Billion Coders

billionCoders is a global initiative to empower girls with IT skills through free online courses, face-to-face sessions with experts, internships, real-world projects, freelance opportunities & more.

It was founded by Shinam Arora aka c0d3r and currently funded by Asian School of Cyber Laws.

Why? Because computing is too important to be left to men! -Karen Spärck Jones

For more details, take a look at the billionCoders website

You can also mail them at coder@billioncoders.com

Cyber Entrepreneurship Scheme (Vision 2020)

Asian School of Cyber Laws is proud to announce the launch of the Cyber Entrepreneurship Scheme, (Vision 2020).

This scheme aims to create a new class of cyber entrepreneurs, who can utilize the immense possibilities offered by the World Wide Web to become free from the need for employment. Instead, this new class can create employment for others. In today's highly networked world, a cyber entrepreneur does not need to invest his money, he only needs to invest his intellect and explore his connections.

To explain the scheme in detail, we are organizing seminars for a select audience.
The first seminar is scheduled for Mumbai on Saturday 21 May, 2011 (3pm to 5pm)

Entry is free but by invitation only.

Republic of Cyberia gains independence !

The Republic of Cyberia is a virtual nation created to empower children with a 360-degree all-round smart education.

It is located at: www.republicofcyberia.com

Republic of Cyberia enjoys its own living, breathing language - cyTalk!

We believe that the best way to learn a language is to make it an inseparable part of our day-to-day lives. So, in Cyberia, cyTalk is an inherent part of our communication methodology. However, cyTalk also fulfils another need. It is grounded in the basics of computer terminology and linux, C, C++, php and mySQL syntax. Once you are familiar with the syntax of cyTalk, learning Linux at a later stage will literally be child's play!

Cyberia has 17 sectors:

cyberiaHigh

This is the cyber school where children learn through games, interactive online activities, animated films and even spy games! cyberiaHigh combines education with entertainment to create edutainment.

bitStreet

This is the financial sector of the Republic of Cyberia.

This sector has been designed to teach children all about money and finance.

Topics covered in this sector include banking and finance, foreign currencies, stock markets, investments, personal finance, business finance, and public finance.

deGauss

This is the eco-friendly sector of the Republic of Cyberia.

Children can learn about Animal Rights, Biodiversity, Climate Change and Global Warming, Reducing Energy Use, Natural Resources, Renewable and Non-Renewable Sources of Energy, the Ecological System, Pollution, Recycling etc.

This sector is named after degaussing - the process of decreasing or eliminating an unwanted magnetic field.

techValley

This is the technology sector of the Republic of Cyberia.

Citizens use this sector to learn about various technologies - right from construction technology to medical technology to electronics and information technology.

This sector also lets citizens rate and share their opinions on everyday gadgets and devices.

cyWood

cyWood is the entertainment, fashion and cultural sector of the Republic of Cyberia.

Citizens can post their photos, videos, paintings, poems, songs, music etc on cyWood. Other citizens rate these to choose the best of the week, month and year.

cyWood gives an opportunity to citizens to showcase their talent to the world.

cyWood is named after the famous woods of the global entertainment scene - Hollywood and Bollywood.

Gamma

Gamma is the Science Sector of the Republic of Cyberia.

In this sector, citizens can learn about:
- Natural sciences (such as Chemistry, Physics, Astronomy, Earth Science, Environmental science and Biology)
- Cognitive sciences
- Formal sciences (such as Computer sciences, Mathematics, Statistics and Systems science)
- Social sciences (such as Anthropology, Economics, Linguistics, Psychology, Geography, Philosophy, Political science and Sociology)
- Applied sciences (such as Agronomy, Architecture, Education, Engineering, Health sciences, Management, Military Science and Spatial Science).

In computer terminology, Gamma refers to the brightness of a monitor or computer display. Gamma setting determines how bright the output of the display will be.

UPnP

UPnP is the sports sector of the Republic of Cyberia.

In this sector, citizens learn the official rules for major sports. They also learn and discuss sports history, trivia and current affairs.
In computer terminology, UPnP stands for Universal Plug and Play. It describes devices that work with a computer system as soon as they are connected.

protoCol

If you want to learn about law, policing, detective work, crime scene investigation or even cyber crime investigation, then this is the sector for you.

This sector is named after the term protocol – which means a set of guidelines or rules.

thyRistor

This is the entrepreneurship sector of the Republic of Cyberia.

Citizens can post their business ideas and concepts is this sector. Others can vote on these ideas. You may get partners and even financers for your business venture.

Who knows the next hotmail, google or facebook may be a product of this sector.

In computer terminology, a thyristor is a four-layer semiconductor that is often used for handling large amounts of power.

h@ckxone

This is the most elite sector of the Republic of Cyberia.

The best of the best brains in hacking and computer security fight it out for membership of this sector.

In Cyberia, the term hacking has a positive connotation - it refers to finding clever or quick fixes to a computer program problem. A hack refers to a modification of a program or device to give the user access to features that were otherwise unavailable. It is an advanced form of a kludge - a workaround, a quick-and-dirty solution, a clumsy or inelegant, yet effective, solution to a problem, typically using parts that are cobbled together.

