INDIAN CYBERLAW-INDIAN CYBERLAW-SOME PERSPECTIVES SOME PERSPECTIVES

A A

PRESENTATION PRESENTATION

BY BY

PAVAN DUGGAL,PAVAN DUGGAL,ADVOCATE,ADVOCATE,

SUPREME COURT OF INDIA SUPREME COURT OF INDIAPRESIDENT,CYBERLAWS.NETPRESIDENT,CYBERLAWS.NET

HEAD-PAVAN DUGGAL HEAD-PAVAN DUGGAL ASSOCIATES ASSOCIATES

NEW DELHI-19-5-2006NEW DELHI-19-5-2006

PUBLIC DOMAIN BUZZPUBLIC DOMAIN BUZZ

GOAP E-TENDERING PROJECTGOAP E-TENDERING PROJECT

NOT BASED UPON DIGITAL SIGNATURES, NOT BASED UPON DIGITAL SIGNATURES,

DESPITE BEING LAUNCHED IN 2002DESPITE BEING LAUNCHED IN 2002

ALLEGATIONS AGAINST THE BACKEND ALLEGATIONS AGAINST THE BACKEND

SERVICE PROVIDER, WHO HAD ACCESS TO SERVICE PROVIDER, WHO HAD ACCESS TO

ALL BIDDING CONFIDENTIAL INFORMATIONALL BIDDING CONFIDENTIAL INFORMATION

NEW CASESNEW CASES

GOVERNMENT OF RAJASTHAN- TENDER FOR GOVERNMENT OF RAJASTHAN- TENDER FOR

CUSTOMIZED SOFTWARECUSTOMIZED SOFTWARE

CAUGHT IN A LEGAL BATTLE BETWEEN CAUGHT IN A LEGAL BATTLE BETWEEN

VENDORS IN THE DELHI HIGH COURTVENDORS IN THE DELHI HIGH COURT

NEW CASES( contd)NEW CASES( contd)

ASHOKINTEGRIX IP ADDRESS CASE- INDIA’S ASHOKINTEGRIX IP ADDRESS CASE- INDIA’S

FIRST JOHN DOE CASE IN INFORMATION FIRST JOHN DOE CASE IN INFORMATION

TECHNOLOGY LITIGATIONTECHNOLOGY LITIGATION

BIRTH OF A NEW KIND OF LIABILITY NOT BIRTH OF A NEW KIND OF LIABILITY NOT

YET PERCEIVEDYET PERCEIVED

NEW CASESNEW CASES

ARIF AZIM CASE- INDIA’S FIRST ARIF AZIM CASE- INDIA’S FIRST

CYBERCRIME CONVICTIONCYBERCRIME CONVICTION

BREACH OF DATA SECURITYBREACH OF DATA SECURITY

INTERNAL SOURCES- THE BIGGEST RISK FOR INTERNAL SOURCES- THE BIGGEST RISK FOR

ANY LEGAL ENTITY USING COMPUTERSANY LEGAL ENTITY USING COMPUTERS

BEGINNING OF LIABLITYBEGINNING OF LIABLITY

S.CHANDER CASE- INDIA’S FIRST LEGAL S.CHANDER CASE- INDIA’S FIRST LEGAL

PRECEDENT FOR EXPOSURE TO LIABILITYPRECEDENT FOR EXPOSURE TO LIABILITY

FOREMOST BANK MADE LIABLE FOR MISUSE FOREMOST BANK MADE LIABLE FOR MISUSE

ON THE NETWORK BY AN ERRANT ON THE NETWORK BY AN ERRANT

EMPLOYEEEMPLOYEE

CELEBRATED CASESCELEBRATED CASES

BAAZEE.COM CASEBAAZEE.COM CASE

KARAN BAHREE CASEKARAN BAHREE CASE

MPHASIS CASEMPHASIS CASE

CYBER LAW IN INDIACYBER LAW IN INDIA

In India the Information Technology Act, In India the Information Technology Act,

2000 is the legislation that deals with issues 2000 is the legislation that deals with issues

related to the Internet.related to the Internet.

THE THE INFORMATION INFORMATION

TECHNOLOGY ACT , 2000TECHNOLOGY ACT , 2000

I.T. ACT, 2000:I.T. ACT, 2000:OBJECTIVESOBJECTIVES

Different approaches for controlling, Different approaches for controlling,

regulating and facilitating electronic regulating and facilitating electronic

communication and commerce.communication and commerce.

Aim to provide legal infrastructure for Aim to provide legal infrastructure for

e-commerce in India.e-commerce in India.

GOVERNMENT –NSP??GOVERNMENT –NSP??

