CYBER LÄW IN INDIA (Law on Internet) Dr. Farooq Ahmad Reader, Department of Law University of Kashmir, Srinagar New Era Law Publications Law Book Publishers, 1159, Outrem Linea, DELHI
Contents Preface to Second Edition Preface to First Edition Table of Cases CHAPTER 1 Early Development of Digital Computer Evolution of Computer Industry Evolution of Internet I. Genesis of Internet II. Internet Functioning III. Internet Potential Internet Domain Survey, January 2001 Number of Hosts advertised in the DNS IV. Communication through Internet V. Modes of Communication e-mail List Serv Sharing of Information Databases Real Time Text Based Communications (Talk and IRC) Real-Time Remote Computer Utilization (Talnet) Remote Retrieval of Information Internet Challenges Problems CHAPTER 2 Potential and Problems CHAPTER 3 Genesis, Object and Scope of the IT Art Object of the Act (xi)
xii Cyber Law in India (Law on Internet) Scope of the Act... 31 CHAPTER 4 Encryption Meaning... 34 Mathematical Basis of Encryption... 36 Symmetrie or shared key Encryption... 37 Symmetrie Cryptosystem... 37 Limitations of Symmetrie Cryptosystem... 38 Data Encryption Standard... 39 (i) Triple DES... 40 (ii) SkipJACK... 40 Proprietary algorithms... 41 Data Integrity... 41 Shared Key Encrypted Communications in practice... 42 Hybrid encryption System or Digital Envelope... 42 Digital Cash... 43 Time Stamping Service... 44 Asymmetrie Cryptosystem... 44 Asymmetrie cryptosystem for confidentiality... 45 Asymmetrie cryptosystem For Authentication... 46 RSAAlgorithm... 47 Mathematical basis of RSA... 48 How Public Cryptosystem works in practice?... 49 Advantages of Public Key Encryption... 50 Relationship of the Quality of Cryptosystem and Key Length... 51 EHiptic Curve Digital Signature... 53 CHAPTER 5 Authentication of Electronic Records and Electronic Governance Introduction... 56 Authentication of the Electronic Records... 59 Digital Signature... 60 RSA Digital Signatures... 63 RSA Digital Signature Scheine... 63 Hash Function... 64
Contents Working of Digital Signatures Digital Signatures in Practice Digital Watermarking Secure Electronic Record and Secure Digital Signatures Electronic Governance Legal Recognition of Electronic Records Legal Recognition of Digital Signatures Use of Electronic Records and Digital Signatures in Government and its agencies... 79 Retention of Electronic Records... 80 Publication of Rules, Regulations, etc. in Electronic Gazette... 80 Power to Make Rules... 81 CHAPTER 6 Certifying Authorüies Need of Certifying Authority... 82 Functioning of the Certifying Authority... 83 Types of Certificates... 85 Identification Certificate... 86 Authorizing Certificate... 86 Transactional Certificate... 87 Digital Time Stamping Service... 87 Validity Period of Digital Signatures... 88 Certificate Chain... 88 Appointment of Controller... 90 Functions of Controller... 90 Controller to act as Repository... 91 Powers of the Controller... 92 Power to Recognise Foreign Certifying Authorities... 92 Power to issue Licence... 92 Power to Renew Licence... 93 Power to Suspend or Revoke Licence... 93 Power to Delegate and Investigate... 94 (a) Power regarding Discovery and Production of Evidence, etc.... 95 (b) Power of Search and Seizure... 95 (c) Power to Requisition Books of Account, etc.... 97
xiv Cyber Law in India (Law on Internet) (d) Power to Call for Information... 97 (e) Power of Survey... 97 (f) Power to Collect Certain Information... 98 (g) Power to Inspect Registers of Companies... 98 Power to have Access to Computers and Data... 98 Power to issue Directions... 99 Power to Decrypt Information... 99 Power to Make Regulations... 104 Database of Certifying Authorities... 104 Who can be a Certifying Authority?... 105 Application for licence... 107 Certification Practice Statement... 109 Issuance of Licence... 110 Refusal of Licence... 110 Surrender of Licence... 111 Cross Certification... 