Information

Technology Act
and
Some Applications
Rajnish Kumar
Professor, Information Technology
National Academy of Indian Railways
pit@nair.railnet.gov.in

Structure of Lecture

Introduction to IT Act 2000

Issues in Cyber space,
being Safe
Applications & Trends

Do you recognize this

Shaheen Dhadha and her friend Renu

Srinivas were detained over a Facebook
comment on a leaders funeral in Nov
2012.
Comments were, People like -------- are
born and they die daily, and one
should not observe a bandh

Now, Section 66A scrapped

But IT Act is much beyond this

IT Act, 2000 - MOTTO

Creating
Trust in
Electronic
Environment

IT Act, 2000
Enacted on 17th May
2000- India is 12th
nation in the world to
adopt cyber laws
IT Act is based on Model
law on e-commerce
adopted by UNCITRALUnited Nations
Commission on
International Trade
Law

JURISDICTION
Extent of application
Extends to whole of India and also
applies to offence or contravention
committed outside India by any
person irrespective of his nationality,
if such act involves a computer,
computer system or network located
in India
section 1 (2) read with Section 75

Objectives of the IT Act

To provide legal recognition for transactions: Carried out by means of electronic data
interchange, and other means of electronic
communication, commonly referred to as
"electronic commerce
To facilitate electronic filing of documents with
Government agencies and E-Payments
To amend the Indian Penal Code, Indian Evidence
Act,1872, the Bankers Books Evidence Act
1891,Reserve Bank of India Act ,1934

Civil Wrongs under IT Act

Chapter IX of IT Act, Section 43

Whoever without permission of owner

of the computer

Secures access
Downloads, copies, extracts any data
Introduces any viruses etc.
Damages or causes to be damaged any
computer resource

Denies or causes denial of access by

any means
Denial of service attacks

Civil Wrongs under IT Act

Investigation by
ADJUDICATING OFFICER normally IT
Secretary of State.
Appeal to
Cyber Appellate Tribunal
Powers of a civil court
For claims upto Rs 5 crore to the
affected party (Jurisdiction)

Adjudication and Cyber Appellate

Tribunal - Sections 46 and thereafter
http://catindia.gov.in/
The Central Government may appoint any officer
not below the rank of a director to the Government
of India or a state Government as the adjudicator.
The I.T. Secretary in any state is normally the
nominated Adjudicator for all civil offences arising
out of data thefts and resultant losses in the
particular state.

Needs to be popularized

Example of Adjudicator
https://
it.maharashtra.gov.in/1130/Filing-Complaints-under-IT-Act

Screensh
ot of
CAT webs
ite

Not very
popular

Cybercrime provisions under IT

Act,2000
Cyber Crime

Brief Description

Relevant Section
in IT Act

Punishments

Cyber Stalking

Stealthily following a person,

tracking his internet chats.

43, 65, 66

3 years, or with
fine up to 2 lakh

Cyber Pornography
including child pornography

Publishing Obscene in Electronic

Form involving children

67, 67 (2)

10 years and with

fine may extends
to 10 lakh

Intellectual Property

Source Code Tampering, piracy,

copyright infringement etc.

65

3 years, or with
fine up to 2 lakh

Cyber Terrorism

Protection against cyber terrorism

69

Imprisonment for
a term, may
extend to 7 years

Cyber Hacking

Destruction, deletion, alteration, etc

in a computer resources

66

3 years, or with
fine up to 2 lakh

Phishing

Bank Financial Frauds in Electronic

Banking

43, 65, 66

3 years, or with
fine up to 2 lakh

Privacy

Unauthorised access to computer

43, 66, 67, 69, 72

2 years, or with
fine up to 1 lakh

The scrapped Section

Sec 66A
Exact wording
66A. Punishment for sending offensive messages through
communication service, etc.
Any person who sends, by means of a computer resource or a
communication device,
(a) any information that is grossly offensive or has menacing character;
or
(b) any information which he knows to be false, but for the purpose of
causing annoyance, inconvenience, danger, obstruction, insult, injury,
criminal intimidation, enmity, hatred or ill will, persistently by making
use of such computer resource or a communication device,
(c) any electronic mail or electronic mail message for the purpose of
causing annoyance or inconvenience or to deceive or to mislead the
addressee or recipient about the origin of such messages,
shall be punishable with imprisonment for a term which may extend to
three years and with fine.

Case on 16-3-2015

http://
timesofindia.indiatimes.com/india/Teen-arrested-for-Facebook-post-attribu
ted-to-Azam-Khan-gets-bail/articleshow/46620033.cms

RAMPUR: Police in Rampur (UP) have arrested and sent to

the district jail a
class 11 student of a reputed public school in Bareilly for u
ploading what they called an 'objectionable' post
against Samajwadi Party strongman and the state's urban
development minister Azam Khan.

