TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR

[Link] Page 1 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
I:
Introduction to Cyber Laws and Technology: Basic Concepts, Internet and Advantages and
Disadvantages of Internet Technology, Network and Network Security
Legal Framework and Regulations: Cyber Law & Components of Cyber Law, Cyber Law in India: An
Overview of Information Technology Act 2000, Cryptography, Encryption Technique & Algorithm and
Digital Signature & Electronic Signature
Key Issues in Cyber Laws: E-Commerce, E-Governance, E-Record & E-Contract, Regulator, Certifying
Authority, Electronic Signature Certificates
II:
Cyber Crimes and Enforcement: Cyber Appellate Tribunal, Cyber Crimes-Cyber Contraventions, Cyber
Offences, Power of Investigation & Search, E-Evidence and Computer Forensic
Emerging Issues and Legal Considerations: ISP & Intermediary Not to be Liable in Certain Cases,
Consequential Amendments in Various Conventional Laws in India, Grey Areas of Information
Technology Act, 2000,
Jurisdiction and Privacy: Cyber Jurisdiction, E-Consumers, Privacy of Online Data and Information
III:
Intellectual Property Rights and Online Regulations: Free Speech Online or Online Freedom of Speech
and Expression and Liability of Intermediary
Intellectual Property Rights (IPRs), Copyrights & Patents: International and Indian Scenario, Copyright
Issues and Digital Medium, Patent Issues in Digital Medium
Disputes and Resolution: Domain Name Dispute & Resolution and Trademark Issues in Digital Medium,
Spamming and Phishing
Textbook(s):
1. Cyber Laws & Information Technology (For LL.B.) Paperback – 1 January 2020
2. Cyber Law in India, Satish Chandra, ABS Books, 2017
3. Cyber Security and Cyber Laws, Nilakshi Jain, Wiley India, October 2020
Additional Reference(s):
1. Cyber Laws, Justice Yatindra Singh, Universal Law Publishing, Universal Publishing, 2016
2. Cyber laws, Dr. Gupta & Agrawal, PREMIER PUBLISHING COMPANY, 2022
3. Cyber Law - An Exhaustive Section Wise Commentary On The Information Technology, Pavan
Duggal, Universal Publishing (LexisNexis), 2nd Edition, 2017

[Link] Page 2 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
CHAPTER I: INTRODUCTION TO CYBER LAWS AND TECHNOLOGY
Topics Covered: Basic Concepts, Internet and Advantages and Disadvantages of Internet Technology,
Network and Network Security
-------------------------------------------------------------------------------------------------------------------
What is Cyber Law?
• Cyber law, also known as Internet Law or Cyber Law, is the part of the overall legal system that
is related to legal informatics and supervises the digital circulation of information, e-commerce,
and software and information security. It is associated with legal informatics and electronic
elements, including information systems, computers, software, and hardware. It covers many
areas, such as access to and usage of the Internet, encompassing various subtopics as well as
freedom of expression, and online privacy.

• Cyber laws help to reduce or prevent people from cybercriminal activities on a large scale with
the help of protecting information access from unauthorized people, freedom of speech related
to the use of the Internet, privacy, communications, email, websites, intellectual property,
hardware and software, such as data storage devices. As Internet traffic is increasing rapidly
day by day, that has led to a higher percentage of legal issues worldwide. Because cyber laws
are different according to the country and jurisdiction, restitution ranges from fines to
imprisonment, and enforcement is challenging.
• Cyberlaw offers legal protections for people who are using the Internet as well as running an
online business. It is most important for Internet users to know about the local area and cyber
law of their country by which they could know what activities are legal or not on the network.
Also, they can prevent ourselves from unauthorized activities.
• The Computer Fraud and Abuse Act was the first cyber law, called CFFA, that was enacted in
1986. This law was helpful in preventing unauthorized access to computers. And it also provided
a description of the stages of punishment for breaking that law or performing any illegal
activity.
-------------------------------------------------------------------------------------------------------------------
Why are cyber laws needed?
• There are many security issues with using the Internet and also available different malicious
people who try to unauthorized access your computer system to perform potential fraud.
Therefore, similarly, any law, cyber law is created to protect online organizations and people on
the network from unauthorized access and malicious people. If someone does any illegal activity
or breaks the cyber rule, it offers people or organizations to have that persons sentenced to
punishment or take action against them.
-------------------------------------------------------------------------------------------------------------------
What happens if anyone breaks a cyber law?
If anyone breaks a cyber law, the action would be taken against that person on the basis of the type of
cyber law he broke, where he lives, and where he broke the law. There are many situations like if you
break the law on a website, your account will be banned or suspended and blocked your IP (Internet
Protocol) address. Furthermore, if any person performs a very serious illegal activity, such as causing
another person or company distress, hacking, attacking another person or website, advance action can
be taken against that person.
-------------------------------------------------------------------------------------------------------------------
Importance of Cyber Law
Cyber laws are formed to punish people who perform any illegal activities online. They are important to
punish related to these types of issues such as online harassment, attacking another website or
individual, data theft, disrupting the online workflow of any enterprise and other illegal activities.
If anyone breaks a cyber law, the action would be taken against that person on the basis of the type of
cyber law he broke, where he lives, and where he broke the law. It is most important to punish the
criminals or to bring them to behind bars, as most of the cybercrimes cross the limit of crime that
cannot be considered as a common crime.
These crimes may be very harmful for losing the reliability and confidentiality of personal information
or a nation. Therefore, these issues must be handled according to the laws.
o When users apply transactions on the Internet, cyber law covers every transaction and protect
them.
o It touches every reaction and action in cyberspace.
o It captures all activities on the Internet.
-------------------------------------------------------------------------------------------------------------------

[Link] Page 3 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR

Areas involving in Cyber Laws

These laws deal with multiple activities and areas that occur online and serve several purposes. Some
laws are formed to describe the policies for using the Internet and the computer in an organization,
and some are formed to offer people security from unauthorized users and malicious activities. There
are various broad categories that come under cyber laws; some are as follows:
-------------------------------------------------------------------------------------------------------------------
Fraud
Cyber laws are formed to prevent financial crimes such as identity theft, credit card theft and other
that occurring online. A person may face confederate or state criminal charges if he commits any type
of identity theft. These laws have explained strict policies to prosecute and defend against allegations
of using the internet.
-------------------------------------------------------------------------------------------------------------------
Copyrighting Issues
The Internet is the source that contains different types of data, which can be accessed anytime,
anywhere. But it is the authority of anyone to copy the content of any other person. The strict rules are
defined in the cyber laws if anyone goes against copyright that protects the creative work of individuals
and companies.
-------------------------------------------------------------------------------------------------------------------
Scam/ Treachery
There are different frauds and scams available on the Internet that can be personally harmful to any
company or an individual. Cyber laws offer many ways to protect people and prevent any identity theft
and financial crimes that happen online.
-------------------------------------------------------------------------------------------------------------------
Online Insults and Character Degradation
There are multiple online social media platforms that are the best resources to share your mind with
anyone freely. But there are some rules in cyber laws if you speak and defaming someone online.
Cyber laws address and deal with many issues, such as racism, online insults, gender targets to protect
a person's reputation.
-------------------------------------------------------------------------------------------------------------------
Online Harassment and Stalking
Harassment is a big issue in cyberspace, which is a violation of both criminal laws and civil. In cyber
laws, there are some hard laws defined to prohibit these kinds of despicable crimes.
-------------------------------------------------------------------------------------------------------------------
Data Protection
People using the internet depends on cyber laws and policies to protect their personal information.
Companies or organizations are also relying on cyber laws to protect the data of their users as well as
maintain the confidentiality of their data.
-------------------------------------------------------------------------------------------------------------------
Contracts and Employment Law
When you are visiting a website, you click a button that gives a message to ask you to agree for terms
and conditions; if you agree with it, that ensures you have used cyber law. For every website, there
are terms and conditions available that are associated with privacy concerns.
-------------------------------------------------------------------------------------------------------------------
Trade Secrets
There are many organizations that are doing online businesses, which are often relying on cyber laws
to protect their trade secrets. For example, online search engines like Google spend much time to
develop the algorithms that generate a search result. They also spend lots of time developing other
features such as intelligent assistance, flight search services, to name a few and maps. Cyber laws help
these organizations to perform legal action by describing necessary legal laws for protecting their trade
secrets.
-------------------------------------------------------------------------------------------------------------------
How to protect yourself on the Internet
Although the Internet is a resource that contains multiple different types of content, there are many
hackers or unauthorized users that may be harmful to you in order to thief your personal information.
Below are given all of the steps that may help you to keep your personal information and computers
safe while using the Internet. All of the given steps or suggestions can be beneficial for all computer
users, even if what type of computer, device, or operating system they are using.
-------------------------------------------------------------------------------------------------------------------

[Link] Page 4 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
Verify data is encrypted
When you are sending any confidential information, such as debit card numbers, credit card numbers,
usernames, or passwords, send these types of information securely. In Internet browsers, look for a
small lock (Internet browser security lock) to verify this; an icon will be shown in the right corner of
the bottom of the browser address bar or browser Window. If you see the icon, it should be in a locked
condition and not in an unlocked position. Also, make sure the URL starts with https (Hypertext
Transfer Protocol Secure), as displaying in the below screenshot:
[Link]
If the lock icon is in the locked position and data is intercepted, the data is encrypted that helps to
keep secure your data and prevent others to understand it. The data can be read by anyone if the lock
is in the unlocked position or no lock is visible because all information will be in the form of plain text.
For example, an online forum is not secure, use a password, but you will not use the password with
protected sites like an online banking website.
-------------------------------------------------------------------------------------------------------------------
Use a safe password
Like online bank site or other websites that contain confidential information, need to use very strong
passwords, it is also recommended; you must use the different and strong password for all websites
that require login id and password. You could use a password manager if you required help to
remember your password.
-------------------------------------------------------------------------------------------------------------------
Keep your software and operating system up-to-date
To protect yourself on the Internet, it is better to update your software installed on your computer and
operating system regularly. It is necessary because many updates are released by the developers of
the operating system that are related to computer security-related issues. Therefore, you should
update your system when the latest updates are released.
-------------------------------------------------------------------------------------------------------------------
When available always enable two-factor authentication
You can use the two-factor authentication feature to make more secure your accounts, like Gmail or
others that require a login and contain your private data. It offers advanced protection by adding an
additional step in verifying you at the time of login. If you enable two-factor authentication and the
service does not verify your computer or other devices after authenticating your password, it sends a
text message with a verification code on your cell phone. It includes more powerful security; for
example, if someone knows your password of any account and tries to access your account, but he
does not have your phone, he cannot access your account even with a valid password.
-------------------------------------------------------------------------------------------------------------------
Always be cautious of e-mail links and attachments
The email attachments and hyperlinks sent through email are the most common resources to spread
viruses and malware. It is recommended to always be extremely cautious to open any attachments
and hyperlinks, which you have received through email from others, even if they have sent by friend or
family.
-------------------------------------------------------------------------------------------------------------------
Be aware of phishing scams
There are many phishing scams and techniques that can be more harmful in respect to losing your
secret information. Therefore, it is necessary to familiarize yourself with these types of techniques.
Hackers mainly target websites that need a login, such as PayPal, eBay, Amazon, online banking sites,
and other popular sites.
-------------------------------------------------------------------------------------------------------------------
E-mail is not encrypted
If you send any confidential information through email, it can be read or understood by unauthorized
users as email is not encrypted. Therefore, confidential data like debit card information, credit card
information, password and more should not be transmitted over e-mail.
Use an alternative browser
For protecting your systems, Internet browsers also play an important role. For example, earlier
versions of Internet Explorer are not more secure. If you are using a lass secure browser in terms of
your browser like Internet Explorer, you should switch to another browser like Mozilla Firefox or Google
Chrome. Also, if you are using Microsoft Windows 10 operating system on your computer and want to
stay to use a Microsoft Internet browser, you can switch to the Microsoft Edge rather than Internet
Explorer that is more secure in terms of protecting your systems.
Use caution when accepting or agreeing to prompts

[Link] Page 5 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
When you are indicated to install an add-on or any program, before clicking on the Ok button, you
need to read and understand the agreement carefully. If you do not understand the agreement or feel
it is not necessary to install, you should not install this kind of program, cancel or close the window,
which may be harmful for you.
Also, when you are installing an add-on or any program, you need to care about any check box that
asks if this third-party program will be ok to install. These often cause more issues and leave these
boxes unchecked because these are never required.
Be cautious where you are logging in from
-------------------------------------------------------------------------------------------------------------------
Business
If you are working in any organization, your place of work can monitor your computer by installing key
loggers or use other methods. In this case, someone can collect usernames and passwords and read
these logs if he has access to this information. It can be more harmful to lose your personal
information. Additionally, if your computer is shared with other co-workers, do not store any passwords
in your browser.
-------------------------------------------------------------------------------------------------------------------
Wireless network
When you are using a wireless network, you must be careful that all the information sent from your
computer and to your computer can be read and intercepted by any unauthorized person. You can log
in to the network securely with the help of using WPA or WEP and prevent losing your secret
information. Furthermore, make sure the network is secure if it is a home wireless network.
-------------------------------------------------------------------------------------------------------------------
Friend's house
Sometimes, you may use your friend's computer and log in to your account on that computer, which
may not be fully secure. Intentionally or unintentionally, you can enter your username and password
on your friend's computer or the computer with whom you are not familiar. Finally, never save the
password information on your friend's computer browser when you are logging into any site on a
friend's computer.
Always think before you share something
There are many social media sites, such as Instagram, Facebook, that enable you to make online
friends and connect with them. The networking sites are also the best place to share your personal
information with your friends, family or others. When you share something on social networking sites
or the Internet, make sure you are not sending any information that can be harmful to you if everyone
sees it. The sent information on the social network or the Internet should be public. Also, make sure
you are sharing such something that will not offend anyone or embarrass you, and you must not be
uploaded on the Internet.
-------------------------------------------------------------------------------------------------------------------
Update Internet browser plugins
You should update Internet browser plugins or install the latest plugins to protect yourself while online
on the computer. Due to browser plugins like Adobe Flash, attackers may find some easiness or
security vulnerabilities to hack any system. Therefore, you need to check out regularly that all your
installed Internet plug-ins are up-to-date.
-------------------------------------------------------------------------------------------------------------------
Be aware of those around you
If you are working on the computer at any public area, school, library and more, make sure anyone is
not looking at your screen, as there will be many people around you. On the other hand, it can be
cautious if anyone is looking at your system screen that is called shoulder surfing. If you are required
to system screen private, you can use a privacy filter for the display.
-------------------------------------------------------------------------------------------------------------------
Secure saved passwords
There are many users that are habitual to save login information and password on the system, but it
can be insecure. Therefore, make sure you are storing your personal details, such as credit card detail
and account passwords, in a secure area. It is recommended for everyone to use a password manager
to save your passwords.
A password manager is a software that holds all securely encrypts and login information, and password
protects that information. If you save a password in a browser and anyone has access to your Internet
browser, the password information may be seen by that person. For instance, in the Firefox Internet
browser, anyone can see all stored passwords if you do not set up a master password.
Do not always trust what you read online

[Link] Page 6 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
You should be aware about that it is possible for anyone to publish a website on the Internet. There are
various creators who may have intention for creating a site only for malicious purposes. For instance, a
website can be created to gain unauthorized access and spread fear, lies, or malware.
-------------------------------------------------------------------------------------------------------------------
Advantages of Cyber Law:
• Organizations are now able to carry out e-commerce using the legal infrastructure provided by the
Act.
• Digital signatures have been given legal validity and sanction in the Act.
• It has opened the doors for the entry of corporate companies for issuing Digital Signatures
Certificates in the business of being Certifying Authorities.
• It allows Government to issue notifications on the web thus heralding e-governance.
• It gives authority to the companies or organizations to file any form, application, or any other
document with any office, authority, body, or agency owned or controlled by the suitable
Government in e-form using such e-form as may be prescribed by the suitable Government.
• The IT Act also addresses the important issues of security, which are so critical to the success of
electronic transactions.
• Cyber Law provides both hardware and software security.

-------------------------------------------------------------------------------------------------------------------
Types of Cybercrime
• Phishing:
Phishing involves deceptive attempts to obtain sensitive information, like passwords or credit card
details, by posing as a trustworthy entity. Cyber laws play a crucial role in prosecuting individuals
engaged in phishing activities.
• Hacking:
Unapproved access to computer systems or networks to gather, alter, or destroy data constitutes
hacking. Cyber laws define and penalize such activities, ensuring legal consequences for those who
breach digital security.
• Identity Theft:
Illegally acquiring and using someone else's personal information for fraudulent activities falls under
the purview of cyber laws. The legal framework addresses identity theft, protecting individuals whose
identities may be compromised.
• Ransomware:
Ransomware involves the use of malicious software to encrypt files, demanding payment for their
release. Cyber laws aim to prevent and prosecute individuals involved in orchestrating ransomware
attacks.
• Online Scams:
Cyber laws address fraudulent schemes conducted over the internet to deceive individuals for financial
gain. These laws provide legal recourse for victims and impose penalties on perpetrators.
• PUPs (Potentially Unwanted Programs):
Cyber laws address software that may harm a computer or its user, often installed without the user's
knowledge. This helps regulate the distribution of potentially harmful programs and protects users.
• Denial of Service Attack:
Overloading a system, network, or website to make it unavailable to users constitutes a denial of
service attack. Cyber laws define and penalize such attacks, discouraging individuals from engaging in
disruptive online activities.
• Cyberstalking:
Cyber laws are made to tackle ongoing online harassment or stalking carried out through electronic
methods. These laws recognize the seriousness of cyberstalking and provide legal avenues for victims
to seek protection.
------------------------------------------------------------------------------------------------------------------
Basic Concepts:
Cyber law encompasses a broad range of legal issues related to the internet, computers, and
information technology. Here are some basic concepts in cyber law:
1. Cybercrime: Refers to criminal activities carried out using computers or the internet. This
includes hacking, malware distribution, identity theft, online fraud, cyberbullying, and more.
2. Data Protection and Privacy: Laws and regulations that govern the collection, storage, use,
and sharing of personal data online. This includes regulations such as the General Data
Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act
(CCPA) in the United States.

[Link] Page 7 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
3. Intellectual Property Rights (IPR): Laws protecting intellectual property such as copyrights,
trademarks, and patents in the digital environment. This includes issues related to digital
piracy, software licensing, domain name disputes, and online counterfeiting.
4. Cybersecurity: Laws and regulations aimed at securing computer systems, networks, and data
from unauthorized access, cyber attacks, and data breaches. This includes regulations like the
NIST Cybersecurity Framework and industry-specific standards like PCI DSS for payment card
security.
5. Electronic Transactions: Laws governing electronic contracts, digital signatures, and
electronic commerce. These laws ensure the legal validity and enforceability of transactions
conducted online.
6. Jurisdiction: Determining which laws apply when a cybercrime occurs across international
borders or involves multiple jurisdictions. This can be complex due to the global nature of the
internet and differing legal systems in different countries.
7. Cyber Ethics: Ethical considerations related to the use of technology and the internet. This
includes issues such as online freedom of speech, internet censorship, digital rights, and ethical
hacking.
8. Liability and Responsibility: Determining legal liability for actions taken online, including the
responsibilities of internet service providers (ISPs), website owners, and users. This includes
issues such as intermediary liability, defamation, and vicarious liability for cybercrimes.
9. Cyber Forensics: The application of forensic techniques to investigate cybercrimes and gather
evidence for legal proceedings. This involves collecting, preserving, and analyzing digital
evidence in a manner that meets legal standards.
10. International Cooperation: Collaboration between countries to address cybercrime and
establish common standards for cybersecurity and data protection. This includes mutual legal
assistance treaties (MLATs) and international agreements on cybercrime.
Understanding these basic concepts is essential for individuals, businesses, and governments to
navigate the legal landscape of cyberspace and address the challenges posed by cyber threats and
digital technology.
-------------------------------------------------------------------------------------------------------------------
History of the Internet
The Internet came in the year 1960 with the creation of the first working model called ARPANET
(Advanced Research Projects Agency). It allowed multiple computers to work on a single network
which was their biggest achievement at that time. ARPANET uses packet switching to communicate
multiple computer systems under a single network. In October 1969, using ARPANET first message was
transferred from one computer to another. After that technology continues to grow.
How is the Internet Set Up?
The internet is set up with the help of physical optical fiber data transmission cables or copper wires
and various other networking mediums like LAN, WAN, MAN, etc. For accessing the Internet even the
2G, 3G, and 4G services and the Wifi require these physical cable setups to access the Internet. There
is an authority named ICANN (Internet Corporation for Assigned Names and Numbers) located
in the USA which manages the Internet and protocols related to it like IP addresses.

How Does the Internet Work?

The actual working of the internet takes place with the help of clients and servers. Here the client is a
laptop that is directly connected to the internet and servers are the computers connected indirectly to
the Internet and they are having all the websites stored in those large computers. These servers are
connected to the internet with the help of ISP (Internet Service Providers) and will be identified with
the IP address.
Each website has its Domain name as it is difficult for any person to always remember the long
numbers or strings. So, whenever you search for any domain name in the search bar of the browser
the request will be sent to the server and that server will try to find the IP address from the Domain
name because it cannot understand the domain name. After getting the IP address the server will try
to search the IP address of the Domain name in a Huge phone directory that in networking is known as
a DNS server (Domain Name Server). For example, if we have the name of a person and we can easily
find the Aadhaar number of him/her from the long directory as simple as that.
So after getting the IP address, the browser will pass on the further request to the respective server
and now the server will process the request to display the content of the website which the client
wants. If you are using a wireless medium of Internet like 3G and 4G or other mobile data then the

[Link] Page 8 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
data will start flowing from the optical cables and will first reach towers from there the signals will
reach your cell phones and PCs through electromagnetic waves and if you are using routers then
optical fiber connecting to your router will help in connecting those light-induced signals to electrical
signals and with the help of ethernet cables internet reaches your computers and hence the required
information.
For more, you can refer to How Does the Internet Work?
What is an IP Address?
IP Address stands for Internet Protocol Address. Every PC/Local machine is having an IP address and
that IP address is provided by the Internet Service Providers (ISPs). These are some sets of rules
which govern the flow of data whenever a device is connected to the Internet. It differentiates
computers, websites, and routers. Just like human identification cards like Aadhaar cards, Pan cards,
or any other unique identification documents. Every laptop and desktop has its own unique IP address
for identification. It’s an important part of Internet technology. An IP address is displayed as a set of
four-digit like [Link]. Here each number on the set ranges from 0 to 255. Hence, the total IP
address range from [Link] to [Link].
You can check the IP address of your Laptop or desktop by clicking on the Windows start menu -> then
right-click and go to network -> in that go to status and then Properties you can see the IP address.
There are four different types of IP addresses are available:
1. Static IP Address
2. Dynamic IP Address
3. Private IP Address
4. Public IP Address
World Wide Web (WWW)
The world wide web is a collection of all the web pages, and web documents that you can see on the
Internet by searching their URLs (Uniform Resource Locator) on the Internet. For example,
[Link] is the URL of the GFG website, and all the content of this site like webpages
and all the web documents are stored on the world wide Web. Or in other words, the world wide web is
an information retrieval service of the web. It provides users with a huge array of documents that are
connected to each other by means of hypertext or hypermedia links. Here, hyperlinks are known as
electronic connections that link the related data so that users can easily access the related information
hypertext allows the user to pick a word or phrase from text, and using this keyword or word or phrase
can access other documents that contain additional information related to that word or keyword or
phrase. World wide web is a project which is created by Timothy Berner’s Lee in 1989, for researchers
to work together effectively at CERN. It is an organization, named World Wide Web Consortium
(W3C), which was developed for further development in the web.

Difference Between World Wide Web and the Internet

The main difference between the World Wide Web and the Internet are:

World Wide Web Internet

All the web pages and web documents are

stored there on the World wide web and The Internet is a global network of computers that is
to find all that stuff you will have a accessed by the World wide web.
specific URL for each website.

The world wide web is a service. The Internet is an infrastructure.

The world wide web is a subset of the

The Internet is the superset of the world wide web.
Internet.

The world wide web is software-oriented. The Internet is hardware-oriented.

The world wide web uses HTTP. The Internet uses IP Addresses.

[Link] Page 9 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
World Wide Web Internet

The world wide web can be considered as

a book from the different topics inside a The Internet can be considered a Library.
Library.

Uses of the Internet

Some of the important usages of the internet are:
• Online Businesses (E-commerce): Online shopping websites have made our life easier, e-
commerce sites like Amazon, Flipkart, and Myntra are providing very spectacular services with
just one click and this is a great use of the Internet.
• Cashless Transactions: All the merchandising companies are offering services to their
customers to pay the bills of the products online via various digital payment apps like Paytm,
Google Pay, etc. UPI payment gateway is also increasing day by day. Digital payment industries
are growing at a rate of 50% every year too because of the INTERNET.
• Education: It is the internet facility that provides a whole bunch of educational material to
everyone through any server across the web. Those who are unable to attend physical classes
can choose any course from the internet and can have point-to-point knowledge of it just by
sitting at home. High-class faculties are teaching online on digital platforms and providing
quality education to students with the help of the Internet.
• Social Networking: The purpose of social networking sites and apps is to connect people all
over the world. With the help of social networking sites, we can talk, and share videos, and
images with our loved ones when they are far away from us. Also, we can create groups for
discussion or for meetings.
• Entertainment: The Internet is also used for entertainment. There are numerous
entertainment options available on the internet like watching movies, playing games, listening
to music, etc. You can also download movies, games, songs, TV Serial, etc., easily from the
internet.
Security and the Internet
Very huge amount of data is managed across the Internet almost the time, which leads to the risk of
data breaching and many other security issues. Both Hackers and Crackers can lead to disrupting the
network and can steal important information like Login Credentials, Banking Credentials, etc.
Steps to Protect the Online Privacy
• Install Antivirus or Antimalware.
• Create random and difficult passwords, so that it becomes difficult to guess.
• Use a private browsing window or VPN for using the Internet.
• Try to use HTTPS only for better protection.
• Try to make your Social Media Account Private.
• If you are not using any application, which requires GPS, then you can turn GPS off.
• Do not simply close the tab, first log out from that account, then close the tab.
• Try to avoid accessing public Wifi or hotspots.
• Try to avoid opening or downloading content from unknown sources.
There is an element of the Internet called the Dark Web, which is not accessible from standard
browsers. To keep safe our data, we can use Tor and I2P, which helps in keeping our data anonymous,
that helps in protecting user security, and helps in reducing cybercrime.
Social Impact of the Internet
The social impact of the Internet can be seen in both ways. Some say it has a positive impact as it
helps in gaining civic engagement, etc. whereas some say it has a negative impact as it increased the
risk of getting fooled by someone over the internet, getting withdrawal from society, etc.
Whatever the impact of Social Media, one thing is that it changed the way of connecting and
interacting with others in society. The number of people increasing day by day on social media
platforms which helps in constructing new relationships over social media, new communities are made
on social media in the interest of the people. Social Media platforms like Facebook, Instagram,
LinkedIn, etc are the most used social media platform for both individual and business purposes where
we can communicate with them and perform our tasks.
Advantages of the Internet
• Online Banking and Transaction: The Internet allows us to transfer money online through
the net banking system. Money can be credited or debited from one account to the other.

