Remedies for Cyber Crime

Firewalls

The first line of defense against cyber criminals is a good firewall. The best
remedy when it comes to firewalls is combining both an appliance side (router
with a built-in SPI firewall) and a software firewall solution. When you combine
both types of firewall, you will eliminate 95 percent of cyber criminals who ping
your system to see if it is secure. The other 5 percent might stop by to see if they
can get in without getting detected to see what you are protecting.

Antivirus

The right antivirus solution is your second line of defense against cyber criminals.
However, the myth among most individual consumers is they can use a free or
low-end antivirus solution and that will be enough. The reality is, you need an
active, best of the best, hourly update antivirus solution. You will need one that
provides hourly definition updates. You also want a solution that has 24/7
research and analysis by first responders and automated algorithms.

Anti-Spyware

A powerful anti-spyware solution is necessary. Again, you do not want to use a

free or low-end solution as your main protection. Look for an advanced anti-
spyware solution, which provides active malware protection at the kernel level of
your computer and runs a scan at startup or at a pre-scheduled time. One also
want a solution, which upon startup, will detect and kill root kits, which may be
hiding on your system.

Encrypted USB Flash Drives

This type of cyber crime security solution is portable and if you buy one with
FIPS (Federal Information Processing Standard) 140-2 Level 3, then your system
is vertically hacker proof. This type of security mechanism is the same type used
by the Department of Defense. Because it is based on a USB flash drive, it is
difficult to hack since it is pulled from the system when not online.

Private/Anonymous Proxy Servers

 Proxy servers are also a great addition to fighting cyber crime as long as you are
contracting with a reputable company. Proxy servers allow you to hide your IP
address from the prying eyes of anyone who is looking for an opening on your
system. If you add this to the above cyber crime solutions, you will be just about
as invisible as a computer being used staff members inside the White House.

TWO CATEGORIES OF CYBER CRIMES

1. The Computer as a Target :-using a computer to attack other computers. e.g.

Hacking,Virus/Worm attacks, DOS attack etc.

2. Using the computer as a weapon :-using a computer to commit real world crimes.
e.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography etc.

MODES OF CYBER CRIMES -

Unauthorized access & Hacking:-

Access means gaining entry into, instructing or communicating with the logical,
arithmetical, or memory function resources of a computer, computer system or computer
network. Unauthorized access means any kind of access without the permission of either
the rightful owner or the person in charge of a computer, computer system or computer
network. Every acts committed towards breaking into a computer and/or network is
hacking. Hackers write or use ready-made computer programs to attack the target
computer. They possess the desire to destruct and they get the kick out of such
destruction. Some hackers hack for personal monetary gains, such as to steal the credit
card information, transfer money from various bank accounts to their own account etc.

Web hijacking is also a crime which means taking control of others website

Virus and Worm attack:-

A program that has capability to infect other programs and make copies of itself and
spread into other programs is called virus.

Programs that multiply like viruses but spread from computer to computer are called as
worms.

E-mail & IRC related crimes:-

a) Email spoofing
an email shown to have sent from once source in fact has been sent frm a deferent source
is called spoofing

b) Email Spamming

sending email to thousands and thousands of users - similar to a chain letter is called
email spamming.

c) Sending malicious codes through email

E-mails are used to send viruses, Trojans etc through emails as an attachment or by
sending a link of website which on visiting downloads malicious code.

d) Email bombing

abusive identical messages sent repeatedly to a particular address is called emails E-mail
"bombing".

e) Sending threatening emails ,

f) Defamatory emails

g) Email frauds

h) IRC related

Trojan Attack:-

Trojan attack means by representing as a useful link or a helper it causes harm to your
programme. Trojans come in two parts, a Client part and a Server part. When the victim
(unknowingly) runs the server on its machine, the attacker will then use the Client to
connect to the Server and start using the trojan.

Denial of Service attacks:-

Flooding a computer resource with more requests than it can handle. This causes the
resource to crash thereby denying access of service to authorized users.

attempts to "flood" a network, thereby preventing legitimate network traffic, attempts to

disrupt connections between two machines, thereby preventing access to a service,
attempts to prevent a particular individual from accessing a service and attempts to
disrupt service to a specific system or person are examples of Deniel Service Attacks.