Khan's media in-charge Fasahat Ali also lodged an FIR

against the boy. Later, in a court which sent the student to
14 days in judicial remand, his family members said that he
had merely shared the post on Facebook and not uploaded
it.

Tourism officer booked for posting

objectionable pics of UP CM on WhatsApp
5/3/2015
http://timesofindia.indiatimes.com/city/bareilly/Tourism-officer-booked-for-posting-objectionable-pics-of-UP-CM-on-WhasApp/articleshow/46470748.c
ms

The morphed pictures were allegedly circulated last month(feb 15) in

a WhatsApp group of state government employees and went viral
among other groups also.
After a SP leader chanced to see these images in Lucknow and
alerted Azam Khan regarding this, his local media in-charge met
Rampur superintendent of police and demanded an investigation
into the matter.
According to sources, police officials are also scrutinizing all the
comments posted on the pictures.
In 2013, Dalit writer and social activist Kanwal Bharti was similarly arrested by
Rampur police for an objectionable Facebook post against Azam Khan. Bharti was
booked under section 66-A of the Information Technology Act.

PIL in Supreme Court, which got it

scrapped.
.the phraseology of Section 66A of the IT Act,
2000 is so wide and vague and incapable of being
judged on objective standards, that it is susceptible
to wanton abuse and hence falls foul of Article 14,
19 (1)(a) and Article 21 of the Constitution..
What is desirable

be treated as a non-cognizable offence for

the purposes of Section 41 and Section 156 (1)
of CrPC

Supreme Court on Sec 66A

News dated 24-3-2015
http://www.hindustantimes.com/india-news/supreme-court-uphold-free-speech-online-strikes-down-v
ague-section-66a-of-it-act/article1-1329903.aspx

The Supreme Court on Tuesday struck down a

controversial law that made posting "offensive"
comments online a crime punishable by jail, after a long
campaign by defenders of free speech.
The Supreme Court said the 2009 amendment to India's
Information Technology Act known as section 66A was
unconstitutional and a restriction on freedom of speech.
"Section 66A is unconstitutional and we have no
hesitation in striking it down," said justice RF Nariman,
reading out the judgement. "The public's right to know
is directly affected by section 66A."

Care.
But it will be imperative that you exercise due diligence when
you send information on the Internet, social media and mobile
networks.
There is section 67
Punishment for publishing or transmitting obscene
material in electronic form.

Whoever publishes or transmits or causes to be

published or transmitted in the electronic form, any
material which is lascivious (lewd, playful) or appeals to the
prurient interest or if its effect is such as to tend to
deprave and corrupt persons who are likely,
having regard to all relevant circumstances, to read,
see or hear the matter contained or embodied in it,
..

Suggested Reading

http://catindia.gov.in/pdfFiles/IT_Act_2000_vs_2008.pdf

http://www.csi-india.org/c/document_library/get_file?uu
id=2ce4b842-aca6-4f54-87b6-d778093925d9&groupId=10157

http://www.slideshare.net/NIIConsulting/it-act-2000-penaltie
s-offences-with-case-studies

http://deity.gov.in/content/cyber-laws

http://delhidistrictcourts.nic.in/ejournals/CYBER%20LAW.pdf

http://www.police.mizoram.gov.in/uploads/files/cyber-pornog
raphy-it-act.pdf

List of books http://www.lexisnexis.in/books-cyber-crimes.htm

Issues in Cyber space

Information, responsibility
and Data Protection
Piracy, Copyright
Email Policy of Govt of
India
Spam, Email Spoofing

Information and
Responsibility

Protect your information

It is your responsibility

Data Protection
Sections in IT ACT 2000/2008
Section 43-A primarily deals with
compensation for negligence in
implementing and maintaining reasonable
security practices and procedures in relation
to sensitive personal data or
information (SPDI).
Section 72-A deals with personal
information and provides punishment for
disclosure of information in breach of lawful
contract or without the information
providers consent.

Sensitive Personal Data or

Information (SPDI)
On 13 April 2011, theMinistry of
Communications and Information
Technology(MCIT),Government of
India, notified theInformation
Technology(Reasonable Security
Practices and Procedures and
Sensitive Personal Data or
Information) Rules, 2011 (Rules).

SPDI consists of the following

Passwords;

Financial information
such as bank
account or credit
card or debit card or
other payment
instrument details;

Physical,
physiological and
mental health
condition;

Sexual orientation;

Medical records and

history;

Biometric
information.

