Cyber Security

5. Cyber Ethics and law: Cyber law, also known as Internet Law or Cyber Law, is the part of
the overall legal system that is related to legal informatics and supervises the digital circulation
of information, e-commerce, software and information security. It is associated with legal
informatics and electronic elements, including information systems, computers, software, and
hardware. It covers many areas, such as access to and usage of the Internet, encompassing
various subtopics as well as freedom of expression, and online privacy.

Cyber laws help to reduce or prevent people from cybercriminal activities on a large scale with
the help of protecting information access from unauthorized people, freedom of speech related to
the use of the Internet, privacy, communications, email, websites, intellectual property, hardware
and software, such as data storage devices. As Internet traffic is increasing rapidly day by day,
that has led to a higher percentage of legal issues worldwide. Because cyber laws are different
according to the country and jurisdiction, restitution ranges from fines to imprisonment, and
enforcement is challenging.

Cyberlaw offers legal protections for people who are using the Internet as well as running an
online business. It is most important for Internet users to know about the local area and cyber law
of their country by which they could know what activities are legal or not on the network. Also,
they can prevent ourselves from unauthorized activities.

The Computer Fraud and Abuse Act was the first cyber law, called CFFA, that was enacted in
1986. This law was helpful in preventing unauthorized access to computers. And it also provided
a description of the stages of punishment for breaking that law or performing any illegal activity.

Why are cyber laws needed?

There are many security issues with using the Internet and also available different malicious
people who try to unauthorized access your computer system to perform potential fraud.
Therefore, similarly, any law, cyber law is created to protect online organizations and people on
the network from unauthorized access and malicious people. If someone does any illegal activity
or breaks the cyber rule, it offers people or organizations to have that persons sentenced to
punishment or take action against them.

What happens if anyone breaks a cyber law?

If anyone breaks a cyber law, the action would be taken against that person on the basis of the
type of cyberlaw he broke, where he lives, and where he broke the law. There are many
situations like if you break the law on a website, your account will be banned or suspended and
blocked your IP (Internet Protocol) address. Furthermore, if any person performs a very serious
illegal activity, such as causing another person or company distress, hacking, attacking another
person or website, advance action can be taken against that person.

Importance of Cyber Law

Cyber laws are formed to punish people who perform any illegal activities online. They are
important to punish related to these types of issues such as online harassment, attacking another
website or individual, data theft, disrupting the online workflow of any enterprise and other
illegal activities.

If anyone breaks a cyber law, the action would be taken against that person on the basis of the
type of cyberlaw he broke, where he lives, and where he broke the law. It is most important to
punish the criminals or to bring them to behind bars, as most of the cybercrimes cross the limit of
crime that cannot be considered as a common crime.

These crimes may be very harmful for losing the reliability and confidentiality of personal
information or a nation. Therefore, these issues must be handled according to the laws.

o When users apply transactions on the Internet, cyber law covers every transaction and
protect them.
o It touches every reaction and action in cyberspace.
o It captures all activities on the Internet.

Areas involving in Cyber Laws

These laws deal with multiple activities and areas that occur online and serve several purposes.
Some laws are formed to describe the policies for using the Internet and the computer in an
organization, and some are formed to offer people security from unauthorized users and
malicious activities. There are various broad categories that come under cyber laws; some are as
follows:

Fraud

Cyber laws are formed to prevent financial crimes such as identity theft, credit card theft and
other that occurring online. A person may face confederate or state criminal charges if he
commits any type of identity theft. These laws have explained strict policies to prosecute and
defend against allegations of using the internet.

Copyrighting Issues

The Internet is the source that contains different types of data, which can be accessed anytime,
anywhere. But it is the authority of anyone to copy the content of any other person. The strict
rules are defined in the cyber laws if anyone goes against copyright that protects the creative
work of individuals and companies.
 Scam/ Treachery

There are different frauds and scams available on the Internet that can be personally harmful to
any company or an individual. Cyber laws offer many ways to protect people and prevent any
identity theft and financial crimes that happen online.

What is commerce?
Commerce is an important part of a business. It is nothing but buying and selling of goods,
which means when we buy a product or service to others, and then it is called as commerce.

