Security Standards

To make cyber security measures explicit, the written norms are required. These
norms are known as cyber security standards: the generic sets of prescriptions for
an ideal execution of certain measures. The standards may involve methods,
guidelines, reference frameworks, etc. It ensures efficiency of security, facilitates
integration and interoperability, enables meaningful comparison of measures,
reduces complexity, and provide the structure for new developments.

A security standard is "a published specification that establishes a common

language, and contains a technical specification or other precise criteria and is
designed to be used consistently, as a rule, a guideline, or a definition." The goal of
security standards is to improve the security of information technology (IT)
systems, networks, and critical infrastructures. The Well-Written cyber security
standards enable consistency among product developers and serve as a reliable
standard for purchasing security products.

Security standards are generally provided for all organizations regardless of their
size or the industry and sector in which they operate. This section includes
information about each standard that is usually recognized as an essential
component of any cyber security strategy.

1. ISO

ISO stands for International Organization for Standardization. International

Standards make things to work. These standards provide a world-class
specification for products, services and computers, to ensure quality, safety and
efficiency. They are instrumental in facilitating international trade.

ISO standard is officially established On 23 February 1947. It is an independent,

non-governmental international organization. Today, it has a membership of 162
national standards bodies and 784 technical committees and subcommittees to take
care of standards development. ISO has published over 22336 International
Standards and its related documents which covers almost every industry, from
information technology, to food safety, to agriculture and healthcare.

ISO 27000 Series

It is the family of information security standards which is developed by the

International Organization for Standardization and the International
Electrotechnical Commission to provide a globally recognized framework for best
information security management. It helps the organization to keep their
information assets secure such as employee details, financial information, and
intellectual property.

The need of ISO 27000 series arises because of the risk of cyber-attacks which the
organization face. The cyber-attacks are growing day by day making hackers a
constant threat to any industry that uses technology.

The ISO 27000 series can be categorized into many types. They are-

ISO 27001- This standard allows us to prove the clients and stakeholders of any
organization to managing the best security of their confidential data and
information. This standard involves a process-based approach for establishing,
implementing, operating, monitoring, maintaining, and improving our ISMS.

ISO 27000- This standard provides an explanation of terminologies used in ISO

27001.

ISO 27002- This standard provides guidelines for organizational information

security standards and information security management practices. It includes the
selection, implementation, operating and management of controls taking into
consideration the organization's information security risk environment(s).

ISO 27005- This standard supports the general concepts specified in 27001. It is
designed to provide the guidelines for implementation of information security
based on a risk management approach. To completely understand the ISO/IEC
27005, the knowledge of the concepts, models, processes, and terminologies
described in ISO/IEC 27001 and ISO/IEC 27002 is required. This standard is
capable for all kind of organizations such as non-government organization,
government agencies, and commercial enterprises.

ISO 27032- It is the international Standard which focuses explicitly on

cybersecurity. This Standard includes guidelines for protecting the information
beyond the borders of an organization such as in collaborations, partnerships or
other information sharing arrangements with clients and suppliers.

2. IT Act
The Information Technology Act also known as ITA-2000, or the IT Act main
aims is to provide the legal infrastructure in India which deal with cybercrime and
e-commerce. The IT Act is based on the United Nations Model Law on E-
Commerce 1996 recommended by the General Assembly of United Nations. This
act is also used to check misuse of cyber network and computer in India. It was
officially passed in 2000 and amended in 2008. It has been designed to give the
boost to Electronic commerce, e-transactions and related activities associated with
commerce and trade. It also facilitate electronic governance by means of reliable
electronic records.

IT Act 2000 has 13 chapters, 94 sections and 4 schedules. The first 14 sections
concerning digital signatures and other sections deal with the certifying authorities
who are licenced to issue digital signature certificates, sections 43 to 47 provides
penalties and compensation, section 48 to 64 deal with appeal to high court,
sections 65 to 79 deal with offences, and the remaining section 80 to 94 deal with
miscellaneous of the act.