Hacking is totally different from cracking which is a nefarious criminal use also referred to as computer crime.

Kernel

Kernel is the management sector of the Republic of Cyberia.

In this sector, citizens learn about important areas of management such as Change management, Conflict management, Crisis management, Customer relationship management, Disaster management, Human resources management, Inventory management, Knowledge management, Marketing management, Materials management, Office management, Operations management, Process management, Product management, Public administration, Quality management, Relationship management, Risk management, Strategic management, Stress management, Supply chain management, Systems management, Talent management and Time management.

In computer terminology, the kernel is the central component of most computer operating systems. It manages the computer resources.  The more efficient the kernel is, the more efficiently the operating system will run.

dotPitch

dotPitch is the design sector of the Republic of Cyberia.

In this sector, citizens will learn about various aspects of design including Packaging design, Product design, Service design, Game design, Web design, Communication design, Architectural design, Furniture design, Garden design, Industrial design, Interior design etc.

In computer terminology, dot pitch measures the sharpness of the display of a CRT (Cathode Ray Tube) monitor.

superScaler

The Republic of Cyberia is governed by superScalers.

Every citizen of Cyberia has a fundamental right to vote in the elections for appointment of superScalers.
The term superScaler is derived from computer hardware terminology where a super scaler CPU (central processing unit) allows faster CPU throughput than would otherwise be possible at a given clock rate.

etherNet

This is the sector for media and communications in the Republic of Cyberia.

Citizens can learn about news, public relations and advertising here and can volunteer to work in this sector.

In computer terminology, ethernet is a family of computer networking technologies for local area networks (LANs).

cloudServers

This is the most mysterious part of the Republic of Cyberia.

It has not (and probably never will be) fully explored. It features secret doorways leading to the coolest games and missions.

cyAvenue

This is where citizens of the Republic of Cyberia can buy and sell cool stuff.

Children can buy and sell art, music, books, toys, games, comics and tons of other stuff in this sector.

They can also buy official Cyberia merchandise including posters, laptop stickers, calenders, postcards, stationary, stamps etc.

Children can also design official Cyberia merchandise and receive life long royalty on the sale of merchandise designed by them.

friends@cyberia

This is the social sector of the Republic of Cyberia.

All citizens automatically become members of this sector. You can make friends from all over the world, connect with them, share your pics and videos and do a lot more.

This sector also features the cool baseStation chat system.

Republic of Cyberia is located at: www.republicofcyberia.com

World’s Smallest Cyber Crime Investigation Device Released by ASCL & Data64

The world’s smallest cyber crime investigation device was released in Pune on Saturday 28th August, 2010 by Hon’ble Justice Rajesh Tandon, Chairperson, Cyber Appellate Tribunal, New Delhi.

Code-named pCHIP, this Portable Mega Investigation & Forensic Solution is delivered in two versions - on a USB device and on a micro SD card.

pCHIP runs from a USB drive / micro SD card without installation on the suspect PC. It captures relevant volatile evidence from a live (switched on) computer. It has an extremely easy-to-use interface and provides detailed reports.

Volatile Evidence Recovered by pCHIP
The pCHIP retrieves crucial volatile digital evidence from the suspect computer and generates 38 reports at the click of a button.

Password & Encryption handling by pCHIP
The pCHIP can detect and list password protected & encrypted files on a suspect computer. It can also attack and crack hundreds of types of passwords.

USB History detection by pCHIP
At the click of a button, the pCHIP can generate a report containing the details of every USB device ever connected to the suspect computer.

Cloning and Imaging by pCHIP
The pCHIP can clone and image disks and also recover deleted data.

pCHIP has been designed by Asian School of Cyber Laws & Data64 Techno Solutions Pvt. Ltd.

Data64 Techno Solutions Pvt. Ltd. is incubated by Science & Technology Park, a STEP promoted by Department of Science & Technology, Government of India.

Asian School of Cyber Laws is a global leader in education, training and consultancy in cyber law, cyber crime investigation and digital forensics.


Mr. Debasis Nayak, Director, Data64 Techno Solutions Pvt. Ltd. said:

It is widely believed that computer forensic investigations must be carried out on static data and never on live systems.

This usually means that the investigator would first pull the plug on any live machine and then physically remove the hard disk(s). This hard disk would then be imaged and subsequently the image would be analyzed.

We believe that such an approach is flawed. In many cases, it is prudent for an investigator to first carry out preliminary investigations on the live system and then pull the plug.

Some of the reasons for this approach are:

1. In many computer attacks, the evidence may be only in the computer memory and not in any files on the hard disk. Pulling the plug or shutting down such a computer may destroy the evidence.

2. If the suspect is using cryptography to secure his data, then pulling the plug may mean that the data will no longer be available in an unencrypted format.

3. The suspect could configure his computer to clear the paging file automatically on shutdown. This would cause a lot of evidence to be lost.

Global Cyber Law Database

Global Cyber Law Database (GCLD) aims to become the most comprehensive and authoritative source of cyber laws for all countries.

