CYBER

Cookies policy

Why it is essential to modify your choices while entering a Website

Introduction

HTTP cookies, even though of great importance to the modern Internet, are also a vulnerability to your privacy. While as a necessary part of web browsing HTTP cookies help web developers provide a more personal and interactive website visit, they also let websites remember you, your shopping carts, website logins, and more. But they can also be a treasure trove of private information about you that the criminals may use to spy on you.

But what are Cookies? And how do they pose a risk to your privacy?

What are Cookies?

In their simplest form, Cookies are little clusters or packets of data. A web server passes these data packets through to the computer after you’ve landed on a website. The computer then stores the data as files inside the cache of the browser.

There are several types of internet cookies out there, broadly six major types:

Session cookies
Persistent cookies
Third-party cookies
First-party cookies
Marketing cookies
Performance and analytical cookies.

How are they dangerous?

Since the data in cookies doesn’t change, cookies in themselves aren’t harmful. Neither can they infect computers with viruses or other malware. However, there are cyber-attacks that can hijack cookies and enable access to one’s browsing history.

This is the real danger- the ability to track an individual’s browsing history. In this, it is usually the 3rd party cookies that are responsible. Third-party cookies allow advertisers or analytics companies to track ^[1]an individual’s browsing history across the web on all sites that contain their advertisements.

Consequently, the advertiser can determine that a user first searched for, say, running apparel at a specific outdoor store before checking a particular sporting goods site and then a certain online sportswear boutique.

Zombie cookies are third-party cookies and are permanently installed on the users’ computers, even if they opt not to install cookies. They also reappear after deleting them. When zombie cookies first appeared, they were found to be created from data stored in the Adobe Flash storage bin. They are sometimes also called “flash cookies” and are extremely difficult to eliminate.

Legal Stand

Thanks to international privacy laws, among which is the EU’s General Data Protection Regulations (GDPR) and the Eprivacy Directive, websites must do a couple of things before they can install cookies in a browser or device:

Declare the cookies they use
Get the user’s consent to use these cookies

Why they need to get the user’s consent comes down to the type of information that cookies can gather. Cookies can collect what’s known as “personal data” or “personal information.” Personal data is any information that can be used to identify you or your household. Examples include Name; IP address; Email address; financial details; Login details etc.

Global privacy laws allow consumers to restrict who has access to personal information, revoke the consent to a company holding the personal data at any time, and refuse to accept marketing and other unnecessary cookies that collect personally identifiable data.

Most importantly, if a webpage wants to use cookies, it must inform the consumers:

Why the cookies are being used
Specifically what type of information they are collecting
How do they use the data and ^[2] who are they sharing it with
How to revoke consent
How to delete cookies

Companies should mention these rights in a Cookie Policy. You’ll either find this inside the Privacy Policy or in a separately linked document. Usually, the Policy is found linked at the bottom of the website in the footer.

Conclusion

There is always the option to make or not to make cookies a part of one’s internet experience. You can limit what cookies end up on your computer or mobile device.

Allowing them will streamline your surfing. Removing cookies later can help you mitigate your risks of privacy breaches. It can also reset your browser tracking and personalization. Before removing it, however, it is better to evaluate the ease of use expected from a website that uses cookies. In most cases, cookies only improve the web browsing experience. To conclude, we may say that it is better to be on the lookout when it comes to Cookies.

SAURADIP MUKHERJEE

1st Year LLB,

ILS LAW COLLEGE PUNE

^[1] https://www.kaspersky.com/resource-center/definitions/cookies

https://www.privacypolicies.com/blog/cookies/

^[2] https://www.privacypolicies.com/blog/cookies/

https://www.kaspersky.com/resource-center/definitions/cookies

SOCIAL MEDIA & PRIVACY

Introduction

Part II of the Information Technology Rules 2021 (hereinafter referred to as the ‘IT rules 2021’) lays down the due diligence and grievance redressal methods to be undertaken by these intermediaries. Within this arises concern of breach in end-to-end encryption that intermediaries guarantee to their users. End-to-end encryption is also legally recognized and protected under Section 84A of the IT Act, 2000.

Requiring messaging services to enable the identification of the first originator of information on its platform may adversely affect the privacy of individuals

With the rising data privacy concerns, these encryptions have been ensured by and strengthened on various platforms like WhatsApp and Facebook Messenger. Rule 4, sub-rule (2) of IT Rules, 2021 directs “significant social media intermediaries” to have a mechanism in their interface that would allow identification of the “first originator” of certain messages (information) which have the capability of “disrupting public order”, and even those that are against the sovereignty and integrity of the country or defamatory in nature. Such information can then be provided on a request made through a judicial order passed by a competent court or through an order passed under Section 69 of the IT Act, 2000. One of the problems with authorizing the Government to access the information regarding “first-originator” of a message is, the breach of end-to-end encryption. For a message in order to trace a message, decryption is a prerequisite, and allowing such decryption violates the encryption policy of platforms like WhatsApp, Signal, and Messenger. Enabling traceability in any manner which is compatible, has been previously dismissed on account of being susceptible to spoofing which means providing unauthorized access to outsiders or even the government itself. This raises severe concerns regarding user-privacy and their sharing of content on such platforms after the implementation of the IT Rules, 2021. Provision is that it is visibly conflicting to its parent legislation, the IT Act 2000. Section 84A of the IT Act, 2000 empowers the government to provide encryption methods which mean that it helps “secure” the use of electronic medium. Contrary to this, the IT Rules, 2021, through Rule 4(2), provide for the weakening of such encryption, violating the purpose laid down in the IT Act, 2000. Thus, such handicapping of encryption which is guaranteed by intermediaries is indeed problematic and hence raises legislative concerns.

