Information Technology Law UNIT- Introduction We are living in an era where the internet has become a part of our daily schedule. Everything, from ordering food to shopping online, studying a subject to looking at memes, posting online about your whereabouts to online transactions, has been so engraved in our functioning that we tend to overlook the threats and dangers it poses tous. The web is a worldwide stage, which means that anyone can have access to it. ‘And once people have access to anything, they start violating it. Cyberspace is a global computer network which felicitates online communication. It allows users to share information and ideas, interact and communicate, play games, engage in discussions, conduct business and many other activities. In other words, this computer-generated worldwide stage of internet and web is known as Cyberspace. The Indian Law does not define the term ‘cybercrime’. It is neither defined in the Information Technology Act, 2000 nor in the I.T Amendment Act, 2008. nor in any other legislation of India. In fact, the Indian Penal Code still does not use the term ‘cybercrime’ even after its amendment by the Information Technology (Amendment) Act, 2008. However, cybercrime can be defined as any criminal activity directly related to the use of computers and the internet, such as illegal trespass into the computer system or database of another, manipulation or theft of stored or online data, hacking, phishing, cyber warfare, spreading computer virusesetc. In simple words, any offence or crime in which a computer is used for committing that crime. Next, coming to cyber law, it can be defined as the law which governs Cyberspace and protects from cyber-crimes and lays down punishments for its violation. Cyberlaw is a common term which refers to legal jurisdiction and regulation of various aspects of the internet and computer security. In India, cyber laws are regulated by the Information Technology Act, 2000. Evolution of Information Technology The United Nations Commission on International Trade Law in 1996 adopted a model law on e-commerce and digital intricacies. It also made it compulsory for every country to have its own laws on e-commerce and cybercrimes. In order to protect the data of citizens and the government, the Act was passed in 2000, making India the 12th country in the world to pass legislation for cyber-crimes. It is also called the IT Act and provides the legal framework to protect data related to e- commerce and digital signatures. It was further amended in 2008 and 2018 to meet the needs of society. The Act also defines the powers of intermediaries and their limitations. Features of Information Technology Act, 2000 Following are the features of the Act: + The Act is based on the Model Law on e-commerce adopted by UNCITRAL. + It has extra-territorial jurisdiction.It defines various terminologies used in the Act like cyber cafes, computer systems, digital signatures, electronic records, data, asymmetric cryptosystems, etc under Section 2(1) . It protects all the transactions and contracts made through electronic means and says that all such contracts are valid. (Section 10A) It also gives recognition to digital signatures and provides methods of authentication. It contains provisions related to the appointment of the Controller and its powers. It recognizes foreign certifying authorities (Section 19). It also provides various penalties in case a computer system is damaged by anyone other than the owner of the system. ‘The Act also provides provisions for an Appellate Tribunal to be established under the Act. All the appeals from the decisions of the Controller or other Adjudicating officers lie to the Appellate tribunal. Further, an appeal from the tribunal lies with the High Court. The Act describes various offences related to data and defines their punishment. It provides circumstances where the intermediaries are not held liable even if the privacy of data is breached. A cyber regulation advisory committee is set up under the Act to advise the Central Government on all matters related to e-commerce or digital signatures.Impact of er Crimes Impact on Economy People today are highly dependent on computers and the internet for money transfers and making payments. Therefore, the risk of being subjected to online money frauds is extremely high. Even in India, with the emergence and popularity of “cashless India”, chances of being duped online are also increasing, if one is not smart enough to use safe online transaction platforms and apps. Not just individuals suffer from financial losses due to cybercrimes; some of the surveys conducted have stated that approximately 80% of the companies participating in the surveys z cepted financial losses due to cybercrimes. Leakage of Personal Information Not just financial losses, people also suffer from leakage of their personal information. Many social networking sites, no matter how safe, are still an open platform for everyone to see someone else’s life, which can be dangerous. Apart from this, hackers can also hack into one’s account and collect whatever information they want to. Spamming and phishing also cause harm to people. Loss of Consumer Trust With such financial losses and a threat to personal information, consumers start losing trust in such sites and apps. Even if