GCLD is a public service initiative by Asian School of Cyber Laws.

For more details, visit www.cyberlawdb.com/gcld

ASCL assists Government of India in Formulation of Cyber Laws

Asian School of Cyber Laws (ASCL) has been associated with and is assisting the Department of Information Technology, Ministry of Communications and Information Technology, Government of India in framing draft rules and regulations under the Information Technology Act, 2000 and the Information Age Crimes Act.

We are also assisting the Ministry in framing the model rules for Code of Conduct and Practices to be adopted for the functioning of Cyber Cafes / Chat Room centers.

The various draft rules and regulations under the Information Technology Act, 2000 that the ASCL has assisted the Department of Information Technology, in drafting are:

 

  1. Rule u/s 87(2)(b)-
    This rule relates to the electronic form in which filing, issue, grant or payment shall be effected for the purpose of giving effect to electronic governance;
  2. Rule u/s 87(2)(c)–
    The above rule relates to the manner and format in which electronic records shall be filed, or issued and the method of payment for the purpose of making online payments to any government agency;
  3. Rule u/s 87(2)(e)-
    This rule relates to the security procedure that has to be adopted for the purpose of creating a secure electronic record and secure digital signature;
  4. Rule u/s 87(2)(g)-
    The above rule relates to the additional standards that are to be observed by the Controller to ensure that the secrecy and security of the digital signatures are assured.;
  5. Rule u/s 87(2)(o)–
    This rule relates to the fees that are to be paid to the Certifying Authority by users for issue of a Digital Signature Certificate;
  6. Rule u/s 87(2)(s)-
    The above rule relates to the procedure that has to be adopted for investigation of misbehaviour or incapacity of the Presiding Officer of the Cyber Regulations Appellate Tribunal that has been established under the Act;
  7. Rule u/s 87(2)(v)-
    This rule relates to any other power of a civil court required to be prescribed for the purpose of the Cyber Regulations Appellate Tribunal; and
  8. Rules u/s 87(2)(w)-
    The rules framed related to:

    1. The information that Network Service Providers were bound to disclose to the Police for the purpose of investigation of any offence.
    2. The user information collected by Network Service Providers (NSP), which the NSP is bound to keep private and confidential.
    3. The security procedure that the Central Government should adopt for the security of computer systems that have been declared as protected under the Information Technology Act, 2000.
    4. The use of technical means by the law enforcement agencies for the purpose of collecting information residing in the computers of suspected persons or intercepting information being transmitted from such computers.

  9. Regulation u/s 89 (2)(a)-
    The regulations relate to the particulars relating to maintenance of database containing the disclosure record of every Certifying Authority.
  10. Regulation u/s 89 (2)(b)-
    The above regulations related to the conditions and restrictions subject to which the Controller may recognize any foreign Certifying Authority.
  11.  ASCL has also drafted the model rules for "Code of Conduct and Practices to be adopted for the functioning of Cyber Cafes / Chat Room centers"
  12.  ASCL has also given its opinion on the draft "The Information Age Crimes Act" to the Deapertment of Information Technology, Ministry of Communications and Information Technology, Government of India

Besides drafting of the various rules and regulations ASCL has also made several recommendations to the Ministry of Communications and Information Technology, Government of India for amendments and changes to the Information Technology Act, 2000

ASCL also provides consultancy to various multinational corporations, governments and law enforcement agencies on matters related to cyber crime investigation. Consultancy in this field includes issues related to setting up a Cyber Crime Investigation Cell & Cyber Forensics Laboratory.

Recommendations made by ASCL to Government of India for amendments to the Information Technology Act, 2000

Introduction

The Indian Information Technology Act, 2000 (hereinafter referred to as "the Act") is one of the most important pieces of legislation in the recent past. This statute reaffirms India’s commitment towards building a knowledge-based society and keeping pace with the rest of the world by providing a legal framework within which such a society can flourish.

The Act not only addresses issues related to electronic commerce by providing a framework for the establishment of a Public Key Infrastructure in the country, but it also addresses the issues of cyber crime and admissibility of digital evidence through the various provisions incorporated within the Act in itself and by way of amendments in other statutes.

However, the ever changing and dynamic information technology sector has already, within three years of the commencement of the Act, made it imperative to review the Act as there seems to be an ever increasing view by the industry, academicians, professionals and the general public that the Act needs to be re-analyzed in its entirety. This need for analysis arises so that the weaknesses that were already present in the Act and have later crept into it, creating ambiguities, can be eliminated.

Asian School of Cyber Laws accordingly recommends that the following changes in the Act be incorporated by way of amendments, additions and deletions to help achieve the objectives for which the legislation was brought into force.

Recommendation 1:
Amendment of the Preamble to the Act

The Preamble to an Act expresses the scope, object and purpose of the Act. It provides the intention behind framing the legislation. It is settled law that a preamble can be used for construing a provision in case of ambiguity within the Act. The role of the Preamble in an Act therefore cannot be curtailed.