GOVERNMENTS PROVIDING SERVICES ON GOVERNMENTS PROVIDING SERVICES ON

THE NETWORKTHE NETWORK

GOVERNMENTS ARE INTERMEDIARIESGOVERNMENTS ARE INTERMEDIARIES

UNDER THE IT ACT, 2000, ALL UNDER THE IT ACT, 2000, ALL

GOVERNMENTS, CENTRAL AND STATE, AS GOVERNMENTS, CENTRAL AND STATE, AS

ASLO ALL GOVERNMENTAL BODIES ARE ASLO ALL GOVERNMENTAL BODIES ARE

“NETWORK SERVICE PROVIDERS”“NETWORK SERVICE PROVIDERS”

Section 79Section 79

For the removal of doubts, it is hereby For the removal of doubts, it is hereby declared that no person providing any service declared that no person providing any service as a network service provider shall be liable as a network service provider shall be liable under this Act, rules or regulations made under this Act, rules or regulations made thereunder for any third party information or thereunder for any third party information or data made available by him if he proves that data made available by him if he proves that the offence or contravention was committed the offence or contravention was committed without his knowledge or that he had exercised without his knowledge or that he had exercised all due diligence to prevent the commission of all due diligence to prevent the commission of such offence or contravention.such offence or contravention.

Network Service Providers:Network Service Providers:When Not LiableWhen Not Liable

Explanation.—Explanation.—For the purposes of this section, For the purposes of this section, ——

(a) (a) "network service provider" means an "network service provider" means an intermediary;intermediary;

(b) (b) "third party information" means any "third party information" means any information dealt with by a network service information dealt with by a network service provider in his capacity as an intermediary.provider in his capacity as an intermediary.

TRANSPARENCYTRANSPARENCY

NEED FOR TRANSPARENT E-NEED FOR TRANSPARENT E-

GOVERNMENTAL PROVIDERSGOVERNMENTAL PROVIDERS

RIGHT TO INFORMATION ACTRIGHT TO INFORMATION ACT

GOVERNMENTAL WOULD NOW NOT BE ABLE GOVERNMENTAL WOULD NOW NOT BE ABLE

TO HIDE RECORDS CONCERNING E-TO HIDE RECORDS CONCERNING E-

GOVERNMENTAL PROCUREMENTSGOVERNMENTAL PROCUREMENTS

IT ACT, 2000-OBJECTIVES IT ACT, 2000-OBJECTIVES

To provide legal recognition for transactions:-To provide legal recognition for transactions:- Carried out by means of electronic data Carried out by means of electronic data

interchange, and interchange, and Other means of electronic communication, Other means of electronic communication,

commonly referred to as "electronic commonly referred to as "electronic commerce", involving the use of alternatives commerce", involving the use of alternatives to paper-based methods of communication and to paper-based methods of communication and storage of information.storage of information.

OBJECTIVES (contd.)OBJECTIVES (contd.)

To facilitate electronic filing of documents To facilitate electronic filing of documents

with the Government agencieswith the Government agencies

To amend the Indian Penal Code, the Indian To amend the Indian Penal Code, the Indian

Evidence Act, 1872, the Banker's Book Evidence Act, 1872, the Banker's Book

Evidence Act, 1891 and the Reserve Bank of Evidence Act, 1891 and the Reserve Bank of

India Act, 1934 India Act, 1934

AUTHENTICATION OF AUTHENTICATION OF ELECTRONIC RECORDSELECTRONIC RECORDS

Any subscriber may authenticate an electronic Any subscriber may authenticate an electronic record record

Authentication by affixing his digital Authentication by affixing his digital signature. signature.

Any person by the use of a public key of the Any person by the use of a public key of the subscriber can verify the electronic recordsubscriber can verify the electronic record

LEGALITY OF DIGITAL LEGALITY OF DIGITAL SIGNATURESSIGNATURES

Legal recognition of digital signatures.Legal recognition of digital signatures.

Electronic Signatures not yet legal in India.Electronic Signatures not yet legal in India.

Certifying Authorities for Digital Signatures.Certifying Authorities for Digital Signatures.

Scheme for Regulation of Certifying Scheme for Regulation of Certifying

Authorities for Digital SignaturesAuthorities for Digital Signatures

CONTROLLER OF CONTROLLER OF CERTIFYING CERTIFYING

AUTHORITIESAUTHORITIES

Shall exercise supervision over the Shall exercise supervision over the

activities of Certifying Authorities activities of Certifying Authorities

Lay down standards and conditions Lay down standards and conditions

governing Certifying Authorities governing Certifying Authorities

Specify various forms and content of Specify various forms and content of

Digital Signature CertificatesDigital Signature Certificates

DIGITAL SIGNATURES & DIGITAL SIGNATURES & ELECTRONIC RECORDSELECTRONIC RECORDS

Use of Electronic Records and Digital Signatures in Use of Electronic Records and Digital Signatures in

Government Agencies. Government Agencies.

