Information Technology, cybersecurity and protection.docx

Cybercrime in a broader sense (computer-related crime): Any illegal behavior committed by means of, or in relation to, a computer system or network, including such crimes as illegal possession and
offering or distributing information by means of a computer system or network.
 Any contract for the sale or conveyance of immovable property or any interest in such property;
 Any such class of documents or transactions as may be notified by the Central Government
Cyber terrorists usually use the computer as a tool, target, or both for their unlawful act either to gain information which can result in heavy loss/damage to the owner of that intangible sensitive
information. Internet is one of the means by which the offenders can gain such price sensitive information of companies, firms, individuals, banks, intellectual property crimes (such as stealing new
product plans, its description, market programme plans, list of customers etc.), selling illegal articles, pornography etc. this is done through many methods such as phishing, spoofing, pharming, internet
phising, wire transfer etc. and use it to their own advantage without the consent of the individual.
Many banks, financial institutions, investment houses, brokering firms etc. are being victimised and threatened by the cyber terrorists to pay extortion money to keep their sensitive information intact to
avoid huge damages. And its been reported that many institutions in US, Britain and Europe have secretly paid them to prevent huge meltdown or collapse of confidence among their consumers.
13. Steps to prevent cyber crime:-
1. Never disclose your personal information publicly on websites. This is as good as disclosing your identity to strangers in public place.
2. Always avoid sending any photograph online particularly to strangers and chat friends as there have been incidents of misuse of the photographs.
3. Never enter your credit card number to any site that is not secured, to prevent its misuse.
4. Always keep a watch on the sites that your children are accessing to prevent any kind of harassment or depravation in children
5. Always use latest and updated Antivirus software to guard against virus attacks.
6. To prevent loss of data due to virus attacks, always keep back up of your data.
7. It is advisable to use a security program that gives control over the cookies and send information back to the site, as leaving the cookies unguarded might prove fatal.
8. Use of firewalls proves beneficial.
9. Website owners should watch traffic and check any irregularity on the site. Putting host-based intrusion detection devices on servers will serve the purpose.
Capacity of human mind is profound. It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them. History is the witness that no legislation has succeeded in totally
eliminating crime from the globe. The only possible step is to make people aware of their rights and duties and to guard ourselves so that crime has no effect on us.
4. Hacking
In simple words, hacking is an act committed by an intruder by accessing your computer system without your permission. Hackers (the people doing the ‘hacking’) are basically computer programmers,
who have an advanced understanding of computers and commonly misuse this knowledge for devious reasons. They’re usually technology buffs who have expert-level skills in one particular software
program or language. As for motives, there could be several, but the most common are pretty simple and can be explained by a human tendency such as greed, fame, power, etc. Some people do it purely

to show-off their expertise – ranging from relatively harmless activities such as modifying software (and even hardware) to carry out tasks that are outside the creator’s intent, others just want to cause
destruction.
Greed and sometimes voyeuristic tendencies may cause a hacker to break into systems to steal personal banking information, a corporation’s financial data, etc. They also try and modify systems so that
they can execute tasks at their whims. Hackers displaying such destructive conduct are also called “Crackers” at times. they are also called “Black Hat” hackers On the other hand, there are those who
develop an interest in computer hacking just out of intellectual curiosity. Some companies hire these computer enthusiasts to find flaws in their security systems and help fix them. Referred to as “White
Hat” hackers, these guys are against the abuse of computer systems. They attempt to break into network systems purely to alert the owners of flaws. It’s not always altruistic, though, because many do
this for fame as well, in order to land jobs with top companies, or just to be termed as security experts. “Grey Hat” is another term used to refer to hacking activities that are a cross between black and
white hacking.
Some of the most famous computer geniuses were once hackers who went on to use their skills for constructive technological development. Dennis Ritchie and Ken Thompson, the creators of the UNIX
operating system (Linux’s predecessor), were two of them. Shawn Fanning, the developer of Napster, Mark Zuckerberg of Facebook fame, and many more are also examples. The first step towards
preventing hackers from gaining access to your systems is to learn how hacking is done. Of course it is beyond the scope of this Fast Track to go into great details, but we will cover the various
techniques used by hackers to get to you via the internet.
a. SQL Injections: b. Theft of FTP Passwords: c. unauthorised input or alteration of input
d. alteration of computerised data e. alteration or misused of programmes f. destruction of
output from computer process.
Security measures that can prevent hacking
Passwords
Passwords are divices developed in the main-frame environment to prevent access to intruders. However, the developments in technology have made passwords vulnerable to successful attacks of the
intruders. The shorter the password, the faster it will be cracked. These days pass-phrases as against passwords are used. Dynamic synchronized password schemes are also used which change the
password in both the host and the user token. This scheme combines two-factor identification with dynamic synchronization.
Firewalls
It was developed in mid 1980's by the American Department of Defence for protecting classical documents from being accessed or leaked. It creates a 'Wall' between a network and possible intruders. It
rests on router and filters all the electronic data packets send to it from the LAN and the outside connection.
Clipper Chip
Clipper chip is used to prevent cellular based security breaches. It is a single key based algorithm SKIPJACK. It is government sponsored designed by the American National Security Agency (NSA)
with a sole object to prevent private parties from using encrypted cellular-based communications for illegal
purposes.
Routers or Gateways
A router is a device that employs special communication protocols. The protocols allow, at a minimum the passing of information from the Internet to LAN destination and vice-versa.
Gateway is either hardware or software that is used to translate protocol between two or more systems. A gateway has its own processor and memory, and can perform protocol conversion.
Routers or gateway filters messages which are destined for recipient outside the local network and receive messages from remote network to be delivered locally on the LAN. These help in detecting
errors with the help of additional protocols.