What is E-commerce?
E-commerce can be broadly defined as the process of buying and selling of goods or services
using an electronic medium such as the Internet. It is also referred as a paperless exchange of
business information using EDI, E-mail, electronic fund transfer, etc.

Name some advantages of E-Commerce.

● Global scope: It provides the sellers with a global reach. Now sellers and buyers can meet in
the virtual world, without a geographical barrier.
● Electronic transaction: E-commerce reduces the paper work and significantly lowers the
transaction cost. It enables the use of credit cards, debit cards, smart cards, electronic fund
transfer via bank’s website and other modes of electronic payment.
● Cost saving: E-commerce application provides users with more options to compare and select
the cheaper and better option. It helps in reducing services such as healthcare, the cost of
searching a product, etc. E-commerce has enabled rural areas to access services and products,
which are otherwise not available to them.
● Anytime shopping: One other great advantage is the convenience. A customer can shop 24×7.
The website is functional at all times; it does not have working hours like a shop.
● No intermediaries: Electronic commerce also allows the customer and the business to be in
touch directly, without any intermediaries. This allows for quick communication and
transactions.
● Public services: E-commerce helps the government to deliver public e education, social
services at a reduced cost and in an improved manner.
List disadvantages of E-Commerce.
● Setup cost: The setup of the hardware and the software, the training cost of employees, the
constant maintenance and upkeep are all quite expensive
● Physical presence: This lack of a personal touch can be a disadvantage for many types of
services and products like interior designing or the jewelry business.
● Security: Security is another area of concern. Credit card theft, identity theft etc. remain big
concerns with the customers.
● Goods delivery: There may arrive some problem with fulfillment of order. Even after the order
is placed there can be problems with shipping, delivery, mix-ups etc. This leaves
the customers unhappy and dissatisfied
What are the types of E-Commerce?
● Business – to – Consumer (B2C): In B2C model, business sells its products directly to a
customer. A customer can view the products shown on the website. The customer can choose a
product and order the same. The website will then send a notification to the business
 organization via email and the organization will dispatch the product/ goods to the customer.
These B2C businesses are online retailers. Example: Amazon, Flipchart, etc.
● Business – to – Business (B2B): In B2B model, business sells its products to an intermediate
buyer who then sells the product to the final customer. As an example, a wholesaler places an
order from a company’s website and after receiving the consignment, sells the product to the
final customer who comes to buy the product at one of its retail outlets. Example: Tata
communications (network provider).
● Consumer – to – Consumer (C2C): In C2C model, consumer helps consumer to sell their
assets like residential property, cars, motor cycles, or rent a room by publishing
their information on the website. Website may or may not charge the consumer for its services.
Example OLX, Quirk, online auction.
● Consumer – to – Business (C2B): In this model, consumers have products or services of value
that can be consumed by businesses. For example, the comparison of interest rates of personal
loan/car loan provided by various banks via websites. A business organization that fulfills the
consumer’s requirement within the specified budget approaches the customer and provides its
services. For e.g. – A blog can be written by an author for a business to improve sale of
products, eBay.
●
What are the phases of a trade cycle?
● Pre-sales
● Execution
● Settlement
● After-sales
●
Enlist the different modes of payment.
● Credit cards
● Mobile payments
● Bank transfers
● E-wallets

Write note on E-Commerce technology- Electronic Data Interchange (EDI)

● EDI is the electronic interchange of business information using a standardized format; a
process which allows one company to send information to another company electronically
rather than on paper.
● Business entities conducting business electronically are called trading partners.
● Many business documents can be exchanged using EDI; two most common documents are
purchase orders and invoices.
● It is computer-to-computer interchange of strictly formatted documents via
telecommunications or physically transported on electronic storage media.
●
What is E-Governance?
● It signifies the implementation of information technology in the government processes and
functions so as to cause simple, moral, accountable and transparent governance.
● The basic purpose of e-governance is to simplify processes for all, i.e. government, citizens,
businesses etc. at National, State and local levels.
● Hence, E-governance delivers SMART government. (S- Simple, M-Moral, A-Accessible, R-
Responsive, T-Transparent Government
 List the advantages of E-Governance.
● Reduced corruption
● High transparency
● Increased convenience
● Direct participation of constituents
● Reduction in overall cost.
● Expanded reach of government
●
Enlist the types of E-Governance.
● Government-to-Citizen (G2C)
● Government-to-Business (G2B)
● Government-to-Government (G2G)
● Government-to-Employee (G2E)

What is Government-to-Government (G2G)?

