Data processing, data transmitting and data protection are the main focus in this article and broadly speaking the whole mass of law moved around these three ideas.
INTRODUCTION TO THE CONCEPT CYBERSPACE :
Cyberspace is a complex environment consisting of interactions between people, software and services, supported by the worldwide distribution of information and communication technology (ICT) devices and networks. Owing to the numerous benefits brought about by technological advancements, the cyberspace today is a common pool used by citizens, businesses, critical information infrastructure, military and governments in a manner that makes it difficult to draw clear boundaries among these different groups. The cyberspace is expected to be more complex in the foreseeable future, with many fold increase in networks and devices connected to it.
Information Technology (IT) is one of the critical sectors that rides on and resides in cyberspace. It has emerged as one of the most significant growth catalysts for the Indian economy. In addition to fuelling India’s economy, this sector is also positively influencing the lives of its people through direct and indirect contribution to the various socio-economic parameters such as employment, the standard of living and diversity among others. The sector has played a significant role in transforming India’s image to that of a global player in providing world-class technology solutions and IT business services. The government has been a key driver for increased adoption of IT-based products and IT enabled services in Public services (Government to citizen services, citizen identification, public distribution systems), Healthcare (telemedicine, remote consultation, mobile clinics), Education (eLearning, virtual classrooms, etc) and Financial services (mobile banking/payment gateways), etc. Such initiatives have enabled increased IT adoption in the country through sectoral reforms and National programmes which have led to creation of large scale IT infrastructure with corporate/private participation.
An Act to make new provision for the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information.
Data means information which— (a) is being processed by means of equipment operating automatically in response to instructions given for that purpose,
(b) is recorded with the intention that it should be processed by means of such equipment,
- Personal data means data which relate to a living individual who can be identified
and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual;
- Sensitive personal data
In this Act “sensitive personal data” means personal data consisting of information as to
(a)the racial or ethnic origin of the data subject,
(b)his political opinions,
(c)his religious beliefs or other beliefs of a similar nature,
(d)whether he is a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992),
(e)his physical or mental health or condition,
(f)his sexual life,
(g)the commission or alleged commission by him of any offence, or
(h)any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.
- Access of personal Data – U/S 7 An individual has right of access to his personal data.
You have the right to request closed-circuit television (CCTV) footage of yourself.
Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless—
1.(a) at least one of the conditions in Schedule 2 is met, and
(b)in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
4. Personal data shall be accurate and, where necessary, kept up to date.
5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
In India we don`t have such type of law, INFORMATION TECHNOLOGY ACT 2000 never protects personal data.
WE SHALL START WITH OUR INFORMATION TECHNOLOGY ACT, 2000 TO ENTER IN THE DOMAIN OF CYBER LAW, OR MORE SPECIFICALLY IN THE LAW FIELD PERTAINING TO INFORMATION TECHNOLOGY AND INTERNET TECHNOLOGY.
The scope of the above statute is as stated ” An Act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as “electronic commerce”, which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Banker’s Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto”. Again this Act shall extend to the whole of India and, save as otherwise provided in this Act, it applies also to any offence or contravention thereunder committed outside India by any person.
The above Act has created the following Two institutions and Other provisions :
U/S 17 -The Certifying Authorities (CAs) issue Digital Signature Certificates(DSC) for electronic authentication of users and issue license and regulate the working of Certifying Authorities and also to ensure that none of the provisions of the Act are violated.Any person aggrieved by an order made by controller or an adjudicating officer under IT Act 2000 may prefer an appeal to a Cyber Appellate Tribunal having jurisdiction in the matter.
U/S 48(1) The Cyber Appellate Tribunal has powers to regulate its own procedure including the place at which it has its sittings. Every proceeding before the Cyber Appellate Tribunal shall be deemed to be a judicial proceeding within the meaning of sections 193 and 228, and for the purposes of section 196 of the Indian Penal Code and the Cyber Appellate Tribunal shall be deemed to be a civil court for the purposes of section 195 and Chapter XXVI of the Code of Criminal Procedure, 1973.