Encryption
It refers to any algorithm applied to any electronic record that converts plain text into cypher text, rendering it meaninglessly for one except the one who has a key to decrypt it . encryption technology
has significantly increased the security of online commerce.
Digital signature
It safeguards information and prevent it from falsification or alteration. they are created by various means of cryptography by applying algorithm. They are considered as a part of legal infrastructure in
information security field.
Other Security Measures
There are free software programmes which could detect any security breach. These include, 'Security Administrator Tool for Analysing Networks (SATAN) programme, 'COPS, 'Omni guard/Enterprise
Access Control for UNIX', and 'Net probe.'
There are other programs on payment
5.Laws on hacking in India
Section 43 and section of the IT Act 66 cover the civil and criminal offenses of data theft or hacking respectively.
Under sec 66 of the IT Act hacking with computer system:
(1) any person with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer
resource or diminishes its value or utility or affects it injuriously by any means , commits hacking.
(2) shall be punished with 3 years imprisonment or with fine which may extend to 2 lakhs. Or both.
Kumar v/s Whiteley In this case the accused gained unauthorized access to the Joint Academic Network (JANET) and deleted, added files and changed the passwords to deny access to the authorized
users.Investigations had revealed that Kumar was logging on to the BSNL broadband Internet connection as if he was the authorized genuine user and ‘made alteration in the computer database
pertaining to broadband Internet user accounts’ of the subscribers.The CBI had registered a cyber crime case against Kumar and carried out investigations on the basis of a complaint by the Press
Information Bureau, Chennai, which detected the unauthorised use of broadband Internet. The complaint also stated that the subscribers had incurred a loss of Rs 38,248 due to Kumar’s wrongful act. He
used to ‘hack’ sites from Bangalore, Chennai and other cities too, they said.
Verdict: The Additional Chief Metropolitan Magistrate, Egmore, Chennai, sentenced N G Arun Kumar, the techie from Bangalore to undergo a rigorous imprisonment for one year with a fine of Rs
5,000 under section 420 IPC (cheating) and Section 66 of IT Act (Computer related Offense).
Under section 43, a simple civil offense where a person without permission of the owner accesses the computer and extracts any data or damages the data contained therein will come under civil liability.
The cracker shall be liable to pay compensation to the affected people. Under the ITA 2000, the maximum cap for compensation was fine at Rs. One crore. However in the amendment made in 2008, this
ceiling was removed. Section 43A was added in the amendment in 2008 to include corporate shed where the employees stole information from the secret files of the company.
Section 66B covers punishment for receiving stolen computer resource or information. The punishment includes imprisonment for one year or a fine of rupees one lakh or both. Mens rea is an important
ingredient under section 66A. Intention or the knowledge to cause wrongful loss to others i.e. the existence of criminal intention and the evil mind i.e. concept of mens rea, destruction, deletion,
alteration or diminishing in value or utility of data are all the major ingredients to bring any act under this Section.

along with that sections 379 and 406 of IPC, 1860 are also applicable. The victim can file a complaint in the nearest police station where the above crime has been committed or where he comes to know
about the said crime. As per sec 77B of the Act,2000 the above offences are cognizable and bailable, while sec 379 of IPC is applied along with other section the said offence is cognizable, non-bailable,
compoundable with permission of the court before which the prosecution of such offence is pending and triable by any magistrate.

The jurisdiction of the case in cyber laws is mostly disputed. Cyber crime does not happen in a particular territory. It is geography less and borderless. So it gets very difficult to determine the
jurisdiction under which the case has to be filed. Suppose a person works from multiple places and his data gets stolen from a city while he resides in some other city, there will be a dispute as to where
the complaint should be filed.
8. Cyber Pornography
Cyber pornography refers to stimulating sexual or other erotic activities over the Internet. This would include pornographic Web sites, pornographic magazines produced using computers to publish and
print the material and the Internet to download and transmit pornographic pictures, photos, writings, etc.
The Encyclopedia of Ethics has defined pornography as "the sexually explicit depiction of persons, in words or images, created with the primary, proximate aim and reasonable hope, of eliciting
significant sexual arousal on the part of the consumer of such material."
The graphic, sexually explicit subordination of woman through pictures and/or words that also includes. Pornography is verbal or pictorial material which represents or describes sexual behaviour that is
degrading or abusive to one or more of the participants in such a ways as to endorse the degradation. Behaviour that is degrading or abusive includes physical harm or abuse and physical or
psychological coercion. In addition, behaviour that ignores or devalues the real interest, desires and experiences of one or more participants in any way is degrading. Finally, that a person has chosen or
consented to be harmed, abused, or subjected to coercion does not alter the degrading character of such behaviour.
The word 'pornography' has been defined in City of Youngstown v. De Loreto (USA, 1969) thus: "Pornography is the portrayal of erotic behaviour designed to cause sexual excitement. It is words, acts,
or representations that are calculated to stimulate sex feelings independent of the presence of another loved and chosen human being. It is divorced from reality in its sole purpose to stimulate erotic
response. It is preoccupied with and concentrates on sex organs for the purpose of sexual stimulation. It emphasizes them and focus on them in varying ways calculated to incite sexual desire."
A 2002 report suggest that online pornography industry is growing at an alarming rate. This report reveals that online pornography industry generated approximately $ I billion annually with growth
projections to $ 5-7 billion over the next five years.
In canada, the Supreme Court described 'Pornography' in R v. Butler as follows: "Pornography can be usefully divided into three categories:
(1 ) explicit sex with violence,
(2) explicit sex without violence but which subjects people to treatment that is degrading or dehumanizing and
3) explicit sex without violence that is neither degrading nor dehumanizing. Violence in this context includes both actual physical violence and threats of physical violence. Sex coupled with crime,
horror or cruelty will sometimes involve violence. Cruelty, for instance, will usually do so. But, even in the absence of violence, sex coupled with crime, horror or cruelty may fall within the second
category.
The portrayal of sex coupled with violence will almost always constitute the undue exploitation of sex. Explicit sex which is degrading or dehumanizing may be undue if the risk of harm is substantial.
Finally, explicit sex that is not violent and neither degrading nor dehumanizing is generally tolerated in our society and will not qualify as the undue exploitation of sex unless it employs children in its
production.
Laws on cyber pornography in India
To stop cyber pornography and especially child pornography, it has been made a punishable ofp;.fence under the IT Act, 2000. In this regard, there are two relevant sections in this Act, such as –
1)Section 67 – Punishment for publishing or transmitting obscene material in electronic form Whoever publishes or transmits or causes to be published in the electronic form, any material which is
lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter
contained or embodied in it,shall be punished on first conviction with imprisonment of either description for a term which may extend to two three years and with fine which may extend to five lakh
rupees andin the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.
2)Section 67A provides for punishment for publishing or transmitting of material containing sexually explicit act, etc. in electronic form. It states that whoever publishes or transmits or causes to be
published or transmitted in the electronic form any material which contains sexually explicit act or conduct shall be punished on first conviction with imprisonment of either description for a term which
may extend to five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to
seven years and also with fine which may extend to ten lakh rupees.
3)Section 67B deals with punishment for publishing or transmitting of material depicting children in sexually explicit act, etc. in electronic form. It states that if a person - (a) publishes or transmits or
causes to be published or transmitted material in any electronic form which depicts children engaged in sexually explicit act or conduct; or (b) creates text or digital images, collects, seeks, browses,