Distributed DOS

A distributed denial of service (DoS) attack is accomplished by using the Internet to

break into computers and using them to attack a network. Hundreds or thousands of
computer systems across the Internet can be turned into "zombies" and used to attack
another system or website.

Types of DOS-

There are three basic types of attack:

a. Consumption of scarce, limited, or non-renewable resources like NW bandwith,

RAM, CPU time. Even power, cool air, or water can affect.

b. Destruction or Alteration of Configuration Information

c. Physical Destruction or Alteration of Network Components

e. Pornography:-

The literal meaning of the term 'Pornography' is "describing or showing sexual acts in
order to cause sexual excitement through books, films, etc." This includes pornographic
websites; pornographic material produced using computers and use of internet to
download and transmit pornographic videos, pictures, photos, writings etc.

g. Forgery:-

Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged
using sophisticated computers, printers and scanners. Also impersonate another person is
considered forgery.

h. IPR Violations:-

These include software piracy, copyright infringement, trademarks violations, theft of

computer source code, patent violations. etc.

Cyber Squatting- Domain names are also trademarks and protected by ICANN's domain
dispute resolution policy and also under trademark laws.
Cyber Squatters registers domain name identical to popular service provider's domain so
as to attract their users and get benefit from it.

i. Cyber Terrorism:-

Targeted attacks on military installations, power plants, air traffic control, banks, trail
traffic control, telecommunication networks are the most likely targets. Others like
police, medical, fire and rescue systems etc.

Cyber terrorism is an attractive option for modern terrorists for several reasons.

1.It is cheaper than traditional terrorist methods.

2.Cyber terrorism is more anonymous than traditional terrorist methods.

3.The variety and number of targets are enormous.

4.Cyber terrorism can be conducted remotely, a feature that especially appealing to

terrorists.

5.Cyber terrorism has the potential to affect directly a larger number of people.

j. Banking/Credit card Related crimes:-

In the corporate world, Internet hackers are continually looking for opportunities to
compromise a company's security in order to gain access to confidential banking and
financial information. Use of stolen card information or fake credit/debit cards are
common. Bank employee can grab money using programs to deduce small amount of
money from all customer accounts and adding it to own account also called as salami.

k. E-commerce/ Investment Frauds:-

Sales and Investment frauds. False or fraudulent advertisements, claims to solicit

investments or loans, or that provides for the purchase, use, or trade of forged or
counterfeit securities. Merchandise or services that were purchased or contracted by
individuals online remains undelivered. In this the Investors are enticed to invest in this
fraudulent scheme by the promises of seemingly high profits.

l. Sale of illegal articles:-

This would include trade of narcotics, weapons and wildlife etc., by posting information
on websites, auction websites, and bulletin boards or simply by using email
communication. This kind of business is increasing day by day.

m. Online gambling:-
Gambling activities done through fake websites are called as online gambling which is
offence if it is game of chance.

n. Defamation: -

Defamation can be understood as tarnishing the image, respect or dignity of any person in
front of right thinking members of the society.

A matter defaming a person is sent to the said person directly is not defamation however
if the said mail is sent through CC or BCC to third parties and if the contents tarnish the
image of the recipient it is defamation. Cyber Defamation occurs when defamation takes
place with the help of computers and / or the Internet. Publication of defamatory articles
and matter on a website are defamation. Cyber defamation is also called as Cyber
smearing.

Cyber Stacking:-

Cyber stalking involves following a persons movements across the Internet by posting
messages (sometimes threatening) on the bulletin boards frequented by the victim,
entering the chat-rooms frequented by the victim, constantly bombarding the victim with
emails etc.