● The Government-to-Government refers to the interaction between different government
departments, organizations and agencies.
● In G2G, government agencies can share the same database using online communication. The
government departments can work together.
● G2G services can be at the local level or the international level. Likewise, it provides safe and
secure inter-relationship between domestic or foreign government.

List some effective examples of successful implementation of E-Governance projects.

● e-Mitra project (Rajasthan)
● e-Seva project (Andhra Pradesh)
● CET (Common Entrance Test)
● AADHAAR card
● Digi Locker
● Bharat Bill Payment System
● PAN
● EPFO services
● PMKVY services

Enlist security measures in E-Commerce.

● Encryption
● Digital signature
● Digital certificate

What is encryption?
Encryption is widely used on the internet to protect user information being sent between a
browser and a server. This includes passwords, payment information and other personal
information that should be considered private.

What are the types of encryption?

● Symmetric (Shared Secret Encryption)
● Asymmetric (Public-Key Encryption)

What is the use of digital signatures?

A digital signature is also known as an electronic signature. A digital signature guarantees the
authenticity of an electronic document or message in digital communication and uses encryption
technique (asymmetric cryptography) to provide proof of original and unmodified
documentation. Digital signatures are used in e-commerce, software distribution, and financial
transactions. This is the direct transfer of information between two partners.

What is a digital certificate?

A Digital Certificate is an electronic “password” that allows a person or organization to
exchange data securely over the Internet using the public key infrastructure (PKI). Digital
Certificate is also known as a public key certificate or identity certificate. In this, information is
transferred between two authorized partners who have digital certificates issued by some
supreme authority.

Certifying authority and controller:

As per Section 18 of The Information Technology Act, 2000 provides the required legal sanctity
to the digital signatures based on asymmetric cryptosystems. The digital signatures are now
accepted at par with handwritten signatures and the electronic documents that have been digitally
signed are treated at par with paper documents.

The IT Act provides for the Controller of Certifying Authorities(CCA) to license and regulate the
working of Certifying Authorities. The Certifying Authorities (CAs) issue digital signature
certificates for electronic authentication of users.

The Controller of Certifying Authorities (CCA) has been appointed by the Central Government
under section 17 of the Act for purposes of the IT Act. The Office of the CCA came into
existence on November 1, 2000. It aims at promoting the growth of E-Commerce and E-
Governance through the wide use of digital signatures.

The Controller of Certifying Authorities (CCA) has established the Root Certifying Authority
(RCAI) of India under section 18(b) of the IT Act to digitally sign the public keys of Certifying
Authorities (CA) in the country. The RCAI is operated as per the standards laid down under the
Act.

The CCA certifies the public keys of CAs using its own private key, which enables users in the
cyberspace to verify that a given certificate is issued by a licensed CA. For this purpose it
operates, the Root Certifying Authority of India(RCAI). The CCA also maintains the Repository
of Digital Certificates, which contains all the certificates issued to the CAs in the country.

Appointment of Controller and Other Officers

Section 17 provides that the Central Government may, by notification in the Official
Gazette, appoint a Controller of Certifying Authorities for the purposes of this Act. It
 may also be the same or subsequent notification appoint such number of Deputy
Controllers, Assistant Controllers, other officers and employees as it deems fit. The
controller has to function under the general control and directions of the Central
Government and the Deputy Controllers and Assistant Controllers have to function under
general superintendence and control of the controller. The controller shall have its head
office at a place prescribed by the Central Government. There shall be a seal of the office
of the controller.