the person committing the crime is someone else, the site or app is declared to be fraudulent and unsafe, Also, it makes people reluctant to start a transaction when their credit card information is asked.This affects the credibility of an e-business and consequently jeopardizes a potential business. The threat to National Security Nowadays, the military of most of the countries is using advanced computer technologies and networks. Information warfare, albeit old, is used to spread malware, which can cause network crashes and spread misinformation. Not just militaries but terrorists and cybercriminals also these technologies to intrude in other Country’s security networks and obtain information. They also send threats and warnings through computer systems Need of Cyber Law With the evolution and development of the internet, information technology and computers, challenges imposed by cyber-crimes have also increased. Therefore, cyber laws regulate all fields of laws in which cyber-crimes can be committed, such as criminal law, contract, intellectual property law and tort. Cyber laws deal with various kinds of concerns, such as free speech, safety, intellectual property rights, privacy, terrorism, e-commerce and jurisdiction of cyber laws. With the increase in the number of internet users, the need for cyber laws and their application has become very urgent in modern times. Cyber laws are needed because: 1. Consumers are increasingly using online transactions with the increased popularity of payment apps and sites, as they are easy and efficient.Government’s scheme of ‘Cashless India’ has also gained popularity resulting in a high number of online transactions. R . Email, SMS, messaging apps and social networking sites have become the main mode of communication. 3. Companies are highly dependent upon their computer networks to keep their electronic data safe. B Most of the government forms are now filled in electronic format, for example, Income Tax Return, Passport application, Pan Card application, Company law forms etc. 5. Digital Signatures and authorization are fast, replacing conventional ways of identification for transactions. 6. Computers and networks also help in non-cyber-crimes as well. As most of the data, these days are stored in computers and mobile phones. The evidence collected from them can help in various crimes such as kidnapping, terrorist attacks, counterfeit currencies, tax evasion and such. 7. Cyber laws help in representing and defining the model of cyber society and maintaining cyber properties. 8. Digital contracts are also gaining popularity in modern times; cyber laws help in protecting the rights of these legally enforceable digital contracts Scope of Cyber Law The scope of cyber law is very wide as it deals with various kinds of challenges and threats imposed by the internet and developments in computer technology:1, Dealing with computer hackers, spammers and those who spread malware and viruses. 2. Protecting the privacy of the individuals and preventing frauds in money transactions. 3. Regulations and categorization of contractual obligations related to the acquisition of software. 4. Protection of Intellectual Property Rights and dealing with issues of copyright in a computer program and patent protection of software programs. 5. Dealing with the purchases from other jurisdictions under e-commerce. 6. Regulation and dealing with the issue of trafficking in domain names under the law; and 7. Regulation of the content and information available on the internet. 8. Protection and regulation of freedom of speech and expression and right to information. Cyber Law in India and the IT Act, 2000 In India, cyber laws are contained in the Information Technology Act, 2000. The main object of this Act is to provide legal recognition to e-commerce and electronic formats and to facilitate the filing of electronic records with the Government. This legislation lays down rules and regulations related to cybercrimes, electronic information and formats, electronic authentication and digital signatures, and liability of network service providers. The IT. Act is based on the United Nations Model Law on Electronic Commerce 1996 (UNCITRAL Model) recommended by the General Assembly of the United Nations by a resolution dated 30 January 1997,The Indian Cyber Law covers these major aspects of Cyberspace and cybercrime: 1. The Indian Cyber Law makes every format in electronic form legal, which means anything that you write, share and publish electronically is now considered legal. 2. It also makes all electronic contracts legal, which means that an offer can be electronically made and accepted, and it would amount to a valid and binding electronic contract. 3. The Indian Cyber Law recognizes and legalizes the concept of digital signatures and electronic authentications. 