Surprisingly, the Preamble to the Information Technology Act, 2000 omits to even mention cyber crime or computer based crimes whereas an entire chapter of the Act itself deals with such crimes. In the absence of any provision in the Preamble, it would be an onerous task for the Judiciary to construe any provision relating to offences under the Act, in case of any ambiguity.

Thus, it is recommended that the Preamble to the Act be amended to include addressing of cyber crimes as being one of the objectives of the Act.

Recommendation 2:
Legislation relating to privacy

Privacy and data protection are important issues that need to be addressed today as information technology assumes greater importance in personal, professional and commercial spheres. The European Union and the United States have strict policies relating to privacy and protection of personal data when such data or information is being transferred out of their domain.

It also pertinent to note here, that the absence of a specific privacy law in India has resulted in a loss of substantial foreign investment and other business opportunities. This deficiency has also served as an obstacle to the real growth of electronic commerce. Thus, a statute addressing various issues related to privacy is of utmost importance today. Accordingly, it is recommended that a statute addressing the issues of privacy be brought into force as soon as possible.

However, if it is deemed fit that an entire and separate legislation not be brought into force, it is nevertheless recommended that specific provisions relating to privacy and data protection be incorporated into a separate chapter by way of an amendment to the Act.

Recommendation 3:
Allowing for technology-neutral methods
of authentication of electronic records

The Information Technology Act, 2000 is based upon the UNCITRAL Model Law on electronic commerce. However, where the UNCITRAL Model Law has chosen to adopt a technology-neutral approach towards authentication of electronic records, the Information Technology Act, 2000 has deviated from that approach. The Act has made technology specific stipulation inasmuch as it provides for authentication of electronic records only through digital signatures.

The pitfalls of such an approach are obvious considering the fast-paced growth of technology. Recent amendments to the Act only confirm this. Since frequent amendments to any legislation are cumbersome and undesirable, there is a need to make the Act technology neutral by making suitable modifications in section 3 of the Act.

Recommendation 4:
Issues relating to e-commerce transactions

With online commerce growing by leaps and bounds, it has become important that organizations seeking to do business through web sites must have a level of trust associated with them. A mere web presence does not provide any information about the credentials of a commercial organization. Operators of fraudulent websites have managed to dupe innocent persons out of millions of rupees due to lack of verification or authentication of such websites.

To deter such operators and to encourage public confidence in online commerce, it is recommended that provisions for obtaining digital signature certificates compulsorily for such websites be incorporated in the Information Technology Act, 2000 thereby conferring a degree of authenticity on these websites and eliminating fraudulent transactions to a great extent.

Recommendation 5:
Removal of provisions relating to
secure digital signature and security procedure

Section 15 of the Act introduces the concept of a secure digital signature and section 16 of the Act lays down the considerations in light of which a security procedure is to be applied to a digital signature for the purposes of a secure digital signature.

However, on careful analysis of the provisions relating to the definition of a digital signature it becomes clear that the process of creating a digital signature itself satisfies the criteria laid down in section 15 of the Act. Hence, the need for a secure digital signature becomes redundant. Further, the criteria stipulated in the various sub-sections of section 16 which need to be fulfilled for laying down the security procedure for a secure digital signature are themselves abstract and vague. Section 15 of the Act seems to have been inspired by section 16 of the Electronic Transactions Act 1988 of Singapore. However, the Singapore Act recognizes an electronic signature and hence such a provision holds water under that Act.

Since the Information Technology Act 2000 does not recognize the concept of an electronic signature it is recommended that sections 15 and 16 of the Act and all other sections,which are incidental to these sections be removed from the Act to avoid uncertainty and confusion.

Recommendation 6:
Duties of the Controller

Section 20 of the Act lays down one of the duties of the Controller where the Controller acts as repository for all Digital Signature Certificates issued under the Act. The section specifies that the Controller shall observe necessary standards to ensure that the “secrecy and security” of the digital signature certificates are assured.

Digital Signature Certificates are public documents inasmuch they have to be published to allow verification of a digital signature. Therefore, there are no secrecy requirements of digital signature certificates. Hence, it is recommended that the words “secrecy and” in section 20(2)(b) be removed from the Act.

Recommendation 7:
Controller’s power to investigate contraventions

Section 28 of the Act confers power upon the Controller to investigate any contraventions for the provisions of the Act. This clearly vests the Controller with the power to investigate penalties under chapter IX of the Act and offences under Chapter XI of the Act.

However, the appropriate law enforcement agencies are also empowered to investigate offences under Chapter XI of the Act. Such a conflict of powers under the act gives rise to possibilities of inconsistencies between the two agencies. To avoid such difficulties, it is recommended that the Controller’s power to investigate be limited to penalties under chapter IX of the Act and not extend to offences under chapter XI.

It is also further recommended that appropriate amendments be made to provide for the detailed procedure to be followed by the Controller to investigate the penalties under Chapter IX of the Act.

Recommendation 8:
Key escrow and archival facilities for Private Keys

Digital signatures are an application of asymmetric key cryptography where a private key and a public key are used for the purposes of digital signature and encryption. The secrecy and security of the private key wherever an asymmetric crypto system is used is of paramount importance.