[Link] Page 10 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
• Education, Online Jobs, Freelancing: Through the Internet, we are able to get more jobs via
online platforms like Linkedin and to reach more job providers. Freelancing on the other hand
has helped the youth to earn a side income and the best part is all this can be done via the
INTERNET.
• Entertainment: There are numerous options for entertainment online we can listen to music,
play games can watch movies, and web series, and listen to podcasts, youtube itself is a hub of
knowledge as well as entertainment.
• New Job Roles: The Internet has given us access to social media, and digital products so we
are having numerous new job opportunities like digital marketing and social media marketing
online businesses are earning huge amounts of money just because the Internet is the medium
to help us to do so.
• Best Communication Medium: The communication barrier has been removed from the
Internet. You can send messages via email, Whatsapp, and Facebook. Voice chatting and video
conferencing are also available to help you to do important meetings online.
• Comfort to humans: Without putting any physical effort you can do so many things like
shopping online it can be anything from stationeries to clothes, books to personal items, etc.
You can books train and plane tickets online.
• GPS Tracking and google maps: Yet another advantage of the internet is that you are able to
find any road in any direction, and areas with less traffic with the help of GPS on your mobile.
Disadvantages of the Internet
• Time Wastage: Wasting too much time on the internet surfing social media apps and doing
nothing decreases your productivity rather than wasting time on scrolling social media apps one
should utilize that time in doing something skillful and even more productive.
• Bad Impacts on Health: Spending too much time on the internet causes bad impacts on your
health physical body needs some outdoor games exercise and many more things. Looking at the
screen for a longer duration causes serious impacts on the eyes.
• Cyber Crimes: Cyberbullying, spam, viruses, hacking, and stealing data are some of the crimes
which are on the verge these days. Your system which contains all the confidential data can be
easily hacked by cybercriminals.
• Effects on Children: Small children are heavily addicted to the Internet watching movies, and
games all the time is not good for their overall personality as well as social development.
• Bullying and Spreading Negativity: The Internet has given a free tool in the form of social
media apps to all those people who always try to spread negativity with very revolting and
shameful messages and try to bully each other which is wrong.
-------------------------------------------------------------------------------------------------------------------
Application and Features of the Internet
Uses of the Internet on daily basis
Let’s look at some of the uses of the Internet in our daily life −
• Online Food Order
• Grocery Store
• Educational Online Classes
• Online Banking or Net Banking
• Cashless Transactions
• Social Network
• Hospital Registration and Bill Receipts
• Online Train or Flight Bookings
Today, there are countless examples we can see around us. These are some real-life easy examples.
Lets now see some of the features of the Internet −
Features of Internet
• Data Transfer is easier while using the internet.
• Accessibility to almost every piece of information.
• Expansion of business in IT technology.
• Faster and Feasible government services.
• Security and Safety of Information virtually.
• Saves lots of time in processing and management.
• The Internet is not centrally dependent upon one center as it is divided into several data centers
and extensions to provide scalability.
Advantages and Disadvantages of the Internet

[Link] Page 11 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
As we know the internet is accessible to every information we want within a fraction of a second. It
gives more results and increases productivity. There are many Advantages of the Internet, Lets now
see and learn what they are −
Advantages of Internet
• Connectivity − As we know we are connected to the internet to stay connected with our
family, friends, colleagues, services, etc.
• Information − We can search and get many search results for our questions and the
information can increase knowledge.
• Online Payment − Using payment modes such as Paytm, GPay, and Bhim UPI are many
payment methods to pay online.
• Digital Marketing − We are making our websites and making business online.
• Net Banking Services − Banking services such as payment, debit, credit, changing our
details, and scheduling payment are an integral part of secure payment.
• Productive Collaboration − As we experienced, after the Covid pandemic, we have worked
from home and made things work better than ever before by connecting through video
conferencing and saving mobility.
As we know Internet has some of its disadvantages also, let’s now consider them −
Disadvantages Of Internet
• Wastage of time − Considering today’s lifestyle, one prominent advantage of the Internet is
addiction. People are getting addicted to the internet, watching videos and reels without
realizing they are wasting so much of their time.
• Cybercrime − It is increasing rapidly as more information is shared and getting leaked.
• Accessibility of pornographic content − It is accessible to even children since there is
complex information shared every day and it is hard to figure out the source of these images
and videos. This is a big concern regarding children and their minds, parental security is
necessary on mobile phones being used by children.
• Identity theft − It is one major concern on a bigger level such as higher organizations,
government, and private sectors.
• Increase in cyber-attacks in the banking sector and corporate sector − Information is
getting leaked, shared, and misused for harm, theft, privacy violation, and harassment.
• Fake Information or Misleading − People nowadays can easily manipulate any information
and reclaim it to be true this could mislead people and their reliability towards information
shared.
Advantages of Internet Disadvantages of Internet

It provides great Accessibility to Sometimes, the internet gives Complexity and False
information. Information.

It inculcates easy and faster Unavailability in bad weather.

communication.

People would gain knowledge and It leads to the insecurity of information and data loss.
obtain loads of information about
services.

It permits online payments and It has a bigger Workload and Complex Designing.
digital marketing.

It is efficient for business & It is very expensive when done at the organizational level.
organizational growth.

It leads to mass communication It produces more threats, cyber-attacks, harassment, and

among people to spread awareness. violations.

It facilitates social networks to Increase hate and fake information which can lead to mental
increase development and health issues.
collaboration.

[Link] Page 12 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
It provides more security in the Reliability and security are there, but as the internet is public
banking sector and feasible solutions and worldwide connected, there are chances that
to issues. issues(viruses, threats) can occur.

-------------------------------------------------------------------------------------------------------------------
Internet Technology:
Internet technology refers to the various technologies and protocols that enable the functioning of the
internet, a global network of interconnected computers. These technologies allow for communication,
information sharing, and data exchange across vast distances. Some key components of internet
technology include:
1. TCP/IP Protocol Suite: Transmission Control Protocol/Internet Protocol (TCP/IP) is the
fundamental protocol suite that governs how data is transmitted and received over the internet.
It provides the basic rules for addressing, routing, and delivering data packets across networks.
2. World Wide Web (WWW): The World Wide Web is a system of interlinked hypertext
documents accessed via the internet. It is built on top of the internet and utilizes technologies
such as HTTP (Hypertext Transfer Protocol) for transferring web pages, HTML (Hypertext
Markup Language) for creating web content, and URLs (Uniform Resource Locators) for
addressing resources on the web.
3. Internet Service Providers (ISPs): ISPs are companies that provide individuals and
organizations with access to the internet. They use various technologies such as DSL, cable,
fiber-optic, and wireless connections to connect users to the internet backbone.
4. Networking Hardware: Internet technology relies on various networking hardware devices,
including routers, switches, modems, and network interface cards (NICs). These devices enable
the transmission and routing of data packets across networks.
5. Domain Name System (DNS): The DNS is a hierarchical decentralized naming system that
translates domain names (e.g., [Link]) into IP addresses (e.g., [Link]),
allowing users to access websites using human-readable names.
6. Email Protocols: Internet technology facilitates email communication using protocols such as
SMTP (Simple Mail Transfer Protocol) for sending emails, POP3 (Post Office Protocol) and IMAP
(Internet Message Access Protocol) for retrieving emails, and MIME (Multipurpose Internet Mail
Extensions) for handling multimedia content in emails.
7. Security Protocols: Security is a critical aspect of internet technology, and various protocols
and technologies are used to secure data transmission and communication. These include
SSL/TLS (Secure Sockets Layer/Transport Layer Security) for encrypted communication, VPNs
(Virtual Private Networks) for secure remote access, and encryption algorithms for data
protection.
8. Cloud Computing: Cloud computing leverages internet technology to deliver computing
resources, such as servers, storage, and applications, over the internet on a pay-as-you-go
basis. It enables scalability, flexibility, and cost-effectiveness for businesses and organizations.
9. Web Browsers: Web browsers are software applications that allow users to access and interact
with information on the World Wide Web. Popular web browsers include Google Chrome, Mozilla
Firefox, Microsoft Edge, and Safari.
10. Mobile Internet: With the proliferation of smartphones and mobile devices, internet
technology has evolved to support mobile connectivity. Technologies such as 3G, 4G LTE, and
5G enable high-speed internet access on mobile devices, facilitating mobile browsing, app
usage, and communication.
Overall, internet technology encompasses a wide range of protocols, infrastructure, and services that
collectively enable the functioning of the internet and support various online activities and applications.
-------------------------------------------------------------------------------------------------------------------
Advantages:
1. Access to Information: The internet provides access to vast amounts of information on
virtually any topic. This facilitates research, learning, and staying informed.
2. Communication: Internet technology enables instant communication through email, instant
messaging, social media, and video conferencing, connecting people globally.
3. E-commerce: The internet has revolutionized commerce, allowing businesses to reach a global
market and enabling consumers to shop online conveniently.
4. Education: Online learning platforms and educational resources make education accessible to
people worldwide, fostering lifelong learning opportunities.

[Link] Page 13 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
5. Entertainment: The internet offers a plethora of entertainment options, including streaming
services, online gaming, social media, and digital content creation.
6. Efficiency and Productivity: Internet technology streamlines processes, automates tasks, and
enhances productivity through remote work, cloud computing, and digital workflows.
7. Global Connectivity: The internet connects people, businesses, and governments across the
globe, facilitating international communication, trade, and collaboration.
Disadvantages:
1. Cybercrime: The internet is a breeding ground for cybercrime, including hacking, phishing,
identity theft, malware, and online scams, posing risks to privacy and security.
2. Cyberbullying and Harassment: The anonymity of the internet can lead to cyberbullying,
harassment, and online abuse, affecting mental health and well-being.
3. Information Overload: The abundance of information on the internet can be overwhelming,
leading to information overload and difficulty discerning reliable sources from misinformation or
fake news.
4. Privacy Concerns: Internet technology raises privacy concerns related to data collection,
surveillance, and online tracking by companies and governments, compromising personal
privacy.
5. Digital Divide: Not everyone has equal access to the internet, exacerbating inequality and
limiting opportunities for those without internet access due to factors like geography and
socioeconomic status.
6. Distraction and Addiction: The internet can be addictive, leading to excessive screen time,
distraction, and procrastination, impacting productivity and mental health.
7. Dependency and Reliability:
Dependence on internet technology can pose risks when it comes to reliability and availability,
with network outages or technical issues disrupting services and causing significant disruptions.
-------------------------------------------------------------------------------------------------------------------
NETWORK SECURITY :
Network security is a critical aspect of information technology that focuses on protecting computer
networks and the data transmitted across them from unauthorized access, misuse, or disruption. It
encompasses a range of technologies, policies, procedures, and practices designed to defend networks
against threats and vulnerabilities. Here's a detailed overview of network security:
1. Access Control:
• Access control mechanisms enforce policies that dictate who is allowed to access network
resources and what actions they can perform.
• This includes user authentication methods like passwords, biometrics, and multi-factor
authentication, as well as authorization controls to limit access based on user roles and
permissions.
2. Firewalls:
• Firewalls are network security devices that monitor and control incoming and outgoing network
traffic based on predetermined security rules.
• They act as a barrier between trusted internal networks and untrusted external networks,
filtering traffic to prevent unauthorized access and block malicious activity.
3. Intrusion Detection and Prevention Systems (IDPS):
• IDPSs monitor network traffic for signs of malicious activity or policy violations and respond to
detected threats in real-time.
• Intrusion Detection Systems (IDS) passively analyze network packets to identify suspicious
patterns, while Intrusion Prevention Systems (IPS) actively block or mitigate threats by
dropping packets or reconfiguring network devices.
4. Virtual Private Networks (VPNs):
• VPNs establish secure encrypted connections over public networks, such as the internet, to
ensure confidentiality and privacy for data transmitted between remote users and corporate
networks.
• They provide secure access to resources and services while protecting data from interception
and unauthorized access.
5. Encryption:
• Encryption transforms data into ciphertext using cryptographic algorithms, making it unreadable
to unauthorized users.
• Secure communication protocols like SSL/TLS encrypt data transmitted over networks to protect
sensitive information such as passwords, financial transactions, and personal data.

[Link] Page 14 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
6. Network Segmentation:
• Network segmentation divides a network into smaller, isolated segments or subnetworks to limit
the impact of security breaches and contain the spread of threats.
• By implementing network segmentation, organizations can enforce stricter access controls,
isolate sensitive systems, and reduce the attack surface.
7. Security Monitoring and Logging:
• Security monitoring involves continuously monitoring network traffic, system logs, and security
events to detect and respond to security incidents.
• Logging collects and stores detailed records of network activity, user actions, and security
events for forensic analysis, compliance, and incident investigation.
8. Patch Management:
• Patch management involves regularly updating software, firmware, and operating systems with
security patches and updates to address known vulnerabilities and protect against exploits.
• Timely patching helps prevent attackers from exploiting known vulnerabilities to compromise
network devices and systems.
9. Security Policies and Training:
• Establishing comprehensive security policies and procedures helps define expectations,
guidelines, and best practices for network security.
• Employee training and awareness programs educate users about security risks, safe computing
practices, and their roles in maintaining network security.
10. Incident Response and Disaster Recovery:
• Incident response plans outline procedures for detecting, responding to, and recovering from
security incidents and breaches.
• Disaster recovery plans ensure business continuity by outlining measures to restore network
functionality and data in the event of catastrophic events or disruptions.
Effective network security requires a multi-layered approach that combines technical controls,
administrative measures, and user awareness to mitigate risks and protect valuable assets from
evolving threats in today's dynamic cybersecurity landscape.

Network security refers to the protection of computer networks and their data from unauthorized
access, misuse, or modification. It encompasses various technologies, processes, and policies designed
to defend against cyber threats and ensure the confidentiality, integrity, and availability of network
resources. Here's a detailed overview of network security:
1. Firewalls: Firewalls are a crucial component of network security that monitor and control
incoming and outgoing network traffic based on predetermined security rules. They act as a
barrier between trusted internal networks and untrusted external networks (such as the
internet), preventing unauthorized access and protecting against malicious activities.
2. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS): IDS and
IPS are security mechanisms that monitor network traffic for suspicious or malicious activities.
IDS detects potential security breaches and raises alerts, while IPS can take automated actions
to block or mitigate threats in real-time.
3. Virtual Private Networks (VPNs): VPNs establish secure encrypted connections over the
internet, allowing remote users to access corporate networks or browse the internet privately.
They provide confidentiality and data integrity by encrypting network traffic and protecting
sensitive information from eavesdropping or interception.
4. Authentication and Access Control: Authentication mechanisms such as passwords,
biometrics, and two-factor authentication verify the identity of users accessing network
resources. Access control policies enforce permissions and privileges, ensuring that only
authorized individuals or devices can access specific network resources.
5. Encryption: Encryption converts plaintext data into ciphertext using cryptographic algorithms,
making it unreadable to unauthorized parties. Secure communication protocols like SSL/TLS
encrypt data transmitted over networks, protecting it from interception or tampering.
6. Network Segmentation: Network segmentation divides a network into smaller, isolated
segments or zones to contain security breaches and limit the scope of potential attacks. It
reduces the attack surface by restricting communication between different network segments
and implementing separate security controls for each segment.
7. Security Patch Management: Regularly updating and patching software, firmware, and
security vulnerabilities is essential for mitigating known security risks and vulnerabilities. Patch

[Link] Page 15 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
management processes ensure that systems are up-to-date with the latest security patches and
updates to prevent exploitation by attackers.
8. Security Monitoring and Logging: Continuous monitoring of network traffic, system logs,
and security events helps detect and respond to security incidents in real-time. Security
information and event management (SIEM) solutions collect, correlate, and analyze security
logs to identify anomalous behavior and potential security breaches.
9. Incident Response and Disaster Recovery: Incident response plans outline procedures for
detecting, responding to, and recovering from security incidents and data breaches. Disaster
recovery plans ensure business continuity by establishing backup and recovery processes to
restore critical systems and data in the event of a cyberattack or system failure.
10. User Awareness and Training: Educating users about security best practices, cybersecurity
threats, and social engineering tactics is essential for building a strong security culture within an
organization. Security awareness training helps users recognize and mitigate security risks,
reducing the likelihood of human error leading to security breaches.
11. Regulatory Compliance: Compliance with industry regulations and data protection laws (such
as GDPR, HIPAA, PCI DSS) is critical for maintaining the security and privacy of sensitive data.
Network security measures should align with regulatory requirements to avoid penalties and
legal consequences.
By implementing a comprehensive network security strategy that combines these technologies,
processes, and best practices, organizations can effectively protect their networks, safeguard sensitive
data, and mitigate cyber threats in today's increasingly interconnected and digital landscape.
------------------------------------------------------------------------------------------------------------------
TYPES OF ATTACKS, TCP/IP, SSL/TLS, CIA TRIAD
1. Types of Attacks:
a. Denial-of-Service (DoS) Attack: A DoS attack aims to disrupt the availability of a network,
system, or service by overwhelming it with a flood of traffic or requests, rendering it inaccessible to
legitimate users.
b. Distributed Denial-of-Service (DDoS) Attack: Similar to a DoS attack, a DDoS attack involves
multiple compromised systems, known as botnets, coordinating to flood a target with malicious traffic,
making it more challenging to mitigate.
c. Man-in-the-Middle (MitM) Attack: In a MitM attack, an attacker intercepts and alters
communication between two parties without their knowledge. This allows the attacker to eavesdrop on
sensitive information or manipulate data.
d. Phishing Attack: Phishing attacks involve sending deceptive emails, messages, or websites that
impersonate legitimate entities to trick users into revealing sensitive information such as login
credentials, financial details, or personal data.
e. Malware: Malware, short for malicious software, encompasses various types of software designed
to harm or compromise systems, including viruses, worms, Trojans, ransomware, spyware, and
adware.
f. SQL Injection (SQLi): SQL injection attacks exploit vulnerabilities in web applications' input fields
to inject malicious SQL queries, enabling attackers to manipulate databases, steal data, or execute
unauthorized actions.
g. Cross-Site Scripting (XSS): XSS attacks inject malicious scripts into web pages viewed by other
users, allowing attackers to steal session cookies, redirect users to malicious websites, or deface web
pages.
h. Social Engineering: Social engineering attacks exploit human psychology to deceive individuals
into divulging sensitive information, such as passwords or confidential data, or performing actions that
compromise security.
i. Brute Force Attack: A brute force attack involves systematically trying all possible combinations of
passwords or encryption keys until the correct one is found, typically used to gain unauthorized access
to accounts or systems.
j. Zero-Day Exploit: Zero-day exploits target vulnerabilities in software or systems that are unknown
to the vendor or have not yet been patched, allowing attackers to exploit them before a fix is available.
2. TCP/IP (Transmission Control Protocol/Internet Protocol):
TCP/IP is the foundational protocol suite used for communication over the internet. It consists of
multiple protocols, including:
a. Transmission Control Protocol (TCP): Provides reliable, connection-oriented communication
between devices by breaking data into packets, ensuring they arrive in order and without errors, and
retransmitting lost packets.

[Link] Page 16 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
b. Internet Protocol (IP): Handles the routing and addressing of data packets across networks,
allowing devices to locate and communicate with each other on the internet.
c. Internet Control Message Protocol (ICMP): Facilitates communication between network devices
for functions such as error reporting, network diagnostics, and ping tests.
d. User Datagram Protocol (UDP): Provides connectionless, unreliable communication between
devices, commonly used for streaming media, real-time communications, and time-sensitive
applications.
3. SSL/TLS (Secure Sockets Layer/Transport Layer Security):
SSL/TLS protocols are cryptographic protocols that provide secure communication over a computer
network, typically between a web server and a web browser. They ensure the confidentiality, integrity,
and authenticity of data transmitted over the internet by:
a. Encryption: Encrypting data to prevent unauthorized interception or eavesdropping.
b. Authentication: Verifying the identities of communicating parties to prevent impersonation or
man-in-the-middle attacks.
c. Integrity: Ensuring that data remains unchanged during transmission, preventing tampering or
modification by unauthorized parties.
SSL was the predecessor to TLS, and TLS is the current standard protocol for securing internet
communications. SSL/TLS certificates issued by trusted Certificate Authorities (CAs) validate the
authenticity of websites and establish secure connections using encryption keys.
4. CIA Triad (Confidentiality, Integrity, Availability):
The CIA triad is a fundamental model for understanding and implementing security policies and
controls to protect information assets:
a. Confidentiality: Ensuring that sensitive information is only accessible to authorized users and
protected from unauthorized access, disclosure, or interception.
b. Integrity: Maintaining the accuracy, consistency, and trustworthiness of data by preventing
unauthorized alterations, modifications, or deletions.
c. Availability: Ensuring that information and resources are accessible and usable by authorized users
whenever needed, without disruption or denial of service.
The CIA triad serves as a guiding principle for designing, implementing, and evaluating security
measures to address risks and protect the confidentiality, integrity, and availability of data and
systems.

-------------------------------------------------------------------------------------------------------------------
Secure network design
Designing a secure network involves implementing a comprehensive set of security measures and best
practices to protect against various threats and vulnerabilities. Here's a detailed guide on how to
design a secure network:
1. Risk Assessment: Conduct a thorough risk assessment to identify potential threats,
vulnerabilities, and security risks to your network infrastructure. Assess the potential impact of
security breaches on confidentiality, integrity, and availability of data and systems.
2. Define Security Requirements: Define security requirements based on the findings of the
risk assessment and compliance requirements. Determine the level of security needed for
different network segments, systems, and data types.
3. Network Segmentation: Implement network segmentation to divide the network into smaller,
isolated segments or zones, each with its security controls and access policies. This helps
contain security breaches and limit the lateral movement of attackers.
4. Perimeter Security: Establish robust perimeter security controls, such as firewalls, intrusion
detection/prevention systems (IDS/IPS), and demilitarized zones (DMZ), to protect against
external threats and unauthorized access from the internet.

[Link] Page 17 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
5. Access Control: Implement strong access control mechanisms to enforce the principle of least
privilege and restrict access to sensitive network resources based on user roles, permissions,
and authentication factors. Use technologies like VLANs, access control lists (ACLs), and
network segmentation to control access.
6. Secure Authentication: Implement secure authentication mechanisms, such as multi-factor
authentication (MFA) and strong password policies, to verify the identities of users and devices
accessing the network. Use protocols like RADIUS or LDAP for centralized authentication and
authorization.
7. Encryption: Encrypt sensitive data in transit and at rest to protect it from eavesdropping,
interception, or unauthorized access. Use protocols like SSL/TLS for securing web traffic and
VPNs for secure remote access.
8. Network Monitoring and Logging: Deploy network monitoring tools and logging mechanisms
to continuously monitor network traffic, detect anomalies, and log security events for analysis
and incident response. Implement security information and event management (SIEM) solutions
for centralized log management and correlation.
9. Patch Management: Implement a robust patch management process to regularly update and
patch network devices, operating systems, and software applications to address known
vulnerabilities and security flaws. Schedule regular vulnerability scans and penetration tests to
identify and remediate weaknesses.
10. Physical Security: Secure physical access to network infrastructure, data centers, and critical
network components to prevent unauthorized tampering, theft, or damage. Implement
measures such as access control systems, surveillance cameras, and environmental controls.
11. Disaster Recovery and Business Continuity: Develop and implement a comprehensive
disaster recovery and business continuity plan to ensure the resilience of the network
infrastructure in the event of natural disasters, cyber attacks, or other emergencies. Regularly
test and update the plan to maintain effectiveness.
12. Employee Training and Awareness: Provide regular security training and awareness
programs to employees to educate them about security best practices, threats, and social
engineering tactics. Foster a culture of security within the organization.
13. Compliance and Regulatory Requirements: Ensure compliance with industry regulations,
data protection laws, and regulatory requirements relevant to your organization. Stay informed
about emerging threats and regulatory changes that may impact network security.
-------------------------------------------------------------------------------------------------------------------
INTRANETS, EXTRANETS AND DMZS:
In the domain of networking, intranets, extranets, and DMZs (Demilitarized Zones) are distinct
network architectures designed to facilitate different levels of access and communication. Here's an
overview of each:
1. Intranets:
• Definition: An intranet is a private network accessible only to authorized users within
an organization. It uses the same technologies and protocols as the internet but is
restricted to internal use.
• Purpose: Intranets serve as a platform for internal communication, collaboration, and
information sharing within an organization. They host internal websites, databases, and
applications that are accessible to employees, facilitating document management,
employee directories, and corporate communications.
• Features:
• Access restricted to authorized users via authentication mechanisms.
• Typically hosted on local servers within the organization's premises.
• Can include various services such as email, file sharing, document management,
and corporate directories.
• Often integrated with security measures such as firewalls, access controls, and
encryption to protect sensitive data.
• Benefits:
• Enhances internal communication and collaboration.
• Centralizes access to organizational resources.
• Facilitates information sharing and knowledge management.
• Increases efficiency and productivity within the organization.
2. Extranets:

[Link] Page 18 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
•
Definition: An extranet is a controlled extension of an organization's intranet that
allows limited access to external users, such as partners, suppliers, or customers. It
provides a secure environment for collaboration and data sharing between the
organization and its trusted external entities.
• Purpose: Extranets enable organizations to extend their internal network to selected
external users while maintaining security and privacy. They facilitate secure
communication, file sharing, and collaboration with external stakeholders.
• Features:
• Limited access granted to authorized external users via secure authentication
mechanisms.
• Can host shared applications, documents, and resources accessible to both
internal and external users.
• Utilizes encryption and access controls to protect sensitive data shared across the
extranet.
• May integrate with single sign-on (SSO) systems for seamless access
management.
• Benefits:
• Streamlines collaboration with external partners, suppliers, and customers.
• Enhances communication and coordination across organizational boundaries.
• Improves efficiency in joint projects and business transactions.
• Strengthens relationships with external stakeholders through secure data sharing.
3. DMZs (Demilitarized Zones):
• Definition: A DMZ is a segregated network segment that acts as a buffer zone between
an organization's internal network (intranet) and the untrusted external network,
typically the internet. It hosts services accessible to external users while providing an
additional layer of security to protect the internal network.
• Purpose: DMZs isolate publicly accessible services, such as web servers, email servers,
or FTP servers, from the internal network to mitigate the risk of direct attacks. They
serve as a controlled environment for hosting external-facing services without exposing
the internal network to potential threats.
• Features:
• Segregated network segment located between the internal network and external
network.
• Hosts publicly accessible services, such as web servers or email servers,
accessible from the internet.
• Implements stringent security measures, such as firewalls, intrusion
detection/prevention systems (IDS/IPS), and access controls, to protect both the
DMZ and the internal network.
• May include multiple layers of security to compartmentalize different types of
services and mitigate the impact of security breaches.
• Benefits:
• Enhances security by isolating external-facing services from the internal network.
• Reduces the risk of direct attacks on internal systems and data.
• Provides a controlled environment for hosting public services while maintaining
network integrity.
• Facilitates monitoring and logging of traffic entering and leaving the network.

-------------------------------------------------------------------------------------------------------------------
CHAPTER II: LEGAL FRAMEWORK AND REGULATIONS
Topics covered: Cyber Law & Components of Cyber Law, Cyber Law in India: An Overview of
Information Technology Act 2000, Cryptography, Encryption Technique & Algorithm and Digital
Signature & Electronic Signature
-------------------------------------------------------------------------------------------------------------------
Cyber Law & Components of Cyber Law:
What is Cyber Law?
• Cyber law, also known as Internet Law or Cyber Law, is the part of the overall legal system that
is related to legal informatics and supervises the digital circulation of information, e-commerce,
software and information security. It is associated with legal informatics and electronic
elements, including information systems, computers, software, and hardware. It covers many

[Link] Page 19 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
areas, such as access to and usage of the Internet, encompassing various subtopics as well as
freedom of expression, and online privacy.

• Cyber laws help to reduce or prevent people from cybercriminal activities on a large scale with
the help of protecting information access from unauthorized people, freedom of speech related
to the use of the Internet, privacy, communications, email, websites, intellectual property,
hardware and software, such as data storage devices. As Internet traffic is increasing rapidly
day by day, that has led to a higher percentage of legal issues worldwide. Because cyber laws
are different according to the country and jurisdiction, restitution ranges from fines to
imprisonment, and enforcement is challenging.
• Cyberlaw offers legal protections for people who are using the Internet as well as running an
online business. It is most important for Internet users to know about the local area and cyber
law of their country by which they could know what activities are legal or not on the network.
Also, they can prevent ourselves from unauthorized activities.
• The Computer Fraud and Abuse Act was the first cyber law, called CFFA, that was enacted in
1986. This law was helpful in preventing unauthorized access to computers. And it also provided
a description of the stages of punishment for breaking that law or performing any illegal
activity.
-------------------------------------------------------------------------------------------------------------------
Components of Cyber Law:

Cyber law, also known as internet law or information technology law, encompasses a wide range of
legal issues that deal with the use of technology, computers, and the internet. Here are the key
components of cyber law:
1. Cybercrime: This aspect of cyber law deals with criminal activities committed using computers,
networks, or the internet. It includes offenses such as hacking, phishing, identity theft,
cyberbullying, online harassment, cyberterrorism, distribution of malware, and various forms of
online fraud.
2. Data Protection and Privacy: Cyber law governs the collection, storage, processing, and
transfer of personal and sensitive data. It includes regulations and statutes that require
organizations to implement measures to protect individuals' privacy rights, such as the General
Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy
Act (CCPA) in the United States.
3. Intellectual Property Rights: This component deals with protecting intellectual property (IP)
in the digital realm. It covers copyrights, trademarks, patents, and trade secrets concerning
digital content, software, databases, and online creations. Cyber law establishes rules for the
use, distribution, and enforcement of these rights in the digital environment.