In general, the harasser intends to cause emotional distress and has no legitimate purpose
to his communications.

q. Identity Theft :-

Appropriation of others personal information without their knowledge in order to commit

theft or fraud is called as identify theft. Identity theft is a vehicle for perpetrating other
types of fraud schemes.

r. Data diddling:-

Changing data prior or during input into a computer is called as Data diddling. It also
include automatic changing the financial information for some time before processing
and then restoring original information.

s. Theft of Internet Hours:-

Unauthorized use of Internet hours paid for by another person.

By gaining access to an organisation's telephone switchboard (PBX) individuals or

criminal organizations can obtain access to dial-in/dial-out circuits and then make their
own calls or sell call time to third parties. Additional forms of service theft include
capturing 'calling card' details and on-selling calls charged to the calling card account,
and counterfeiting or illicit reprogramming of stored value telephone cards.
t. Theft of computer system (Hardware):-

u. Physically damaging a computer system:-

v. Breach of Privacy and Confidentiality

Confidentiality

It means disclosure of information to unauthorized or unwanted persons. In addition to

Personal information some other type of information which useful for business and
leakage of such information to other persons may cause damage to business or person,
such information should be protected. Generally for protecting secrecy of such
information, parties while sharing information forms an agreement about he procedure of
handling of information and to not to disclose such information to third parties or use it in
such a way that it will be disclosed to third parties.

CYBER LAW –

INTRODUCTION;-

The computer crime or an e-crime can be simply defined as a crime where a computer is
the target of a crime or it is the means adopted to commit a crime. While some of the
crimes may be new, the others are simply different ways to commit conventional crimes
such as frauds, theft, blackmailing, forgery, and embezzlement using the online medium
often involving the use of internet.

Important cyber crimes are virus attacks, salami attacks, e-mail bombing, DOS attacks,
internet hacking or information offences increase day by day.

Cyber law is important because it touches almost all aspects of transactions and activities
concerning the Internet, the World Wide Web and cyberspace. As the nature and scope of
the Internet is changing, it is perceived as the ultimate medium ever evolved in human
history. Every activity in cyberspace can and will have a cyber legal perspective. From
the moment a person registers a domain name, sets up and promotes his or her web site,
and then conducts electronic commerce and has transactions on the site, various cyber
law issues are involved. As the Internet grows, numerous legal issues arise relating to
domain names, intellectual Property rights, electronic commerce, privacy, encryption,
electronic contracts, Cyber crime, online banking, spamming and so on.

Cyber law in India (IT Act 2000)

The Parliament of India passed its cyber law in the form of the Information Technology
Act, 2000, which provides the legal infrastructure for ecommerce.

The objective of the Information Technology Act, 2000 would be to provide legal
recognition for transactions carried out by means of electronic data interchange and
other means of electronic communication, commonly referred to as electronic methods
of communication and storage of information. The act also facilitate electronic filing of
documents with various government agencies and further to amend the Indian Penal
Code, the Indian Evidence Act, 1872, the Banker’s Book Evidence Act, 1891 and the
Reserve Bank of India Act,1934 for related matters. The Act thereafter stipulates
numerous provisions in order to provide for the legal framework so that legal sanctity is
accorded to all electronic records and other activities carried out by electronic means.

The Act further states that unless otherwise agreed to, the acceptance of a contract
expressed by electronic means of communication shall have legal validity and
enforceability. The Act would facilitate electronic intercourse in trade and commerce,
eliminate barriers and obstacles to electronic commerce that result from the celebrated
uncertainties relating to writing and signature requirements over the Internet.

The objectives of the Act also aim to promote and develop the legal and business
infrastructure necessary for implementing electronic commerce.

The Act stipulates that any subscriber may authenticate an electronic record by affixing
his digital signature. It further states that any person can verify the electronic record by
the use of a public key of the subscriber. It contains details about e-governance and
provides, among other things, that where any law provides that information or other
matters shall be in writing, type written or printed form, then, notwithstanding anything
contained in such a law, that requirement should be satisfied if the information or matter
is:
(a) Rendered or made available in an electronic form;
(b) Accessible to make it usable for subsequent reference.

