vi PREVENTION AND CONTROL OF CYBER CRIMES IN INDIA: PROBLEMS, ISSUES AND STRATEGIES “Writing is easy……..all you have to do is to think, till the drop of blood appear on your forehead. – Balzac. Page No. Declaration i Certificate ii Acknowledgement iii-v Contents vi-xli List of Cases xlii-lxiii Abbreviations lxiv-lxvii Glossary of computer-related technical terms lxviii-lxxii CHAPTER - I INTRODUCTORY 1-18 A. Statement of the Problem 1-4 B. Aim, Objectives and Utility 4-5 C. Overview of the Existing Literature 5-15 D. Research Methodology 15-16 E. Chapter Scheme 16-18 CHAPTER - II BASIC CONCEPTS OF THE CYBER WORLD: 19-53 AN OVERVIEW A. Introduction 19 B. Cyber Space 19-20 1. Meaning of Cyber Space 19 2. Salient features of Cyber Space 20 C. Netizen 20 D. Computers 20-32
Transcript
vi
PREVENTION AND CONTROL OF CYBER CRIMES
IN INDIA: PROBLEMS, ISSUES AND STRATEGIES
“Writing is easy……..all you have to do is to think,
till the drop of blood appear on your forehead.
– Balzac.
Page No.
Declaration i
Certificate ii
Acknowledgement iii-v
Contents vi-xli
List of Cases xlii-lxiii
Abbreviations lxiv-lxvii
Glossary of computer-related technical terms lxviii-lxxii
CHAPTER - I INTRODUCTORY 1-18
A. Statement of the Problem 1-4
B. Aim, Objectives and Utility 4-5
C. Overview of the Existing Literature 5-15
D. Research Methodology 15-16
E. Chapter Scheme 16-18
CHAPTER - II BASIC CONCEPTS OF THE CYBER WORLD: 19-53
AN OVERVIEW
A. Introduction 19
B. Cyber Space 19-20
1. Meaning of Cyber Space 19
2. Salient features of Cyber Space 20
C. Netizen 20
D. Computers 20-32
vii
1. Meaning of Computer 20
2. Evolution of Computer 21
i. Abacus 21
ii. Pascaline 21
iii. Stepped Reckoner 21
iv. Difference Engine and Analytical Engine 22
v. Herman Machine 22
vi. Mark I Machine 22
vii. Electronic Numerical Integrator and Calculator 22
(ENIAC)
viii. Electronic Discrete Variable Automatic Computer 22
(EDVAC)
ix. Electronic Delay Storage Automatic Calculator 22
(EDSAC)
x. Universal Automatic Computer (UNIVAC) 23
xi. Computer 23
xii. Personal Computer (PC) 23
xiii. Advanced Personal Computer (APC) 23
3. Generation of Computers 24
i. First Generation (1940-1956): Vacuum Tubes 24
a. Features of First Generation of Computers 24
b. Examples of First Generation of Computers 25
ii. Second Generation (1956-1963): Transistors 25
a. Features of Second Generation of Computers 25
b. Examples of Second Generation of Computers 26
iii. Third Generation (1964-1971): Integrated Circuits 25
a. Features of Third Generation of Computers 26
b. Examples of Third Generation of Computers 26
iv. Fourth Generation (1971-1990): Microprocessors (VLIC) 26
a. Features of Fourth Generation of Computers 27
b. Examples of Fourth Generation of Computers 27
viii
v. Fifth Generation (Late 1990-Future): Artificial 27
Intelligence (AI)
4. Types of Computers 27
i. Micro Computers 28
ii. Mini Computers 28
iii. Medium-sized Computers 28
iv. Mainframe Computers 28
v. Super Computers 28
5. Major Components of Computers 29
i. Hardware 29
ii. Software 29
6. Characteristics of Computers 29
i. Speed 29
ii. Accuracy 30
iii. Reliability 30
iv. Diligent 30
v. Intangible benefits 30
vi. Cost reduction 30
vii. Large storage capacity 31
viii. Versatility 31
ix. Resource sharing 31
7. Limitations of Computers 31
E. Networks 32-42
1. Types of Networks 32
i. Basic type of network 32
a. Local Area Network (LAN) 32
b. Wide Area Network (WAN) 33
ii. Interconnected Networks 33
a. Intranet 33
b. Extranet 34
c. Internet 34
2. Evolution of Internet 34
ix
i. Advanced Research Project Agency Network 34
(ARPANET)
ii. Transmission Control Protocol/Internet Protocol 34
(TCP/IP)
iii. National Science Foundation Network (NSFNET) 35
iv. World Wide Web (WWW) 35
v. Hypertext Transfer Protocol (HTTP) 35
3. History of Internet in India 36
i. Videsh Sanchar Nigam Limited (VSNL) – 1995 36
ii. Rediff.com – 1996 36
iii. First Cyber Café – 1996 36
iv. First Online Banking by ICICI – 1997 36
v. Internet Service Provider (ISP) Policy – 1998 36
4. Services of Internet 36
i. Communication Services 36
a. Electronic-mail (e-mail) 37
b. Internet Relay Chat (IRC) 37
c. Internet Telephony 37
d. Telnet 38
e. Newsgroup 38
f. Mailing lists 38
g. Instant messaging 39
ii. Information Retrieval Services 39
a. File Transfer Protocol (FTP) 39
b. Archie 40
c. Very Easy Rodent Oriented Netwide Index to 40
Computer Archives (VERONICA)
d. Gopher 40
e. Wide Area Information Service (WAIS) 41
iii. Web Services 41
iv. World Wide Web 41
5. Limitations of Internet 42
x
F. Information Technology (IT) 42
G. Cyber Crime 43
H. Cyber Criminal 43-45
1. Children and Adolescents between the age group 44
of 8 to 18 years
2. Professional Hackers/Crackers 44
3. Disgruntled Employees 45
I. Malware or Malicious Computer Codes 45-52
1. Viruses 45
i. File Infectors 46
a. Direct action file infectors 46
b. Resident infectors 46
c. Slow infectors 46
d. Sparse infectors 46
e. Companion infectors 46
f. Armoured infectors 47
g. Polymorphic infectors 47
ii. Boot Sector viruses 47
iii. Macro viruses 47