3. Copyright Act

The Copyright Act 1957 amended by the Copyright Amendment Act 2012 governs
the subject of copyright law in India. This Act is applicable from 21 January 1958.
Copyright is a legal term which describes the ownership of control of the rights to
the authors of "original works of authorship" that are fixed in a tangible form of
expression. An original work of authorship is a distribution of certain works of
creative expression including books, video, movies, music, and computer
programs. The copyright law has been enacted to balance the use and reuse of
creative works against the desire of the creators of art, literature, music and
monetize their work by controlling who can make and sell copies of the work.

The copyright act covers the following-

o Rights of copyright owners

o Works eligible for protection
o Duration of copyright
o Who can claim copyright

The copyright act does not covers the following-

 o Ideas, procedures, methods, processes, concepts, systems, principles, or
discoveries
o Works that are not fixed in a tangible form (such as a choreographic work
that has not been notated or recorded or an improvisational speech that has
not been written down)
o Familiar symbols or designs
o Titles, names, short phrases, and slogans
o Mere variations of typographic ornamentation, lettering, or coloring

4. Patent Law

Patent law is a law that deals with new inventions. Traditional patent law protect
tangible scientific inventions, such as circuit boards, heating coils, car engines, or
zippers. As time increases patent law have been used to protect a broader variety of
inventions such as business practices, coding algorithms, or genetically modified
organisms. It is the right to exclude others from making, using, selling, importing,
inducing others to infringe, and offering a product specially adapted for practice of
the patent.

In general, a patent is a right that can be granted if an invention is:

o Not a natural object or process

o New
o Useful
o Not obvious.

5. IPR

Intellectual property rights is a right that allow creators, or owners of patents,

trademarks or copyrighted works to benefit from their own plans, ideas, or other
intangible assets or investment in a creation. These IPR rights are outlined in the
Article 27 of the Universal Declaration of Human Rights. It provides for the right
to benefit from the protection of moral and material interests resulting from
authorship of scientific, literary or artistic productions. These property rights allow
the holder to exercise a monopoly on the use of the item for a specified period.

What is cybercrime?
Cybercrime is any criminal activity that involves a computer, networked device or
a network.

While most cybercrimes are carried out in order to generate profit for the
cybercriminals, some cybercrimes are carried out against computers or devices
directly to damage or disable them. Others use computers or networks to
spread malware, illegal information, images or other materials. Some cybercrimes
do both -- i.e., target computers to infect them with a computer virus, which is then
spread to other machines and, sometimes, entire networks.

A primary effect of cybercrime is financial. Cybercrime can include many different

types of profit-driven criminal activity, including ransomware attacks, email and
internet fraud, and identity fraud, as well as attempts to steal financial account,
credit card or other payment card information.

Cybercriminals may target an individual's private information or corporate data for

theft and resale. As many workers settle into remote work routines due to the
pandemic, cybercrimes are expected to grow in frequency in 2021, making it
especially important to protect backup data.

Defining cybercrime
The U.S. Department of Justice (DOJ) divides cybercrime into three categories:

1. crimes in which the computing device is the target -- for example, to gain
network access;

2. crimes in which the computer is used as a weapon -- for example, to launch

a denial-of-service (DoS) attack; and
3. crimes in which the computer is used as an accessory to a crime -- for
example, using a computer to store illegally obtained data.

The Council of Europe Convention on Cybercrime, to which the U.S. is a

signatory, defines cybercrime as a wide range of malicious activities, including the
illegal interception of data, system interferences that compromise network integrity
and availability, and copyright infringements.

The necessity of internet connectivity has enabled an increase in the volume and
pace of cybercrime activities because the criminal no longer needs to be physically
present when committing a crime. The internet's speed, convenience, anonymity
and lack of borders make computer-based variations of financial crimes -- such as
ransomware, fraud and money laundering, as well as crimes such
as stalking and bullying -- easier to carry out.

Cybercriminal activity may be carried out by individuals or groups with relatively

little technical skill, Or by highly organized global criminal groups that may
include skilled developers and others with relevant expertise. To further reduce the
chances of detection and prosecution, cybercriminals often choose to operate in
countries with weak or nonexistent cybercrime laws.

How cybercrime works

Cybercrime attacks can begin wherever there is digital data, opportunity and
motive. Cybercriminals include everyone from the lone user engaged in
cyberbullying to state-sponsored actors, like China's intelligence services.