Other provisions under the IT Act –
- DIGITAL SIGNATURE AND ELECTRONIC SIGNATURE
- ELECTRONIC GOVERNANCE AND ELECTRONIC RECORDS MANAGEMENT(DATABASE)
- ATTRIBUTION, ACKNOWLEDGMENT AND DESPATCH OF ELECTRONIC RECORDS
- SECURING “SECURE ELECTRONIC RECORDS ANS SECURE ELECTRONIC SIGNATURE
- REGULATION OF CERTIFYING AUTHORITIES
- ISSUANCE OF “ELECTRONIC SIGNATURE CERTIFICATES'( EVIDENCE)
- CRIME CONTROLLING -PENALTIES, COMPENSATION AND ADJUDICATION( OFFENCE) [OFFENCE U/Ss-43, 66,67,68,70,72,73,74]
- PROTECTION OF CRITICAL INFORMATION INFRASTRUCTURE
- PUNISHMENT FOR BREACH OF PRIVACY
- PROTECTION OF – “intermediary”, with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes. [intermediaries like Google, Facebook, etc]
- GRANTING POWER TO POLICE FOR SEARCH AND SEIZURE
- PROVISION FOR ISSUING ELECTRONIC & TRUNCATED CHEQUES
Information Technology (Intermediary Guidelines) Rules, 2011.[ UNDER IT ACT ]
An order issued by MeitY to ISP’s to adopt and implement IWF resources to prevent the distribution and transmission of online Child Sexual Abuse Materials (CSAM) into India :
Measures to block the access of Online Child Sexual Abuse Materials(CSAM)
An inter-ministerial committee was constituted by the Ministry of Electronics and Information Technology(MeitY) to discuss the issues related to online child sexual abuse materials (CSAM) and its blocking in India. Based on the recommendation of the committee and the approval of Hon’ble Minister of Electronics and Information Technology, MeitY has issued an order dated. 18.04.2017 to Internet Service Providers(ISPs) to adopt and implement Internet Watch Foundation(IWF) resources on or before 31.07.2017 to prevent the distribution and transmission of Online CSAM into India.
Click here to download the copy of said order issued by MeitY.1.57 MB
- Notification No. GSR 520(E) dated 2.05.16 Powers and Functions of Chairperson, CyAT.130.36 KB
- Notification No.G.S.R 446(E) dated 27.4.16 regarding Electronic Signature or Electronic Authentication Technique and Procedure Rules, 2016.129.88 KB
- Notification No. S.O.1581(E) dated 26.4.16 regarding Authorisation of CERT-In to monitor and collect traffic data or information in any computer resources u/s 69B112.91 KB
- Notification No.993(E) dated 11.12.2015 regarding declaration of UIDAI-CIDR critical information under section 70A of IT Act.58.71 KB
- Placing of Notification issued 4/569B of IT Act at DeitY Website208.09 KB
National Encryption Policy –89.76 KB
Act to provide for the protection of semiconductor integrated circuits layout-designs and for matters connected therewith or incidental thereto.
- View Gazetted Act5.11 MB
Semiconductor Integrated Circuits Layout Design Rules 2001
- View Gazetted Rules13.46 MB
Semiconductor Integrated Circuits Layout Design Registry Notifications/Publications
The cybersecurity policy is an evolving task and it caters to the whole spectrum of ICT users and providers including home users and small, medium and large enterprises and Government & nonGovernment entities. It serves as an umbrella framework for defining and guiding the actions related to security of cyberspace. It also enables the individual sectors and organizations in designing appropriate cybersecurity policies to suit their needs. The policy provides an overview of what it takes to effectively protect information, information systems & networks and also gives an insight into the Government’s approach and strategy for protection of cyberspace in the country. It also outlines some pointers to enable collaborative working of all key players in public & private to safeguard country’s information and information systems. This policy, therefore, aims to create a cybersecurity framework, which leads to specific actions and programmes to enhance the security posture of country’s cyberspace.
A cyber breach can cause severe financial damage, bring the functioning of Government/Government organisation to standstill. It is therefore imperative, that every organisation involved in the use of Information Technology in the discharge of its functions must identify and document its Information Security (IS) requirements that arise from various sources
INDUSTRIAL POLICY UNDER IT ACT 2000
- National Policy on Information Technology 2012 aims to increase revenues of IT and BPM industry to US$ 300 billion by 2020. The policy also seeks to achieve the twin goals of brining the full power of Information and Communication Technology (ICT) within the reach of the whole of India and harnessing the capability and human resources of the country to enable India to emerge as the Global Hub and Destination for IT and BPM Services by 2020.
- Other Initiatives
- Establishment of Software Technology Parks of India (STPIs)
- Special Economy Zones (SEZs) Policy
- National Task Force on IT and Software Development
- National e-Governance Plan (NeGP)
- National Cyber Security Policy 2013
- FDI up to 100% under the automatic route is allowed in data processing, software development and computer consultancy services; software supply services; business and management consultancy services, market research services, technical testing and analysis services.