iv. Multi-partite or Boot and File Viruses 47
a. File Systems or Cluster viruses 47
b. Fast and Slow infectors 48
c. Sparse infectors 48
d. Stealth viruses 48
e. Polymorphic viruses 48
f. Companion viruses 48
g. Armoured viruses 49
h. Virus hoax 49
2. Trojans 49
i. Meaning of Trojan 49
ii. Types of Trojans 50
a. Remote Administration Trojan (RAT) 50
xi
b. Password Trojan 50
c. Privileges elevating Trojan 50
d. Key-loggers 50
e. Destructive Trojan 50
f. Joke program 51
3. Worm 51
i. Host worm 51
ii. Network worm 52
iii. Internet worm 52
4. Logic bomb 52
J. Review 53
CHAPTER - III CYBER CRIME: MEANING, 54-184
DEFINITION, NATURE, SCOPE,
ELEMENTS, CHARACTERISTICS AND
CLASSIFICATION
A. Introduction 54
B. Meaning and Definition of Cyber Crime 54-55
1. Information Technology Act, 2000 54
2. Prof. S.T. Viswanathan 54
3. UN Congress on Prevention of Cybercrime 55
and Treatment of Offenders
i. Narrow sense 55
ii. Broader sense 55
C. Nature of Cyber Crime 55-56
D. Scope of Cyber Crime 56-57
E. Characteristics of Cyber Crime 57-59
1. Low risk high rewarding ventures 57
2. Lack of awareness among victims 57
3. Physical presence not required 58
4. Lack of hi-tech skills among investigating agencies 58
5. Victims refrain from reporting cases 58
6. No violence is involved 58
xii
7. No territorial boundaries 58
8. Anonymity and openness 58
9. Paucity of authentic evidence 58
10. Have wider ramifications 59
F. Elements of Cyber Crime and Criminal Liability 59-60
1. Actus reus 59
2. Mens rea 59
G. Factors responsible for Cyber Crimes 60-65
1. Huge data storage capacity 60
2. Wider access to information 61
3. Complexity of computer system 61
4. Negligence of network users 61
5. Non-availability or loss of evidence 62
6. Jurisdictional uncertainty 62
H. Classification of Cyber Crimes 65-70
1. Based on Old or New Crimes Committed on Computers 65
i. Crimes ‘on’ the Internet 65
ii. Crimes ‘of’ the Internet 65
iii. New crimes used for commission of old crimes 65
2. Based on the Victim of Cyber Crimes 65
i. Against Individuals 65
a. Harassment via e-mail 65
b. Cyber stalking 65
c. Dissemination of obscene material 65
d. Defamation 65
e. Unauthorized control/access over computer system 65
f. Indecent exposure 65
g. E-mail spoofing 66
h. Cheating and fraud 66
i. Computer vandalism 66
j. Transmitting virus 66
k. Net trespass 66
xiii
l. Intellectual property crimes 66
m. Internet time thefts 66
ii. Against organizations 66
a. Unauthorized control/access over computer system 66
b. Possession of unauthorized information 66
c. Cyber terrorism against government organization 66
d. Distribution of pirated software etc 66
iii. Against society at large 66
a. Pornography 66
b. Indecent exposure 66
c. Trafficking 66
d. Financial crimes 66
e. Sale of illegal articles 66
f. Online gambling 66
g. Forgery 66
3. Based on Nature of Cyber Crime 66
i. Social cyber crime 66
a. Trafficking 66
b. Cyber obscenity & pornography 66
c. Cyber terrorism 66
d. Cyber fraud 66
e. Cyber gambling 66
ii. Economic cyber crimes 67
a. Credit card schemes 67
b. System corruption 67
c. Internet fraud 67
d. Dot com job scams 67
e. Corporate and political espionage 67
f. Mafia and drug peddlers 67
g. Multi site gambling websites 67
4. Based on the Role of Computers 67
i. Computer as a ‘victim’ of crime 67
xiv
ii. Computer as a ‘tool’ of crime 67
iii. Computer as a ‘witness’ to crime 68
5. Based on Nature, Source, Motive and Impact of 68
Cyber Crime
i. Computer crimes 68
ii. Computer related crimes 68
iii. Network crimes 68
6. Based on the Criminal Activities 69
i. Physical crimes 69
ii. Data related crimes 69
a. Data diddling 69
b. Data leakage 69
c. Data spying 69
d. Scavenging 70
iii. Software related crimes 70
I. Some Important Cyber Crimes 70-182
1. Cyber Hacking 70
i. Meaning of Hacking 70
ii. Hacker’s – Nature and Character 72
iii. Hacker’s Culture 73
iv. Possible ways of Hacking 74
v. Hacker’s Group 77
vi. Changing nature of Hacker’s Culture 77
a. First generation hackers 77
b. Second generation hackers 77
c. Third generation hackers 77
d. Fourth generation hackers 78
vii. Hacking, Cracking and Phreaking 78
viii. Hacker’s behavior 79
ix. Ethical hacking 79
x. International Initiatives to Prevent and Control 80
Cyber Hacking
xv
a. The European Union (EU) 80
b. The Global Internet Liberty Campaign (GILC) 81
Technical challenges 81
Legal challenges 81
Operational challenges 81
xi. Cyber Hacking in the United Kingdom (U.K.) 82
a. Audit Commission 82
b. Cyber Hacking before 1990 83
c. Cyber Hacking in the Year 1990 84
Unauthorized access to computer material 84
Unauthorized access to computer material with 84
intent to commit or facilitate commission of
further crimes
Unauthorized modification of computer material 84
d. Cyber Hacking after 1990 84
xii. Cyber Hacking in the United States of America (U.S.A.) 85
a. Legislative Approach 85
b. Judicial Approach 86
xiii. Cyber Hacking in India 88
a. Essential elements of Hacking 89
b. Legislative Approach in India 89
Civil liability 89