It is for this reason that key escrow and archival becomes necessary. Thus it is recommended that provisions for key escrow be introduced in the Act for the government and its agencies wherever asymmetric key cryptography and digital signatures are being used. This will prevent piquant situations that would arise if a private key is lost, becomes unusable or is compromised.

Recommendation 9:
Clarification on simultaneous proceedings

The Act provides for damages of up to one crore rupees to be paid to the aggrieved party for each of the penalties under chapter IX of the Act and also provides for prosecution for certain class of penalties which can be categorized as offences under chapter XI of the Act.

Distinct remedies exist for distinct acts and/or omissions. Penalties, which are adjudicated upon by way of civil proceedings, provide for compensation to the aggrieved party. Criminal proceedings on the other hand are aimed at penalizing the offender for and preventing others from carrying out criminal activities. Due to the nature of penalties and offences under the Act, it should be made possible for a person who is aggrieved to seek both compensation and punishment without any one proceeding creating a bar for the other.

Therefore, it is recommended that a specific provision be incorporated in the Act, laying down that proceedings initiated under chapter IX of the Act should not serve as a bar to proceedings initiated simultaneously under chapter XI of the Act against the offender.

Recommendation 10:
Provisions to cover credit card fraud

Although chapter IX has specified a number of acts as penalties under section 43 entitling a person to compensation under the said section, it has omitted to address credit card frauds on the Internet.

Credit cards are the primary means through which payments for goods and services are made on the Internet today. However, the public nature of the medium makes use of credit cards on the Internet a dangerous proposition unless adequate precautions are taken to prevent its abuse.

The latter observation is vindicated by the fact that the number of credit card thefts amount to over 33% of data thefts reported by ASCL-CERT for the year 2001-2002. On a larger canvass, this is much more damaging with numerous incidents relating to credit cards being reported daily.

Although an attempt has been made to address this through the provisions of section 43(h), the wordings of the said section are rather vague and ambiguous to be interpreted as addressing credit card frauds/thefts. Thus, it is recommended that the term credit card be defined appropriately and a specific provision providing for compensation to an aggrieved party for credit card frauds/thefts be incorporated under section 43.

Recommendation 11:
Issues related to spamming

Unsolicited e-mail messages are proving to be a menace to the netizen, irrespective of the strata or class to which the netizen belongs. The phenomenon, commonly known as spamming, is given effect to by commercial organizations and fraudsters that target consumers to swindle an unsuspecting web-surfer.

Since, spamming is a cost effective method and gives wider reach, the problem has attained menacing proportions today. Spamming results in wastage of time and resources and is a constant source of harassment to the targetted person. This predicament is severe enough for many countries to have declared spamming as a criminal offence.

While acknowledging the fact that spamming can be a source of constant nuisance, it must be put forward that in most instances spamming hardly gives rise to serious financial loss. In the Indian context, it would be inappropriate to make spamming a criminal offence or an act, which would draw liability under section 43.

Firstly, tracing the perpetrators of this activity is extremely difficult technically. Secondly, it must be kept in mind that the criminal and civil justice system in India is already overburdened. Under such a situation, if spamming is made an offending activity, which attracts legal liability, there will be a flood of litigation that will further burden the courts and make it near impossible to adjudicate upon this issue.

It is worth noting here that if spamming does result in severe financial loss, e.g., in cases where it causes denial of access and damage to computer systems, section 43 of the Act provides for compensation up to one crore rupees to the affected person. Thus, it is recommended that under the present circumstances there is no requirement to categorize spamming per se as an activity that gives rise to any legal right or impose any liability.

Recommendation 12:
Issues related to cyber stalking

With the Internet turning into a virtual meeting place for people, the problem of cyber stalking has become a perceivable threat. Cyber stalking involves a person following a web-surfer through cyberspace in spite of objections by the latter. This causes severe mental agony and stress to the person being stalked. The affected person at times gives up using the Internet or has to seek a change of persona/identity with which he/she has come to be associated with.

Merely stating what cyber stalking involves cannot throw light upon the seriousness of this crime and the adverse way in which it affects the victims of stalking; mostly women and children. Thus, it is recommended that section 509 of the Indian Penal Code, 1860 be amended suitably to accommodate cyber stalking and aprovision should be inserted in section 43 of the Act to provide for compensation to a victim of cyber stalking.

Recommendation 13:
Issues relating to trivial acts

The use of computers and the Internet have increased the value of information tremendously. Hence, causing damage to information has been penalized under the Act. At the same time, it must be kept in mind that the amount of compensation provided for under chapter IX of the Act can prove to be a great impetus for people to enter into frivolous litigation for trivial causes in the hope of financial gain.

Thus, there is an urgent need for incorporation of a provision in the Act on lines similar to section 95 of the Indian Penal Code, 1860, which excludes “acts causing slight harm” from being offences under the Act.

Recommendation 14:
Residuary penalty

Section 45 of the Act provides for residuary penalty of twenty-five thousand rupees for contraventions for which no separate penalty is provided under the Act. Considering that compensation under section 43 of the Act is upto one crore rupees it is advisable that even residuary penalty be increased appropriately. Looking at the value of information stored or transmitted by means of computers, it is recommended that the amount of residuary penalty provided for in section 45 is increased so that the financial loss caused by any act, for which a penalty is not specifically provided, is compensated adequately.