Basic Facts of the IT INDUSTRY IN INDIA [ THE SCENARIO IS ROSY]
- Expected IT-BPM revenues – USD 143 bn in FY 2016 (estimated);
- Exports – USD 108 bn in FY 2016 (estimated) (IT services – USD 61 bn; BPM – 24.4 bn; Engineering and R&D services (ER&D) and software products – USD 22.4 bn;)
- More than 15,000 firms; of which 1000+ are large firms.
- Largest private sector employer – 3.7 mn jobs
- Sector accounts for largest share in total services exports (38%)
- 600 offshore development centres (ODCs) of 78 countries
Business process management (BPM) is a field in operations management that focuses on improving corporate performance by managing and optimizing a company’s business processes. It can, therefore, be described as a “process optimization process”. READ MORE FROM NASSCOM SITE
INTERNATIONAL CO-OPERATION IN THE FIELD OF INFORMATION TECHNOLOGY
The International Cooperation Division (ICD) of the Ministry of Electronics and Information Technology has been set up to promote international cooperation in the emerging and frontier areas of Electronics and Information Technology under bilateral, multilateral or regional frameworks. Additionally, to promote international cooperation in the emerging and frontier areas of electronics and information technology, explore ways to enhance investment and address regulatory mechanism, various collaborative efforts have been geared up to encourage sustainable development and strengthening synergetic partnerships with other countries
The Information Technology Agreement (ITA) was concluded by 29 participants at the Singapore Ministerial Conference in December 1996. Since then, the number of participants has grown to 82, representing about 97 percent of world trade in IT products. The participants are committed to completely eliminating tariffs on IT products covered by the Agreement. At the Nairobi Ministerial Conference in December 2015, over 50 members concluded the expansion of the Agreement, which now covers an additional 201 products valued at over $1.3 trillion per year.
E-commerce in recent times has been growing rapidly across the world. It is a type of business model, or segment of a larger business model, that enables a firm or individual to conduct business over an electronic network, typically the internet. Electronic commerce operates in all four of the major market segments: business to business, business to consumer, consumer to consumer and consumer to business.
In India, there are three type of e-commerce business model are in vogue (i) Inventory base model of e-commerce (ii) Marketplace base model of e-commerce (iii) Hybrid model of inventory based and market place model.
Indian Information Technology Act and E-commerce: Indian Information Technology (IT) Act gives legal recognition to electronics records and electronic signature. These are the foremost steps to facilitate paper less trading. Under this Act Ministry of Electronics & Information Technology also has Information Technology Rule, 2000 for Reasonable security practices and procedures and sensitive personal data or information. Under section 72A of IT Amendment Act, 2008, punishment for disclosure of information in breach of a lawful contract is laid down.
FDI guidelines for e-commerce by DIPP: DIPP has issued guidelines for FDI in e-commerce. In India 100% FDI is permitted in B2B e-commerce, however No FDI was permitted in B2C e-commerce earlier. As per these new guidelines on FDI in e-commerce, 100% FDI under automatic route is permitted in marketplace model of e-commerce, while FDI is not permitted in inventory based model of e-commerce
E-commerce has become an important part of many multilateral negotiations such as Regional Comprehensive Economic Partnership (RCEP), WTO, BRICS etc. Ministry of Electronics & Information Technology is leading such negotiations on e-commerce from Indian side.
CONSTITUTIONALITY OF THE IT ACT:
Section 66A of the Information Technology Act, 2000 HAS BEEN DECLARED UNCONSTITUTIONAL >
SHREYA SINGHAL vs UNION OF INDIA [SUPREME COURT 24.03.2015]
(a)Section 66A of the Information Technology Act, 2000 is struck down in its entirety being violative of Article 19(1)(a) and not saved under Article 19(2). (b) Section 69A and the Information Technology (Procedure & Safeguards for Blocking for Access of Information by Public) Rules 2009 are constitutionally valid. (c) Section 79 is valid subject to Section 79(3)(b) being read down to mean that an intermediary upon receiving actual knowledge from a court order or on being notified by the appropriate government or its agency that unlawful acts relatable to Article 19(2) are going to be committed then fails to expeditiously remove or disable access to such material. Similarly, the Information Technology “Intermediary Guidelines” Rules, 2011 are valid subject to Rule 3 sub-rule (4) being read down in the same manner as indicated in the judgment. (d)Section 118(d) of the Kerala Police Act is struck down being violative of Article 19(1)(a) and not saved by Article 19(2)
CYBER ADMINISTRATION BY GOVERNMENT OF INDIA
MINISTRY OF ELECTRONICS AND INFORMATION TECHNOLOGY [To promote e-Governance for empowering citizens, promoting the inclusive and sustainable growth of the Electronics, IT & ITeS industries, enhancing India’s role in Internet Governance, adopting a multipronged approach that includes development of human resources, promoting R&D and innovation, enhancing efficiency through digital services and ensuring a secure cyber space].