Criminal liability 90
Jurisdictional riddles 92
Procedure 92
Powers of the police and other authority 92
c. Socio-Legal Impact of Cyber Hacking in India 93
Delhi hacker’s case 93
Hacker Dr. Neruker 94
Arrest of Ex-scientist from ISRO 94
Arrest of computer trainers at chattisgarh 95
Mr. Bhardwaj case 95
xvi
IIT Kharagpur case 95
Hacker Kalpesh Sharma case 96
Banks as prime victims of hacking 96
ATM hacking 96
Online traders hacking 97
Hackers phishing 97
Baroda hacking case 97
Hacking between India and Pakistan 97
Mobile phone hacking 98
Hacking of official website of BPRD by Pakistan 98
xiv. Combating cyber hacking 98
2. Cyber Fraud 100
i. Historical background of cyber fraud 100
ii. Meaning of Cyber Fraud 100
iii. Possible modes of Cyber Fraud 101
a. Cyber Fraud due to Victim’s Excitement 102
b. Personal Identities and Password Fraud in the 101
Cyberspace
c. Cyber Fraud by False Representation 101
d. Cyber Fraud using Urgency 101
e. Cyber Lottery Fraud 101
f. Credit Scheme Fraud in Cyberspace 101
g. Travel related Scheme 101
h. Electronic-mail Fraud and Internet Fraud 102
iv. International Initiatives to combat Cyber Fraud 102
a. The European Union (EU) 102
b. The United Nations (U.N.) 103
v. Cyber Fraud in the United Kingdom (U.K.) 103
a. Input Fraud 103
b. Data Fraud 103
c. Output Fraud 104
d. Programme Fraud 104
xvii
e. Internet Fraud 105
vi. Cyber Fraud in the United States of America (U.S.A.) 106
vii. Cyber Fraud in India 108
a. Legislative Approach 108
The Indian Penal Code, 1860 108
The Information Technology Act, 2000 109
Elements of crime in the cyber fraud 109
Tempering source code 109
Jurisdictional riddles 110
Powers of the police 110
Liability of Network Service Providers (NSP) 110
Fraud relating to electronic signature certificates 111
b. Socio-Legal impact of Cyber Fraud in India 111
Hyderabad’s Rs. 20 crore data conversion fraud 111
Bangalore cyber fraud case 111
Click fraud 112
Pune cyber fraud case 112
Karan Bahree’s case 113
Lottery fraud and cyber squatter 113
West Bengal’s cyber fraud case 114
HSBC, Bangalore cyber fraud case 114
Kolkata cyber fraud case 114
Mega cyber fraud traced by detective department 114
of Mumbai
Nigerian Scam in Delhi 115
Abdul Kadir’s Case 115
viii. Combating cyber fraud 115
3. Cyber Pornography 116
i. Meaning of cyber pornography 116
ii. International Initiatives to combat Cyber Pornography 118
iii. Cyber Pornography in the United Kingdom (U.K.) 120
a. Legislative measures in the U.K 120
xviii
b. Judicial Approach to combat Cyber Pornography 120
in the U.K
iv. Cyber Pornography in the United States of America 123
(U.S.A)
a. Some Judgments and Incidents in the U.S.A. 123
from 1957 to 1996
b. Legislations prohibiting Cyber Pornography in 124
the U.S.A
c. Some Judgments and Incidents in the U.S.A. 126
after 1996
v. Prevention and Control of Cyber Pornography in India 126
a. Cyber Pornography and the Constitution of India 126
b. Legislative Approach in India to Prevent and 127
Control Cyber Pornography
The Indian Penal Code, 1860 127
The Information Technology Act, 2000 127
c. Judicial Response in India before the Information 128
Technology Act, 2000
d. Judicial Response in India after the Information 130
Technology Act, 2000
vi. Combating cyber pornography 134
4. Cyber Stalking 135
i. Historical background of stalking 135
ii. Meaning of Stalking 135
iii. Meaning of Cyber Stalking 136
iv. Comparison between Cyber Stalking and Real 136
World Stalking
a. Major Similarities 136
b. Major Differences 137
v. Stalking Behaviour 137
a. Live chat or Internet Relay Chat (IRC) 138
b. Message boards and newspapers 138
xix
c. E-mail boxes 138
vi. Reasons for Stalking by a Stalker 138
a. Simple Obessional 138
b. Erotomanic 139
c. Love Obessional 139
vii. False Victimization Syndrome 140
viii. Stalking and the Legal Regime 140
a. Stalking and Tort Law – the Civil Remedy 140
b. Criminal Offences 142
c. Stalking and the Non-fatal Offences against 142
the Person
d. Inflicting grievous bodily harm and voluntarily 142
causing hurt/grievous hurt
e. Assault 143
f. Public Nuisance 145
g. Legal Elements of Stalking 146
Course of Conduct 146
Threat requirements and Intent 146
Immediate Family 147
ix. Cyber Stalking – Do’s and Dont’s 147
a. Prevention Tips 147
b. Measures to be taken if you are being Cyber stalked 148
5. Cyber Defamation 149
i. Meaning of defamation 149
ii. Meaning of Cyber defamation 149
iii. Ingredients of Defamation 149
iv. Various Legal Issues in Online Defamation 150
a. Time of occurrence of publication 150
b. Mode of publication 151
c. Place of Publication and Jurisdictional issues 151
d. Liability of Internet Service Provider (ISP) or 153
Website Promoter for publication
xx
v. Online Defamation Laws and Judicial Approach in 154
Various Countries
a. U.S.A. 154
b. U.K. 158
c. Canada 159
d. India 159
vi. Factors to be taken into consideration for determining 162
liability in Online Defamation
vii. Combating cyber defamation 163
6. Cyber Terrorism 164
i. Historical background 164
ii. Concept of Cyber Terrorism 164