downloads, advertises, promotes, exchanges or distributes material in any electronic form depicting children in obscene or indecent or sexually explicit manner; or (c) cultivates, entices or induces
children to online relationship with one or more children for and on sexually explicit act or in a manner that may offend a reasonable adult on the computer resource; or (d) facilitates abusing children
online; or (e) records in any electronic form own abuse or that of others pertaining to sexually explicit act with children, shall be punished on first conviction with imprisonment of either description for a
term which may extend to five years and with a fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which
may extend to seven years and also with fine which may extend to ten lakh rupees:
In Hari Ram v. State of Rajasthan & Anr (No 907 of 2009 (Arising out of SLP (Crl) No. 3336 of 2006), it has been observed that the "law as now crystallized on a conjoint reading of Sections 2(K)
2( 1 ), 7A, 20 and 49 read with Rules 12 and 98, places beyond all doubt that all persons who were below the age of 18 years on the date of commission of the offence even prior to 1st April 2011, would
be treated as juveniles, even if the claim of juvenile was raised after they had attained the age of 18 years on or before the date of commencement of the Act and were undergoing sentence upon being
convicted".
In Delhi, an eleventh standard student of a public school, while having the oral sex with a girl student recorded the clip of approximately 2.30 minutes by his mobile and circulated amongst his friends.
The students were expelled from the school and two arrests were also made in the same conjunction. Later, the student arrested was granted bail.
The Delhi Police Cyber Crime Cell registered a case under Section 67 of the IT Act, 2000. A student of the Air Force Balbharati School, New Delhi was teased by all his classmates for having a
pockmarked face. He created a website at the URL www.amazinggents. 8m. net. On this site, lucid, explicit, sexual details were given about various 'sexy' girls and teachers of the school. The father of a
girl, being an Air Force Officer registered a case under Section 67 of the IT Act, 2000. The Police picked up the concerned student and kept him at Jimarpur (Delhi) Juvenile home. It was almost after
one week that the juvenile board granted bail to the 16 year old student.
In Mumbai a Swiss couple gathered slum children and then forced them to appear for obscene photographs. They then uploaded these photographs to websites specially designed for pedophile. The
Mumbai Police arrested the couple for child pornography.
Cyber Terrorism
Meaning of 'Cyber Terrorism'
'Terrorism' is a much used term, with many definitions. According to the US Department of State, the term 'terrorism' means premeditated, politically motivated violence perpetrated against non-
combatant targets by sub-national groups or clandestine agents. As the Times of India reports, the rising threat of terrorism has led to unprecedented levels of security of nation.
The traditional terrorism is a direct attack on lives of persons and property of enemy State or is based on religious or region or linguistic feeling.
The 21st Century witnessed the emergence of new terrorism which is called 'cyber terrorism' which was coined by Barry C. Collin. It is a controversial term.
The concept of Cyber terrorism, that is individuals or groups using the network capabilities of the information society to launch unlawful attacks and threats of attack against computers, networks and the
information stored therein to intimidate or coerce a government or its people in furtherance of political or social objectives, is newer, dating from around the turn of the millennium. Some authors choose
a very narrow definition relating to deployments, by known terrorist organizations, of disruption attacks against information systems for the primary purpose of creating alarm and panic. Cyber terrorism
can also be defined much more generally as given below:
Cyber Terrorism means illegal threats or targeted attacks to cause harm to computers and/or network, critical systems and information related to one or more countries that is aimed at intimidating its
government and the public or causing fear in the society for an illegal political, religions or social objectives. The acts of cyber terrorism include damage to the protected critical computer systems that
contain sensitive information of National interest, plane hijacking and crashes, automated, bomb explosions and damage to any public utility services which are managed by use of computer systems
such attacks may cause physical or virtual violence which cause direct damage of nation's people and property or results in riots.
According to Dorothy Denning, cyber terrorism is unlawful attacks against computers, networks and the information stored therein when done to intimidate or coerce a government or its people in
furtherance of political or social objectives.

The National Infrastructure Protection Center (NIPC), located at FBI Headquarters in Washington, D.C.' defines Cyber terrorism as "a criminal act perpetrated through computers resulting in violence,
death and/or destruction and creating terror for the purpose of coercing a government to change its policies".

