2.

Cyber Law and Ethics

 Cyber Law
 With the widespread usage of internet, there is
increase in cyber crime.
 Cyber crimes such as spreading computer virus,
hacking, online financial frauds, email spamming,
phishing
 Phishing : Phishing is the fraudulent act of acquiring
private and sensitive information, such as credit card
numbers, personal identification and account
usernames and passwords, etc.
 Email Spamming : Email spam, also known as junk
email, is unsolicited(uninvited) messages sent in bulk
by email.
 Cyber law is the area of law that deals with the
Internet's relationship to technological and
electronic elements, including computers,
software, hardware and information systems (IS).
 Cyber law is also known as Cyber Law or Internet
Law.
 Moral
 Moral refers to generally accepted standards of
right and wrong in a society.
 Parents guide their child to learn how to behave in
society.
 Example:- Do not lie, do not steal, etc.
 In cyber world, there are also such standards.
 Example: Do not make use of pirated software CDs,
Do not use computers for wrong and illegal hacking,
stealing of passwords etc.
 A set of moral Principles which systematically link
moral beliefs to each other is called as moral theory.
 Ethics
 The parents guide child to identify what is wrong
and what is right and select the right thing.
 This determination of right and wrong, and
following the right behaviour, using morals is called
as ethics.
 Law
 Law includes any act of parliament or of state
legislature, ordinance promulgated by the
President or a Governor, as the case may be; Bills
enacted as President’s Act and includes rules,
regulations, bye-laws and order issued there
under.
 The system of rules which a particular country or
community recognizes as regulating the actions of
its members and which it may enforce by the
imposition of penalties.
 Ethics Culture & ethics for computer
users
 Internet is communication media which is
easily accessible and open to all. The words
“Cyber Ethics” refers to the code of
responsible behaviour, one has to
demonstrate while using internet.
 In a way, it is the code of conduct which
defines what is right and what is wrong.
 It can be also termed as “netiquette” i.e. net
etiquette.
Ethics for computer user
1. Software Piracy
2. Unauthorised access
 Software Piracy
1. Software Piracy is nothing but copyright
violation of software created originally by
individual or institution.
2. It includes stealing of codes / programs and
other information illegally and creating the
imitated copy by unauthorized means and
utilizing this data either for own benefit or for
profit making is violation of copyright act.
3. Piracy is possible in many forms and few
most common are: duplication of original
license copy, distribution and usage of the
same.
 Types of software piracy include:
1. Borrowing and installing a copy of a software
application from a person.
2. Installing more number of copies of the software than
authorized number of licenses copies available.
3. Installing and selling unauthorized copies of software
while purchasing new computers.
4. Duplicating and selling copyrighted programs. 0
Downloading software illegally from peer-to-peer
network, Internet auction or blogs,
5. Unauthorized written CDs / DVDs for music, various
software and utilities etc. are the most commonly
observed examples of piracy.
 Unauthorised Access
 Gaining access without user permission is known as
Unauthorized Access.
 Attempting to get information (like e-mails, bank account,
intellectual or any other personal and confidential
information) from unauthorized person is known as
accessing the machine illegally.
Examples of Unauthorized Access are:
1. Hacking financial I bank account related information. 0
Stealing organizational I intellectual information.
2. Illegal monitoring of information owned by other users
including mails and messaging.
3. Illegal use / break of login and password of other users
4. Causing intentional irritation to other users by means of
damaging software and important information etc.
 Security Technologies
Are used to manage access and prevent unauthorized
access. It includes:
 Firewalls
 Intrusion Detection System(IDS)
 Virus and content scanners-- virus scanner software is
to review and identify threats from viruses and programs.
 Patches and hotfixes– A patch is a set of changes to a
computer program or its supporting data designed to
update, fix, or improve it. This includes fixing security
vulnerabilities & other bugs, with such patches usually
being called bugfixes & improving the usability or
performance.
 Continue
 A hotfix or quick-fix engineering update(QFE update) is
a single, cumulative package that includes
information(often in the form of one or more files) that is
used to address a problem in a s/w product(i.e. s/w
bug). Typically hotfixes are made to address a specific
customer situation. Hotfixes are Microsoft's version
of patches.
 Hardening operating systems and applications--
Hardening of the OS is the act of configuring
an OS securely, updating it, creating rules and policies
to help govern the system in a secure manner, and
removing unnecessary applications and services. This
is done to minimize a computer OS's exposure to
threats and to mitigate possible risk
 Firewall
 A firewall is a network
security system that
monitors and controls
incoming and outgoing
network traffic based
on predetermined
security rules.
 A firewall typically
establishes a barrier
between a trusted
internal network and
untrusted external
network, such as the
Internet.