[Link] Page 20 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
4. Electronic Transactions and E-commerce: Cyber law provides a legal framework for
conducting electronic transactions and e-commerce activities. It includes regulations related to
online contracts, electronic signatures, electronic payments, consumer protection in online
transactions, and liability issues arising from online business activities.
5. Cybersecurity: Cyber law addresses legal aspects related to cybersecurity, including
regulations requiring organizations to implement security measures to protect their networks,
systems, and data from cyber threats. It covers issues such as data breaches, cybersecurity
incident response, liability for inadequate security measures, and international cooperation in
combating cyber threats.
6. Digital Governance and Jurisdiction: Cyber law establishes rules and principles for
governing the internet and resolving legal disputes arising from online activities. It addresses
jurisdictional issues concerning online crimes and disputes, cross-border data flows, conflict of
laws in cyberspace, and international cooperation in legal matters related to the internet.
7. Freedom of Expression and Online Content Regulation: Cyber law deals with the
regulation of online content, including freedom of expression, censorship, defamation, hate
speech, and regulation of harmful or illegal content. It balances the protection of free speech
with the need to regulate harmful online behavior and content.
8. Cyber Ethics and Cybersecurity Awareness: While not strictly legal components, cyber law
also promotes ethical behavior in cyberspace and raises awareness about cybersecurity risks
and best practices among individuals, businesses, and governments.
These components of cyber law are constantly evolving to keep pace with advancements in technology
and emerging cyber threats, requiring ongoing updates and amendments to existing laws and
regulations.

Lets check out this with the help of case study :

Case Study: Equifax Data Breach

In 2017, Equifax, one of the largest credit reporting agencies in the United States, suffered a massive
data breach that exposed sensitive personal information of approximately 147 million people. This
breach compromised individuals' names, Social Security numbers, birth dates, addresses, and in some
cases, driver's license numbers and credit card information.
1. Cybercrime: The Equifax data breach involved criminal activity, as hackers exploited
vulnerabilities in Equifax's systems to gain unauthorized access to sensitive data. The
perpetrators engaged in hacking and unauthorized data access, constituting cybercrime under
various statutes, including the Computer Fraud and Abuse Act (CFAA) in the United States.
2. Data Protection and Privacy: The breach raised significant concerns about data protection
and privacy. Equifax faced scrutiny over its handling of consumers' personal information and
was accused of failing to adequately secure the data, violating principles of data protection and
privacy laws such as the GDPR and the U.S. Health Insurance Portability and Accountability Act
(HIPAA).
3. Legal Liability and Consumer Protection: Equifax faced numerous lawsuits and regulatory
investigations following the data breach. The company was held legally liable for the breach and
incurred substantial financial penalties, settlements, and costs associated with remediation
efforts. The incident highlighted the importance of legal liability and consumer protection in
cyber law, as affected individuals sought compensation for damages resulting from the breach.
4. Cybersecurity: The Equifax data breach underscored the importance of cybersecurity in
safeguarding sensitive data against cyber threats. It prompted calls for stronger cybersecurity
measures, including regular security audits, vulnerability assessments, encryption of sensitive
data, and prompt patching of security vulnerabilities to prevent similar breaches in the future.
5. Data Breach Notification and Response: In response to the breach, Equifax was required to
notify affected individuals, regulators, and other stakeholders about the incident in accordance
with data breach notification laws. The company also implemented a comprehensive incident
response plan to mitigate the impact of the breach, including offering free credit monitoring
services to affected consumers.
6. Regulatory Compliance: The Equifax data breach led to increased regulatory scrutiny of the
credit reporting industry and prompted calls for stricter regulation of data brokers and
consumer reporting agencies. It highlighted the need for organizations to comply with existing
data protection and privacy regulations and spurred discussions about the adequacy of current
regulatory frameworks in addressing emerging cyber threats.
7. Public Policy and Cybersecurity Governance: The Equifax data breach prompted
policymakers to revaluate cybersecurity governance and regulatory oversight of critical
infrastructure sectors. It spurred debates about the role of government regulation, industry
standards, and public-private partnerships in enhancing cybersecurity resilience and protecting
against cyber threats.

[Link] Page 21 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
Through the Equifax data breach case study, we can see how various components of cyber law
intersect in a real-world scenario, illustrating the importance of legal frameworks, regulatory
compliance, cybersecurity measures, and consumer protection in addressing cyber threats and
safeguarding individuals' rights in cyberspace.
-------------------------------------------------------------------------------------------------------------------
Cyber Law in India: An Overview of Information Technology Act 2000:

Cyber Crime
The Information Technology Act 2000 or any legislation in the Country does not describe or
mention the term Cyber Crime. It can be globally considered as the gloomier face of technology. The
only difference between a traditional crime and a cyber-crime is that the cyber-crime involves in a
crime related to computers. Let us see the following example to understand it better −
Traditional Theft − A thief breaks into Ram’s house and steals an object kept in the house.
Hacking − A Cyber Criminal/Hacker sitting in his own house, through his computer, hacks the
computer of Ram and steals the data saved in Ram’s computer without physically touching the
computer or entering in Ram’s house.
The I.T. Act, 2000 defines the terms −
• access in computer network in section 2(a)
• computer in section 2(i)
• computer network in section (2j)
• data in section 2(0)
• information in section 2(v).
To understand the concept of Cyber Crime, you should know these laws. The object of offence or target
in a cyber-crime are either the computer or the data stored in the computer.
Nature of Threat
Among the most serious challenges of the 21st century are the prevailing and possible threats in the
sphere of cybersecurity. Threats originate from all kinds of sources, and mark themselves in disruptive
activities that target individuals, businesses, national infrastructures, and governments alike. The
effects of these threats transmit significant risk for the following −
• public safety
• security of nations
• stability of the globally linked international community
Malicious use of information technology can easily be concealed. It is difficult to determine the origin or
the identity of the criminal. Even the motivation for the disruption is not an easy task to find out.
Criminals of these activities can only be worked out from the target, the effect, or other circumstantial
evidence. Threat actors can operate with considerable freedom from virtually anywhere. The motives
for disruption can be anything such as −
• simply demonstrating technical prowess
• theft of money or information
• extension of state conflict, etc.
Criminals, terrorists, and sometimes the State themselves act as the source of these threats. Criminals
and hackers use different kinds of malicious tools and approaches. With the criminal activities taking
new shapes every day, the possibility for harmful actions propagates.

Enabling People
The lack of information security awareness among users, who could be a simple school going kid, a
system administrator, a developer, or even a CEO of a company, leads to a variety of cyber

[Link] Page 22 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
vulnerabilities. The awareness policy classifies the following actions and initiatives for the purpose of
user awareness, education, and training −
• A complete awareness program to be promoted on a national level.
• A comprehensive training program that can cater to the needs of the national information
security (Programs on IT security in schools, colleges, and universities).
• Enhance the effectiveness of the prevailing information security training programs. Plan
domain-specific training programs (e.g., Law Enforcement, Judiciary, E-Governance, etc.)
• Endorse private-sector support for professional information security certifications.
Information Technology Act
The Government of India enacted The Information Technology Act with some major objectives which
are as follows −
• To deliver lawful recognition for transactions through electronic data interchange (EDI) and
other means of electronic communication, commonly referred to as electronic commerce or
E-Commerce. The aim was to use replacements of paper-based methods of communication and
storage of information.
• To facilitate electronic filing of documents with the Government agencies and further to amend
the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891
and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental
thereto.
The Information Technology Act, 2000, was thus passed as the Act No.21 of 2000. The I. T. Act got the
President’s assent on June 9, 2000 and it was made effective from October 17, 2000. By adopting this
Cyber Legislation, India became the 12th nation in the world to adopt a Cyber Law regime.
Mission and Vision Cybersecurity Program
Mission
The following mission caters to cybersecurity −
• To safeguard information and information infrastructure in cyberspace.
• To build capabilities to prevent and respond to cyber threats.
• To reduce vulnerabilities and minimize damage from cyber incidents through a combination of
institutional structures, people, processes, technology, and cooperation.
Vision
To build a secure and resilient cyberspace for citizens, businesses, and Government.
-------------------------------------------------------------------------------------------------------------------
Cyber Law - I.T ACT
As discussed in the first chapter, the Government of India enacted the Information Technology (I.T.)
Act with some major objectives to deliver and facilitate lawful electronic, digital, and online
transactions, and mitigate cyber-crimes.
Salient Features of I.T Act
The salient features of the I.T Act are as follows −
• Digital signature has been replaced with electronic signature to make it a more technology
neutral act.
• It elaborates on offenses, penalties, and breaches.
• It outlines the Justice Dispensation Systems for cyber-crimes.
• It defines in a new section that cyber café is any facility from where the access to the internet is
offered by any person in the ordinary course of business to the members of the public.
• It provides for the constitution of the Cyber Regulations Advisory Committee.
• It is based on The Indian Penal Code, 1860, The Indian Evidence Act, 1872, The Bankers' Books
Evidence Act, 1891, The Reserve Bank of India Act, 1934, etc.
• It adds a provision to Section 81, which states that the provisions of the Act shall have
overriding effect. The provision states that nothing contained in the Act shall restrict any person
from exercising any right conferred under the Copyright Act, 1957.
Scheme of I.T Act
The following points define the scheme of the I.T. Act −
• The I.T. Act contains 13 chapters and 90 sections.
• The last four sections namely sections 91 to 94 in the I.T. Act 2000 deals with the amendments
to the Indian Penal Code 1860, The Indian Evidence Act 1872, The Bankers’ Books Evidence Act
1891 and the Reserve Bank of India Act 1934 were deleted.
• It commences with Preliminary aspect in Chapter 1, which deals with the short, title, extent,
commencement and application of the Act in Section 1. Section 2 provides Definition.
• Chapter 2 deals with the authentication of electronic records, digital signatures, electronic
signatures, etc.
• Chapter 11 deals with offences and penalties. A series of offences have been provided along
with punishment in this part of The Act.
• Thereafter the provisions about due diligence, role of intermediaries and some miscellaneous
provisions are been stated.

[Link] Page 23 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
• The Act is embedded with two schedules. The First Schedule deals with Documents or
Transactions to which the Act shall not apply. The Second Schedule deals with electronic
signature or electronic authentication technique and procedure. The Third and Fourth Schedule
are omitted.
Application of the I.T Act
As per the sub clause (4) of Section 1, nothing in this Act shall apply to documents or transactions
specified in First Schedule. Following are the documents or transactions to which the Act shall not
apply −
• Negotiable Instrument (Other than a cheque) as defined in section 13 of the Negotiable
Instruments Act, 1881;
• A power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882;
• A trust as defined in section 3 of the Indian Trusts Act, 1882;
• A will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 including any
other testamentary disposition;
• Any contract for the sale or conveyance of immovable property or any interest in such
property;
• Any such class of documents or transactions as may be notified by the Central Government.
Amendments Brought in the I.T Act
The I.T. Act has brought amendment in four statutes vide section 91-94. These changes have been
provided in schedule 1-4.
• The first schedule contains the amendments in the Penal Code. It has widened the scope of the
term "document" to bring within its ambit electronic documents.
• The second schedule deals with amendments to the India Evidence Act. It pertains to the
inclusion of electronic document in the definition of evidence.
• The third schedule amends the Banker's Books Evidence Act. This amendment brings about
change in the definition of "Banker's-book". It includes printouts of data stored in a floppy, disc,
tape or any other form of electromagnetic data storage device. Similar change has been
brought about in the expression "Certified-copy" to include such printouts within its purview.
• The fourth schedule amends the Reserve Bank of India Act. It pertains to the regulation of fund
transfer through electronic means between the banks or between the banks and other financial
institution.
Intermediary Liability
Intermediary, dealing with any specific electronic records, is a person who on behalf of another person
accepts, stores or transmits that record or provides any service with respect to that record.
According to the above mentioned definition, it includes the following −
• Telecom service providers
• Network service providers
• Internet service providers
• Web-hosting service providers
• Search engines
• Online payment sites
• Online auction sites
• Online market places and cyber cafes
Highlights of the Amended Act
The newly amended act came with following highlights −
• It stresses on privacy issues and highlights information security.
• It elaborates Digital Signature.
• It clarifies rational security practices for corporate.
• It focuses on the role of Intermediaries.
• New faces of Cyber Crime were added.
-------------------------------------------------------------------------------------------------------------------
Cyber Law - Offence & Penalties
The faster world-wide connectivity has developed numerous online crimes and these increased offences
led to the need of laws for protection. In order to keep in stride with the changing generation, the
Indian Parliament passed the Information Technology Act 2000 that has been conceptualized on the
United Nations Commissions on International Trade Law (UNCITRAL) Model Law.
The law defines the offenses in a detailed manner along with the penalties for each category of offence.
Offences
Cyber offences are the illegitimate actions, which are carried out in a classy manner where either the
computer is the tool or target or both.
Cyber-crime usually includes the following −
• Unauthorized access of the computers
• Data diddling
• Virus/worms attack

[Link] Page 24 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
•

[Link] Page 25 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
Bailability and
Section Offence Punishment
Congizability

Offence is Bailable,
Tampering with Computer Imprisonment up to 3 years or
65 Cognizable and triable by
Source Code fine up to Rs 2 lakhs
Court of JMFC.

Imprisonment up to 3 years or Offence is Bailable,

66 Computer Related Offences
fine up to Rs 5 lakhs Cognizable and

Sending offensive
Offence is Bailable,
messages through Imprisonment up to 3 years and
66-A Cognizable and triable by
Communication service, fine
Court of JMFC
etc...

Dishonestly receiving Offence is Bailable,

Imprisonment up to 3 years
66-B stolen computer resource Cognizable and triable by
and/or fine up to Rs. 1 lakh
or communication device Court of JMFC

Imprisonment of either Offence is Bailable,

66-C Identity Theft description up to 3 years and/or Cognizable and triable by
fine up to Rs. 1 lakh Court of JMFC

Imprisonment of either Offence is Bailable,

Cheating by Personation by
66-D description up to 3 years and Cognizable and triable by
using computer resource
/or fine up to Rs. 1 lakh Court of JMFC

Offence is Bailable,
Imprisonment up to 3 years and
66-E Violation of Privacy Cognizable and triable by
/or fine up to Rs. 2 lakh
Court of JMFC

Offence is Non-Bailable,
Imprisonment extend to
66-F Cyber Terrorism Cognizable and triable by
imprisonment for Life
Court of Sessions

On first Conviction,
imprisonment up to 3 years
Publishing or transmitting Offence is Bailable,
and/or fine up to Rs. 5 lakh On
67 obscene material in Cognizable and triable by
Subsequent Conviction
electronic form Court of JMFC
imprisonment up to 5 years
and/or fine up to Rs. 10 lakh

On first Conviction
Publishing or transmitting imprisonment up to 5 years
Offence is Non-Bailable,
of material containing and/or fine up to Rs. 10 lakh On
67-A Cognizable and triable by
sexually explicit act, etc... Subsequent Conviction
Court of JMFC
in electronic form imprisonment up to 7 years
and/or fine up to Rs. 10 lakh

On first Conviction
imprisonment of either
Publishing or transmitting description up to 5 years and/or
Offence is Non Bailable,
of material depicting fine up to Rs. 10 lakh On
67-B Cognizable and triable by
children in sexually explicit Subsequent Conviction
Court of JMFC
act etc., in electronic form imprisonment of either
description up to 7 years and/or
fine up to Rs. 10 lakh

Intermediary intentionally
or knowingly contravening Imprisonment up to 3 years and Offence is Bailable,
67-C
the directions about fine Cognizable.
Preservation and retention

[Link] Page 26 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
of information

Failure to comply with the

Imprisonment up to 2 years Offence is Bailable, Non-
68 directions given by
and/or fine up to Rs. 1 lakh Cognizable.
Controller

Failure to assist the agency

referred to in sub section
(3) in regard interception Imprisonment up to 7 years and Offence is Non-Bailable,
69
or monitoring or decryption fine Cognizable.
of any information through
any computer resource

Failure of the intermediary

to comply with the
direction issued for Imprisonment up to 7 years and Offence is Non-Bailable,
69-A
blocking for public access fine Cognizable.
of any information through
any computer resource

Intermediary who
intentionally or knowingly
contravenes the provisions
of sub-section (2) in Imprisonment up to 3 years and Offence is Bailable,
69-B
regard monitor and collect fine Cognizable.
traffic data or information
through any computer
resource for cybersecurity

Any person who secures

access or attempts to
Imprisonment of either
secure access to the Offence is Non-Bailable,
70 description up to 10 years and
protected system in Cognizable.
fine
contravention of provision
of Sec. 70

Indian Computer
Emergency Response Team
to serve as national agency
for incident response. Any
service provider,
Imprisonment up to 1 year Offence is Bailable, Non-
70-B intermediaries, data
and/or fine up to Rs. 1 lakh Cognizable
centres, etc., who fails to
prove the information
called for or comply with
the direction issued by the
ICERT.

Misrepresentation to the
Imprisonment up to 2 years Offence is Bailable, Non-
71 Controller to the Certifying
and/ or fine up to Rs. 1 lakh. Cognizable.
Authority

Breach of Confidentiality Imprisonment up to 2 years Offence is Bailable, Non-

72
and privacy and/or fine up to Rs. 1 lakh. Cognizable.

Disclosure of information in Imprisonment up to 3 years Offence is Cognizable,

72-A
breach of lawful contract and/or fine up to Rs. 5 lakh. Bailable

Publishing electronic
Imprisonment up to 2 years Offence is Bailable, Non-
73 Signature Certificate false
and/or fine up to Rs. 1 lakh Cognizable.
in certain particulars

[Link] Page 27 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR

Publication for fraudulent Imprisonment up to 2 years Offence is Bailable, Non-

74
purpose and/or fine up to Rs. 1 lakh Cognizable.

Theft of computer system

• Hacking
• Denial of attacks
• Logic bombs
• Trojan attacks
• Internet time theft
• Web jacking
• Email bombing
• Salami attacks
• Physically damaging computer system.

The offences included in the I.T. Act 2000 are as follows –

• Tampering with the computer source documents.

• Hacking with computer system.
• Publishing of information which is obscene in electronic form.
• Power of Controller to give directions.
• Directions of Controller to a subscriber to extend facilities to decrypt information.
• Protected system.
• Penalty for misrepresentation.
• Penalty for breach of confidentiality and privacy.
• Penalty for publishing Digital Signature Certificate false in certain particulars.
• Publication for fraudulent purpose.
• Act to apply for offence or contravention committed outside India Confiscation.
• Penalties or confiscation not to interfere with other punishments.
• Power to investigate offences.

Example

Offences Under The It Act 2000

Section 65. Tampering with computer source documents
Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes
another to conceal, destroy or alter any computer source code used for a computer, computer
program, computer system or computer network, when the computer source code is required to be
kept or maintained by law for the being time in force, shall be punishable with imprisonment up to
three year, or with fine which may extend up to two lakh rupees, or with both.
Explanation − For the purpose of this section “computer source code” means the listing of programs,
computer commands, design and layout and program analysis of computer resource in any form.
Object − The object of the section is to protect the “intellectual property” invested in the computer. It
is an attempt to protect the computer source documents (codes) beyond what is available under the
Copyright Law

Essential ingredients of the section

knowingly or intentionally concealing
knowingly or intentionally destroying
knowingly or intentionally altering
knowingly or intentionally causing others to conceal
knowingly or intentionally causing another to destroy
knowingly or intentionally causing another to alter.
This section extends towards the Copyright Act and helps the companies to protect their source code of
their programs.
Penalties − Section 65 is tried by any magistrate.
This is cognizable and non-bailable offence.
Penalties − Imprisonment up to 3 years and / or
Fine − Two lakh rupees.
The following table shows the offence and penalties against all the mentioned sections of the I.T. Act −
Compounding of Offences

[Link] Page 28 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
As per Section 77-A of the I. T. Act, any Court of competent jurisdiction may compound offences, other
than offences for which the punishment for life or imprisonment for a term exceeding three years has
been provided under the Act.
No offence shall be compounded if −
• The accused is, by reason of his previous conviction, is liable to either enhanced punishment or
to the punishment of different kind; OR
• Offence affects the socio economic conditions of the country; OR
• Offence has been committed against a child below the age of 18 years; OR
• Offence has been committed against a woman.
The person alleged of an offence under this Act may file an application for compounding in the Court.
The offence will then be pending for trial and the provisions of Sections 265-B and 265-C of Cr. P.C.
shall apply.
-------------------------------------------------------------------------------------------------------------------
Cyber Law of India: Introduction In Simple way we can say that cyber-crime is unlawful acts
wherein the computer is either a tool or a target or both Cyber crimes can involve criminal
activities that are traditional in nature, such as theft, fraud, forgery, defamation and
mischief, all of which are subject to the Indian Penal Code. The abuse of computers has also
given birth to a gamut of new age crimes that are addressed by the Information Technology
Act, 2000. Information Technology Act India’s Information Technology Act, 2000 or IT Act, is
a subject of contention and controversy. As it is amended, it contains some of the most stringent
privacy requirements in the world and has the unfortunate impact of holding intermediaries liable for
illegal content. The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) is
an Act of the Indian Parliament (No 21 of 2000) notified on 17 October 2000. It is the primary law in
India dealing with cybercrime and electronic commerce. It is based on the United Nations Model Law
on Electronic Commerce 1996 (UNCITRAL Model) recommended by the General Assembly of United
Nations by a resolution dated 30 January 1997.

Provisions of IT Act 2000 The IT Act of 2000 passed in a budget session of parliament and signed by
President K.R. Narayanan in 2000. It underwent further finalization by India’s Minister of Information
Technology, Pramod Mahajan.
The original act addressed electronic documents, e-signatures, and authentication of those records. It
also enacted penalties for security breach offenses including damaging computer systems or
committing cyber terrorism.
Regulating authorities received power to monitor these situations and draft rules as situations arose.
The IT Act underwent changes as Internet technology grew.
In 2008, additions expanded the definition of “communication device” to include mobile devices and
placed owners of given IP addresses responsible for distributed and accessed content.
Privacy was addressed in 2011 when stringent requirements for collecting personal information came
into effect. he most controversial change in this act involves section 66A.
It makes “offensive messages” illegal and holds the owners of servers responsible for the content.
That means if an IP address with pornographic images is traced to your servers, you can be held liable
for it even if you did not authorize its access. Penalties arrange from imprisonment of three years to
life and fines. Offenses that occur in a corporate setting can result in further administrative penalties
and bureaucratic monitoring that can prove burdensome to doing business.

Requirements of IT Act 2000

The IT Act 2000 applies to companies that do business in India. This includes entities registered
in India, outsource there, and maintain servers within the country’s borders. The act covers all activity
involving online exchanges and electronic documents. If your only connection with India is having
customers there, you are not held to the IT Act. The only way that can occur is if you run a service
or sell a product and also maintain servers there. For example, Instagram is popular in India with
many people participating in that social media app. However, Instagram is a U.S. company and does
not need policies complying with the IT Act. However, Snapdeal, an online shopping source in India, is
an Indian company that conducts transactions in India. It is held to the stipulations in the IT Act 2 —
and that is addressed in its Privacy Policy page. Cyber Crime: Cybercrime, or computer-oriented
crime, is the crime that involves a computer and a network.[1] The computer may have been used in
the commission of a crime, or it may be the target.[2] Cybercrimes can be defined as: "Offences that
are committed against individuals or groups of individuals with a criminal motive to intentionally harm
the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or
indirectly, using modern telecommunication networks such as Internet (networks including but not
limited to Chat rooms, emails, notice boards and groups) and mobile phones
(Bluetooth/SMS/MMS)".[3] Cybercrime may threaten a person or a nation's security and financial
health.[4] Issues surrounding these types of crimes have become high-profile, particularly those

[Link] Page 29 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
surrounding hacking, copyright infringement, unwarranted mass-surveillance, sextortion, child
pornography, and child grooming.[3] There are also problems of privacy when confidential information
is intercepted or disclosed, lawfully or otherwise. Debarati Halder and K. Jaishankar further define
cybercrime
from the perspective of gender and defined 'cybercrime against women' as "Crimes targeted against
women with a motive to intentionally harm the victim psychologically and physically, using modern
telecommunication networks such as internet and mobile phones".[3] Internationally, both
governmental and non-state actors engage in cybercrimes, including espionage, financial theft, and
other cross-border crimes. Cybercrimes crossing international borders and involving the actions of at
least one nation state is sometimes referred to as cyber warfare. A report (sponsored by McAfee),
published in 2014, estimated that the annual damage to the global economy was $445 billion.[5]
Approximately $1.5 billion was lost in 2012 to online credit and debit card fraud in the US.[6] In 2018,
a study by Center for Strategic and International Studies (CSIS), in partnership with McAfee, concludes
that close to $600 billion, nearly one percent of global GDP, is lost to cybercrime each year
Classifications Of cybercrime:
Financial fraud crimes: Computer Fraud is any dishonest misrepresentation of fact intended to let
another to do or refrain from doing something which causes loss. In this context, the fraud will result
in obtaining a benefit by: Altering in an unauthorized way. This requires little technical expertise and
is common form of theft by employees altering the data before entry or entering false data, or by
entering unauthorized instructions or using unauthorized processes; Altering, destroying,
suppressing, or stealing output, usually to conceal unauthorized transactions. This is difficult to detect;
Altering or deleting stored data; Other forms of fraud may be facilitated using computer systems,
including bank fraud, carding, identity theft, extortion, and theft of classified information. A variety of
internet scams, many based on phishing and social engineering, target consumers and businesses.

Cyber terrorism: Government officials and information technology security specialists have
documented a significant increase in Internet problems and server scans since early 2001. But there is
a growing concern among government agencies such as the Federal Bureau of Investigations (FBI) and
the Central Intelligence Agency (CIA) that such intrusions are part of an organized effort by cyber
terrorists, foreign intelligence services, or other groups to map potential security holes in critical
systems.[9] A cyber terrorist is someone who intimidates or coerces a government or an organization
to advance his or her political or social objectives by launching a computer-based attack against
computers, networks, or the information stored on them. Cyber terrorism in general can be defined as
an act of terrorism committed through the use of cyberspace or computer resources (Parker 1983). As
such, a simple propaganda piece in the Internet that there will be bomb attacks during the holidays
can be considered cyber terrorism. There are also hacking activities directed towards individuals,
families, organized by groups within networks, tending to cause fear among people, demonstrate
power, collecting information relevant for ruining peoples' lives, robberies, blackmailing etc.