Recommendation 15:
Online gambling

Online gambling is a serious issue that has not been addressed under any Indian law. The Internet makes it very easy for any person to gamble using a web site which may be hosted anywhere in the world. The anonymity offered by the Internet allows operators of fraudulent web sites to dupe unsuspecting surfers of their money and escape prosecution.

Keeping in view the seriousness of the matter, it is recommended that appropriate amendments may be made in the Gambling Prevention Act to address online gambling.

Recommendation 16:
Stamp duty for filing application before the Adjudicating Officer

Notification No: G.S.R.220 (E) dated 17th March 2003 vide Information Technology (Qualification and Experience of Adjudicating Officers and Manner of Holding Enquiry) Rules, 2003 provides for payment of a fee for filing an application before an adjudicating officer. However, provisions relating to the Appointment and powers of the adjudicating officer under the Act make no mention of any fees to be paid for the purpose of filing an application before the Adjudicating Officer.

Therefore, the stipulation that any fees have to be paid to file an application before an adjudicating officer is completely ultra vires the Act. It may be mentioned that any provision, unless specifically stated under a statute, need not be complied with and hence the proviso to make any payment as fees towards the application vide the rule, as mentioned above, would not be legally valid.

Thus, it is recommended that the said notification relating to payment of fees for filing of application be rendered inoperable.

Recommendation 17:
Issues relating to computer based crimes

The Act through chapter XI and through various amendments to the Indian Penal Code has addressed issues related to computer-based crimes. However, the following substantial issues relating to computer crimes have not been addressed under the Act:

  1. Tampering with computer source codeSection 65 of the Act provides for punishment of tampering with source code of a computer program. However, the wordings of section 65 are ambiguous and vague. The section applies to computer source codes “which are required to be kept or maintained by law for the time being in force...”. In the absence of any clarification as to which programs “are required to be kept or maintained by law”, the application of the provision to an act involving tampering or concealing computer source documents is doubtful. Thus, it is recommended that section 65 be reworded to remove the ambiguity existing in the section.
  2. Creation of harmful programsViruses, worms and other malicious programs cause losses amounting to millions of rupees every year. Disseminating a computer virus or any other kind of malicious computer program has become very easy with the advent of the Internet. Accordingly, hundreds of malicious computer programs are released everyday and spread rapidly through the use of the Internet. In the absence of any penal provision to punish the creator of a malicious computer program, such activities are rampant and these situations adversely affect computer users across the world.

    Though section 66 of the Act provides punishment for damaging, deleting, or altering information in a computer resource i.e. under the provisions of Hacking, it does not penalize the creator of a harmful program, whose acts can result in hacking. A careful analysis of section 66 also reveals that the section is applicable to “information stored in a computer resource”. These wordings therefore make the provision inapplicable to data in transit.

    Thus it is recommended that section 66 of the Act be suitably amended to penalize the creator of a harmful or malicious computer program and to make it applicable to data that is in transit.

  3. Encrypted communicationCryptography is proving to be a deadly tool in the hand of terrorists and criminals. Disturbing trends are emerging where criminals and terrorists have been using encrypted communication to co-ordinate and execute their nefarious activities.

    Section 69 of the Act penalizes a person in charge of a computer resource who fails to assist an investigating agency directed by the Controller to intercept information and decrypt encrypted communication from that computer resource.

    However, section 69 is narrow in its scope as it is applicable only for cases specified therein. Also, a written order from the Controller authorizing such interception or decryption is a key ingredient of that section.

    Considering the present situation where emails and the Internet are fast becoming the primary means of communication, it is recommended that the scope of section 69 be widened. The enhancement should be in a manner, which would make it possible to apply section 69 for matters other than those cited. Additionally, the requirement for the Controller’s authorization to be recorded in writing should be eradicated. Instead, such an order should be given by any competent authority appointed or notified by the Appropriate Government to the investigating agency for interception of information and decryption of data.

Recommendation 18:
Protected systems

Certain computer systems, by the nature of information stored in them and by virtue of their operations which are processed through them, should be protected from misuse and intrusion. Computer systems utilized for security, defence or international relations; communications infrastructure, banking or financial services; public utilities, public transportation or for purposes of public key infrastructure would ideally fall under this category. Hence, many countries provide for enhanced punishment for unauthorized access or for any kind of damage caused to such computer systems. These computer systems are generally given the name “protected systems”.

Section 70 of the Act provides for enhanced punishment for accessing or attempting to access computer systems, which are declared as “protected” computer systems under the said section. However, the procedure for declaring such computer systems as protected as laid down under section 70 is cumbersome and lengthy. There is a need to simplify the procedure required for declaring a computer system as being protected under section 70.

Keeping the Singapore model in mind it is advisable and recommended that section 70 of the Act should be suitably amended to include several types of sensitive systems and therefore avoid the cumbersome procedure that is enumerated in the present section. It is therefore recommended that instead of specifically requiring the appropriate government to declare a computer system as being protected by notification, it would be appropriate to specify the category of “protected computer systems” in the Act itself.