The National Conference of State Legislature (NCSL), a Non Governmental Organization (NGO) of the US defines 'cyber terrorism' as
follows:
"The use of information technologies by terrorist groups and individuals to further their agenda: This can include use of information
technology to organ ize and execute attacks against networks, computer systems and telecommunication infrastructures, or for exchanging
information or making threats electronically. Examples are: hacking into computer systems, introducing viruses to vulnerable networks,
website defacing Denial-of-Service attacks or terrorist threats made via electronic communication".
As per Kevin G Coleman of the Technolytics Institute, "Cyber terrorism is the premeditated use of disruptive activities, or the threat thereof,
against cotnputers and/or networks, with the intention to cause harm or further social, ideological religious, political or similar objectives or
to intimidate any person in furtherance of such objectives".
Cyber terrorism is the use of internet based attacks in terrorist activities, including acts of deliberate, large - scale disruption of computer
networks, especially ofpcrsonal computers attached to the internet, by the means oftools such as computer viruses.
A combination of these definitions constructs the following definitions:
"Cyber terrorism is the politically motivated use ofcomputers as weapons or as targets, by sub-national groups or clandestine agents with
internet on violence, to influence an audience or cause a government to change its policies".
Terrorists have used IRC servers and channels in the past as a recruiting group and meeting place. While also being used as a
communications tool, IRC has been and is still being used for attacking systems through what can be referred to as cyber terrorism. The
most popular form of this is the botnet, a collection of computers that are connected together and used most often for malacious purposes. In
the early 2000' s, a large number of these bonets were run through IRC network. The infected computer will connect to an IRC network and
suit in a channel, waiting for the controller ofthe botnet to issue commands. The storm botnet which plagued the internet in 2007 had an
extremely large number ofcomputers under its command. These botnets serve many goals for their masters.
Some of the contents found in terrorists computers are: (i) hits on websites diat contains 'sabotage handbook" (i) handbooks containing
internet tools, planning a list, anti-surveillance methods, 'cracking' tools and (iii) Al-Qaeda
Indian Legal Provision
National Law relating to Cyber Terrorism
Section 66F(ii) of IT Act, 2000, which deals with the offence of Cyber terrorism provides that:
Whoever,—
(A)with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people
by—
(i) Denying or cause the denial of access to any person authorized to access computer resource; or
(i) Attempting to penetrate or access a computer resource without authorisation or exceeding authorised access; or
(iii) introducing or causing to introduce any computer contaminant;
and by means of such conduct causes or is likely to cause death or injuries to persons or damage to or destruction of property or disrupts or
knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or adversely affect the
critical information infrastructure specified under Section 70; or
(B)knowingly or intentionally penetrates or accesses a computer resource without authorisation or exceeding authorised access, and by
means of such conduct obtains access to information, data or computer database that is restricted for reasons of the security of the State or
foreign relations; or any restricted information data or computer database, with reasons to believe that such information, data or computer
database so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of
the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of coutt, defamation or
incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise, commits the offence of cyber
terrorism."
It means use of Cyber tools to shut down critical national infrastructure such as energy, transportation, and communication and coerce
governments into submission. Internet bomb threats, internet harassment and technology driven crimes such as focused virus strikes are the
next wave of crime that the world has to encounter in the days to come.
A strategic plan of a combat operation includes characterisation Of the enemy's goals operational techniques, resources, and agents. Prior to
taking combative actions on the legislative and operational front, one has to precisely define the enemy. That is, it is imperative to expand
the definition ofterrorism to include cyber terrorism.
Under the IT Act 2000, as amended by IT (Amcndmcnt) Act, 2008, Section 66-F(2) which provides that "Whoever commits or conspires to
commit cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for life" is applicable. Section 153 A of
IPC, 1860 and UAPA Section 15-20 is also applicable. The victim can file a complaint in the nearest police Station where the above crime
has been committed or where he comes to know about the said crime.

As per Section 77B of the IT Act, 2000 the above offence shall be cognizable and the offence punishable with imprisonment of three years
shall be bailable, while if Section 153 A of IPC is applicable along with other sections the said offence is cognizable, non-bailable, and non-
compoundable with permission of the court before which the prosecution of such offence is pending and triable by any magistrate of the first
clsss. And if offence is promoting enmity between classes in place of workshop, etc., it is cognizable, non-bailable and triable by magistrate
of the first class.
In India Computer Emergency Response Team (CERT) is the nodal Agency to detect cyber terrorist threats and for incident response.
In India, the Varanasi attack was perpetrated by hacking into unsecured wireless systems of persons. Cyber Espionage, data mining is also
on therise wherein a Cyber-criminal unauthorised accesses sensitive computer systems of the enemy and damages the information
stored on these systems and protected his own system from a similar attack by the enemy.
A cybercriminal may use spyware to access sensitive information without due permission from the rightful owner.
In an incident, CBI's website was reported to have been hacked by pakistan's cyber criminals. Cyber criminals often use keyloggers (spying
software) or stenography (means hidden/encrypted or camouflaged data) as few techniques to communicate messages/files over internet.
Mr. Aniket Sharma on the incitement of China using his hacking skills suppose logs in servers of power grid corporation of India Ltd. His
intention is to disrupt the power supply or to the destroy the grid. Alliteratively he logs into servers of the department of telecommunication
in a view to disrupt internet infrastructure of India or logs in server of ISRO to gain critical information on Indian Space Program. Aniket
commits the crime of Cyber terrorism.
In case of 26/11 Mumbai attack terrorists used Google Earth, Internet telephony, satellite phones and online data to execute the deadly terror
attack which can not be taken as cyber terrorism according to the definition.
The terrorists was attacked our Parliament on December 13, 2001 also used the stenography images for transmitting their mails in encrypt
for-m over internet.
12. Software Piracy
Thanks to the internet and torrents, you can find almost any movie, software or song from any origin for free. Internet piracy is an integral
part of our lives which knowingly or unknowingly we all contribute to. This way, the profits of the resource developers are being cut down.
It’s not just about using someone else’s intellectual property illegally but also passing it on to your friends further reducing the revenue they
deserve.
Software piracy is the unauthorised use and distribution of computer software without proper license. Software developers work hard to
develop these programs, and piracy curbs their ability to generate enough revenue to sustain application development. This affects the whole
global economy as funds are relayed from other sectors which results in less investment in marketing and research. For electronic media
unauthorised distribution and reproduction of a copyrighted work is often referred to as piracy
The following constitute software piracy:
 Loading unlicensed software on your PC
 Using single-licensed software on multiple computers
 Using a key generator to circumvent copy protection
 Distributing a licensed or unlicensed (“cracked”) version of software over the internet and offline
“Cloning” is another threat. It happens when someone copies the idea behind your software and writes his own code. Since ideas are not
copy protected across borders all the time, this isn’t strictly illegal. A software “crack” is an illegally obtained version of the software which
works its way around the encoded copy prevention. Users of pirated software may use a key generator to generate a “serial” number which
unlocks an evaluation version of the software, thus defeating the copy protection. Software cracking and using unauthorised keys are illegal
acts of copyright infringement.
Using pirated material comes with its own risks. The pirated software may contain Trojans, viruses, worms and other malware, since pirates
will often infect software with malicious code. Users of pirated software may be punished by the law for illegal use of copyrighted material.
Plus you won’t get the software support that is provided by the developers.
To protect your software from piracy if you’re a developer, you should apply strong safeguards. Some websites sell software with a “digital
fingerprint” that helps in tracing back the pirated copies to the source. Another common method is hardware locking. Using this, the
software license is locked to a specific computer hardware, such that it runs only on that computer. Unfortunately, hackers continue to find
their way around these measures.
Software Piracy Laws in India
In India under the copyright Act, 1957, a software pirate can be tried under both civil and criminal law. The minimum jail term for software
copyright infringement is seven days, and the maximum jail term is three years. Statutory times range from a minimum of 50,000 rupees to
maximum of rupees.

