Digitization A new opportunity for Fraud Detection

advertisement
FINANCIAL FRAUDS &
INDIAN CYBERLAW
A PRESENTATION
BY
PAVAN DUGGAL
ADVOCATE, SUPREME COURT
OF INDIA
PRESIDENT, CYBERLAWS.NET
PRESIDENT, CYBERLAW ASIA
HEAD, PAVAN DUGGAL
ASSOCIATES
IMPORTANT CASE STUDIES
DIGITAL
PROMISSORY NOTE CASE
NIGERIAN
419 CASE
AGRICULTURAL
SOFTWARE
EQUIPMENTS CASE
SOURCE CODE CASE
BANK NSP CASE
 Famous
 In
Bank NSP case-2003
this case, the question being asked was
whether a Bank is liable for the activities
done on the Network provided by them
UMASHANKAR CASE – A
NEW CHAPTER
 UMASHANKAR
SIVASUBRAMANIAN
VERSUS THE BRANCH MANAGER
 PHISHING CASE
 DAMAGES
OF
RS
12,85,000/GRANTED AGAINST THE BANK
 MATTER
BEFORE
CYBER
APPELLATE TRIBUNAL
 INTERESTING CASE
CYBERLAW IN INDIA
© of images belongs to the respective
copyright holders
CYBERCRIMES DEFINED UNDER
THE IT ACT, 2000

Section 65-
Tampering with computer source
documents

Section 66-
Computer related offences

Section 66A-
Punishment for sending offensive
messages through communication
service, etc.
THE IT ACT, 2000 – INDIA’S
FIRST CYBERLAW
© of images belongs to the respective
copyright holders
FOUR DIFERENT ACTS AS
AMENDED BY IT ACT, 2000
© of images belongs to the respective
copyright holders
THE IT ACT, 2000 –
OBJECTIVES (contd)
© of images belongs to the respective
copyright holders
ELECTRONIC CONTRACT
© of images belongs to the respective
copyright holders
DIGITAL SIGNATURES & PUBLIC KEY
INFRASTRUCTURE TECHNOLOGY
© of images belongs to the respective
copyright holders
ELECTRONIC GOVERNANCE
© of images belongs to the respective
copyright holders
CYBERCRIMES
DEFINED UNDER
THE IT ACT, 2000

Section 65-
Tampering with computer source
documents

Section 66-
Computer related offences

Section 66A-
Punishment for sending offensive
messages through communication
service, etc.
© of images belongs to the respective
copyright holders
CYBERCRIMES DEFINED
UNDER THE IT ACT, 2000

Section 66B-
Punishment for dishonestly receiving
stolen computer resource or
communication device.

Section 66C-
Punishment for identity theft

Section 66D-
Punishment for cheating by
personation by using computer
resource
CYBERCRIMES DEFINED UNDER
THE IT ACT, 2000
 Section
66E- Punishment for violation of
privacy
 Section
66F- Punishment for cyber terrorism
 Section
67-
Punishment for publishing or
transmitting obscene material in
electronic form
CYBERCRIMES DEFINED UNDER
THE IT ACT, 2000

Section 67A-
Punishment for publishing or transmitting of
material containing sexually explicit act, etc.,
in electronic form

Section 67B-
Punishment for publishing or transmitting of
material depicting children in sexually explicit
act, etc., in electronic form

Section 67C-
Preservation and retention of information by
intermediaries
CYBERCRIMES DEFINED UNDER
THE IT ACT, 2000

Section 68-
Power of the Controller to give directions

Section 69-
Power to issue directions for interception
or monitoring or decryption of any
information through any computer
resource

Section 69A-
Power to issue directions for blocking for
public access of any information through
any computer resource
CYBERCRIMES DEFINED UNDER
THE IT ACT, 2000
 Section
71-
Penalty for misrepresentation
 Section
72-
Breach of confidentiality and
privacy
 Section
72A- Punishment for disclosure of
information in breach of lawful
contract
THE INDIAN EVIDENCE ACT ,
1872
DIGITAL EVIDENCE & ITS
ACCEPTANCE AS PER LAW
The
Information Technology Act, 2000
amended the Indian Evidence Act by virtue
of Second Schedule and inserted various
provisions which have an impact upon
digital evidence.
the law pertaining to digital evidence has
been developing over the last one decade.
INTERMEDIARIES & CYBERLAW
© of images belongs to the respective
copyright holders
INTERMEDIARY
"Intermediary" with respect to any particular electronic
records, means any person who on behalf of another
person receives, stores or transmits that record or provides
any service with respect to that record and includes
telecom service providers, network service providers,
internet service providers, web hosting service providers,
search engines, online payment sites, online-auction sites,
online market places and cyber cafes.
INTERMEDIARIES AND DUE
DILIGENCE UNDER THE IT ACT, 2000
 Intermediaries
are required to do due
diligence under the terms of the amended
Information Technology Act, 2000.
 This due diligence must be done to ensure
compliance with the relevant parameters of
the amended Information Technology Act,
2000.
CASES
Baazee.com case
Famous Bank NSP case-2003
Umashankar Case
© of images belongs to the respective
copyright holders
11TH APRIL, 2011 – A HISTORICAL DAY
FOR THE INFORMATION TECHNOLOGY
ACT, 2000