Conclusion

Therefore, the country has an obligation to ensure that its laws and policies do not flagrantly violate the freedoms enshrined in ICCPR. However, certain provisions of the new IT Rules purport to create an ecosystem where the right to exercise freedom of speech in the digital space, a freedom guaranteed under ICCPR, would be seriously jeopardized.

Mansi S Bhavsar

5th Year B.A. LLB

Dr. D. Y. PATIL LAW COLLEGE, Pune

Don’t Like Share & Subscribe blindly: Says ASCI

“Hello everyone, please Like, Share & Subscribe” is probably the most cliche phrase used by influencers/content creators that we got used to just like the news regarding a new wave of COVID in recent times. But when a huge chunk of viewers actually follows these influencers, an inherent sense of responsibility is laden on their shoulders i.e., not to mislead their audience via endorsing shoddy products or services in exchange for a certain remuneration. However, not many are ready to take this liability, owing to which the Advertising Standards Council of India (ASCI) had to come up with certain rules and guidelines regarding advertisement on digital media platforms by the influencers, affected from June 2021.

The prime purpose behind this is to help the audience (consumers) in differentiating between paid promotional content from the ones which an influencer reviews with bona-fide intent. The whole idea has been adopted from the jurisprudence of “consumer protection” to prevent any misleading advertisements and to avoid abuse of trust and exploitation of innocent consumers who are generally unaware of the ‘material connection’ between their favorite influencer & the advertiser. This material connection is specified as any connection between the advertiser and the influencer that may affect the representation (review) made by the influencer owing to exchange of certain benefits and incentives including, issuance of free products or unsolicited gifts, discounts, contest, and sweepstake entries, trips or hotel stays, media barters, coverage, awards, and other similar perks.

The definition of an “influencer” as per these guidelines is basic & palpable i.e., “someone having access to an audience and power to affect such audiences’ purchasing decision or opinions about a product, service, brand or experience, because of the influencer’s authority, knowledge, position, or relationship with their audience”. The ASCI sensing the apparent impact of ‘Meta’ and ‘Metaverse’ went an extra mile and even defined “virtual influencers” as fictional computer-generated “people” or “avatars” that hold realistic characters like humans.

The fundamental thrust of these guidelines is on the ‘disclosure’ which needs to be divulged to the relevant audience, accompanied by ‘due-diligence’. So firstly, the advertisement must be readily distinguishable by average consumers through an approved disclosure label which needs to be conspicuous. Disclosures hidden or camouflaged in a profile, bio section, or in hashtags will not be considered valid. Secondly, the said disclosure label must be appropriate, prominent, clearly visible & suitable for all devices. It should contain the terms like ad, advertisement, sponsored, collaboration, partnership, Free Gift, etc, and should ideally be in English or any other language which can be easily comprehended by an average consumer.

Further, there are regulations for every type of advertised content created by the influencer i.e., if the advertisement is through a photo/video without subtitles/captions (like stories on Insta, Snapchat, etc.), a legible disclosure label needs to be superimposed over it. For a 15 second video, there should be a 3 seconds disclosure; for videos up to 2 mins, a 15 seconds disclosure and videos longer than 2 mins should have a permanent disclosure. In the case of live streams and audio promotions, the disclosure label should be announced at the beginning and the end of the broadcast.

The influencers have been specifically advised to be diligent while endorsing any advertiser i.e., he/she ought to conduct due diligence that determines whether the product or service can stand up to the claims made by the advertiser, and only then they should enter into an advertisement agreement. Traditionally, only the celebrities were covered under the parent ASCI Code but now with affordable internet and cheap mobile phones, every other person is trying to be an influencer, thus a framework was much needed to fill this void.

Many argue that these are mere guidelines that cannot be statutorily enforced but it should be noted that they have received judicial recognition as a standard industry practice. Further, for its effective implementation, the ASCI has recently launched its Whatsapp tool (+91 7710012345), where any aggrieved person can register his/her complaint. They also tied up with a European technology provider named “Reech” to identify influencers’ lack of transparency on social media which uses AI and machine learning tools to examine whether the content is sponsored or unsponsored. Once identified, ASCI sends a notice to the defaulting influencer, who can take corrective action by modifying the post as per the guidelines or he can raise his issue before the ‘Consumer Complaint Committee’, the outcome of which can obviously be challenged in regular Courts. Nevertheless, it is sincerely advised to all the budding influencers that prevention is always better than cure.

Atul Bhatt
LLB, 3rd year
Campus Law Centre
University of Delhi

Blockchain is more than Crypto: Potential Contemporary Uses

Blockchain, a term which many of us use synonymously with Cryptocurrency (crypto). It is in fact a popular term for DLT (Distributed Ledger Technology) that allows a transaction between two persons without any interference of an intermediary for authorization like banks i.e., the system is decentralized. The use of keys and cryptographic signatures, as well as peer-to-peer authentication, makes this system trustworthy among its users.