4. Indian Cyber Law covers almost all kinds of cybercrimes and provides punishment for the same. 5. It also punishes the people of other nationalities, provided their crimes involve any computer or network situated in India. Legalization of everything in electronic format, such as publications, communications, signatures and authorization, means that it is all now valid and can be used in any proceedings. Pros of the Act, 2000 1. Before the enactment of the I.T. Act, 2000, the usual means of communication such as emails and texts were not considered as a legal form of communication and due to this, they were not admissible as evidence in a court of law. But after the enactment of I.T. Act, 2000R 2 a electronic formats and communication got legal recognition, and now they are admissible as evidence in a court of law. . With the introduction of the I.T. Act, 2000, now companies can carry out e-commerce and e-business and promote online transactions commercially using the legal infrastructure provided by this Act. . Digital signatures and authentications have been legalized after the LT. Act, 2000, which is a great assistance to carry out transactions online as they help in verifying the identity of an individual on the internet. . The LT. Act, 2000, provides for corporate to have statutory remedies if anyone hacks and breaks into their computer systems or networks and causes any kind of damages. The LT. Act, 2000 provides for monetary damages, by the way, compensation, as a remedy for such crimes. . The I.T. Act, 2000 has defined, recognized and penalized various cyber- crimes such as hacking, spamming, identity theft, phishing and many more. Prior to this Act, cybercrimes were not included in any legislation, and there was no legal remedy for such crimes. . The Act allows companies to issue digital certificates by becoming Certifying Authorities, . This Act also allows the Government to issue notices on the internet through e-governance.1. The LT. Act, 2000 may cause a conflict of jurisdiction. 2. a Electronic commerce is based on the system of domain names. The IT. Act, 2000 does not address the issues relating to domain names, rights and liabilities of domain owners. . The LT. Act, 2000 does not provide for the protection of Intellectual Property Rights as issues regarding copyrights and patents are very common in relation to computer programs and networks. . The offences covered and defined under the LT. Act, 2000 are not exhaustive in nature. Since, with the advancements in technologies, computer programs and networks are constantly changing and evolving, and with this advancement, the nature of cybercrimes is also evolving. This Act does not cover various kinds of cybererimes such as cyberstalking, cyber fraud, chat room abuse, theft of internet hours and many more. . The LT. Act, 2000 has not addressed issues like privacy and content regulation, which is very necessary, considering the vulnerability internet poses. . Lastly, the main issue with this Act is its implementation. The I.T. Act, 2000 does not lay down any parameters for its implementation and regulationsInformation Technology (Amendment) Act, 2008 Few amendments have been made in the IT. Act, 2000 which have improved certain provisions of the original Act. Few of the amendments are: 1. The term’ digital signature’ has been replaced with ‘electronic signature’ to make the Act more technology-neutral. 2. The term “Communication device’ has been defined. According to the definition, ‘Communication device’ means cell phones, personal digital assistants or combination of both or any other device used to communicate, send or transmit any text, video, audio or image. 3. The term ‘Cybercafe’ has also been defined as any facility from where the access to the internet is offered by any person in the ordinary course of business to the members of the public. 4. New Sections have been added to address data protection and privacy. Conclusion The role and usage of the internet is increasing worldwide rapidly. It has increased the convenience of the consumer as everything can be done staying at home; however, it has also increased the convenience of cybercriminals to access any data and information which people intentionally and unintentionally provide on the internet and otherwise. So, along with proper legislation to protect and prevent cybererimes, it is necessary that people are made aware and educated regarding cybercrimes. Nevertheless, even though internet users let out their personal data easily, it still remains the responsibility of the State to protect the interests of itspeople. It has been recently found that big companies like Facebook use personal information and data of its users and use this information to influence the political views of people. This is a serious threat to both individual's privacy and the Nation’s interests. With the introduction of the LT. Act, 2000, the issue of crimes in Cyberspace in India has been addressed very smartly, yet, the proper implementation of the Act is still lacking. The need for efficient cyber laws is very evident, considering the current scenario, but individuals should also be aware of such threats while surfing the internet. 1. Kind of Crime- Cybercrimes are quite different from traditional crimes as they are often harder to detect, investigate and prosecute and because of that cyber-crimes cause greater damage to society than traditional crimes. Cyber-crime also includes traditional crimes conducted through the internet or any other computer technology. For example; hate crimes, identity theft, terrorism, stalking and bullying are considered to be cyber- crimes when traditional crimes are committed through the use of a computer and the internet. 