THE ORGANISATIONS UNDER THE MINISTRY
National Informatics Centre (NIC) of the Ministry of Electronics and Information Technology is providing network backbone and e-Governance support to Central Government, State Governments, UT Administrations, Districts and other Government bodies.
Established in year 1980, STQC started its services in the area of Testing and Calibration based on the need of small and medium sized electronic industry in the country. From a mere Testing, Calibration and Quality Assurance Support to Electronics Hardware Sector, STQC has positioned itself as a prime Assurance Service Provider to both Hardware and Software sectors.
- NIXI is a not for profit Organization under section 25 of the Companies Act 1956, and was registered on 19 th July, 2003. NIXI was set up for peering of ISPs among themselves for the purpose of routing the domestic traffic within the country, instead of taking it all the way to US/Abroad, thereby resulting in better quality of service (reduced latency) and reduced bandwidth charges for ISPs by saving on International Bandwidth. NIXI is managed and operated on a Neutral basis, in line with the best practices for such initiatives globally.
- The National Internet Exchange of India is the neutral meeting point of the ISPs in India. Its main purpose is to facilitate exchange of domestic Internet traffic between the peering ISP members. This enables more efficient use of international bandwidth, saving foreign exchange. It also improves the Quality of Services for the customers of member ISPs, by avoiding multiple international hops and thus reducing latency.
- CONNECTED NETWORKS BY EXCHANGE [ AIRTEL- TATA- BSNL- VODAPHONE etc.]
- NIXI has sponsored three Root Servers, at Mumbai (I Root (External website that opens in a new window)), Delhi (K Root(External website that opens in a new window)) and Chennai (F Root(External website that opens in a new window)). These are hosted at our Exchange points at these locations. These root servers are part of the Domain Name Systems a worldwide-distributed database that is used to translate worldwide unique domain names such as http://www.pib.nic.in to other identifiers.
ERNET India is running MPLS enabled dual stack (IPv4 and IPv6) backbone. The ERNET backbone interconnects ERNET Point of Presence (PoP) spread throughout the country. The ERNET PoP at STPI, Bangalore integrate ERNET VSAT network with ERNET terrestrial network. ERNET has deployed many overlaid network over its backbone. The domestic traffic is routed via NIXI whereas international traffic from each PoP is routed out as ERNET is peering with upstream service providers at each PoP for faster access to Internet.
Controller of Certifying Authorities (CCA)Statutory Organisations of MeitY
- Cyber Appellate Tribunal (CyAT)
- Indian Computer Emergency Response Team (ICERT)
- Unique Identification Authority of India (UIDAI) (link is external)
Companies of MeitY
- Media Lab Asia
- National Informatics Centre Services Inc.(NICSI) (PSE under control of NIC)
- National Internet Exchange of India(NIXI)
- .in Registry
Autonomous Societies of MeitY
- Centre for Development of Advanced Computing (C-DAC)
- Centre for Materials for Electronics Technology (C-MET)
- Education & Research in Computer Networking(ERNET)
- National Institute of Electronics and Information Technology (NIELIT – Formerly DOEACC Society)
- Society for Applied Microwave Electronics Engineering and Research (SAMEER)
- Software Technology Parks of India (STPI)
AGENCIES AND SERVICE PROVIDERS CONNECTED WITH IT INDUSTRIES
- Ministry of Electronics & Information Technology, Government of India (http://meity.gov.in/)
- National Association of Software and Services Companies (NASSCOM) (www.nasscom.in(link is external))
- Indian Software Product Industry Round Table (iSPIRT) (www.ispirt.in(link is external))
- Other Service Providers Association of India (OSPAI) www.ospai.in (link is external)
- Data Security Council of India www.dsci.in (link is external)
DOMAIN NAME DISPUTE
The original role of a domain name was no doubt to provide an address for computers on the internet. But the internet has development from a mere means of communication to a mode of carrying on commercial activity. With the increase of commercial activity on the internet, a domain name is also used as business identifier. Therefore, the domain name not only serves as an address for internet communication but also identifies the specific internet site. In the commercial field, each domain name owner provides information/services which are associated with such domain name(Satyam Infoway Ltd. v. Siffynet Solutions Pvt. Ltd)
DOMAIN NAME VS TRADE MARK