Prima facie, blockchain, and cryptocurrency are two different aspects. Blockchain is basically a principle (technology) and crypto is just one of its many applications. Every now and then we heard the news that the governments around the world are announcing a ban on crypto but does that mean they are announcing a ban on the blockchain? Absolutely not. In fact, Blockchain has now been seen as an innovative technology to bring drastic reforms in the e-governance models and digitized economies around the world, including India. Out of the many benefits, five of them are listed below-

Transfer of land records and property:

Everyone knows that property transfers necessitate a lot of paperwork to verify the credentials of the parties and the transaction involved. In such cases, Blockchain can provide a quick, safe and secure transfer of records. Thus, apart from making the process hassle-free, it will reduce litigation on title disputes on the property which we commonly see around us, as the ledger will record an indelible public entry that will be visible to all and cannot be tampered by anyone.

Pension and Insurance:

The use of blockchain in these areas can definitely save a massive amount of time and money. One can have “event-based smart contracts”, for eg: if an insured car is lost and the owner uploads the corresponding FIR for the same on a blockchain-enabled portal, then he may get the assured sum, without having interference of any agent. These smart contracts with “automated paying capacity” will reduce the involvement of a never-ending list of middlemen or agents, thereby saving a lot of money for the insurance companies and precious time of the beneficiaries. Additionally, recording the claims on such a portal will prohibit duplicity of claims.

E-voting:

It is perhaps the only avenue that entices the legislators and parliamentarians to discuss this tech on the floor of the Parliament. If the voters are registered on a blockchain-enabled voting portal, then duplicity of votes can be avoided, as the ledger will record only one vote per voter. Furthermore, people will not have to stand in long queues for hours anymore and the hefty cost of maintaining election arrangements will get reduced.

Reaping the benefits IP:

As one of the primary purposes of blockchain is to detect duplicity, it can help in identifying possible IP infringements that occur on a daily basis by providing a quick and cost-effective solution. It can help reduce piracy of artistic work (like keeping track of music, film, designs, etc.) thereby ensuring the creator’s adequate remuneration of their intellectual creation.

Maintaining Health-records:

After the arrival of the EHR (Electronic Health Record) system, people are reluctant to share the records of their personal health, which is obvious, as centrally stored data is more prone to cyberattacks. Thus, EHR needs to be combined with the privacy model of blockchain, which can only be accessed only by the patient and the doctor via a cryptographic key. This will also maintain a uniform record of the patient and every healthcare practitioner will have the same & updated access to his/her health details. Further, details of medical insurance can also be clubbed in that system, so that the patient doesn’t have to move pillar-to-post to settle down his claims.

This article has merely unearthed some of the hundreds of uses of blockchain technology that have been discovered till now and future generations can use this technology for various new purposes. As blockchain is merely a tool, in the right hands it can act as a lifeline but in the wrong hands can be a terminator for our future generations and thus needs to be regulated with certain rules and guidelines defining its broad framework. All these upcoming legal developments and novel uses will be updated timely in the later series of articles.

Atul Bhatt
LLB, 3rd year
Campus Law Centre
University of Delhi

BREACH OF RIGHT TO PRIVACY BY PEGASUS SPYWARE

What is Pegasus

Pegasus is a hacking software which has been developed and licensed to be used by a company of Israeli namely NSO Group. It has a capacity of infection millions of mobile phone including IOS and Android phone systems. Once this software enters into anyone’s phone, the phone becomes a surveillance device. The software can copy all the messages from your phone (sent or received) record calls including WhatsApp calls and also harvest photos and videos.[1]

Recently in 2019, the software exploited more than 1,400 phones with the help of software. It was also found that the software can also enter an iPhone by Apple’s iMessaging feature, However apples says that to protect your phone for this Pegasus one should keep updating their phone.

India Scenario

In India, there have been many cases wherein, Pegasus spyware was found in the mobiles phone which was considered as a violation of article 21 of those people. Around 40 journalist’s name was found in the hacking list of an unidentified agency using this spyware.[2] The data published over shoes that many journalists were prey to the software between the year 2018-19. Not only journalists, mobile numbers of 300 Indians including two union ministers, human right defenders, lawyers, thee leaders of the opposition party and scores of two business men was targeted for hacking with the help of the software.

Right to privacy

India is a democratic country, and incidents like Pegasus spyware snooping is violative of the fundamental rights of the citizens. Right to privacy is not an explicit rights mentioned in the Constitution, however after the judgment given in the famous case of K.S. Puttaswamy v. Union of India[3] “the right to privacy was interpreted as the right of an individual to exercise control over his personal data and to be able to control one’s existence on internet.” Therefore, the right to privacy comes under the ambit of right to life under Article 21. As the spyware Pegasus invade the privacy of an individual it is said to be a violation of Article 21 of the Constitution which is a fundamental right. In the surveillance issue, the absence of privacy impinges on the ideals of liberty and dignity as envisioned in the Constitution of India and hinders the growth of the individual as a citizen of this country.[4] Such a breach is a threat to the sovereignty of the nation and also the ideals of democracy the nation is based on.