iii. National Security 165
a. Confidentiality 165
b. Secret Information 165
c. More Secret Information 165
iv. Modes of Cyber Terrorism 166
a. Cyber Terrorism is the forerunner of Warfare 166
b. International Cyber Terrorist Attack 166
c. Use of Computer System and Internet Facilities 166
d. Cyber Terrorists use Encryption Programme and 166
Digital Signature
e. Terrorists now using Information and Communication 166
Technology (ICT) including Satellite Transmission
f. Flowing ‘worms’, ‘virus’, and ‘Trojan horse’. 166
v. Evolution of Cyber Terrorism 167
vi. International Initiatives to Prevent and Control 168
Cyber Terrorism
a. International Ministerial Conference 168
b. The Justice and Home Affairs Council 168
c. The News Conference of the G-8 Countries 168
d. European Committee on Crime Problems 169
xxi
vii. The United Kingdom’s (U.K.’s) Initiatives to fight 170
against Cyber Terrorism
viii. The United State’s (U.S.’s) Initiatives to Prevent and 171
Control Cyber Terrorism
a. The Patriot Act, 2001 172
b. US is signatory to the Convention on Cyber Crime 173
c. Cyber Security Enhancement Act, 2002 173
ix. Prevention and Control of Cyber Terrorism in India 175
a. Propensity of Terrorist for Hacking 175
b. Use of Telephone and Mobile by Cyber Terrorists 177
c. Attack on the Indian Parliament on Dec. 13, 2001 177
d. Encryption of Message 177
e. Cyber Terrorism in Jammu and Kashmir 178
f. Some new tools used by Cyber Terrorists 178
g. Use of Trojan horse and viruses by Cyber Terrorists 179
h. Indian link with Al-Qaida 179
i. The Information Technology Act, 2000 and Cyber 179
Terrorism
Protected system 180
Other preventive and controlling measures 180
Indian Computer Emergency Response Team 181
J. Review 182-184
CHAPTER - IV INTELLECTUAL PROPERTY RIGHTS IN 185-256
CYBER SPACE
A. Introduction 185
B. Trademarks on the Internet 185-219
1. Overview of the Law on Trademarks 185
i. Origin of Trademarks 185
ii. Functions of Trademark 186
a. Identification Function 186
b. Quality Function 186
c. Advertisement Function 186
xxii
d. Economic Function 186
iii. Meaning of Trademark 187
iv. Conditions for Registration of a Trademark 187
a. Absolute Grounds for Refusal of Registration 187
of a Trademark
Lack of Distinctive Character 187
Inherent Distinctiveness 187
Acquired Distinctiveness 187
Use of Descriptive Marks in Trademark 188
Use of Generic Marks in Trademark 188
Deceptive Trademark 188
Trademark Hurting Religious Feelings 188
Statutorily Prohibited Trademark 189
Shape of Goods as Trademark 189
b. Relative Grounds for Refusal of Registration 189
of a Trademark
Causes Confusion to Public 189
Damaging the Goodwill of an Earlier Trademark 189
Prohibited by Law 189
v. Procedure for Registration of a Trademark 189
a. Application for Registration 190
b. Withdrawal of Acceptance 190
c. Advertisement of Application 190
d. Opposition of Application 190
e. Registration 191
vi. Term of Protection of a Trademark 191
vii. Infringement and Passing Off 191
a. Infringement 191
b. Passing Off 192
2. Domain Names 194
i. Anatomy of Domain Names 194
ii. Classification of Domain Names 195
xxiii
a. Generic Top Level Domains (gTLD) 195
b. Country Code Top Level Domain (ccTLD) 197
iii. Procedure for Registration of Domain Names 198
a. Procedure for Registration of Generic Top Level 198
Domain Name (gTLD)
b. Procedure for Registration of Country Code Top 199
Level Domain (.in) in India
iv. Nexus between Trademark and Domain Name 200
3. Types of Trademarks – Domain Names Disputes 205
i. Cyber Squatting 205
a. Ingredients of Cyber Squatting 205
b. Genesis of the Problem of Cyber Squatting 206
c. Methods to Recognize Cyber Squatting 206
d. Judicial Approach toward Cyber Squatting 207
ii. Typo Squatting 208
iii. Trademark Dilution by the Use of Meta Tags 209
a. Meaning of Meta Tags 209
b. Trademark Infringement through Meta Tags 210
c. Judicial Approach towards Meta Tags 211
4. Reverse Domain Name Hijacking (RDNH) 212
i. Evolution of the Concept of RDNH 212
ii. Definition of RDNH 213
iii. Prevention of RDNH 213
a. Protecting Legitimate Registrants 213
b. Deterring Trademark Holders from 213
Misusing Ownership
iv. Remedies available to a Victim of RDNH 214
v. Uniform Dispute Resolution Policy and RDNH 214
a. Deficiency in UDRP 214
b. Role of Arbitration Panels 215
vi. Judicial Approach towards RDNH 215
C. Copyrights on the Internet 219-241
xxiv
1. Overview of the Law on Copyrights 219
i. Introduction 219
ii. WIPO Treaties 220
iii. Registration of Copyright 221
iv. Protection of Multimedia Works 222
v. Multimedia under the Copyright act, 1957 224
2. Linking 225
i. Introduction 225
ii. Liability for Linking under Indian Law 228
iii. Inlining 230
iv. Inlining and Indian Law 232
3. Framing 234
i. Definition of Framing 234
ii. Legality of Framing under Indian Law 235
4. Protection of Website Content 236
i. Introduction 236
ii. Liability of Internet Service Provider (ISP) 236
for Copyright Infringement 238
iii. ISPs Liability under the Copyright Act, 1957 239
