1 / 37

Information Technology Act 2000 v/s 2008

Information Technology Act 2000 v/s 2008. Rohas Nagpal Asian School of Cyber Laws. Background. Information Technology Act, 2000 came into force in October 2000 Amended on 27 th October 2009 Indian Penal Code Evidence Act. Voyeurism . Voyeurism is now specifically covered.

farren
Download Presentation

Information Technology Act 2000 v/s 2008

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Technology Act2000 v/s 2008 Rohas Nagpal Asian School of Cyber Laws

  2. Background Information Technology Act, 2000 came into force in October 2000 Amended on 27th October 2009 Indian Penal Code Evidence Act

  3. Voyeurism Voyeurism is now specifically covered. Acts like hiding cameras in changing rooms, hotel rooms etc is punishable with jail upto 3 years. This would apply to cases like the infamous Pune spycam incident where a 58-year old man was arrested for installing spy cameras in his house to ‘snoop’ on his young lady tenants.

  4. Cyber Porn Publishing sexually explicit acts in the electronic form is punishable with jail upto 3 years. This would apply to cases like the Delhi MMS scandal where a video of a young couple having sex was spread through cell phones around the country.

  5. Child Porn Collecting, browsing, downloading etc of child pornography is punishable with jail upto 5 years for the first conviction. For a subsequent conviction, the jail term can extend to 7 years. A fine of upto Rs 10 lakh can also be levied.

  6. Obscene sms / emails The punishment for spreading obscene material by email, websites, sms has been reduced from 5 years jail to 3 years jail. This covers acts like sending ‘dirty’ jokes and pictures by email or sms. Bangalore student sms case

  7. Compensation claims • Compensation is not restricted to Rs 1 crore anymore on cyber crimes like: • accessing or securing access to a computer • downloading, copying or extracting data • computer contaminant or virus • damaging computer • disrupting computer

  8. Compensation claims • Compensation is not restricted to Rs 1 crore anymore on cyber crimes like: • providing assistance to facilitate illegal access • computer fraud • destroying, deleting or altering or diminishing value or utility or affecting injuriously • stealing, concealing, destroying or altering computer source code

  9. Compensation claims The Adjudicating Officers will have jurisdiction for cases where the claim is upto Rs. 5 crore. Above that the case will need to be filed before the civil courts.

  10. Liability of call centers, BPOs etc A special liability has been imposed on call centers, BPOs, banks and others who hold or handle sensitive personal data. If they are negligent in “implementing and maintaining reasonable security practices and procedures”, they will be liable to pay compensation.

  11. Liability of call centers, BPOs etc It may be recalled that India’s first major BPO related scam was the multi crore MphasiS-Citibank funds siphoning case in 2005. Under the new law, in such cases, the BPOs and call centers could also be made liable if they have not implemented proper security measures.

  12. Other changes Refusing to hand over passwords to an authorized official could land a person in prison for upto 7 years. The offence of cyber terrorism has been specially included in the law. A cyber terrorist can be punished with life imprisonment.

  13. Other changes Sending threatening emails and sms are punishable with jail upto 3 years. Hacking into a Government computer or website, or even trying to do so in punishable with imprisonment upto 10 years.

  14. Other changes Cyber crime cases can now be investigated by Inspector rank police officers. Earlier such offences could not be investigated by an officer below the rank of a deputy superintendent of police.

  15. Electronic v/s Digital Signatures The Information Technology Act, 2000 took a "technology dependent" approach to the issue of electronic authentication. This was done by specifying digital signatures as the means of authentication.

  16. Electronic v/s Digital Signatures The defect in this approach is that the law is bound by a specific technology, which in due course of time may be proven weak. The advantage of using a technology neutral approach is that if one technology is proven weak, others can be used without any legal complexities arising out of the issue.

  17. Electronic v/s Digital Signatures An example of this is the MD5 hash algorithm that at one time was considered suitable. MD5 was prescribed as suitable by Rule 6 of the Information Technology (Certifying Authorities) Rules, 2000 .

  18. Electronic v/s Digital Signatures MD5 was subsequently proven weak by mathematicians. In fact, Asian School of Cyber Laws had filed a public interest litigation in the Bombay High Court on the same issue.

  19. Electronic v/s Digital Signatures Subsequently, the Information Technology (Certifying Authorities) Amendment Rules, 2009 amended the Rule 6 mentioned above. MD5 was replaced by SHA-2.

  20. Electronic v/s Digital Signatures The Information Technology (Amendment) Act, 2008 amends the technology dependent approach. It introduces the concept of electronic signaturesin addition to digital signatures.

  21. Electronic v/s Digital Signatures Digital signatures are one type of technology coming under the wider term “electronic signatures”.

  22. Types of electronic signatures 1. based on the knowledge of the user or the recipient e.g. passwords, personal identification numbers (PINs) 2. those based on the physical features of the user (e.g. biometrics) 3. those based on the possession of an object by the user (e.g. codes or other information stored on a magnetic card).

  23. Technologies in use Digital signatures within a public key infrastructure (PKI) biometric devices

  24. Technologies in use PINs user-defined or assigned passwords, scanned handwritten signatures, signature by means of a digital pen, clickable “OK” or “I accept” boxes.

  25. Technologies in use Hybrid solution like combined use of passwords and secure sockets layer (SSL) It is a technology using a mix of public and symmetric key encryptions.

  26. Identity theft Fraudulently or dishonestly using someone else’s electronic signature, password or any other unique identification feature 3 years jail and fine upto Rs 1 lakh. New provision

  27. Source code theft Section 65 Conceal / destroy / alter source code 3 years jail and / or fine upto Rs 2 lakh Unchanged provision

  28. Computer related offences Section 66 3 years jail and / or fine upto 5 lakh New provision Replaces ‘hacking’

  29. Computer related offences • dishonestly or fraudulently: • accessing or securing access to a computer • downloading, copying or extracting data • computer contaminant or virus • damaging computer • disrupting computer • denial of access

  30. Computer related offences • dishonestly or fraudulently: • providing assistance to facilitate illegal access • computer fraud • destroying, deleting or altering or diminishing value or utility or affecting injuriously • stealing, concealing, destroying or altering computer source code

  31. Sending offensive messages Section 66A 3 years jail and fine New provision

  32. Sending offensive messages • Covers following sent by sms / email: • grossly offensive • menacing • false information sent for causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will • phishing, email spoofing

  33. Spoofing Email spoofing SMS spoofing Phishing

  34. Questions? Asian School of Cyber Laws

More Related