Conclusion

The right to privacy is an intrinsic fundamental right available to each individual. Pegasus spyware not only violates the rights of individuals but it could also be use the private information of people. Data protection and privacy being internationally accepted concepts, should be protected from such software. International courts and judicial systems should ban the software or should take necessary steps to stop this violation or right to privacy and disclosure of information of individuals to the public.

Avantika Singh
3rd Year, BBA LLB (Hons.)
Symbiosis Law School, Pune

[1] What is Pegasus spyware and how does it hack phones by David Pegg and Sam Culter.

[2] Pegasus spyware controversy: The story so far, The free press Journal.

[3] K.S, Puttaswamy v. Union of & Ors., AIR 2017 SC 4161.

[4] Pegasus affair is an assault on privacy by Priyanka Chaturvedi.

Software, Algorithms, Programs and the Difference between them

INTRODUCTION:

Since the inception of the digital age, there have been a plethora of terms that have been used by people all over the world. Software, algorithm and program are terms which are often used synonymously without any due regard to their actual difference. While this may be forgiven from the view of a common man, as lawyers we have no such defense. The profession of law prides itself in being extremely particular about the interpretation of key terms and in the current lock-down era, never has the need to make a distinction between these three terms been higher. In this Article, we shall understand the definition of these terms and what is the difference between the three.

DEFINITIONS:

The terms software, algorithm and program are defined as follows:

Software:

Software can be generally defined as “[Software] a set of instructions, data or programs used to operate computers and execute certain specific tasks”[1]. Software is seen as the secondary component of a computer resource, with the main one being hardware. It is however far more than a mere secondary component. The scope of software is diverse and covers a world of design, operating systems, web browsing and applications of any kind used in practically all areas of life. From the moment we wake to the moment we sleep we interact at least once with software in one form or the other.

The IT Act does not venture into given us a clear definition of the term “software” despite making numerous references to it in the definitions of key terms such as “Computer[2]”, “Computer Resource[3]” “Information[4]” and “Secure System[5]”, which gives the perception that the drafters of the Act wished for the definition to be the same as used in common parlance. The term “Source Code” under the IT Act is often held to be referring to a software as well, particularly under Section 65 wherein the term has been defined as an Explanation:

“[Computer Source Code] means the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form.”

Algorithm:

The term algorithm is used to refer to a procedure wherein a mathematical method is utilised so as to calculate and device a certain procedure for the carrying out of a particular task. Algorithms have been prevalent in human society prior to their application to computer resources as a purely mathematical concept. It is this mathematical background of algorithms which make it difficult for it to avail of Intellectual Property protection. The Patents Act, 1970 goes as far as to prohibit granting of inventions in regards to algorithms specifically[6]. However, recent Computer Related Inventions Guidelines[7] have eased up this requirement and opened the possibility of gaining IP Protection for algorithms.

Program:

At the very start, one must know that the terms programme and program are used synonymously. The term “Program” is of American descent while the term “Programme” is of British and French decent. The term is used generally to refer to “a set of instructions that can be put into a computer in order to make it perform an operation”[8] .When referring to the term in a technical manner, the word “program” is used. The term has been defined under the Indian Copyright Act as follows:

“[Computer Programme] means a set of instructions expressed in words, codes, schemes or in any other form, including a machine readable medium, capable of causing a computer to perform a particular task or achieve a particular result”[9]

DIFFERENCE BETWEEN ALGORITHM, SOFTWARE AND PROGRAM:

The basic difference between an algorithm, program and software is the hierarchy. A set of algorithms together when put in a particular programming language formulate a program which when combined with other programs along with data creates a software. Following are other differences between the three terms:

Subject	Software	Program	Algorithm
General Definition	A set of programs used along with data for the purposes of execution of an application.	A set of instructions written in a programming language for the purposes of a particular task.	A mathematical method used to device a procedure for carrying out a task.
Nature	General	Specific	Abstract
Users	General Public usually	Developer generally	Developer
Size	Generally large files, ranging between Mega Bytes (Mb) and Above.	Generally Kilo Bytes (Kb) to Mega Bytes(Mb)	If saved on an online application, generally Kilo Bytes (Kb).
Features	Multiple features to provide great accessibility	Limited features	Bare steps for dealing with task at hand.
Structure	Generally Complex, able to deal with multiple inputs at a time depending on design.	Generally simple and focussed on dealing with one particular task.	Depending on task, can be simple or complex. However, higher the complexity, higher the mathematical explanation behind each step.
Language	Multiple Computer Languages are used in order to make sure it functions properly.	Depending on the particular task the program is being designed for.	Does not use any particular computer language.
IP Protection	Under Copyright Act, 1957	Under Copyright Act, 1957 Excluded per se under Section 3(k) of Patents Act, 1970	Not granted under Section 3(k) of the Patents Act, 1970 Subsequently relaxations under CRI Guidelines.

CONCLUSION:

Members of the legal fraternity often tend to use technical terms in the manner they are used in general parlance and do not dive deep into the definitions of the same unless specifically demanded by the Court or in the course of the suit. With the advent of technology in the daily lives of the general public, the need to understand the difference between the three grows exponentially. This is clearly seen especially when a lawyer is dealing with the intellectual property protection under copyright or patent laws.