Recommendation 19:
Issues relating to Extraterritorial jurisdiction

Section 75 of the Act provides for extraterritorial jurisdiction for offences or contraventions under the Act. According to section 75, the Act shall apply to an offence or contravention committed outside India by any person if the act or conduct constituting the offence involves a computer, computer system or computer network located in India.

A careful reading of section 75 reveals that such extraterritoriality is applicable only to offences under the Act. It is significant to note here that a class of cyber crimes is also defined under the Indian Penal Code, 1860 due to the amendments made to the latter by the Act. As per section 75, those crimes would be excluded from the purview of extraterritoriality that exists for offences under the Information Technology Act 2000.

Thus, it is recommended that section 75 of the Act be amended to confer extraterritorial jurisdiction for offences committed and penalized under other statutes.

Recommendation 20:
Admissibility of electronic records

The Act, by virtue of amendments made to the Indian Evidence Act 1872, has made electronic records admissible as evidence in a court of law. The amendment has far reaching implications for leading evidence in cyber crime cases.

However, the provisions of section 65B (2), which need to be fulfilled for making electronic records admissible in a court of law are unclear and vague. The said provisions throw no light upon how to fulfill the conditions mentioned therein. In the absence of any clarity, it is doubtful as to the procedure to be followed to make electronic records admissible in a court of law under section 65B (2).

Thus, it is recommended that section 65B (2) of the Indian Evidence Act, 1872 be simplified by way of amendment to render it clear and unambiguous.

Recommendation 21:
Investigation of offences

The power to investigate offences under the Act has been conferred upon a police officer of the rank of a Deputy Superintendent of Police or above. However, such investigation should not be rank specific as at many times officers of the said rank or above do not have the time required to investigate each offence registered under the Act.

Thus, it is recommended that sections 78 and 80 of the Act be amended to allow for investigation of offences registered under the Act by a police officer irrespective of his rank. This will lessen the burden on the shoulders of a high-ranked police officer for investigating each and every crime under the Act and at the same time allow for adequately addressing the grievances of an affected party at a much faster pace.

Recommendation 22:
Liabilities of Internet Service Providers

In an Internet based transaction, the role played by network service providers is vital as without the assistance of a network service provider, communication would not be possible over the Internet. The role played by Network Service Providers in Internet communication compels them to deal with third party information at various stages.

It is also worth mentioning that Network Service Providers can be classified into distinct categories, e.g., Internet Service Providers and application Service Providers according to the nature of service provided by them. Under such circumstances, the rights and liabilities of various classes of Network Service Providers should be clearly spelt out by virtue of provisions under the Act.

Although, section 79 of the Act tries to address the liability of a Network Service Provider, it does not clearly spell out or lay down their rights and liabilities. This may create apprehensions in the mind of organizations wanting to invest in such businesses.

Thus, it is recommended that additional provisions be included in the Act under chapter XII to clearly address the rights and liabilities of Network Service Providers so as to give impetus for investment in these areas.

Recommendation 23:
Public servants

The quantum of compensation to be paid to an affected person due to penalties committed under chapter IX of the Act are to be decided by an adjudicating officer to be appointed by the Central Government.

Section 82 of the Act has declared certain class of authorities appointed under the Act as public servants. However, adjudicating officers and members of the Cyber Appellate Regulations Tribunal have been left out of the purview of section 82.

Thus, it is recommended that section 82 be amended to bring adjudicating officers and members of the Cyber Appellate Regulations Tribunal within the definition and meaning of Public Servants so that they also assume the duties and obligations of a public servant.

Recommendation 24:
Issues relating to removal of difficulties

The Act marks a new era in regulation of electronic commerce and addressing cyber crimes. The initial difficulties created in the implementation of the Act were sought to be overcome by the powers granted to the Central Government to pass orders for removing those difficulties.

However, the Act has been in force since 2000 hence there is no requirement for section 86 which provides for removal of difficulties by orders of the Central Government within two years of commencement of the Act.

Thus, it is recommended that section 86 be repealed in light of its redundancy.

Recommendation 25:
Insertion and deletion of certain definitions

The concept of “traffic data” or data in transit has not been introduced in the Act. Therefore, no provisions in the Act address issues relating to information or data in transit. It is imperative that, keeping the amendment to section 66 in mind, an appropriate definition of “traffic data” be incorporated in the Act.

It is also recommended that the definition of “security procedure” vide section 2(zf) of the Act should be removed since the term is redundant considering recommendation 5.

Consultancy in Cyber Law

Most modern day criminals are realizing the effectiveness of computers and the Internet to successfully perpetrate crime. So called conventional criminals such as drug cartels, organised crime syndicates and terrorist outfits are known to use high technology to assist them in their operations.

At the other end of the spectrum, cyber criminals are unleashing one sophisticated cyber attack after another. The number of data-hacks, financial frauds, cyber-murders, viruses etc are growing at an alarming rate.

Governments around the world are feeling the urgent need to streamline their efforts to investigate and prosecute the emerging brands of techno savvy criminals.

