LEGISLATION RELEVANT

TO INFORMATION
TECHNOLOGY
IT AUDIT AND CONTROL
LEGAL ENVIRONMENT

Since the early 1970’s

 Laws passed in the U.S, to deal with IT crimes
related to”

Data
Computer
Protection Data
fraud and
use
and Privacy
Security
IT CRIMES

Cyber crime is an activity done

using computers and internet.
We can say that it is an unlawful
acts wherein the computer
either a tool or target or both.
HISTORY OF CYBER CRIME

The first recorded cyber crime took place in

1820. That is not surprising considering the
fact that the abacus, which is thought to be
the earliest from of a computer, has been
around since 3500 B.C.
In India, Japan and China, the era of modern
computer, however, began with the
analytical engine of Charles Babbage.
The first spam email took place in 1976
when it was sent out over the ARPANT.
The first virus was installed on an Apple
computer in 1982 when a high school
student, Rich Skrenta, developed the
EIK Cloner.
CATEGORIES OF CYBER CRIME
We can categorize cyber crime in two ways.
 The computer as a target :- using a
computer to attacks other computer, e.g.
Hacking, virus/worms attacks, Dos attack
etc.
 The computer as a weapon :- using a
computer to commit real world crime e.g.
cyber terrorism, credit card fraud and
pornography etc.
TYPES OF CYBER CRIM
HACKING :- Hacking in simple terms means an illegal
intrusion into a computer system and/or network .
It is also known as CRACKING. Government websites
are the hot target of the hackers due to the press
coverage, it receives. Hackers enjoy the media
coverage.
Motive behind the crime called hacking greed
power, publicity, revenge, adventure desire to
access forbidden information destructive mindset
wants to sell n/w security services.
CHILD PORNOGRAPHY : The Internet is being
highly used by its abusers to reach and abuse
children sexually, worldwide. As more homes
have access to internet, more children would
be using the internet and more are the
chances of falling victim to the aggression of
Pedophiles.
How Do They Operate:
Pedophiles use false identity to trap the
children , Pedophiles connect children in
various chat rooms which are used by
children to interact with other children.
DENIAL OF SERVICE ATTACKS : This is an act by the
criminals who floods the bandwidth of the victims
network or fills his E-mail box with spam mail
depriving him of the service he is entitled to access
or provide. Many DOS attacks, such as the ping of
death and Tear drop attacks.
VIRUS DISSMINITION : Malicious software that
attaches itself to other software. VIRUS , WORMS,
TROJAN HORSE ,WEB JACKING, E-MAIL BOMBING
etc.
COMPUTER VANDALISM : Damaging or destroying
data rather than stealing or misusing them is called
cyber vandalism. These are program that attach
themselves to a file and then circulate.
CYBER TERRORISM : Terrorist attacks on
the Internet is by distributed denial of
service attacks, hate websites and hate
E-mails , attacks on service network etc.
SOFTWARE PIRACY : Theft of software
through the illegal copying of genuine
programs or the counterfeiting and
distribution of products intended to pass
for the original. 
CYBER SECURITY
Cyber Security involves protection of sensitive personal
and business information through prevention, detection
and response to different online attacks. Cyber security
actually preventing the attacks, cyber security. Privacy
Policy : Before submitting your name , e-mail , address,
on a website look for the sites privacy policy. Keep
Software Up to Date: If the seller reduces patches for
the software operating system your device ,install them
as soon as possible .Installing them will prevent
attackers form being able to take advantage. Use good
password which will be difficult for thieves to guess. Do
not choose option that allows your computer to
remember your passwords.
DISABLE REMOTE CONNECTIVITY :
Some PDA’s and phones are equipped with
wireless technologies, such as Bluetooth, that
can be used to connect to other devices or
computers. You should disable these features
when they are not in use.
ADVANTAGES OF CYBER SECURITY
The cyber security will defend us from
critical attacks.
 It helps us to browse the site, website.
 Internet Security process all the incoming
and outgoing data on your computer.
 It will defend us from hacks and virus.
 Application of cyber security used in our PC
needs update every week 
SAFETY TIPS TO CYBER CRIME