Duties of Certifying Authority (Secs. 30 – 34)

a. To follow certain procedures regarding security system (Sec. 30). The Act has
laid down certain procedures relating to security system to be followed by the
certifying authority in the performance of its services. It must:
i. make use of hardware, software, and procedures that are secure from
intrusion and misuse;
ii. provide a reasonable level of reliable services;
iii. adhere to security procedures to ensure the secrecy and privacy of
electronic signatures;
iv. be the repository of all Electronic Signature Certificates;
v. publish information regarding its practices, Electronic Signature
Certificates and current status of such certificates; and
vi. observe the specified standards.

The above stated security procedures must ensure the achievement of 4 objectives
of a security system: Confidentiality, accessibility of information, consistency of
information and authorized use of resources.

b. To ensure compliance of the Act (Sec. 31). The certifying authority must ensure
that every person employed or engaged by it complies with the provisions of the
Act, rules, regulations or order, made thereunder.
c. To display its licenses (Sec. 32). The certifying authority must display its licence
at a conspicuous place in the premises in which it carries on its business.
d. To surrender its license (Sec. 33). The certifying authority must surrender its
licence to the controller on its suspension or revocation.
e. To make certain disclosures (Sec. 34). The certifying authority is required to
make the following disclosures:
i. Disclosure of Electronic Signature Certificate;
ii. Disclosure of Certification Practice Statement (CPS) ;“Certificate Practice
Statement” means a statement issued by a certifying authority to specify
the practices that the certifying authority employs in issuing electronic
signature certificates [Sec. 2(1)(k)]
It also outlines the CA’s policies, practices and procedures for verifying
keys and suspension, revocation and renewal of electronic signature
certificates.
 iii. Disclosure of notice of revocation and suspension of Certificates of
Certifying Authority;
iv. Disclosure of facts materially and adversely affecting the reliability of
electronic signature certificate;
v. Disclosure of adverse effects to affected person [Sec. 34(2)]. The authority
is bound to disclose to affected person about any event which may
materially and adversely affect the integrity of the computer system or the
conditions under which electronic signature certificate was granted. The
certifying authority is required to act in accordance with the procedure
specified in its CPS to deal with such event or situation.

Offences under IT Act

The faster world-wide connectivity has developed numerous online crimes and these increased
offences led to the need of laws for protection. In order to keep in stride with the changing
generation, the Indian Parliament passed the Information Technology Act 2000 that has been
conceptualized on the United Nations Commissions on International Trade Law (UNCITRAL)
Model Law.
The law defines the offenses in a detailed manner along with the penalties for each category of
offence.

Offences

Cyber offences are the illegitimate actions, which are carried out in a classy manner where either
the computer is the tool or target or both.
Cyber-crime usually includes the following −
● Unauthorized access of the computers
● Data diddling
● Virus/worms attack
● Theft of computer system
● Hacking
● Denial of attacks
● Logic bombs
● Trojan attacks
● Internet time theft
● Web jacking
● Email bombing
● Salami attacks
● Physically damaging computer system.
The offences included in the I.T. Act 2000 are as follows −
● Tampering with the computer source documents.
● Hacking with computer system.
● Publishing of information which is obscene in electronic form.
● Power of Controller to give directions.
 ● Directions of Controller to a subscriber to extend facilities to decrypt information.
● Protected system.
● Penalty for misrepresentation.
● Penalty for breach of confidentiality and privacy.
● Penalty for publishing Digital Signature Certificate false in certain particulars.
● Publication for fraudulent purpose.
● Act to apply for offence or contravention committed outside India Confiscation.
● Penalties or confiscation not to interfere with other punishments.
● Power to investigate offences.
● Example
● Offences Under The It Act 2000
● Section 65. Tampering with computer source documents
● Whoever knowingly or intentionally conceals, destroys or alters or intentionally or
knowingly causes another to conceal, destroy or alter any computer source code used for
a computer, computer program, computer system or computer network, when the
computer source code is required to be kept or maintained by law for the being time in
force, shall be punishable with imprisonment up to three year, or with fine which may
extend up to two lakh rupees, or with both.
● Explanation − For the purpose of this section “computer source code” means the listing
of programs, computer commands, design and layout and program analysis of computer
resource in any form.
● Object − The object of the section is to protect the “intellectual property” invested in the
computer. It is an attempt to protect the computer source documents (codes) beyond what
is available under the Copyright Law
● Essential ingredients of the section
● knowingly or intentionally concealing
● knowingly or intentionally destroying
● knowingly or intentionally altering
● knowingly or intentionally causing others to conceal
● knowingly or intentionally causing another to destroy
● knowingly or intentionally causing another to alter.
● This section extends towards the Copyright Act and helps the companies to protect their
source code of their programs.
● Penalties − Section 65 is tried by any magistrate.
● This is cognizable and non-bailable offence.
● Penalties − Imprisonment up to 3 years and / or
● Fine − Two lakh rupees.