Cyber extortion: The U.S. Department of Defense (DoD) notes that the cyberspace has emerged as a
national-level concern through several recent events of geostrategic significance. Among those are
included, the attack on Estonia's infrastructure in 2007, allegedly by Russian hackers. "In August 2008,
Russia again allegedly conducted cyber attacks, this time in a coordinated and synchronized kinetic and
non-kinetic campaign against the country of Georgia. The December 2015 Ukraine power grid cyber
attack has also been attributed to Russia and is considered the first successful cyber attack on a power
grid. Fearing that such attacks may become the norm in future warfare among nation-states, the
concept of cyberspace operations impacts and will be adapted by war fighting military commanders in
the future.
E-commerce: E-commerce is the activity of buying or selling of products on online services or over
the Internet. Electronic commerce draws on technologies such as mobile commerce, electronic funds
transfer, supply chain management, Internet marketing, online transaction processing, electronic data
interchange (EDI), inventory management systems, and automated data collection systems. Modern
electronic commerce typically uses the World Wide Web for at least one part of the transaction's life
cycle although it may also use other technologies such as e-mail. Typical e-
34 Department of Mechanical Engineering, MRCET
commerce transactions include the purchase of online books (such as Amazon) and music purchases
(music download in the form of digital distribution such as iTunes Store), and to a less extent,
customized/personalized online liquor store inventory services.[1] There are three areas of e-
commerce: online retailing, electric markets, and online auctions. E-commerce is supported by
electronic business.[2] E-commerce businesses may also employ some or all of the followings:
Online shopping for retail sales direct to consumers via Web sites and mobile apps, and conversational
commerce via live chat, chat bots, and voice assistants Providing or participating in online
marketplaces, which process third-party business-to-consumer or consumer-to-consumer sales
Business-to-business buying and selling; Gathering and using demographic data through web

[Link] Page 30 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
contacts and social media Business-to-business (B2B) electronic data interchange Marketing to
prospective and established customers by e-mail or fax (for example, with newsletters) Engaging in
pretail for launching new products and services Online financial exchanges for currency exchanges
or trading purposes.
Data Security: Data security refers to the process of protecting data from unauthorized access and
data corruption throughout its lifecycle. Data security includes data encryption, tokenization, and key
management practices that protect data across all applications and platforms.

Why Data Security? Organizations around the globe are investing heavily in information technology
(IT) cyber defense capabilities to protect their critical assets. Whether an enterprise needs to protect a
brand, intellectual capital, and customer information or provide controls for critical infrastructure, the
means for incident detection and response to protecting organizational interests have three common
elements: people, processes, and technology.
Data Security Solutions
Micro Focus drives leadership in data security solutions with over 80 patents and 51 years of
expertise. With advanced data encryption, tokenization, and key management to protect data
across applications, transactions, storage, and big data platforms, Micro Focus simplifies the
protection of sensitive data in even the most complex use cases.
Cloud access security – Protection platform that allows you to move to the cloud securely while
protecting data in cloud applications.
Data encryption – Data-centric and tokenization security solutions that protect data across
enterprise, cloud, mobile and big data environments.
Hardware security module -- Hardware security module that guards financial data and meets
industry security and compliance requirements.
Key management -- Solution that protects data and enables industry regulation compliance.
Enterprise Data Protection – Solution that provides an end-to-end data-centric approach to
enterprise data protection.
Payments Security – Solution provides complete point-to-point encryption and tokenization for
retail payment transactions, enabling PCI scope reduction.
Big Data, Hadoop and IofT data protection – Solution that protects sensitive data in the Data
Lake – including Hadoop, Teradata, Micro Focus Vertica, and other Big Data platforms.
Mobile App Security - Protecting sensitive data in native mobile apps while safeguarding the
data end-to-end.
Web Browser Security - Protects sensitive data captured at the browser, from the point the
customer enters cardholder or personal data, and keeps it protected through the ecosystem to the
trusted host destination.
Email Security – Solution that provides end-to-end encryption for email and mobile messaging,
keeping Personally Identifiable Information and Personal Health Information secure and private.
Confidentiality:
Confidentiality is roughly equivalent to privacy. Measures undertaken to ensure
confidentiality are designed to prevent sensitive information from reaching the
wrong people, while making sure that the right people can in fact get it: Access must be
restricted to those authorized to view the data in question. It is common, as well, for data to be
categorized according to the amount and type of damage that could be done should it fall into
unintended hands. More or less stringent measures can then be implemented according to those
categories.
Sometimes safeguarding data confidentiality may involve special training for that privacy to
such documents. Such training would typically include security risks that could threaten this
information. Training can help familiarize authorized people with risk factors and how to guard
against them. Further aspects of training can include strong passwords and password-related
best practices and information about social engineering methods, to prevent them from bending
data-handling rules with good intentions and potentially disastrous results.
A good example of methods used to ensure confidentiality is an account number or routing
number when banking online. Data encryption is a common method of ensuring confidentiality.
User IDs and passwords constitute a standard procedure; two-factor authentication is becoming
the norm. Other options include biometric verification and security tokens, key fobs or soft
tokens. In addition, users can take precautions to minimize the number of places where the
information appears and the number of times it is actually transmitted to complete a required
transaction. Extra measures might be taken in the case of extremely sensitive documents,
precautions such as storing only on air gapped computers, disconnected storage devices or, for
highly sensitive information, in hard copy form only.
Information Privacy:
Information privacy, also known as data privacy or data protection, is the relationship
between the collection and dissemination of data, technology, the public expectation of

[Link] Page 31 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
privacy, legal and political issues surrounding them.
Privacy concerns exist wherever personally identifiable information or other sensitive
information is collected, stored, used, and finally destroyed or deleted – in digital form or
otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues.
Data privacy issues may arise in response to information from a wide range of sources,
such as:
Healthcare records
Criminal justice investigations and proceedings
Financial institutions and transactions
Biological traits, such as genetic material
Residence and geographic records
Privacy breach
Location-based service and geo location
Web surfing behavior or user preferences using persistent cookies
Academic research
The challenge of data privacy is to use data while protecting an individual's privacy preferences
and their personally identifiable information. The fields of computer security, data security,
and information security design and use software, hardware, and human resources to address
this issue. Since the laws and regulations related to Privacy and Data Protection are constantly
changing, it is important to keep abreast of any changes in the law and to continually reassess
compliance with data privacy and security regulations. Within academia, Institutional Review
Boards function to assure that adequate measures are taken to ensure both the privacy and
confidentiality of human subjects in research.
International aspects of computer and online crime:
There is no commonly agreed single definition of “cybercrime”. It refers to illegal internetmediated
activities that often take place in global electronic [Link] is
"international" or "transnational" – there are ‘no cyber-borders between countries'. International
cybercrimes often challenge the effectiveness of domestic and international law and law
enforcement. Because existing laws in many countries are not tailored to deal with cybercrime,
criminals increasingly conduct crimes on the Internet in order to take advantages of the less
severe punishments or difficulties of being traced. No matter, in developing or developed
countries, governments and industries have gradually realized the colossal threats of cybercrime
on economic and political security and public interests. However, complexity in types and forms
of cybercrime increases the difficulty to fight back. In this sense, fighting cybercrime calls for
38 Department of Mechanical Engineering, MRCET
international cooperation. Various organizations and governments have already made joint
efforts in establishing global standards of legislation and law enforcement both on a regional
and on an international scale. China–United States cooperation is one of the most striking
progresses recently, because they are the top two source countries of cybercrime.
Information and communication technology (ICT) plays an important role in helping ensure
interoperability and security based on global standards. General countermeasures have been
adopted in cracking down cybercrime, such as legal measures in perfecting legislation and
technical measures in tracking down crimes over the network, Internet content control, using
public or private proxy and computer forensics, encryption and plausible deniability, etc.[2] Due
to the heterogeneity of law enforcement and technical countermeasures of different countries,
this article will mainly focus on legislative and regulatory initiatives of international
cooperation.
Internet Crime
Internet crime is any crime or illegal online activity committed on the Internet, through the
Internet or using the Internet. The widespread Internet crime phenomenon encompasses multiple
global levels of legislation and oversight. In the demanding and continuously changing IT field,
security experts are committed to combating Internet crime through preventative technologies,
such as intrusion detection networks and packet sniffers.
Internet crime is a strong branch of cybercrime. Identity theft, Internet scams and cabers talking
are the primary types of Internet crime. Because Internet crimes usually engage people from
various geographic areas, finding and penalizing guilty participants is complicate
Internet crimes, such as the Nigerian 419 fraud ring, are a constant threat to Internet users. The
U.S. Federal Bureau of Investigation (FBI) and Federal Trade Commission (FCC) have
dedicated and appointed IT and law enforcement experts charged with ending the far-reaching
and damaging effects of Internet crime.
Examples of Internet crime legislation include:
U.S. Computer Fraud and Abuse Act, Section 1030: Amended in 2001 through the [Link] Act
CAN SPAM Act of 2003
Preventing Real Online Threats to Economic Creativity and Theft of Intellectual

[Link] Page 32 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
Property Act of 2011
As the U.S. works to combat Internet crime, other countries are experiencing increased
cybercriminal activity. In 2001, Web sense (an organization focused on network abuse research)
reported the alarming spread of Internet crime in Canada. This global shift is under review by
the Canadian government.
Types of Internet crime include:
Cyber bullying and harassment
Financial extortion
Internet bomb threats
Classified global security data theft
Password trafficking
Enterprise trade secret theft
Personally data hacking
Copyright violations, such as software piracy
Counterfeit trademarks
Illegal weapon trafficking
Online child pornography
Credit card theft and fraud
Email phishing
Domain name hijacking
Virus spreading
To prevent becoming an Internet crime, online vigilance and common sense are critical. Under
no circumstances should a user share personal information (like full name, address, birth date
and Social Security number) to unknown recipients. Moreover, while online, a user should
remain suspicious about exaggerated or unverifiable claims.
-------------------------------------------------------------------------------------------------------------------
Offences
Section 65 - Tampering with computer source documents
If a person knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes
another to conceal, destroy or alter any computer source code used for a computer, computer
programme, computer system or computer network, when the computer source code is required to be
kept or maintained by law for the time being in force.
Penalty - Imprisonment up to three years, or/and with fine up to RS 200,000

Section 66 – Hacking with computer system

If a person with the intent to cause or knowing that he is likely to cause wrongful loss or damage to
the public or any person destroys or deletes or alters any information residing in a computer resource
or diminishes its value or utility or affects it injuriously by any means, commits hack.
Penalty - Imprisonment up to three years, or/and with fine up to RS 500,000

Section 66B - Receiving stolen computer or communication device

A person receives or retains a computer resource or communication device which is known to be stolen
or the person has reason to believe is stolen.
Penalty - Imprisonment up to three years, or/and with fine up to RS 100,000

Section 66C – Using password of another person

A person fraudulently uses the password, digital signature or other unique identification of another
person.
Penalty - Imprisonment up to three years, or/and with fine up to RS 100,000

Section 66D – Cheating using computer resource

If a person cheats someone using a computer resource or communication.
Penalty - Imprisonment up to three years, or/and with fine up to RS 100,000

Section 66E – Publishing private images of others

If a person captures, transmits or publishes images of a person's private parts without his/her consent
or knowledge.
Penalty - Imprisonment up to three years, or/and with fine up to RS 200,000

[Link] Page 33 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR

Section 66F – Act of cyber terrorism

If a person denies access to authorized personnel to a computer resource, accesses a protected system
or introduces contaminant into a system, with the intention of threatening the unity, integrity,
sovereignty or security of India, then he commits cyber terrorism.
Penalty - Imprisonment up to life.

Section 67 - Publishing information which is obscene in e-form

If a person publishes or transmits or causes to be published in the electronic form, any material which
is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt
persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter
contained or embodied in it.
Penalty - Imprisonment up to five years, or/and with fine up to RS 1,000,000

Section 67A - Publishing images containing sexual acts

If a person publishes or transmits images containing a sexual explicit act or conduct.
Penalty- Imprisonment up to seven years, or/and with fine up to RS 1,000,000

Section 67B – Publishing child porn or predating children online

If a person captures, publishes or transmits images of a child in a sexually explicit act or conduct. If a
person induces a child into a sexual act. A child is defined as anyone under 18.
Penalty- Imprisonment up to five years, or/and with fine up to RS 1,000,000 on first conviction.
Imprisonment up to seven years, or/and with fine up to RS 1,000,000 on second conviction.

Section 67C - Failure to maintain records

Persons deemed as intermediary (such as an ISP) must maintain required records for stipulated time.
Failure is an offence.
Penalty- Imprisonment up to three years, or/and with fine.

Section 68 - Failure/refusal to comply with orders

The Controller may, by order, direct a Certifying Authority or any employee of such Authority to take
such measures or cease carrying on such activities as specified in the order if those are necessary to
ensure compliance with the provisions of this Act, rules or any regulations made there under. Any
person who fails to comply with any such order shall be guilty of an offence.
Penalty- Imprisonment up to three years, or/and with fine up to RS 200,000

Section 69 - Failure/refusal to decrypt data

If the Controller is satisfied that it is necessary or expedient so to do in the interest of the sovereignty
or integrity of India, the security of the State, friendly relations with foreign States or public order or
for preventing incitement to the commission of any cognizable offence, for reasons to be recorded in
writing, by order, direct any agency of the Government to intercept any information transmitted
through any computer resource. The subscriber or any person in charge of the computer resource
shall, when called upon by any agency which has been directed, must extend all facilities and technical
assistance to decrypt the information. The subscriber or any person who fails to assist the agency
referred is deemed to have committed a crime.
Penalty- Imprisonment up to seven years and possible fine.

Section 70 - Securing access to a protected system

The appropriate Government may, by notification in the Official Gazette, declare that any computer,
computer system or computer network to be a protected system. The appropriate Government may, by
order in writing, authorize the persons who are authorized to access protected systems. If a person
who secures access or attempts to secure access to a protected system, then he is committing an
offence.
Penalty- Imprisonment up to ten years, or/and with fine.

[Link] Page 34 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
Section 71 – Misrepresentation
If anyone makes any misrepresentation to, or suppresses any material fact from, the Controller or the
Certifying Authority for obtaining any license or Digital Signature Certificate.
Penalty - Imprisonment up to three years, or/and with fine up to RS 100,000
Criticism
Section 66A and Restriction of Free Speech
From its establishment as an amendment to the original act in 2008, Section 66A attracted controversy
over its unconstitutional nature:

Section 66A - Publishing offensive, false or threatening information

Any person who sends by any means of a computer resource any information that is grossly offensive
or has a menacing character; or any information which he knows to be false, but for the purpose of
causing annoyance, inconvenience, danger, obstruction, insult shall be punishable with imprisonment
for a term which may extend to three years and with fine.

Revocation by the Supreme Court

On 24 March 2015, the Supreme Court of India gave the verdict that Section 66A is unconstitutional in
entirety. The court said that Section 66A of IT Act 2000 is "arbitrarily, excessively and
disproportionately invades the right of free speech" provided under Article 19(1) of the Constitution of
India. But the Court turned down a plea to strike down Sections 69A and 79 of the Act, which deal with
the procedure and safeguards for blocking certain websites.

Strict Data Privacy Rules

The data privacy rules introduced in the Act in 2011 has been described as too strict by some Indian
and US firms. The rules require firms to obtain written permission from customers before collecting and
using their personal data. This has affected US firms which outsource to Indian companies. However,
some companies have welcomed the strict rules, saying it will remove fears of outsourcing to Indian
companies.

Section 69 and Mandatory Decryption

The Section 69 allows intercepting any information and asks for information decryption. To refuse
decryption is an offence. The Indian Telegraph Act, 1885 allows the government to tap phones. But,
according to a 1996 Supreme Court verdict the government can tap phones only in case of a public
emergency.

But, there is no such restriction on Section 69. On 20 December 2018, the Ministry of Home Affairs
cited Section 69 in the issue of an order authorising ten central agencies to intercept, monitor, and
decrypt “any information generated, transmitted, received or stored in any computer.” While some
claim this to be a violation of the fundamental right to privacy, the Ministry of Home Affairs has
claimed its validity on the grounds of national security.

Some Cases
Section 66
In February 2001, in one of the first cases, the Delhi police arrested two men running a web-hosting
company. The company had shut down a website over non-payment of dues. The owner of the site had
claimed that he had already paid and complained to the police. The Delhi police had charged the men
for hacking under Section 66 of the IT Act and breach of trust under Section 408 of the Indian Penal
Code. The two men had to spend 6 days in Tihar jail waiting for bail. Bhavin Turakhia, chief executive
officer of [Link], said that this interpretation of the law would be problematic for web-hosting
companies.

In February 2017, M/s Voucha Gram India Pvt. Ltd, owner of Delhi based Ecommerce Portal
[Link] made a Complaint with Hauz Khas Police Station against some hackers from different
cities accusing them for IT Act / Theft / Cheating / Misappropriation / Criminal Conspiracy / Criminal
Breach of Trust / Cyber Crime of Hacking / Snooping / Tampering with Computer source documents
and the Web Site and extending the threats of dire consequences to employees, as a result four
hackers were arrested by South Delhi Police for Digital Shoplifting.

Section 66A
In September 2012, a freelance cartoonist Aseem Trivedi was arrested under the Section 66A of the IT

[Link] Page 35 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
Act, Section 2 of Prevention of Insults to National Honor Act, 1971 and for sedition under the Section
124 of the Indian Penal Code. His cartoons depicting widespread corruption in India were considered
offensive.
-------------------------------------------------------------------------------------------------------------------
Cryptography and its Types
Cryptography is technique of securing information and communications through use of codes so that
only those person for whom the information is intended can understand it and process it. Thus
preventing unauthorized access to information. The prefix “crypt” means “hidden” and suffix “graphy”
means “writing”. In Cryptography the techniques which are use to protect information are obtained
from mathematical concepts and a set of rule based calculations known as algorithms to convert
messages in ways that make it hard to decode it. These algorithms are used for cryptographic key
generation, digital signing, verification to protect data privacy, web browsing on internet and to protect
confidential transactions such as credit card and debit card transactions.
Techniques used For Cryptography: In today’s age of computers cryptography is often associated
with the process where an ordinary plain text is converted to cipher text which is the text made such
that intended receiver of the text can only decode it and hence this process is known as encryption.
The process of conversion of cipher text to plain text this is known as decryption.
Features Of Cryptography are as follows:
1. Confidentiality: Information can only be accessed by the person for whom it is intended and
no other person except him can access it.
2. Integrity: Information cannot be modified in storage or transition between sender and
intended receiver without any addition to information being detected.
3. Non-repudiation: The creator/sender of information cannot deny his intention to send
information at later stage.
4. Authentication: The identities of sender and receiver are confirmed. As well as
destination/origin of information is confirmed.
Types Of Cryptography: In general there are three types Of cryptography:

1. Symmetric Key Cryptography: It is an encryption system where the sender and receiver of
message use a single common key to encrypt and decrypt messages. Symmetric Key Systems
are faster and simpler but the problem is that sender and receiver have to somehow exchange
key in a secure manner. The most popular symmetric key cryptography system are Data
Encryption System(DES) and Advanced Encryption System(AES).
2. Hash Functions: There is no usage of any key in this algorithm. A hash value with fixed length
is calculated as per the plain text which makes it impossible for contents of plain text to be
recovered. Many operating systems use hash functions to encrypt passwords.
3. Asymmetric Key Cryptography: Under this system a pair of keys is used to encrypt and
decrypt information. A receiver’s public key is used for encryption and a receiver’s private key is
used for decryption. Public key and Private Key are different. Even if the public key is known by
everyone the intended receiver can only decode it because he alone know his private key. The
most popular asymmetric key cryptography algorithm is RSA algorithm.
Applications Of Cryptography:
1. Computer passwords: Cryptography is widely utilized in computer security, particularly when
creating and maintaining passwords. When a user logs in, their password is hashed and
compared to the hash that was previously stored. Passwords are hashed and encrypted before
being stored. In this technique, the passwords are encrypted so that even if a hacker gains
access to the password database, they cannot read the passwords.
2. Digital Currencies: To safeguard transactions and prevent fraud, digital currencies like Bitcoin
also use cryptography. Complex algorithms and cryptographic keys are used to safeguard
transactions, making it nearly hard to tamper with or forge the transactions.
3. Secure web browsing: Online browsing security is provided by the use of cryptography, which
shields users from eavesdropping and man-in-the-middle assaults. Public key cryptography is
used by the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols to
encrypt data sent between the web server and the client, establishing a secure channel for
communication.
4. Electronic signatures: Electronic signatures serve as the digital equivalent of a handwritten
signature and are used to sign documents. Digital signatures are created using cryptography
and can be validated using public key cryptography. In many nations, electronic signatures are
enforceable by law, and their use is expanding quickly.
5. Authentication: Cryptography is used for authentication in many different situations, such as
when accessing a bank account, logging into a computer, or using a secure network.
Cryptographic methods are employed by authentication protocols to confirm the user’s identity
and confirm that they have the required access rights to the resource.

[Link] Page 36 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
6. Cryptocurrencies: Cryptography is heavily used by cryptocurrencies like Bitcoin and Ethereum
to safeguard transactions, thwart fraud, and maintain the network’s integrity. Complex
algorithms and cryptographic keys are used to safeguard transactions, making it nearly hard to
tamper with or forge the transactions.
7. End-to-End Encryption: End-to-end encryption is used to protect two-way communications
like video conversations, instant messages, and email. Even if the message is encrypted, it
assures that only the intended receivers can read the message. End-to-end encryption is
widely used in communication apps like WhatsApp and Signal, and it provides a high level of
security and privacy for users.
Advantages
1. Access Control: Cryptography can be used for access control to ensure that only parties with
the proper permissions have access to a resource. Only those with the correct decryption key
can access the resource thanks to encryption.
2. Secure Communication: For secure online communication, cryptography is crucial. It offers
secure mechanisms for transmitting private information like passwords, bank account numbers,
and other sensitive data over the internet.
3. Protection against attacks: Cryptography aids in the defence against various types of
assaults, including replay and man-in-the-middle attacks. It offers strategies for spotting and
stopping these assaults.
4. Compliance with legal requirements: Cryptography can assist firms in meeting a variety of
legal requirements, including data protection and privacy legislation.
-------------------------------------------------------------------------------------------------------------------
ENCRYPTION
Encryption is a way of scrambling data so that only authorized parties can understand the information
is an ancient practice. It evolved into the modern practice of cryptography—the science of secret
writing, or the study of obscuring data using algorithms and secret keys.
History of Encryption:

Once upon a time, keeping data secret was not hard. Hundreds of years ago, when few people were
literate, the use of written language alone often sufficed to keep information from becoming general
knowledge. To keep secrets then, you simply had to write them down, keep them hidden from those
few people who could read, and prevent others from learning how to read. Deciphering the meaning of
a document is difficult if it is written in a language you do not know.

Early Codes:
Early code used transposition. They simply rearranged the order of the letters in a given message. This
rearrangement had to follow some order, otherwise, the recipient would not be able to restore the
original message. The use of the scytale by the Spartans in the fifth-century b.c. is the earliest record
of a pattern being used for a transposition code. The scytale was a rod around which a strip of paper
was wrapped. The message was written down the side of the rod, and when it was unwound, the
message was unreadable. If the messenger was caught, the message was safe. If he arrived safely,
the message was wound around an identical rod and read.
Other early attempts at cryptography (the science of data protection via encryption) used substitution.
A substitution algorithm replaces each character in a message with another character. Caesar‟s cipher
is an example of a substitution algorithm. It is a type of substitution algorithm in which each letter in
the plaintext is 'shifted' a certain number of places down the alphabet. For example, with a shift of 1, A
would be replaced by B, B would become C, and so on.

Example:
To pass an encrypted message from one person to another, it is first necessary that both sender and
receiver have the 'key' for the cipher, so that the sender may encrypt it and the receiver may decrypt
it. For the Caesar cipher, the key is the number of characters to shift the cipher alphabet.
Here is an example of the encryption and decryption steps involved with the Caesar cipher. The text
we will encrypt is „my password is root‟, with a shift (key) of 1.
plain text: my password is root
cipher text: nz qbttxpse jt sppu

It is easy to see how each character in the plaintext is shifted up the alphabet. Decryption is just as
easy, by using an offset of -1.

plain text: abcdefghijklmnopqrstuvwxyz

cipher text: bcdefghijklmnopqrstuvwxyza

Obviously, if a different key is used, the cipher alphabet will be shifted a different amount.

[Link] Page 37 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
The use of such codes, in which knowledge of the algorithm is all that keeps the message safe, has
long been known to be poor practice. Sooner or later, someone will deduce the algorithm, and all is
lost.
3.4.1 Symmetric-Key Cryptography:
Symmetric key cryptography is a type of encryption in which a similar key is used to encrypt and
decrypt messages. This secret key is known only to the sender and to the receiver. It is also called
secret-key cryptography. The message exchange using symmetric key cryptography involves the
following steps-

Figure Symmetric Key Cryptography

Before starting the communication, sender and receiver share the secret key. This secret key is shared
through some external means. At sender side, sender encrypts the message using his copy of the
secret key. The cipher text is then sent to the receiver over the communication channel. At receiver
side, receiver decrypts the cipher text using his copy of the secret key. After decryption, the message
converts back into readable format.

Some of the encryption algorithms that use symmetric key are:

Advanced Encryption Standard (AES)
Data Encryption Standard (DES)
Typical Cryptography Algorithms
1. Triple DES
The original Data Encryption Standard (DES) algorithm was intended to be replaced by Triple DES, but
hackers soon figured out how to easily break it. At one point, the most popular symmetric algorithm in
the market and the recommended standard were both are Triple DES.
The three separate keys of Triple DES each have a length of 56 bits. Although the entire key length is
168 bits, experts contend that a key strength of 112 bits is more realistic. Despite being gradually
phased down, the Advanced Encryption Standard (AES) has largely taken the role of Triple DES.
2. AES
The U.S. Government and several organizations trust the Advanced Encryption Standard (AES)
algorithm as the industry standard. Despite being quite effective in 128-bit version, AES also employs
keys of 192 and 256 bits for use in heavy-duty encryption.
With the exception of brute force, which tries to read communications by utilizing every combination of
the 128, 192, or 256-bit cipher, AES is generally thought to be immune to all assaults.
3. RSA Security
The industry standard for encrypting data exchanged over the internet is the public-key algorithm RSA.
It also happens to be a technique employed by PGP and GPG software. Due to the usage of a pair of
keys, RSA is regarded as an asymmetric algorithm as opposed to Triple DES. You can encrypt a
message with your public key and decode it with your private key. RSA encryption produces a massive
amount of gibberish that would need a lot of time and computing power to decipher for an attacker.
4. Blowfish

[Link] Page 38 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
Another algorithm intended to take the place of DES is called blowfish. With this symmetric cipher,
each message is encrypted separately after being divided into blocks of 64 bits. Blowfish is renowned
for its incredible speed and all-around efficiency. Vendors, however, have made the most of its
unfettered accessibility in the public domain. Blowfish may be found in software areas including e-
commerce platforms for protecting payments and password management systems for password
protection. One of the most adaptable encryption techniques is this one.
5. Twofish
Bruce Schneier, a specialist in computer security, is the creator of Blowfish and its sequel Twofish. This
algorithm allows for the usage of keys up to 256 bits long, and because it uses a symmetric approach,
only one key is required.
One of the swiftest of its kind, Twofish is excellent for usage in both hardware and software contexts.
Twofish is also freely accessible to anyone who wants to utilize it, much as Blowfish.

A short history of Triple DES and DES

The National Bureau of Standards, later known as NIST, recognized the need for a federal standard for
encrypting sensitive, unclassified data in the early 1970s. Early suggestions for the new DES were
rejected. Later, IBM Corporation presented a block cipher under the name of Lucifer in 1974. A
modified version was accepted as a Federal Information Processing Standard in 1976 after discussion
with the National Security Agency (NSA), and it was released on January 15, 1977, as FIPS PUB 46. It
might be used to any unclassified data.

The key size was decreased from 128 bits to 56 bits in the authorized method, and substitution boxes
(S-boxes) created under covert circumstances was the two most noticeable modifications between it
and the original Lucifer cipher. The part of the algorithm that does substitution is called an S-box.
Many experts believed that the NSA had somehow incorporated a backdoor into the algorithm to
enable the agency to decode data encrypted by DES without needing to know the encryption key and
that the reduced key size rendered DES more vulnerable to brute-force assaults. Thirteen years later,
it was found that the S-boxes were resistant to differential cryptanalysis, a 1990 widely disclosed
attack. This implies that the NSA knew about this assault in 1977.

DES was immediately accepted despite these objections, which greatly increased the study and
creation of encryption systems. In 1983, 1988, and 1993, it was confirmed as the norm. But as
computers' processing capacity increased, DES became more open to brute-force assaults. Although
there are over 72 quadrillion possible combinations in a 56-bit key space, this no longer offers the
necessary levels of security. In 2005, the algorithm was discontinued.
The Triple DES standard, FIPS PUB 46-3, was released in 1999 to obviate the need to create a whole
new cipher and to make replacing DES reasonably simple. It is currently suffering the same fate as its
forerunner.