111 Duties of Certifying Authorities... 112 Certifying Authority to follow Procedures... 112 Certifying Authority as an Indemnifier... 114 Disclosure of Certain Facts... 114 Commencement of Commercial Operation by Licensed Certifying Authorities... 115 Requirements prior to Cessation as Certifying Authority.... 115 Digital Signature Certificates... 116 Digital Signature Certificate... 118 Digital Signature Certificate Standard... 119 Representations upon issuance of Digital Signature Certificate... 119 Generation of Digital Signature Certificate... 120 Issue of Digital Signature Certificate... 120 Lifetime of Certificate... 122 Suspension of Digital Signature Certificate... 122 Revocation of Digital Signature Certificate... 123 Certificate Revocation List (CRL)... 125 Compromise of Digital Signature Certificate... 126 Archival of Digital Signature Certificate... 126 Audit... 126
Contents Confidential Information... 127 Duties of Subscribers... 127 Generating Key Pair... 127 Acceptance of Digital Signature Certificate... 128 Control of Private Key... 128 CHAPTER 7 Domain Name Disputes and Trademark Law Background of Domain Names :... 130 Where Lies the Dispute?... 133 Intersection of Internet Domain Names and the Trademark Law... 140 Commercial use of the Mark... 142 Similarity of mark With the Registered Mark... 144 Dilution of Trademark... 146 Likelihood of Consumer Confusion... 147 New Concepts In Trademark Jurisprudence... 151 Cyberquatting... 151 Reverse Hijacking... 154 Metatages... 155 Keyword Banners... 157 Hyperlinks... 159 Framing... 160 Grip Sites and Fan Sites... 160 Spamming... 161 Jurisdiction in Trademark Disputes... 162 Objectives of the UDRP :... 172 Representation by Domain Name Applicant... 173 Mandatory Administrative Proceeding... 173 Application of UDRP... 174 Evidence of Registration and Use in Bad Faith... 175 Rights and Legitimate Interests of a Domain Name Holder... 175 Initiation of Proceedings and Process... 176 Appointment of the Panel and Timing of Decision... 178 Powers of the Panel... 179 Available Remedies... 180 Panel Decisions... 180 Availability of Court Proceedings... 182 xv
xvi Cyber Law in India (Law on Internet) Cancellation, Transfers and Changes... 182 Ban on Transfers During a Dispute... 183 Policy Modifications... 183 Decisions under UDRP... 184 Judicial Trends in India... 200 Protection of Domain Names... 200 Standard of Consumer Confusion... 202 Standard of Confusion... 203 Basis of Liabüity... 203 CHAPTER 8 Electronic Commerce Contracts by Electronic Data Interchange... 212 Cyber Contracts... 212 E-mail... 212 World Wide Web (www)... 213 Validity of Electronic Transactions... 213 Dichotomy of Offer And Invitation to Treat... 216 Application of Mirror Image Rule... 218 Communication of Offer and Acceptance... 220 Revocation of Offer and Acceptance... 226 Incorporation of Terms By Reference... 229 Mistake in Electronic Commerce... 230 Place of Formation of Contract... 233 Jurisdiction... 234 Identity of Parties..'. 244 CHAPTER 9 Service Provider's Uability for Copyright Infringement Who is an Internet Service Provider?... 249 Basis of Liability... 251 Judicial Trends... 251 Legislative Measures... 254 Indian Scenario... 258 Service Provider's Liability for Defamation... 259 Judicial Trends... 263 Legislative Measures... 268
Contents xvü Service Provider's Liability for Pornography... 274 Test of Obscenity... 274 Internet Obscenity... 276 Legislative Measures... 278 CHAPTER 10 Cyber Regulations Appellate Tribunal Establishment and Composition of Cyber Appellate Tribunal... 282 Qualifications for Presiding Officer... 283 Term of Office, Salary, AHowances and other Terms and Conditions of Service of Presiding Officer... 284 Resignation, Removal and Filling up of Vacancies... 284 Staff of the Cyber Appellate Tribunal... 285 Jurisdiction of Cyber Appellate Tribunal... 285 Adjudicating Officer... 286 Powers of the Adjudicating Officer... 