● The following table shows the offence and penalties against all the mentioned sections of
the I.T. Act −

Sectio Offence Punishment Bailability and

n Congizability
65 Tampering with Computer Source Imprisonment up to 3 years Offence is
Code or fine up to Rs 2 lakhs Bailable,
Cognizable and
triable by Court
of JMFC.

66 Computer Related Offences Imprisonment up to 3 years Offence is

or fine up to Rs 5 lakhs Bailable,
Cognizable and

66-A Sending offensive messages Imprisonment up to 3 years Offence is

through Communication service, and fine Bailable,
etc... Cognizable and
triable by Court
of JMFC

66-B Dishonestly receiving stolen Imprisonment up to 3 years Offence is

computer resource or and/or fine up to Rs. 1 lakh Bailable,
communication device Cognizable and
triable by Court
of JMFC

66-C Identity Theft Imprisonment of either Offence is

description up to 3 years Bailable,
and/or fine up to Rs. 1 lakh Cognizable and
triable by Court
of JMFC

66-D Cheating by Personation by using Imprisonment of either Offence is

computer resource description up to 3 years Bailable,
and /or fine up to Rs. 1 lakh Cognizable and
triable by Court
of JMFC

66-E Violation of Privacy Imprisonment up to 3 years Offence is

and /or fine up to Rs. 2 lakh Bailable,
Cognizable and
triable by Court
of JMFC

66-F Cyber Terrorism Imprisonment extend to Offence is Non-

imprisonment for Life Bailable,
Cognizable and
triable by Court
of Sessions
67 Publishing or transmitting obscene On first Conviction, Offence is
material in electronic form imprisonment up to 3 years Bailable,
and/or fine up to Rs. 5 lakh Cognizable and
On Subsequent Conviction triable by Court
imprisonment up to 5 years of JMFC
and/or fine up to Rs. 10 lakh

67-A Publishing or transmitting of On first Conviction Offence is Non-

material containing sexually imprisonment up to 5 years Bailable,
explicit act, etc... in electronic form and/or fine up to Rs. 10 lakh Cognizable and
On Subsequent Conviction triable by Court
imprisonment up to 7 years of JMFC
and/or fine up to Rs. 10 lakh

67-B Publishing or transmitting of On first Conviction Offence is Non

material depicting children in imprisonment of either Bailable,
sexually explicit act etc., in description up to 5 years Cognizable and
electronic form and/or fine up to Rs. 10 lakh triable by Court
On Subsequent Conviction of JMFC
imprisonment of either
description up to 7 years
and/or fine up to Rs. 10 lakh

67-C Intermediary intentionally or Imprisonment up to 3 years Offence is

knowingly contravening the and fine Bailable,
directions about Preservation and Cognizable.
retention of information

68 Failure to comply with the Imprisonment up to 2 years Offence is

directions given by Controller and/or fine up to Rs. 1 lakh Bailable, Non-
Cognizable.

69 Failure to assist the agency referred Imprisonment up to 7 years Offence is Non-

to in sub section (3) in regard and fine Bailable,
interception or monitoring or Cognizable.
decryption of any information
through any computer resource

69-A Failure of the intermediary to Imprisonment up to 7 years Offence is Non-

comply with the direction issued and fine Bailable,
for blocking for public access of Cognizable.
any information through any
computer resource

69-B Intermediary who intentionally or Imprisonment up to 3 years Offence is

knowingly contravenes the and fine Bailable,
 provisions of sub-section (2) in Cognizable.
regard monitor and collect traffic
data or information through any
computer resource for
cybersecurity

70 Any person who secures access or Imprisonment of either Offence is Non-

attempts to secure access to the description up to 10 years Bailable,
protected system in contravention and fine Cognizable.
of provision of Sec. 70

70-B Indian Computer Emergency Imprisonment up to 1 year Offence is

Response Team to serve as national and/or fine up to Rs. 1 lakh Bailable, Non-
agency for incident response. Any Cognizable
service provider, intermediaries,
data centres, etc., who fails to
prove the information called for or
comply with the direction issued by
the ICERT.