2. Perpetrator- Another difference is in the description of the perpetrators of both kinds of crimes. The hackers in cyber-crime are professional thieves, educated hackers, organized criminal gangs, ideological hackers (hacktivists) etc. as compared to traditional crimes. 3. Evidence- The other difference between these two terms is based on the evidence of the offences. In the traditional crimes the criminals usually leave any proof of that crime like fingerprints or other physical proof. Butin the cyber-crimes cyber criminals commit their crimes through the internet and there are very less chances of leaving any physical proof. 4. Physical force- Further, these two terms can be differentiated on the basis of use of force. In traditional crimes many of the crimes like rape, murder, and burglary etc. involve the use of excessive physical force which leads to physical injury on the victim. But in cyber-crimes, there is no requirement of any type of physical force because in this type of crimes the criminals only use the identities or accounts of other person using computer technologies. SOFTWARE LICENCING Introduction Software license agreements are entered into when an owner or a developer of software wants to provide his product to the market without selling it. The agreement lays down the terms and conditions of the usage of the software and protects the rights of both the owner and the user. The agreement protects the copyrighted software from fraudulent activities and ensures that the time and money of the developers is not wasted. If A Ltd. wants to lease its software to B, they would enter into a software licensing agreement, which would allow B to use the software for his benefit, in accordance with the terms and conditions of the agreement.NEED FOR SOFTWARE LICENCING AGREEMENT ‘As a software developer, you must have spent a lot of time, money and effort in the building of your software. To ensure that all the efforts are worthwhile and to bring monetary gains, your software must be protected. The agreement protects the copyrighted software from various frauds and infringements. Below are the five main reasons why every software developer should enter into a software licensing agreement before selling your software. > Prevents abuse of the software If there is no licensing agreement between the seller and the purchaser, the seller can easily sell the software or duplicated without the permission of the owner. This makes your product easily available in the market, and you as a developer do not get the profits or the recognition. Lack of a licensing agreement leaves you nowhere as no remedy can be sought for misappropriation of your product. Thus a licensing agreement prevents the abuse of the business and the software. > Allows licensing of the software To make your product available in the market, you can license it through the ‘agreement and not necessarily sell it. Licensing of the software is better as it allows you to retain all rights and impose restrictions on the usage of the software. Further, it gives you the liberty to license the software to more than one customer and make money in the long run. For example, A Ltd company’s voice modulation software is unique and is high on demand. If A sells his product to one customer, he loses all his rights and would notbe able to make an income from his invention. However, instead of selling, if they license their software, they will not only be able to impose restrictions but can they can license it to more customers, thus making more money. > Limits your liability Not limiting the liabilities, makes a company subject to several lawsuits. These lawsuits damage the reputation of the company, consumes time and at the same time require financial assistance. Thus, it is important to have a licensing agreement that limits your liability and prevents the customers from initiating lawsuits. However, the liability clause should be reasonable and fair to both parties. » Allows to disclaim warranties Every customer would have different expectations from the software you are providing and sometimes these expectations are beyond imagination. To prevent such situations the company can include a disclaimer of warranties clause. For instance, B a customer of A Ltd purchased their voice modulation software and due to some software bugs, he lost his data. Subsequently, he filed a suit against A Itd, claiming remedies for the damages occurred. Now A Ltd. could argue that as per their agreement there was no guarantee that the software will be not bug-free and as B agreed to accept the software as it is, there is no liability on A Itd.MODEL LAW ON E-COMMERCE In today’s world, a large number of international trade transactions are carried out by electronic data interchange and other means of communication, commonly known as “electronic commerce”. It uses alternatives to paper-based methods of communication and storage of information. The United Nation Commission on International Trade Law (UNCITRAL), by the means of Model law on E-commerce (MLEC), sought to provide a set of internationally acceptable rules with an aim to remove legal obstacles and increase legal predictability for e-commerce. It has further improved the efficiency in international trade by providing equal treatment to paper based and electronic information, thus enabling the use of paperless communication. The model law is not a comprehensive, code-like articulation of the rules for the electronic transactions. It does not intend to govern every aspect of electronic contracting. It adopts a limited framework approach and enables and facilitates e- commerce. It has adopted the following fundamental principles of the modern electronic-commerce law: > The principle of non-discrimination — It ensures that any document would not be denied legal validity, effect, and enforceability solely on the basis that it is in electronic form. v The principle of technological neutrality — It mandates the adoption of such provisions which are neutral with respect to technology used. This aims at accommodating any future developments without any further legislative work.