Under the Information Technology Act, 2000, as amended by ITAct, 2008, any accused who has committed computer related software
piracy crime, shall be liable to pay damage by way of compensation to the person so affected as per section 66 and also the affected person
can file a criminal complaint under Section 66-B ofCopyrightAct, 1957 and under Section 120 B, 420, 468 and 471 of1PC, 1860 in the
nearest Police Station where the above crime has been committed.
If crime is proved under ITAct, accused shall be punished for imprisonment which may extend to three years or with fine which may extend
to five lakh rupees or both and proved under IPC imprisonment for seven years and fine.
As per Section 77-B of IT Act, 2000 the above offence shall be cognizable and bailable while if Section 120B of IPC is applied along with
Section 420 the said offence is cognizable non-bailable and compoundable by the person cheated and triable by any magistrate Section 468
of IPC the said offence is cognizable, non-bailable and non-compoundable and triable by magistrate of first class. Section 471 ofIPC the said
offence is cognizable, bailable and non-compoundable and triable by magistrate of first class.
12. Power of police officer and other officers to enter, search, etc. 80.
(1) Notwithstanding anything contained in the Code of Criminal Procedure, 1973, any police officer, not below the rank of a Deputy
Superintendent of Police, or any other officer of the Central Government or a State Government 2 of 1974. authorised by the Central
Government in this behalf may enter any public place and search and arrest without warrant any person found therein who is reasonably
suspected or having committed or of committing or of being about to commit any offence under this Act.
Explanation.—For the purposes of this sub-section, the expression "public place" includes any public conveyance, any hotel, any shop or
any other place intended for use by, or accessible to the public.
(2) Where any person is arrested under sub-section (1) by an officer other than a police officer, such officer shall, without unnecessary
delay, take or send the person arrested before a magistrate having jurisdiction in the case or before the officer-in-charge of a police station.
(3) The provisions of the Code of Criminal Procedure, 1973 shall, subject to the provisions of this section, apply, so far as may be, in
relation to any entry, search or arrest, made under this section.

Digital Signature and Electronic Signature
Digital Signatures provide a viable solution for creating legally enforceable electronic records, closing the gap in going fully paperless by
completely eliminating the need to print documents for signing. Digital signatures enable the replacement of slow and expensive paper-
based approval processes with fast, low-cost, and fully digital ones. The purpose of a digital signature is the same as that of a handwritten
signature. Instead of using pen and paper, a digital signature uses digital keys (public-key cryptography). Like the pen and paper method, a
digital signature attaches the identity of the signer to the document and records a binding commitment to the document. However, unlike a
handwritten signature, it is considered impossible to forge a digital signature the way a written signature might be. In addition, the digital
signature assures that any changes made to the data that has been signed cannot go undetected. Digital signatures are easily transportable,
cannot be imitated by someone else and can be automatically time-stamped. A digital signature can be used with any kind of message,
whether it is encrypted or plain text. Thus Digital Signatures provide the following three features:-
 Authentication – Digital signatures are used to authenticate the source of messages. The ownership of a digital signature key
is bound to a specific user and thus a valid signature shows that the message was sent by that user.
 Integrity – In many scenarios, the sender and receiver of a message need assurance that the message has not been altered
during transmission. Digital Signatures provide this feature by using cryptographic message digest functions.
 Non Repudiation – Digital signatures ensure that the sender who has signed the information cannot at a later time deny having
signed it.
A handwritten signature scanned and digitally attached with a document does not qualify as a Digital Signature. An ink signature can be
easily replicated from one document to another by copying the image manually or electronically. Digital Signatures cryptographically bind
an electronic identity to an electronic document and the digital signature cannot be copied to another document. Digital Signature under the
IT Act, 2000 Digital signature means authentication of any electronic record by a subscriber by means of an electronic method or procedure
in accordance with the provisions of section 3.
Section 3 deals with the conditions subject to which an electronic record may be authenticated by means of affixing digital signature which
is created in two definite steps.
First, the electronic record is converted into a message digest by using a mathematical function known as ‘Hash function’ which digitally
freezes the electronic record thus ensuring the integrity of the content of the intended communication contained in the electronic record. Any
tampering with the contents of the electronic record will immediately invalidate the digital signature.
Secondly, the identity of the person affixing the digital signature is authenticated through the use of a private key which attaches itself to the
message digest and which can be verified by anybody who has the public key corresponding to such private key. This will enable anybody
to verify whether the electronic record is retained intact or has been tampered with since it was so fixed with the digital signature. It will also
enable a person who has a public key to identify the originator of the message.
‘Hash function’ means an algorithm mapping or translation of one sequence of bits into another, generally smaller, set known as “Hash
Result” such that an electronic record yields the same hash result every time the algorithm is executed with the same electronic record as its
input making it computationally infeasible to derive or reconstruct the original electronic record from the hash result produced by the
algorithm; that two electronic records can produce the same hash result using the algorithm.
Digital signatures are a means to ensure validity of electronic transactions however who guarantees about the authenticity that such
signatures are indeed valid or not false. In order that the keys be secure the parties must have a high degree of confidence in the public and
private keys issued. Digital Signature is not like our handwritten signature. It is a jumble of letters and digits. It looks something like this.
—–
BEGIN SIGNATURE—-
Uz5xHz7DxFwvBAh24zPAQCmOYhT47gvuvzO0YbDA5txg5bN1Ni3hgPgnRz8Fw xGU
oDnj7awl7BwSBeW4MSG7/3NS7oZyD/AWO1Uy2ydYD4UQt/w3d6D2Ilv3L8EOr5K8Gpe5Z
K5CLV+zBKwGY47n6Bpi9JCYXz5YwXj4JxTT+y8=gy5N —–
END SIGNATURE ——
Electronic Signature