71 Misrepresentation to the Controller Imprisonment up to 2 years Offence is

to the Certifying Authority and/ or fine up to Rs. 1 lakh. Bailable, Non-
Cognizable.

72 Breach of Confidentiality and Imprisonment up to 2 years Offence is

privacy and/or fine up to Rs. 1 lakh. Bailable, Non-
Cognizable.

72-A Disclosure of information in breach Imprisonment up to 3 years Offence is

of lawful contract and/or fine up to Rs. 5 lakh. Cognizable,
Bailable

73 Publishing electronic Signature Imprisonment up to 2 years Offence is

Certificate false in certain and/or fine up to Rs. 1 lakh Bailable, Non-
particulars Cognizable.

74 Publication for fraudulent purpose Imprisonment up to 2 years Offence is

and/or fine up to Rs. 1 lakh Bailable, Non-
Cognizable.

Intellectual property rights in cyberspace:

The Intellectual Property Right protect the original work in fields of art, literature, photography,
writing, paintings, even choreography in written format, and audio, or video files. The IPR
 protects these works both in tangible and intangible form. Patent, Copyright, Trademarks, Trade
Secrets, Industrial and Layout Designs, Geographical Indications are intellectual property rights
for which legal remedies are available even for online infringements.

With the technological advancements and innovations in cyber world the global markets have
benefitted the copyright or patent owners. However, every good innovation has its own pitfalls as
violation of IPR has become one of the major concerns because of the growth of cyber
technology. The IPR and Cyber law go hand in hand and cannot be kept in different
compartments and the online content needs to be protected.

The ever-increasing and evolving cybercrimes are not confined to cyberstalking, frauds,
cyberbullying, phishing, or spamming but are also infringement of IPR- copyright, trademark,
trade secrets of businesses carried online, audios, videos, service marks by illegal practices like
hyperlinking, framing, meta-tagging, and many more.

What are Intellectual Property Rights in Cyberspace

IPR can be defined as – “Intellectual property rights are the legal rights that cover the privileges
given to individuals who are the owners and inventors of a work and have created something
with their intellectual creativity. Individuals related to areas such as literature, music, invention,
can be granted such rights, which can then be used in the business practices by them.”

Types of Intellectual Property Rights

Intellectual Property Rights can be further classified into the following categories −

● Copyright
● Patent
● Trade Secrets, to name a few

Every innovation in technological zone becomes prone to threats. The cyberspace on one hand
has facilitated e-commerce, connecting with friends and family, publishing the literary works,
and sharing knowledge but at the same time these personal data or copyrighted or patented data
become vulnerable to various cyber-attacks.

It is best suited to have an effective intellectual property management strategy for all the e-
businesses encompassing a considerable number in cyberspace.

There are various laws nationally and internally to safeguard intellectual property against cyber-
threats, but it becomes the moral duty of the owner of IPRs to take all the required protective
measures to negate and reduce illegitimate virtual attacks.

Intellectual Property Rights in India

 For the protection, the IPRs in Indian soil, various constitutional, administrative, and judicial
rules have been defined whether it is copyright, patent, trademark, or other IPRs.

Legislations Enacted to Protect IPR

In the year 1999, the government passed an important legislation based on international practices
to safeguard the intellectual property rights. The same are described below−

1. The Patents (Amendment) Act, 1999, facilitates the establishment of the mailbox system for
filing patents. It offers exclusive marketing rights for a time of five years.
2. The Trademarks Bill, 1999.
3. The Copyright (Amendment) Act, 1999.
4. Geographical Indications of Goods (Registration and Protection) Bill, 1999.
5. The Industrial Designs Bill, 1999, replaced the Designs Act, 1911.
6. The Patents (Second Amendment) Bill, 1999, for further amending the Patents Act of 1970 in
compliance with the TRIPS.

