FINANCIAL FRAUDS & INDIAN CYBERLAW A PRESENTATION BY PAVAN DUGGAL ADVOCATE, SUPREME COURT OF INDIA PRESIDENT, CYBERLAWS.NET PRESIDENT, CYBERLAW ASIA HEAD, PAVAN DUGGAL ASSOCIATES IMPORTANT CASE STUDIES DIGITAL PROMISSORY NOTE CASE NIGERIAN 419 CASE AGRICULTURAL SOFTWARE EQUIPMENTS CASE SOURCE CODE CASE BANK NSP CASE Famous In Bank NSP case-2003 this case, the question being asked was whether a Bank is liable for the activities done on the Network provided by them UMASHANKAR CASE – A NEW CHAPTER UMASHANKAR SIVASUBRAMANIAN VERSUS THE BRANCH MANAGER PHISHING CASE DAMAGES OF RS 12,85,000/GRANTED AGAINST THE BANK MATTER BEFORE CYBER APPELLATE TRIBUNAL INTERESTING CASE CYBERLAW IN INDIA © of images belongs to the respective copyright holders CYBERCRIMES DEFINED UNDER THE IT ACT, 2000 Section 65- Tampering with computer source documents Section 66- Computer related offences Section 66A- Punishment for sending offensive messages through communication service, etc. THE IT ACT, 2000 – INDIA’S FIRST CYBERLAW © of images belongs to the respective copyright holders FOUR DIFERENT ACTS AS AMENDED BY IT ACT, 2000 © of images belongs to the respective copyright holders THE IT ACT, 2000 – OBJECTIVES (contd) © of images belongs to the respective copyright holders ELECTRONIC CONTRACT © of images belongs to the respective copyright holders DIGITAL SIGNATURES & PUBLIC KEY INFRASTRUCTURE TECHNOLOGY © of images belongs to the respective copyright holders ELECTRONIC GOVERNANCE © of images belongs to the respective copyright holders CYBERCRIMES DEFINED UNDER THE IT ACT, 2000 Section 65- Tampering with computer source documents Section 66- Computer related offences Section 66A- Punishment for sending offensive messages through communication service, etc. © of images belongs to the respective copyright holders CYBERCRIMES DEFINED UNDER THE IT ACT, 2000 Section 66B- Punishment for dishonestly receiving stolen computer resource or communication device. Section 66C- Punishment for identity theft Section 66D- Punishment for cheating by personation by using computer resource CYBERCRIMES DEFINED UNDER THE IT ACT, 2000 Section 66E- Punishment for violation of privacy Section 66F- Punishment for cyber terrorism Section 67- Punishment for publishing or transmitting obscene material in electronic form CYBERCRIMES DEFINED UNDER THE IT ACT, 2000 Section 67A- Punishment for publishing or transmitting of material containing sexually explicit act, etc., in electronic form Section 67B- Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc., in electronic form Section 67C- Preservation and retention of information by intermediaries CYBERCRIMES DEFINED UNDER THE IT ACT, 2000 Section 68- Power of the Controller to give directions Section 69- Power to issue directions for interception or monitoring or decryption of any information through any computer resource Section 69A- Power to issue directions for blocking for public access of any information through any computer resource CYBERCRIMES DEFINED UNDER THE IT ACT, 2000 Section 71- Penalty for misrepresentation Section 72- Breach of confidentiality and privacy Section 72A- Punishment for disclosure of information in breach of lawful contract THE INDIAN EVIDENCE ACT , 1872 DIGITAL EVIDENCE & ITS ACCEPTANCE AS PER LAW The Information Technology Act, 2000 amended the Indian Evidence Act by virtue of Second Schedule and inserted various provisions which have an impact upon digital evidence. the law pertaining to digital evidence has been developing over the last one decade. INTERMEDIARIES & CYBERLAW © of images belongs to the respective copyright holders INTERMEDIARY "Intermediary" with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes. INTERMEDIARIES AND DUE DILIGENCE UNDER THE IT ACT, 2000 Intermediaries are required to do due diligence under the terms of the amended Information Technology Act, 2000. This due diligence must be done to ensure compliance with the relevant parameters of the amended Information Technology Act, 2000. CASES Baazee.com case Famous Bank NSP case-2003 Umashankar Case © of images belongs to the respective copyright holders 11TH APRIL, 2011 – A HISTORICAL DAY FOR THE INFORMATION TECHNOLOGY ACT, 2000 The Government of India using its wide powers given under the Information Technology Act, 2000, has notified the Information Technology Rules, 2011 including the following: The Information Technology (Electronic Service Delivery) Rules, 2011 The Information Technology (Reasonable Security Practices And