The Government of India using its wide powers given under the
Information Technology Act, 2000, has notified the Information
Technology Rules, 2011 including the following:
 The Information Technology (Electronic Service
Delivery) Rules, 2011
 The Information Technology (Reasonable Security
Practices And Procedures And Sensitive Personal Data
Or Information) Rules, 2011
 The
Information
Technology
(Intermediaries
Guidelines) Rules, 2011
 The Information Technology (Guidelines for Cyber
Cafe) Rules, 2011
SENSITIVE PERSONAL DATA OR
INFORMATION
LIABILITIES OF
INTERMEDIARIES AND THE
INDIAN CYBERLAW
Further, in case, if the computer resources of the intermediary
are being used to commit cyber terrorist act, then the top
management of the intermediary could also be exposed to criminal
liability under Section 66F which consist for life imprisonment and
also fine.

This is so by virtue of the operation of Section 85 of the
Information Technology Act, 2000, which stipulates the offence by
companies.

LIABILITIES OF INTERMEDIARIES AND
THE INDIAN CYBERLAW




Liability of intermediaries has been specifically now provided
under Section 79 of the amended Information Technology Act,
2000.
“Google v/s Vishakha” case before the Hon'ble Supreme
Court of India.
The emphasis on exercise of due diligence by intermediaries is an
important aspect. However, enforceability and implementation
of the Information Technology Act, 2000 has always been a
challenge.
Most of the companies in India comply with the
Information Technology Act, 2000 in breach rather than in
observance.
LIABILITIES OF INTERMEDIARIES
AND THE INDIAN CYBERLAW
There could have exposure to legal consequences,
both civil and criminal, for the company and its top
management.
Civil liability-damages by way of compensation
upto 50 million INR per contravention
Criminal Consequences - The top management
could also be exposed to criminal consequences
ranging from imprisonment of 3 years to life
imprisonment and fine from 1 Lakh INR to 10
Lakhs INR.
LIABILITIES OF INTERMEDIARIES
AND THE INDIAN CYBERLAW –
CRIMINAL CONSEQUENCES
© of images belongs to the respective
copyright holders
NEED FOR DUE DILIGENCE
 Every
legal entity is thus required to do due
diligence under the terms of the amended
Information Technology Act, 2000.
 This due diligence must be done to ensure
compliance with the relevant parameters of
the amended Information Technology Act,
2000.
DUE DILIGENCE-DEFINED
 The
level of judgment, care, prudence,
determination, and activity that a
person/organization would reasonably be
expected to do under particular
circumstances.
DUE DILIGENCE
 Supreme
Court of India – Test of Reasonable
Man.
 Actual
 In
World Situation – more predictable
Electronic Medium very difficult to apply
test of a reasonable man.
NEED FOR DUE DILIGENCE
 Reasonable
Prudence ensues compliance
with the requirements of law, that being
Indian Cyberlaws, IT Act, IT Rules,
notifications, bye-laws and circulars made
thereunder.
CULTURE OF DATA
SECURITY
 There
is a need for adoption of culture of
data security for protection and
preservation of data and information in
the event of any cyber breach happened.
COMPLIANCES AND THE
INDIAN CYBERLAW
© belongs to the respective copyright
holders

PAVAN DUGGAL ASSOCIATES
COMPLIANCE FRAMEWORK – FOR
COMPLIANCE, EVALUATION AND
CERTIFICATION
Asia Pacific Legal 500 says about Pavan Duggal
Associates
“Cyberlaw specialist
Pavan Duggal Associates
Advocates is the first port of call for many in terms of
cases involving data theft, usually companies that have
experienced theft of confidential or commercially
sensitive information by former employees.”
“Pavan Duggal Associates Advocates provides niche
expertise in cyber law.”
COMPLIANCES BY PAVAN
DUGGAL ASSOCIATES
 Pavan
Duggal Associates -role in helping
companies ensure compliances with the
Indian Cyberlaw and rules thereunder.
 Pavan
Duggal Associates assist all
intermediaries to ensure documented due
diligence under the Information Technology
Act, 2000.
© of images belongs to the respective
copyright holders
Indian
Cyberlaw has created the appropriate legal
framework for promoting e-commerce in the
country as was giving legality to electronic format.
The said lead framework has provided for various
enabling provisions that provide for electronic
authentication and cyber security related issues.
Bank of Maharashtra has a duty to ensure that its
business operatons needs to comply with the
parameters of Information Technology Act, 2000
as also rules and regulations made thereunder.
Only
in
compliance,
compliance and compliance
lies the way for Nirvana for an
intermediary.
A PRESENTATION
BY
PAVAN DUGGAL
ADVOCATE, SUPREME COURT OF
INDIA
PRESIDENT, CYBERLAWS.NET
PRESIDENT, CYBERLAW ASIA
HEAD, PAVAN DUGGAL ASSOCIATES
pavan@pavanduggal.com
pavanduggal@yahoo.com
Download