iv. ISPs Liability under the Information Technology 239
Act, 2000
v. Classification of ISPs under the IT ACT, 2000 239
vi. Filtering ISPs Liability through IT Act, 2000 240
vii. Exemption of an ISP from Liability for 240
Copyright Infringement
viii. Impleadment of ISPs in the Cases of Copyright 241
Infringement on the Internet
D. Patents on the Internet 242-255
1. Overview of the Law on Patents 242
i. Origin of Patents 242
ii. Subject-matter of Patents 243
a. Processes 243
xxv
b. Products 243
iii. Criteria of Patentability 243
a. Novelty 243
b. Inventive Step 243
c. Industrial Application 243
iv. Exclusion from Patentability 243
v. Procedure for Grant of Patent 245
vi. Revocation of Patents 246
vii. Rights of Patentee 246
viii. Term of Protection 246
2. Business Method Patents 246
i. History of Business Method Patents 247
ii. Patentability of Business Method Patents 247
a. American Perspective 247
Pre-Street Bank Case 247
Street Bank Case 248
Post- Street Bank Case 248
b. European Perspective 249
3. Software Patents 250
i. History of Software Patents 250
ii. European Union Perspective 253
4. Criticism of Business Method Patents and Software Patents 254
i. Patentable Subject-matter is Different 255
ii. Search for Prior Art is Difficult 255
iii. Obviousness is a Problem 255
iv. Training and Skills in Business Methods and 255
Computer Science are Limited
E. Review 255-256
CHAPTER - V JURISDICTIONS AND THE INTERNET: A 257-301
GLOBAL MEDIUM IN A TERRITORIAL
WORLD
A. Introduction 257
xxvi
B. International Law and Jurisdiction in Cyberspace 257-269
1. Meaning of Jurisdiction 257
2. Issues of Jurisdiction 257
i. Prescriptive Jurisdiction 257
ii. Enforcement Jurisdiction 258
3. Jurisdiction under the Indian Information Technology Act, 258
2000.
4. International Law 258
i. Types of International Law 258
a. Public International Law 259
b. Private International Law 259
ii. Extra-territorial Jurisdiction 259
a. Meaning of Extra-territorial Jurisdiction 259
b. Sources of Extra-territorial Jurisdiction 259
Territorial Principle 259
Objective Territorial Principle 260
Subjective Territorial Principle 260
Nationality Principle 260
Protective Principle 261
Passive Personality Principle 261
Effects Principle 261
Universality Principle 262
5. International Law and State Law 262
i. Application of International Law by Courts 262
ii. Application of International Law by 264
International Tribunals
6. Jurisdiction in Cyberspace 264
i. Convention on Cybercrime 265
ii. Extraditable Offences 265
iii. Cybercrimes – are they extraditable offences 267
C. Personal Jurisdiction in Cyberspace 269-301
1. Introduction 269
xxvii
2. U.S. Approach to Personal Jurisdiction 269
i. Personal Jurisdiction 270
a. Meaning of Personal Jurisdiction 270
b. Types of Personal Jurisdiction 270
General Jurisdiction 270
Specific Jurisdiction 270
ii. Enactments of Long-arm Statute 271
iii. Due Process of Law 271
iv. Establishing Personal Jurisdiction 271
v. Establishing Personal Jurisdiction in Cyberspace 273
vi. Nature of Website 273
a. Passive Website 273
b. Interactive Website 274
c. Interactive ‘Mixed’ Website 277
vii. Sliding Scale Approach 277
viii. Limit of Interactivity criterion 279
ix. Interactivity: Online + Offline 281
x. Forum State Targeting 282
xi. Effect Test and Online Transaction 283
xii. Jurisdiction on the basis of Online Contract 285
xiii. Forum Selection Clauses: Click-trap Contacts 285
xiv. Jurisdiction based on the Location of a Web Server 287
3. European Approach to Personal Jurisdiction 288
i. Brussels Regulation 288
ii. Applicability of the Brussels Regulation in 288
Online Environment
iii. Rome Convention 289
iv. Applicability of the Rome Convention in 290
Online Environment
4. Indian Approach to Personal Jurisdiction 291
i. Jurisdiction based on Forum of Choice 292
ii. Jurisdiction based on Code of Civil Procedure, 1908 293
xxviii
a. Basis of Jurisdiction 293
b. Cause of Action and Contractual Obligations 296
iii. Choice of Law 296
iv. Jurisdiction based on Criminal Procedure Code, 1973 298
v. Criteria of accepting Foreign Judgment 299
D. Review 301
CHAPTER – VI ELECTRONIC EVIDENCE: TRACKING 302-336
DIGITAL FOOTPRINTS
A. Introduction 302-303
B. Information system 303
C. Evidentiary regime and the Internet 303-305
D. Types of evidence 305-306
1. Real Evidence 305
2. Hearsay Evidence 305
3. Derived Evidence 306
E. Video-conferencing and Evidence 306-307
F. Admissibility 307
G. Nature of Threshold Requirement 307-311
1. Certification 307
2. Problems with Certification and Internet-based 309
evidence
i. Continuity of Access Evidence 309
ii. False Identification – Spoofing 310
H. Burden of Proof 311-313
I. Admissibility of Electronic Record 313-314
J. Document 314
K. Evidentiary Document 314-317
1. Indian Law 314
2. The UNCITRAL Model Law 316
3. The Information Technology Act, 2000 316
L. Writing 317-318
1. Indian Law 317
xxix
2. The UNCITRAL Model Law 318
3. The Information Technology Act, 2000 318
M. Rule against Hearsay 318-326
1. United States 320
2. United Kingdom 323
