* Karnika Seth , Managing partner , Seth Associates & Mr. H.M Mukherjee, Associate ,Seth Associates

The era of Information technology has brought new methods and modes of commission of crime. Each time a crime is committed whether in physical form or in cyber space, the success of prosecution largely depends on the quality of evidence presented at the trial . With the sophistication in Information technology
the weapons of commission of crime are changing thereby posing a serious challenge before the investigation agencies to collect and preserve the evidence. A conviction or acquittal largely depends on the quality of evidence produced by the prosecution.

The advent information technology has brought into existence a new kind of document called the electronic record. This intangible document is of new species has certain uniqueness as compared to conventional
form of documents. This document can preserved in same quality and state for a long period of time through encryption processes reducing the chance of tampering of evidence. This document can be in various forms like a simple e-mail or short message or multimedia message or other electronic forms.

The Indian Evidence Act, 1872 and Information Technology Act, 2000 grants legal recognition to electronic records and evidence submitted in form of electronic records. According to section 2(t) of the Information Technology Act, 2000 “electronic record” means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche. The Act recognizes electronic record in a wide sense thereby including electronic data in any form such as videos or voice messages. The Information technology has made it easy to communicate and transmit data in various forms from a simple personal computer or a mobile phone or other kinds of devices. The Information Technology Amendment Act, 2008 has recognized various forms of communication devices and defines a “communicationdevice” under section 2 (ha)of the Act “communication device” means cell phones, personal digital assistance or combination of both or any other device used to communicate, send or transmit any text, video, audio or image. The Indian IT Act 2000 lays down a blanket permission for records not to be denied legal effect if they are in electronic form as long as they are accessible for future reference.

The Act amends the definition of ‘Evidence’in s 3, the interpretation clause of the Indian Evidence Act 1872, to state:

‘Evidence’ means and includes

1)
……

2)
All documents including electronic records produced for the inspection of the Court

Further, in s 4, the IT Act 2000 provides:

Section 4.
Legal Recognition of electronic records.—Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is-

a) rendered made available in an electronic form; and

b) accessible so as to be usable for a subsequent reference.

The evidentiary value of an electronic record totally depends upon its quality. The Indian Evidence Act, 1872 has widely dealt with the evidentiary value of the electronic records. According to section 3 of the Act, “evidence” means and includes all documents including electronic records produced for the inspection of the court and such documents are called documentary evidence. Thus the section clarifies that documentary evidence can be in the form of electronic record and stands at par with conventional form of documents.

The evidentiary value of electronic records is widely discussed under section 65A and 65B of the Evidence Act, 1872. The sections provide that if the four conditions listed are satisfied any information contained in an electronic record which is printed on paper, stored, recorded or copied in an optical or magnetic media, produced by a computer is deemed to be a document and becomes admissible in proceedings without further proof or production of the original, as evidence of any contacts of the original or any facts stated therein, which direct evidence would be admissible.

The four conditions referred to above are:

(1) The computer output containing such information should have been produced by the computer during the period when the computer was used regularly to store or process information for the purpose of any activities regularly carried on during that period by the person having lawful control over the use of the computer.

(2) During such period, information of the kind contained in the electronic record was regularly fed into the computer in the ordinary course of such activities.

(3) Throughout the material part of such period, the computer must have been operating properly. In case the computer was not properly operating during such period, it must be shown that this did not affect the electronic record or the accuracy of the contents.

(4) The information contained in the electronic record should be such as reproduces or is derived from such information fed into the computer in the ordinary course of such activities.

It is further provided that where in any proceedings, evidence of an electronic record is to be given , a certificate containing the particulars prescribed by 65B of the Act, and signed by a person occupying a responsible official position in relation to the operation of the relevant device or the management of the relevant activities would be sufficient evidence of the matters stated in the certificate.

The apex court in State v Navjot Sandhu [1] while examining the provisions of newly added s 65B, held that in a given case, it may be that the certificate containing the details in sub- s 4 of s 65B is not filed, but that does not mean that secondary evidence cannot be given. It was held by the court that the law permits such evidence to be given in the circumstances mentioned in the relevant provisions, namely, ss 63 and 65 of the Indian Evidence Act 1872. Paragraph 150 of the judgment which is apposite, reads as under:

150. According to Section 63, secondary evidence means and includes, among other things, “copies made from
the original by mechanical processes which in themselves insure the accuracy of the copy, and copies compared with such copies.

Section 65 enables secondary evidence of the contents of a document to be adduced if the original
is of such a nature as not to be easily movable. Hence, printouts taken from the computers/servers by mechanical process and certified by a responsible official of the service-providing company can be led in evidence through a witness who can identify the signatures of the certifying officer or otherwise speak of the facts based on his personal knowledge. Irrespective of the compliance with the requirements of s 65-B, which is a provision dealing with admissibility of electronic records, there is no bar to adducing secondary evidence under the other provisions of the Indian Evidence Act 1872, namely, ss 63 and 65.

It is pertinent to note herein a recent development, that as per the IT Amendment Bill 2008 (passed by both houses of Indian Parliament and yet to be enforced), s 79A empowers the Central Government to appoint any department, body or agency as examiner of electronic evidence for providing expert opinion on electronic form evidence before any court or authority. ‘Electronic form of evidence’ herein means any information of probative value that is either stored or transmitted in electronic form and includes computer evidence, digital, audio, digital video, cellphones, digital fax machines.

Further as per Section 85 B of the Indian Evidence Act, there is a presumption as to authenticity of electronic records in case of secure electronic records ( i.e records digitally signed as per Section 14 of the IT Act,2000. Other electronic records can be proved by adducing evidence and presumption will not operate in case of documents which do not fall under the definition of secure electronic records. It is pertinent to
point out herein that with the passage of the Information Technology Amendment Act 2008, India would become technologically neutral due to adoption of electronic signatures as a legally valid mode of executing signatures. This includes digital signatures as one of the modes of signatures and is far broader in ambit covering biometrics and other new forms of creating electronic signatures.

The position of electronic documents in the form of SMS, MMS and E-mail in India is well demonstrated under the law and the interpretation provided in various cases. In State of Delhi v. Mohd. Afzal & Others[2], it was held that electronic records are admissible as evidence. If someone challenges the accuracy of a computer evidence or electronic record on the grounds of misuse of system or operating failure or interpolation, then the person challenging it must prove the same beyond reasonable doubt. The court observed that mere theoretical and general apprehensions cannot make clear evidence defective and in admissible. This case has well demonstrated the admissibility of electronic evidence in various forms in Indian courts.

The basic principles of equivalence and legal validity of both electronic signatures and hand written signatures and of equivalence between paper document and electronic document has gained universal acceptance. Despite technical measures, there is still probability of electronic records being tampered with and complex scientific methods are being devised to determine the probability of such tampering. For admissibility of electronic records, specific criteria have been made in the Indian Evidence Act to satisfy the prime condition of authenticity or reliability which may be strengthened by means of new techniques of security being introduced by advancing technologies.

[1] (2005) 11 SCC 600.

[2]2003 (3) JCC 1669.

Can you sue a search engine? That’s the question on everyone’s mind ever since Delhi-based  business bigwig and filmmaker Arindam Chaudhuri filed a lawsuit of Rs 50 crore against Google and three other publications. According to Chaudhuri, Google has been “publishing, distributing… the defamat

ory libelous and slanderous articles.” It’s not just him, in May, UK footballer Ryan Giggs sued Twitter to stop reports of his alleged affair from appearing in public.

The incident has sparked off an online debate, with some calling the move “ignorant” or “downright silly”. Even cyber lawyers are not clear where the accountability of a search engine lies. “A search engine is not entirely to be blamed and it is difficult for them to monitor their content because of their huge date base,” says Karnika Seth, Delhi-based cyber law expert. “You can technically sue the website, but it’s very silly to do so, because it’s just a content aggregator and not the publisher,” says Rodney Ryder, cyber crime lawyer.

The debate continues in Bollywood among actors who often encounter malicious gossip, morphed pictures and videos of themselves on the search engine. Actor Gul Panag points out that a search engine cannot be held accountable for the content out there. “A search engine is an information open source. It shows up what exists. It doesn’t create offensive or flattering material. It only collates it,” she says.

Some actors demand accountability from the website. “If I type my name, there are all sort of search names and tags that come up. Google should probably become like imdb and verify all our details through us,” says actor Koena Mitra. Actor Eesha Koppikhar says, “Google should have a censor mechanism that scrutinises content before it is put up.”

However, Google maintains that they cannot be held responsible. “Search engines are a reflection of the content and information that is available on the Internet. We are disappointed that search engines that use computer algorithms to create automated indexes of the world wide web are sought to be held liable for content that is indexed as search results,” says a Google spokesperson.

Article source: http://www.hindustantimes.com/Shooting-the-messenger-eh/Article1-712852.aspx

CNN IBN Feb 19,2009

sNew Delhi: Interestingly or ironically, it was user protest groups that sprung up on facebook and the treat of litigation that forced the networking site to retract. Here is a warp of the controversy that was.

On Sunday, the day after Valentines, Facebook claims it owns everything on our profiles. Three days later, it backtracks and issues a clarification. But can it be trusted?

Meet Kiruba Shankar. An avid tech blogger, he’s addicted to sites like Facebook, Orkut and YouTube. Yet, unlike you and me, he never uploads anything personal or proprietary. Doing that, he says, means washing his hands of ownership.

Kiruba Shankar, Tech Blogger says, “They don’t say that blatantly. But most sites claim ownership on content on their servers.

To verify Kiruba’s claims, I took a closer look at the terms and conditions on three different sites. Most of us accept them without a second thought. But today, I got a lawyer to explain them to me.

Cyber Lawyer Karnika Seth says, “Among other things, lets them use stuff for advertising.”

Which means, if this happens tomorrow, I’ll have only myself to blame. Deleting my stuff won’t help either. Experts like Kiruba say, most sites store a copy of our profiles, just for safety.

Kiruba says, “They do it for renewal.”

Actually, once your info is on the net, it’s very hard to take it off. There’s no sure fire way to prevent people from downloading or saving your data. And using it many years later.

Criminals had better watch out as investigative agencies use social networking to track them down

Saira Kurup | TNN

Mafia dons must be looking for a tech-upgrade after one of their brethren in Italy was foolish enough to get arrested this week,thanks to his love of social networking.Pasquale Manfredi,a feared mafia boss,used an internet key to log on to Facebook,helping police zero in on his location.
This is becoming a familiar story.In October,US federal agents managed to catch up with Maxi Sopo,a fugitive wanted for bank fraud,who had been sunning himself on Mexicos beaches.Sopo made a crucial error.He posted details of all the fun he was having on Facebook,little realizing the agents were watching.They tracked him down,thanks to information on Sopos Facebook friends list and some legwork by the Mexican authorities.
These are just two of a growing number of instances of law enforcement agencies entering popular social networking sites such as MySpace,LinkedIn,Facebook and Twitter.Investigators are even going undercover to communicate online with suspects.Whether it is keeping watch on the movements of pedophiles and drug lords,or the tax authorities estimating an artistes hidden income from his tweets about performances,social networking is helping to fight crime.
Indian police have noticed.Police cracked the case of IIT-Delhi student Pragati Tibberwals murder in a Shimla hotel room last month using information from the Facebook account of IIT-Roorkee suspect Gaurav Verma.The account linked Verma to the murdered girl.
Shimla SP R M Sharma says,We got the girls laptop,which had many photos.We asked the IIT-Roorkee registrar (an answersheet from that institute was found in the hotel room) to send a photo and samples of Vermas handwriting via email to crosscheck with his signature in the hotels reception book. Meanwhile,police looked through Facebook to identify the right Gaurav Verma,and then found the girl name on his friends list.
This has become fairly standard procedure in the West.Investigative agencies increasingly log on surreptitiously to exchange messages with suspects,identify the targets friends or browse postings and videos.They follow tweets and photos that indicate suspicious behaviour,such as people posing with guns.
Cyber forensic expert Santosh Raut recounts a case in Punjab that had a boy creating a fake Orkut profile of a female friend and posting her photograph and contact number online.After the girl started receiving calls,she filed a police complaint.The police set up a fake Orkut profile,made contact with the boy and got his location.Hes now in jail.
Cyber lawyer Karnika Seth says,Clues can be drawn from blogs and chatrooms.Incidents mentioned there can be tracked so that a chain of events can be analyzed and linked to suspects.If its a cognizable offence,the evidence can be presented in court.
So is India in tune with the immense potential of cyber investigation The technology is available but law enforcement agencies have less expertise than they should.Raut says,There are no specially appointed cyber experts in the police.They have only existing experts in,say,ballistics and physics,who receive some training in cyber security.
He says that Indian lawyers and judges are not sufficiently aware of the potential of cyber crime-fighting.Seth,who trained Delhi Police officers on cyber security,agrees.Not many police officials understand basic concepts like email. She believes that some interdisciplinary skills are required,such as a forensic science background,for a policeman to be an expert.
But Sharma says,We have regular training and workshops (on cyber investigation).Its part of the curriculum at the police training college.We are already tracking and recovering stolen mobiles online. In other words,no one should be surprised to see the local constable busy tweeting in the thana.