For example, exceptions such as that under Section 3 (k) under the Patent Act, 1970 specify algorithms and computer programs per se cannot be granted patents. However, an individual can get his software patent protected if he can reasonably showcase that the software is a part of novel hardware.

Another aspect for obtaining IP protection with respect to algorithms and computer programs can be observed from global perspective. Some jurisdictions such as the United States may allow certain aspects of these computer programs and algorithms to be patented provided that the use of such computer program has certain level of control over a machine or a technical process and consequently resulting into some physical effects.

Therefore, in order to advise and assist the client in getting the best IP protection, it is key that the lawyer themselves first clearly differentiate between the three terms.

SHREYAS SHETTY

BALLB-5th Year

ILS LAW COLLEGE, PUNE

[1] “https://searchapparchitecture.techtarget.com/definition/software”

[2] Section 2 (1) (i), Information Technology Act, 2000

[3] Ibid, Section 2 (1)(k)

[4] Ibid, Section 2(1)(v)

[5] Ibid, Section 2(1)(ze)

[6] Section 3(k), Patents Act, 1970

[7]“http://www.ipindia.nic.in/writereaddata/Portal/IPOGuidelinesManuals/1_86_1_Revised__Guidelines_for_Examination_of_Computer-related_Inventions_CRI__.pdf”

[8] “https://dictionary.cambridge.org/dictionary/english/program”

[9] Section 2 (ffc), Indian Copyright Act, 1957

Online Gambling In India

Introduction:

In India the gambling rules and regulations are regulated by The Public Gambling Act, 1867. According to the Act gambling is considered an illegal activity in India. Also, if any person visits a place where gambling takes place, it is also considered illegal. In the recent past on the internet front we have witnessed an increase in the number of mobile apps and software where a certain amount of money is bid on a player or a team and various card games which are still out of the ambit of such rules and regulations. However, the courts have taken the matter in their hands and have passed several rulings which might help the administration to regulate such online gaming apps.

Legislation in India:

In the recent past there has been a buzz that the government is planning to legalize the gambling in India with certain rules and regulations. The gambling rules are laid down in The Public Gambling Act, 1867 and it does not talk about anything related to online gaming platforms. Since there has been an evolution in the internet world in the past 2 decades and since gambling is considered illegal it can be inferred that online gambling is also illegal.

The rules relating to the internet and technology are regulated by The Information and Technology Act, 2000. The act provides punishment for online activity but it is important to protect the rights of internet users by framing and amending the laws in such a way that such online gaming apps can be brought within the ambit of said act.

In India there is no explicit law that talks about the regulations related to online gambling however, Maharashtra has framed laws related to online gambling and they have completely imposed a ban on it. However, another state i.e. Sikkim has made online gambling legal with certain restrictions imposed upon it. It means that there are different views of the legislators upon the framing of any law related to online gambling.

In India there are various sectors where FDI (Foreign Direct Investment) is not allowed by the government and one such sector is gambling and betting including casinos. The involvement of private players is strictly prohibited in these sectors as the rules related to FDI are regulated by Foreign Exchange Management Act, 1999. Since the act deals with the provisions relating to the deposit of foreign currency in India it is important to note that no such provision has been laid down in the act where one can regulate such activities. Not only this, various other things such as foreign investment, foreign collaboration, licensing and franchising, trademark, brand name, etc. strictly prohibited in gambling and betting sector.

View of Indian Courts:

In India the people have shown their interest in fantasy sports and there has been a surge in the popularity of such online gaming apps. Applications like Dream 11, Mobile Premier League, Ace2Three, Rummy Culture, etc. have gained popularity amongst the people and most of the youth is getting attracted towards it. Many people have opined that such online fantasy games involve money and have resulted in gambling. To regulate such scenario cases were filed against such mobile apps. Few of the landmark cases are discussed below.

In the case of State of Andhra Pradesh vs. K. Satyanarayana[1], the Hon’ble Supreme Court held that, “the game of rummy requires certain amount of skill because the fall of the cards has to be memorized and the building up of Rummy requires considerable skill in holding and discarding cards.”

The same opinion was formed by the court in the case of Dr. K.R. Lakshmanan vs State Of Tamil Nadu And Anr[2], theHon’ble court held that, “the game of horse racing requires skill and cannot be termed as gambling.”

With the evolution of fantasy sports in India we have witnessed an increase in the cases related to fantasy sports in India where the court has taken the cognizance of the case. Similarly in the case of Varun Gumber v. U.T., Chandigarh[3], where the validity of Dream 11 was challenged, the Punjab and Haryana High Court held that “the fantasy sports company cannot said to be falling in the gambling activities as the same involves the substantial skills which is nothing but a business activity with due registration and paying the service tax and the income tax.”

Conclusion:

It is clearly evident that the Indian courts don’t consider such online websites and mobile apps as a means of gambling so it is important that the Indian legislators must frame the relevant laws in such a manner that all the betting and gambling related activities can be brought under a single umbrella. The online gaming is developing and people are becoming more advanced so to curb down the illegal activities stricter punishment must be made.

[1] 1968 AIR 825, 1968 SCR (2) 387.

[2] 1996 AIR 1153, 1996 SCC (2) 226.

[3] Judgment dated 18^th April 2017 in CWP No. 7559 of 2017.