Use antivirus Software

 Insert Firewalls
 Uninstall unnecessary software
 Maintain backup
 Check security settings
WHAT IS CYBER LAW?
Cyber law is a term used to describe the legal issues
related to use of communications technology, particularly
“cyber space”, i.e. the Internet. It is less of a distinct
field of law in the way that property or contract are, as it
is an intersection of many legal fields including
intellectual property, privacy, freedom of expression, and
jurisdiction. In essence, cyber law is an attempt to apply
laws designed for the physical world, to human activity on
the Internet. In India, The IT Act, 2000 as amended by
The IT (Amendment) Act, 2008 is known as the Cyber law.
It has a separate chapter XI entitled “Offences” in which
various cyber crimes have been declared as penal offences
punishable with imprisonment and fine.
CYBER CRIME LAW
IT ACT 2000The Information Technology act , 2000
received the assent of president of India on 9 June 2000
and came into force from 17October in that same
year .The act was enacted to provide legal recognition
for transaction carried out by means of electronic data
interchange and other means of electronic
communication, commonly referred to as “Electronic
Commerce” , to facilitate electronic filling of
documents with governments agencies which involve
the use of alternative to paper based method of
communication and storage information This law applies
to any kind of information in the form of data message
used in the context of commercial activities.
OBJECTIVE
To grant legal recognition for transaction carried out by
means of electronic data interchange and other means of
electronic communication;
To give legal recognition to digital signature / electronic
signature for authentication accepting of any information or
matter which require authentication under any law;
To facilitate electronic of documents with Government
departments;
To facilitate electronic storage of data ;
To facilitate and give legal sanction to electronic fund
transfer between banks and financial institution ;
To give legal recognition for keeping books of account by
bankers in electronic form.
The Act does not apply to:1.a negotiable instrument
as defined in section 13 of the Negotiable
Instruments Act,1881;2.a power-of-attorney as
defined in section 1A of the Powers-of-Attorney Act,
1882;3.a trust as defined in section 3 of the Indian
Trusts Act, 1882;4.a will as defined in clause (h) of
section 2 of the Indian Succession Act, 1925
including any other testamentary disposition by
whatever name called;5.any contract for the sale or
conveyance of immovable property or any interest
in such property;6.any such class of documents or
transactions as may be notified by the Central
Government in the Official Gazette.
Amendment act 2008 Being the first legislation in the nation
on technology, computers and ecommerce and e-
communication, the Act was the subject of extensive
debates, elaborate reviews and detailed criticisms, with one
arm of the industry criticizing some sections of the Act to be
draconian and other stating it is too diluted and lenient.
There were some conspicuous omissions too resulting in the
investigators relying more and more on the time-tested (one
and half century-old) Indian Penal Code even in technology
based cases with the I.T. Act also being referred in the
process and the reliance more on IPC rather on the ITA. Thus
the need for an amendment – a detailed one – was felt for
the I.T. Act almost from the year 2003-04 itself. Major
industry bodies were consulted and advisory groups were
formed to go into the perceived lacunae in the I.T. Act and
comparing it with similar legislations in other nations and to
suggest recommendations.
Such recommendations were analyzed and subsequently
taken up as a comprehensive Amendment Act and after
considerable administrative procedures, the consolidated
amendment called the Information Technology Amendment
Act 2008was placed in the Parliament and passed without
much debate, towards the end of2008 (by which time the
Mumbai terrorist attack of 26 November 2008 had taken
place). This Amendment Act got the President assent on 5
Feb 2009 and was made effective from 27 October2009.Some
of the notable features of the ITAA are as follows:
 Focusing on data privacy Focusing on Information Security
 Defining cyber café
 Making digital signature technology neutral
 Defining reasonable security practices to be followed by
corporate
 Redefining the role of intermediaries
 Recognizing the role of Indian Computer Emergency
Response Team
 Inclusion of some additional cyber crimes like child
pornography and cyber terrorism
 authorizing an Inspector to investigate cyber offences
(as against the DSP earlier)
DIGITAL SIGNATURE
A digital signature is an electronic scheme for
demonstrating the authenticity of a digital message
or document. A valid digital signature gives
recipient a reason to believe that the message was
created by a known sender and that it was not
altered in transit. Digital signatures are commonly
used for software distribution, financial
transactions, and in other cases where it is
important to detect imitation or tampering.
Authentication of Digital Signature
A digital signature shall
– be created and verified by cryptography that
concerns itself with transforming electronic records.
 use ―Public Key Cryptography‖ which employs an
algorithm using two different mathematical ―keys ‖ –
one for creating a digital signature or transforming it
and another key for verifying the signature or returning
the electronic record to original form. Hash function
shall be used to create this signature. Software utilizing
such keys are termed as ―asymmetric cryptography ‖
[Rule 3 of IT Rules, 2000].
Digital signatures can be used to authenticate the
source of messages. When ownership of a digital
signature secret key is bound to a specific user, a valid
signature shows that the message was sent by that user.
The importance of high confidence in sender
authenticity is obvious in a financial context. For
example, suppose a banks branch office sends
instructions to the central office requesting a change in
the balance of an account. If the central office is not
convinced that such a message is truly sent from an
authorized source, acting on such a request could be a
grave mistake.
Verification of Digital Signature Verification means
to determine whether –
 the initial record was affixed with the digital
signature by using the ―keys‖ of the subscriber.
 the original record is retained intact or has been
altered since such electronic record was bounded
with the digital signature [Sec.2(1)(zh)].
A digital signature certificate is an electronic document
which uses a digital signature to bind an identity —
information such as the name of a person or an
organization, their address, and so forth. The
certificate can be used to verify that it belongs to an
individual. Any person can make an application to the
Certifying Authority for the issue of this digital
certificate. The Authority charges fees (as prescribed by
the Central Government) for the issue of ―digital
signature certificate‖.
GENERATION OF DIGITAL CERTIFICATE
The generation of digital signature certificate shall
involve –
 receipt of an approved and verified certificate
request.
 creating a new digital signature certificate.
 a distinguished name associated with the digital
certificate owner.
 a recognized and relevant policy as defined in
certification practice statement [Rule 24 of the IT
rules].
COMPROMISE OF DIGITAL CERTIFICATE
Digital signature certificate shall be deemed to be
compromised where the integrity of –
 the key associated with the certificate is in doubt.
 the certificate owner is in doubt, as to the
attempted use of his key pairs, or otherwise for
malicious or unlawful purposes. The digital
certificate shall remain in the compromise state for
only such time as it takes to arrange for revocation.
EXPIRY OF DIGITAL SIGNATURE
CERTIFICATE
A digital signature certificate shall be issued with a
designated expiry date. It will expire automatically
and on expiry, it shall not be re-used. The period
for which a digital certificate has been issued shall
not be extended, but a new digital signature
certificate may be issued after the expiry of such
period [Rules 26 of IT Act, 2000].
CYBERCRIME LAW IN THE PHILIPPINES