There is a distinction between a trademark and a domain name which is not relevant to the nature of the right of an owner in connection with the domain name, but is material to the scope of the protection available to the right. The distinction lies in the manner in which the two operate. A trademark is protected by the laws of a country where such trademark may be registered. Consequently, a trade mark may have multiple registration in many countries throughout the world. On the other hand, since the internet allows for access without any geographical limitation, a domain name is potentially accessible irrespective of the geographical location of the consumers. The outcome of this potential for universal connectivity is not only that a domain name would require world wide exclusivity but also that national laws might be inadequate to effectively protect a domain name. The lacuna necessitated international regulation of the domain name system (DNS). This international regulation was effected through WIPO and ICANN. India is one of the 171 states of the world which are members of WIPO. WIPO was established as a vehicle for promoting the protection, dissemination and use of intellectual property through the world. Services provided by WIPO to its member states include the provision of a forum for the development and implementation of intellectual property policies internationally through treaties and other policy instruments.5 The outcome of consultation between ICANN and WIPO has resulted in the setting up not only of a system of registration of domain names with accredited Registrars but also the evolution of the Uniform Domain Name Disputes Resolution Policy (UDNDR Policy) by ICANN on 24th October 1999. As far as registration is concerned, it is provided on a first come first serve basis.
A prior registrant can protect its domain name against subsequent registrants. Trade Marks Act, 1999 itself is not extra territorial and may not allow for adequate protection of domain names, this does not mean that domain names are not to be legally protected to the extent possible under the laws relating to passing off.
The Registry for the country code Top Level Domain (ccTLD) Name .IN is being managed by the National Internet Exchange of India (NIXI). Presently, more than 73 Registrars have been accredited to offer .IN domain name registration worldwide to customers. It has in turn also helped in proliferation of Web hosting in the country and Indian language content in the Internet. 5.5 lakh .IN Domain Names have been registered till November 10, 2009. Two Data Centers have been established in Delhi and Chennai towards disaster management with an uptime of maximum 5 minutes.
In India, just under 7000 domains have been registered by the Registry at 2nd and 3rd levels under .IN country code over the past decade or so. In addition, the Internet Service Providers (ISPs) have registered about 500,000 .IN domain names at the 3rd level. This number does not truly represent the penetration of Information Technology (IT) in India when compared with a number of companies and public institutions engaged in IT and IT enabled services (ITeS). The slow growth of .IN domain has been adjudged to be largely due to the absence of contemporary processes and infrastructure, and an over cautious registration policy followed.
BACK GROUND OF DOMAIN DISPUTE
- Globally, there are approximately 60 million Internet domain names registered. Of these, about 40 million are in generic top level domain (gtld) category, while the remaining 20 million are in country code top level domain (cctld) category. The administration of gtld rests with the Internet Corporation for Assigned Names and Numbers (ICANN), an internationally organized non profit corporation, with membership from different countries and experts in the field. The responsibility for administration of cctld, on the other hand, has been entrusted to the individual countries who in general follow the guidelines provided by ICANN. These Internet domain names are used by the user entities to identify them in the networked Internet space. In the gtld category, .com and .net domains are the most popular, and have registered in largest numbers. In recent times, the cctld domain registrations are growing with the countries playing active role in the Internet space
- The first dispute over a domain name occurred in 1993, over the name mtv.com. There have been very few rulings by supreme courts and all of them are recent. There have been decisions in Austria , Germany and France , but interestingly, there has not yet been a single Supreme Court order in the United States of America, where the Internet was born, its law developed and where the earliest domain name disputes were fought.
- Supreme Court of India in Satyam Infoway Ltd. v. Siffynet Solutions Pvt. Ltd (6 May, 2004) in Appeal (civil) 3028 of 2004.