10 Quick steps to ensure Cyber Safety

To stay safe in the virtual world, it is important to follow some cyber-safe practices which may help you in making your online experience more productive and secure. Here are 10 steps to ensure your cyber safety and to protect yourselves from falling prey to cyber criminals in a potential online financial fraud in India:

STEP 1: DO NOT DISCLOSE YOUR PERSONAL IDENTIFICATION DETAILS TO ANYONE

Never disclose your Personal ID details like your net banking password, One Time Password (OTP), ATM or phone banking PIN, CVV Number, expiry date of your debit/credit card, to anyone, even if they claim to be from your bank. Also, never respond to emails asking for these details which seem to have been received from your bank. Please beware that banks or their employees never call or email requesting for your personal ID details.

STEP 2: USE STRONG PASSWORDS AND DO NOT KEEP SAME ID/PASSWORD COMBINATION FOR ALL YOUR ACCOUNTS

Always use strong passwords. Use alphabets in upper and lower case, numbers and special characters while creating a password. Prefer separate email-ids and password combinations for different accounts to prevent anyone from guessing it. Make sure that you also periodically change the passwords of your online banking accounts.

STEP3: ALWAYS USE VIRTUAL KEYBOARDS WHILE LOGGING IN YOUR ONLINE BANKING ACCOUNTS

Always use virtual keyboards while logging into online banking services. This needs to specially taken care of while you’re utilizing a net-banking facility from a public computer/ cyber café or a shared computer or computer network.

STEP 4: DO NOT ACCESS OR MAKE ONLINE BANKING TRANSACTIONS WHEN CONNECTED TO A SHARED HOTSPOT OR PUBLIC WIFI

Never make financial transactions over shared public computers or while using public Wi-Fi networks. These computers might have key-loggers installed which are designed to capture input from keyboards and could enable fraudsters to steal your username and password.[1]

STEP 5: ALWAYS LOG OFF FROM YOUR ONLINE BANK ACCOUNT

Always remember to log off from your online banking portal/website after completing an online transaction with your credit/debit card.

STEP 6: ALWAYS DELETE BROWSING HISTORY FROM YOUR WEB BROWSER

Always delete the browsing data of your web browser (Chrome, Firefox etc.) after completing your online banking activity.

STEP 7: ALWAYS ENSURE THAT THE WEBSITE IS CORRECT AND THE WEB-ADDRESS BAR STARTS WITH “HTPPS”

Always be sure about the correct address of the bank website and look for the “lock” icon on the browser’s status bar while visiting your bank’s website or while conducting an online transaction. Always make sure that “htpps” appears in the website’s address bar before making an online transaction. The “s” here stands for “secure” and indicates that the communication with the webpage is encrypted. Most fake web addresses begin with “http://”. Beware of such websites.

STEP 8: KEEP A TRACK ON YOUR ONLINE TRANSACTIONS PERIODICALLY AND RAISE A REPORT IN CASE YOU FIND ANYTHING MISCHIEVOUS

Login and view your bank account activity regularly to ensure that there are no unexpected transactions. Raise a report to your concerned Bank in case any mischievous transaction has taken place from your account without your knowledge immediately. For this purpose, always keep your bank’s latest customer care number and email id of the concerned authority handy, so that you can report any suspicious or unauthorised transactions on your bank account expeditiously.

STEP 9: BEWARE OF MALICIOUS EMAILS/ TEXT MESSAGES/ PHONE CALLS

Always register your primary phone number and E-mail id that you use on your smartphone to receive instant SMS/E-mail alerts from your bank regarding any transaction that takes place from your bank account. If your mobile number has stopped working for a longer period, make sure to enquire and check with your mobile network operator that you haven’t fallen prey to any online scam.
Do not follow any instructions from a suspicious SMS received from an un-trusted source, delete such SMS instantly.
Do not chat with strangers over the Internet. Fraudsters and scammers are sitting over the net looking for victims.
Do not click on any suspicious links in your emails.
Do not reply to emails asking for your bank account details.
Do not provide any confidential information via emails, even if the request appears to be made by authorities such as the Income Tax Department, Visa or MasterCard etc.
Do an internet search[2] using the names or exact wording of the email you receive to check for any references to a scam – many scams are reported and can be looked out in this way.
While talking to a Banking Officer on a Phone call, never share the following details with him/her:
4 digit ATM/IVR PIN
OTP
Net Banking Password
CVV (Card Verification Value)
16 digit Card Number
Expiry date of your card
Name of the person to whom the card belongs.
Never respond to fake calls related to transfer/unclaimed bonuses regarding your insurance policy.[3]
Cyber criminals may call your family members posing as hospital staff and may request for money transfer saying that you may have met with an accident and you are in urgent need of money. This could be a spam. Before entertaining any such request, contact your family member to confirm their whereabouts and check the authenticity of the phone call.[4]