The Act also covers penalties and adjudication for various types of offences and mentions
the power and qualifications for the adjudicating officer. A provision foresees a Cyber-
Regulations Appellate Tribunal where appeals against the orders passed by Adjudicating
Officers could be referred. The tribunal would not be bound by the principles of the Code
of Civil Procedure, but would follow the principles of natural justice and have the
same powers as a civil court. Any appeal against an order or decision of the Cyber-
Regulations Appellate Tribunal would be made to the High Court. It covers various
offences and stipulates that the investigation must be by a police officer only, and that
officer should havethe rank of deputy superintendent of police or higher. These offences
include tampering with computer source documents, publishing obscene
information in electronic form, breach of confidentiality and privacy,
misrepresentation, publishing a digital signature certificate that is false in certain
particulars and publication for fraudulent purposes.

Hacking and penalties if found guilty have been defined in Section 66. For the first
time, punishment for hacking has been designated as a cyber crime. The Act also
provides for constituting the Cyber-Regulations Advisory Committee, which would
advise the government about any rules or other matter connected with the Act. The Act
also has four schedules which amend the Indian Penal Code, 1860, the Indian Evidence
Act, 1872, The Bankers’ Books Evidence Act, 1891, The Reserve Bank of India Act,
1934 to make them conform with provisions of the IT Act. Overall, the Information
Technology Act, 2000 is considered to be a commendable effort by the government to
create the necessary legal infrastructure to promote and encourage the growth of
electronic commerce. India has incorporated some aspects relating to cyber crime into its
Cyber law. Certain acts have been stipulated as cyber crimes with punishment in the form
of imprisonment and fines.

Improvements to be made

1. Rules Needs Reform:

India, which is riding on the success of its fledging Business Process Outsourcing
industry, will soon feel the pinch with many multinational companies having a second
thought to set up a shop in a country where the cyber law is completely outdated.

2. Unfit to Deal with Today's Crimes:

The Federation of Indian Chambers of Commerce and Industry said IT law clauses
relating to transmission of obscene material through electronic media should be changed.

3. Changes recommended:
when the law was framed, there were no technologies like MMS or sophisticated devices
like mobile phones Latest News about mobile phones with cameras. The IT Act is
struggling to cope with the change in modern technology.

India poised to tighten data protection law (future) –

India is likely to have a tighter data protection and privacy regime in place later, after
bowing to pressure from Western users of outsourcing services.The National Association
of Software and Service Companies (NASSCOM) in Delhi is confident that new
measures will be passed as law in the coming session of India's parliament, Opponents of
offshore outsourcing to India have often cited the absence of a data protection and
privacy law in India as a strong reason for stopping the movement of call centre and BPO
work to the country.
Rather than have a separate law to deal with data security and privacy issues, the
government is considering an amendment to its Information Technology Act of 2000.
NASSCOM is in the process of inserting new clauses in the IT Act 2000, and these are
being reviewed by the government .The act in its existing form only covers unauthorized
access and data theft from computers and networks, with a maximum penalty of about
$220,000,and does not have specific provisions relating to privacy of data Even though
the government has delayed the implementation of a legal framework for prosecution of
data and privacy breaches, Indian BPO companies have implemented processes such as
the BS7799 standard for information security management. Standards such as BS7799,
and the ISO17799 standard for information security, restrict the quantity of data that can
be made available to employees of BPO and call centers.

Conclusion –
The Indian experience has shown that it is easy to enact law on paper. However, it is
extremely difficult to enforce laws in actual practice. There are numerous challenges that
require appropriate awareness among citizens about e-commerce laws. This is so because
at the end of the day, the ecommerce laws are basically targeted to protect and help those
citizens .It is also necessary for ensure that there is adequate training of the relevant
departments and government officials who would draft and implement policies relating to
e-commerce.
CYBER CRIME
Computer crime, or cybercrime, refers to any crime that involves a computer and a
network The computer may have been used in the commission of a crime, or it may be
the target. Netcrime refers, more precisely, to criminal exploitation of the Internet.
Issues surrounding this type of crime have become high-profile, Chaptericularly those
surrounding hacking, copyright infringement, child pornography, and child grooming.
There are also problems of privacy when confidential information is lost or intercepted,
lawfully or otherwise.
On the global level, both governments and non-state actors continue to grow in
importance, with the ability to engage in such activities as espionage, financial theft, and
other cross-border crimes sometimes referred to as cyber warfare. The international legal
system is attempting to hold actors accountable for their actions, with the International
Criminal Court among the few addressing this threat.