3. Canada 324
4. India 326
N. Paper versus Electronic Document 326-328
1. Paper Document 326
2. Electronic Document 327
O. Proof 328
P. Authenticity 328-330
Q. Electronic Signature 330
R. Primary or Secondary Evidence 330
S. Best Evidence Rule 331
T. Public versus Private Documents 331
U. Effect of Electronic Evidence 332-334
V. Forensic Computing 334
W. Electronic message – Communication through 334-335
X. Review 335-336
CHAPTER – VII STATUTORY PROVISIONS 337-392
REGARDING CYBER CRIMES IN
INDIA: THE INFORMATION TECHNOLOGY
ACT, 2000 AND THE INFORMATION
TECHNOLOGY (AMENDMENT) ACT, 2008
A. Introduction: Need for enactment of the IT Act, 2000 337-338
1. National reasons 337
2. International reasons 337
B. Aims and objectives of the IT Act, 2000 338-339
C. Digital Signature and Electronic Signature 339-342
1. Digital Signature 339
i. Definition of digital signature 339
xxx
ii. Functions of digital signature 339
iii. Legal provisions relating to digital signature 339
a. Authentication of electronic records 339
b. Authentication by use of asymmetric crypto system 340
and hash function
c. Verification of electronic records 340
d. Private key and public key are unique 340
2. Electronic signature 340
i. Definition of electronic signature 340
ii. Legal provisions relating to electronic signature 340
a. Authentication of electronic record by electronic 341
signature
b. Reliable electronic signature or electronic 341
authentication technique
c. Verification of electronic signature 341
3. Secure Electronic Records and Secure Electronic 341
Signatures
i. Secure electronic record 341
ii. Secure electronic signature 341
iii. Security procedure and practices 342
D. Electronic Governance 342-350
1. Meaning of e-governance 342
2. Objectives of e-governance 343
3. Advantages of e-governance 344
4. E-governance and law in India 344
i. Legal recognition of electronic records 344
ii. Legal recognition of electronic signatures 344
iii. Use of electronic records and digital signatures in 345
govt. and its agencies
iv. Delivery of services by service provider 345
v. Retention of electronic records 346
vi. Audit of documents, etc., maintained in electronic 347
form
xxxi
vii. Publication of rule, regulation etc. in electronic 347
gazette
viii. No right to insist that document should be 347
accepted in electronic form
ix. Power to make rules by central government in 347
respect of electronic signatures
5. E-governance projects in India: An Overview 348
i. Gyandoot (Madhya Pradesh) 348
ii. Gramdoot (Rajasthan) 348
iii. Bhoomi (Karnataka) 349
iv. Warana (Maharashtra) 349
v. Rajnidhi Information Kiosks (Rajasthan) 349
vi. Package for Effective Administration of Registration 349
Laws Project (Kerara)
vii. Single Window Clearance System (Delhi) 349
E. Electronic Contract 350-352
1. Validity of contracts formed through electronic means 350
2. Attribution, Acknowledge and Dispatch of Electronic 350
Records
i. Attribution of electronic records 350
ii. Acknowledgement of receipt 350
a. Acknowledgement not in a particular form or by a 350
particular method
b. When electronic record is binding 351
Where the originator has stipulated that the 351
electronic record shall be binding only on receipt of
acknowledgement
Where the originator has not stipulated that the
electronic record shall be binding only on receipt 351
iii. Time and place of dispatch and receipt of electronic record 351
a. Time of dispatch of e-record 351
b. Time of receipt of e-record 351
xxxii
c. Place of dispatch of e-record 352
d. Place of receipt of e-record 352
F. Regulation of Certifying Authorities 352-355
1. Appointment of Controller and other officers 352
i. Functions to be performed by CCAs 352
ii. Functions to be performed by Deputy CCAs 352
or Assistant CCAs
iii. Qualification, experience, terms and conditions 353
of service
iv. Head office and Branch office of the Controller 353
2. Functions of Controller 353
3. Recognition of Foreign Certifying Authorities 353
i. Electronic signature certificate issued by foreign 353
certifying authority
ii. Revocation of licence of foreign certifying authority 353
4. License to issue Electronic Signature Certificates 354
i. Requirement for granting licence 354
ii. Validity period of licence 354
5. Application for license 354
6. Renewal of license 354
7. Procedure for grant or rejection of licence 355
G. Electronic Signature Certificates 355-358
1. Application for granting of Electronic Signature Certificate 355
2. Fee 355
3. Documents to be attached with application 355
4. Granting of electronic signature certificate 355
5. Representation upon issuance of Digital 356
Signature Certificate
6. Suspension of Digital Signature Certificate 356
7. Revocation of Digital Signature Certificate 357
8. Notice of suspension or revocation 358
H. Subscriber 358-360
xxxiii
1. Definition of Subscriber 358
2. Procedure for becoming a subscriber 358
3. Duties of subscriber 359
i. Generating key pair 359
ii. Duties of subscriber of Electronic Signature 359
Certificate