 Intrusion Detection System(IDS)
An IDS is a type of security s/w designed to automatically alert
administrators when someone or something is trying to compromise
information system through malicious activities or through security
violations.
Unauthorised access can be overcome by:
1. User’s vigilance/Monitoring.
2. Updating installed softwares regularly with proper
permissions and certifications.
3. Installing patches regularly released by software
companies.
 Information Services
The ethics for Information Services:
1. Ensuring accuracy and authenticity
2. Properly designed database
3. Information provided should be complete
without ambiguity
4. Providing proper security from
unauthorized access
 Codes and guidelines of ethics:
Following are few key points which user should follow
as guidelines:
1. Honesty: As a part of decent behavior(netiquette),
user shall always demonstrate the truth while using
internet.
2. Respect: User should respect the privacy of the
other users.
3. Confidentiality: User should keep confidentiality
while using internet and not share any information
to anybody which will be breach and user should
not try to get confidential data of other users.
4. Professionalism: User should maintain
professional conduct and well-mannered approach.
 Continue
5. Responsibility: User should take ownership
and responsibility of own data on internet and
also ensure that it contains authenticity and
truth.
6. Communication: User should ensure decent
and polite communication with others.
7. Obeying the law: User should strictly ensure
to obey the law and demonstrate decent
internet usage.
 Ethics for Computer Professionals
1. Computer professional is obligated(require) to
perform assigned tasks competently, according to
professional standards.
2. These professional standards include technical
excellence and concern for the social effects of
computers on operators, users and the public.
3. Computer professionals should ensure that their
technical knowledge and efforts to create desired
output are getting utilized in the development of
society.
4. Computer professionals are bound to operate on
ethical grounds and with legal functions.
 Key factors and responsibilities of
Computer Professional
1. Before processing on defined activities, computer
professional must ensure availability of authentic and
legal version of purchased software products. User must
avoid usage of pirated copy, thereby respecting legality
of the product.
2. Privacy is individual’s right Hence Computer professionals
should ensure that they design the product with high
security and avoid any attempt of unauthorized access to
specific site / server.
3. Confidentiality of the data should be ensured so that it
could be accessed by only intended user.
4. Data storage should be ensured at well protected servers.
5. All defects must be rectified before launching the product
of that version.
6. All applicable cyber laws should be taken into
consideration while developing or launching any software
product.
 Ethics for Business
Internet has been proven as boon to individuals as well
as various organizations and business. E-commerce is
becoming very popular among businessmen as it is
helping to reach consumers faster than any other means.
Every consumer will expect that business deals should be
carried out in the most legal and efficient way and he
should be benefited with service and product obtained
through internet.
1. Business should have ethical policies and guidance on
the proper use of business computers.
2. Business should have authenticity and quality of
product.
3. Business should have Branding and quality services.
4. Business should have proper data security procedures
 Introduction to Cyber Law
 Cyber Law deals with issues generated by
the use of computer and internet.
 Cyber Law examines the technological
aspects of law.
 IT Act of India 2000
 IT Act 2000 is an Act to provide legal recognition
for transactions carried out by means of electronic
data interchange and other means of electronic
communication i.e. legal recognitions for
transactions carried out by E-commerce.
 The Act provides legal framework for electronic
governance by giving recognition to electronic
records and digital signatures. It also defines cyber
crimes and prescribed penalties for them.
 Definitions given in IT Act 2000
1. Access: "Access" with its grammatical variations and cognate
expressions means gaining entry into, instructing or communicating
with the logical, arithmetical, or memory function resources of a
computer, computer system or computer network.
2. Addressee: "Addressee" means a person who is intended by the
originator to receive the electronic record but does not include any
intermediary.
3.Computer: "Computer" means any electronic magnetic, optical or
other high-speed data processing device or system which performs
logical, arithmetic, and memory functions by manipulations of
electronic, magnetic or optical impulses, and includes all input, output,
processing, storage, computer software, or communication facilities
which are connected or related to the computer in a computer system
or computer network.
4. Computer network: "Computer network" means the interconnection
of one or more computers through-
(i) the use of satellite, microwave, terrestrial line or other
communication media and
(ii) terminals or a complex consisting of two or more interconnected
computers whether or not the interconnection is continuously
maintained.
 Continue
5. Computer resource: "Computer resource” means computer,
computer system, computer network, data and computer database
software.
6. Computer System: "Computer system" means a device or collection
of devices including output support devices and excluding calculators
which are not programmable and of being used in conjunction with
external files, which contain computer programs, instructions, input
data and output data, that performs logic, arithmetic, data storage
and retrieval communication control and other functions.