Electronic signature has also been dealt with under Section 3A of the IT Act, 2000. A subscriber can authenticate any electronic record by
such electronic signature or electronic authentication technique which is considered reliable and may be specified in the Second Schedule.
Any electronic signature or electronic authenticat
ion technique will be considered reliable if-
1. the signature creation data or the authentication data are, within the context in which they are used, linked to the signatory or ,
as the case may be, the authenticator and of no other person;
2. the signature creation data or the authentication data were, at the time of signing, under the control of the signatory or, as the
case may be, the authenticator and of no other person;
3. any alteration to the electronic signature made after affixing such signature is detectable;
4. any alteration to the information made after its authentication by electronic signature is detectable; and 34 (e) it fulfills such
other conditions which may be prescribed. An electronic signature will be deemed to be a secure electronic signature if- (i) the signature
creation data, at the time of affixing signature, was under the exclusive control of signatory and no other person; and (ii) the signature
creation data was stored and affixed in such exclusive manner as may be prescribed. (Sec.15)
An Amendment to the IT Act in 2008 introduced the term electronic signatures. The implication of this Amendment is that it has helped to
broaden the scope of the IT Act to include new techniques as and when technology becomes available for signing electronic records apart
from Digital Signatures.
What is a Digital Signature?
A digital signature is an electronic form of signature that authenticates electronic documents by using data encryption. A digital signature is
created with cryptographic techniques that increase security and transparency in signing electronic documents. A digital signature does not
come in form of a picture or pdf document, it is a certificate that contains the identification information of a person like the name, email
address, residential address, issuing date of certificate, along with the details of certifying authority.
Section 2(1)(p) of the Information Technology Act, 2000 (or the IT Act) defines it as authentication of any electronic record by a subscriber
by means of an electronic method or procedure in accordance with the provisions of section 3 Before going into the provisions of section 3,
it is pertinent to explain a few basics of cryptography. Public key cryptography is the method recognized by the IT Act for the safeguarding
of computer documents. Public key cryptography is a form of cryptography, which generally allows users to communicate securely without
having prior access to a shared secret key. This is done by using a pair of cryptographic keys designated as public key and private key. A
public key is essentially like an email address, and a private key, like the email address password. The public key is sent to the receiver,
while the private key is not disclosed to anybody. They are related mathematically. What has been encrypted by the first key can only be
decrypted by the second - and vice versa. Hence, if A wants to send a secure email to B, A must encrypt it with B’s public key, so that when
B receives the encrypted email, he can decrypt it using his own private key.
Difference Between Digital Signature and Electronic Signature
Electronic signature and digital signature are often used interchangeably but the truth is that these two concepts are different. The main
difference between the two is that digital signature is mainly used to secure documents and is authorized by certification authorities while
electronic signature is often associated with a contract where the signer has got the intention to do so. More details about the difference
between the two are provided below.
Key features of Digital Signature
A digital signature is characterized by a unique feature that is in digital form like fingerprint that is embedded in a document. The signer is
required to have a digital certificate so that he or she can be linked to the document. Digital signature is often authorized by certification
authorities that are responsible for providing digital certificates that can be compared to licenses or passports. A digital certificate is used to
validate the document to ascertain its authenticity if it has not been forged. This plays a pivotal role in verifying the identity of the original
person with the signature.
The other key feature of a digital signature is that it is used to secure digital documents. There are some people who have a tendency of
tempering with digital documents obtained online but with a digital signature, this can be impossible. The document is secured and can only
be accessed by the authorized person for any alterations or amendments.
When a digital signature is applied to a certain document, the digital certificate is bound to the data being signed into one unique fingerprint.
These two components of the digital signature are unique and this makes it more viable than wet signatures since its origins can be
authenticated. This cryptographic operation helps to perform the following functions:
 Prove the authenticity of the document and its source

 Make sure that the document has not been tempered with
 Personal identity has been verified.
The other notable aspect about digital signature is that it is comprised of different types that are supported by mainly two document
processing platforms that are adobe and Microsoft.
Adobe Signature
Certified and approval are the two types of signatures supported by adobe
 A certified signature indicates the real author of the document and it displays a blue ribbon on top of it showing the name of
author and issuer of certificate for authentication.
 Approval signature on the other hand captures the approval made by the signer such as physical signature and other relevant
details.
Microsoft Word Signature
Two types of digital signature that supported by Microsoft include visible as well as non visible.
 Signature line is like a physical document where many people can sign.
 Invisible signatures on the other hand are used for providing document authentication. The main advantage of this type of
signature is that it cannot be tampered with and this is very important since it helps to secure the document so that it cannot be accessed by
unauthorized people.
Key Features of Electronic signature
An electronic signature is described as any electronic symbol, process or sound that is associated with a record or contract where there is
intention to sign the document by the party involved. The major feature of an electronic signature is thus the intention to sign the document
or the contract. The other notable aspect that makes an electronic signature different from a digital signature is that an electronic signature
can be verbal, a simple click of the box or any electronically signed authorization.
The main feature of an electronic signature is that it reveals the intent by the signer to sign the document. This is usually applicable to
contracts or other related agreements that are entered into by two parties. As noted, there are different types of electronic signatures and
these are legally binding once all parties have shown their commitment and intent to enter into a certain contract.
The other aspect about an electronic signature is that it helps to verify the document. If it has been signed, its authenticity can be verified
where the parties involved can be identified. However, an electronic document can be difficult to verify given that a digital certificate
similar to the one given for digital signature is not provided.
The other notable feature of an electronic signature is that it is used to execute an agreement. For instance, in a contract, two people usually
agree to fulfill certain duties and this agreement can only become legally binding when it has been signed by both parties. This is when an
electronic signature can be used. On top of that, it can be observed that electronic signatures are commonly used in contracts by virtue of the
fact that they are easy to use.
Table Showing Differences Between Digital Signature and Electronic Signature
Purpose
 The main purpose of a digital signature is to secure a document so that it is not tampered with by people without authorization
 An electronic signature is mainly used to verify a document. The source of the document and the authors are identified.
Regulation
 Digital signature is authorized and regulated by certification authorities. These are trusted third parties entrusted with the duty
to perform such task.
 Electronic signatures are not regulated and this is the reason why they are less favorable in different states since their
authenticity is questionable. They can be easily tampered with.
Security
 A digital signature is comprised of more security features that are meant to protect the document
 An electronic signature is less secure since it is not comprised of viable security features that can be used to secure it from
being tampered with by other people without permission.
Types of signatures

 Two common types of digital signatures are mainly based on document processing platforms namely Adobe PDF and
Microsoft
 An electronic signature can be in the following forms: scanned image, verbal or a tick can be used on an electronic document.
The main idea behind is to identify the person who has signed the document for contractual purposes
Verification
 A digital signature can be verified to see if the document has not been tempered with. A digital certificate can be used to track
the original author of the document.
 It may be difficult to verify the real owner of the signature since it is not certified. This compromises the authenticity as well
as integrity of the document.
Intention
 A digital signature is usually meant for securing a document so that it is not tampered with by unauthorized people. All the
same, it is legally binding and preferred since it is authentic by virtue of its traceability to the owner of the document.