How to catch a criminal

In the US,people have been posting surveillance videos of burglaries on YouTube,leading to some arrests In Mexico,where gun battles can erupt on the streets without warning,people are turning to Twitter to find out safe areas British policeman Ed Rogerson regularly tweets with weather warnings and missing cats Facebook and Twitter are being used in the UK to trace missing persons by involving their online friends in the search

MUMBAI: The recent spate of incidents pointing to misuse of Internet by terrorists has exposed users’ vulnerability to frauds like hacking and identity thefts, underlining the need for constant vigilance. Apart from routine emailing and surfing, an increasing number of users in urban India are turning to the Internet for settling their utility bills and transferring funds, which means that even a minor lapse could result in their funds being siphoned off.

You needn’t be an IT wizard to circumvent such frauds — just using your common sense would suffice. “Most online frauds have their genesis in the offline world. How responsibly you handle your online payment tools has an impact on security,” points out MN Srinivasu, director, BillDesk.

For instance, basic measures like making sure that you log out of your net banking account once your transaction is done — particularly if you are accessing it from a computer at a public place — will leave little scope for unauthorised access to your personal information. In addition, you can adopt the following measures to eliminate chances of misuse.

Use Secure Portals

If you do not take care to ensure that the site you are visiting for making an online payment is technically secure, your passwords and credit card details can be compromised and a duplicate credit card bearing the same data as yours can be generated. A typing error while entering the website address may lead you to a fraudulent website specifically created to capitalise on such errors — which is why you need to make sure the website address is correct before you initiate a transaction.

“While making payments online, using secure portals with a trust e-seal and tested payment gateways such as Paypal and CCavenue can keep tricksters at bay,” suggests Karnika Seth, partner at law firm Seth Associates.

Exercise Caution

“While making purchases online, you need to ensure that you are doing business with a reputable Internet merchant, and study the website’s privacy policy carefully. A reputable website often has a clearly stated privacy policy at an accessible place. Your computer browser can tell you if the place where you are about to send the information is secure. If you cannot determine this, do not put your payment card information over the Internet,” advises Barry Wong, senior business leader and regional head, security and risk services, Asia/Pacific, MasterCard Worldwide.

You would also do well to seek all information about the offer, including contact details of the Internet merchant.

Keeping a record of your online shopping, by taking a printout of the transaction details, is important. Also, while using the net banking facility, if the online shopping portal prompts you for username and password, steer clear of it. You should trust only those portals that redirect you to your bank’s website for such purposes.

Social networking sites like Facebook and Twitter have enabled people to not just reconnect with friends and family, but have provided a platform for sharing information and staying in touch. You upload pictures, share information, tell the world where you are and what you’re doing. Fact: once you put anything online, it is shared around the world in seconds and stays there for decades. Here is the bad news – even if you delete what you wrote, chances are, it is sitting pretty on one of the servers halfway across the world. So much for privacy.

It would be rhetorical to ask if you’ve seen The Social Network.

For the uninitiated, this movie chronicles the creation of Facebook, arguably one of the most popular websites the World Wide Web has to offer. What led to 500 million smiling faces was a shaky, unstable start. Instead, what the movie doesn’t really show is how the dark side wasn’t only internal to Facebook, as it added fuel to the already simmering darkness of social networking. Not questioning the potential or power of social networking, one cannot deny the influence it has on our daily lives. Be it constructive or perverse. Here is an insight into how the multiple ways the dark forces of social networking often unleash themselves on to unsuspecting users.

Trolling

Trolls are people who post rude, offensive and abusive messages on social networking sites. They disrupt online conversations by hurling abuse and posting rude and offensive comments. Anyone who has been on social platforms long enough would have had an interaction with trolls. The more popular you are, the higher the chances of your getting trolled.

A few months back, director Karan Johar, vented on Twitter. “While most tweets are objective, frank and warm… the ones that are constantly making tactless statements about my personal life are upsetting.” Johar isn’t the only one.

Sample this:

@chetan_bhagat kaisa hai bandarr??

@MallikaLA hey…i’m just like u…i love to kiss boys and love to be nude…

@Abhishek Bachchan And that was the last 100 bucks I spent on any movie starring this joker. Period

Attempt to put a face to this troll and one finds that they are normal people who let their dark side out once they get online. The availability of a medium, freedom of speech and a sequestered dark side is the perfect combination for a troll to thrive. Not just limited to non-celebs, Shobhaa De recently got trolled by Arbaaz Khan after she wrote that his movie Dabangg should be banned. Arbaaz tweeted: ‘Buddhi badnaam hui darling mere liye hahahahahaha’

Foot in the mouth

A seemingly innocent tweet or a status update can do you more harm than you can possibly imagine. Popular news pieces tell us about people getting fired, arrested or even divorced. More often than not, we don’t think twice before posting a status update on any social network; truly unaware that users outside our friend circle are looking forward to such gaffes. Others, looking to do a quick background check- like a prospective matrimonial alliance, new employers or even a new acquaintance can be dealt quite a blow if an unintentional tweet or status update shows up on their feed.

There is a long list of people losing their jobs thanks to irresponsible posts on Twitter and Facebook. It is generally not such a good idea to bad mouth your boss or company on public profiles, or to post holiday photos on Facebook while you are on a sick leave. Abhijit Acharya (@abijit_tabs) once went to give an interview and tweeted about the company. The interviewers did not take it well and he obviously did not get the job. A waiter in the US lost his job recently after he tweeted about an actress, a star from the American series Hung not leaving him a tip. In July, Infosys announced the rollout of a social networking policy for its employees. This policy enlists dos and don’ts while interacting on social networking sites. It empowers the company to take legal action against employees who leak sensitive company information through their social networking profiles.

Social networking websites are a goldmine for lawyers. According to a survey, 20 per cent of the divorces in US today involve Facebook. The American Academy of Matrimonial Lawyers has stated that more than 80 per cent of members have utilised or come into contact with evidence found on social networking sites in the last five years. Amendments to India’s IT Act, notified last October, make status messages and tweets admissible as electronic evidence in court. According to Karnika Seth, cyber lawyer: “There are couples who are filing for divorce for reasons which could not have been proved before, but with tweets and status message updating several times a day, it works as additional evidence, often making adultery easy to prove.” Relationships are not just ruined because of Facebook but even on Facebook. A change in relationship status is all it takes to communicate to your lover that it is over.

Privacy

Life has never been easier for stalkers and thieves if they want to track your routine. They can simply do that by keeping track of your timeline. An innocent tweet like, “Chilling at big chill with friends” can let a stalker know your exact whereabouts. Or “we are on vacation” can invite burglars.

India has also caught up to the popular social networking site called Foursquare that allows registered users to connect with friends and update their location. A direct invite to the criminals, isn’t it? People can even mark their location on tweets now using Google maps that can be very dangerous.

Consider this: If a criminal can easily find out where you are, what stores you frequent, what your daily habits are, who your friends are, and even what your personal food, entertainment, and beverage references are, you can be targeted with a level of ease never before possible.

Identity Crisis

Fake profiles are an increasing menace on sites like Twitter and Facebook. Fake accounts of celebrities, personalities and politicians are created on Facebook and Twitter to get lots of audience and then to spam them or post malicious content. Twitter now verifies accounts of popular and publicly known users, but has just a ‘report spam’ button for regular users.

Anyone can create a fake account and start talking to people. How do you tell the fake from the real? Recently, Bollywood director and scriptwriter Anurag Kashyap was very upset. There were fake accounts of him on Twitter, as well as on Facebook. An imposter opened accounts with his name and also opened an account with the name of his next movie That Girl In Yellow Boots. The imposter was continuously interacting with many of Anurag’s acquaintances using these fake accounts. Ronald K Noble, secretary general Interpol, recently revealed that two fake accounts were created in his name on Facebook and were used to find the details of highly dangerous criminals. Last year someone was managing a false account on Facebook impersonating Amartya Sen, the Indian Nobel Laureate. He was dishing out advice and participating in discussions.

Even after repeated objections by Amartya Sen himself, Facebook refused to remove the page. Using a pseudo-identity, you can now take pot-shots with malice towards one and all. The intentions might not always be malicious though. Parody accounts on social networking sites are not uncommon today. People make these accounts for fun. A parody account of stock broker Rakesh Jhunjhunwala has more than 13,000 followers. The parody account of Apple’s CEO, Steve Jobs has 2.5 lakh followers. There is also a fake Bal Thackerey with 1,500 followers

Profile marketing

Your tweet that you need a new car or a house is a direct invitation to marketers. They can just search for keywords like ‘car’ and then tweet /call you back trying to sell their product. Try typing that you are not happy with a particular telephone operator and you will soon be stalked by the competition. You might be sick of the marketing calls but they don’t spare you on the Internet either. A service called Twithawk is a real time target marketing engine that will find people talking on Twitter, now by your chosen topic and location, allowing you to really hit your target, even mid-conversation, with ease. Gursimran Khamba (@gkhamba) tweeted a joke about calling Just Dial, the online directory to say he is looking for a shera, the CWG mascot’s costume. Just Dial immediately tweeted him back providing the numbers of shera costume traders.

According to Ankita Gaba, a marketing professional: “Companies are now increasingly using Twitter for marketing and customer care.” She has to actually tell her clients to do it subtly because users don’t want Twitter to be used for this. American company Rapleaf helps banks scan your social network and identify contacts connected with you that also do business with the financial institution. Based on the financial stability and credit history of your social network connections, the bank can make an assumption about what sort of credit risk you might be. Maybe it is time to do some thinking; maybe it is time to list the pros and cons of social networking.

Think about it, weren’t our lives a lot simpler before this revolution? If you really can’t live without it maybe just exercise a modicum of discretion and common sense regarding what you post online. Either way, its probably time you reworked your social networking privacy settings.

(This story first came in The New Indian Express)

Cyber WarfareBorderless, and Lethal

Warfare is no longer restricted to the conventional physical form, its breaking all barriers to adorn a new avatar

Shilpa Shanbhag

Monday, January 17, 2011

The recent hacking of the Central Bureau of Investigation’s (CBI) website by a group called ‘Pakistani Cyber Army’ has raised a volley of questions. Has the war metamorphosed from a physical existence to an IT feature? Who are the actual victims of this warfare? How safe are our websites? Is this just the beginning? In reply, the Defence Research and Development Organization (DRDO) said that it would be developing both software and hardware to put defence networks out of the reach of hackers.