7. Data: "Data" means a representation of information, knowledge,
facts, concepts or which are being prepared or have been prepared in
a form, deletion, storage and retrieval and communication or
telecommunication from or within a computer.
8. Information: "Information" includes data, text, images, sound, voice,
codes, computer programs, software and databases or micro film or
computer generated micro fiche:
9. Electronic Gazette: The official gazette published in electronic form
is called Electronic Gazette.
 Continue
10. Key pair: "Key pair", in an asymmetric crypto system,
means a private key and its mathematically related that
the public key, can verify a digital signature created by the
private key.
11. License: "License" means a license granted to a
Certifying Authority under section 24
12. Private key: "Private key" means the key of a key pair
used to create a digital signature.
13. Public key: “Public key" means the key of a key pair
used to verify a digital signature and listed in the Digital
Signature Certificate.
14. Electronic form: Means any information generated,
sent, received or stored in media magnetic, optical
computer memory, micro film, computer generated micro
fiche or similar device.
Digital signatures
1. It is a mathematical technique used to validate the
authenticity and integrity of a message, software or
digital document on Internet
2. The digital equivalent of a handwritten signature or
stamped seal, but offering far more inherent security.
3. A digital signature is intended to solve the problem of
tampering and impersonation in digital
communications.
4. It is unique to the subscriber who affixing it so it is
used to identifying such subscriber.
5. It is linked to the electronic record to which it relates in
such a manner that if the electronic record was
altered, the digital signature would be invalidated.
 Continue
6. Digital signature use encryption tool to send the
message that is unreadable, until expected
recipient uses their private key to decrypt the
message.
7. The purpose of digital signature is to provide
authenticity to user for Information.
8. It is a safeguard for information or data.
9. Digital signatures secure your data by encoding it.
10. Digital signatures can provide the added
assurances of evidence to origin, identity and
status of an electronic document, transaction or
message, as well as acknowledging informed
consent by the signer.
11. Digital signatures have the same legal significance
as the more traditional forms of signed documents
 Working of Digital Signature

Receiver “B”
Sender “A”
Encrypted Message Decrypts the message using his
Encrypts the message using public
private key
key

Sender “A” Receiver “B”

Decrypts the message using his Encrypts the message using his
private key Encrypted Message public key
 Plain Text and Cipher Text
 Sender “A” wants to
send message to “B” is
called as “plain text”.
 “A” encrypts that
message which get
converted into “cipher
text”.
 Plain text is a simple
text which can be read
by human while cipher
text is unreadable to
humans.
 Attribution of Electronic records
An electronic record shall be attributed to the
originator
1. if it was sent by the originator himself.
2. by a person who had the authority to act on
behalf of the originator in respect of that
electronic record, or
3. by an information system programmed by or
on behalf of the originator to operate
automatically.
 Acknowledgment of receipt
Acknowledgement does not mean the
acceptance. Acknowledgement just
signifies that the message has been
received.
1. any communication by the addressee,
automated or otherwise, or
2. any conduct of the addressee, sufficient to
indicate to the originator that the electronic
record has been received.
 Time and place of dispatch and receipt
of electronic record
“Dispatch of an electronic record” includes
successful communication of an electronic record to
the intended addressee.
1. if the originator or the addressee has more than
one place of business, the principal place of
business, shall be the place of business.
2. if the originator or the addressee does not have a
place of business, his usual place of residence
shall be deemed to be the place of business.
3. "usual place of residence", in relation to a body
corporate, means the place where it is registered.
 Ten Commandments of computing
These are ethics principles written in statements.
Commandments of computing guides computer users
and professional about do’s & dont’s.
1. Thou shalt not use a computer to harm other people
2. Thou shalt not interfere with other people's computer
work
3. Thou shalt not snoop around the other people's
computer files.
4. Thou shalt not use a computer for the purpose of steal
5. Thou shalt not use a computer to bear a false witness.
6. Thou shalt not copy or use the software for which
Thou has not paid.
 Continue
7. Thou shalt not use other people's computer
resources without authorization or proper
compensation.
8. Thou shalt not copy or use other people's
intellectual output
9. Thou shalt think about social consequence
of the program one is writing or the system
one is designing.
10. Thou shalt always use a computer by
means that show due considerations and
due respect for one’s fellow humans.
 Security
 Security is organizational concerns: business needs
safeguards that protect computer systems and data
from damage or unlawful use.
 Computer security includes policies, procedures,
tools and techniques designed to protect a
computer assets from accidental, intentional or
natural disasters, including theft, breaking physical
damage, and illegal access or manipulation.
 There are security procedures like passwords,
encryption, firewalls, digital signatures, antivirus,
SSL (Secure Socket Layers) to protect information.