The defendant was the holder of two domain names, siffynet.com and siffynet.net. The plaintiff company, Satyam Infoway, incorporated in 1995, registered several domain names that included the fanciful word ‘sify’: sifynet.com, sifymall.com, sifyrealestate.com, etc. The similarity between these names registered in 1999 and the two domain names of Siffynet Solutions (registered later in 2001), led Satyam Infoway to file a suit in the City Civil Court of Bangalore on the basis that the defendant was passing off its business and services by using its business name and domain name. The Court acknowledged that the plaintiff was the prior user of the trade name ‘Sify’ and that it had earned a good reputation in connection with Internet and computer services under this name. The Court stated that Siffynet Solutions’ domain names were similar to the domain names of the plaintiff, and that confusion would be caused in the mind of the general public by such deceptive similarity. The Court was pleased to grant a temporary injunction in favour of the plaintiff. The case was brought before the High Court, which allowed the appeal. According to the High Court, the respondent was doing business other than what was being done by the appellant, so consumers could not be misled nor misguided, and would not get confused. The High Court also underscored the point that the plaintiff company had a separate trade name – Satyam Infoway – which it could use if it were not granted an order of injunction. Since the complaint was filed in order to protect a trade name, there could have been recourse to the UDRP procedure. Even if the UDRP has been designed for abusive registrations of trademarks, it is still possible to get protection for a trade name under it, when it is deemed equivalent to a trademark. This is despite the World Intellectual Property Organization (WIPO) not being favourably disposed towards this trend. In fact there is already a precedent of an Indian firm having taken advantage of this broad interpretation of the UDRP rules. However, here, since the plaintiff chose to bring the case before a national court, it gave a chance to the Supreme Court of India to pronounce its first decision on domain names. The Court’s judgement offers an interesting perspective on domain name disputes to the legal community in India and beyond. It characterises the domain name under two main aspects – as “an address for computers” and, also as a “business identifier” owing to increased commercial activity on the Internet.
THE ULTIMATE GATEKEEPER ON INTERNET ICANN [ All Governments are under it]
The Internet Corporation for Assigned Names and Numbers (ICANN) is an internationally organized, non-profit corporation that has responsibility for Internet Protocol (IP) address space allocation, protocol identifier assignment, generic (gTLD) and country code (ccTLD) Top-Level Domain name system management, and root server system management functions. Originally, the Internet Assigned Numbers Authority (IANA) and other entities performed these services under U.S. Government contract. ICANN now performs the IANA function. As a private-public partnership, ICANN is dedicated to preserving the operational stability of the Internet; to promoting competition; to achieving broad representation of global Internet communities; and to developing policy appropriate to its mission through bottom-up, consensus-based processes.
The Cyber Crime Police station shall have the jurisdiction in respect of all the offences committed under the Information Technology Act and laws relating to Intellectual property rights and other related offences under any law for the time being in force, COMMITTED IN THE COURSE OF THE SAME TRANSACTION.
As per the amendments to the IT Act 2000 , the minimum rank of investigation of cyber crimes is POLICE INSPECTOR and any jurisdictional police station can register and investigate.
Nature of cases reported at Cyber Crime Police Station:-
- Identity Theft
- Creation of fake e-mail account
- Creation of fake Facebook account
- Hacking of e-mail account / Password etc.
- ATM Fraud
- Credit Card Fraud
- Online Banking Fraud
- Website defacement
- Cyber Pornography:- Posting of nude photograph / Obscene posting
- Child Pornography
- Nigerian Fraud / Lottery Fraud / Advance Fee Fraud/ 419 Fraud
- Cyber Stalking
- Cyber Defamation
The mail and the Internet are major routes for fraud against merchants who sell and ship products, as well Internet merchants who provide online services. In this, fraudster presents stolen card information by indirect means, whether by mail, telephone or over the Internet to merchant site and orders the delivery of goods of lower value to avoid suspicion.
• Skimming is the theft of credit card information used in an otherwise legitimate transaction. It is typically an “inside job” by a dishonest employee of a legitimate merchant, and can be as simple as photocopying of receipts. Common scenarios for skimming are restaurants or bars where the skimmer has possession of the victim’s credit card out of their immediate view. The skimmer will typically use a small keypad to unobtrusively transcribe the 3 or 4 digit Card Security Code which is not present on the magnetic strip.
• Carding is a term used for a process to verify the validity of stolen card data. The thief presents the card information on a website that has real-time transaction processing. If the card is processed successfully, the thief knows that the card is still good. The specific item purchased is immaterial, and the thief does not need to purchase an actual product; a Web site subscription or charitable donation would be sufficient. The purchase is usually for a small monetary amount, both to avoid using the card’s credit limit, and also to avoid attracting the bank’s attention.
FOLLOWING FIELDS SHALL BE ADDED UNDER THE HEADING OF INFORMATION AND INTERNET LAW.
Crime [Domestic & International]
Intellectual Property & software licensing
Electronic Commerce & Payment system
Electronic Banking and Financial services
Risk Management and Insurance
Data Protection and Freedom of Information