The cyber attack on the CBI website was, apparently, retaliation by a group called the Pakistani Cyber Army. The group also warned that mass defacement of Indian websites would continue if Indian hackers kept on their attacks on Pakistani websites. Before the attack on the CBI website, there was a hack attack carried out on 35 Pakistani government websites. Prominent among these include those run by the Pakistan Navy, the National Accountability Bureau, and the ministries of foreign affairs, education and finance. All of the affected websites reportedly ran on the same server. A crew called the Indian Cyber Army carried out the mass attack, which it claimed was a cyber-protest about the Mumbai terrorist attacks of November 2008.

Need for a Chakravuyh

If the systems and networks have gaping holes and vulnerabilities then anyone can attack. So, first and foremost, it is very essential that we have adequate defences raised against such vulnerabilities. This means that calculative efforts need to be taken to scrutinize the security of websites and ensure that more efforts are take to secure the websites and server. It is very difficult to halt these types of attacks other than providing effective defence mechanisms as they are borderless attacks.

It is clear that a cyber war is afoot. And with the passing of each day the warfare is assuming new proportions. The reason for this could be the fact that today organizations as small as that of your next door panwalla to a huge multinational organization, are craving for their own unique identity on the Internet. This has resulted in a huge number of new websites being registered on the Internet everyday. In such a scenario the development of the websites is done on a mass scale by a number of companies across India but security issues receive back-seat attention. Even a few of the so called ‘biggest websites of India’ are subject to a very basic attack such as authentication bypass.

But the bigger problem is that this huge number of small websites are not even close to being up-to-the-mark in terms of security of their data. This leaves them vulnerable to attacks from hackers, also making it possible for them to deface thousands of websites in a single day. This is always going to be a cat and mouse game. With the enhancement of technology, there will come new and sophisticated ways to break the networks and the teams would have to be very updated to be able to mitigate these risks.

“In my view, there has to be multi-layered defences, something similar to ‘Chakravuyh’ as we are used to of yester years. There has to be sufficient deterrents to discourage these kind of attacks, followed by adequate preventive measures to nullify/mitigate the attacks. If still someone is able to penetrate the defences, then there should exist a sophisticated detection mechanism so as to give a quick reaction and support. Over and above, a continuous learning system which corrects any potential and existing vulnerabilities,” says Pawan Desai, chief operating officer, MitKat Advisory Services.

On the Rise

The emergence of cyber warfare is not a recent phenomenon. It has been on the radar since the emergence of Internet and its threat is ever increasing in the wired world that we live in today.

Cyber warfare is one of the most potent forms of attacks as its impact versus casualty ratio is very effective as compared to conventional warfare. In the present case, both India and Pakistan are very advanced in terms of their capabilities for cyber attacks, as they possess some of the best people in this field across the globe. Many experts feel that the coming days would witness an exponential increase in cyber attacks across the border. “Cyber warfare is a very serious threat to a nation’s security, its property and people, and the damage it does could be irreversible and worse than a nuclear attack,” says Karnika Seth, attorney at Law and partner, Seth Associates

“In such a type of a war, it needs to be borne in mind that the so-called ‘brave warriors’ of the war are not the ones who actually become shaheed but instead the innocent users of the Internet who are at risk. Such wars, if till now are not the order of the day, will surely become so in the next few years. The main reason I can see behind such a trend is the exponential rise in the number of users coming on the Internet on a daily basis, compared to the linear rise in the awareness of these users,” explains Sunny Vaghela, an information security and cyber crime consultant.

Focus on Data Safety

If a website of a large organization can also be prone to an attack by a cyber criminal then how safe is the data on the Internet? It is as safe an one would want it to be. For example, PHP websites are the most vulnerable websites these days but then although Facebook is a PHP website but it is very secured! The reason: It spends a considerable amount of money on its security because it understands its importance.

“Similarly, people need to understand the importance of investing on the security of their website, the awareness needs to come. They should always go for penetration testing from CERT empaneled organizations, get Payment Card Industry (PCI) standard for e-commerce websites and install Intrusion Detection System/Intrusion Prevention System (IDS/IPS) in networks,” says Vaghela.

Cyber threat is no longer a potential threat but is staring prominently at our faces. Apart from all the government websites, our critical infrastructure would be the area of interest to the adversaries. Hence, all defence strategies should be in line keeping the potential and existing threats into perspective.

“We would need a structured approach in safeguarding our critical information from the adversaries. This problem should not be looked only from the perspective of technology, there has to be a holistic perspective of integrating people, process and technology to develop effective defense mechanisms. There needs to be a seam line integration between all the operators in the value chain. Also, this is going to be a continuous program, and need not be dealt as one activity,” says Desai.

Government Support

The government needs to formulate more strict norms at the level at which a website/server is being formed/registered. It must have a proper assessment system by which every new website/server being registered needs to be assessed for new vulnerabilities and exploits, and only on clearing the assessment should it be allowed to go ahead with its setup. Currently, we do not have an all-India Cyber Police Service and we need such a set up, one which provides the police leadership for Cyber Crime related defense.

The government needs to adopt a multi-pronged strategy in terms of:

• Setting up institutions to simulate sophisticated cyber attacks with the help of qualified personnel. These institutes would be used for training various agencies like intelligence, IT administrators, developers, etc, for offensive and defensive cyber warfare techniques.
• Set up early-warning capabilities about impending attacks and developing expertise in cyber forensics, which includes tools that focus on acquiring information from attacked systems to find out sources of attacks.
• A task force that will certify all imported software and hardware procured.
• Put up segmentwise security guidelines for critical infrastructures and economic segments like banking, defence, railways, aviation, atomic energy, oil & gas, etc.
• Carry out regular assessments of these establishments.
• Set up a computer emergency response team for each of these sectors.

Principal Secretary, IT and BT, Department of Karnataka Government has initiated an action plan to develop an Inter-State Coordination group for cyber security from which some thoughts can be generated as an input for the national plan.

The Government needs to use resources from the private sector to formulate a good defense mechanism. A comprehensive cyber defense strategy for the country is required to be developed. “To start the process a ‘National Cyber Security Advisory Group’ needs to be set up with suitable advisors in place. In my opinion, we need to set up a ‘Cyber Force’ as the fourth wing of our defense along with Army, Navy and Airforce. This has to be under the defense ministry. There needs to be two other national level sub agencies one under the Home department which coordinates the defense against the cyber crimes and another under Ministry of IT which coordinates the corporate information security initiatives. CERT-In can undertake the responsibility of coordinating the IS initiatives along with NIC which may focus on e-governance projects,” says N Vijayashankar (Naavi), a reputed cyber law specialist and an e-business consultant.

Naavi further elaborates that the overall control should rest with the Cyber Force which should be responsible for defending the Indian Cyber Borders. Since Cyber borders exist in every computer connected to the Internet, the cyber Force is not like the physical army which remains unseen by a common man at far away borders. This Cyber Force needs to have its units in the cities and work with ISPs and MSPs in defending the Indian Cyber Space.

“It can be headquartered in the Silicon City of India, Bengaluru, which is developing into the Cyber Security capital of India. It has to deploy its units in all major ISPs and MSPs which are the gateways to the Cyber Space. It may also need to deploy special protection forces at critical projects such as UID, NSE, IDRBT, etc. Lot of thought has to go into structuring the activities of such a force and it needs an elaborate discussion in a separate forum,” says Vijayashankar.
All said and done, the term war is assuming new proportions and refraining to owe allegiance to the conventional form of physical warfare. It leaves one and all non-pulsed by its new avatar and grasping with the thought of what next is in store.

-Shilpa Shanbhag
shilpas@cybermedia.co.in

by Ramanjit Kaur

Discrepancies are quite natural in franchise relationships. Hence, a well-defined process or a set of law is required to resolve disputes. For this reason, the legal framework of franchising covers Forum Selection Clause that comes to the fore in case the crisis situation reaches saturation level.

WHEN a franchisor selects a franchisee or a franchisee takes up a particular franchise, dispute is the last thing on their minds. But it is a fact that cannot be ignored or wished away. Considering the probability of such discrepancies and dispute-related situations beforehand and taking preventive measures to avoid trouble in future is always a wise option. The franchise attorneys and consultants recommend inclusion of Dispute Resolution Clause and Forum Selection Clause in the franchise contract.

Planning overseas expansion

Franchising overseas can be highly profitable and is an excellent way of expanding the business on foreign land. However, expanding overseas involves lot of risks, especially in case of inexperienced franchisors. Therefore, in order to provide certainty to both the franchisor and the franchisee, Forum Selection Clause must be included in the franchise agreement. As Rod Young, Executive Director, DC Strategy, a specialised consulting and law firm, says, “For the sake of commercial certainty, it is advisable to include Forum Selection Clause in every franchise agreement, whether in a nationwide franchise offering (which may be launched across a number of states or territories, each with their own laws and courts) or internationally.”

What is Forum Selection Clause?

This clause allows both the franchisor and the franchisee to resolve their litigations in a specific forum. The disputes in franchising usually arise due to breach of contract or misrepresentation of the franchise agreement. The franchise Selection Forum basically includes two clauses, Choice of Law Clause and Jurisdiction Clause

Choice of Law Clause

The Choice of Law Clause specifies the law of the state or country, which will apply to resolve arbitrations or dispute or misrepresentation of the contract. As Dawn Stallwood, Managing Director, Danetree Associates & Consultant Solicitor at Legal Services Consulting, UK  says, “Choice of law basically tells both the parties which law will actually apply to resolve the conflict. It says that the franchisors do need to be aware of any mandatory laws, which might apply and override any choice of law clause.”

Jurisdiction Clause

The Jurisdiction Clause decides which court or dispute resolution system will hear and determine the dispute litigation. In other words, this clause sets out the franchisor’s chosen place/country to sue an errant franchisee or to resolve the disputes. As per Stallwood, “It is risky to be silent on such issues, as jurisdictional issues can be complex and providing for certainty in the franchise contract is preferable.”

Selection, negotiation

“The Forum Selection Clause does play a significant role in expanding overseas and its inclusion in the contract is necessary to determine the process by which the parties will have their disputes resolved and the venue for such dispute resolution,” says Shahnaz Husain, Founder, Chairman and Managing Director, Shahnaz Husain Group. But before selecting a specific Forum Selection Clause, a number of factors need to be considered.

Nationality of both the parties: Nationality of both the franchisor and the franchisee is a matter of concern while selecting the Forum Selection Law. As per Karnika Seth, Attorney, Law & Partner, Seth Associates, Advocates and Legal Consultants, says, “Usually, a franchisor who has franchisees in different jurisdictions will insist on selecting the forum for dispute settlement as courts of the place where the franchisor has its registered office.”

Need for neutrality: In case of different nationalities of the franchisor and the franchisee, one party can be at a disadvantage if the litigation takes place in other party’s home country. Lack of knowledge about the procedural and material laws applicable, legal culture, competency of the judges, language and physical distance must be allayed before selecting the Forum Selection Clause. As Young says, “Typically, a Forum Selection Clause will adopt the law and courts of either the region where the franchisor is domiciled or the region where the majority of its overseas franchise operations are situated.”

Complexities of issues: Generally, it is the complexity of the matter that determines the legal procedure. “Arbitration can be the best choice available since in court cases, both the parties will need to see the bargaining power, place where performance of a contract is to be made, location of both parties, inconvenience of forum,” says Seth.

Amount of money and time: When the franchisor and the franchisee are from different countries, the decision of Forum Selection Clause is also influenced by the amount of time and money that will be involved in the court proceedings. According to Young, “The franchisor establishes norms under his existing templates, as he is most familiar with the local law and courts. Besides, in the event of litigation, he will want proceedings to be controlled locally rather than the uncertainty and cost of ‘being dragged’ into proceedings in some distant and unknown jurisdiction bothers him.”