> The functional equivalence principle — It sets out the specific requirements that e-communication ought to meet in order to fulfill the same functions that certain notions, in traditional paper-based system, seek to achieve, for example, “writing”, “original”, “signed”, and “record”. All the states have given favorable consideration to the model law while enacting or revising their laws so that uniformity of the law applicable to the alternatives to the paper-based methods of communication is facilitated. This article deals with a brief history and key provisions of the Model Law of E-commerce to better understand the objectives of MLEC and how they are achieved. Chain of Events that led to Development of Model Law on E- Commerce In 1984, at its seventeenth session, the Commission considered a report of the Secretary-General which talked about the legal aspects of automated data processing. This report identified a number of legal issues related to the legal value of computer records and the requirement of written authentication, general conditions, liability, bills of lading, etc. A report of the working party on the facilitation of the international trade procedures suggested that the legal problems arising in this field were essentially those of international trade law. Since the Commission was the core legal body in the field of international trade law, it seemed appropriate for it to undertake necessary action. Thus, work on legal implications of automatic data processing to flow of international trade began. In 1985, a report by the Secretariat noted that the legal obstacles to the use of computers in international trade arose out of the requirement that documents had to be signed or be in paper form. Following this report, the Commission adopted arecommendation expressing to review the legal requirements of written form of trade documents and transactions, handwritten signature and authentication requirements, written form of the documents being submitted to government, and the requirement of such provisions relating to written form of documents as a condition for enforceability, etc. Yet, little progress was made in removal of provisions in national legislation requiring the use of written documents and authentication. In 1988, the Commission proposed to examine the need to provide legal principles applicable to formation of international commercial contracts by electronic means. After consideration of the reports and much deliberation, it was concluded that problems existed due to following of local laws by different parties which prevented uniformity in the legal perspective, functionality, as well as practices. Thus, the process of preparation of the Model Law came into being. The UNCITRAL Model Laws for E-commerce The Model Law has been divided into two parts. The Part I relates to the general provisions relating to e-commerce, it legislates the three principles of non- discrimination, technological neutrality, and functional equivalence. Besides establishing uniformity in the laws regarding e-commerce and legal relevance for data communicated through electronic mode, MLEC also establishes rules for formation and validity of e-contracts, for data message attribution, for receipt acknowledgement and for determining receipt of data messages, etc.The Part II of the Model Law deals with specific provisions for e-commerce in certain areas. Key Provisions General Provisions Article 2 of the Law provides definitions, the most important one is of “ » Data message > It is defined as information generated, sent, received, or stored by electronic, optical, or similar means. This definition has been attributed after taking into consideration the future technological developments as well, which is the reason for inclusion of the term similar means. This wide definition includes the notion of a record and even revocation and amendment. v Article 1 > The sphere of application that talks about in this article is for the information in the form of data messages, in the context of commercial activities. v Article 3 The Model Laws give the interpretational tools which call for a standard of international origin and uniformity in application of general principles of law. ¥ There can be variation in the communication of data messages by the agreement of the parties (Article 4).Source-Code Escrow Agreements Meaning of “source-code” Companies around the globe run on several custom software applications and this software is developed by the software developers. Implementation of this software is crucial to the running of the business thus, the developers enter into