 Privacy
 Privacy is the right of a person. It is concerned with
the publication of true account of private life of
individual, medical confidentiality, privacy in
electronic communication, etc.
 People need assurance that their personal
information, such as employment, financial data,
credit history, etc., will be used properly.
 Intellectual Property Rights(IPR)
 Intellectual Property is any creations of human mind
like inventions, music, lyrics, designs, applications,
artistic, etc.
 IPR refers to a number of distinct types of creations
of the mind for which a set of exclusive rights are
recognized and corresponding fields of law. Under
Intellectual Property Law, owners are granted
certain exclusive rights to their Intellectual property.
 Common types of IPR includes copyrights, Fair use,
trademarks, patents, industrial design rights, trade
secrets, Copying and distribution limitations,
attribution and acknowledgement, etc.
 Copyright
 Copyright is an intellectual property right attached
to original works in which the right exists with
originator or creator.
 Copyright is a form of protection provided by the law
to the authors of "original works of authorship“.
 Copyright law is useful for authorship determination,
duration of protection and requirement for transfer
of right to others.
 The copyright act can be applied to original literary
work including computer programs, databases,
dramatic work, musical work, Artistic work and
Cinematograph of films.
 Fair Use
 Fair Use is the exceptional case of copyright which
allows copying of a limited amount of materials in
certain cases without permission of the copyright
owner.
 The fair use of a copyrighted work for purposes such
as criticism, comment, news reporting, teaching,
scholarship or research.
 Even for this uses, whether a specific use is fair or
not depends on number of factors like, the purpose
of the use, nature of the copyrighted work, amount
of used work, effect of the use upon the potential
market for the value of the copyrighted work.
 Attribution
 Attribution term is related to the
originator(sender) who sends the products
to the other person.
 Acknowledgement
 Acknowledgement term is related to the receiver
who receives the product from the originator.
Attribution of the electronic record can be
defined as:
An electronic record shall be attributed to the
originator
1. if it was sent by the originator himself.
2. by a person who had the authority to act on
behalf of the originator in respect of that
electronic record, or
3. by an information system programmed by or on
behalf of the originator to operate
automatically.
 The distribution of software can be
categorised into:-
1. Shareware
2. Freeware
3. Public Domain Software
 Shareware
1. Shareware programs can be freely
distributed and freely tested.
2. This program can be shared with other user
with owner's permission.
3. A trail period (generally 30 days) is given to
test those programs. After this trial period,
the user who wants to keep using the
program has to register or pay a fee.
4. The software which are made available with
magazines are normally of this type.
5. Eg. Trial Version, Netflix, Amazon Prime)
 Freeware
1. Freeware is termed as free software that
allow everyone to copy, redistribute and
modify it with free of cost.
2. Its copyright is with the authors.
3. Freeware is programming that is offered at
no cost.
4. Linux, Whatsapp is an example of freeware.
 Public Domain Software
1. Public Domain Software is software that is not
copyrighted. It implies that the authors have
waived copyright over the software.
2. Anybody can copy them, modify them or use
them in any manner they want.
3. Public Domain programs can be freely
incorporated into new works without royalties for
the original material.
4. No ownership such as copyright, trademark, or
patent.
 IT Amendment Act 2008
1. Amendment of section 2:- Communication device
means cell phones, personal digital assistance or
combination of both or any other device used to
communicate, send or transmit any text, video, audio or
image.
2. ‘Cyber Cafe’:- means any facility from where access to
the internet is offered by any person on the ordinary
course of business to the members of the public.
3. ‘Cyber security’:- means protecting information,
equipment devices, computer, computer resources,
communication devices and information stored therein
from unauthorized access, use, disclosure, disruption,
modification or destruction.
 Continue
4. Delivery of services by service provider:- For efficient
delivery of services to the public through electronic means,
authorize by order, any service provider to set up, maintain
and upgrade the computerized facilities and perform such
other services as specified by notification in the Official
Gazette. Service provider includes any individual, private
agency, private company, partnership firm, sole proprietor
firm or any other body or agency which has been granted
permission by the Government to offer services through
electronic means in accordance with the policy governing
such service sector.
5. Audit of documents, etc maintained in electronic
form:- wherein any law for the time being in force, there is
a provision for audit of documents, records or information
that provision shall also be applicable for audit of
documents, records or information processed and
maintained in electronic form.
Continue
6. Duties of subscriber of electronic signature
certificate: In respect of electronic signatures
certificate the subscriber shall perform such
duties as may be prescribed.
7. Powers to issues directions for blocking public
access for any information through any computer
resources.
8. Powers to authorize, monitor and collect traffic
data or information through any computer
resource for cyber security.
9. Indian computer Emergency Response team to
serve as National Agency For incident response.