For example, suppose we take a plaintext message, "hello," and encrypt it with a key; let's say the key
is "2jd8932kd9." Encrypted with this key, our simple "hello" now reads "X5xJCSycg15=", which seems
like random garbage data. However, by decrypting it with that same key, we get "hello" back.
Plaintext + key = ciphertext:
hello + 2jd8932kd9 = X5xJCSycg14=
Ciphertext + key = plaintext:
X5xJCSycg15= + 2jd8932kd9 = hello
(This is an example of symmetric encryption, in which only one key is used.)

The advantages of symmetric key algorithms are:

They are efficient.
They take less time to encrypt and decrypt the message.

3.4.2 Public Key Cryptography:

Public key encryption, or public key cryptography, is a method of encrypting data with two different
keys and making one of the keys, the public key, available for anyone to use. The other key is known
as the private key. Data encrypted with the public key can only be decrypted with the private key, and
data encrypted with the private key can only be decrypted with the public key. Public key encryption is
also known as asymmetric key cryptography.
The message exchange using public key cryptography involves the following steps:

[Link] Page 39 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR

Figure 3.9 Public Key Cryptography

The famous asymmetric encryption algorithms are:
1. RSA Algorithm
2. Diffie-Hellman Key Exchange
-------------------------------------------------------------------------------------------------------------------
What is a digital signature?
A digital signature is a mathematical technique used to validate the authenticity and integrity of a
digital document, message or software. It's the digital equivalent of a handwritten signature or
stamped seal, but it offers far more inherent security. A digital signature is intended to solve the
problem of tampering and impersonation in digital communications.
Digital signatures can provide evidence of origin, identity and status of electronic documents,
transactions or digital messages. Signers can also use them to acknowledge informed consent. In
many countries, including the U.S., digital signatures are considered legally binding in the same way as
traditional handwritten document signatures.
How do digital signatures work?
Digital signatures are based on public key cryptography, also known as asymmetric cryptography.
Using a public key algorithm -- such as Rivest-Shamir-Adleman, or RSA -- two keys are generated,
creating a mathematically linked pair of keys: one private and one public.
Digital signatures work through public key cryptography's two mutually authenticating cryptographic
keys. For encryption and decryption, the person who creates the digital signature uses a private key to
encrypt signature-related data. The only way to decrypt that data is with the signer's public key.
If the recipient can't open the document with the signer's public key, that indicates there's a problem
with the document or the signature. This is how digital signatures are authenticated.
Digital certificates, also called public key certificates, are used to verify that the public key belongs to
the issuer. Digital certificates contain the public key, information about its owner, expiration dates and
the digital signature of the certificate's issuer. Digital certificates are issued by trusted third-party
certificate authorities (CAs), such as DocuSign or GlobalSign, for example. The party sending the
document and the person signing it must agree to use a given CA.
Digital signature technology requires all parties trust that the person who creates the signature image
has kept the private key secret. If someone else has access to the private signing key, that party could
create fraudulent digital signatures in the name of the private key holder.
-------------------------------------------------------------------------------------------------------------------
What are the benefits of digital signatures?
Digital signatures offer the following benefits:
• Security. Security capabilities are embedded in digital signatures to ensure a legal document
isn't altered and signatures are legitimate. Security features include asymmetric cryptography,
personal identification numbers (PINs), checksums and cyclic redundancy checks (CRCs), as
well as CA and trust service provider (TSP) validation.
• Timestamping. This provides the date and time of a digital signature and is useful when timing
is critical, such as for stock trades, lottery ticket issuance and legal proceedings.
• Globally accepted and legally compliant. The public key infrastructure (PKI) standard
ensures vendor-generated keys are made and stored securely. With digital signatures becoming
an international standard, more countries are accepting them as legally binding.
• Time savings. Digital signatures simplify the time-consuming processes of physical document
signing, storage and exchange, enabling businesses to quickly access and sign documents.
• Cost savings. Organizations can go paperless and save money previously spent on the physical
resources, time, personnel and office space used to manage and transport documents.
• Positive environmental effects. Reducing paper use also cuts down on the physical waste
generated by paper and the negative environmental impact of transporting paper documents.

[Link] Page 40 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
• Traceability. Digital signatures create an audit trail that makes internal record-keeping easier
for businesses. With everything recorded and stored digitally, there are fewer opportunities for
a manual signee or record-keeper to make a mistake or misplace something.
-------------------------------------------------------------------------------------------------------------------
How do you create a digital signature?
To create a digital signature, signing software -- such as an email program -- is used to provide a one-
way hash of the electronic data to be signed.
A hash is a fixed-length string of letters and numbers generated by an algorithm. The digital signature
creator's private key is used to encrypt the hash. The encrypted hash -- along with other information,
such as the hashing algorithm -- is the digital signature.
The reason for encrypting the hash instead of the entire message or document is because a hash
function can convert an arbitrary input into a fixed-length value, which is usually much shorter. This
saves time, as hashing is much faster than signing.
The value of a hash is unique to the hashed data. Any change in the data -- even a modification to a
single character -- results in a different value. This attribute enables others to use the signer's public
key to decrypt the hash to validate the integrity of the data.
If the decrypted hash matches a second computed hash of the same data, it proves that the data
hasn't changed since it was signed. But, if the two hashes don't match, the data has either been
tampered with in some way and is compromised or the signature was created with a private key that
doesn't correspond to the public key presented by the signer. This signals an issue with authentication.

A person creates a digital signature using a private key to encrypt the signature. At the same time,
hash data is created and encrypted. The recipient uses the signer's public key to decrypt the signature.
A digital signature can be used with any kind of message, whether or not it's encrypted, simply so the
receiver can be sure of the sender's identity and that the message arrived intact. Digital signatures
make it difficult for the signer to deny having signed something, as the digital signature is unique to
both the document and the signer and it binds them together. This property is called nonrepudiation.
The digital certificate is the electronic document that contains the digital signature of the issuing CA.
It's what binds together a public key with an identity and can be used to verify that a public key
belongs to a particular person or entity. Most modern email programs support the use of digital
signatures and digital certificates, making it easy to sign any outgoing emails and validate digitally
signed incoming messages.
Digital signatures are also used extensively to provide proof of authenticity, data integrity and
nonrepudiation of communications and transactions conducted over the internet.
-------------------------------------------------------------------------------------------------------------------
Classes and types of digital signatures
There are three different classes of digital signature certificates (DSCs) as follows:
• Class 1. This type of DSC can't be used for legal business documents, as they're validated
based only on an email ID and username. Class 1 signatures provide a basic level of security
and are used in environments with a low risk of data compromise.
• Class 2. These DSCs are often used for electronic filing (e-filing) of tax documents, including
income tax returns and goods and services tax returns. Class 2 digital signatures authenticate a
signer's identity against a pre-verified database. Class 2 digital signatures are used in
environments where the risks and consequences of data compromise are moderate.
• Class 3. The highest level of digital signatures, Class 3 signatures require people or
organizations to present in front of a CA to prove their identity before signing. Class 3 digital

[Link] Page 41 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
signatures are used for e-auctions, e-tendering, e-ticketing and court filings, as well as in other
environments where threats to data or the consequences of a security failure are high.
-------------------------------------------------------------------------------------------------------------
Uses for digital signatures
Digital signature tools and services are commonly used in contract-heavy industries, including the
following:
• Government. The U.S. Government Publishing Office publishes electronic versions of budgets,
public and private laws, and congressional bills with digital signatures. Governments worldwide
use digital signatures for processing tax returns, verifying business-to-government transactions,
ratifying laws and managing contracts. Most government entities must adhere to strict laws,
regulations and standards when using digital signatures. Many governments and corporations
also use smart cards to identify their citizens and employees. These are physical cards with an
embedded chip that contains a digital signature that provides the cardholder access to an
institution's systems or physical buildings.
• Healthcare. Digital signatures are used in the healthcare industry to improve the efficiency of
treatment and administrative processes, strengthen data security, e-prescribe and process
hospital admissions. The use of digital signatures in healthcare must comply with the Health
Insurance Portability and Accountability Act of 1996.
• Manufacturing. Manufacturing companies use digital signatures to speed up processes,
including product design, quality assurance, manufacturing enhancements, marketing and
sales. The use of digital signatures in manufacturing is governed by the International
Organization for Standardization and the National Institute of Standards and Technology Digital
Manufacturing Certificate.
• Financial services. The U.S. financial sector uses digital signatures for contracts, paperless
banking, loan processing, insurance documentation and mortgages. This heavily regulated
sector uses digital signatures, paying careful attention to the regulations and guidance put forth
by the Electronic Signatures in Global and National Commerce Act (E-Sign Act), state Uniform
Electronic Transactions Act regulations, the Consumer Financial Protection Bureau and the
Federal Financial Institutions Examination Council.
• Cryptocurrencies. Bitcoin and other cryptocurrencies use digital signatures to authenticate the
blockchain. They're also used to manage transaction data associated with cryptocurrency and as
a way for users to show ownership of currency or their participation in a transaction.
• Non-fungible tokens (NFTs). Digital signatures are used with digital assets -- such as
artwork, music and videos -- to secure and trace these types of NFTs anywhere on the
blockchain.
-------------------------------------------------------------------------------------------------------------------
Why use PKI or PGP with digital signatures?
Digital signatures use the PKI standard and the Pretty Good Privacy (PGP) encryption program, as both
reduce potential security issues that come with transmitting public keys. They validate that the
sender's public key belongs to that individual and verify the sender's identity.
PKI is a framework for services that generate, distribute, control and account for public key
certificates. PGP is a variation of the PKI standard that uses symmetric key and public key
cryptography, but it differs in how it binds public keys to user identities. PKI uses CAs to validate and
bind a user identity with a digital certificate, whereas PGP uses a web of trust. Users of PGP choose
whom they trust and which identities get vetted. PKI users defer to trusted CAs.
The effectiveness of a digital signature's security is dependent on the strength of the private key
security. Without PKI or PGP, it's impossible to prove someone's identity or revoke a compromised key,
and it's easier for malicious actors to impersonate people.
-------------------------------------------------------------------------------------------------------------------
What's the difference between a digital signature and an electronic signature?
Though the two terms sound similar, digital signatures are different from electronic signatures.
• Digital signature is a technical term, defining the result of a cryptographic process or
mathematical algorithm that can be used to authenticate a sequence of data.
• It's a type of electronic signature.
• The term electronic signature, or e-signature, is a legal term that's defined legislatively.
For example, in the U.S., the E-Sign Act passed in 2000 defined e-signature as "an electronic sound,
symbol or process attached to or logically associated with a contract or other record and executed or
adopted by a person with the intent to sign the record."
E-signatures are also defined in the Electronic Signatures Directive, which the European Union (EU)
passed in 1999 and repealed in 2016. It regarded them as equivalent to physical signatures. This act
was replaced with electronic identification authentication and trust services, or eIDAS, which regulates
e-signatures and transactions, as well as the embedding processes that ensure the safe conduct of
online business.

[Link] Page 42 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
This means that a digital signature, which can be expressed digitally in electronic form and associated
with the representation of a record, can be a type of e-signature. More generally, though, an e-
signature can be as simple as a signature online, like the signer's name being entered in a web
browser on a form.
To be considered valid, e-signature schemes must include the following three things:
1. A way to verify the identity of the entity signing it.
2. A way to verify the signing entity intended to affirm the document being signed.
3. A way to verify that the e-signature is associated with the signed document.
A digital signature can, on its own, fulfill these requirements to serve as an e-signature:
• The public key of the digital signature is linked to the signing entity's electronic identification.
• The digital signature can only be affixed by the holder of the public key's associated private key,
which implies the entity intends to use it for the signature.
• The digital signature only authenticates if the signed data -- for example, a document or
representation of a document -- is unchanged. If a document is altered after being signed, the
digital signature fails to authenticate.
While authenticated digital signatures provide cryptographic proof a document was signed by the
stated entity and that the document hasn't been altered, not all e-signatures provide the same
guarantees.

-------------------------------------------------------------------------------------------------------------------
Digital signature security
Security is the main benefit of using digital signatures. Security features and methods used in digital
signatures include the following:
• PINs, passwords and codes. These are used to authenticate and verify a signer's identity and
approve their signature. Email, username and password are the most common methods used.
• Asymmetric cryptography. This employs a public key algorithm that includes private and
public key encryption and authentication.
• Checksum. This long string of letters and numbers is used to determine the authenticity of
transmitted data. A checksum is the result of running a cryptographic hash function on a piece
of data. The value of the original checksum file is compared against the checksum value of the
calculated file to detect errors or changes. A checksum acts like a data fingerprint.
• CRC. A type of checksum, this error-detecting code and verification feature is used in digital
networks and storage devices to detect changes to raw data.
• CA validation. CAs issue digital signatures and act as trusted third parties by accepting,
authenticating, issuing and maintaining digital certificates. The use of CAs helps avoid the
creation of fake digital certificates.
• TSP validation. This person or legal entity validates a digital signature on a company's behalf
and offers signature validation reports.
-------------------------------------------------------------------------------------------------------------------
Digital signature attacks
Possible attacks on digital signatures include the following:
• Chosen-message attack. The attacker either obtains the victim's public key or tricks the
victim into digitally signing a document they don't intend to sign.

[Link] Page 43 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
• Known-message attack. The attacker obtains messages the victim sent and a key that
enables the attacker to forge the victim's signature on documents.
• Key-only attack. The attacker only has access to the victim's public key and can re-create the
victim's signature to digitally sign documents or messages that the victim doesn't intend to
sign.
-------------------------------------------------------------------------------------------------------------------
Digital signature tools and vendors
There are numerous e-signature tools and technologies on the market, including the following:
• Adobe Acrobat Sign is a cloud-based service that's designed to provide secure, legal e-
signatures across all device types. Adobe Acrobat Sign integrates with existing applications,
including Microsoft Office and Dropbox.
• DocuSign standards-based services ensure e-signatures are compliant with existing
regulations. Services include Express Signature for basic global transactions and EU Qualified
Signature, which complies with EU standards.
• Dropbox Sign helps users prepare, send, sign and track documents. Features of the tool
include embedded signing, custom branding and embedded templates. Dropbox Sign also
integrates with applications such as Microsoft Word, Slack and Box.
• GlobalSign provides a host of management, integration and automation tools to implement PKI
across enterprise environments.
• PandaDoc provides e-signature software that helps users upload, send and collect payments
for documents. Users can also track document status and receive notifications when someone
opens, views, comments on or signs a document.
• ReadySign from Onit provides users with customizable templates and forms for e-signatures.
Software features include bulk sending, notifications, reminders, custom signatures and
document management with role-based permissions.
• Signeasy offers an e-signing service of the same name to businesses and individuals, as well
as application programming interfaces for developers.
• SignNow, which is part of AirSlate Business Cloud, provides businesses with a PDF signing tool.

CHAPTER III: KEY ISSUES IN CYBER LAWS

Topics Covered: E-Commerce, E-Governance, E-Record & E-Contract, Regulator, Certifying Authority,
Electronic Signature Certificates.
-------------------------------------------------------------------------------------------------------------------
What Is Electronic Commerce (E-commerce)?
Electronic commerce (e-commerce) refers to companies and individuals that buy and sell goods and
services over the internet. E-commerce operates in different types of market segments and can be
conducted over computers, tablets, smartphones, and other smart devices. Nearly every imaginable
product and service is available through e-commerce transactions, including books, music, plane
tickets, and financial services such as stock investing and online banking. As such, it is considered a
very disruptive technology.
-------------------------------------------------------------------------------------------------------------------
Understanding E-commerce
As noted above, e-commerce is the process of buying and selling tangible products and services online.
It involves more than one party along with the exchange of data or currency to process a transaction.
It is part of the greater industry that is known as electronic business (e-business), which involves all of
the processes required to run a company online.12
E-commerce has helped businesses (especially those with a narrow reach like small businesses) gain
access to and establish a wider market presence by providing cheaper and more efficient distribution
channels for their products or services. Target (TGT) supplemented its brick-and-mortar presence with
an online store that allows customers to purchase everything from clothes and coffeemakers to
toothpaste and action figures right from their homes.
Providing goods and services isn't as easy as it may seem. It requires a lot of research about the
products and services you wish to sell, the market, audience, competition, as well as expected
business costs.
Once that's determined, you need to come up with a name and set up a legal structure, such as a
corporation. Next, set up an e-commerce site with a payment gateway. For instance, a small business
owner who runs a dress shop can set up a website promoting their clothing and other related products
online and allow customers to make payments with a credit card or through a payment processing
service, such as PayPal.3
E-commerce may be thought of as a digital version of mail-order catalog shopping. Also called online
commerce, e-commerce is the transaction between a buyer and a seller that leverages technology.
Special Considerations

[Link] Page 44 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
E-commerce has changed the way people shop and consume products and services. More people are
turning to their computers and smart devices to order goods, which can easily be delivered to their
homes. As such, it has disrupted the retail landscape. Amazon and Alibaba have gained considerable
popularity, forcing traditional retailers to make changes to the way they do business.
But that's not all. Not to be outdone, individual sellers have increasingly engaged in e-commerce
transactions via their own personal websites. And digital marketplaces such as eBay or Etsy serve as
exchanges where multitudes of buyers and sellers come together to conduct business.
The U.S. Department of Commerce recognizes e-commerce businesses such as transactional sites,
static content sites, online marketplaces, and auction sites.
-------------------------------------------------------------------------------------------------------------------
History of E-commerce
Most of us have shopped online for something at some point, which means we've taken part in e-
commerce. So it goes without saying that e-commerce is everywhere. But very few people may know
that e-commerce has a history that goes back to before the internet began.
E-commerce actually goes back to the 1960s when companies used an electronic system called the
Electronic Data Interchange to facilitate the transfer of documents. It wasn't until 1994 that the very
first transaction. took place. This involved the sale of a CD between friends through an online retail
website called NetMarket.3
The industry has gone through so many changes since then, resulting in a great deal of evolution.
Traditional brick-and-mortar retailers were forced to embrace new technology in order to stay afloat as
companies like Alibaba, Amazon, eBay, and Etsy became household names. These companies created a
virtual marketplace for goods and services that consumers can easily access.
New technology continues to make it easier for people to do their online shopping. People can connect
with businesses through smartphones and other devices and by downloading apps to make purchases.
The introduction of free shipping, which reduces costs for consumers, has also helped increase the
popularity of the e-commerce industry.
-------------------------------------------------------------------------------------------------------------------
Advantages and Disadvantages of E-commerce
Advantages
E-commerce offers consumers the following advantages:
• Convenience: E-commerce can occur 24 hours a day, seven days a week. Although
eCommerce may take a lot of work, it is still possible to generate sales as you sleep or earn
revenue while you are away from your store.
• Increased Selection: Many stores offer a wider array of products online than they carry in
their brick-and-mortar counterparts. And many stores that solely exist online may offer
consumers exclusive inventory that is unavailable elsewhere.
• Potentially Lower Start-up Cost: E-commerce companies may require a warehouse or
manufacturing site, but they usually don't need a physical storefront. The cost to operate
digitally is often less expensive than needing to pay rent, insurance, building maintenance, and
property taxes.
• International Sales: As long as an e-commerce store can ship to the customer, an e-
commerce company can sell to anyone in the world and isn't limited by physical geography.
• Easier to Retarget Customers: As customers browse a digital storefront, it is easier to entice
their attention towards placed advertisements, directed marketing campaigns, or pop-ups
specifically aimed at a purpose.
-------------------------------------------------------------------------------------------------------------------
Disadvantages
There are certain drawbacks that come with e-commerce sites, too. The disadvantages include:
• Limited Customer Service: If you shop online for a computer, you cannot simply ask an
employee to demonstrate a particular model's features in person. And although some websites
let you chat online with a staff member, this is not a typical practice.
• Lack of Instant Gratification: When you buy an item online, you must wait for it to be
shipped to your home or office. However, e-tailers like Amazon make the waiting game a little
bit less painful by offering same-day delivery as a premium option for select products.
• Inability to Touch Products: Online images do not necessarily convey the whole story about
an item, and so e-commerce purchases can be unsatisfying when the products received do not
match consumer expectations. Case in point: an item of clothing may be made from shoddier
fabric than its online image indicates.
• Reliance on Technology: If your website crashes, garners an overwhelming amount of traffic,
or must be temporarily taken down for any reason, your business is effectively closed until the
e-commerce storefront is back.
• Higher Competition: Although the low barrier to entry regarding low cost is an advantage,
this means other competitors can easily enter the market. E-commerce companies must have

[Link] Page 45 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
mindful marketing strategies and remain diligent on SEO optimization to ensure they maintain a
digital presence.
Pros
• Owners can generate revenue semi-passively
• Consumers can easily browse for specific products
• Greater earning potential as there are no limitations on physical location as long you can ship
there
• Reduced costs assuming digital presence costs less than building, insurance, taxes, and repairs.
• Greater marketing control, including data extraction from customers, targeted ads, and pop-up
placement
Cons
• Limited customer service opportunities as there is little to no face-to-face opportunities
• Lacks instant gratification as customers must believe in a product before seeing it in person
• Products can't been seen or handled until delivered (can't try before they buy)
• Loss of revenue or income when websites go down
• High reliance on shipping constraints
• Higher competition due to lower barriers of entry and greater customer potential
-------------------------------------------------------------------------------------------------------------------
Types of E-commerce
Depending on the goods, services, and organization of an ecommerce company, the business can opt
to operate several different ways. Here are several of the popular business models.
Business-to-Consumer (B2C)
B2C e-commerce companies sell directly to the product end-user. Instead of distributing goods to an
intermediary, a B2C company performs transactions with the consumer that will ultimately use the
good.
This type of business model may be used to sell products (like your local sporting goods store's
website) or services (such as a lawn care mobile app to reserve landscaping services). This is the most
common business model and is likely the concept most people think about when they hear the term e-
commerce.
-------------------------------------------------------------------------------------------------------------------
Business-to-Business (B2B)
Similar to B2C, an e-commerce business can directly sell goods to a user. However, instead of being a
consumer, that user may be another company. B2B transactions often entail larger quantities, greater
specifications, and longer lead times. The company placing the order may also have a need to set
recurring goods if the purchase is for recurring manufacturing processes.
Business-to-Government (B2G)
Some entities specialize as government contractors providing goods or services to agencies or
administrations. Similar to a B2B relationship, the business produces items of value and remits those
items to an entity.
B2G e-commerce companies must often meet government requests for proposal requirements, solicit
bids for projects, and meet very specific product or service criteria. In addition, there may be joint
government endeavors to solicit a single contract through a government-wide acquisition contract.
-------------------------------------------------------------------------------------------------------------------
Consumer-to-Consumer (C2C)
Established companies are the only entities that can sell things. E-commerce platforms such as digital
marketplaces connect consumers with other consumers who can list their own products and execute
their own sales.
These C2C platforms may be auction-style listings (i.e. eBay auctions) or may warrant further
discussion regarding the item or service being provided (i.e. Craigslist postings). Enabled by
technology, C2C e-commerce platforms empower consumers to both buy and sell without the need for
companies.
Consumer-to-Business (C2B)
Modern platforms have allowed consumers to more easily engage with companies and offer their
services, especially related to short-term contracts, gigs, or freelance opportunities. For example,
consider listings on Upwork.
A consumer may solicit bids or interact with companies that need particular jobs done. In this way, the
e-commerce platform connects businesses with freelancers to enable consumers greater power to
achieve pricing, scheduling, and employment demands.
-------------------------------------------------------------------------------------------------------------------
Consumer-to-Government (C2G)
Less of a traditional e-commerce relationship, consumers can interact with administrations, agencies,
or governments through C2G partnerships. These partnerships are often not in the exchange of service
but rather, the transaction of obligation.

[Link] Page 46 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
For example, uploading your federal tax return to the Internal Revenue Service (IRS) digital website is
an e-commerce transaction regarding an exchange of information. Alternatively, you may pay your
tuition to your university online or remit property tax assessments to your county assessor.

The U.S. Census Bureau conducts estimates of retail e-commerce sales in the United States. In the
first quarter of 2023, retail e-commerce accounted for 15.1% of total sales in the country, totaling
roughly $272.6 billion. These figures are adjusted for seasonal variation.5
-------------------------------------------------------------------------------------------------------------------
Types of E-commerce Revenue Models
In addition to crafting what type of e-commerce company a business wants to be, the business must
decide how it wants to make money. Due to the unique nature of e-commerce, the business has a few
options on how it wants to process orders, carry inventory, and ship products.
Dropshipping
Often considered one of the easier forms of e-commerce, dropshipping allows a company to create a
digital storefront, generate sales, then rely on a supplier to provide the good. When generating the
sale, the e-commerce company collects payment via credit card, PayPal, cryptocurrency, or other
means of digital currency.
Then, the e-commerce store passes the order to the dropship supplier. This supplier manages
inventory, oversees the warehouse of goods, packages the goods, and delivers the product to the
purchaser.
-------------------------------------------------------------------------------------------------------------------
White Labeling
White-label e-commerce companies leverage already successful products sold by another company.
After a customer places an order, the e-commerce company receives the existing product, repackages
the product with its own package and label, and distributes the product to the customer. Although the
e-commerce company has little to no say in the product they receive, the company usually faces little
to no in-house manufacturing constraints.
-------------------------------------------------------------------------------------------------------------------
Wholesaling
A more capital-intensive approach to e-commerce, wholesaling entails maintaining quantities of
inventory, keeping track of customer orders, maintaining customer shipping information, and typically
having ownership of the warehouse space to house products.
Wholesalers may charge bulk pricing to retailers or unit prices for consumers. However, the broad
approach to wholesaling is to connect to buyers of large quantities or many smaller buyers of a similar,
standardized product.
-------------------------------------------------------------------------------------------------------------------
Private Labeling
Private labeling is a more appropriate e-commerce approach for companies that may not have large
upfront capital or do not have their own factory space to manufacture goods. Private label e-commerce
companies send plans to a contracted manufacturer who makes the product.
The manufacturer may also have the ability to ship directly to a customer or ship directly to the
company receiving the order. This method of e-commerce is best suited for companies that may
receive on-demand orders with short turnaround times but are unable to handle the capital
expenditure requirements.
Subscription
E-commerce companies can also leverage repeating orders or loyal customers by
implementing subscription services. For a fixed price, the e-commerce company will assemble a
package, introduce new products, and incentivize locking to a long-term agreement at a lower monthly
price.
The consumer only places an order once and receives their subscription order at a fixed cadence.
Common subscription e-commerce products include meal prep services, agriculture boxes, fashion
boxes, or health and grooming products.
-------------------------------------------------------------------------------------------------------------------
Example of E-commerce
Amazon is a behemoth in the e-commerce space. In fact, it is the world's largest online retailer and
continues to grow. As such, it is a huge disrupter in the retail industry, forcing some major retailers to
rethink their strategies and shift their focus.
The company launched its business with an e-commerce-based model of online sales and product
delivery. It was founded by Jeff Bezos in 1994 as an online bookstore but has since expanded to
include everything from clothing to housewares, power tools to food and drinks, and electronics.
Company sales increased by 9% in 2022 from the previous year, totaling $513.98 billion compared to
$469.82 billion in 2021. Amazon's operating income dropped from $24.88 billion in 2021 to $$12.25
billion in 2022. The company posted a net loss of $2.72 billion in 2022, compared to net income of
$33.36 billion in 2021.6

[Link] Page 47 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
How Do You Start an E-commerce Business?
Make sure you do your research before you start your business. Figure out what products and services
you're going to sell and look into the market, target audience, competition, and expected costs.
Next, come up with a name, choose a business structure, and get the necessary documentation
(taxpayer numbers, licenses, and permits if they apply).
Before you start selling, decide on a platform and design your website (or have someone do it for you).
Remember to keep everything simple at the beginning and make sure you use as many channels as
you can to market your business so it can grow.
-------------------------------------------------------------------------------------------------------------------
What Is an E-commerce Website?
An e-commerce website is any site that allows you to buy and sell products and services online.
Companies like Amazon and Alibaba are examples of e-commerce websites.
What Is the Difference Between E-commerce and E-business?
E-commerce involves the purchase and sale of goods and services online and is actually just one part
of e-business. An e-business involves the entire process of running a company online. Put simply, it's
all of the activity that takes place with an online business.
-------------------------------------------------------------------------------------------------------------------
What Is an Example of E-commerce?
Dollar Shave Club offers customers personal grooming, health, and beauty products.7 Customers can
opt for what product(s) they want shipped to them and can sign up for long-term memberships to have
products sent to them on a recurring basis. Dollar Shave Club procures goods in bulk from other
companies, then bundles those products, maintains membership subscriptions, and markets the
products.
-------------------------------------------------------------------------------------------------------------------
What Are the Types of E-commerce?
An e-commerce company can sell to customers, businesses, or agencies such as the government. E-
commerce can also be performed by customers who sell to businesses, other customers, or
governments.
Electronic Governance or E-Governance is the application of Information and Communication
Technology (ICT) for providing government services, interchange of statistics, communication
proceedings, and integration of various independent systems and services. Through the means of e-
governance, government services are made available to citizens in a suitable, systematic, and
transparent mode. The three main selected groups that can be discriminated against in governance
concepts are government, common people, and business groups.
E-governance is the best utilization of information and communication technologies to mutate and
upgrade the coherence, productivity, efficacy, transparency, and liability of informational and
transnational interchanges within government, between government agencies at different levels,
citizens & businesses. It also gives authorization to citizens through access and use of information.
Generally, E-governance uses information and communication technologies at various levels of the
government and the public sector to enhance governance.
Theoretical studies state that E-Governance is the procedure of change of the correlation of
government with its ingredients, the citizens, the businesses, and its own organs, through the use of
tools of information and communication technology.
The UNESCO states that E-governance is the public sector’s use of information and communication
automation in order to upgrade information and service delivery, stimulating resident involvement in
the decision-making process and making government more liable, unambiguous and productive.
-------------------------------------------------------------------------------------------------------------
Elements of E-Governance:
Basic elements of e-governance are:
1. Government
2. Citizens
3. Investors/Businesses
-------------------------------------------------------------------------------------------------------------
Types of E-Governance:
E-governance is of 4 types:
1. Government-to-Citizen (G2C): The Government-to-citizen mentions the government services
that are acquired by the familiar people. Most of the government services come under G2C.
Similarly, the primary aim of Government-to-citizen is to supply facilities to the citizens. It also
helps ordinary people to minimize the time and cost to carry out a transaction. A citizen can
retrieve the facilities anytime from anywhere. Similarly, spending the administrative fee online
is also possible due to G2C. The facility of Government-to-Citizen allows the ordinary citizen to
outclass time limitations. It also focuses on geographic land barriers.