STEP 10: HANDLE YOUR DEBIT/CREDIT CARDS VIGILANTLY WHILE MAKING PAYMENTS

When you receive a New Debit/Credit Card from the Bank:
- Make sure the envelope in which it is contained is not damaged and it is sealed properly. In case, the packaging is tampered, please notify your bank immediately and request for a new card.
- After receiving the new card, make sure to change the PIN of the credit/debit card. The PIN can be changed either visiting your bank’s website or at your nearest ATM machine.
Secure ATM Banking tips:
- While drawing money from an ATM machine, stand close to the machine and use your body and hand as a shield to hide the keypad as you enter your PIN in the machine.
- Memorise the PIN, do not write it down anywhere, and certainly do not write the PIN on the card itself.
- Do not take help from strangers or the security guard on how to operate the ATM Machine or handling your cash.
- If your card gets stuck in the ATM machine, or if the cash is not dispensed after you enter the pin and insert the value of the amount, call your bank immediately.
- If you have any complaint about your ATM/ debit or credit cards transaction at an ATM, you must take it up with the Bank immediately.
Handling Debit/Credit Cards While making payments:
- Always ensure that the credit/debit cards swipes at the point of sale are done in your presence.
- During a transaction, keep your eye on your card. This will help you in avoiding potential cloning/unauthorized copying of your card information. Make sure you get it back before you walk away.
- Periodically monitor your bank and credit/debit card statements.
- Never store your credit/debit card information online.
- Never make use of your Debit/Credit cards on a public computer.
- If you suspect a suspicious transaction from your credit card, you should block your card immediately and file a complaint with the concerned bank and appropriate authority/forum.
Miscellaneous:
- Transactions that involve larger sum of money always go for payment through a cheque or credit card. Cheque and credit card payments usually can be traced and verified.[5]
- Enable international transaction option on your credit card only when you are travelling abroad.[6] Always ensure to disable international transaction option on your card upon return to your home country.
- Always use familiar websites for online shopping.
- Always verify and install authentic e-wallet apps directly from the App Store on your smartphone. Do not follow links shared over email, SMS or social media to install e-wallet apps.
- Always type the information in online forms and do not use the auto-fill option on your web browser.

Note: The abovementioned steps are only meant with an objective to create awareness amongst the general public regarding how to prevent & protect themselves from falling prey to potential cybercrimes such as online financial frauds. In case, you want to report or take an action against a financial cybercrime, please contact a professional cyber security expert.

[1] National Cyber Crime Reporting Portal, Secure Online Financial Frauds! , Issued by the Ministry of Home Affairs, Government of India Available at: https://cybercrime.gov.in/pdf/Financial%20Fraud%20Brochures%20final.pdf (Last accessed on July 3, 2020).

[2] Available at: http://www.cybercelldelhi.in/cheatingscams.html (Last Accessed on July 3, 2020).

[3] Available at: http://www.cybercelldelhi.in/insurancefrauds.html (Last accessed on July 3, 2020).

[4] National Cyber Crime Reporting Portal, Secure Online Financial Frauds! , Issued by the Ministry of Home Affairs, Government of India Available at: https://cybercrime.gov.in/pdf/Financial%20Fraud%20Brochures%20final.pdf (Last accessed on July 3, 2020).

[5] Available at: http://www.cybercelldelhi.in/insurancefrauds.html (Last accessed on July 3, 2020).

[6] National Cyber Crime Reporting Portal, Secure Online Financial Frauds! , Issued by the Ministry of Home Affairs, Government of India Available at: https://cybercrime.gov.in/pdf/Financial%20Fraud%20Brochures%20final.pdf (Last accessed on July 3, 2020).

INDIAN WOMEN AT RISK IN CYBER SPACE

Crime against women is on a rise in all the fields but being a victim of cybercrime could be the most traumatic experience for a woman. Especially in a country like India where the society looks down upon the women and the law doesn’t even properly recognize cyber crimes. One woman every second gets tricked to be a victim of cyber crimes in India and the online platform is now the new platform where a woman’s dignity, privacy and security is increasingly being challenged every moment. The effect in cyber crimes against women is more mental than physical while the focus of the laws ensuring women’s security is more on physical than mental harm.

Forms of Cyber Violence against women

Cyber Stalking

Cyber stalking is stalking by means of email, text messages, comments or sharing intimate photos on the internet that are offensive or threatening. Stalking involves acts that undermine the victim’s sense of safety and cause distress, fear or alarm. These acts must take place repeatedly and be perpetrated by the same person to be considered as cyber stalking.

Cyber Harassment

Cyber harassment can take many forms. But for the purpose of this article, it includes unwanted sexually explicit emails, text (or online) messages; Inappropriate or offensive advances on social networking websites or internet chat rooms; Threats of physical and/or sexual violence by email, text (or online) messages; Hate speech, meaning language that denigrates, insults, threatens or targets an individual based on her identity (gender) and other traits (such as sexual orientation or disability)

Cyber Defamation

Defamation is the intention to harm the reputation of a particular person knowing that their conduct is likely to cause such harm to the reputation. Cyber defamation is to defame through internet. Section 67 under IT Act, 2000 deals with publication of obscene material and provides for imprisonment up to a term of ten years and also with fine upto two lacs. The IT Act, however, does not cover cyber defamation specifically, thus, to seek remedy against the cyber defamation the aggrieved party will have to initiate the proceedings under the provisions of IPC.

Morphing

Morphing is highly increasing it is done by editing the original picture to misuse it. Perpetrators due to internet access can in few seconds download women’s pictures from social media, WhatsApp or some other resources and upload morphed photos on other websites such as porn sites, social media site, or for registering themselves anonymously.