Brian Duckett, Chairman, The Franchising Centre, mentions, “Wherever in the world it takes place, the whole legal process is far too uncertain, takes far too long and costs far too much – not least because it suits the lawyers for that to be the situation.”

Recognition and enforcement of the ruling: Before finalising the place to sue or the law to apply, it is crucial to take legal advice, as recommended by Stallwood. It is because the choice of law and place of jurisdiction directly affects the legal course of action since rules and regulations differ from country to country.

Ensuring enforceability

Despite the brevity and simplistic drafting, commercial implications of these clauses can be complex and not at all self-evident from the contract itself.

While one cannot guarantee the enforceability of a Forum Clause, parties can take comfort from a clear, well-constructed provision prepared by a specialist legal adviser. Seth opines, “The contract should state that in case any clause is unenforceable or invalid or considered so by the courts, other clauses shall continue to be valid and binding on the parties and will be fully enforceable. This principle is commonly known as severability principle. The parties should state that decision taken by the courts shall be final and binding between parties.”

National or international lawyer

Various franchise regulations and the franchise agreement secures the right of both the franchisor and franchisees to take legal actions in the appropriate forum in case any dispute arises. This allows both the parties to bring in the legal representatives of their choice. However Young suggests, “Typically it will be advantageous to engage solicitors who are familiar with the local court system and any local franchise regulations.” While Seth believes, “It is in fact preferable to bring a lawyer from the party’s home country to fight the case. The lawyer may work with their associate lawyer in foreign jurisdiction and through combined efforts, case can be handled effectively .It is not essential for Indian lawyer to travel to foreign jurisdiction, video-conference and e-mail exchanges are enough to render litigation support.”

However, Duckett says, “It doesn’t matter what the legal forum is for a dispute because once it gets the stage of litigation, all hope is lost for the relationship and the result will only be rich lawyers and disillusioned franchisor and franchisee.”

If the Forum Selection Clause is not included in the franchise contract, then national court will ensure the jurisdiction by default. Under such circumstances, the place of litigation is decided as per the national rules and international conventions. As per Young, “If the forum clause is omitted from a franchise agreement, case law has shown that the parties can be drawn into a very protracted exercise of applying to their local courts to determine which jurisdiction has the closest and most real connection with the contract. This should be avoided at all costs through the adoption of an appropriately framed forum clause.” Therefore, it is advisable for the franchisor to include Forum Selection Clause in the franchise agreement, especially if the franchisor is planning to expand the business beyond national boundaries.

In spite of its significant role in dispute resolution, majority of the Indian franchisors do not even know about it. This lack of awareness may be because of the nascent stage of franchising in India and no specific franchising laws yet exist here. But for the franchisors who have ambition to expand beyond India need to bear in mind the laws of different countries and their different approaches to franchising and business practices.

Anu Sharma, 30, suspected that her husband was lying to her every time he cited urgent business tours to stay out of the house. One day she finally got proof in the form of a tweet. The next day, she filed for divorce, using the tweet as evidence.

When it comes to fighting a divorce case, tweets are not necessarily sweet. Your status message on social networking websites can even be used as secondary evidence in court cases.

Legal experts say tweets and messages on social networking sites like Facebook and Orkut can reveal one’s state of mind; therefore they can be taken as secondary evidence in legal matters. This clause comes under the IT Act of 2000, amended in October last year.

Pavan Duggal, a Supreme Court lawyer, said: “The IT Act of 2000 was primarily legislation promoting e-commerce and the concept of social networking was not even heard of then. Thus, this clause was incorporated because of the widespread use of microblogging and social networking sites.”

“This trend is catching up now, specially in divorce cases, although it started only last year,” Duggal told IANS.

Citing Anu Sharma’s example, Duggal said: “Her husband used to give her excuses that he was going out on business tours. But instead he would meet friends and socialise. Finally, he was caught when on one of his ’so called’ business tours, he tweeted: ‘Having a great time with friends over beer, I am in town, come over and join me.’

“Tweets and status messages are usually taken up as secondary evidence. And they are as important as the primary ones,” Duggal told IANS.

He said even an angry tweet or status message like, “I hate my wife”, if produced in court as a printout or screen shot becomes secondary evidence.

“Any written word available in the public domain can be used under this Act. A statement like this can be used on grounds of mental cruelty,” added Duggal.

Agreed Karnika Seth, attorney at law firm Seth Associates who specialises in cyber crime.

“There are couples who are filing for divorce on reasons which could not have been proved before, but with tweets and status message updating several times a day, it works as additional evidence, often making adultery easy to prove,” Seth told IANS.

She also added that many people used to hire private detectives, but this had become a new way of finding the truth.

“In one such case, a man had e-mailed threatening messages to his wife. His IP address could be traced, but the message was not digitally signed, thus the messages were taken as a secondary evidence and a divorce case was filed.”

Seth said a numeric address or domain name given to a website to track it is called IP address. Digital signatures are specially designed icons or even one’s original sign encrypted on the e-mails are the two criteria on the basis of which primary or secondary evidence is distinguished.

According to her, blogs and chat messages can also be used as evidence.

As the clause is only a few months old, no specific statistics is available yet on how many people have used tweets or status messages in legal matters.

Maninder Walia, researcher with the website Cybersmart, feels the act curbs people’s freedom of speech and thoughts.

“The idea behind this act is to control the ever expanding cyber crime which is a threat to national security. But when it comes to freedom of speech and thoughts, this act may be a hindrance,” he said.

Walia feels if a person writes on his or her status message about drinking a lot or something similar, this could also be presented as evidence tagging him or her as an alcoholic in court.

He feels social networking sites are easy interaction platforms, hence things written as tweets, status messages in good humour or otherwise should not be put under the scanner.

“The law needs to pinpoint what kind of information should be used as evidence and in what cases. The act should be reviewed; the internet is moving fast, the law should not lag behind technology,” he said.

Date : 05/04/2010. News by Newsofap.com http://www.newsofap.com/newsofap-10824-25-orkut-twitter-facebook-messages-can-be-used-as-evidence-in-indian-courts-newsofap

When it comes to spamming, the grouse is that the relevant Section (Section 66 A) would only apply if the identity of the spammer is established.

Moumita Bakshi Chatterjee

Nearly three years after it was introduced in the Lok Sabha and almost a year after it received a green signal from both Houses of Parliament, the IT (Amendment) Act, 2008 has come into force. The amendment allows the Government to go after new-age cyber criminals and crimes — identity theft, cyber-stalking, cyber harassment, child pornography and spamming — and also gives it more ammunition to tackle cyber terrorism.

But legal eagles say the changes have turned out to be a bitter-sweet pill. While the cyber law zeroes in on new forms of crime, it has toned down punishment in the case of certain offences. Critics further caution that the new legislation arms the State with sweeping powers to block Web sites and snoop, but has not built in adequate safeguards to check possible misuse of such powers.

Crowning glory

First, the good news. Clearly, one of the most important changes that have been brought about pertains to cyber terrorism, with Section 66 F of the amended legislation prescribing life imprisonment for such offences. This assumes significance as the recent terror attacks have demonstrated just how tech-savvy militants can be.

Be it the Parliament attack or the more recent Mumbai terror strike, the use of technology — from satellite phones, e-mails, Internet to the more sophisticated GPS equipment — has been rampant. Experts opine that the amendments that have come into force now have penned down the widest possible definition of cyber terrorism even by global standards. “In that sense, India has taken thought leadership in clamping down on cyber terrorism,” says an industry watcher.

To quote the section verbatim, “whoever, knowingly or intentionally penetrates or accesses a computer resource without authorisation or exceeding authorised access, and by means of such conduct obtains access to information, data or computer database that is restricted for reasons of security of the State or foreign relations; or any restricted information, data or computer database, with reasons to believe that such information, data or computer database so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign states, public order, decency or morality or in relation to contempt of court, defamation or incitement to an offence, or to advantage of any foreign nation, group of individuals or otherwise commits the offence of cyber terrorism.”

Cyber law experts have dubbed the new Section as the crowning glory of the legislation.

“The original IT Act did not have relevant teeth to deal with cyber terrorism. It now provides an additional remedy for booking cyber terrorism, where perpetrators leverage electronic formats and technology to execute terror attacks,” they say.

At the same time, the amendments have expanded the scope of the Act beyond the ambit of computer and computer network to specifically include “communication device” — mobile phones, PDAs or any other device used to communicate, send or transmit any text, video, audio or images. In one swift move, this has brought mobile users under the scanner. Earlier too, mobiles were considered to be under the wide definition of “computer” but now, inserting a clause on “communication devices”, has left no doubt about the scope of the Act.

Breather for intermediaries

Another contentious clause that has been tweaked pertains to the liability of intermediaries. Remember the controversial arrest of Baazee.com CEO in December 2004 in a case involving the sale of a sexually explicit MMS clip, on the auction site? Well, the IT (Amendment) Act now provides a breather of sorts to such intermediaries.

Under the original Act, the intermediary was required to prove that the offence was committed without his knowledge or that he had exercised all due diligence to prevent the commission of an offence.

“The amendment shifts the onus of proving the guilt on the law-enforcement agencies instead. It has decimated the liability of intermediaries so long as they observe due diligence and fulfil other parameters of Section 79. On the other hand, it has made the definition of intermediaries more comprehensive to includes auction sites, telecom and network service providers, ISPs, web hosting companies, search engines and online payment sites, among others,” says Pavan Duggal, a noted lawyer and an expert on issues pertaining to cyber regulation.

Casting the net wide

The new legislation casts its net, wide. It now talks in specific terms — sending offensive messages through communication services (spamming), violation of privacy (video voyeurism), Wi-Fi hacking, phishing, identity theft, et al.

“While a few of these offences find mention in the Indian Penal Code (IPC), the IT Act, by providing specific provisions pertaining to those offences such as cheating by impersonation, or criminal intimidation through spamming or sending insulting messages, provides better clarity,” points out Karnika Seth, managing partner of Seth Associates Law firm and author of Cyberlaws in the Information Technology Age.

So far silent on heinous crimes such as child pornography, the amended law clamps down on such offences.

Publishing and transmitting of material depicting children in sexually explicit acts, etc, in electronic form will attract up to five-year imprisonment and a fine of up to Rs 10 lakh on first conviction; and up to seven-year imprisonment and fine of up to Rs 10 lakh on second and subsequent conviction.

‘Soft’ in some portions

However, a section of the legal fraternity feels that notwithstanding its expanded ambit, the law has gone “soft” on cyber crimes.

Barring cyber terrorism and a few other offences, all offences where punishment is up to three years are now bailable. Moreover, in the case of Section 67 dealing with publishing or transmitting obscene material in electronic form, while the original Act stipulated up to five-year imprisonment and Rs 1 lakh fine for the first conviction, it now talks about up to three-year imprisonment and up to Rs 5 lakh fine. Similarly, the term for the second and subsequent conviction stands reduced. “At a time when the world is increasing the quantum of punishment for cyber crimes, India perhaps has the dubious distinction of reducing the punishment,” quips Duggal.

Critics have also spoken out against enhanced powers of the State when it comes to issuing direction for interception or monitoring or decryption of any information through any computer resource; or directions to block public’s access to information generated, transmitted or even hosted in a computer resource.

“The provisions pertaining to blocking of Web sites is an area of concern. Instead of State agencies, the legal system should give the necessary directions. There should be a set process of giving notices and hearing before such blocking takes place,” says e-security expert Vijay Mukhi.