TYPES OF CYBER CRIME

Cyber Crime refers to all activities done with criminal intent in cyberspace. These fall
into three slots.
• Those against persons.
• Against Business and Non-business organizations.
• Crime targeting the government.

Let us examine the acts wherein the computer is a tool for an unlawful act. This
kind of activity usually involves a modification of a conventional crime by using
computer. Some examples are;
Financial Claims: This would include cheating, credit card frauds, money laundering
etc.
Cyber Pornography: This would include pornographic websites; pornographic
magazines produced using computer and the Internet (to down load and transmit
pornographic pictures, photos, writings etc.)

Sale of illegal articles: This would include sale of narcotics, weapons and wildlife etc.,
by posting information on websites, bulletin boards or simply by using e-mail
communications.

Online gambling: There are millions of websites, all hosted on servers abroad, that offer
online gambling. In fact, it is believed that many of these websites are actually fronts for
money laundering.

Intellectual Property Crimes: These include software piracy, copyright infringement,

trademarks
E-Mail spoofing: A spoofed email is one that appears to originate from one source but
actually has been sent from another source. This can also be termed as E-Mail forging.

Forgery: Counterfeit currency notes, postage and revenue stamps, mark sheets etc., can
be forged using sophisticated computers, printers and scanners.

Cyber Defamation: This occurs when defamation takes place with the help of computers
and or the Internet e.g. someone published defamatory matter about someone on a
websites or sends e-mail containing defamatory information to all of that person’s
friends.

Cyber Stalking: Cyber stalking involves following a person’s movements across the
Internet by posting messages on the bulletin boards frequented by the victim, entering the
chat-rooms frequented by the victim.

Let us examine some of the acts wherein the computer or computer Network is
the target for an unlawful act. It may be noted that in these activities the computer may
also be a tool. This kind of activity is usually out of the purview of conventional criminal
law. Some examples are:

Unauthorized access to computer system or network: This activity is commonly

referred to as hacking. The Indian Law has however given a different connotation to the
term hacking.

Theft of information contained in electronic from: This includes information stored in

computer hard disks, removable storage media etc.

E-Mail bombing: Email bombing refers to sending a large amount of e-mails to the
victim resulting in the victims’ e-mail account or mail servers.

Data diddling: This kind of an attack involves altering the raw data just before it is
processed by a computer and then changing it back after the processing is completed.

Salami attacks: Those attacks are used for the commission of financial crimes. The key
here is to make the alteration so insignificant that in a single case it would go completely
unnoticed e.g. A bank employee inserts a program into bank’s servers, that deducts a
small amount from the account of every customer.
Denial of Service: This involves flooding computer resources with more requests than it
can handle. This causes the resources to crash thereby denying authorized users the
service offered by the resources.

Virus/worm: Viruses are programs that attach themselves to a computer or a file and
then circulate themselves to other files and to other computers on a network. They
usually affect the data on a computer, either by altering or deleting it. Worms, unlike
viruses don not need the host to attach themselves to.
Logic bombs: These are dependent programs. This implies that these programs are
created to do something only when a certain event occurs, e.g. some viruses may be
termed logic bombs because they lie dormant all through the year and become active only
on a Chaptericular date.

Trojan Horse: A Trojan as this program is aptly called, is an unauthorized program

which functions from inside what seems to be an authorized program, thereby concealing
what it is actually doing.

Internet Time Theft: This connotes the usage by unauthorized persons of the Internet
hours paid for by another person.

Physically damaging a computer system: This crime is committed by physically

damaging a computer or its peripherals.