Internet users, journalists and

government officials protests on several
sections of the recently passed
Cybercrimes Prevention Act as
unconstitutional and that it infringes on
the right to freedom of speech.
Section 4, paragraph 4 which states that libel is a cybercrime
if committed online;
Section 5, which punishes any person who aids or abets the
commission of any cybercrime, even if it is only through
Facebook or Twitter;
Section 6 which adopts the entire Penal Code for as long as
the crime is committed through the use of information
technology, but the penalty would be one degree higher;
Section 7 which makes the same crime punishable both
under the Penal Code and the Cybercrime Act; and Section
19 which authorizes the Department of Justice (DOJ) to
restrict access to computer data found to be in violation of
the new law or the so-called take down clause.
Republic Act No. 10175 Section 4, paragraph
4– (Libel);The unlawful or prohibited acts of
libel as defined in Article 355 of the Revised
Penal Code, as amended, committed through
a computer system or any other similar
means which may be devised in the future.
Article 355 of the Revised Penal Code defines
libel as “The public and malicious imputation
of a crime, or of a vice or defect, real or
imaginary, or any act, omission, condition,
status, or circumstance tending to cause the
dishonor, discredit, or contempt of a natural
or juridical person…”
According to protesters, any Filipino citizen
who happens to use social media such as
Facebook or Twitter to share opinions against
anyone can be sued for libel Those who play
a part in unwittingly or willfully encouraging
the spread of libelous content (likes, share)
shall be charged for abetting libel Any
victim of a cybercrime could argue in court
that old libelous posts that are still live today
can be charged with online libel
The law says, if you can’t say anything
good, then you better not say anything
at all.
For the CPA Common Against the CPA
Government stands firm • Laws that protect
citizens • Internet users protests on its
decision to pass against fraud, cyber bullying
against certain sections of the law. States
that it is and sex crimes needed the law as
unconstitutional needed and that libel is such
as the section on libel. libel
The Supreme Court issued a temporary restraining
order on Republic Act 10175 or the Cybercrime
Prevention Act of 2012.
The temporary restraining order stops law
enforcement agencies such as the Department of
Justice, the National Bureau of Investigation and
even the Department of Science and Technology
(DOST) from implementing the assailed provisions of
the controversial law.
The Philippine Supreme Court has received a total
of 15 petitions questioning several provisions of
Republic Act 10175 including the one on online libel
and the real-time collection of data.
OFFENCES, COMPENSATION AND PENALTIES
1. Penalty and compensation for damage computer,
computer system etc: If any person, without permission
of the owner or any other person who is in charge of a
computer, computer system or computer network- a.
Accesses or secures access to such computer . Computer
system or computer network or computer resource; b.
Downloads, copies or extracts any data ,computer
database or information from such computer, computer
system or computer network including information data
held or stored in any removable storage medium.
c. Introduces or causes to be introduced any
computer contaminant or computer virus into any
computer , computer system or computer network.
d. Damages or cause to be damage to any
computer , computer system or computer network ,
data, computer database or any other programs
residing in such computer , computer system or
computer network .
e. Disrupts or cause of disruption of any computer ,
computer system or computer network .
f. denies or causes the denial of access to any person
authorized to access any computer , computer
system or computer network by any means;
g. provides any assistance to any computer to
facilitate access to a computer, computer system or
computer network in contravention of the provision
of the Act , rules or regulations made there under;
h. Charges the service availed of by a person to the
account of any other person by tampering or
manipulating with or manipulating any computer,
computer system or computer network ;
;i. destroy, delete or alters any information residing in
a computer resource or diminishes its value or utility or
affects it injuriously by nay means;
j. steals , conceals , destroys or alters or cause any
person to steel, conceal, destroy or alter any computer
source code used for computer resource with an
intention to cause damage, he shall be liable to pay
damage by way of compensation to the person so
affected.