Some analysts are also of the opinion that while Section 43 (A) talks about compensation for failure to protect data — it assigns responsibilities on body corporate, possessing, dealing or handling any sensitive personal data — India should have taken the cue from nations such as the UK that have a distinct and comprehensive legislation dealing with the subject. Their view: a single provision is not adequate to cover the critical issue.

Similarly, when it comes to spamming, the general grouse is that the relevant Section (Section 66 A) would only apply if the identity of the spammer is established — a tall order in itself.

“The US has anti-spam law in the form of Can Spam Act, anti-spam legislations are also in place in Australia and New Zealand. But the Indian IT Act has not addressed this effectively,” says Duggal, adding that these offences should have been covered more exhaustively under the amended legislation.

Still, the law appears to be far more potent now in dealing with new-age cyber crimes than ever before.

But for a country where the conviction for cyber crime has been abysmally low thus far and under-reporting has been the order of the day, just how effective the law turns out remains to be seen.

Cops should block offending websites

It is a criminal offence to sell sex games with graphic visuals. Under section 292 of the Indian Penal Code whoever sells, rents out, distributes, publicly exhibits or in any manner puts into circulation can be hauled up.

The law also specially restricts production and possession. Violators and peddlers of such pornographic material may be punished. The penalty includes imprisonment and a monetary fine. Recently there were amendments to section 67A of the Information Technology Act. The amendment deals with any kind of sexually explicit material especially anything that falls under child pornography.

Online version and pirated copies of such explicit games should be blocked so that people have no access to it. The Cyber Crime cell can look into the matter and block the offending gaming websites.
—Karnika Seth, Chairperson of Cyberlaws Consulting Centre, Seth Associates

Tweets could spell trouble in divorce cases

Anu Sharma, 30, suspected that her husband was lying to her every time he cited urgent business tours to stay out of the house. One day she finally got proof in the form of a tweet. The next day, she filed for divorce, using the tweet as evidence.

When it comes to fighting a divorce case, tweets are not necessarily sweet. Your status message on social networking websites can even be used as secondary evidence in court cases.

Legal experts say tweets and messages on social networking sites like Facebook and Orkut can reveal one’s state of mind; therefore they can be taken as secondary evidence in legal matters. This clause comes under the IT Act of 2000, amended in October last year.

Pavan Duggal, a Supreme Court lawyer, said: “The IT Act of 2000 was primarily legislation promoting e-commerce and the concept of social networking was not even heard of then. Thus, this clause was incorporated because of the widespread use of microblogging and social networking sites.”

“This trend is catching up now, specially in divorce cases, although it started only last year,” Duggal told IANS.

Citing Anu Sharma’s example, Duggal said: “Her husband used to give her excuses that he was going out on business tours. But instead he would meet friends and socialise. Finally, he was caught when on one of his ’so called’ business tours, he tweeted: ‘Having a great time with friends over beer, I am in town, come over and join me.’

“Tweets and status messages are usually taken up as secondary evidence. And they are as important as the primary ones,” Duggal told IANS.

He said even an angry tweet or status message like, “I hate my wife”, if produced in court as a printout or screen shot becomes secondary evidence.

“Any written word available in the public domain can be used under this Act. A statement like this can be used on grounds of mental cruelty,” added Duggal.

Agreed Karnika Seth, attorney at law firm Seth Associates who specialises in cyber crime.

“There are couples who are filing for divorce on reasons which could not have been proved before, but with tweets and status message updating several times a day, it works as additional evidence, often making adultery easy to prove,” Seth told IANS.

She also added that many people used to hire private detectives, but this had become a new way of finding the truth.

“In one such case, a man had e-mailed threatening messages to his wife. His IP address could be traced, but the message was not digitally signed, thus the messages were taken as a secondary evidence and a divorce case was filed.”

Seth said a numeric address or domain name given to a website to track it is called IP address. Digital signatures are specially designed icons or even one’s original sign encrypted on the e-mails are the two criteria on the basis of which primary or secondary evidence is distinguished.

According to her, blogs and chat messages can also be used as evidence.

As the clause is only a few months old, no specific statistics is available yet on how many people have used tweets or status messages in legal matters.

Maninder Walia, researcher with the website Cybersmart, feels the act curbs people’s freedom of speech and thoughts.

“The idea behind this act is to control the ever expanding cyber crime which is a threat to national security. But when it comes to freedom of speech and thoughts, this act may be a hindrance,” he said.

Walia feels if a person writes on his or her status message about drinking a lot or something similar, this could also be presented as evidence tagging him or her as an alcoholic in court.

He feels social networking sites are easy interaction platforms, hence things written as tweets, status messages in good humour or otherwise should not be put under the scanner.

“The law needs to pinpoint what kind of information should be used as evidence and in what cases. The act should be reviewed; the internet is moving fast, the law should not lag behind technology,” he said.

By Shambhavi Anand | April 15, 2010 -FRANCHISE INDIA

Entrepreneurs, in this day and age, might disagree with William Shakespeare, who once said, “What’s in a name,” because there is a lot to their company’s name. It reflects the company’s vision, its product profile and the customers’ expectations. It reflects the brand; the identity of the company.
What if someone else is running a business using the same name as your company? You surely don’t want your brand equity to get diluted and your TG to get confused. So what should you do? Who to approach?
What legal action can be taken?
The law can come to your rescue through the Trademark Act, 1999 and its various sections.
“The Trademark Act, 1999 provides in Section 135, that in case of suit for infringement (where the complainant’s mark is registered trademark) and/or passing off, (common law remedy applicable to cases where complainant has unregistered trademarks), the relief of injunction, delivery up of infringing goods, damages or account of profits is available,” says Karnika Seth, Attorney at law & Partner, Seth Associates.
“Trademark Act, 1999 also provides criminal remedy in Section 103,” adds Seth.
Under it any person who uses another person’s registered trademark without authorisation can be punished. The punishment can be imprisonment for a term of six months, which can extend up to three years and with fine of not less than Rs 50,000 that could extend to Rs 2 lakh.
There is yet another case that can arise. The other person’s mark might not be the exactly same but deceptively similar (and also registered) to the registered trademark in question. In such a case, an application for rectification to cancel that trademark from the register of trademarks may also be made under Section 57 of the Trademarks Act, 1999 on the ground of any contravention or failure to observe a stipulated condition entered on the register.
How long will it take and how much will it cost?
When starting a legal battle time and cost incurred are major concerns.
According to Seth, criminal remedy and rectification may take about 12 to 18 months depending on various factors. Civil suit may take even longer although by way of interim relief interim injunction is granted at an early stage and a local commissioner is appointed to conduct search and submit a report.
The procedure is not very expensive considering the value in protecting long term interest of the name/trademark.
How to avoid your business name from being stolen?
You have to be foresighted enough to get your company name registered as a trademark as soon as you christen it or whenever you think it is apt. This is the best means of protecting a business name. Registering a trademark acts as a shield against misuse of that mark by other parties.
Seth suggests, “In case any other person imitates your registered trademark or uses a mark similar to it then criminal and civil remedies are available. Section 27 of the Trademark Act, 1999 empowers registered trademark holders to institute legal action for injunction and damages.”
“If you do not register your company name you can initiate an action against someone stealing your company name only under passing off, which is harder onus than proving an infringement under statutory law. Because to satisfy ingredients of passing off the mark in question should have a very strong popularity and goodwill,” Seth adds.

Link: http://sme.franchiseindia.com/articles/Starting-a-Business/Supporting-Organisations/What-if-someone-steals-your-company-name-226/

New Delhi, May 8 (UNI) Sending offensive SMS, or threatening e-mails, posting or watching pornographic material on the web site can send you behind the bars for five years with fines running into lakhs, this was revealed at the seminar on ‘enforcement of cyber laws’today.
Speaking at the seminar ” Enforcement Of Cyber laws” organised by The National Project Committee(NPC) and The Cyber Appellate Tribunal (CAT), Chief Justice of India K G Balakrishnan today said the reach of computers and internet has become a boon to the society but its misuse has to be curbed. It is the duty of the legal officers to protect such offences and we have proper laws to do so. The latest cyber law is technology proof and can be implemented with the changing laws, Justice Balkrishnan said.
He said the invention of internet and computers is a great scientific revolution and a boon to the society. We have to see that it does not become a curse to the society.
More and more people are being victimised by the perpetrators of crime and our effort is to impart training to the judges, adjudicating officers as well as police personnel, to tackle such crimes, Justice Balakrishnan said.
The Information Technology Act was enacted in 2000 but with passage of time , as the technology developed the new methods of committing crime in computers surfaced. In order to plug in the loopholes the act was amended in 2008 and made effective from October 27, 2008, Supreme court judge Justice Altamas Kabir said.
With what started as a game or entertainment has developed into a transaction of a serious nature.Business transactions are available at the click of the mouse and that is why UN stepped in and came out with the cyber crime laws in the year 1996, Justice Kabir who is also the chairman of the Cyber Law enforcement committee said. India in 2000 framed its own cyber laws with an objective to give legitimacy to the digital knowledge and data and our laws are quite comprehensive, he said.
Allahbad High Court Justice Yatindra Singh said not all cyber crimes are reported because there is lack of confidence among the public. People mistakenly assume that they are anonymous and cannot be caught while committing a cyber crime but it is not so, Justice Singh added. They are being watched and their identity can be detected from the server as it retains all records of the user, justice Singh said.
Acting Chief justice of Delhi High Court, Justice Madan B Lokur said cyber crime has spread extensively and we are concerned with the security of the Delhi High court and have to be careful that the judgements are not hacked, he said. The National Crime Record Bureau shows that only 217 cyber crime cases are pending in the courts which would be disposed off soon, he added.
Mr R. Chandrasekhar , Secretary Department of Information Technology said while implementing the cyber laws we have to keep inmind the jurisdiction of laws of the land of various places. The laws which come into the force are the laws of the land of the complainant or the affected person, the laws of the land of the place where the server is hosted and the laws of the land of the accused, Mr Chandrasekhar said. Though the cyber crime has dissolved national boundaries, the actual users are physical bodies, Mens rea (intention) which can be tracked eventually.
Mr Rajesh Tandon Chairperson of the Cyber Appellate tribunal said now with the amendments of the IT-ACT 2000 in operation , even sending vulgar SMS is a crime. We have covered all digital and electronic gadgets under the cyber law crimes, he added.
Lawyer Karnika Seth, who has authored a book on Cyber Crimes said it is very important to educate the youngsters about the cyber crimes and its repercussions. There should be clarity in the laws so  that the young computer users do not fall prey to the cyber crimes, she added.
Dr Gulshan Rai, director General director General, Indian Computer Emergency Response Team (CERT-In) said in the cyber crime cases, the evidence can be procured from the service provider as each computer is numbered and all data lies in the pockets of the server. We can easily retrieve from the pocket the source of the crime and can be dealt with accordingly, he added.
Talking of the PMO (prime Minister office) which was hacked recently, Mr Rai said the hacker had made efforts to hack the PMO computer but we thwarted his efforts. We could even find out its origin, he added.

Sangeeta Sharma
UNI SNG SY 1859

(Interview with Seth Associates)

by Amanpreet

Many foreign companies have taken recourse to the joint venture to enter the emerging Indian market. TFW explores various facets of the most viable business route for entering into the new market.

Research before you decide

When any company plans to unveil its brand in the new market, it has to undertake a lot of meticulous research and scrutiny in finding out how receptive the market is towards international brands? Are people ready to pay for branded possessions? How competitive the market is? Which business route is most feasible? When you decide to launch your brand name in the market, it is advisable to do a thorough study of the market. It will help you to decide whether to go for a master franchise or form a joint venture. On the basis of overall market research conducted in assistance with trade commissions or consultants, the companies analyse and thereafter, consider the next move of negotiating on their terms and conditions.