International Standardsfor SECURITY

IS / ISO / IEC 27001
ISO 27001:2013is an information security
standard that was published on the 25
September 2013.
It cancels and replacesISO 27001:2005,
and is published by theInternational
Organization for Standardization(ISO)
and theInternational Electrotechnical
Commission(IEC).

List of third part ISO 27001 service providers on http://www.cert-in.org.in/

On the website, click

Third party ISO 27001 certification bodies

Indias Institution CERT-In

http://www.cert-in.org.in/
CERT-In (the Indian Computer Emergency
Response Team) is a governmentmandated information technology (IT)
security organization.
The purpose of CERT-In is to respond to
computer security incidents, report on
vulnerabilities and promote effective IT
security practices throughout the country.

http://www.cert-in.org.in/

Piracy Who is liable?

User
or
Service Provider

Piracy Liability of the intermediary

Information Technology Amendment Act has
clarified the definition Intermediary by
specifically including the:
telecom services providers,
network providers,
internet service providers,
web-hosting service providers in the
definition of intermediaries thereby
removing any doubts.
Furthermore, search engines, online payment sites, onlineauction sites, online market places and cyber cafs are also
included in the definition of the intermediary

Piracy Liability of the intermediary

Under the Information Technology
Amendment Act, 2008, Section 79
has been modified to the effect that
an intermediary shall not be
liable for any third party
information data or
communication link made
available or hosted by him.

Piracy Liability of the intermediary

As a result of this provision, social
networking sites like Facebook, Twitter
etc. would be immune from liability as
long as they satisfy the conditions
provided under the section.
Similarly, Internet Service Providers (ISP),
blogging sites, etc. would also be exempt
from liability.
Notifications of Rules under section 6A, 43A and 79
http://deity.gov.in/sites/upload_files/dit/files/GSR3_10511(1). pdf

Piracy Court Order

Over 200 sites blocked in India after Sony's piracy complaint
http://timesofindia.indiatimes.com/articleshow/37961214.cms

A number of websites including torrent file aggregators,

file storage sites and even Google Docs and Google's
URL shortener Goo.gl have been blocked in India, as
per a new report.
Delhi high court order passed on 23 June 2014 instructs
internet service providers (ISPs) to block as many as
472 websites.
The order was passed following a complaint alleging
online piracy by Sony's Multi Screen Media, which has
broadcasting rights for the Fifa World Cup.

Software Piracy- Copyright

Act
According to Section 63 of the
Copyright (Amendment) Act 1994,
there is a minimum jail term of 6
months for copyright infringement.
The section also provides for fines up
to Rs 2,00,000 and jail term up to
three years or both.

Software Piracy IT Act

Liable under Section 66 of IT Act, 2000
All the accused who are providing assistance to any
person to facilitate access or those who are illegally
downloading/copying/extracting software are also
liable to pay damages to the affected party per
section 43 of the IT Act, 2000.

In such cases the company/firm as well as its incharge are liable under section 85 of the Information
Technology Act, 2000.

Govt of India Cyber Issues website

http://deity.gov.in/content/cyber-laws

Email Policy of Govt of India

http://www.egazette.nic.in/WriteReadData/2015/163000.pdf
http://www.deity.gov.in/content/email-policy

Issued in Oct 2014, notification issued in gazette

again on 25th Feb 2015

Clause 5.1.d.viii:

Forwarding of e-mail from the e-mail

id provided by GoI to the Government officials personal id
outside the GoI email service is not allowed due to security
reasons.
Official e-mail id provided by the IA can be used to
communicate with any other user, whether private or public.

Two email ids

5.2 E-mail Account Management
a) NIC will create two ids, one based on the
designation and the other based on the name.
Designation based ids are recommended for
officers dealing with the public.

Ref: No. 2(22)/2013-EG-II Ministry of Communication & Information Technology

Department of Electronics & Information Technology Page 8 of 16

No E-mail on POP or IMAP

3rd Party Apps
Clause 5.1 d (iii)
Users shall not download e-mails from their
official e-mail account, configured on the
GoI mail server, by configuring POP or
IMAP on any other e-mail service provider.
This implies that users should not provide
their GoI e-mail account details (id and
password) to their accounts on private email service providers.

Safe Practices for

Internet Usage
(Internet Safety)

Passwords
Strong Passwords:
Phrases, mixed case, special characters,
and long:
- 5db10mw! (Slow Down Buddy Im On
My Way!)
- w@yD0wny0nd3r#% (Way Down
Yonder #%)

PHISHING Most dangerous

What does phishing mean?
Phishing means sending an e-mail that falsely
claims to be a particular enterprise and asking for
sensitive financial information.
Phishing, thus, is an attempt to scam the user into
surrendering private information that will then be
used by the scammer for his own benefit.
Statistics reveal phishers are able to convince up
to five per cent of the recipients who respond to
them.