Non Consensual Pornography

It means portrayal of sexual material on the web. It is a threat to the female netizens as they never know which actions of theirs are being recorded and would later end up on internet. The DPS MMS scandal is a very famous case of this where an MMS clip of a school girl in compromising situation was made and distributed amongst various internet networks.

E-mail Spoofing

E-mail spoofing describes fraudulent email activity in which the sender address and other parts of the email header are altered to appear as though the email originated from a different source; it is done by properties of the email, such as the From, Return-Path and Reply-To fields, ill-intentioned users can make the email appear to be from someone other than the actual sender. This method is often used by cyber criminals to extract personal information and private images from unsuspecting women, these images etc. are then used to blackmail those women. The most popular case of cyber spoofing is Gujarat Ambuja’s Executive Case, in this case the perpetrator pretended to be a girl for cheating and blackmailing the Abu Dhabi based NRI.[1]

Reporting a cyber crime

The procedure for reporting cyber crimes is more or less the same as for reporting any other kind of offence. The local police stations can be approached for filing complaints as the cybercrime cells specially designated with the jurisdiction to register complaint. In addition, provisions have now been made for filing of ‘E-FIR’ in most of the states. Every police station must have expert-trained police officer who can immediately deal with cyber crime complaints made. If a police station refuses to register the complaint, a representation may be given to the commissioner of police/superintendent of police. If in spite of that action is not taken, the next step could either be a private complaint before the concerned court or a writ before the high court.[2]

Conclusion

Cybercrimes against women are still taken lightly in India mostly due to decrease in the respect toward women. E-mail spoofing and Morphing do not have a moral backing in society and hence are taken lightly. This brings us the realization for social advancement that is needed, people need to recognize the rights of others and realize what constitutes crime. It can be done if people are taught from a young age to respect women. Hence, not only stricter penal reforms are needed but also a change in education system is a huge requirement to counter cybercrime against women in India. Such change cannot come from within a single block of society but people, government and NGOs etc need to work together to bring forth such changes.

Deepika Pandey

2nd Year LLB Student

Bharati Vidyapeeth New Law College

[1] Rajat Mishra, Cybercrime against women, https://www.SSRN-id2486125.pdf

[2] Dhruti M Kapadia, Cyber Crimes Against Women and Laws in India, Live Law.in , https://www.livelaw.in/cyber-crimes-against-women-and-laws-in-india/

DATA PROTECTION LAWS

Introduction:

In India there is no legislation which lay down the rules that are required to protect the data of a person. In recent times there have been allegations upon the government that the individual’s data has been used by the government without their permission. With so much of technological development and IT laws there it is a need of an hour where parallel laws related to data protection must be formed and an authority must be created.

What are Data Protection Laws?

Law which provides guidelines on how to use the data of any personnel or any individual. These laws create an authority as well as give the security to the personal data of the individual where the privacy of any individual will be maintained.

In today’s world almost 80 countries have formed data protection laws where no government can use the data of any personnel or any customer.

Personal Data Protection Bill, 2006:

In India various IT companies and BPO have access to all types of sensitive and personal data of individual across the world. All the data stored by these companies is in electronic form and such data is vulnerable because that particular data is used by the employees of that company and oftenly it is misused by the employees of the company.

There is no express legislation on this issue. In 2000 Information Technology Act was brought into force and a pari materia bill was introduced in the Parliament in the year 2006 i.e., Personal Data Protection Bill. However, this bill is yet to get the approval of the house. This bill was based on the general framework of the European Union Data Privacy Directive, 1996. The scope of the bill is extended up to the collection, processing and distribution of personal data.

The bill applies to government and the private companies who are involved in using the personal data as well as the bill talks about the appointment of Data Controllers who have the adjudicatory jurisdiction over the subject covered by the bill. The bill provides penalty for the offenders as well as grants the compensation to the victims.

What is the future of data protection laws in India?

Recently a bill was introduced in the Lok Sabha. The objective of the bill is to protect the privacy of personal data and regulate the processing of sensitive and critical data and also to establish Data Protection Authority of India for regulations.

The basis of this particular bill lies on 3 parts:

The judgment given in KS Puttaswamy vs. Union of India where Right to Privacy was considered as the Fundamental Right;
Directions issued by the Supreme Court to Central Government to frame related laws; and
Justice Srikrishna recommendations and draft on privacy protection.

Justice Srikrishna said that privacy protection is a burning issue and it has 3 aspects related to it. “The citizen’s rights have to be protected, the responsibilities of the states have to be defined but the data protection can’t be at the cost of trade and industry.” So it can be clearly inferred that in his report that the particular rights are given to safeguard the rights of citizens but not at the cost of the development of the country. In his report he also proposed penalties for violation, criminal proceedings, setting up of the data authority provision of withdrawal of consent and concept of consent fatigue.

The bill that has been laid down in the parliament has certain provisions which might be very useful for the protection of the data and will also help the government to use the data for the sovereignty and national security.

Conclusion

In today’s world one of the most important information is personal data. With so much of technological development a strong legislation is required to protect the data of an individual. The personal data may include thumb print, eye retina scan, digital signature, etc. These are certain kind of information for which an individual gives his/her permission to use without hesitation so it’s the duty of the government to frame data protection laws to help in saving the personal data or private data of any individual.