286 Factors to be taken into account by the Adjudicating officer... 287 Power to Award Compensation... 287 Powers of the Adjudicating Officer to Impose Penalty... 289 Compounding of Contravention... 290 Appeal to Cyber Regulations Appellate Tribunal... 290 Procedure and Powers of the Cyber Appellate Tribunal... 291 Procedure for Filing Applications... 292 Contents of Application... 293 Powers, Functions and Duties of the Registrar... 294 Service of Notice of Application on the Respondents... 295 Filing of Reply and other documents by the Respondent... 296 Hearing on application... 296 Orders and Directions of the Tribunal... 297 Registration of Legal Practitioner's Clerks... 297 Jurisdiction of the Civil Court Barred... 298 Appeal to High Court... 298 Constitution of Advisory Committee... 299 CHAPTER 11 Cyber Crimes Classification of Cyber Crimes... 302 F-2
xviii Cyber Law in India (Law on Internet) Computer as target of the Crime... 303 Computer as an instrument of Crime... 303 Computer as incidental to the Crime... 304 (A) Inlernet Crime... 304 (B) Web based Crimes... 304 Target of Computer Crime... 305 Challenge of Cyber Crimes... 305 Indian Schcme of Offences and Punishment... 306 Datnage to Computer, Computer system, etc.... 308 Unauthorised Access... 308 Packet Sniffing... 310 Tcmpest attack... 311 Password Cracking... 311 Butter Overflow... 312 Computer Contaminant or Computer Virus... 315 (a) Viruses.... 316 (b) Logic Bomb... 319 (c) Worms... 320 (d) Trojan Horse Programme... 321 Stealth Virus... 323 Polymorphic Virus... 323 Macro Virus... 323 Companion Virus.... 323 Fast and Slow viruses.... 324 Virus hoax... 324 Sparse Virus... 324 Denial of Service..., 324 SYN Attack... 326 User Datagram Protocol (UDP) Attack... 326 Internet Control Message Protocol (ICMP) Attack... 327 Smurf Attack... 327 Mültipronged Denial of Service Attack... 328 Tampering with Computer Source Documents... 328 Hacking... 328 Passwords... 331 Firewalls... 332
Contents Encryption Digital Signatures Clipper Chip Routers or Gateways Operating System Publishing of Obscene Information in Electronic Form Test of Obscenity Prurient Interest Publication of Obscene Matter Knowledge of Obscenity Cyberstalking Internet Fraud E-mail Misuse Penalty for Misrepresentation Penalty for Breach of Confidentiality and Privacy Penalty for Publishing False Digital Signature Certificate Confiscation Penalties and Confiscation in addition to and not in Derogation of other Punishments Penalty for Failure to Furnish Information, return, etc. Residuary Penalty Extra Territorial Jurisdiction Investigation of Computer Crimes Offences by Companies Recovery of Penalties Power of Central Government to Make Rules Power of State Government to Make Rules APPENDICES 1. The Information Technology Act, 2000 2. The Information Technology (Certifying Authorities) Rules, 2000 ; 3. The Cyber Regulations Appellate Tribunal (Procedure) Rules, 2000 4. The Information Technology (Certifying Authority) Regulations, 2001 xix... 332... 333... 333... 333... 334... 334... 335... 337... 337... 337... 339... 341... 342... 343... 344... 344... 344... 345... 345... 345... 345... 346... 346... 347... 347... 348... 350... 397... 472... 483
xx Cyber Law in India (Law on Internet) 5. The Cyber Regulations Appellate Tribunal (Procedure for Investigation of Misbehaviour or Incapacity of Presiding Officer) Rules, 2003... 504 6. The Information Technology (Other Powers of Civil Court Vested in Cyber Appellate Tribunal) Rules, 2003... 508 7. The Information Technology (Other Standards) Rules, 2003... 509 8. The Information Technology (Qualification and Experience of Adjudicating Officers and Manner of Holding Enquiry) Rules, 2003... 510 9. The Cyber Regulations Appellate Tribunal (Salary, Allowances and other Terms and Conditions of Service of Presiding Officer) Rules, 2003... 516 Bibliography... 519 Books... 519 Websites... 530