Asian School of Cyber Laws (ASCL) has pioneered a three-pronged approach to assist Governments in these efforts.

  1. Awareness Building: Mass awareness campaigns are essential for
    • reaching the general public with basic information on cyber laws,
    • articulating the general philosophy behind cyber laws, and
    • enlightening the public about the impact of technology-aided crime.

    A successful mass awareness campaign requires the synergy of all mass media channels (TV, radio, press, other media) and interactive discussions and lectures at public forums. (Detailed information)

  2. Formulation of Cyber Laws: “Cyber Laws” is a wide term encompassing laws relating to:
    • Electronic & Digital Signatures
    • Cyber Crime
    • Intellectual Property Rights
    • Data Protection & Privacy
    • Telecommunications Laws

    Asian School of Cyber Laws is the World's only specialized agency having expertise in formulating cyber laws. (Detailed information)

  3. Setting up of Investigation Infratructure: The process of setting up Investigation Infrastructure for tackling technology-aided crime involves:
    • Identification of Personnel
    • Training
    • Identifying & Procuring Software & Hardware Infrastructure
    • Constantly upgrading human and technology resources.

    Asian School of Cyber Laws is a world leader in cyber crime investigation. Our expertise extends from providing high-end training and consultancy to solving complex technology-assisted crimes. (Detailed information)

ASCL Computer Emergency Response Team

The Computer Emergency Response Team of Asian School of Cyber Laws (ASCL-CERT) was established in late 1999 to enable corporate India to battle the ever-growing wave of computer crime and computer abuse.

ASCL-CERT team consists of IT and legal professionals. To learn more on the ASCL-CERT, please email us at info@asianlaws.org.

On 1st March, 2003, the ASCL-CERT published the Computer Crime & Abuse Report (India) 2001-02. The report can be obtained in PDF and in HTML form.

  1. This report analyzes 6266 incidents of computer crime and abuse from 1st January 2001 through 31st December, 2002
  2. These incidents range from obscene, threatening and defamatory emails to computer aided sabotage, source code thefts and even attempted cyber murders!
  3. Incidents were reported by over 600 organisations from the IT, Manufacturing, Financial services, Education, Telecom, Health care, Other Services and other sectors.
  4. The types of computer crime and abuse incidents include data theft email abuse, unauthorized access, data alteration, targeted virus attacks, denial of service attacks.

Some findings of the report:

  1. The occurrence of a computer crime incident is most likely in September, least likely in August, more likely on a Monday, Friday or Saturday and least likely on a Sunday.
  2. A disgruntled former employee is more likely to commit a computer crime than a business rival.
  3. Two thirds of data theft incidents are attributable to employees (current as well as former).
  4. The average cost of a data theft attack is Rs. 1.8 lakh, with the cost ranging between Rs 20,000 and Rs. 1.87 crore.
  5. In 97% of incidents involving obscene emails, the victims are female employees.
  6. 55% of unauthorized access incidents were traced to persons within the victim organization.
  7. Almost 60% of computer crime incidents are likely to occur in the first six months of a year.

Workshops in Information Technology Law

Note: These workshops are no longer available.
This page is maintained only for archival purposes.

We conduct customised workshops in Information Technology Law for corporates, law firms and educational institutions.

For Corporates and Law Firms:
The contents of the workshop will be customised as per your requirements. Please email us on info@asianlaws.org with information about your organisation and your requirements so that we can send you a detailed proposal.

For Law Colleges:
The contents of the workshop will be as follows:

  1. Basics of internet
    1. how the internet works
    2. how information travels on the internet
    3. concept of domain names, server, web hosting, protocols, email and chat
    4. use of internet in legal profession
  2. Intellectual Property and the Internet
    1. domain name disputes
    2. ICANN policy
    3. copyright issues
    4. hyperlinking and meta tags
  3. Digital Signatures
    1. Concept
    2. Security issues
    3. E contracts
    4. Digital Signature Certificates
    5. Certifying Authority Rules
  4. Cyber Crimes
    1. Criminal Law and Cyber crime
    2. Offences under the IT Act, 2000
    3. Authorities under the IT Act, 2000
  5. Penalties
    1. Civil offences under the IT Act, 2000
    2. Adjudicating authorities
    3. Investigating authorities
  6. Related Issues
    1. Ammendments to the IPC and Evidence Act
    2. Consumer Protection Act and the new economy
    3. E Governance

The duration of the workshop would be 6 hours including adequate time for discussions.

Computer Institutes
The contents of the workshop will be as follows:

  1. Digital Signatures
    1. Basic concepts
    2. Security Issues
    3. Certifying Authorities
    4. Digital Signature Certificates
  2. Domain Names
    1. Fundamentals
    2. ICANN policy
    3. Domain name disputes
    4. Domain names and Trademark Law
    5. Relevant Cases
  3. Cyber Crime
    1. Hacking
    2. Pornography
    3. Tampering and Virus
    4. Internet based frauds
    5. Penalties and Offences under the IT Act

The duration of the workshop would be 3 hours including adequate time for discussions.