PREVENTION

2.1 PREVENTIVE STEPS FOR INDIVIDUALS

2.1.1. CHILDREN:
Children should not give out identifying information such as Name, Home address,
School Name or Telephone Number in a chat room. They should not give photographs to
anyone on the Net without first checking or informing parents guardians. They should not
respond to messages, which are suggestive, obscene, belligerent or threatening, and not to
arrange a face-to –face meeting without telling parents or guardians. They should
remember that people online might not be who they seem.
2.1.2 PARENTS:
Parent should use content filtering software on PC to protect children from pornography,
gambling, hate speech, drugs and alcohol.
There is also software to establish time controls for use of limpets (for example blocking
usage after a Chaptericulars time) and allowing parents to see which site item children
have visited. Use this software to keep track of the type of activities of children.
2.1.3. GENERAL INFORMATION:
Don’t delete harmful communications (emails, chats etc). They will provide vital
information about system and address of the person behind these.
� Try not to panic.
� If you feel any immediate physical danger contact your local police.
� Avoid getting into huge arguments online during chat and discussions with other
users.
� Remember that all other Internet users are strangers; you do not know who you are
chatting with. So be careful.
� Be extremely careful about how you share personal information about yourself online.
� Choose your chatting nickname carefully so as others.
� Do not share personal information in public space online; do not give it to strangers.
� Be extremely cautious about meeting online introduced person. If you choose to meet,
do so in a public place along with a friend.
� If a situation online becomes hostile, log off and if a situation places you in fear,
contact local police.
� Save all communications for evidence. Do not edit it in any way. Also, keep a record
of your contacts and inform Law Enforcement Officials.

2.2 PREVENTIVE STEPS FOR ORGANISATIONS AND GOVERNMENT

2.2.1 PHYSICAL SECURITY: Physical security is most sensitive component, as

prevention from cyber crime Computer network should be protected from the access
of unauthorized persons.

2.2.2 ACCESS CONTROL: Access Control system is generally implemented using

firewalls, which provide a centralized point from which to permit or allow access.
Firewalls allow only authorized communications between the internal and external
network.

2.2.3 PASSWORD: Proof of identity is an essential component to identify intruder.

The use of passwords in the most common security for network system including
servers, routers and firewalls. Mostly all the systems are programmed to ask for
username and password for access to computer system. This provides the verification
of user. Password should be charged with regular interval of time and it should be
alpha numeric and should be difficult to judge.

2.2.4 FINDING THE HOLES IN NETWORK: System managers should track

down the holes before the intruders do. Many networking product manufactures are
not Chaptericularly aware with the information about security holes in their products.
So organization should work hard to discover security holes, bugs and weaknesses
and report their findings as they are confirmed.

2.2.5 USING NETWORK SCANNING PROGRAMS: There is a security

administration’s tool called UNIX, which is freely available on Internet. This utility
scans and gathers information about any host on a network, regardless of which
operating system or services the hosts were running. It checks the known
vulnerabilities include bugs, security weakness, inadequate password protection and
so on. There is another product available called COPS (Computer Oracle and
Password System). It scans for poor passwords, dangerous file permissions, and dates
of key files compared to dates of CERT security advisories.

2.2.6 USING INTRUSION ALERT PROGRAMS: As it is important to identify

and close existing security holes, you also need to put some watchdogs into
service. There are some intrusion programs, which identify suspicious activity and
 report so that necessary action is taken. They need to be operating constantly so that
all unusual behaviour on network is caught immediately.
2.2.7 USING ENCRYPTION: - Encryption is able to transform data into a form that
makes it almost impossible to read it without the right key. This key is used to allow
controlled access to the information to selected people. The information can be
passed on to any one but only the people with the right key are able to see the
information. Encryption allows sending confidential documents by E-mail or save
confidential information on laptop computers without having to fear that if someone
steals it the data will become public.

Grievances related to CYBER-CRIMES:

The main issue in the field of Cyber Crime is the absence of law & opaqueness in
regulations pertaining to Cyber activity anywhere in the world. The issue is further
provoked due to a mismatch in the growth of Internet and cyber laws. Though there has
been an enactment of IT act, but there seem to be huge problems still in the way:

1. One of the major issues is the worldwide connectivity through the internet
& because of which jurisdiction seems to be out of control & going beyond the
boundaries.