 An electronic signature usually shows the intent to sign the document or contract. In most cases, when people want to enter
into a contract, they show their commitment by signing a document that will become legally binding between them.
What’s the difference between a digital signature and an electronic signature?
The table below shows a quick, at-a-glance view of some of the key differences between digital signatures and electronic signatures:
Digital Signature Electronic Signature
Digital signatures are like a lock on a document. If the
document changes after the signature is applied, it will
show up as an invalidated signature.
Electronic signatures are open to tampering.
Digital signatures are very secure. Hashes cannot be easily
undone and encryption using a digital certificate is highly
secure.
Electronic signature’s are not based on standards and tend to
use proprietary methods so are intrinsically less secure.
A digital signature is hard to deny. This is also known as
non-repudiation. A digital signature is associated with an
individual’s private key of a digital certificate. This
identifies them as being the signatory, as it is unique.
Electronic signatures are much harder to verify.
Digital signatures are nearly always time stamped. This is
very useful in a court of law to tie a person to a signature
at a specific day and time.
Electronic signatures can have a time and date associated with
the signature but it is held separate to the signature itself so is
open to abuse.
Digital signatures can hold logs of events, showing when
each signature was applied. In advanced digital signature
products like ApproveMe, this audit trail can even send
out alerts if the log is tampered with.
Audit logs are not easily applied to electronic signatures.
The digital certificates representing the individual
signatories give details of the person signing the
document, such as full name, email address and company
name – they are tied to the document signature through the
certificate.
If details of the person placing an electronic signature on a
device or document are required, they have to be placed
separately to the signature and are not held with the signature
itself, therefore are more open to abuse.
Used to secure a document Mainly used to verify a document
A digital signature is authorized and regulated by
certification authorities
Usually not authorized
Comprised of more security features Comprised of less security features
Common types of digital signature are based on Adobe
and Microsoft
Main types of electronic signature include verbal, electronic
ticks or scanned signatures.
A digital signature can be verified An electronic signature cannot be verified.
Preferred more than electronic signature due to high levels
of authenticity
Easy to use but less authentic
Particularly concerned about securing the documentShows intent to sign the contract

NOV
22
NATURE SCOPE IMPORTANCE OF THE INFORMATION TECHNOLOGY ACT
Written By
Shubham Pandey
B.A.LLB 3
rd
yr
New Law College, BVDU, Pune.
Introduction
Rapid advancements in Information Technology sector have revolutionised work and personal lives of people globally. Technology has
entered every sphere of life like banks, work place, social networking, stock markets, shopping etc. resulting in sharing of one’s personal
information with every bit of machine one comes across. With the availability of personal information on a single click, the data is
vulnerable to cyber-crime. In mid-90s liberalization of Indian economy resulted in manifold increase in e-transactions. Therefore, the need
to bring technology under legislation was felt. With this objective in view, Parliament of India, passed the Information Technology Act in
2000. This first cyber law addressed various issues with a view to discourage misuse of digital medium and punishment for various offenses
prescribed. Later on with more technological advancements, further amendments and notifications were issued to counter the menace of
growing cyber - crime.
Digital information, communications, computers (in the form of pc, notebook, mobile phones
etc.), software - the constituents of the information age - has entered in our life voluntarily or surreptitiously. Now, information technology
has become an invaluable manager, touching every sphere of life i.e. social linkages via e-mail, Facebook, sms; Finances - spreadsheets

online/internet banking, financial markets; Education - critical analysis, easy access to information via internet; Medical science and many
more. This exponential growth of IT sector has seen rise of issues concerning security and privacy of electronically transmitted and stored
information.
Unscrupulous people have successfully siphoned off funds by misuse of data. With extensive use of information available through computer
resources, India was not adequately equipped to deal with cyber security concerns till the year 2000. With a view to maintain reasonable
standard of security and privacy, a number of steps have been taken through various legislations. It was only in the year 2000 that an effort
was made to address concerns regarding digital medium when IT Act saw light of the day in the country. In this first cyber law of its kind,
various issues relating to edocuments were addressed so as to discourage misuse of digital medium and punishment for various offenses
prescribed. It is of paramount importance that such grave concerns regarding potential misuse of sensitive information are addressed
precisely so as to guarantee the integrity of systems and establish confidence for the reliability of the system. This guarantee of security and
privacy of information has proven to be a milestone in restoring the credibility of the customers.
Although an act such as IT Act is an evolving process but still a legal framework in the form of various laws/amendments/ is in place. The
aim of this paper is to analyse the IT Act in a broader perspective by listing its amendments and notifications issued by the government.
Nature of the Information Technology Act
Information technology is one of the important law relating to Indian cyber laws. In May 2000,
both the houses of the Indian Parliament passed the Information Technology Bill. The Bill received assent of the President in August 2000
and came to be known as the Information Technology Act, 2000. Cyber laws are contained in the IT Act, 2000.This act is helpful to promote
business with the help of internet. It contains set of rules and regulations which apply on any electronic business transaction. It is “An Act to
provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication,
commonly referred to as “electronic commerce” which involve the use of alternatives to paper-based methods of communication and storage
of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the
Indian Evidence Act, 1872,
the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto”.
IT Act, 2000 focuses on three main highlights:
a) Providing legal recognition to the transactions which are carried out through electronic means or use of Internet.
b) Empowering the government departments to accept filing, creating and retention of official documents in the digital format and
c) To amend outdated laws and provide ways to deal with cybercrimes.
Objectives of IT Act 2000: The following are the objectives of IT Act 2000
a) To give legal recognition to any transaction which is done by electronic way or use of internet?
b) To give legal recognition to digital signature for accepting any agreement via computer.
c) To provide facility of filling documents online relating to school admission or registration in employment exchange.
d) According to I.T. Act 2000, any company can store their data in electronic storage.
e) To stop computer crime and protect privacy of internet users.
f) To give more power to IPO, RBI and Indian Evidence act for restricting electronic crime.
g) To give legal recognition for keeping books of accounts by bankers and other companies in electronic form.
International development of Cyber Law
The first comprehensive international effort dealing with the criminal law problems of computer crime was initiated by the Organization for
Economic Co-operation and Development (OECD).
From 1983 to 1985, an ad hoc committee of OECD discussed the possibilities of an international
harmonization of criminal laws in order to fight computer-related economic crime. In September 1985, the committee recommended that
member countries consider the extent to which knowingly committed acts in the field of computer-related abuse should be criminalized and
covered by national penal legislation. In 1986, based on a comparative analysis of substantive law, OECD suggested that the following list
of acts could constitute a common denominator for the different approaches being taken by member countries:
(1) "The input, alteration, erasure and/or suppression of computer data and/or computer