Publications of rules and regulations in the Publications of rules and regulations in the

Electronic Gazette.Electronic Gazette.

MCA –21 Project- Usage of Digital SignaturesMCA –21 Project- Usage of Digital Signatures

COMPENSATIONCOMPENSATION

If a person without the permission of owner or any If a person without the permission of owner or any other person in charge of a computer, computer other person in charge of a computer, computer system or computer network, accesses or secures system or computer network, accesses or secures access to such computer, computer system or access to such computer, computer system or computer network, he is liable to pay statutory computer network, he is liable to pay statutory damages by way of compensation, not exceeding damages by way of compensation, not exceeding one Crore rupees ( Rs 10,000,000/- ) to the person one Crore rupees ( Rs 10,000,000/- ) to the person so affected.so affected.

CYBER OFFENCESCYBER OFFENCES

Various cyber offences definedVarious cyber offences defined

Cyber offences to be investigated only by a Cyber offences to be investigated only by a

Police Officer not below the rank of the Police Officer not below the rank of the

Deputy Superintendent of Police. Deputy Superintendent of Police.

CYBER OFFENCES (contd.)CYBER OFFENCES (contd.)

Tampering with computer source documents.Tampering with computer source documents.

Publishing of information which is obscene in Publishing of information which is obscene in

electronic form.electronic form.

Breach of confidentiality and privacy.Breach of confidentiality and privacy.

CYBER OFFENCES (contd.)CYBER OFFENCES (contd.)

HackingHacking

MisrepresentationMisrepresentation

Publishing Digital Signature Certificate false Publishing Digital Signature Certificate false

in certain particulars and publication for in certain particulars and publication for

fraudulent purposes.fraudulent purposes.

LITIGATION ALREADY LITIGATION ALREADY BEGUNBEGUN

Litigation already begun in India relation to e-Litigation already begun in India relation to e-procurement.procurement.

Numerous legal issues relating to electronic Numerous legal issues relating to electronic government procurement will continue to government procurement will continue to emerge in the near future.emerge in the near future.

Need to adopt a proactive approach in dealing Need to adopt a proactive approach in dealing with these various legal challengeswith these various legal challenges

AMENDMENTS INAMENDMENTS IN IT ACT, 2000 IT ACT, 2000

MAKES THE LAW TECHNOLOGY MAKES THE LAW TECHNOLOGY NEUTRALNEUTRAL

ELECTRONIC SIGNATURES INSTEAD OF ELECTRONIC SIGNATURES INSTEAD OF DIGITAL SIGNATURESDIGITAL SIGNATURES

NEW PROVISION ON PRIVACYNEW PROVISION ON PRIVACY WATERS DOWN THE LIABILITY OF THE WATERS DOWN THE LIABILITY OF THE

NETWORK SERVICE PROVIDERSNETWORK SERVICE PROVIDERS

HUGE DRAWBACKS OF THE HUGE DRAWBACKS OF THE PROPSOED AMENDMENTSPROPSOED AMENDMENTS

DATA PROTECTIONDATA PROTECTION NO NEW CYBERCRIMES ADDEDNO NEW CYBERCRIMES ADDED PRIVACY APPROACH PRIMITIVEPRIVACY APPROACH PRIMITIVE INTELLECTUAL PROPERTY RIGHTSINTELLECTUAL PROPERTY RIGHTS TAXATIONTAXATION E-PAYMENTSE-PAYMENTS

NEED TO COMPLY NEED TO COMPLY

There is a need to proactively comply with the There is a need to proactively comply with the requirements of the Indian Cyberlaw .requirements of the Indian Cyberlaw .

Necessary to limit liability and emergence of Necessary to limit liability and emergence of undesirable consequences.undesirable consequences.

The Information Technology Act, 2000 The Information Technology Act, 2000 currently under review by the Government.currently under review by the Government.

Need to adopt a flexible approach of due Need to adopt a flexible approach of due diligence.diligence.

THAT WAS A PRESENTATION THAT WAS A PRESENTATION

BY BY

PAVAN DUGGAL,PAVAN DUGGAL,

ADVOCATE, SUPREME COURT OF INDIAADVOCATE, SUPREME COURT OF INDIA

PRESIDENT, CYBERLAWS.NETPRESIDENT, CYBERLAWS.NET

HEAD-PAVAN DUGGAL ASSOCIATES HEAD-PAVAN DUGGAL ASSOCIATES

EMAIL : pduggal@vsnl.comEMAIL : pduggal@vsnl.com

pduggal@gmail.compduggal@gmail.com