between two machines, thereby preventing access to a service
attempts to prevent a particular individual from accessing a service
attempts to disrupt service to a specific system or person.

1.8 PREVENTION OF CYBER CRIME:

Prevention [8] is al ways better than cure. It i s al ways better to take certain precaution while
operating the net. The 5P mantra for onl ine secur ity: Precaution, Prevention, Protection,
Preservation and Perseverance. A netizen should keep in mind the following things-
1.to prevent cyber stalking avoid disclosing any information pertaining to oneself.
This is as good as disclosing your identity to strangers in public place.
2.always avoid sending any photograph online particularly to strangers and chat
friends as there have been incidents of misuse of the photographs.
3.always use latest and up date anti virus software to guard against virus attacks.
4.always keep back up volumes so that one may not suffer data loss in case of virus
contamination
5.never send your credit card number to any site that is not secured, to guard
against frauds.
6.always keep a watch on the sites that your children are accessing to prevent any
kind of harassment or depravation in children.
7.it is better to use a security programme that gives control over the cookies and
send information back to the site as leaving the cookies unguarded might prove
fatal.
8.web site owners should watch traffic and check any irregularity on the site. Putting
host-based intrusion detection devices on servers may do this.
9.use of firewalls may be beneficial.
10. web servers running public sites must be physically separate protected from
internal corporate network.

©Informatics '09, UM 2009 RDT6 - ϮϬϬ

 Proceeding of the 3rd International Conference on Informatics and Technology, 2009

Adjudication of a C yber Cr ime - On the dir ections of the Bombay H igh Court the C entral
Government h as b y a n otification dated 25.03.03 has d ecided that th e Secretar y to the
Information Technology Department in each state by designation would be appointed as the
AO for each state.

1.9 Security measures

A state of computer "security" is the conceptual ideal, attained by the use of the three processes:
1. Prevention,
2. Detection, and
3. Response.
* User acco unt access controls an d cr yptography can pr otect s ystems files an d data, respective ly.
* F irewalls ar e b y far th e mo st common pr evention s ystems from a net work secur ity perspective as
they can (if pr operly configured) shield access to internal network services, and b lock certain kinds of
attacks through packet filtering.
* Intrusion Detection Systems (IDS's) [9] are designed to detect network attacks in progress and assist
in p ost-attack forensics, while a udit tra ils and logs serv e a sim ilar fun ction for individual s ystems.
* "Response" is necessarily defined by the assessed security requirements of an individual system and
may cover the rang e from s imple upgrade of protec tions to notification of legal auth orities, co unter-
attacks, and th e lik e. In som e spec ial case s, a comp lete destruction of the compr omised s ystem is
favored.
Today, computer security comprises mainly "preventive" measures, like firewalls or an Exit Procedure.
A fire wall [1 0] can be d efined as a way of filt ering n etwork data bet ween a host or a net work an d
another net work, such as the Internet, an d is norma lly implemented a s soft ware run ning on the
machine, hooking into the network stack ( or, in the case of most UNIX-based operating systems such
as Li nux, b uilt into the operating s ystem k ernel) to prov ide re altime fi ltering an d b locking. An other
implementation is a so called physical fire wall which consists of a separate machine filtering net work
traffic. F irewalls are commo n am ongst m achines th at a re p ermanently c onnected t o the Intern et
(though not universal, as demonstrated by the large numbers of machines "cracked" by worms like the
Code Red worm which would hav e bee n protected by a properl y-configured fire wall). Ho wever,
relatively few organizations maintain computer systems with effective detection systems, and fewer still
have organised response mechanisms in place.

1.10 IT Act of India 2000

In May 2000, both the houses of the Indian Parliament passed the Information Technology Bill. The Bill
received the assent of the President in A ugust 2 000 a nd cam e to b e kno wn as t he Informati on
Technology Act, 2000. Cyber laws are contained in the IT Act, 2000.This Act aims to prov ide the legal
infrastructure for e-commerce in Ind ia. And the c yber laws have a major impact for e-b usinesses and
the new economy in India. So, it is important to understand what are the various perspectives of the IT
Act, 2000 and what it offers. The Information Technology Act, 2000 also aims to provide for the legal
framework so that legal sanctity is accorded to all electronic records and other activities carried out by
electronic me ans. T he Act states that u nless ot herwise a greed, an acceptance of co ntract ma y b e
expressed by electronic m eans of com munication and the s ame shall have legal v alidity and
enforceability.

1.11 Critical evaluation of the proposed IT Act, 2000 amendments

The proposed IT Act, 2000 amendments are neither desirable nor conducive for the growth of ICT in
India. They are suffering from numerous drawbacks and grey areas and they must not be transformed
into the law of the land. These amendments must be seen in the lig ht of contemporary standards and
requirements. Some of the more pressing and genuine requirements in this regard are:
(a) There are no security concerns for e-governance in India
(b) The concept of due diligence for companies and its officers is not clear to the concerned segments
(c) The use of ICT for justice administration must be enhanced and improved
(d) The offence of cyber extortions must be added to the IT Act, 2000 along with Cyber Terrorism and
other contemporary cyber crimes
(e) The increasing nuisance of e-mail hijacking and hacking must also be addressed
(f) The use of ICT for day to day procedural matters must be considered
(g) The legal risks of e-commerce in India must be kept in mind
(h) The concepts of private defence and aggressive defence are missing from the IT Act, 2000
(i) Internet banking and its legal challenges in India must be considered
(j) Adequate and reasonable provisions must me made in the IT Act, 2000 regarding “Internet
censorship”

©Informatics '09, UM 2009 RDT6 - ϮϬϭ

 Proceeding of the 3rd International Conference on Informatics and Technology, 2009

(k) The use of private defence for cyber terrorism must be introduced in the IT Act, 2000
(l) The legality of sting operations (like Channel 4) must be adjudged
(m) The deficiencies of Indian ICT strategies must be removed as soon as possible
(n) A sound BPO platform must be established in India, etc.
The concerns are too ma ny to be d iscussed in this s hort article. The Government must seriously take
the “ge nuine c oncerns” an d should av oid the cosm etic c hanges th at ma y s hake the base of alr eady
weak cyber law in India.

References

[1] Vakul Sharma, Information Technology: Law and Practice, Universal Law Publishing Co. Pvt.
Ltd., 2008.
[2] IT act 2000
[3] New Amendments to IT Act 2000
[4] www.cyberlawindia.com
[5] www.legalserviceindia.com/cyber/cyber.htm
[6] www.delhicourts.nic.in
[7] www.cyberlawsindia.net
[8] www.cyberlawenforcement.org
[9] www.cyberlaw.in
[10] www.cyberlawportal.com
involves

©Informatics '09, UM 2009 RDT6 - ϮϬϮ