iii. Acceptance of Digital Signature Certificate 359
iv. Control of private key 360
I. Penalties, Compensation and Adjudication 360-364
1. Penalty and compensation for damage to computer, 360
computer system etc
2. Compensation for failure to protect data 362
3. Penalty for failure to furnish information, return, etc 363
4. Residuary penalty 363
5. Power to adjudicate 363
6. Factors to be taken into account by the adjudicating officer 364
J. Cyber Appellate Tribunal (CAT) 365-373
1. Establishment of Cyber Appellate Tribunal 365
2. Composition of Cyber Appellate Tribunal 365
3. Qualification for appointment as Chairperson and 366
Members of the CAT
4. Term of office, conditions of service, etc. 366
of Chairperson and Members
5. Salary, allowances and other conditions of 367
service of Chairperson and Members
6. Powers of superintendence, direction, etc 367
7. Distribution of business among Benches 367
8. Power of Chairperson to transfer cases 367
9. Decision by majority 368
10. Filling up of vacancies 368
11. Resignation and removal 368
xxxiv
12. Orders constituting Tribunal to be final and 369
not to invalidate its proceedings
13. Staff of the Cyber Appellate Tribunal 369
14. Appeal to Cyber Appellate Tribunal 369
i. No appeal against order made with the consent 369
of parties
ii. Limitation period for filing an appeal 369
iii. Order of the cyber appellate tribunal 370
iv. Copy of the order 370
v. Limitation period for deciding an appeal 370
15. Procedure and powers of the Cyber 370
Appellate Tribunal
i. Procedure of the cyber appellate tribunal 370
ii. Power of the cyber appellate tribunal 370
iii. Proceedings of the cyber appellate tribunal 371
16. Right to legal representation 371
17. Limitation Period 371
18. Civil Court not to have jurisdiction 371
19. Appeal to High Court 372
20. Compounding of contraventions 372
21. Recovery of penalty and compensation 373
K. Offences 373-387
1. Tampering with computer source documents 373
2. Computer related offences 373
3. Punishment for sending offensive message 373
through communication service, etc
4. Punishment for dishonestly receiving stolen 374
computer resource or communication device
5. Punishment for identity theft 374
6. Punishment for cheating by personation by 374
using computer resource
7. Punishment for violation of privacy 375
xxxv
8. Punishment for Cyber terrorism 375
9. Punishment for publishing or transmitting 376
obscene material in electronic form
10. Punishment for publishing or transmitting of 376
material containing sexually explicit act, etc.,
in electronic form
11. Punishment for publishing or transmitting of 377
material depicting children in sexually explicit
act, etc., in electronic form
12. Preservation and retention of information by 378
intermediaries
13. Power of Controller to give directions 378
14. Power to issue directions for interception or 378
monitoring or decryption of any information
through any computer resource
15. Power to issue directions for blocking for public 379
access of any information through any computer
resource
16. Power to authorize to monitor and collect traffic 380
data or information through any computer resource
for cyber security
17. Protected system 380
18. National nodal agency 381
19. Indian Computer Emergency Response Team to 381
serve as national agency for incident response
20. Penalty for misrepresentation 382
21. Penalty for breach of confidentiality and privacy 382
22. Punishment for disclosure of information in 383
breach of lawful contract
23. Penalty for publishing Electronic Signature Certificate 383
false in certain particulars
24. Publication for fraudulent purpose 384
xxxvi
25. Act to apply for offence or contravention committed 384
outside India
26. Confiscation 384
27. Compensation, penalties or confiscation not to interfere 385
with other punishments
28. Compounding of offences 385
29. Offences with three years imprisonment to 385
be bailable
30. Power to investigate offences 385
L. Intermediaries not to be liable in certain cases 387-388
M. Examiner of Electronic Evidence 388
N. Review: Grey areas of the IT Act, 2000 388-392
1. Jurisdiction 389
2. E-mail authenticity or its evidentiary value 389
3. Intellectual property rights 389
4. Domain name infringement 389
5. Cross-border tax 389
6. Failure to surrender licence is a non-cognizable 389
offence
7. Intermediary without directions 390
8. Only broad kinds of cyber crimes and contraventions 390
are covered
9. Important documents such as power of attorney etc. 391
are not covered
10. Statutory bodies may not accept electronic 391
documents
11. No parameters for implementation 391
CHAPTER – VIII GLOBAL PERSPECTIVE OF CYBER 393-425
CRIMES AND THE RELATED LAWS
A. Introduction 393
B. Internet as a Global Media 393
xxxvii
C. Need for International Cooperation to combat Cyber 393-394
Crimes
D. Efforts at the global level to combat cyber crimes 394-403
1. International de droit Ponel Conference in 394
Germany (1992)
2. Twenty-Second G-7 Summit on Cyber Crime (1996) 394