[Link] Page 48 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
2. Government-to-business (G2B): Government-to-business is the interchange of services
between Government and Business firms. It is productive for both government and business
firms. G2B provides access to pertinent forms needed to observe. It also contains many
services interchanged between business sectors and government. Similarly, Government-to-
business provides timely business information. A business organization can have easy and easy
online access to government agencies. G2B plays an important role in business development. It
upgrades the efficiency and quality of communication and transparency of government projects.
3. Government-to-Government (G2G): The Government-to-Government mentions the
interaction between different government departments, firms, and agencies. This increases the
efficiency of government processes. In G2G, government agencies can share the same database
using online communication. The government departments can work together. This service can
increase international discretion and relations. G2G services can be at the local level or at the
international level. It can convey to both global government and local government. It also
provides a safe and secure inter-relationship between domestic and foreign governments. G2G
builds a universal database for all members to upgrade service.
4. Government-to-Employee (G2E): The Government-to-Employee is the internal part of G2G
section. It aims to bring employees together and improvise knowledge sharing. It provides
online facilities to the employees. Similarly, applying for leave, reviewing salary payment record
and checking the balance of holiday. The G2E sector yields human resource training and
development. So, G2E is also the correlation between employees and government institutions.
-------------------------------------------------------------------------------------------------------------
Advantages of E-Governance:
The supreme goal of e-governance is to be able to provide an increased portfolio of public services to
citizens in a systematic and cost effective way. It allows for government transparency because it allows
the public to be informed about what the government is working on as well as the policies they are
trying to implement.
The main advantage while executing electronic government will be to enhance the efficiency of the
current system.
Another advantage is that it increases transparency in the administration, reduces costs, increases
revenue growth, and also improves relationships between the public and the civic authorities.
-------------------------------------------------------------------------------------------------------------
Disadvantages of E-Governance:
The main disadvantage regarding e-governance is the absence of fairness in public access to the
internet, of trustworthy information on the web, and disguised agendas of government groups that
could have an impact and could bias public opinions.

provisions of Information Technology Act 2000 related to E-Governance.

The Provisions are as follows: -
• It is important to note that Chapter 3 of the Information Technology Act, 2000 sections 4-10A
deals with E-governance. However, important provisions are:

• 1. Legal recognition of electronic records [Section 4]

• According to Section 4 where the law requires that any information or matter must be in writing
or handwritten form then such requirement shall be deemed to be satisfied if such information
is in electronic form. Therefore, Section 4 confers validity on the electronic record.

• 2. Legal recognition of digital signatures [Section 5]

• Section 5 confers validity on the digital signature. It provides that whenever the law requires
that any information or matter must be authenticated by affixing the signature or document
must be signed by a person then such requirement shall be

• Signed [Explanation to Section 5]

• "Signed", to a person, means affixing of his handwritten signature or any mark on any
document and the expression "signature" shall be construed accordingly.

• Section 4 & 5 corresponds to article 9 of the United Nations Convention on the Use of Electronic
Communications in International Contracts, 2005 & article 6 of MLEC, 1996.

• 3. Use of electronic records and digital signatures in Government and its agencies
[Section 6(1)]

[Link] Page 49 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR

• This Section confers validity on the use of electronic records and digital signature in government
offices and agencies. It states that:
• Where any law provides for-
• The filing of any form, application or any other document with any office, authority, body or
agency owned or controlled by the appropriate Government in a particular manner.

• The issue or grant of any Licence, permit, sanction or approval by whatever name called in a
particular manner.

• The receipt or payment of money in a particular manner, then, notwithstanding anything

contained in any other law for the time being in force, such requirement shall be deemed to
have been satisfied if such filing, issue, grant, receipt or payment, as the case may be, is
effected by means of such electronic form as may be prescribed by the appropriate
Government.

• 4. Rules by the appropriate Government [Section 6(2)]

• For the purposes of Section 6(1), the appropriate Government may, by rules, prescribe:

• The manner and format in which such electronic records shall be filed, created or issued;

• The manner or method of payment of any fee or charges for filing, creation or issue any
electronic record under clause (a).

• Regarding the use of an electronic record or digital signature in the government offices or
agencies, rules are to be framed by the appropriate government.

• 5. Delivery of services by the service provider [Section 6A inserted by The

Information Technology (Amendment) Act, 2008].

Origins of eGovernance in India

E-Governance in India had its beginnings in the 1970s when the government turned its attention to in-
house applications in areas like defense, economic monitoring, and data-intensive tasks such as
elections and tax administration. The establishment of the Department of Electronics in 1970 marked a
pivotal moment in this journey. Subsequently, the National Informatics Centre (NIC) launched the
District Information System in 1977, aimed at computerizing all district offices. The introduction of the
national computer network NICNET, based on satellites, in 1987 laid the foundation for e-governance
in India.

eGovernance in the Indian Context

India’s journey into e-governance began with the introduction of NICENET in 1987 and the DISNIC
program aimed at computerizing district offices. The National E-Governance Plan (NeGP), initiated in
2006, aimed to make government services accessible, efficient, transparent, and affordable for all
citizens. Several initiatives, including Digital India, Digi-Locker, Mobile Seva, [Link], and more,
have been launched under NeGP to promote e-governance across India.
------------------------------------------------------------------------------------------------------------------
The NeGP has enabled many eGovernance initiatives like
1. Digital IndiaMission: was launched in 2015 to digitally empower the nation. The creation of a
digital infrastructure that is both secure and stable, the digital delivery of government services, and
achieving universal digital literacy are its main components.
2. Digi-Locker: assists citizens in storing important documents in a digital format, such as degree
certificates, PAN numbers, and mark sheets. This makes it easier to share documents and reduces the
need for physical documents.
3. Mobile Seva: aims to provide government services via tablets and mobile phones. Over 200 live
applications are available in the m-App store, and they can be used to access a variety of government
services.
4. [Link]: is a platform for national citizen engagement where people can share ideas and get
involved in policy and governance issues.
5. UMANG: is a unified mobile application that gives users access to services offered by the federal
and state governments, such as Aadhar, Digital Locker, PAN, and 6. Employee Provident Fund services,
among other things.

[Link] Page 50 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
6. Computerisation of Land Records ensures that landowners get digital and updated copies of
documents relating to their property.
eGovernance Reforms and Recommendations
To enhance e-governance, reforms and recommendations include:
• Legal and Institutional Changes: Adapt government structures and procedures to support e-
governance.
• Data Transparency: Make transactional data accessible on government websites.
• Public-Private Partnerships: Promote partnerships in e-governance projects.
• Gram Panchayat Involvement: Engage Gram Panchayats in monitoring Common Service
Centres.
• Knowledge Management Systems: Establish systems for knowledge management.
• National Enterprise Architecture: Develop a national e-government “enterprise architecture”
framework.

NITI AAYOG Action Plan on eGovernance

NITI Aayog proposed an action plan for enhancing e-governance from 2017 to 2020. Key
recommendations include:
• Digital Literacy: Promote digital literacy among citizens.
• Grievance Redress: Expand grievance redress portals and improve resolution through data
utilization.
• Technology Infrastructure: Build IT infrastructure down to the Gram Panchayat level.

Impact on Citizens
India’s e-governance initiatives have had a profound impact on its citizens:
• Access to Services: Citizens can now access a wide array of government services online,
reducing the need for physical visits to government offices. This has been especially beneficial
during the COVID-19 pandemic, when digital services helped maintain social distancing.
• Transparency: E-governance has enhanced transparency in government processes. Citizens
can track the status of their applications and payments, reducing corruption and inefficiencies.
• Financial Inclusion: Initiatives like DBT have facilitated the direct transfer of subsidies and
benefits to citizens’ bank accounts, reducing leakages and ensuring that welfare schemes reach
their intended beneficiaries.
• Convenience: E-governance services are available 24/7, providing convenience to citizens who
can access them at their convenience, eliminating the need to take time off work for
government-related tasks.
-------------------------------------------------------------------------------------------------------------------
Challenges and Future Directions
Despite its advantages, e-governance faces several challenges:
• Public Trust: Trust in both government and technology is crucial but can be eroded by
fraudulent transactions.
• Digital Divide: Economic disparities limit access to digital technology.
• Insufficient Awareness: Lack of awareness hinders e-governance adoption.
High Infrastructure Costs: Developing nations like India face high infrastructure costs.
• Privacy and Security Concerns: Safeguarding personal information is a paramount concern.
• Accessibility Issues: Language barriers and inadequate infrastructure hamper rural adoption.
• Limited Computer Skills: Digital illiteracy remains a significant obstacle.
• Resistance to Change: Some individuals and officials resist changes brought about by e-
governance.
While India has made significant progress in e-governance, challenges remain. Ensuring that digital
infrastructure reaches all corners of the country, addressing concerns about data privacy and security,
and enhancing digital literacy among citizens are ongoing challenges.
In the future, India’s e-governance initiatives should focus on:
Digital Inclusion: Bridging the digital divide by expanding access to affordable internet and
technology in rural and remote areas.
Data Protection: Strengthening data protection laws and frameworks to safeguard citizens’ privacy
and personal information.
Interoperability: Ensuring that different e-governance systems and platforms can seamlessly
communicate with each other to provide a more unified experience for citizens.
-------------------------------------------------------------------------------------------------------------------
Models of eGovernance
E-Governance operates through various models, each catering to specific governance requirements:
• Comparative Analysis Model: Benchmarking governance practices against best practices.
• Critical Flow Model: Disseminating critical information to targeted audiences.
• E-Advocacy Model: Empowering global civil society to influence global decision-making.

[Link] Page 51 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
• Interactive Service Model: Providing government services directly to citizens interactively.
• Broadcasting Model: Disseminating useful governance information to the public.
The Need for eGovernance
E-Governance addresses critical needs, including:
• Cost Reduction: Reducing government expenses and curbing corruption.
• Efficiency Enhancement: Streamlining government processes and improving service quality.
• Business Opportunities: Creating new opportunities through e-governance.
• Inclusive Growth: Contributing to the goal of inclusive growth.
• Improved Services: Enhancing the quality and efficiency of government services.
• Data Utilization: Utilizing common e-governance data for informed discussions and policy-
making.
E-record and E-contract:
Like how everything in this world is becoming digitalized to meet the requirements of this fast-paced
world, the traditional pen and paper contracts have now taken the form of the new age E-Contracts.
From the simple household gasoline form registration to the much-complicated patent registrations,
everything is happening at the click of the mouse. If 50 years ago someone would have told our
parent’s generation that at the flick of an eye, they could do business transactions with a foreign
entity, they would have assumed we are conning them. But today thanks to the digital contracts which
have come in handy, even the gen x generations are utilizing it with much zeal and enthusiasm as it
has paved their way into gen z’s digital convenience and saving them all the hassle of traditional
transactions.
While all the digital paraphernalia makes daily tasks a piece of cake, it also imposes a formal legal
obligation known as E-Contracts.
It is still a question to wonder as to the number of E-contracts being entered into on a day-to-day
basis and that, there are several legislations governing it under our Indian Law and worldwide legal
systems.
The nitty-gritty of this fast-evolving method of fulfilling traditional contractual obligations through
modern technology is discussed ahead.

What is an electronic contract (e-contract)

Section 2(h), of the Indian Contract Act, 1872, tells us that the term ‘contract’ is an agreement that is
enforceable under the law. Interestingly, in the case of an E-Contract, the essence of Section 2(h) is
still sustained by only tweaking the mode in which the Contract comes into existence.
Hence, an E-Contract is an agreement that is enforceable under the law and is in all respects drafted,
negotiated, and executed digitally. Unlike a traditional contract which is paper-based, E-Contracts are
digital in their entirety. In an E-Contract, though there is an absence of a physical meeting of the
parties, a meeting of minds is present absolutely. The parties communicate with each other over the
internet or through telephonic media. An E-Contract is a step ahead of traditional pen-paper contracts
and comes into existence through electronic and digital mediums.

What is the legal validity of an e-contract?

As much as we are accustomed to performing our Contractual Obligations in the traditional method, in
the current era, we are also warming up to the idea of Electronic Contracts largely due to the hassle-
free nature of such transactions and primarily because it is recognized by the Indian Judicature. In
order to further understand as, how is an E-Contract legally recognized under Indian Law it is
imperative to emphasize the nexus between Section 10 of the Indian Contract Act,1872 and Section
10-A of the Information Technology Act, 2000.
Section 10 of the Indian Contract Act, 1872 provides the crucial pre-requisites for a Contract to be
legally valid. It is mandatory that a Contract satisfies the essentials specified in Section 10 of the
Contracts Act, i.e.,
1. Offer
2. Acceptance to Offer
3. Consensus ad Idem
4. Lawful Consideration
Like traditional contracts, electronic contracts should also possess the said elements. It should be
noted that electronic contracts are specifically not referred to in the Indian Contract Act.
Through Section 10-A of the Information Technology Act, 2000, we can procure the validity of the
contracts formulated through the electronic medium.
“Section 10-A of the Information Technology Act, 2000: Validity of contracts formed through electronic
means. – Where in a contract formation, the communication of proposals, the acceptance of proposals,
the revocation of proposals and acceptances, as the case may be, are expressed in electronic form or
by means of an electronic record, such contract shall not be deemed to be unenforceable solely on the
ground that such electronic form or means was used for that purpose.”

[Link] Page 52 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
The nexus between Section 10 of the Indian Contract Act and Section 10(A) of the Information
Technology Act is that, when an E-Contract satisfies all the essentials under Section 10 of the Indian
Contract Act, then as per Section 10-A of the Information Technology Act, it’s legal authenticity cannot
be relinquished only for the plain condition that it was digitally conceived and executed.
Consequently, when an agreement meets all the essential conditions of a contract, it cannot be denied
validity only for the mere reason that it was electronically formulated. In a nutshell, E-Contracts are
enforceable by law and considered valid contracts.
It is substantial to ascertain the legal validity of an E-Contract for the primary purpose of resorting to
legal recourse in the event of any breach thereof.

Indian Evidence Act and e-contracts

Section 65 B of the Indian Evidence Act, 1872, reinforces the validity of Electronic Contracts. Section
65 B pronounces that, any information that is contained in an electronic record that is either printed on
a paper, stored, recorded, or copied in an optical or magnetic media produced by a computer is
deemed to be a document when the conditions mentioned in this section are satisfied it shall be
admissible as evidence without further proof or production of the original.

Kinds of e-contracts
E-contracts are specific to the nature of the business. There are various types of E-Contracts executed
depending on the structure of the business. The amalgamation of the conventional contracts with the
proficiency of technology constitutes an E-Contract. Below are a few of the most common types of E-
Contracts:
1. Shrink Wrap Agreements
2. Clickwrap Agreements
3. Browse Wrap Agreements
4. Scroll Wrap Agreements
5. Sign-In Wrap Agreements

Shrink Wrap Agreements

Shrink Wrap agreements are the End User License Agreements (EULA) or Terms and Conditions, which
are packaged with the products. The technique of enclosing the product in a plastic wrap is called
Shrink Wrap which declares that the customer purchasing it is bound by the EULA.
Usage of the product is deemed acceptance by the user. Interestingly, the acceptance is by default
once the product is purchased along with the packaging being ripped and utilized. An example of
Shrink Wrap Agreements is Software Drives.

Clickwrap Agreements
Clickwrap agreements are a form of agreement used for software licensing, websites, and other
electronic media. When the user logs in to a website the terms and conditions or the privacy policies of
the website are to be accepted by the user as legal consent. Though the user is intimated in this
method about the existence of certain terms and conditions and is required to accept the same, there
is no power of negotiation.
The user clicks “I Agree” to be bound by the legal obligations. Some prominent examples of Click Wrap
agreements are Amazon, Flipkart, and Make My Trip.

Browse Wrap Agreements

Browse Wrap Agreements are online contract or license agreements commonly used in website notices
or mobile applications. The terms and conditions are provided in a ‘Hyperlink’ in some part of the
website which is not beforehand intimated to the user.
There is no procedure to assent or reject the Terms and Conditions. At the onset, when the user is
aware of such terms they can scroll down and double click on the terms and conditions to have a
complete view of the same.

Scroll Wrap Agreements

The Scroll Wrap Agreements require the user to scroll down the License Agreements, implying that it
has been read by the user by scrolling down through the terms and conditions before they can give
their assent or rejection.

Sign-In Wrap Agreements

The Sign-In Wrap agreement is a kind of E-Contract in which once the end-user has signed into an
online service or signs in to use a product the acceptance is acquired.

[Link] Page 53 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
Electronic Signatures
In the world of Electronic Contracts, the ancillary feature that has gained tremendous prominence is
the Digital signature or the Electronic Signature. The degree of acceptance of a Digital Signature is at
varying levels across the globe, so it is essential to ensure the validity of E- Signature ahead of
execution of any International Contract digitally.
The rendering of the signature which is done by the click of a button or through checking a box
digitally is called an electronic signature.
Electronic signatures are proffered digitally, which is, unconventional in comparison to the traditional
Wet Signature.
Information Technology Act, 2000 recognizes the legal validity of a Digital Signature Certificate (DSC)
under Indian Law.

Stamping of e- contract
According to the Indian Stamp Act, 1899, stamp duty is levied on the ‘instrument’. The term
instrument engulfs every document which has a right or liability excluding a bill of exchange, letter of
credit, cheque, promissory note, bill of lading, insurance policy, transfer of share, debenture, proxy,
and receipt.
It should be noted that the term ‘document’ also includes any electronic record as defined in Section
2(1)(t) of the Information Technology Act, 2000.
In India, electronic documents are stamped by taking a print of the document on a stamp paper or by
the method of franking or by the method of E-Stamping through the procurement of a stamp duty
certificate.
UNDERSTANDING ELECTRONIC CONTRACT
E-Contract is an aid to drafting and negotiating successful contracts for consumer and business e-
commerce and related services.
It is designed to assist people in formulating and implementing commercial contracts policies within e-
businesses.
It contains model contracts for the sale of products and supply of digital products and services to both
consumers and businesses.
An e-contract is a contract modelled, executed and enacted by a software system.
Computer programs are used to automate business processes that govern e-contracts.
Econtracts can be mapped to inter-related programs, which have to be specified carefully to satisfy the
contract requirements.
These programs do not have the capabilities to handle complex relationships between parties to an e-
contract.
An electronic or digital contract is an agreement “drafted” and "signed" in an electronic form.
An electronic agreement can be drafted in the similar manner in which a normal hard copy agreement
is drafted.
For example, an agreement is drafted on your computer and was sent to a business associate via e-
mail.
The business associate, in turn, e-mails it back to you with an electronic signature indicating
acceptance.
An e-contract can also be in the form of a "Click to Agree" contract, commonly used with
downloaded software: The user clicks an "I Agree" button on a page containing the terms of the
software license before the transaction can be completed. Since a traditional ink signature isn't
possible on an electronic contract, people use several different ways to indicate their electronic
signatures, like typing the signer's name into the signature area, pasting in a scanned version of the
signer's signature or clicking an "I Accept" button and many more.

EContracts can be categorized into two types i.e. web-wrap agreements and shrink-wrap
agreements. A person witnesses these e-contracts everyday but is unaware of the legal intricacies
connected to it. Web-wrap agreements are basically web based agreements which requires assent of
the party by way of clicking the “I agree” or “I accept” button e.g. E-bay user agreement, Citibank
terms and conditions, etc. Whereas Shrink-wrap agreements are those which are accepted by a user
when a software is installed from a CD-ROM e.g. Nokia pc-suite software1 .
-------------------------------------------------------------------------------------------------------------------
FORMING ELECTRONIC CONTRACTS
• Electronic contracts or online contracts enable transactions and agreements electronically
without the parties meeting each other. In the other words traditional contract process of offer,
acceptance and agreement to transact through electronic mode than physical mode of paper.
• ECommerce to succeed such contracts need to be validated legally an alternate mode of
transaction through online using the latest technological developments.
• The main aims are:

[Link] Page 54 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
o Creating a secure atmosphere of transacting online with alternate mode to paper and
writing.
o Creating an electronic documentation system which will safeguard the contracting parties
on par with the traditional mode of contracts.
o Creating statutory status and monitoring/verifying authorities for such electronic
transaction.
o Checking frauds intentional or unintentional transactions to promote and build
confidence in genuine online transactions.
o Creating necessary legal structures to oversee such transactions.
o Establishing standard rules and regulation for smooth functioning of online transactions.
o Making Digital signature legally valid and incorporating the same with the existing legal
regime of contracts, sale of goods, evidence and consumer acts.
-------------------------------------------------------------------------------------------------------------------
GENERAL LEGAL PRINCIPALS Indian Contracts Act 2(h) states that ‘an agreement enforceable
by law is a contract.
The Indian Contract Act 1872-s10 states: S 10. What agreements are contracts:
All agreements are contracts if they are made by the free consent of parties competent to contract, for
a lawful consideration and with a lawful object, and are not hereby expressly declared to be void.
Interpreting the section 10 of the Act the positive aspects can be enlisted as
• : 1. Free and conscious consent of the parties to the contract: In other words there should not
be any coercion, undue influence, fraud, misrepresentation or mistake which will not be
considered as free consent and will be considered as void.
• 2. Persons entering to the contract should be competent: In other words persons who are
minors by law, persons with unsound mind are not competent and any contract entered with
them is non-enforceable.
• Lawful Consideration: In other words any contract which is violative of any other law or
considerations which not legal will not be valid and will be void.
• Lawful Object: The purpose of any such contract has to be lawful in its object or else will be
rendered as void. 1“Evidentiary Value of E-Contracts” an article by Kapil RainaD. E. S. Law
College, Pune 2For detail see unit 8 These basic principles of contract law have been developed
over the years through the judicial decisions of the courts.
The current judicial trends indicate that these principles will apply to all contracts regardless of
whether they are formed electronically, orally or through paper based communications. Many of the
issues that arise for consideration relate to how these traditional contract law principles will apply to
modern forms of technology.
-------------------------------------------------------------------------------------------------------------------
DIFFERENT INFORMATION COMMUNICATION TECHNOLOGY (ICT) SYSTEM FOR E-
CONTRACTING
There are several different ICT systems that can be used to conduct e-contracting.
The type of system used to carry out an e-contracting process depends on factors such as the business
needs of the organisation, the size of the organisation, the annual turnover of the organisation and the
timeframe in which the project must be completed.
1. E-contracting using email- E-contracts can be formed by the exchange of text documents
using electronic communications such as email. Unless digital signatures are used, e-
contracts formed in this way are open to challenge in relation to the identity of the
parties and the integrity of the documents. The use of email communications also
presents difficulties for contract administration and the archiving of electronic records
relating to the contract:
2. • Email communication does not provide a comprehensive system of logging and
auditing electronic records and communications.
3. • An email can be read and altered when in transit even before it reaches its destination.
• Email communication does not facilitate collaboration on tasks relating to the
administration of a construction project such as architectural designs and drawings.
4. 2. Parties may enter into an e-contract using a ‘click to agree’ button on a website The
terms and conditions of the contract are displayed on a website operated by one of the
contracting parties and the other party agrees to the contract by completing a form and
clicking an ‘I agree’ button indicating acceptance of the relevant terms and conditions.
When the ‘I agree’ button is clicked, the details of the consenting party are recorded on
the web server maintained by the first party. 3. Forming contracts using XML The text
documents that form the basis of an e-contract may be written in XML, a mark-up
language for documents containing structured information (Walsh 1998). XML is an
abbreviation for extensible mark-up language. Structured information contains both
content and some indication of what role that content plays. The World Wide Web