Procedures And Sensitive Personal Data Or Information) Rules, 2011 The Information Technology (Intermediaries Guidelines) Rules, 2011 The Information Technology (Guidelines for Cyber Cafe) Rules, 2011 SENSITIVE PERSONAL DATA OR INFORMATION LIABILITIES OF INTERMEDIARIES AND THE INDIAN CYBERLAW Further, in case, if the computer resources of the intermediary are being used to commit cyber terrorist act, then the top management of the intermediary could also be exposed to criminal liability under Section 66F which consist for life imprisonment and also fine. This is so by virtue of the operation of Section 85 of the Information Technology Act, 2000, which stipulates the offence by companies. LIABILITIES OF INTERMEDIARIES AND THE INDIAN CYBERLAW Liability of intermediaries has been specifically now provided under Section 79 of the amended Information Technology Act, 2000. “Google v/s Vishakha” case before the Hon'ble Supreme Court of India. The emphasis on exercise of due diligence by intermediaries is an important aspect. However, enforceability and implementation of the Information Technology Act, 2000 has always been a challenge. Most of the companies in India comply with the Information Technology Act, 2000 in breach rather than in observance. LIABILITIES OF INTERMEDIARIES AND THE INDIAN CYBERLAW There could have exposure to legal consequences, both civil and criminal, for the company and its top management. Civil liability-damages by way of compensation upto 50 million INR per contravention Criminal Consequences - The top management could also be exposed to criminal consequences ranging from imprisonment of 3 years to life imprisonment and fine from 1 Lakh INR to 10 Lakhs INR. LIABILITIES OF INTERMEDIARIES AND THE INDIAN CYBERLAW – CRIMINAL CONSEQUENCES © of images belongs to the respective copyright holders NEED FOR DUE DILIGENCE Every legal entity is thus required to do due diligence under the terms of the amended Information Technology Act, 2000. This due diligence must be done to ensure compliance with the relevant parameters of the amended Information Technology Act, 2000. DUE DILIGENCE-DEFINED The level of judgment, care, prudence, determination, and activity that a person/organization would reasonably be expected to do under particular circumstances. DUE DILIGENCE Supreme Court of India – Test of Reasonable Man. Actual In World Situation – more predictable Electronic Medium very difficult to apply test of a reasonable man. NEED FOR DUE DILIGENCE Reasonable Prudence ensues compliance with the requirements of law, that being Indian Cyberlaws, IT Act, IT Rules, notifications, bye-laws and circulars made thereunder. CULTURE OF DATA SECURITY There is a need for adoption of culture of data security for protection and preservation of data and information in the event of any cyber breach happened. COMPLIANCES AND THE INDIAN CYBERLAW © belongs to the respective copyright holders PAVAN DUGGAL ASSOCIATES COMPLIANCE FRAMEWORK – FOR COMPLIANCE, EVALUATION AND CERTIFICATION Asia Pacific Legal 500 says about Pavan Duggal Associates “Cyberlaw specialist Pavan Duggal Associates Advocates is the first port of call for many in terms of cases involving data theft, usually companies that have experienced theft of confidential or commercially sensitive information by former employees.” “Pavan Duggal Associates Advocates provides niche expertise in cyber law.” COMPLIANCES BY PAVAN DUGGAL ASSOCIATES Pavan Duggal Associates -role in helping companies ensure compliances with the Indian Cyberlaw and rules thereunder. Pavan Duggal Associates assist all intermediaries to ensure documented due diligence under the Information Technology Act, 2000. © of images belongs to the respective copyright holders Indian Cyberlaw has created the appropriate legal framework for promoting e-commerce in the country as was giving legality to electronic format. The said lead framework has provided for various enabling provisions that provide for electronic authentication and cyber security related issues. Bank of Maharashtra has a duty to ensure that its business operatons needs to comply with the parameters of Information Technology Act, 2000 as also rules and regulations made thereunder. Only in compliance, compliance and compliance lies the way for Nirvana for an intermediary. A PRESENTATION BY PAVAN DUGGAL ADVOCATE, SUPREME COURT OF INDIA PRESIDENT, CYBERLAWS.NET PRESIDENT, CYBERLAW ASIA HEAD, PAVAN DUGGAL ASSOCIATES pavan@pavanduggal.com pavanduggal@yahoo.com