Franchise v/s JV

Master franchising is a lucrative option for international franchisors. In a franchise agreement, the franchisor grants the rights to the franchisee to operate, sell and develop the franchise business in the given geographical area under the franchisor’s brand name and trademark. To expand the brand position in a new country, franchisors primarily use this form of franchising. For example, Domino’s entered India through the master franchise agreement.

On the other side, joint venture is a strategic alliance, where two or more parties form a joint venture by contributing a share of an equity, which allows them to share the revenues, expenses and the control of the venture. Such a partnership can only happen between goliaths in the business world. For example, McDonald’s in India is a Joint-Venture (JV) partnership run by two Indians. McDonald’s International through its wholly-owned subsidiary, McDonald’s India, entered into two JVs, one with Connaught Plaza Restaurants Pvt. Ltd, which is managed by Vikram Bakshi in the Northern and Eastern region, and another with Hard Castle Restaurants Pvt. Ltd, which is managed by Amit Jatia in the Western and Southern Region.

Commenting on both the business routes, Karnika Seth, Attorney at Law and Partner, Seth Associates, Advocates and Legal Consultants, clarifies, “We suggest JV or franchise route, depending on the level of involvement the foreign party chooses to have in its Indian business. Franchising can be easier but JV is more effective as foreign party has better input in terms of running the business.”

Being recognised as the world’s largest and India’s first golf interactive bar, lounge and retail destination, Golfworx, is planning to launch its lounge in Ambience Mall, Gurgaon, in December. Commenting on the route it is looking to penetrate India, Darrell Stapleton, CEO and Founder, Golfworx, says, “Golfworx is currently looking at various joint venture options around the country with SMEs and larger organisations. The joint venture option at this stage seems to be a more viable option than franchising for the simple fact that we can control brand integrity and destiny a lot better.”

Commenting on the reason behind entering into a JV with Bharti Enterprises, Bharti-Walmart Spokesperson, elucidates, “In every country that we are present, we operate strictly under the guidelines of that country. In places such as India, Mexico, Central America and China, we recognise the importance of having a local partner based on our excellent experiences working with partners around the world.”

On differentiating between the role of a franchise or a JV partner, Seth states, “A master franchisor licences its trademark and trade dress of a business and assumes a quality control through operation manuals and inspections. However, a JV partner is equally responsible for profits and losses by a JV partner and participates in running the business on a day to day basis.”

The master franchise (partner) is entitled to receive a percentage of the franchise fees from the franchisee on the sale of a franchise unit. They also receive a share of royalty income and some additional fees, which are generated by each franchise unit in the given geographic area.  While on the other side, in JV’s, the partners equally share risks and profits, can access specialised staff, technology and resources, and it provides the opportunity to gain expertise, contribution and a benefit of distribution network of Indian partner and the companies can gradually separate a business from the rest of the organisation, and eventually, sell it to the other parent company.

Strategy behind decision

To test the waters in the Indian market, few brands in their initial stages clinched deals with the Indian companies simply to popularise their brand in the new market. And after capturing some market share through the franchising route, they broke their deals with Indian partners and formed JV’s. On this, Seth adds, “Commitment is equally important in JV or franchise agreements. Exit clause decides the level of commitment shared by the parties. A foreign party is more aggressive in terms of moving out of JV agreement and therefore, exit clauses need careful drafting.”

Call it as their strategy for capturing the interest of the target consumers or positioning the brand in the market to take greater control over operations in order to expand in the country, these days, the market trend is changing.

International brands like Gucci and Mothercare have now started following the footsteps of UK’s Retailer Marks and Spencer. Initially, the company entered India through the franchise route with Planet Retail Holdings Limited as its master franchisee and later on, after a few years it terminated its agreement and entered into a joint venture with Reliance Retail Limited. Most of the international brands are interested in setting up 100 per cent-owned stores so as to ensure that they stay in complete control. However, Indian rules allow only 51 per cent foreign investment in single-brand retail and none in multi-brand retail.

Guidelines

The success of master franchise or a joint venture route lies in various factors:

Either going in for franchise or JV route, it is essential for both the parties to understand the ins and outs of

the system. When planning a market entry, it is important for the foreign company to understand the laws of the country.

• Before partnering with any foreign brand, it is important that the Indian investor considers how recognised the brand is in international markets, in which countries it is present, how many of its stores are running successfully in its home base and other countries.

• Prior to making the entry, do a lot of homework on the type of business you’re dealing with. Never forget to take the useful advice from experts in international trade, and also get in touch with the existing franchise and venture partners and ask them on which all terms and conditions you negotiated. Do conduct research about the brand’s positioning in other markets, find out how competitive the market is and never forget to take assistance from legal experts.

• To instantly raise the credibility of your business, it is important that you select the right business partner, who has a good understanding of the local market.

• Ensure that the business partner knows the consumer tastes and preference well. In addition to it, make sure that the business partner puts in essential value in bringing financial and managerial resources to deal with the local environment.

• Before signing the letter of intent, ensure that each and every term or condition in an agreement is clearly understood and amend any clauses that one may not find favourable.
• To be successful in a new country, it is important for the foreign brand to customise its product offering as per the consumer tastes and preferences.

India Business Law Journal

Book sheds new light on cyberlaws

A new book outlining the fundamental concepts and key principals of cyberlaw has been released in Delhi. Written by prominent lawyer Karnika Seth and published by Butterworths Lexis Nexis Wadhwa, the book, titled Cyberlaws in the Information Technology Age, provides practical tips on e-contracting and e-commerce issues, e-payment systems and taxation considerations for e-commerce businesses. It also explores online privacy and security, defamation, freedom of speech on the internet, intellectual property piracy and cybercrime.

The book was officially launched by the chief justice of India, KG Balakrishnan, at a ceremony in Delhi on 7 October. Attendees included Supreme Court judges Altamas Kabir and Dalveer Bhandari, the additional solicitor general of India, Indira Jai Singh, and Gulshan Rai, head of the computer emergency response team at the Ministry of Information Technology. Seth, who is a partner at Seth Associates and the founder of the firm’s Cyberlaws Consulting Centre, has diverse transactional experience encompassing cyberlaws and e-commerce. She has helped to resolve many cybercrime cases in conjunction with the cybercrime cell in Delhi and other law enforcement agencies in India. She has also delivered specialist workshops on IT law and practice to judges, lawyers, senior government officers, police officers and IT professionals.

Seeking fingerprints in cyberspace

–Karnika Seth, cyber lawyer and Chairperson of Cyberlaws Consulting Centre, Seth Associates

‘Parents must monitor PC usage’
Most colleges in Mumbai have blocked ‘unwanted’ websites. Students in their computer labs can only access educational websites, in some schools and colleges, internet access is barred and is activated only when needed.

We hear of cases where students use cyberspace to get at someone or ridicule rivals.

They are at a vulnerable age, and they make commit an act without knowing the consequences of their behaviour.

They don’t know that what they might think is harmless or fun is considered a crime and they can be hauled up for the same.
Hence, students should be taught not only in school and colleges, but also at home about the ill effects of such actions.

In most cases, students use either cyber cafes or the internet facility at homes to surf pornographic websites. They rarely abuse the internet facility in educational institutes because they know that they will be caught due to the constant surveillance.

Hence the onus doesn’t lie on teachers but on parents because today everyone has a computer and internet access at their residence.

Therefore, parents need to keep a tab on their children and see what they are the surfing on the internet.They must warn them about the consequence of abuse.

The police plan to get cyber owners to install fingerprinting systems and webcams to deter any possible misuse of public computers is good. Now, people will think twice before misusing cyberspace.
There should also be surveillance on the computer monitors in cyber cafes, cameras should be able to record the activity on computer screens.

SME TIMES

Saurabh Gupta | 08 Oct, 2009

New book highlights safeguarding online security, privacy

To create awareness among common people about cyber laws a new book ‘Cyber laws in the Information Technology Age’ was released in Delhi on Wednesday evening.

This book authored by Karnika Seth, Cyber-lawyer & Managing Partner of Seth Associates law, presents an insight into different interesting cyberspace issues such as online privacy, defamation, freedom of speech on internet, intellectual property piracy on internet, and cyber crime with case studies and landmark precedents from different parts of the world.

It provides practical tips on safeguarding one’s security and privacy in the online world and will enlighten readers on their legal rights and obligations in cyberspace and legal implications of their actions on the Internet.

Butterworths lexisnexis Wadhwa in collaboration with the Karnika Seth has launched this book. The Book was released by Justice Altamas Kabir, Judge, Supreme Court of India.

Justice Dalveer Bhandari , Judge Supreme Court of India, Gopal Subramanium, Solicitor General of India , Indira Jai Singh, Additional Solicitor General of India and Gulshan Rai, Director General , CERT, Ministry of Information Technology also graced the occasion and delivered their address at the book release function.

“The prime objective of this book is to introduce its readers to the subjects of cyber laws, elucidate key operative principles and to discuss the key developments in the field of Cyber laws across many important jurisdictions India, United States and European nations,” said Karnika Seth.
“The book not only explains the fundamental concepts in cyberspace laws, but also aims to present a fair overview of the evolution of cyber laws across many jurisdictions.”

The book also discusses pertinent e-contracting and e-commerce issues, and describes popular e-payment systems and taxation regimes which are indispensable to e-commerce businesses.

“It elucidates the key principles for determining jurisdiction in cyber law disputes, significance of electronic signatures and admissibility of e-evidence, which are subjects of interest to readers’ world over,” the author added.

IBNLive

What do you do when you see yourself defamed online?

Nilanjana Bose/ CNN-IBM

Published on Thu, Feb 19, 2009 at 01:20 in Sci-Tech section

New Delhi: We have come to see rather innovative uses of this relatively new medium called social networking sites, from home loan defaulters getting summons posted on their facebook accounts to being informed of your change in marital status online, what do you do when you see yourself defamed online?

Thirty-five-year-old Emma Brady thought her six year old marriage was fine till she found out from her husband’s status on facebook that all wasn’t well. Their marriage ended – and in a way created history – by becoming the first divorce on facebook.

Social networking sites have been the bearer of bad news in the past as well. Carmel Corbo and Gordon Poyser in Canberra in Austalia owed a lending institution more than 100 thousand dollars. The company after failing to reach them at their house chose a far less conventional approach – They sent a notice to the couple via facebook.

Law Institute of Victoria Tony Burke says, “Well it’s a very interesting development, it shows in Australia, our courts are flexible and adaptable and willing to embrace new technologies, but I guess there are messages for those who choose to have a presence on facebook, you are liable to be found.”

There have been numerous cases of people being defamed on social networking sites, of groups being set up against well known faces. Blogs and social netoworking sites often use the freedom of expression to vent and be nasty. But what is wrong with that.

While the law is grainy when it comes to online defamation – cyber lawyers say…there is a way you can defend yourself.

Cyber lawyer Karnika Seth says, “You can file a complaint against the person who has filed the case and if they still don’t take off the offending stuff then the police can be involved.

But while the debate ranges on about freedom of speech and expression, for the moment its open season on social networking sites

IBNLive

What do you do when you see yourself defamed online?

Nilanjana Bose/ CNN-IBM

Published on Thu, Feb 19, 2009 at 01:20 in Sci-Tech section

New Delhi: We have come to see rather innovative uses of this relatively new medium called social networking sites, from home loan defaulters getting summons posted on their facebook accounts to being informed of your change in marital status online, what do you do when you see yourself demafed online?

Thirty-five-year-old Emma Brady thought her six year old marriage was fine till she found out from her husband’s status on facebook that all wasn’t well. Their marriage ended – and in a way created history – by becoming the first divorce on facebook.

Social networking sites have been the bearer of bad news in the past as well. Carmel Corbo and Gordon Poyser in Canberra in Austalia owed a lending institution more than 100 thousand dollars. The company after failing to reach them at their house chose a far less conventional approach – They sent a notice to the couple via facebook.