CHALLENGES FACED IN PROTECTION OF IPR IN CYBER LAW

A. Copyright Infringement:

“Copyright protection is given to the owner of any published artistic, literary, dramatic, or
scientific work over his work to exclude everyone else from using that work on his own name
and thereby gain profit from it.”

The infringement of these copyrights includes the usage without the permission of the owner,
making and distributing copies of software and unauthorized sale of the same, and illegitimate
copying from websites or blogs.

● Linking:

Linking refers to directing a user of a website to another webpage by action of clicking on a text
or image without leaving the current page. It poses a threat to rights and interests of the owner of
the website and the owner can lose the income as it related to the number of users visiting the
websites. It may lead users to believe that the two websites are linked and are under same
domain and ownership.

In Shetland Times, Ltd. v. Jonathan Wills and Another [7], it was held to be an act of copyright
infringement under British law and an injunction was issued as the Shetland News’s deep
link was supposed to be with the embedded pages of the Shetland Times’s web site, but they
were also linked to the Times’ website.
With digitisation there is a threat to copyright ownership and rights over their own innovation as
it has become easy to mould various components of copyright elements into variety of forms by
the process of linking, in-linking, and framing. This requires no permissions to be accorded.
 Deep linking is challenging to manage as there are no clear-cut laws at both national and
international level and this ambiguity becomes advantageous for cybercriminals who try to
breach the copyrights. The rights of the owner of copyrights on one hand and free availability of
information on another is needed to be balanced to ensure smooth working of online resources
and businesses.Indian Copyright Act, 1957, a legal issue emerges whereby it is not clear as to the
exact stage when the reproduction of the copyrighted work is being committed. The ambiguity
lies in tracing the copyright infringement that is it at the stage of formation of deep link without
the disclaimer of accessing a link which needs no approval or at the time when a user accesses
the link at his will.

Another challenge is with the in-linking links. On a browser visited by a user accessing the link
is created with map to navigate and fetch images from various sources, these images are copied
by final user who is clueless that he is retrieving those from different websites. Like deep
linking, the problem of tracing the infringement remains the same as it is difficult to track the
exact phase of reproduction of the copyrighted images. The in-line link creator is guilty of
copyright infringement though not directly distributing it but giving way to facilitate making of
unauthorized copies of the original website content thereby falling under the purview of Section
14 Copyright Act, 1957. However, the final user has no knowledge of any violation of copyright
and is thus caught off-guard.

● Framing:

Framing is another challenge and becomes a legal issue and debate subject over the interpretation
of derivation and adaptation under Section 14 Copyrights Act, 1957. The framer only provides
users the modus operandi to access copyrighted content which is retrieved from a website to
browser the user is accessing so they cannot be held responsible for copying, communicating, or
distributing the copyrighted content. The question arises whether getting the copyrighted content
from a website and combining with some more to create one’s own will amount to adaptation or
interpretation under law or not.

B. Software Piracy:

Software piracy refers to making unauthorized copies of computer software which are protected
under the Copyright Act, 1957.

Piracy can be of following types:

● Soft lifting – this means that sharing a program with an unauthorized person without a licenses
agreement to use it.
● Software Counterfeiting – Counterfeiting means producing fake copies of a software, imitating
the original and is priced less than the original software. This involves providing the box, CDs,
and manuals, all tailored to look as close to original as possible.
● Renting – it involves someone renting a copy of software for temporary use, without the
permission of the copyright holder which violates the license agreement of software.

C. Cybersquatting And Trademark Infringement:

 Trademark means a unique identifier mark which can be represented by a graph and main idea is
to differentiate the goods or services of one person from those of others and may include shape
of goods, their packaging and combination of colours.

Cybersquatting is a cybercrime which involves imitation of a domain name in such a manner that
the resultant domain name can dupe the users of the famous one with an intention to make profit
out of that. This is executed by registering, selling, or trafficking of a famous domain name to
encash a popular domain name’s goodwill.

