Cyber law II

By Prof. Kiran Marwade

UNIT 1 Laws, Investigation and Ethics

Cyber Crime: Meaning and Nature

Cybercrime, also called computer crime, the use of a computer as an instrument to
further illegal ends, such as committing fraud, trafficking in child pornography and
intellectual property, stealing identities, or violating privacy. Cybercrime, especially
through the Internet, has grown in importance as the computer has become central to
commerce, entertainment, and government.
Cybercrime may be defined as “Any unlawful act where a computer or
communication device or computer network is used to commit or facilitate the
commission of a crime”.
In Simple way we can say that cyber crime is unlawful acts wherein the computer is
either a tool or a target or both. Cyber crimes can involve criminal activities that are
traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of
which are subject to the Indian Penal Code. The abuse of computers has also given
birth to a gamut of new age crimes that are addressed by the Information Technology
Act, 2000.

We can categorise Cyber crimes in two ways

● The Computer as a Target :-using a computer to attack other computers.
e.g. Hacking,Virus/Worm attacks,DOS attack etc.
● computer as a weapon :-using a computer to commit real world crimes.
e.g. Cyber Terrorism, IPR violations,Credit card frauds,EFT frauds,
Pornography etc.
Cyber law (also referred to as cyberlaw) is a term used to describe the legal issues
related to use of communications technology, particularly "cyberspace", i.e. the
Internet. It is less a distinct field of law in the way that property or contract are as it is
an intersection of many legal fields, including intellectual property, privacy, freedom
of expression, and jurisdiction. In essence, cyber law is an attempt to integrate the
challenges presented by human activity on the Internet with legacy system of laws
applicable to the physical world.

Terms used in Cybercrime:

Hacking: A commonly used hacking definition is the act of compromising digital
devices and networks through unauthorised access to an account or computer system.
Hacking is not always a malicious act, but it is most commonly associated with illegal
activity and data theft by cyber criminals.
Hacking refers to the misuse of devices like computers, smartphones, tablets, and
networks to cause damage to or corrupt systems, gather information on users, steal
data and documents, or disrupt data-related activity.
A traditional view of hackers is a lone rogue programmer who is highly skilled in
coding and modifying computer software and hardware systems. But this narrow view
does not cover the true technical nature of hacking. Hackers are increasingly growing
in sophistication, using stealthy attack methods designed to go completely unnoticed
by cybersecurity software and IT teams.
Hacking is typically technical in nature (like creating malvertising that deposits
malware in a drive-by attack requiring no user interaction). But hackers can also use
psychology to trick the user into clicking on a malicious attachment or providing
personal data.
Types of Hacking/Hackers
● Ethical Hacker (White hat)
● Cracker (Black hat)
● Grey hat

Phishing: Phishing is a type of cybersecurity attack during which malicious actors

send messages pretending to be a trusted person or entity. Phishing messages
manipulate a user, causing them to perform actions like installing a malicious file,
clicking a malicious link, or divulging sensitive information such as access
credentials. Phishing is the most common type of social engineering, which is a
general term describing attempts to manipulate or trick computer users. Social
engineering is an increasingly common threat vector used in almost all security
incidents. Social engineering attacks, like phishing, are often combined with other
threats, such as malware, code injection, and network attacks.
The 5 most common types of phishing attack
1. Email phishing
2. Spear phishing
3. Whaling
4. Smishing and vishing
5. Angler phishing

Information Security and law:

Information is an important tool for successful organisations and Information Security
Law forms a key part of that equation. Information Security Law is the body of legal
rules, codes, and standards that require you to protect that information and the
information systems that process it, from unauthorised access. The legal risks are
potentially significant if you don’t take a pragmatic approach.

Why is Information Security Law important?

Securing information is about securing value. In the same way that we secure physical
stores of value such as cash, gold, or jewelery against theft, loss, or destruction, we
must do the same with digital stores of value – particularly information. We live in an
information society, after all, where the creation, use, and distribution of information
is a significant economic, political, and cultural activity. We are moving from the
service economy into the information economy, which emphasises informational
activities that rely on information technologies such as computers, mobile devices,
and the Internet.
Information security law is important because information has value.

Types of Cyber Crime:

List of Cybercrimes: Examples

● Child Pornography
● Cyber Bullying. ...
● Cyber Stalking. ..
● Online Job Fraud. ...
● Phishing. ...
● Email and internet fraud.
● Spamming
● Impersonation and identity theft
● Credit Card Fraud or Debit Card Fraud
● Ransomware
● Viruses, Worms, and Trojans
● Data Breach
● Denial of Services (DoS) attack
● Website Defacement
● Cryptojacking

cyber law issues in e-business management

● Registering a Domain Name in compliance with Trade Mark Law
● Hosting a Domain Name in compliance with International Private Law
● Uploading contents to the website in compliance with Copyright Law
● Enabling online payments in compliance with RBI mandate
 ● Search Engine Optimization in compliance with Anti Competition Law
● Terms of Use, Privacy Policy, Disclaimer etc

Overview of Indian IT Act:

The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act)
is an Act of the Indian Parliament (No 21 of 2000) notified on 17 October
2000. It is the primary law in India dealing with cybercrime and electronic
commerce.The Act provides a legal framework for electronic governance by
giving recognition to electronic records and digital signatures. It also defines
cyber crimes and prescribes penalties for them.
The Act directed the formation of a Controller of Certifying Authorities to
regulate the issuance of digital signatures. A major amendment was made in
2008. It introduced Section 66A which penalised sending "offensive
messages". It also introduced Section 69, which gave authorities the power
of "interception or monitoring or decryption of any information through any
computer resource". Additionally, it introduced provisions addressing -
pornography, child porn, cyber terrorism
The primary objectives of the IT Act, 2000 are: Granting legal recognition to all
transactions done through electronic data exchange, other means of
electronic communication or e-commerce in place of the earlier paper-based
communication.