2. Evidence loss has become a problem as all the data are ruined on daily basis.

3. Cyber Army: There is also an imperative need to build a high technology crime &
investigation infrastructure, with highly technical staff at the other end.

4. A law regulating the cyber-space, which India has done.

5. Though S.75 provides for extra-territorial operations of this law, but they could be
meaningful only when backed with provision recognizing orders and warrants for
Information issued by competent authorities outside their jurisdiction and measure for
cooperation for exchange of material and evidence of computer crimes between law
enforcement agencies.

1. Cyber savvy judges are the need of the day. Judiciary plays a vital role in shaping the
enactment according to the order of the day. One such case, which needs
appreciation, is the P.I.L. (Public Interest Litigation), which the Kerala High Court
has accepted through an email.

Cyber Laws in India

This Act aims to provide the legal infrastructure for e-commerce in India. And the cyber
laws have a major impact for e-businesses and the new economy in India. So, it is
important to understand what are the various perspectives of the IT Act, 2000 and what it
offers.
 In May 2000, both the houses of the Indian Parliament passed the Information
Technology Bill. The Bill received the assent of the President in August 2000 and came
to be known as the Information Technology Act, 2000. Cyber laws are contained in the
IT Act, 2000.

The Information Technology Act, 2000 also aims to provide for the legal framework so
that legal sanctity is accorded to all electronic records and other activities carried out by
electronic means. The Act states that unless otherwise agreed, an acceptance of contract
may be expressed by electronic means of communication and the same shall have legal
validity and enforceability. Some highlights of the Act are listed below:

Chapter-II of the Act specifically stipulates that any subscriber may authenticate an electronic
record by affixing his digital signature. It further states that any person can verify an electronic
record by use of a public key of the subscriber.

Chapter-III of the Act details about Electronic Governance and provides inter alia amongst others
that where any law provides that information or any other matter shall be in writing or in the
typewritten or printed form, then, notwithstanding anything contained in such law, such
requirement shall be deemed to have been satisfied if such information or matter is
• rendered or made available in an electronic form; and

• accessible so as to be usable for a subsequent reference

Chapter-IV of the said Act gives a scheme for Regulation of Certifying Authorities. The Act
envisages a Controller of Certifying Authorities who shall perform the function of exercising
supervision over the activities of the Certifying Authorities as also laying down standards and
conditions governing the Certifying Authorities as also specifying the various forms and content
of Digital Signature Certificates. The Act recognizes the need for recognizing foreign Certifying
Authorities and it further details the various provisions for the issue of license to issue Digital
Signature Certificates.
Chapter-VII of the Act details about the scheme of things relating to Digital Signature
Certificates. The duties of subscribers are also enshrined in the said Act.
Chapter-IX of the said Act talks about penalties and adjudication for various offences. The
penalties for damage to computer, computer systems etc. has been fixed as damages by way of
compensation not exceeding Rs. 1,00,00,000 to affected persons. The Act talks of appointment of
any officers not below the rank of a Director to the Government of India or an equivalent officer
of state government as an Adjudicating Officer who shall adjudicate whether any person has
made a contravention of any of the provisions of the said Act or rules framed there under. The
said Adjudicating Officer has been given the powers of a Civil Court.

Chapter-X of the Act talks of the establishment of the Cyber Regulations Appellate Tribunal,
which shall be an appellate body where appeals against the orders passed by the Adjudicating
Officers, shall be preferred.

Chapter-XI of the Act talks about various offences and the said offences shall be investigated
only by a Police Officer not below the rank of the Deputy Superintendent of Police. These
offences include tampering with computer source documents, publishing of information, which is
obscene in electronic form, and hacking.

Chapter-XII of The Act provides for the constitution of the Cyber Regulations Advisory
Committee, which shall advice the government as regards any rules, or for any other purpose
connected with the said act. The said Act also proposes to amend the Indian Penal Code, 1860,
the Indian Evidence Act, 1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank of
India Act, 1934 to make them in tune with the provisions of the IT Act.