[Link] Page 55 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
consortium (W3C) has developed XML-compliant guidelines for digital signatures. Using
XML, the content of the contract can be represented in a semi structured format by
classifying the contract into the following four groups: Who: Information about the
parties involved in the contract can be represented with XML. What: The product or
service, which is the object of the contract, can be described in XML using industry
specific XML vocabularies. How: The performance of the contract and the business
process can be described using XML. Legal: Terms and conditions of a contract can be
represented in a semi-structured format. XML documents can be communicated by one
party to the other using email or as part of an online collaboration system. 4. E-
contracting using web-based collaboration systems The limitations of the use of email
and ‘click to agree’ for e-contracting suggest that a centralised e-contracting system,
through which various activities such as tendering, contract formation, project
management and archiving can be conducted, should be adopted in the construction
industry.
-------------------------------------------------------------------------------------------------------------------
RELATED PROVISIONS IN INFORMATION TECHNOLOGY ACT, 2000 Electronic transactions will
depend on the appropriate legal framework, which recognizes ‘electronic records’ or ‘writings’ or ‘digital
signatures’. It should facilitate for a secure system of such transactions and should create evidentiary
value of such records. Section 2 of the Indian IT Act, 2000 deals with various definitions involved in
internet transaction and Chapter II and section 3 deals with the definition of digital signature and its
authentication for legal purposes.
According to sections of the IT Act 2000:
4. Legal recognition of electronic records. -Where any law provides that information or any other
matter shall be in writing or in the typewritten or printed form, then notwithstanding anything
contained in such law, such requirement shall be deemed to have been satisfied if such information or
matter is—
(a) Rendered or made available in an electronic form; and
(b) Accessible so as to be usable for a subsequent reference
5. Legal recognition of digital signatures. -Where any law provides that information or any other matter
shall be authenticated by affixing the signature or any document should be signed or bear the
signature of any person, then, notwithstanding anything contained in such law, such requirement shall
be deemed to have been satisfied, if such information or matter is authenticated by means of digital
signature affixed in such manner as may be prescribed by the Central Government. Explanation. - For
the purposes of this section, “signed”, with its grammatical variations and cognate expressions, shall,
with reference to a person, mean affixing of his hand written signature or any mark on any document
and the expression “signature” shall be construed accordingly. According to section 11 of the IT Act,
2000, Section 11.
An electronic record shall be attributed to the originator— (a) if it was sent by the originator himself;
(b) by a person who had the authority to act on behalf of the originator in respect of that electronic
record; or (c) by an information system programmed by or on behalf of the originator to operate
automatically. According to section 2(1) (za) of the IT Act, originator is a person who:
1. sends, generates, stores or transmits any electronic message or
2. causes any electronic message to be sent, generated, stored or transmitted to any other person.
The term originator does not include an intermediary. Illustration Neha uses her [Link] email
account to send an email to Ramesh. Neha is the originator of the email. This section can best be
understood with the help of following illustrations. Illustration 1 Neha logs in to her web-based
[Link] email account. She composes an email and presses the “Send” button, thereby sending the
email to Ramesh. The electronic record (email in this case) will be attributed to Neha (the originator in
this case) as Neha herself has sent it. Illustration 2Neha instructs her assistant Samar to send the
above-mentioned email. In this case also, the email will be attributed to Neha (and not her assistant
Samar). The email has been sent by a person (Samar) who had the authority to act on behalf of the
originator (Neha) of the electronic record (email). Illustration 3 Neha goes on vacation for a week. In
the meanwhile, she does not want people to think that she is ignoring their emails. She configures her
[Link] account to automatically reply to all incoming email messages with the following message:
“Thanks for your email. I am on vacation for a week and will reply to your email as soon as I get
back”. Now every time that [Link] replies to an incoming email on behalf of Neha, the
automatically generated email will be attributed to Neha as it has been sent by an information system
programmed on behalf of the originator (i.e. Neha) to operate automatically. Acknowledgment of
Receipt: section 12(1) of the IT Act said that, ‘Where the originator has not agreed with the addressee
that the acknowledgment of receipt of electronic record begiven in a particular form or by a particular
method, an acknowledgment may be given by— (a) any communication by the addressee, automated
or otherwise; or (b) any conduct of the addressee, sufficient to indicate tothe originator that the
electronic record has been received.’ According to section 2(1) (b) of the IT Act, Addressee means a

[Link] Page 56 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
person who is intended by the originator to receive the electronic record but does not include any
intermediary. Illustration- Neha uses her [Link] email account to send an email to Ramesh. Neha
is the originator of the email. [Link] is the intermediary. Ramesh is the addressee. This subsection
provides for methods in which the acknowledgment of receipt of an electronic record may be given,
provided no particular method has been agreed upon between the originator and the recipient. One
method for giving such acknowledgement is any communication (automated or otherwise) made by the
addressee in this regard. Illustration: in the earlier example of Neha going on vacation for a week. She
has configured her email account to automatically reply to all incoming email messages with the
following message “Thanks for your email. I am on vacation for a week and will reply to your email as
soon as I get back”. The incoming message is also affixed at the bottom of the above-mentioned
message. Now when Ramesh sends an electronic record to by email, he will receive Neha’s pre-set
message as well as a copy of his own message. This automated communication will serve as an
acknowledgement that Neha has received Ramesh’s message. Another method is any conduct of the
addressee, sufficient to indicate to the originator that the electronic record has been received. We take
now another illustration. Illustration: Rakesh sends an email to Neha informing her that he would like
to purchase a car from her and would like to know the prices of the cars available for sale. Neha
subsequently sends Rakesh a catalogue of prices of the cars available for sale. It can now be concluded
that Neha has received Rakesh’s electronic record. This is because such a conduct on the part of Neha
(i.e. sending the catalogue) is sufficient to indicate to Rakesh (the originator) that his email (i.e. the
electronic record) has been received by the addressee (i.e. Neha). According to section 12(2) of the IT
Act, Where the originator has stipulated that the electronic record shall be binding only on receipt of an
acknowledgment of such electronic record by him, the nunless acknowledgment has been so received,
the electronic record shall be deemed to have been never sent by the originator. Illustration: Neha
wants to sell a car to Rakesh. She sends him an offer to buy the car. In her email, she asked Rakesh to
send her an acknowledgement that he has received her email. Rakesh does not send her an
acknowledgement. In such a situation it shall be assumed that the email sent by Neha was never sent.
According to section 12(3) of the IT Act, 2000, Where the originator has not stipulated that the
electronic record shall be binding only on receipt of such acknowledgment, and the acknowledgment
has not been received by the originator within the time specified or agreed or, if no time has been
specified or agreed to within a reasonable time, then the originator may give notice to the addressee
stating that no acknowledgment has been received by him and specifying a reasonable time by which
the acknowledgment must be received by him and if no acknowledgment is received within the
aforesaid time limit he may after giving notice to the addressee, treat the electronic record as though it
has never been sent. Illustration: Rakesh sends the following email to Ramesh: Further to our
discussion, I am ready to pay Rs 20 lakh for the source code for the XYZ software developed by you.
Let me know as soon as you receive this [Link] does not acknowledge receipt of this email.
Rakesh sends him another email as follows: I am resending you my earlier email in which I had offered
to pay Rs 20 lakh for the source code for the XYZ software developed by you. Please acknowledge
receipt of my email latest by next week. Ramesh does not acknowledge the email even after a week.
The initial email sent by Rakesh will be treated to have never been sent. Time and place of despatch
and receiptAccording to section 13(1) of the IT Act, 2000, Save as otherwise agreed to between the
originator and the addressee, the despatch of an electronic record occurs when it enters a computer
resource outside the control of the originator. Illustration: Neha composes a message for Rakesh at
10.58 a.m. At exactly 12.00 noon she presses the “Submit” or “Send” button. When she does that the
message leaves her computer and begins its journey across the Internet. It is now no longer in Neha’s
control. The time of despatch of this message will be 12.00 noon. According to section 13(2) of the IT
Act, 2000,Save as otherwise agreed between the originator and the addressee, the time of receipt of
an electronic record shall be determined as follows, namely:— (a) if the addressee has designated a
computer resource for the purpose of receiving electronic records,— (i) receipt occurs at the time when
the electronic record enters the designated computer resource; or (ii) if the electronic record is sent to
a computer resource of the addressee that is not the designated computer resource, receipt occurs at
the time when the electronic record is retrieved by the addressee; (b) if the addressee has not
designated a computer resource along with specified timings, if any, receipt to occurs when the
electronic record enters the computer resource of the addressee. Illustration: The marketing
department of a company claims that it would make the delivery of any order within 48 hours of
receipt of the order. For this purpose they have created an order form on their website. The customer
only has to fill in the form and press submit and the message reaches the designated email address of
the marketing department. Now Mahesh, a customer, fills in this order form and presses submit. The
moment the message reaches the company’s server, the order is deemed to have been received.
Kunal, on the other hand, emails his order to the information division of the company. One Mr Sharma,
who is out on vacation, checks this account once a week. Mr Sharma comes back two weeks later and
logs in to the account at 11.30 a.m. This is the time of receipt of the message although it was sent two
weeks earlier. Now suppose the company had not specified any address to which orders can be sent by

[Link] Page 57 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
email. Had Karan then sent the order to the information division, the time of receipt of the message
would have been the time when it reached the server of the company. According to section 13(3) of
the IT Act, 2000,‘Save as otherwise agreed to between the originator and the addressee, an electronic
record is deemed to be despatched at the place where the originator has his place of business, and is
deemed to be received at the place where the addressee has his place of business.’ Illustration Samar
is a businessman operating from his home in Mumbai, India. Sameer sent an order by email to a
company having its head office in New York, USA. The place of despatch of the order would be Samar’s
home and the place of receipt of the order would be the company’s office. According to section 13(4) of
the IT Act, 2000, ‘The provisions of sub-section (2) shall apply notwithstanding that the place where
the computer resource is located may be different from the place wherethe electronic record is deemed
to have been received under sub-section (3). Illustration If in the illustration mentioned above, the
company has its mail server located physically at Canada, the place of receipt of the order would be
the company’s office in New York USA. According to section 13(5) of the IT Act, 2000, ‘for the
purposes of this section,— (a) if the originator or the addressee has more than one place of business,
the principal place of business, shall be the place of business; (b) if the originator or the addressee
does not have a place of business, his usual place of residence shall be deemed to be the place of
business; (c) "usual place of residence", in relation to a body corporate, means the place where it is
registered. Illustration Samar sent an order by email to a company having its head office in New York,
USA. The company has offices in 12 countries. The place of business will be the principal place of
business (New York in this case) Samar is a businessman operating from his home in Mumbai, India.
He does not have a separate place of business. Sameer’s residence will be deemed to be the place of
business. A landmark judgement was given by the Allahabad High Court with respect to the formation
of electronic contracts in P.R. Transport Agency vs. Union of India & others3 . The facts of the case are
as, Bharat Coking Coal Ltd (BCC) held an e-auction for coal in different lots. P.R. Transport Agency’s
(PRTA) bid was accepted for 4000 metric tons of coal from Dobari Colliery. The acceptance letter was
issued on 19th July 2005 by e-mail to PRTA’s e-mail address. Acting upon this acceptance, PRTA
deposited the full amount of Rs. 81.12 lakh through a cheque in favour of BCC. This cheque was
accepted and encashed by BCC. BCC did not deliver the coal to PRTA. Instead it e-mailed PRTA saying
that the sale as well as the e-auction in favour of PRTA stood cancelled "due to some technical and
unavoidable reasons”. The only reason for this cancellation was that there was some other person
whose bid for the same coal was slightly higher than that of PRTA. Due to some flaw in the computer
or its programme or feeding of data the higher bid had not been considered earlier. This
communication was challenged by PRTA in the High Court of Allahabad (UP). BCC objected to the
“territorial jurisdiction” of the Court on the grounds that no part of the cause of action had arisen
within U.P. The Issue raised by BCC is that, the High Court at Allahabad (in U.P.) had no jurisdiction as
no part of the cause of action had arisen within U.P. On the other hand the issues raised by PRTAis:
[Link] communication of the acceptance of the tender was received by the petitioner by e-mail at
Chandauli (U.P.). Hence, the contract (from which the dispute arose) was completed at Chandauli
(U.P). The completion of the contract is a part of the “cause of action”. 2. The place where the contract
was completed by receipt of communication of acceptance is a place where 'part of cause of action'
arises. Points considered by the court 1. With reference to contracts made by telephone, telex or fax,
the contract is complete when and where the acceptance is received. However, this principle can apply
only where the transmitting terminal and the receiving terminal are at fixed points. 2. In case of e-
mail, the data (in this case acceptance) can be transmitted from anywhere by the e-mail account
holder. It goes to the memory of a 'server' which may be located anywhere and can be retrieved by
the addressee account holder from anywhere in the world. Therefore, there is no fixed point either of
transmission or of receipt. 3. Section 13(3) of the Information Technology Act has covered this
difficulty of “no fixed point either of transmission or of receipt”. According to this section “...an
electronic record is deemed to be received at the place where the addressee has his place of business."
4. The acceptance of the tender will be deemed to be received by PRTA at the places where it has place
of business. In this case it is Varanasi and Chandauli (both in U.P.) 3AIR2006All23, 2006(1)AWC504
Decision of the court 1. The acceptance was received by PRTA at Chandauli / Varanasi. The contract
became complete by receipt of such acceptance. 2. Both these places were within the territorial
jurisdiction of the High Court of Allahabad. Therefore, a part of the cause of action had arisen in U.P.
and the court had territorial jurisdiction.

Supervises the activities of the Certifying Authorities:

Certifies public keys of the Certifying Authorities:
Lays down the standards to be maintained by the Certifying Authorities:
Specifies the qualifications and experience which employees of the Certifying Authorities
should possess:
Specifies the conditions subject to which the Certifying Authorities shall conduct their
business.

[Link] Page 58 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
Specifies the contents of written, printed, or visual materials and advertisements that may
be distributed or used by the CA in respect of an Electronic Signature Certificate and the
public key.

The Controller of CAs performs all or any of the following functions:

• This function is further substantiated by the fact that a Licenced Certifying Authority has to
fulfill all the conditions stipulated by the Controller, Further, the Certifying Authority shall get its
operations audited, annually or half-yearly, by an auditor and submit its audit report to the Controller
within 4 weeks of the completion of such audit Therefore, the CCAs shall supervise the CA through
such audit reports.

• For performing this function, the CCAs have established the Root Certifying Authority of India
(RCAI) to certify the public keys of all CAs in India.

• Regarding this, Rule refers to the standards for different activities associated with CAs
functions.

• It is important to note that neither Rules nor Regulations provide for specific qualifications and
experience which employees of the Certifying Authorities must fulfill. However, it is implied that a
person with a criminal background must not be an employee of the Certifying Authorities.

1 Power to Delegate [Section 27] :

2 The Controller of CAs may authorise the Deputy Controller, Assistant Controller, or any officer
to exercise any of the powers of the Controller under this Chapter. However, such delegation must be
in writing.

1 Power to Investigate Contraventions [Section 28] :

2 The Controller of CAs or any officer authorised by him on this behalf shall take up for
investigation, any contravention of the provisions of this Act, rules, or regulations made thereunder.
3 The Controller of CAs or any officer authorised by him in this behalf shall exercise the like
powers which are conferred on Income-tax authorities under Chapter XIII of the Income-tax Act, 1961
and shall exercise such powers, subject to such limitations laid down under that Act.

1 Access to computers and data [Section 29] :

2 Where the Controller of CAs or any person authorised by him has reasonable cause to suspect
that any contravention of the provision of this chapter has been committed then he may have access
to any computer system, any apparatus, data, or any other material connected with such system, for
the purpose of searching on causing a search to be made for obtaining any information or data
contained in on available to such computer system.

1 Power to Give Directions to Certifying Authorities [Section 68] :

2 Under section 68(1) of the Act the Controller is empowered to direct, by an order, a Certifying
Authority or any employee of such Authority to take such measures or cease carrying on such activities
as specified in the order if those are necessary to ensure compliance with the provisions of this Act,
rules or any regulations made thereunder.

1 Power to Make Regulations [Section 89(1)] :

2 Under section 89 of the Act, the Controller of CAs has been empowered to make regulations on
the matters specified by that section. To make regulation, the Act requires that the Controller of CAs
may consult the Cyber Regulations Advisory Committee. After such consultation and with the previous
approval of the Central Government, the Controller of CAs may make regulations consistent with the
Act and rules made thereunder to carry out the purposes of the Act. Such regulations are required to
be notified in the Official Gazette.

• The following persons may apply for a grant of a licence to issue Digital Signature Certificates:
1. Individual
2. Company
3. Partnership firm
4. Government
Conditions :-

[Link] Page 59 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
• It is important to note that the first three entities must fulfill certain conditions for becoming CA
under this act whereas the last entity i.e., the Government is not required to fulfill any condition. Lets
analyses these conditions:

(1) an individual, who is a citizen of India and having a capital of five crores of rupees or more in his
business or profession;
(2) a company having:
• (a) paid-up capital of not less than five crores of rupees; and
• (b) the net worth of not less than fifty crores of rupees; and
• Net Worth [Explanation (iv) to Rule 8]: "net worth" means the sum total of the paid-up capital.
• Company [Explanation (i) to Rule 8]: The "company" shall have the meaning as assigned to it
under Section 2(17) of the Income-tax Act, 1961 which defines the company as:

(3) a firm having:

• capital subscribed by all partners of not less than five crores of rupees; and
• the net worth of not less than fifty crores of rupees:
• Firm etc. (Explanation (ii) to Rule 8]: "firm", "partner" and "partnership" shall have the
meanings respectively assigned to them in the Indian Partnership Act, 1932. Under this Act partnership
is a relationship among persons who agree to share the profit of business carried on by all or some of
them, individually they are known as partners and collectively as a partnership firm.
• The firm where capital held in aggregate by the Non-resident Indians etc. [First
Proviso to Rule 8(c)]: A firm, in which the capital held in aggregate by any Non-resident Indian, and
foreign national, exceeds forty-nine percent of its capital, shall not be eligible for grant of licence.

Role regarding the commencement of operation by Licensed Certifying Authorities [Rule

20]:
Role to follow certain procedures [Section 30]:
Role to ensure compliance of the Act, etc. [Section 31]:
Role to display of licence [Section 32]:
Role regarding renewal of licence [Section 23]:
Role to surrender of licence [Section 33(1)]: Every Certifying Authority whose licence is
suspended or revoked shall immediately after such suspension or revocation, surrender the licence to
the Controller.

Role of Certifying Authority :-

• The licensed Certifying Authority shall commence its commercial operation of generation and
issue of Digital Signature Certificates only after:
• it has confirmed to the Controller the adoption of Certification Practice Statement;
• it has generated its key pair, i.e., private key and corresponding public key, and submitted the
public key to the Controller,etc.

• Every Certifying Authority shall:

• make use of hardware, software, and procedures that are secure from intrusion and misuse;
• provide a reasonable level of reliability in its services which are reasonably suited to the
performance of intended functions;
• follow the security procedures to ensure the secrecy and privacy of the electronic signature, etc.

• Every Certifying Authority must ensure that every person employed or otherwise engaged by it
complies, in the course of his employment or engagement, with the provisions of this Act, rules,
regulations, and orders made thereunder.

• Every Certifying Authority must display its licence at a conspicuous place of the premises in
which it carries on its business so that the public should know that he is a licenced CA.

• As licence is valid for 5 years, therefore, every CA must apply for renewal of licence in case he
wants to continue his business. However, an application for renewal of a licence shall be:
• in such form as may be prescribed by the Central Government i.e., Form mentioned in Schedule
I.

Role regarding disclosure [Section 34(1)]:

Role of CA when an event has occurred or any situation has arisen which may materially and
adversely affect the integrity of its computer systems [Section 34(2)]:
Role regarding Security Guidelines [Rule 19]:

[Link] Page 60 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
Role to get its operations audited annually [Rule 31]:
Role before he ceases to act as Certifying Authority [Rule 21]:

• Every Certifying Authority shall disclose the following in the manner specified by regulations:
• its Electronic Signature Certificates; (ii) any certification practice statement relevant thereto i.e.
under section 2(1)(h)
• notice of the revocation or suspension of its Certifying Authority certificate, if any.

• Where in the opinion of the Certifying Authority any event has occurred or any situation has
arisen which may materially and adversely affect the integrity of its computer system or the conditions
subject to which an Electronic Signature Certificate was granted.

• The Certifying Authorities shall have the sole responsibility of integrity, confidentiality, and
protection of information and information assets employed in its operation, considering classification,
declassification, labeling, storage, access, and destruction of information assets according to their
value, sensitivity, and importance of the operation.

• The Certifying Authority must get its operations audited annually by an auditor and such audit
shall include:
• security policy and planning;
• physical security;
• technology evaluation;
• Certifying Authority's services administration;
• relevant Certification Practice Statement

• Before ceasing to act as a Certifying Authority must fulfill the following conditions:
• he shall: give notice to the Controller of its intention to cease acting as a Certifying Authority.
Further, the notice shall be made ninety days before ceasing to act as a Certifying Authority or ninety
days before the date of expiry of licence.
Evidence
The Indian Evidence Act, 1872 (Sec. 3) defines evidence as to oral or documentary. Oral evidence can
be said the statements which are made by witnesses before the Hon’ble court and Documentary
evidence is one which is produced before the court for its inspection which includes electronic records.
If it is further seen in detail then we find more about the type of evidence for the court of law purpose.
However, Evidence could be divided as follows:
• Oral, or Documentary;
• Primary, or Secondary.
Primary and secondary evidence
Primary evidence: Primary evidence means Production of the original electronic record means the
production of the document itself.
Secondary evidence: Production of computer-output of the contents of the electronic record;
Secondary evidence is a certified copy or counterparts of documents which the party is unable to
produce in the court and statement of an expert or person who has himself seen that document.
It is a recognized principle of law that if Primary Evidence is available, it has to be given priority over
Secondary Evidence. Many of the times it is practically impossible to produce primary evidence in the
court because of their storage on hard disks, cloud, big servers and other electronic data storages,
hence, the apex court has permitted secondary evidence.
That secondary evidence can be taken to the court through print out on paper, copying or storing on
any magnetic or optical media produced by an electric device. But, secondary evidence is only
admissible if it satisfies the conditions preceded u/s 65B Indian Evidence Act.
-------------------------------------------------------------------------------------------------------------------
Electronic records as evidence
The Indian Evidence Act Section 65 specifies the admissibility of secondary evidence in particular
cases. Section 65B specifies the procedure of proving the contents of electronic records which have
been laid down under Section 65B.

Admissibility of electronic records mentioned as per Section 65B of Indian Evidence Act specifies that
the printed any information of electronic records on a paper, or created a copy of that record on any
optical or magnetic media shall also be deemed to be secondary evidence document if it satisfies the
conditions mentioned under section 65B and original source of that information i.e. electronic device
shall also be admissible without any further proof in any proceeding of the court of law.
Essentially elements of the electronic evidence as per the Indian Evidence Act are as follows:

[Link] Page 61 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
1. Such produced information of electronic records should be produced by the person having
legally authorized to have control over that electronic device.
2. That storage of information must take place during the day to day general course of the act of
that person.
3. That stored information has been stored on that electronic device during the day to day general
course of action of that person.
4. While storing or copying of that material information, the said electronic device must be in a
functioning state, to avoid any possible negative impact on its operation or distort the accuracy
& authenticity of its material contents.
5. Any kind of storage or copying or making counterpart of the information required for the
production in the court of law as electronic evidence should be free from any kind of distortion
or manual edit or manipulation, it must be the authentic and trustworthy information, which
may get admitted as evidence in the court of law.
-------------------------------------------------------------------------------------------------------------------
Different types of electronic records
Information Technology Act, 2008 defines electronic records; it covers a wide range of formats in
which data can be produced. DVD, CD, pen drives, telephonic recordings, hard drives, e-mails,
pictures, video recordings, sound recordings, etc. are a few of them. Each of the above electronic
records formats deals with a variety of different conditions relating to their evidentiary value and
admissibility in a court of law.
-------------------------------------------------------------------------------------------------------------------
Evidence in the form of as DVD, CD, Hard-Drive, chip, Memory Chip, Pen Drive:
Above electronic records are admissible as primary as well as secondary evidence. The value evidence
depends on how and in what manner the electronic records have been submitted to the court i.e. if
these electronic records are submitted as it is then those have more value without any doubt but if you
want to submit their copied version on other similar or different device then you have to comply with
the conditions precedent under Sec. 65b of the Indian Evidence Act and get the certificate for its
admission in the court.
-------------------------------------------------------------------------------------------------------------------
Audio and Video Recordings:
These electronic records are admissible if they are submitted in original i.e. original audio or video
recordings are the valid and authentic source of electronic evidence and not the copied version. Their
copied version records on other similar or different device have to comply with the conditions
precedent under Sec 65B of the Indian Evidence Act and get the certificate for its admission in the
court.
-------------------------------------------------------------------------------------------------------------------
Evidence generated through mobile phone in the form of media, calls and email:
Email: It is recognized as a valid and authentic source of evidence. Generally, e-mails are submitted
through print outs attached with the certification of u/s 65B of the Indian Evidence Act.
Media and calls generated through mobile phone: Nowadays, Mobile phones are very useful electronic
device and very resourceful. It helps from tracing location, capturing videos & pictures, recording calls
to many other electronic resources which aids the judicial and investigating system to get valuable
evidence. Mobile phone’s electronic records are admissible if they are submitted in original i.e. mobile
itself which contains the primary source of media and calls. Their copied version records on other
similar or different device have to comply with the conditions precedent under sec. 65B of Indian
Evidence Act and get the certificate for its admission in the court.
REGULATION OF CYBERSPACE CONTENT IN INDIA In India, Information Technology Act, 2000 is
the legislation which covers the domain of cyber law.
The main objective of the Act is to provide legal recognition for transactions carried out by
means of electronic data interchange and other means of electronic communication,
commonly referred to as ecommerce, which involve the use of alternatives to paper-based
methods of communication and storage of information to facilitate electronic filing of
documents with the Government agencies.
Electronic Signatures [Chapter II] Any subscriber (i.e., a person in whose name the Digital
Signature Certificate is issued) may authenticate electronic record by affixing his Digital Signature.
Electronic record means data record or data generated image or sound, stored, received or sent in an
electronic form or microfilm or computer generated microfiche.
Electronic Governance [Chapter III] Where any law provides submission of information in writing
or in the typewritten or printed form, it will be sufficient compliance of law, if the same is sent in an
electronic form.
Further, if any statute provides for affixation of signature in any document, the same can be done by
means of Digital Signature. Similarly, the filing of any form, application or any other documents with
the Government Authorities and issue or grant of any license, permit, sanction or approval and any

[Link] Page 62 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
receipt acknowledging payment can be done by the Government offices by means of electronic form.
Retention of documents, records, or information as provided in any law, can be done by maintaining
electronic records.
Any rule, regulation, order, by-law or notification can be published in the Official Gazette or Electronic
Gazette.
However, no Ministry or Department of Central Government or the state Government or any Authority
established under any law can be insisted upon acceptance of a document only in the form of electronic
record.
Regulation of Certifying Authorities [Chapter IV] The Central Government may appoint a
Controller of Certifying Authority who shall exercise supervision over the activities of Certifying
Authorities.

Digital Signature Certificate [Chapter VII] Any person may make an application to the Certifying
Authority for issue of Digital Signature Certificate.
The Certifying Authority while issuing such certificate shall certify that it has complied with the
provisions of the Act.
Penalties and Adjudication [Chapter IX] If any person without the permission of the owner,
accesses the owner’s computer, computer system or computer net-work or downloads copies or any
extract or introduces any computer virus or damages computer, computer system or computer net
work data etc. he/ she shall be liable to pay damage by way of compensation not exceeding Rupees
One Crore to the person so effected.
The Appellate Tribunal [Chapter X] The section 48 of IT Act provides ‘that The Telecom Disputes
Settlement and Appellate Tribunal established under section 14 of the Telecom Regulatory Authority of
India Act, 1997 shall, on and from the commencement of Part XIV of Chapter VI of the Finance Act,
2017, be the Appellate Tribunal for the purposes of this Act and the said Appellate Tribunal shall
exercise the jurisdiction, powers and authority conferred on it by or under this Act.
However, the Central Government shall specify, by notification, the matters and places in relation to
which the Appellate Tribunal, may exercise jurisdiction’.
Under the act, the Central Government has the power to establish the Cyber Regulations Appellate
Tribunal having power to entertain the cases of any person aggrieved by the Order made by the
Controller of Certifying Authority or the Adjudicating Officer.
Offences [Chapter XI] Tampering with computer source documents or hacking with computer
system entails punishment with imprisonment up to three years or with fine up to Rs. 2 lakhs or with
both. Publishing of information, which is obscene, in electronic form, shall be punishable with
imprisonment up to five years or with fine up to Rs. 10 lakh and for second conviction with
imprisonment up to ten years and with fine up to Rs. 2 lakhs. The Information Technology Act, 2000
was amended in 2015 wherein the Supreme Court in the case of Shreya Singhal v. Union of India had
struck Section 66A of Information Technology Act, 2000 as it violates the freedom of speech and
expression provided under Article 19(1)(a) of the Constitution of India.
What is an electronic signature?
Electronic signatures, also known as e-signatures, consist of a group of different methods of attaching
identity to documents using an electronic process. Technically speaking, what qualifies as an electronic
signature is an electronic entity (“sound, symbol, or process,” according to the E-Sign Act) linked to a
record that one intends to sign. Something as simple as a picture of a handwritten signature or as
complex as a digital signature certificate generated via PKI (public key infrastructure) can qualify as an
e-signature. They have grown in popularity tremendously in recent years, likely due to the increasingly
paperless world that we find ourselves in; documents need to be signed and e-signing is a convenient
and efficient solution.
Many businesses, consumers, and even some governmental processes have introduced and embraced
the use of electronic signatures on their electronic documents. Depending on the specific use case,
different types may be used, each offering a different level of authentication of the identity attached.
Nowadays, in many jurisdictions, electronic signatures are considered equivalent to handwritten signed
documents.
Although "electronic signatures" and "digital signatures" are often used interchangeably in colloquial
use, they are, in fact, not the same thing. The difference is that a digital signature is a specific type of
secure electronic signature that uses an algorithm to cryptographically authenticate a document.
What is the difference between a digital certificate and an electronic signature?
Digital certificates use PKI certificates issued by a trusted certificate authority, like Sectigo, to
authenticate the identity of the requestor. This type of authentication is the best way to ensure the
integrity of electronic documents and directly link the identity to the document, ensuring its legitimacy.
Digital signatures comply with the most demanding regulatory requirements, including the United
States Electronic Signatures in Global and National Commerce Act (ESIGN Act), the Uniform Electronic
Transactions Act (UETA), and other applicable international laws like eIDAS.