2. Compensation for failure to protect data[Sec. 43-
A] : where a body corporate , possessing, dealing or
handling any sensitive personal data or information
in a computer resource which it owns , control or
operates , is negligent in implementing and
maintaining reasonable security practices and
produces and thereby causes wrongful loss and
wrongful gain to any person , such body corporate
shall be liable to pay damage s by way of
compensation to the person so affected.
3. Penalty to failure to furnish information , return
etc.[Sec. 44] :If any person is required to a. furnish
any document , return or report to the controller or
the Certifying Authority, fails to furnish the same ,
he shall be liable to penalty not exceeding rupees
one lakh and fifty thousand for each such failure. b.
maintain books of account or records , fails to
maintain the same, he shall be a liable to a penalty
not exceeding rupees ten thousand for every day
during which the failure continues;
4. Penalty for securing access to a protected
system[Sec 70]: The appropriate government may
declare that any computer resource which directly
or indirectly affects the facility of critical
Information Infrastructure to be protected system
and may , by in order in writing , authorize the
person who are to access protected notified system.
Any person who secure access or attempts to secure
to such a protected system un authorisely shall be
punished with imprisonment of a term which may
extend to 10 years and shall also be liable to fine.
The central Government has prescribed the
Information Technology (Security Procedure) Rules,
2004.
5 Tampering with computer source documents
[sec.65] :Whoever knowingly or intentionally
conceal , destroy or alters any computer source
code used for computer , computer programmed ,
computer system is required to be maintained by
law, shall be punishable with imprisonment up to
three years or with fine which may extend up to
rupees two lacs or with both .
.6. Punishment for sending offensive message through
communication service , etc [Sec.66-A] : Any person who sends .
by means of a computer resource or a communication device –
a. any information that is grossly offensive or have menacing
character ; or
b. any information which he knows to be false , but for the
purpose of annoyance , inconvenience, danger, obstruction ,
insult, injury , criminal intimidation, hatred, persistently by
making use of such computer resource or a communication
device;
c. any electronic mail or electronic mail message for the
purpose of causing annoyance or inconvenience or to device
or to mislead the address or recipient about the origin of
such message, shall be punishable with imprisonment for a
term which may extend to three years with fine.
PUNISHMENT FOR VIOLATION OF
PRIVACY
Whoever, intentionally or knowingly capture,
publishes or transmit the image of a private area of
any person without his or her consent, under
circumstances violating the privacy of that person,
shall be punished with imprisonment of at least
three years or with a fine no exceeding Rs 2 lacks,
or with both.
PUNISHMENT FOR CYBER TERRORISM
An offence of cyber terrorism is committed when
whoever –
(a) With intent to threaten the unity, integrity,
security or sovereignty of India or to strike terror
in the people by –
(1) Denying or cause the denial of access to any
person authorized to access computer resource;
or
(2) Attempting to penetrate or access a computer
resource without authorization or exceeding
authorized access.
(b) Knowingly or intentionally penetrates or access a
computer resource without authorization or
exceeding authorized access and by means of such
conduct obtains access to information, data or
computer database that is restricted for reasons for
the security of the State of foreign relations; or any
restricted information, data or computer database,
with reasons to believe that such information, data
or computer database so obtained may be used to
cause injury to the interests of the sovereignty
&integrity of India. Whoever commits cyber
terrorism shall be punishable with imprisonment
which may extend to imprisonment for life.
UNISHMENT FOR PUBLISHING OR TRANMITTING
OFMATERIAL CONTAINING SEXUALLY EXPLICIT ACT,
ETC. IN ELECTRONIC FORM

Whoever publishes or transmits or causes to be

published or transmitted in the electronic form, any
material which contains sexually explicit act or conduct
shall be punished on first conviction with imprisonment
of either description for a term which may extend to
five years and with fine which may extend to Rs 10
lacks. In the event of second or subsequent conviction
with imprisonment of either description for a term
which may extend to seven years and also with fine
which may extend to Rs 10 lacks.