3. G-8 High-Tech Crime Working Group (1998) 395
4. Paris Cyber Crime Conference (2000) 395
5. Internet Treaty by Council of Europe (2001) 396
6. European Convention on Cyber Crime, Budapest 397
(November 2001)
7. European E-Commerce Directive, 2000 397
8. International Conference on E-Security, 398
Cyber Crime and Law (2004)
9. International Cyber Crime Conference, Ukraine (2004) 398
10. ASEAN Regional Forum (2004) 399
11. Asia Pacific Economic Cooperation (APEC) (2004) 399
12. International Cyber Crime Conference, Brazil (2006) 399
13. Eleventh Congress on Prevention of Crime and 400
Treatment of Offenders (2005)
14. Seventh International Conference on Cyber Crime (2007) 400
15. International Conference on Terrorism and Organized 401
Crimes (2008)
16. Third International Conference on Security and Privacy 401
Issues in Information Technology (2008)
17. Conference on Cyber Security Protective Strategies (2009) 401
18. International Conference on Digital Forensics and 401
Cyber Crime (2009)
19. Fifth Annual Conference on Cyber Crime, Council 402
of Europe (2010)
20. U.N. Crime Prevention Congress (April 2010) 403
xxxviii
21. Fourth International Conference on Cyber Law 403
(August 2010)
E. Cyber Law of various Countries 403-422
1. United States 404
i. US Federal Criminal Code 404
a. Fraud and related activities in connection with 404
access devices
b. Fraud and related activities in connection with computers 406
c. Communication lines, stations and systems 409
ii. US Privacy Protection Act, 1980 409
iii. US Computer Security Act, 1987 410
2. Canada 410
3. United Kingdom 410
i. Computer Misuse Act, 1990 410
ii. Computer Act, 2006 411
4. Australia 411
i. Unauthorized access 411
ii. Unauthorized modification of data 411
iii. Unauthorized impairment of communication 412
5. Germany 412
6. Denmark 413
7. Poland 414
8. Turkey 415
9. Japan 415
i. Unauthorized Computer Access Act, 2000 415
a. Prohibition of acts of unauthorized computer access 415
b. Prohibition of acts of facilitating unauthorized 416
computer access
ii. Computer Crime Act, 1999 417
10. Sweden 417
11. France 417
12. Spain 418
xxxix
13. Russia 418
14. China 419
15. Philippines 419
16. Mauritius 419
17. Sri Lanka 420
18. Bangladesh 421
19. Pakistan 421
F. International Agencies for regulating E-Commerce 422-424
1. World Trade Organization (WTO) 422
2. WIPO Internet Copyright Treaty, 1996 423
3. Internet Cooperation for Assigned Names and 424
Numbers (ICANN)
G. Review 424-425
CHAPTER – IX CONCLUSION AND SUGGESTIONS 426-450
A. General 426-427
B. Conclusion 427-430
C. Suggestions 430-450
1. Net Security be tightened up 432
2. Use of Encryption Technology 433
3. Intrusion Management 433
4. False E-mail identity registration be treated as an offence 434
5. Self-regulation by Computer and Net Users 435
6. Liberalization of Law relating to Search and Seizure 435
7. Use of Voice-recognizer, Filter Software and 435
Caller ID for Protection against Unauthorized Access 436
8. Development of Cyber Forensics and Biometric 436
Techniques
i. Computer forensics 436
ii. Cyber forensics 436
iii. Software forensics 436
xl
9. Need to establish a Computer Crime Research and 437
Development Centre.
10. Need for a Universal Legal Regulatory Mechanism 437
11. Global Code of Digital Law for resolving Intellectual 439
Property Rights related disputes
12. Need for Universalization of Cyber Law 439
13. Interpol and Emergency Response Computer 439
Security Team
14. Combating the Menace of Cyber Terrorism 440
15. Special Cyber Crime Investigation Cell for 441
Hi-Tech Crimes
16. E-Judiciary and Video-Conferencing for Speedy Justice 441
17. Need for Cyber Crime Reporter or Cyber Law Journal 442
18. The Information Technology (Amendment) Act, 443
2008 – A Step in the right direction
19. Digital Time Stamping System (DTS) 443
20. Extradition Treaty: Need of the Hour 444
21. Establishment of Special Cyber Courts to try Cyber Crimes 444
22. Diffusion of Internet Technology in India 444
23. Technical Means for Blocking of Errant Websites 445
24. Planting of Baits in Cyberspace for Worms and Viruses 445
25. Regulation of Social Networking Sites 446
26. Decentralization of the National Informatics Centre 446
27. Appointments under the IT Act, 2000: Fair, Transparent 446
and Speedy
28. Need for Increased Awareness among Victims of 447
Cyber Crimes
29. Need for Imparting Training to Officials to Investigate 447
Cyber Crimes
30. Need for connecting Cyber Cafes with Police Control 448
Rooms
xli
31. Periodical reviewing of licenses of Internet Service 448
Providers (ISPs)
32. Need for Development of Anti-hijacking Software 448
33. Encouragement of Cyber Crime Victims to Lodge 449
Complaints
34. Need for Modernization of Existing Laws and 449
Enactment of New Laws
35. Implementation of the Recommendations of 449
Malimath Committee on Reforms in the Criminal
Justice System
i. Investigation 450
ii. Intelligence Network 450
iii. Training of Officials 450
36. Computer and Cyber crime: Education and Awareness 450