programs made willfully with the intent to commit an illegal transfer of funds or of another thing of value;
(2) The input, alteration, erasure and/or suppression of computer data and/or computer programs made willfully with the intent to commit a
forgery;
(3) The input, alteration, erasure and/or suppression of computer data and/or computer
programs, or other interference with computer systems, made willfully with the intent to hinder the functioning of a computer and/or
telecommunication system;
(4) The infringement of the exclusive right of the owner of a protected computer program with the intent to exploit commercially the
program and put it on the market;
(5) The access to or the interception of a computer and/or telecommunication system made
knowingly and without the authorization of the person responsible for the system, either (i) by
infringement of security measures or (ii) for other dishonest or harmful intentions." From 1985 to 1989, the Select Committee of Experts on
Computer- Related Crime of the Council of Europe
discussed the legal problems of computer crime. The Select Committee and the European
Committee on Crime Problems prepared Recommendation No. R (89)9, which was adopted by the Council on 13 September 1989. The
United Nations Commission on International Trade Law
(UNCITRAL) formulated the UNCITRAL Model Law on Electronic Commerce in 1996. The Model Law is intended to facilitate the use of
modern means of communication and storage of information. It is based on the establishment of a functional equivalent in electronic media
for paper-based concepts such as "writing", "signature" and "original". The Convention on Cybercrime of the Council of Europe is currently
the only binding international instrument on the issue of cyber-crime.
The convention serves as a guideline for countries developing a comprehensive national legislation against cybercrime. It also serves as a
framework for international cooperation between State Parties to the treaty.
Scope of the Information Technology Act
Scope of IT Act: The act shall apply to
a) Processing of personal data or partly by automatic means, and
b) Other processing of personal data which form part of or are intended to form part of
personal data filing system.
This act shall not apply to the following:
a) Information technology Act 2000 is not applicable on the attestation for creating trust via
electronic way. Physical attestation is must.
b) Contract of sale of any immovable property.
c) Attestation for giving power of attorney of property is not possible via electronic record.
Importance of the Information Technology Act
From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain
many positive aspects.
a) Firstly, the implication of these provisions for the e-businesses is that email is now a valid
and legal form of communication in our country that can be duly produced and approved
in a court of law.
b) Companies are now able to carry out electronic commerce using the legal infrastructure
provided by the Act.
c) Digital signatures have been given legal validity and sanction in the Act.

d) The Act opens the doors for the entry of corporate companies in the business of being Certifying Authorities for issuing Digital Signature
Certificates.
e) The Act now allows Government to issue notification on the web thus
heralding e-governance.
f) The Act enables the companies to file any form, application or any other document with
any office, authority, body or agency owned or controlled by the appropriate
Government in electronic form by means of such electronic form as may be prescribed by
the appropriate Government.
g) The IT Act also addresses the important issues of security, which are critical to the
success of electronic transactions. The Act has given a legal definition to the concept of
secure digital signatures that would be required to be passed through a system of a
security procedure, as stipulated by the Government at a later date.
Under the IT Act, 2000, it is possible for corporate to have a statutory remedy in case if anyone breaks into their computer systems or
network and causes damages or copies data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 5
crores.
Amendments to the Information Technology Act
Exponential growth of technology gave new ways and means to cybercrimes. To counter this
growing cyber threats in 2008, the act was amended. Wide ranging crimes were incorporated in
this amendment of the act with the provision of financial penalties as well as punishment varying from a three-year jail term to life sentence.
This amendment came into force on 29th October, 2009. Broadly IT Act Amendment 2008 has covered following aspects:
1. Liability of Body Corporate towards sensitive personal data: Body corporate means any company and includes a firm, sole proprietorship
or other association of individuals engaged in commercial or professional activities. Any Body corporate dealing in sensitive personal data
or information in a computer resource and lacking in providing sufficient security and control practices to safeguard the data has been made
liable under Section 43A to pay damages to the affected party.
2. Identity Theft: Under section 63 C, Fraudulent/dishonest act by misuse of electronic signature, password or any other unique
identification feature of a person is punishable.
3. Spamming and Phishing: Explicitly no specific law exists against spamming and phishing but it appears that this aspect has been covered
under section 66A. It says that sending messages of offensive nature or criminally intimidating through communication service has become
punishable with imprisonment for a term which may extend upto three years or with fine.
4. Introduction of virus, manipulating accounts, denial of services etc made punishable: Section 66 has been amended to include offences
punishable as per section 43 which has also been amended to include offences as listed above; punishment may lead to imprisonment which
may extend to three years or with fine which may extend to five lakh rupees or with both.
5. Cheating and Stealing of computer resource or communication device: Punishment for stealing or retaining of any stolen computer
resource or communication device has been covered under section 66B. Section 66D makes “cheat by personation” by means of any
“communication device or 'computer resource' an offence.
‟
6. Cyber Terrorism: intent to threaten the unity, integrity, security or sovereignty of India
contributes to cyber terrorism. Section 66D deals with punishment for acts like denial of services, unauthorized access etc related to cyber
terrorism.
7. Child pornography: Section 67B lays Punishment for publishing, transmitting, browsing of
material depicting children in sexually explicit act, etc. in electronic form.
8. Intermediary’s liability: Intermediary means any person who on another person’s behalf
receives stores or transmits the message or provides any service with respect to that message.
Sections 67C states that intermediaries should preserve and retain information in the format and for the period given by Central
Government.

9. Surveillance, Interception and Monitoring: Section 69 empowers the government to issue directions for interception or monitoring or
decryption of any information through any computer resource.
10. Cognizance of cases and investigation of offences: All cases which entail punishment of three years or more have been made cognizable.
In Act 2000, section 78 defines that investigation of offences is to be done only by Deputy Superintendent of police. In its
amendment, Inspectors have been included as investigating officers which is more feasible.
11. Security procedures and Practices: Section 16 empowers Central Government to prescribe security procedure in respect of secure
electronic records and secure digital signatures.