Pple Assignment-4
Pple Assignment-4
Pple Assignment-4
Ans)
The IT Act 2000 of India was the result of a Model electronic commerce law passed by the
UN General Assembly in1997 leading to the UNCITRAL Model Law of E Commerce. India
was the 12th nation to pass a law on E commerce based on the UN initiative. IT Act 2008 is
amendment to the IT Act 2000 and is more focused on Security and data protection. The IT
act can be read in the web site of the Ministry of IT. Some very basic features only are given
below. The IT act 2008 is in 90 sections dealing with many aspects. Some of the important
elements are as follows:
• Electronic and digital signatures
• Electronic governance
• Attribution, acknowledgement, and dispatch of data
• Security concerns and provisions
• Certifying authorities
• Electronic signature certificates
• Revocation, breach of contract
• Penalties and punishment
In the preamble, the act states the purpose as "to provide legal recognition for the transactions
carried out by means of electronic data interchange and other means of electronic
communication, commonly referred to as "Electronic Commerce", which involve the use of
alternatives to paper based methods of communication and storage of information , to
facilitate electronic filings of documents with the Government agencies and further to amend
the Indian Penal Code, Indian Evidence Act, 1872, The Bankers' Books Evidence Act, 1891,
and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental
thereto.”
Q2) Define the term cyber space and enlist the security concerns in cyber space.
Ans)
"Cyber Security" means protecting information, equipment, devices, computer, computer
resource, communication device and information stored therein from unauthorized access,
use, disclosure, disruption, modification, or destruction.
With more and more people gaining access to the internet through mobile phones and
laptops, the cyber space has become crowded with more and more people accessing and
uploading information, doing transactions, gaining access to entertainment, and
communicating with multiple friends or colleagues. With so much activity going on in this
space, it is natural that people intending to commit fraud and earn quick money also are on
the prowl. The fraudulent activities going on in this space is called cybercrime. Sometimes it
is just for fun, sometimes for adventure and testing one’s capabilities and sometimes with
intention to defraud. Computer may be a target of attack by hacking into it for information,
introducing many types of malwares to disable the system. Computer may also be used as a
weapon for credit card fraud, pornography, to fraudulently access personal data, to send hate
messages, to defame someone etc. Cyber security involves protecting information and
devices from unauthorised access and destruction or misuse.
Cybercrimes are of many types and for many purposes.
1. Data Security: Data security is very important for organisations and individuals. Corporate
data security is very important particularly for organisations that deal with sensitive
information of their customers.
2. Technical Privacy in Cyber space: Privacy is the ability or right of an individual or group
to keep themselves in anonymity and any information about the individual or group is made
known by them at their discretion.
Q3) Define the term data and security issues concerned with it.
Ans)
Data security is very important for organisations and individuals. Corporate data security is
very important particularly for organisations that deal with sensitive information of their
customers. Hackers constantly are on the prowl to breach into security systems of corporate
entities to steal data for personal gain. Data can be made inaccessible to genuine users and
can be also corrupted. Customer data of bank accounts or card payment systems need very
high level of security. Data can be public, private, or limited access. Private or limited access
data needs to be secured by various means to secure the data and prevent its misuse.
Data security may be lost because of
• Weak safety systems
• Unsafe or careless handling of data
• Carelessness on the part of individual customers
• Hackers specifically targeting data for personal gains
For corporates, data breach can result in
• Financial loss
• Loss of customer trust
• Damage to reputation
• Customer rights lawsuits resulting in heavy legal costs and settlements
Survival of businesses in the modern digital world depends heavily on data security of its key
assets
and personal data of customers. Many countries are introducing stringent regulations on data
privacy
and any breach of data can evoke customer right legal action.
Data security risks can come from:
• Accidental exposure of data by employees who share critical information with others
• Phishing is a kind of message sent by attackers who pose as a legitimate source and prompt
the user to click on a link to share sensitive information; many times, the attackers take
advantage of greed of people to make quick money.
• Ransomware is a malicious software that infects a corporate computer system and encrypts
the data making it unavailable for legitimate use. The data can be used only with a decryption
key which is provided on payment of ransom amount.
• Weak security systems which can be easily hacked and entered.
Q5) State the provisions in the IT act for authentication of electronic records.
Ans)
Authentication of Electronic Records (IT Act 2008)
(1) Subject to the provisions of this section any subscriber may authenticate an electronic
record by affixing his Digital Signature
(2) The authentication of the electronic record shall be affected by the use of asymmetric
crypto system and hash function which envelop and transform the initial electronic record
into another electronic record.
3A Electronic Signature (Inserted vide ITAA 2006)
(1) Notwithstanding anything contained in section 3, but subject to the provisions of sub-
section (2), a subscriber may authenticate any electronic record by such electronic signature
or electronic authentication technique which-
(a) is considered reliable; and
(b) may be specified in the Second Schedule
(2) For the purposes of this section any electronic signature or electronic authentication
technique shall be considered reliable if-
(a) the signature creation data or the authentication data are, within the context in which they
are used, linked to the signatory or as the case may be, the authenticator and of no other
person;
(b) the signature creation data or the authentication data were, at the time of signing, under
the control of the signatory or, as the case may be, the authenticator and of no other person;
(c) any alteration to the electronic signature made after affixing such signature is detectable
(d) any alteration to the information made after its authentication by electronic signature is
detectable;
and
(e) it fulfils such other conditions which may be prescribed.
Secure Electronic Record
Where any security procedure has been applied to an electronic record at a specific point of
time, then such record shall be deemed to be a secure electronic record from such point of
time to the time of verification.
Secure Electronic Signature (Substituted vide ITAA 2008)
An electronic signature shall be deemed to be a secure electronic signature if-
(i) the signature creation data, at the time of affixing signature, was under the exclusive
control of signatory and no other person; and
(ii) the signature creation data was stored and affixed in such exclusive manner as may be
prescribed
Explanation- In case of digital signature, the "signature creation data" means the private key
of the subscriber
Security procedures and Practices (Amended vide ITAA 2008)
The Central Government may for the purposes of sections 14 and 15 prescribe the security
procedures and practices provided that in prescribing such security procedures and practices,
the Central Government shall have regard to the commercial circumstances, nature of
transactions and such other related factors as it may consider appropriate.
Q6) What is meant by Intellectual Property?
Ans)
Intellectual property means the legal rights which result from intellectual activity in the
industrial, scientific, literary, and artistic fields.
Q9) List out the subject matter for patent protection and what inventions cannot
be protected?
Ans)
A Patent is a kind of intellectual property right granted for technical inventions that are novel
and have inventive steps. Patents are granted to new inventions, they are invaluable, useful,
and play an important role in everyday life. It is granted to reward ideas that help in
development of new technologies and encourage research.
There are certain types of invention that cannot be patented. These include:
Ans)
1. Be non-obvious,
3. Satisfy novelty and originality condition, it should not be had been published or used
anywhere earlier