license ‘agreements with the companies. The developers store the “source code” critical for business in the escrow account. The source code is defined as a “logical statement in sequential format written in a computer programming language”. It directs the software and controls the data. The source code is written and designed by software developers and they use programming languages such as C++ or Java to develop a source code. After the formulation of the source code they are made into “executable codes”. The executable code is used to download, install, and can run on a computer system of the organization. But the executable mode prevents the customer from seeing the actual function of the software or modifying the operation of the software. Repairing the software or making any operational changes is only possible with the help of the source code, and this source code and documentation related to it remain with the escrow agent. The source code or the documentation is released only when the developer or the licensor files bankruptcy and fails to carry the obligations under the license agreement. The arrangement between the licensor and the licensee is an arrangement and can also be termed as a “software escrow agreement”. It is the sameas that of the “source-code escrow agreement and is explained in detail further in this article. Software Escrow Agreement A software escrow agreement is an agreement consisting of three parties namely, the software developer, the buyer, and the end-user who is also known as the beneficiary and the escrow agent. The escrow agent is the neutral party in this agreement. For a comprehensive intellectual property strategy, many companies adopt certain mechanisms to protect their investment in the software they purchase from software developers to run their businesses. Software escrow agreement is one such mechanism to protect such investment. A software escrow is the deposition of the source code by the software developer to. a neutral software escrow agent (third-party). A software escrow agreement comes into the picture when the buyer (licensee) enters into a sofiware licensing agreement with a software developer (licensor) to ensure that the developer carries out the maintenance and development obligations under the license agreement. Need for Source-Code Escrow Agreements The software developers often enter into licensing agreements with companies but the major share of their profits comes from maintenance agreements. The maintenance contracts fetch more profits than the licensing fees and the developers can hold the companies to stay in the contract for a longer period. This kind of contract entails services in addition to the maintenance of the code. It is pertinent to mention that although most developers offer software licenses to the clients the license is only for the object code which can be read by a machine, unlike the source code which can be deciphered by a person.Apart from leveraging the maintenance contract by establishing a long-term association with the clients, the developers fear the risk of the source code being copied, modified which would affect the other parts of the code. On the other hand, the licensee or the client always wants to protect their investment in the software and ensure that it is not lost in case the developer fails to maintain the same as per the license agreement and stops providing the object code. Therefore, the licensee requires access to the source code as the developer no longer shares the object code as per the agreement. Source-Code Escrow Agreement as a risk minimization strategy While negotiating a software license agreement, any prudent licensee would weigh the contingencies in the event the developer or the licensor goes out of business or become insolvent. In such a situation what follows the licensee’s request for the source code and other critical data to be able to run their business. The perspective of the Licensor From the software developer’s perspective, giving away the source code to the licensee might prove to be risky. The licensor fears that the licensee would not keep the source code safe and secure and if all the licensees demand the source code then there would be a huge loss to the business of the developer. The second risk is to minimize the chance of releasing the source code to the licensee. The developers tend to maintain a circumstance wherein the escrow agent would not release the source code due to incumbent business decisions. If the product reaches its end then it would not trigger a release event and the licensor would invoke the migration clause of the agreement.The perspective of the licensee The licensee’s concern is that if it does not get access to the source code and other materials to maintain and update the software they are heavily dependent on, their business would suffer immensely. Further, if the developer does not file bankruptcy it would continue to exist as a business and fails to abide by the terms of the escrow agreement. Another perspective of the licensee is that the developer can be acquired by a competitor of the licensor which would be harmful to the licensor. The risk factor lies in the changing dynamics between the developer and the acquirer, wherein the latter refuses to provide the support it had agreed to before the acquisition.