A sample of a
fraudulent email that can
be sent to
ICICIBank.co
m customers.
It purports to
be from
ICICIBank.co
m but it is
not. Its intent
is to get you
to enter
sensitive
information
about your
account and
to then use
this
information
to commit
fraud.
To ensure a
legitimate
and safe sign
on, always
enter www.

PHISHING How to avoid

1. Do not disclose details like passwords, debit card
grid values, etc. to anyone, even if they claim to be
bank employees or on emails / links from
government bodies like RBI, I.T. Dept., etc.
2.Type the web address in the browser. Do not
use links received in emails
3. Change your passwords from your own computer,
in case you have used a cyber cafe / shared
computer
4. A click on the padlock icon appearing on the web
page will display the digital certificate for
genuineness of the website

Padlock sign

More Information About Internet

Safety and Phishing
http://www.visa.ca/en/personal/securewithvisa/phi
shing_lg.html
http://support.apple.com/kb/HT4933
http://office.microsoft.com/en-in/outlook-help/i
dentify-fraudulent-e-mail-and-phishing-schemes-H
A001140002.aspx
http://www.icicibank.com/online-safe-banking/phi
shing.html
http://incometaxindia.gov.in/Phishing.asp
http://www.rbi.org.in/scripts/BS_PressReleaseDis
play.aspx?prid=26506
(Next slide)

RBIs warning on its website

VERIFY
APPLE ID
SCAM

Fake WhatsApp Voice Message Notification

FACEBOOK
SCAM
Your
unread
messages
will be
deleted in a
few days

Some useful
applications

Cloud Computing
Simply put- using remote servers as
your storage cum processor, ultra
light and minimum memory devices
can be used.
For us, CLOUD STORAGE is relevant
now.

Best Cloud Storage Solutions

Most popular
Dropbox - https://www.dropbox.com/
Google Drive https://drive.google.com/#my-drive
Microsoft skydrive - https://skydrive.live.com/?
Several others http://gizmodo.com/5828035/the-best-way-tostore-stuff-in-the-cloud

Wireless Printing
google cloud print

https://www.google.com/cloudprint#printers

Wireless Printing
google cloud print
How to connect - https://support.google.com/cloudprint/answer/1686197?rd=1
Once Google Chrome is installed, follow the steps below to enable the Google Cloud Print
connector in Google Chrome.
Log in to your user account on the Windows, Mac, or Linux computer.
Open Google Chrome.
Click the Chrome menuon the browser toolbar.
SelectSettings.
Click theShow advanced settingslink.
Scroll down to the Google Cloud Print section. ClickManage.
The next screen will show a list of devices already registered with Google Cloud Print, and
new devices available on the network.
In the "Classic printers" section, clickAdd printers.
You'll see a confirmation that Google Cloud Print has been enabled. ClickManage your
printersto learn more.
The printer is now associated with your Google Account and connected to Google Cloud
Print. You can print to this printer using Google Cloud Print whenever youre signed in
with the same Google Account.

https://www.google.com/cloudprint#printers

Slack
latest trend in Office Communication
Description
All your team communication in one
place, instantly searchable, available
wherever you go.
* Powerful search and archiving,
meaning no one is ever left out of the
loop
* Dozens of integrations with tools
including: Dropbox, Asana, Google+
Hangouts, Twitter, Zendesk
* New integrations and features
added frequently
* Inline images and video, with rich
link summaries giving context without
leaving the app
* Instantly synced across all devices
* Configurable notifications for
desktop, mobile push and email

Mobile Utilities
My tracks

COURSERA
New way to learn
Humanities,
Medicine,
Biology,
Social
Sciences,
Mathematic
s,
Business,
Computer
Science

https://www.coursera.org/cou
rses

AADHAR BASED eSign

https://esign.cdac.in/AspInterface /

TRENDS IN THE
CYBERWORLD

Dot com burst

and
final winners

Adapted from http://www.slideshare.net/jigserv/big-data-marketing-analytics-vijayanta-gupta-adobe-systems

http://www.wsj.com/articles/SB10001424053111903480904576512250915629460

Adapted from http://www.slideshare.net/jigserv/big-data-marketing-analytics-vijayanta-gupta-adobe-systems

http://www.claytonchrist
ensen.com

Adapted from http://www.slideshare.net/jigserv/big-data-marketing-analytics-vijayanta-gupta-adobe-systems

Adapted from http://www.slideshare.net/jigserv/big-data-marketing-analytics-vijayanta-gupta-adobe-systems

Adapted from http://www.slideshare.net/jigserv/big-data-marketing-analytics-vijayanta-gupta-adobe-systems

Remain Safe
in
cyberspace!!!!