Ethical issues in Intellectual property rights:

Intellectual-property rights are thus justified either because they protect artefacts
through which authors, artists, and inventors have expressed their “wills” or because
they create social and economic conditions conducive to creativity. The most
common types of intellectual property disputes are likely to be related to either
copyright infringement, trademark infringement, or patent infringement.

https://www.researchgate.net/publication/264734575_Ethical_Issues_Surrounding_Intelle
ctual_Property_Rights

Copyright: Copyright (or author's right) is a legal term used to describe the rights
that creators have over their literary and artistic works. Works covered by copyright
range from books, music, paintings, sculpture, and films, to computer programs,
databases, advertisements, maps, and technical drawings.
 Under copyright law, original works are given copyright protection in order to
prevent theft and unauthorised use. Copyright examples include creative works with
a tangible form, such as art, music, or literary works.
● Public Performing Right. The exclusive right of the copyright owner, granted
by the U.S. Copyright Law, to authorise the performance or transmission of the
work in public.
● Public Performance Licence.
● Reproduction Right.
● Mechanical Licence.
● Synchronisation Licence.
● Digital Performance Right in Sound Recordings.

Patent: A patent is a type of intellectual property that gives its owner the legal right
to exclude others from making, using, or selling an invention for a limited period of
time in exchange for publishing an enabling disclosure of the invention. A patent is
an exclusive right granted for an invention, which is a product or a process that
provides, in general, a new way of doing something, or offers a new technical
solution to a problem. To get a patent, technical information about the invention must
be disclosed to the public in a patent application. A process that uses such a formula
or method can be patented, however. For example, a patent has been granted for an
industrial process for moulding rubber articles that depends upon a mathematical
equation and involves the use of a computer program.

Data Privacy and protection: Data privacy generally means the ability of a person
to determine for themselves when, how, and to what extent personal information about
them is shared with or communicated to others. This personal information can be
one's name, location, contact information, or online or real-world behaviour. Just as
someone may wish to exclude people from a private conversation, many online users
want to control or prevent certain types of personal data collection. Data protection is
the process of safeguarding important data from corruption, compromise or loss and
providing the capability to restore the data to a functional state should something
happen to render the data inaccessible or unusable.

Data protection assures that data is not corrupted, is accessible for authorised purposes
only, and is in compliance with applicable legal or regulatory requirements. Protected
data should be available when needed and usable for its intended purpose.

The scope of data protection, however, goes beyond the notion of data availability and
usability to cover areas such as data immutability, preservation, and
deletion/destruction.
Domain name: A domain name is the name of a website and typically consists of a
top-level and second-level domain. A top-level domain (TLD) is the part of the
domain name located to the right of the dot, with the most common TLDs being .com,
.net and .org as they can be registered by anyone. A domain name is a string of text
that maps to a numeric IP address, used to access a website from client software. In
plain English, a domain name is the text that a user types into a browser window to
reach a particular website. For instance, the domain name for Google is ‘google.com’.

The actual address of a website is a complex numerical IP address (e.g. 103.21.244.0),

but thanks to DNS, users are able to enter human-friendly domain names and be
routed to the websites they are looking for. This process is known as a DNS lookup.

Software Piracy: Software piracy is the unauthorised use, copying or distribution of

copyrighted software. It may take many forms, including: Unauthorised copying of
software programs purchased legitimately, sometimes known as "end-user" piracy.
Making unlawful copies of copyrighted music, games, software, electronic books, and
movies, as well as streaming that content without authorization, are all examples of
piracy.
Plagiarism: Plagiarism is presenting someone else's work or ideas as your own, with
or without their consent, by incorporating it into your work without full
acknowledgement. All published and unpublished material, whether in manuscript,
printed or electronic form, is covered under this definition.

The Common Types of Plagiarism

● Direct Plagiarism.
● Self Plagiarism.
● Mosaic Plagiarism.
● Accidental Plagiarism.

Issues in Ethical Hacking: Ethical hacking involves an authorised attempt to gain

unauthorised access to a computer system, application, or data.
What are the types of ethical hacking?

● Web application hacking.

● Social engineering.
● System hacking.
● Hacking wireless networks.
● Web server hacking.
The legal risks of ethical hacking include lawsuits due to disclosure of personal or
confidential information. Such disclosure can lead to a legal battle involving the
organisation and the ethical hacker. It is very easy for ethical hacking to result in a
legal battle if it is not performed properly.