Law Institute of Victoria Tony Burke says, “Well it’s a very interesting development, it shows in Australia, our courts are flexible and adaptable and willing to embrace new technologies, but I guess there are messages for those who choose to have a presence on facebook, you are liable to be found.”

There have been numerous cases of people being defamed on social networking sites, of groups being set up against well known faces. Blogs and social netoworking sites often use the freedom of expression to vent and be nasty. But what is wrong with that.

While the law is grainy when it comes to online defamation – cyber lawyers say…there is a way you can defend yourself.

Cyber lawyer Karnika Seth says, “You can file a complaint against the person who has filed the case and if they still don’t take off the offending stuff then the police can be involved.

But while the debate ranges on about freedom of speech and expression, for the moment its open season on social networking sites

DNA- Wednesday, March 4, 2009 22:17 IST

Watch that e-motional trap

Mumbai: A city doctor succumbs to the charms of an online lover and shares with him intimate photographs of herself. A Delhi collegian allows her boyfriend to take candid mobile images of her. Emotionally vulnerable women can be exploited easily in the cyber and mobile space, Mumbaikars tell DNA

Expert view
Avoid disclosing sensitive info online
In this particular case, if the content was given by consent and then misused a complaint can be filed under the IT Act of India, Section 67 which prohibits the usage of pornographic material online.

Also, Section 292 of the IPC sets out the circumstances under which dealing with ‘obscenity’ and / or any ‘obscene’ material is treated as an offense. Whoever sells, allows hiring, distributes, publicly exhibits or in any way puts into circulation or has in his possession, any obscene material is punishable with imprisonment and / or fine.

People need to be very careful with the data they share online. Indian laws don’t permit sharing of pornographic material. In some cases the victims do not even know who posted the offensive material online. Some people create fake accounts just to commit cyber crime and then one has to track down the offender. For this we sometimes need the support of the Internet Service Provider (ISP) and the police as well.

So here are some tips for online behaviour:
avoid disclosing sensitive information online
maintain cyber decorum
be vary of the content you share on social networking sites, blogs etc
two people may share some information with a fair intention but this information can be misused by a third party
–Karnika Seth. Cyber law expert

Watch that e-motional trap

Mumbai: A city doctor succumbs to the charms of an online lover and shares with him intimate photographs of herself. A Delhi collegian allows her boyfriend to take candid mobile images of her. Emotionally vulnerable women can be exploited easily in the cyber and mobile space, Mumbaikars tell DNA

Expert view
Avoid disclosing sensitive info online
In this particular case, if the content was given by consent and then misused a complaint can be filed under the IT Act of India, Section 67 which prohibits the usage of pornographic material online.

Also, Section 292 of the IPC sets out the circumstances under which dealing with ‘obscenity’ and / or any ‘obscene’ material is treated as an offense. Whoever sells, allows hiring, distributes, publicly exhibits or in any way puts into circulation or has in his possession, any obscene material is punishable with imprisonment and / or fine.

People need to be very careful with the data they share online. Indian laws don’t permit sharing of pornographic material. In some cases the victims do not even know who posted the offensive material online. Some people create fake accounts just to commit cyber crime and then one has to track down the offender. For this we sometimes need the support of the Internet Service Provider (ISP) and the police as well.

So here are some tips for online behaviour:
avoid disclosing sensitive information online
maintain cyber decorum
be vary of the content you share on social networking sites, blogs etc
two people may share some information with a fair intention but this information can be misused by a third party
Karnika Seth. Cyber law expert<-->

COMMENTS OF KARNIKA SETH, CYBERLAW EXPERT & CHAIRPERSON, CYBERLAWS CONSULTING CENTRE ON THE AMENDMENTS PROPOSED BY INFORMATION TECHNOLOGY AMENDMENT BILL 2008

The Information Technology Amendment Bill 2008 was passed by the Lok Sabha and the Rajya Sabha in the last week of December 2008 and received the President’s assent on 5th February 2009. The Bill aims to make sweeping changes in the existing Indian cyber law framework, including inserting new express provisions to bring more cyber offences within the purview of the Information Technology Act, 2000.

On a comparative analysis of the provisions of the IT Act,2000 and the IT Amendment Bill 2008, my Observations & Comments are as below-

• With the passage of the Information Technology Amendment Act 2008, India would become technologically neutral due to adoption of electronic signatures as a legally valid mode of executing signatures. This includes digital signatures as one of the modes of signatures and is far broader in ambit covering biometrics and other new forms of creating electronic signatures.
• The Corporate responsibility for Data protection is greatly emphasized by inserting Section 43A in the IT Amendment Act 2008 whereby Corporate bodies handling sensitive personal information in a computer resource are under an obligation to ensure adoption of reasonable security practices to maintain its secrecy , failing which they may be liable to pay damages. Also, there is no limit to the amount of compensation that may be awarded by virtue of this Section.
• The Bill introduces the distinction between ‘contravention’ and ‘offence’ by introduction of the element of mens rea for an offence ( refer to- Section 43 & Section 66 of the Act). We note that no ceiling limit for compensation is prescribed under Section 43 of the Amendment Bill 2008 which was One crore in the IT Act 2000.
• As per proposed amendment in Section 66 of the Act, the explanation states that the word ‘dishonestly’ & the word ‘fraudulently’ shall have the meanings assigned to them in Section 24 and Section 25 respectively.When we refer to IPC’s Section 24 and section 25, it is important to incorporate the meaning elucidated in Section 32 of IPC also under explanation to proposed amendment to Section 66 i.e. ‘words referring to acts include illegal omissions’-i.e in IPC except where a contrary intention appears from the context, the words which refer to acts done also refer to illegal omissions.
• Further, clarification mentioned in section 33 of IPC may also be incorporated in explanation to Section 66 of the Act i.e. wherever the word ‘Act’ is used it denotes a series of acts and where the word ‘omission’ is used, it also could denote a ’series of omissions’.
• Many cybercrimes for which no express provisions existed in the IT Act 2000 now stand included by the IT Amendment Bill 2008. Sending of offensive or false messages ( section 66A), Receiving stolen computer resource ( Section 66C), Identity theft ( Section 66C), Section 66 D Cheating by personation , violation of privacy (66E). Barring the offence of Cyber terrorism ( 66F ) punishment prescribed is generally upto three years and fine of one/two lakhs has been prescribed and these offences are cognizable and bailable. This will not prove to play a deterrent factor for cybercriminals. Further, as per new Section 84 B, abetment to commit an offence is made punishable with the punishment provided for the offence under the Act and the new Section 84 C makes attempt to commit an offence also a punishable offence with imprisonment for a term which may extend to one-half of the longest term of imprisonment provided for that offence.
• In certain offences, such as Hacking (Section 66) punishment is enhanced from 3 years of imprisonment and fine of 2 lakhs to fine of 5 lakhs. In Section 67, for publishing of obscene information imprisonment term has been reduced from five years to three years ( and five years for subsequent offence instead of earlier ten years)and fine has been increased from one lakh to five lakhs ( Rupees ten lakhs on subsequent conviction) .Section 67A , adds an offence of publishing material containing sexually explicit conduct punishable with imprisonment for a term that may extend to 5 years with fine upto ten lakhs. Section 67B punishes offence of child pornography, child’s sexually explicit act or conduct with imprisonment on first conviction for a term upto 5 years and fine upto 10 lakhs.
• Section 69 is an example of internet censorship which can be justified on sound reasons. This Section empowers the Central Government/State Government/ its authorized agency to intercept, monitor or decrypt any information generated, transmitted, received or stored in any computer resource if it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence or for investigation of any offence . Section 69A also allows blocking of certain websites if its content is of such nature as described in Section 69.This provision is in conformance with the reasonable restrictions that are envisaged to be imposed on fundamental rights guaranteed under the Constitution of India incase the same is found necessary to maintain public order, national integrity, sovereignty and allied interests.
• There was a great deal of ambiguity in the earlier Section 79 of the IT Act 2000 . The extent of liability of Intermediaries stands clarified in the amended Section 79 whereby an intermediary shall not be liable for any third party information, data, or communication link made available or hosted by him if the function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted; or the intermediary does not initiate the transmission, select the receiver of the transmission, and select or modify the information contained in the transmission and the intermediary observes due diligence while discharging his duties under the Act . However, intermediaries will be held liable if the intermediary has conspired or abetted or aided or induced, whether by threats or promise or otherwise in the commission of the unlawful act; or upon receiving actual knowledge, or on being notified by the appropriate Government or its agency that any information, data or communication link residing in or connected to a computer resource controlled by the intermediary is being used to commit the unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner.
• As per Section 72(A) proposed in the Bill , an intermediary is required to act as per the terms of its lawful contract and not to disclose any personal information to cause wrongful loss or wrongful gain to any other person. It is important to clarify here that this intermediary is also under obligation not to “USE” the personal information gained for purpose other than specifically authorized under terms of its lawful contract.

• CONCLUSION: India’s Information Technology Act, 2000 is comprehensive legislation but contains many lacunae. The passage of the IT Amendment Act 2008 will resolve many practical difficulties faced in the implementation of the Act. The IT Amendment Bill 2008 aims to bring significant changes in extant cyber laws in India, interalia, introducing legal recognition to electronic signatures, data protection obligations and mechanisms, provisions to combat emerging cyber security threats such as cyber terrorism, identity theft, spamming, video voyeurism, pornography on internet, and other crimes. There may be still some lacunae which will surface with passage of time .Hence, constant amendments in the legal statutory framework will always be essential. With growing dynamics of technology in India, the legal matrix needs to be strengthened at every milestone to fill up lacunae that remain in Information technology laws .To cope with the multifarious challenges that technological advancement may bring, be it issues of cyber security , privacy or cybercrimes, in my opinion India will call for more efficacious and stricter regime of cyberlaws.

For easy reference, a brief overview of the significant changes brought out by the IT Amendment bill,2008 is as given below :-

Data theft could be on the rise in 2009

Himanshu Mehta / CNN-IBN

Published on Fri, Feb 13, 2009 at 18:50, Updated on Fri, Feb 13, 2009 at 19:36 in Sci-Tech � Tech section

New Delhi: Data is precious. And Indians are increasingly stealing it.

Laid off employees, looking for revenge or for quick money, could be this year’s biggest cyber threat, say security firms like McAfee.

By copying digital data from their employers and selling it to crooks, they’ll cost their parent companies millions of dollars.

McAfee Inc, Director Kartik Shahani says, “Intellectual property data worth $4.6 billion was stolen last year. $600 million were spent for damages, $12 million of data is out-sourced to countries without any data protection.

Why should you care? Because the data stolen could be yours. A crook with your 16-digit credit card number, the three-digit CVC number at the back and your name, could buy anything with your money. It’s data like that that’s stored on company servers.

And it’s very easy to steal. Thanks to the tools we all use everyday. Banning them isn’t always practical. Software solutions do exist. But experts say more than the technology, it’s people who have to be changed.

Marketing Manager, Trend Micro Abhinav Karnwal says, “People need to be educated. They have to be told that information is confidential. That there are repercussions if it is taken out or shared with outsiders.”

Indian law threatens severe punishments in cases of data theft. A recent amendment even holds companies responsible for theft by their employees, of other firm’s data. Yet, compared to the value of the data stolen, the fines levied are just peanuts.

Cyber Lawyer Karnika Seth says, “I am of the opinion that punishments should be made more vigorous. They should be a deterrent for cyber crime.

Sixty seven per cent of data stolen from companies world wide, was stolen by insiders. Not by some sinister hacker, as you and I would assume.

However, only 40 per cent of the technology chiefs of companies worry about this threat. This year, that laxity could be suicidal.

Is Blogging A Crime?