[Link] Page 63 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
Other types of electronic signatures use different, less secure methods of authentication. These can
include email addresses, phone numbers, or other types of contact information. There are many
different types of electronic signature laws around the world and different requirements for verifying
the signer's true identity.
3 main types of electronic signatures
There are three main categories of electronic signatures. The specific differences are described by the
2016 electronic Identification, Authentication, and Trust Services regulation (eIDAS regulation) passed
by the European Union (EU). They are also applicable in the US.
This piece of regulation creates a legal framework concerning the electronic identification, signing
process, seals, and documents throughout the EU. These signatures are often built into business
processes and workflows as default options, and they have become ubiquitous in the internet user
experience.
Simple Electronic Signatures (SES)
SES are the broadest and simplest types of electronic signatures. eIDAS defines them as "data in
electronic form which is attached to or logically associated with other data in electronic form and which
is used by the signatory to sign." They do not need any type of identity verification from the signer,
and trust in these signatures is the responsibility of the individual accepting the document.
In some cases, simple electronic signatures can be considered legally binding. However, for many
documents, higher qualifications must be met.
Advanced Electronic Signatures (AES)
Unlike the simple version, advanced electronic signatures do require a level of identity verification.
They are based on certificates that uniquely identify the signer of the electronic document. They are
often transmitted via a specific delivery service that can provide audit trails and other types of
evidence about the transmitted data. These signatures are typically certified by a Certificate Authority
(CA).
Qualified Electronic Signatures (QES)
QES are like advanced electronic signatures, but they go further to meet additional requirements
outlined in the eIDAS regulations. Qualified electronic signatures must have a certificate based on
public keys that were issued with proper technological means. They also must have prior identification
of the signatory by an audited entity, such as a Certificate Authority. This identification can be
completed face-to-face, which can be conducted remotely via video chat or in person.
Legality
There are many different legal requirements for electronic signatures around the world. In the United
States, the legality of them largely revolves around four major pillars.
Intent
Intent with an electronic signature is no different than with a handwritten or wet signature. It must be
clear that the signatory intends to affix their name/identity to the electronic document. In this case,
you cannot force someone to opt out and consider it to be a legal signature.
Consent
When an electronic document or contract is signed, every party signing it must specifically give
consent. Without this, the use of electronic signatures cannot be considered valid unless they opted in
at a previous date and never withdrew their consent.
Accuracy
The specific method used for affixing the electronic signature must not only keep a record for that
signature, but it must be a demonstrably accurate record. This record should also fully explain the
method that was used to create and affix the signature.
Retention
The record of an electronic signature must be accurately reproduced and available for the files of any
party entitled to such data. This leaves an audit trail and allows access to any necessary records.
Validity and verification
How do you verify an electronic signature?
Verifying an electronic signature depends on the type of e-signature being used. As discussed above,
simple electronic signatures do not need specific identity verification methods to be used in many
countries and situations.
Advanced electronic signatures, however, force signers to use digital certificates as a method of
identity verification. There are many methods to generate and verify these AES certificates. Most major
platforms, like DocuSign will allow you to do so.
Qualified electronic signatures are the most secure, and thus the most difficult verification method.
They use a qualified trust service provider (QTSP) like Sectigo, often specifically authorized by a
government to:
• verify the signer’s identity either through face-to-face or a video conference call with a valid
method of identification.
• validate the identity of the signer at the time of signature through signer-held or cloud-based
certificates.

[Link] Page 64 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
What makes an electronic signature valid?
For an electronic signature to be considered valid, especially in a legal setting, certain minimum criteria
must be met. There must be clearly demonstrated intent, security of the signed document, and
prevention of tampering in the future. The legality of a document can be called into question if there is
any evidence of possible alteration of the document after it was signed. Ensuring there is an audit trail,
evidence of authentication, and proper security is why many choose well-known e-signature solutions
to help.
Examples of e-signatures
There are a variety of electronic signature solutions available from providers such as DocuSign and
Adobe. Manual methods can also be used. Depending on the use and level of security necessary, the
signature process may vary and may include more or less contact information of the signer (such as
name, date, IP address, etc.).
Is a scanned handwritten signature an electronic signature?
Yes, this would be a simple electronic signature. It is not safe for obvious reasons, but it is part of the
collective umbrella that is electronic signatures.
Is a typed name an electronic signature?
Yes, this is also an example of a simple or basic electronic signature. An e-signature can take many
forms and signing something like a Word document with a typed name is one of them. As long as it
demonstrates intent and understanding, it can be considered an electronic signature. Usually, when a
typed name is used as a signature, the /s/ signature symbol precedes it.
Use cases
Electronic signatures can be used nearly anywhere. However, there are particularly common use cases,
including:
• Sales contracts
• Purchase orders
• Vendor contracts
• Real estate contracts
• IP licensing agreements
• Legal agreements
• Non-disclosure agreements
• Employee contracts
-------------------------------------------------------------------------------------------------------------------
CHAPTER IV: CYBER CRIMES AND ENFORCEMENT

Topics covered: Cyber Appellate Tribunal, Cyber Crimes-Cyber Contraventions, Cyber Offences, Power
of Investigation & Search, E-Evidence and Computer Forensic

Cyber Appellate Tribunal

The Information Technology Act, 2000 which came into force on 17th, October 2000 was enacted to
provide legal recognition for transactions carried out by means of electronic data inter change and
other means of electronic communication, commonly referred to as “electronic commerce” which
involve the use of alternatives to paper based methods of communication and storage of information,
to facilitate electronic filing of documents with the Government Agencies and to amend the Indian
Penal Code, the Indian Evidence Act, 1872, the Bankers Book of Evidence Act, 1891 and the Reserve
Bank of India Act, 1934 and also for matters connected therewith or incidental thereto.

The first and the only Cyber Appellate Tribunal in the country has been established by the
Central Government in accordance with the provisions contained under Section 48(1) of the
Information Technology Act, 2000. The Tribunal initially known as the Cyber Regulations Appellate
Tribunal (CRAT). After amendment of the IT Act in the year 2008 (Which came into effect on
27.10.2009) is known as the Cyber Appellate Tribunal (CAT). The Tribunal started functioning from
October, 2006 in a portion of the Department of Information Technology building at CGO Complex,
Lodhi Road, New Delhi. The Act provided for the Tribunal to be headed by a Presiding Officer who is or
who was or who is qualified to be a Judge of a High Court. Hon’ble Mr. Justice R.C. Jain, a retired Judge
of Delhi High Court was the first Presiding Officer of the Cyber Appellate Tribunal, who joined as
Presiding Officer on 4th October, 2006. The tenure of Mr. Justice R. C. Jain, as Presiding Officer of
Cyber Appellate Tribunal expired on 7th December, 2007.
Now we will briefly discuss Roles and powers of Cyber Appellate Tribunal.

Establishment of Cyber Appellate Tribunal [section 48]

(1) The Central Government shall, by notification, establish one or more appellate tribunals to be
known as the Cyber Regulations Appellate Tribunal.

[Link] Page 65 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
(2) The Central Government shall also specify, in the notification referred to in subsection (1), the
matters and places in relation to which the Cyber Appellate Tribunal may exercise jurisdiction. Though
the aforesaid sub-section (1) provides for appointment of one or more appellate tribunals by the
Central Government but the language of the rule 13 of the cyber regulation tribunal rules, 2000 make
it clear that there shall only be one tribunal and it shall ordinarily hold its sitting at New Delhi.
The aforesaid rule has further provided a lot of flexibility to cyber appellate tribunal as far as its
sittings are concerned.
That is, if at any time, the Chairperson of the Tribunal is satisfied that circumstances exist which
rendered it necessary to have sittings of the tribunal at any place other than New Delhi, the
Chairperson may direct to hold the sittings at any such appropriate place.

It is for the chairperson to exercise this ‘rule of sittings’ in a most appropriate and judicious manner.
The tribunal shall notify to the parties the date and the place of the hearing of the application.

It is for the Central Government to specify by order the matters and places in relation to which the
cyber appellate tribunal may exercise jurisdiction.

It was held by the Supreme Court in Union of India vs. Paras Laminates (p) limited “there are no
doubt that the tribunal functions as a court within the limits of its jurisdiction.
It has all the powers conferred expressly by the statue. Furthermore, being a judicial body, it has all
the powers conferred expressly by the statue.

Furthermore, being a judicial body, it has all the powers expressly and impliedly granted.

Composition of Cyber Appellate Tribunal [section 49] A Cyber Appellate Tribunal shall consist of
one person only (hereinafter referred to as the Presiding Officer of the Cyber Appellate Tribunal) to be
appointed, by notification, by the Central Government

Qualifications for appointment as Presiding Officer of the Cyber Appellate Tribunal [section
50]
A person shall not be qualified for appointment as the Presiding Officer of a Cyber Appellate Tribunal
unless he— (a) is, or has been. or is qualified to be, a Judge of a High Court; or (b) is or has been a
member of the Indian Legal Service and is holding or has held a post in Grade I of that Service for at
least three years.
Term of office [section 51] The Presiding Officer of a Cyber Appellate Tribunal shall hold office for a
term of five years from the date on which he enters upon his office or until he attains the age of
sixtyfive years, whichever is earlier.

Salary, allowances and other terms and conditions of service of Presiding Officer [section
52] The salary and allowances payable to, and the other terms and conditions of service including
pension, gratuity and other retirement benefits of. the Presiding Officer of a Cyber Appellate Tribunal
shall be such as may be prescribed: Provided that neither the salary and allowances nor the other
terms and conditions of service of the Presiding Officer shall be varied to his disadvantage after
appointment. Powers of Superintendence, direction, etc. [Section 52A] The Chairperson of the cyber
appellate tribunal shall have powers of general superintendence and directions in the conduct of the
affairs of that Tribunal, exercise and discharge such powers and functions of the Tribunal as may be
prescribed

The chairperson being the head of the cyber appellate tribunal has both executive and administrative
powers of general superintendence and directions in the conduct of the affair of the Tribunal, which
may include presiding over the meeting of the Tribunal, exercise and discharge such powers and
functions of the Tribunal as may be prescribed.

Distribution of Business among Benches [Section-52 B]

Where Benches are constituted, the Chairperson of the Cyber Appellate Tribunal may, by order,
distribute the business of that Tribunal amongst the Benches and also the matters to be dealt with by
each Bench. The aforesaid section refers to an administrative function, i.e. distribution of business
among benches. It shall be the prerogative of the Chairperson to distribute the business amongst the
Benches and also the matters to be deal with by each Bench. This provision may become useful in the
coming years with the increase in litigation and more and more appeals coming before the Cyber
Appellate Tribunal.

Powers of the Chairperson to transfer cases [Section 52 C] On the application of any of the
parties and after notice to the parties, and after hearing such of them as he may deem proper to be

[Link] Page 66 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
heard, or suo motu without such notice, the Chairperson of the Cyber Appellate Tribunal may transfer
any case pending before one bench, for disposal to any other bench. The aforesaid section refers to a
judicial function, i.e. power of the chairperson to transfer cases after either following the laid down
procedure or suo moto may transfer any case pending before one bench, for disposal to any other
bench.

Decision by Majority [Section 52 D] If the Members of a Bench consisting of two members differ in
opinion on any point, they shall state the point or points on which they differ, and make a reference to
the Chairperson of the cyber appellate tribunal who shall hear the point or points himself and such
point or points shall be decided according to the opinion of the majority of the Members who have
heard the case, including those who first heard it. The aforesaid section advocates the rule-decision by
majority. This section also refers to constitution of large Bench, if the members of the Bench consisting
of two members differ in opinion on any point, it shall be prerogative of the Chairperson to constitute
such large bench. The larger bench shall be headed by the Chairperson and consist of Members,
including those who first heard it.

Filling up of vacancies [section 53] If, for reason other than temporary absence, any vacancy
occurs in the office n the Presiding Officer of a Cyber Appellate Tribunal, then the Central Government
shall appoint another person in accordance with the provisions of this Act to fill the vacancy and the
proceedings may be continued before the Cyber Appellate Tribunal from the stage at which the
vacancy is filled.

Resignation and Removal [section 54]

(1) The Presiding Officer of a Cyber Appellate Tribunal may, by notice in writing under his hand
addressed to the Central Government, resign his office: Provided that the said Presiding Officer shall,
unless he is permitted by the Central Government to relinquish his office sooner, continue to hold office
until the expiry of three months from the date of receipt of such notice or until a person duly appointed
as his successor enters upon his office or until the expiry of his term of office, whichever is the earliest.
(2) The Presiding Officer of a Cyber Appellate Tribunal shall not be removed from his office except by
an order by the Central Government on the ground of proved misbehaviour or incapacity after an
inquiry made by a Judge of the Supreme Court in which the Presiding Officer concerned has been
informed of the charges against him and given a reasonable opportunity of being heard in respect of
these charges.
(3) The Central Government may, by rules, regulate the procedure for the investigation of
misbehaviour or incapacity of the aforesaid Presiding Officer.

The use of a computer to carry out any conventional criminal act, such as fraud, is called cyber crime
and is a growing menace.

Cyber crime is growing so rapidly, in fact, that the federal government has created a handful of
agencies to deal with computer related crimes. According to an estimate, instances of internet fraud
increased in 2002 as compared to 2001.

Classification of Cyber Crimes: Whether an old crime is committed on or through computer or a new
crime is committed, cyber crimes are of following types;
i. Crimes “on” the internet
ii. Crimes “of” the internet
iii. New crimes used for commission of old crimes.

Crimes on the internet: These are the old crimes which are committed on or through the new
medium of the internet. For example, cheating, fraud, misappropriation, defamation, threats, etc.
committed on or through or with the help of the internet.
The internet with its speed and global access has made these crimes much easier, efficient, risk-free,
cheap and profitable to commit.

Crimes of the internet: These are new crimes committed with the help of internet itself, such as
hacking, planting viruses and IPR thefts.
New crimes used for commission of old crimes: for example, where hacking is committed to carry out
cyber frauds. Based on the victim of cyber crime Further depending upon the victim of cyber crime, it
may be broadly classified under three heads: i. Against individual. ii. Against organisations. iii. Against
society at large. Based on nature (social or economic) of cyber crime Another category of cyber crime
is social and economic cyber crimes which includes following: i. Social cyber crimes; and ii. Economic

[Link] Page 67 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
cyber crimes Social cyber crimes: In some countries problems have arisen by use of new ICTs e.g.,
trafficking in women and children for purposes of all forms of economic and sexual exploitation.
Sometime criminals under pseudo identity enter the internet chat room and exploit helpless women
and girls. Further, studies have shown that about 60% of websites are sexual in content and 20% of
them solicited their visitors.

Main social crimes are:

a. Trafficking
b. Cyber obscenity and pornography
c. Cyber terrorism
d. Cyber fraud
e. Cyber gambling

Economic cyber crimes: Economic offences affecting more than $ 1.2 trillion E-commerce industry
worldwide includes following:
a. Credit card schemes
b. System corruption
c. Internet fraud d. Dot com job scams e. Corporate and political espionage
f. Mafia and drug peddlers
g. Multi-site gambling websites Based on the Role of computers Depending upon the role played by the
computer in perpetrating crime, the computer may be involved as a victim of crime, or an instrument
used to commit a crime or a repository of evidence related to the crime, i.e., a. Computer as a victim
of crime b. Computer as a tool of crime c. Computer as a witness of crime

Computer as a victim of crime: A computer or a computer network could be the target of an offence
wherein the computer becomes the victim. In such cases, the computer’s confidentiality, integrity, or
accessibility is attacked. The information stored or the service provided by the victim is stolen or the
victim is crippled and damaged. Such crimes involve disrupting the functioning of the computer,
computer system or computer network; corrupting the operating system and programmes; theft or
disturb data/information (e.g. marketing information), intellectual property violations and blackmailing
by using personal information hacked from the computer systems. Examples of this form of computer
crimes is the denial of service attacks on popular internet sites like yahoo, CNN etc. and the spread of
the ‘Melissa’ and ‘I Love You” viruses and their variants.

Computer as tool of crime: Computer can be used as a tool or an active weapon for committing a
crime, which includes fraud, IPR violations, and online transactions of illegal goods etc. computer can
also be used as any other hi-tech equipment for committing traditional crimes. Such crimes include
automated teller machine (ATM) frauds, credit cards frauds, frauds involving electronic fund transfer
(EFT); embezzlement of funds from the banks; telecommunication frauds; counterfeiting and software
piracy. These are also called assisted crimes. When computer is used as an active weapon for
perpetuating the crime, it is also termed as ‘information crime’, as it could not be committed in
absence of information technology.

Computer as a witness to crime: A computer need not be only a victim or a tool; it could also be
the witness to the offence. The examples of computer as a witness to crime are money laundering,
illegal banking transactions, bulletin board system (BBS), storage of drug trafficking transaction
record. Further a computer system may be used to detect information, which assists the criminal in
commissioning the crime.

Based on nature, source and motive Depending upon source, nature, motive and the impact, crimes
can be of following types:
a. Computer Crimes
b. Computer related Crimes
c. Network Crimes

Computer Crimes: Computer misuse is a crime committed against a computer system or other digital
media. It includes digital crimes such as computer hacking, illegal access, use of backdoors, viruses
and other unauthorised intrusion or abuse.

Computer related crimes: Such crimes include computer pornography, theft of intellectual property and
software copyright etc.

[Link] Page 68 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
Network crimes: The computer network crime or the computer aided crimes are those where a
computer or other digital media is used to facilitate crimes, such as blackmail, where the demand is
sent via the internet and such crimes are committed against e-commerce suppliers.

Based on the criminal activities: Depending upon the criminal activities, computer crimes are of
following types: a. Physical crimes b. Data related crimes c. Software related crimes Physical crimes:
The physical crimes are related to computer or its associated peripherals, hardware, software or the
computer time. Examples of such crimes are theft, breakage, destroying the data, output or media and
interprocessing manipulations.

Data related crimes: In the data related crimes, unauthorized data or information in the digital form
is entered in the computer systems or the data that should be entered is altered, suppressed or
corrupted by the criminals so as to gain undue advantages. Computer fraud by input manipulation is
the most common computer crime, which is easy to perpetrate and difficult to detect. The computer
related crime should further be sub-classified into one of four main categories:
Data diddling
Data leakage
Data spying
Scavenging

Data diddling: data diddling is the most common form of computer crime, which is carried out by
input manipulations. It involves changing the data, with malicious intentions, during or before feeding
it into a computer and provides undue advantage to a specific party. It also includes adding fraudulent
input data, altering the input data, omitting the desired input data, wrongly posting a transaction,
making alterations or additions in the master file records, posting the transactions partially, destroying
the output, and substituting the counterfeit output. Such types of changes can be affected by anyone
associated with the process of creating, recording, encoding, examining, checking, converting and
transporting data that enters a computer.

Data leakage: it involves illegal copying the master file information of the computer for ransom,
blackmailing or any other fraudulent purposes.

Data spying: it is important to note that for spying on the sensitive information of a person, his
computer network is assessed from a remotely located computer, by using the legitimate password, or
breaking the password. Such data is sold to others at a very high price. Scavenging: It is method of
obtaining or re-using the information, which might have been left after processing, in or around a
computer system.

Software-related crimes: In such crimes, the system as well as the application software are affected
or corrupted. As this is a very sophisticated form of crime and is much more dangerous so it is difficult
to detect. Further it involves changing existing programmes in the computer system or inserting new
programmes or routines and the computer programmers, analyst and other experts are involved in
commissioning or making alteration in the software. The software-related crimes could be perpetrated
by using various techniques like computer viruses, computer worms, Trojan horse, trap door, super
zapping, wire-trapping, time bombs, logic bombs and salami bombs.

Prevention of cyber crimes One should always take some preventive measures so as to protect
himself from cyber attacks. The following point should be kept in mind while working on computers and
internet:
• Exercise caution while sharing personal information such as your name, E-mail address etc. do not
respond to E-mail messages that ask for your personal information.
• Do not visit unwanted gambling or related websites.
• Avoid sending any photographs to the strangers as these may be misused.
• Choose strong password so that these can not be easily decoded. It is always recommended to keep
changing the password at regular intervals.
• Always keep on reviewing your credit card and bank statements regularly. If one gets the tip-off
being stolen then timely action can be taken.
• Always keep on computer up-to-date. Install all necessary softwares at regular intervals as they are
a great start towards keeping you safe.
• Install firewalls and antivirus software to keep guard of your softwares.
• Keep internal corporate web servers separate from web servers running public sites.
• Keep a watch on the sites that your children watch. Block the unwanted internet sites at regular
intervals.

[Link] Page 69 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
• It is better to use security programs that keep guard on cookies unguarded might prove fatal.
• Always keep backup of the data stored on your computer to safeguard against virus.

Cyber Crimes: Cyber offences and cyber contraventions under Information Technology Act,
2000: Some jurists believe that cyber crime is a wider term and it includes both cyber offences and
cyber contraventions (civil wrong). Under Information Technology Act, 2000 cyber offences are given
in chapter XI (section 65-74) whereas cyber contraventions are mentioned under chapters IX (section
43-45) Cyber contraventions under Information Technology Act, 2000

A cyber contravention refers to a civil wrong under information technology Act, 2000.
It is important to note that law of Tort provides remedies for civil wrong where affected person can
compel the wrongdoer to pay damages by way of compensations.
However, for cyber contravention damages are provided under section 43-45 of Information
Technology Act, 2000. Penalty and compensation for damage to computer: (section 43) If any person
without permission of the owner or any other person who is incharge of a computer, computer system
or computer network, —
o Accesses or secures access to such computer, computer system or computer network;
o downloads, copies or extracts any data, computer data base or information from such
computer, computer system or computer network including information or data held or
stored in any removable storage medium;
o Introduces or causes to be introduced any computer contaminant or computer virus into
any computer, computer system or computer network;
o damages or causes to be damaged any computer, computer system or computer
network, data, computer data base or any other programmes residing in such computer,
computer system or computer network;
o Disrupts or causes disruption of any computer, computer system or computer network;
o Denies or causes the denial of access to any person authorized to access any computer,
computer system or computer network by any means;
o provides any assistance to any person to facilitate access to a computer, computer
system or computer network in contravention of the provisions of this Act, rules or
regulations made there under;
(h) charges the services availed of by a person to the account of another person by tampering with or
manipulating any computer, computer system, or computer network, he shall be liable to pay damages
by way of compensation not exceeding one crore rupees to the person so affected.

Explanation. —For the purposes of this section, —

(i) "computer contaminant" means any set of computer instructions that are designed— (a) to modify,
destroy, record, transmit data or programme residing within a computer, computer system or
computer network; or
(b) by any means to usurp the normal operation of the computer, computer system, or computer
network;
(ii) "computer data base" means a representation of information, knowledge, facts, concepts or
instructions in text, image, audio, video that are being prepared or have been prepared in a formalised
manner or have been produced by a computer, computer system or computer network and are
intended for use in a computer, computer system or computer network;
(iii) "computer virus" means any computer instruction, information, data or programme that destroys,
damages, degrades or adversely affects the performance of a computer resource or attaches itself to
another computer resource and operates when a programme, data or instruction is executed or some
other event takes place in that computer resource;
(iv) "Damage" means to destroy, alter, delete, add, modify or rearrange any computer resource by any
means.

Compensation for failure to protect data (section 43 A)

Where a body corporate, possessing, dealing r handling any sensitive personal data or information in a
computer resource which it owns, controls or operates, is negligent in implementing and maintaining
reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any
person, such body corporate shall be liable to pay damages by way of compensation to the person so
affected. Explanation: for the purpose of this section1. ‘Body corporate’ means any company and
includes a firm, sole proprietorship or other association of individuals engaged in commercial or
professional activities. 2. “Reasonable security practices and procedures” means security practices and
procedures designed to protect such information from unauthorised access, damage, use, modification,
disclosure or impairment, as may be specified in an agreement between the parties or as may be
specified in any law for the time being in force. 3. “Sensitive personal data or information” means such

[Link] Page 70 of 71
TYCS SEM VI CYBER LAW & IPR NOTES BY: PROF AJAY PASHANKAR
personal information as may be prescribed by the Central Government in consultation with such
professionals’ bodies or association as it may deem fit.

Penalty for failure to furnish information return, etc. (section 44) If any person who is required
under this Act or any rules or regulations made there under to—
(a) Furnish any document, return or report to the Controller or the Certifying Authority fails to furnish
the same, he shall be liable to a penalty not exceeding one lakh and fifty thousand rupees for each
such failure;
(b) file any return or furnish any information, books or other documents within the time specified
therefore in the regulations fails to file return or furnish the same within the time specified therefore in
the regulations, he shall be liable to a penalty not exceeding five thousand rupees for every day during
which such failure continues;
(c) Maintain books of account or records, fails to maintain the same, he shall be liable to a penalty not
exceeding ten thousand rupees for every day during which the failure continues. Residuary penalty
(section 45) Whoever contravenes any rules or regulations made under this Act, for .the contravention
of which no penalty has been separately provided, shall be liable to pay a compensation not exceeding
twenty-five thousand rupees to the person affected by such contravention or a penalty not exceeding
twenty-five thousand rupees. Power to adjudicate (section 46)
(1) For the purpose of adjudging under this Chapter whether any person has committed a
contravention of any of the provisions of this Act or of any rule, regulation, direction or order made
there under the Central Government shall, subject to the provisions of sub-section (3), appoint any
officer not below the rank of a Director to the Government of India or an equivalent officer of a State
Government to be an adjudicating officer for holding an inquiry in the manner prescribed by the
Central Government. [1(A)] The adjudicating officer appointed under sub-section (1) shall exercise
jurisdiction to adjudicate matters in which the claim for injury or damage does not exceed rupees five
crore.
(2) The adjudicating officer shall, after giving the person referred to in sub-section (1) a reasonable
opportunity for making representation in the matter and if, on such inquiry, he is satisfied that the
person has committed the contravention, he may impose such penalty or award such compensation as
he thinks fit in accordance with the provisions of that section.

(3) No person shall be appointed as an adjudicating officer unless he possesses such experience in the
field of Information Technology and legal or judicial experience as may be prescribed by the Central
Government.
(4) Where more than one adjudicating officers are appointed, the Central Government shall specify by
order the matters and places with respect to which such officers shall exercise their jurisdiction.
(5) Every adjudicating officer shall have the powers of a civil court which are conferred on the Cyber
Appellate Tribunal under sub-section (2) of section 58, and—
(a) All proceedings before it shall be deemed to be judicial proceedings within the meaning of sections
193 and 228 of the Indian Penal Code;
(b) Shall be deemed to be a civil court for the purposes of sections 345 and 346 of the Code of
Criminal Procedure, 1973.
(c) Shall be deemed to be a civil court for purposes of order XXI of the Civil Procedure Code, 1908.
Factors to be taken into account by the adjudicating officer (section 47) While adjudging the quantum
of compensation under this Chapter, the adjudicating officer shall have due regard to the following
factors, namely:—
(a) The amount of gain of unfair advantage, wherever quantifiable, made as a result of the default;
(b) The amount of loss caused to any person as a result of the default; (c) the repetitive nature of the
default.
(c) The repetitive nature of the default

[Link] Page 71 of 71