When two or more people claim over the right to register the same domain name then the domain
name dispute arises when a trademark already registered is registered by another individual or
organization who is not the owner of trademark that is registered. All domain name registrars
must follow the ICANN‘s[10] policy.

Meta tagging is a technique to increase the number of users accessing a site by including a word
in the keyword section so that the search engine picks up the word and direct the users to the site
despite the site having nothing to do with that word. This may result in trademark infringement
when a website contains meta tags of other websites thereby affecting their business.

There are certain conditions which need to be fulfilled for a domain name to be abusive:

1. The domain name can be said to be abusive if it gives the impression to the users of being same
as another popular trademark which is a registered one and users mistakenly access the fake one
made with mal intention of gaining profit by diverting users of popular trademark domain.
2. The registrant has no legal rights or interests in the domain name.
3. The registered domain name is being used in bad faith.

Network layer-IPSec

In computing, Internet Protocol Security (IPsec) is a secure network protocol

suite that authenticates and encrypts packets of data to provide secure encrypted communication
between two computers over an Internet Protocol network. It is used in virtual private
networks (VPNs).
IPsec includes protocols for establishing mutual authentication between agents at the beginning
of a session and negotiation of cryptographic keys to use during the session. IPsec can protect
data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-
to-network), or between a security gateway and a host (network-to-host). IPsec uses
cryptographic security services to protect communications over Internet Protocol (IP) networks.
It supports network-level peer authentication, data origin authentication, data integrity, data
confidentiality (encryption), and replay protection (protection from replay attacks).
The initial IPv4 suite was developed with few security provisions. As a part of the IPv4
enhancement, IPsec is a layer 3 OSI model or internet layer end-to-end security scheme. In
contrast, while some other Internet security systems in widespread use operate above the network
layer, such as Transport Layer Security (TLS) that operates above the transport layer and Secure
Shell (SSH) that operates at the application layer, IPsec can automatically secure applications at
the internet layer.
What is IPsec used for?
IPsec is used for protecting sensitive data, such as financial transactions, medical records and
corporate communications, as it's transmitted across the network. It's also used to secure virtual
private networks (VPNs), where IPsec tunneling encrypts all data sent between two endpoints.
IPsec can also encrypt application layer data and provide security for routers sending routing
data across the public internet. IPsec can also be used to provide authentication without
encryption -- for example, to authenticate that data originated from a known sender.

Encryption at the application or the transport layers of the Open Systems Interconnection (OSI)
model can securely transmit data without using IPsec. At the application layer, Hypertext
Transfer Protocol Secure (HTTPS) performs the encryption. While at the transport layer, the
Transport Layer Security (TLS) protocol provides the encryption. However, encrypting and
authenticating at these higher layers increase the chance of data exposure and attackers
intercepting protocol information.

The following are key IPsec protocols:

● IP AH. AH is specified in RFC 4302. It provides data integrity and transport protection
services. AH was designed to be inserted into an IP packet to add authentication data and
protect the contents from modification.
● IP ESP. Specified in RFC 4303, ESP provides authentication, integrity and confidentiality
through encryption of IP packets.
● IKE. Defined in RFC 7296, IKE is a protocol that enables two systems or devices to establish
a secure communication channel over an untrusted network. The protocol uses a series of key
exchanges to create a secure tunnel between a client and a server through which they can
send encrypted traffic. The security of the tunnel is based on the Diffie-Hellman key
exchange.
● Internet Security Association and Key Management Protocol (ISAKMP). ISAKMP is
specified as part of the IKE protocol and RFC 7296. It is a framework for key establishment,
authentication and negotiation of an SA for a secure exchange of packets at the IP layer. In
other words, ISAKMP defines the security parameters for how two systems, or hosts,
communicate with each other. Each SA defines a connection in one direction, from one host
to another. The SA includes all attributes of the connection, including the cryptographic
algorithm, the IPsec mode, the encryption key and any other parameters related to data
transmission over the connection.

IPsec uses, or is used by, many other protocols, such as digital signature algorithms and most
protocols outlined in the IPsec and IKE Document Roadmap, or RFC 6071.