Making nasty comments online can land you in jail

Pallavi Paul/ CNN-IBN

Published on Wed, Mar 04, 2009 at 21:25, Updated on Wed, Mar 04, 2009 at 22:33 in Sci-Tech section

New Delhi: Do you open up most when you’re online? Well, don’t. Nineteen-year-old Ajith rallied against the Shiv Sena on his Orkut community. Now he risks being thrown in jail. Thanks to a recent observation by the Supreme Court, which could become a template for all future cases.
“There are so many charges against Ajith, such as x, y, z. Our constitution does not allow such activity so it is not acceptable,” says Cyber lawyer Karnika Seth.
There are punishments for posting obscenity, inciting public disharmony, intimidation, even defamation. The problem is that how will these laws be interpreted.
In the heat of the Mumbai attacks, Cheytanya Kunte blogged against journalists revealing vital info on TV. He was forced to apologise by the channel.
Gaurav Sabnis complained about the standards of teaching at a Management institute. His write-up was forced off the net. Rashmi Bansal, who wrote about the same topic faced the music too.
“I personally don’t believe in deleting comments, the blog is like my living room, the door is open and people can come and join it but I can’t be held responsible for what they say,” says Founder and Editor of youth magazine JAM, Rashmi Bansal.
What is worrisome about the Supreme Court’s latest stand is that people like Rashmi could be threatened with jail, if anyone finds her writing offensive or untrue.
Bloggers are now crying foul and demanding freedom of expression online. If someone finds this offensive can they be hauled to court too?
“With the kind of laws that exist, it is very easy for a blogger to be dragged to court. Now, a journalist has the means to fight such cases, but a poor fellow sitting in Bangalore, him getting out or work to go defend himself is very problematic,” says blogger Amit Varma.
So, next time you upload a video to youtube or a photo to Flickr, message your friends on Facebook or update your blog make sure you aren’t breaking the law.

Cyber-venture for Seth Associates

Seth Associates, a full-service law firm based in New Delhi, has launched a specialist arm focusing on cyberlaw and information technology. Cyberlaws Consulting Centre (CCC) is headed by Karnika Seth, a noted specialist in the area. CCC has been established to act as a research centre as well as to provide consultancy services and represent clients in litigation.

The consultancy will advise on internet and cyberlaw-related issues. These include the viability of e-commerce models, legal and regulatory compliance in different jurisdictions, Cyber investigations and litigation, hacking, credit card frauds, online defamation and impersonation, cyber stalking, phishing, taxation issues, Copyright and trademark infringements on the internet and data protection issues.

Seth said: “As most businesses depend on use of computers and internet technology and new forms of transacting business through e-commerce, knowledge of cyberlaw is becoming indispensable”. She pointed out that conventional laws of contract such as trademark and copyright would be insufficient in offering protection in the online world, which requires special modifications, “considering the nature of the medium and complexity of cyberspace”.

“A few countries have already acknowledged this fact and have passed specific legislation with respect to information technology”, adds Seth. “The legal matrix, the role of the judiciary and other enforcement agencies can be better understood through a fair knowledge of cyber laws”.

Is Blogging A Crime?

Making nasty comments online can land you in jail

Pallavi Paul/ CNN-IBN

Published on Wed, Mar 04, 2009 at 21:25, Updated on Wed, Mar 04, 2009 at 22:33 in Sci-Tech section

New Delhi: Do you open up most when you’re online? Well, don’t. Nineteen-year-old Ajith rallied against the Shiv Sena on his Orkut community. Now he risks being thrown in jail. Thanks to a recent observation by the Supreme Court, which could become a template for all future cases.
“There are so many charges against Ajith, such as x, y, z. Our constitution does not allow such activity so it is not acceptable,” says Cyber lawyer Karnika Seth.
There are punishments for posting obscenity, inciting public disharmony, intimidation, even defamation. The problem is that how will these laws be interpreted.
In the heat of the Mumbai attacks, Cheytanya Kunte blogged against journalists revealing vital info on TV. He was forced to apologise by the channel.
Gaurav Sabnis complained about the standards of teaching at a Management institute. His write-up was forced off the net. Rashmi Bansal, who wrote about the same topic faced the music too.
“I personally don’t believe in deleting comments, the blog is like my living room, the door is open and people can come and join it but I can’t be held responsible for what they say,” says Founder and Editor of youth magazine JAM, Rashmi Bansal.
What is worrisome about the Supreme Court’s latest stand is that people like Rashmi could be threatened with jail, if anyone finds her writing offensive or untrue.
Bloggers are now crying foul and demanding freedom of expression online. If someone finds this offensive can they be hauled to court too?
“With the kind of laws that exist, it is very easy for a blogger to be dragged to court. Now, a journalist has the means to fight such cases, but a poor fellow sitting in Bangalore, him getting out or work to go defend himself is very problematic,” says blogger Amit Varma.
So, next time you upload a video to youtube or a photo to Flickr, message your friends on Facebook or update your blog make sure you aren’t breaking the law.

By-Karnika Seth, Cyberlaw expert & Partner, Seth Associates Advocates & legal Consultants

Can we regulate the internet?

The unprecedented advent of Internet is challenging many existing models of Information society and forms of regulation. Internet is a global communication network and in its quintessence, beyond the national frontiers and does not fit into the existing regulatory regimes. While it stands clear that internet based activities are subject to legal regulation, it also clear that no single State can exert control over Internet as a whole. Further, the notion of convergence is assuming increasing importance in the development of regulatory policy. Traditionally, technologies such as the telephone, broadcasting, cinema and the printed word have been considered discrete and subject to quite different regulatory regimes. The technologies are converging and in my considered opinion, regulatory regimes should also move together. David R Johnson and David G Post advocate that online service users and providers are aiming to create a self regulation mechanism. An example in this direction is the ICANN’s Domain name dispute resolution policy adopted by WIPO and administered by it to resolve domain name disputes between parties that may belong to different jurisdictions. Also, widespread agreement already exists about basic netiquettes of using the Internet. It is felt that in cross border online disputes International law principles of delegating authority to self regulatory mechanisms and comity will play a significant role. It is also incorporated into the principles set forth in the Restatement ( third of Foreign Relations law of the United States in Section 403 which states that .
“a state may not exercise jurisdiction to prescribe law with respect to a person or activity having connections with another state when the exercise of such jurisdiction is unreasonable”.

And that when a conflict between two States arises-

“each State has an obligation to evaluate its own as well as other States interest in exercising jurisdiction and should defer to the other state if that States’s interest is clearly greater”.

In the 1990’s self regulatory measures were seen to provide the basis of ethical regulation of the internet. John Perry Barlow then published a “Declaration of Independence for the Internet” (1996) which stated as follows:

“Governments of Industrial world, you weary giants of flesh and steel, I come from Cyberspace, the new home of mind. We have no elected government, nor are we likely to have one,. I declare the global social apace we are building to be naturally independent of the tyrannies you seek to impose on us”

The rapid growth of internet demanded a more sophisticated notion of legal regulation. By 1997 , the then president of US, Bill Clinton issued internet related declaration titled A framework for Global electronic commerce that elucidated principles of “Private Sector should lead”. “Facilitation of e-commerce by government” and “encouraging Industry self regulation” although Government were invited to act if necessary . The Australian government endorsed this reasoning and developed Co – regulatory regimes in the areas of content regulation (Broadcasting Services ( online services) Amendment Act 1999)and privacy ( privacy amendment ( Private Sector) Act 2000). “Co- regulation” defined a scheme where government and industry work hand in hand to develop a regulatory framework.
In 1999, Lawrence Lessig, then a professor of law at Harvard University law school released a book called Code and other laws of Cyberspace. In his book Code, lessig explains just as architecture in real space can constrain our actions, architecture in digital world (Code) can regulate what we do. If we want to stop our copyrighted works from being copied over net, we may use technological methods apart from resorting to copyright law. In response to the increasing copyright infringements online in December 1996 , WIPO Copyright Treaty came into force Article 11 of which provided that States should enact laws to prevent circumvention of technological protection measures that protect copyright information. USA did this through Digital Millennium Copyright Act 1998 and so did the European Union in its directive on Copyright and other related Rights in Information Society 2001.

The core principles of Cyber Regulation

The quandary over application of traditional rules to online transactions has brought a common consensus on atleast few basic principles that are accepted worldwide to regulate the cyberspace.
Firstly, equivalence of traditional and electronic transactions. Much of the legislative reform across nations is based on the UNCITRAL model law of electronic commerce, 1996 .
Secondly, establishing of trust in e-transactions. In 1995, the EU responding to the concerns over the invasive nature of internet and its dramatic capability to trace and profile individual identity promulgated the European Directive on Data Protection .
Broadly speaking, the Directive requires States to enact legislation covering the processing of data collection in the private sector requiring, interalia, the purpose for which the information is gathered to be disclosed at the point of receipt, that the information should only be used for that purpose and the individuals have the right to see and update their data. Most importantly, Article 25 of EU Directive stipulates that EU Businesses cannot disclose data to members of third party states unless it is shown that effective data protection regimes are in place in those states. Canada has responded by enacting similar obligations in Privacy and Electronic Documents Act passed in April 2000 and likewise Australia enacted the Privacy Amendment (Private Sector) Act 2000.

Thirdly, there is a universal consensus on encouraging participation of non governmental entities in regulation of e-commerce ( e.g operation of WIPO domain name dispute Resolution policy), and fourthly, preserving openness of channels of e-commerce and maintaining free competition.

Conclusion

It is reasonable proposition to leave the internet space free but subject to certain governmental restrictions which are extremely necessary in public and national interest. This is important to promote the technological and utilitarian growth of Information technology. Hence, unless any particular activity on the Internet cannot be controlled through the rules adopted by Internet service providers and users (together with the use of technological tools) and has unacceptable adverse consequences from a public policy perspective (which would need an international consensus through treaties or otherwise), there seems to be no good reason against allowing Internet users themselves to choose self regulation mechanisms.

We welcome responses to the issues raised here. Please mail your comments to this address:Karnika@sethassociates.com

Himanshu Mehta / CNN-IBN

Published on Fri, Feb 13, 2009 at 18:50, Updated on Fri, Feb 13, 2009 at 19:36 in Sci-Tech » Tech section

New Delhi: Data is precious. And Indians are increasingly stealing it.

Laid off employees, looking for revenge or for quick money, could be this year’s biggest cyber threat, say security firms like McAfee.

By copying digital data from their employers and selling it to crooks, they’ll cost their parent companies millions of dollars.

McAfee Inc, Director Kartik Shahani says, “Intellectual property data worth $4.6 billion was stolen last year. $600 million were spent for damages, $12 million of data is out-sourced to countries without any data protection.

Why should you care? Because the data stolen could be yours. A crook with your 16-digit credit card number, the three-digit CVC number at the back and your name, could buy anything with your money. It’s data like that that’s stored on company servers.

And it’s very easy to steal. Thanks to the tools we all use everyday. Banning them isn’t always practical. Software solutions do exist. But experts say more than the technology, it’s people who have to be changed.

Marketing Manager, Trend Micro Abhinav Karnwal says, “People need to be educated. They have to be told that information is confidential. That there are repercussions if it is taken out or shared with outsiders.”

Indian law threatens severe punishments in cases of data theft. A recent amendment even holds companies responsible for theft by their employees, of other firm’s data. Yet, compared to the value of the data stolen, the fines levied are just peanuts.

Cyber Lawyer Karnika Seth says, “I am of the opinion that punishments should be made more vigorous. They should be a deterrent for cyber crime.

Sixty seven per cent of data stolen from companies world wide, was stolen by insiders. Not by some sinister hacker, as you and I would assume.

However, only 40 per cent of the technology chiefs of companies worry about this threat. This year, that laxity could be suicidal.