Cybercrimes generally do not occur in a vacuum; they are, in many ways,

distributed in nature. That is, cybercriminals typically rely on other actors to
complete the crime. This is whether it's the creator of malware using the dark
web to sell code, the distributor of illegal pharmaceuticals
using cryptocurrency brokers to hold virtual money in escrow or state threat
actors relying on technology subcontractors to steal intellectual property (IP).
Cybercriminals use various attack vectors to carry out their cyberattacks and are
constantly seeking new methods and techniques for achieving their goals, while
avoiding detection and arrest.

Cybercriminals often carry out their activities using malware and other types of
software, but social engineering is often an important component for executing
most types of cybercrime. Phishing emails are another important component to
many types of cybercrime but especially so for targeted attacks, like business email
compromise (BEC), in which the attacker attempts to impersonate, via email, a
business owner in order to convince employees to pay out bogus invoices.

A list of the different types of cybercrimes

Types of cybercrime
As mentioned above, there are many different types of cybercrime. Most
cybercrimes are carried out with the expectation of financial gain by the attackers,
though the ways cybercriminals aim to get paid can vary. Some specific types of
cybercrimes include the following:

 Cyberextortion:A crime involving an attack or threat of an attack coupled

with a demand for money to stop the attack. One form of cyberextortion is the
ransomware attack. Here, the attacker gains access to an organization's systems
 and encrypts its documents and files -- anything of potential value -- making
the data inaccessible until a ransom is paid. Usually, this is in some form of
cryptocurrency, such as bitcoin.

 Cryptojacking:An attack that uses scripts to mine cryptocurrencies within

browsers without the user's consent. Cryptojacking attacks may involve
loading cryptocurrency mining software to the victim's system. However,
many attacks depend on JavaScript code that does in-browser mining if the
user's browser has a tab or window open on the malicious site. No malware
needs to be installed as loading the affected page executes the in-browser
mining code.

 Identity theft:An attack that occurs when an individual accesses a computer to

glean a user's personal information, which they then use to steal that person's
identity or access their valuable accounts, such as banking and credit cards.
Cybercriminals buy and sell identity information on darknet markets, offering
financial accounts, as well as other types of accounts, like video streaming
services, webmail, video and audio streaming, online auctions and more.
Personal health information is another frequent target for identity thieves.

 Credit card fraud: An attack that occurs when hackers infiltrate retailers'
systems to get the credit card and/or banking information of their customers.
Stolen payment cards can be bought and sold in bulk on darknet markets,
where hacking groups that have stolen mass quantities of credit cards profit by
selling to lower-level cybercriminals who profit through credit card fraud
against individual accounts.

 Cyberespionage: A crime involving a cybercriminal who hacks into systems

or networks to gain access to confidential information held by a government or
other organization. Attacks may be motivated by profit or by ideology.
Cyberespionage activities can include every type of cyberattack to gather,
modify or destroy data, as well as using network-connected devices, like
webcams or closed-circuit TV (CCTV) cameras, to spy on a targeted
 individual or groups and monitoring communications, including emails, text
messages and instant messages.

 Software piracy: An attack that involves the unlawful copying, distribution

and use of software programs with the intention of commercial or personal use.
Trademark violations, copyright infringements and patent violations are often
associated with this type of cybercrime.

 Exit scam:The dark web, not surprisingly, has given rise to the digital version
of an old crime known as the exit scam. In today's form, dark web
administrators divert virtual currency held in marketplace escrow accounts to
their own accounts -- essentially, criminals stealing from other criminals.
Common examples of cybercrime
Some of the more commonly seen cybercrime attacks include distributed DoS
(DDoS) attacks, which are often used to shut down systems and networks. This
type of attack uses a network's own communications protocol against it by
overwhelming its ability to respond to connection requests. DDoS attacks are
sometimes carried out simply for malicious reasons or as part of a cyberextortion
scheme, but they may also be used to distract the victim organization from some
other attack or exploit carried out at the same time.

Infecting systems and networks with malware is an example of an attack used to

damage the system or harm users. This can be done by damaging the system,
software or data stored on the system. Ransomware attacks are similar, but
the malware acts by encrypting or shutting down victim systems until a ransom is
paid.

Phishing campaigns are used to infiltrate corporate networks. This can be by

sending fraudulent emails to users in an organization, enticing them to download
attachments or click on links that then spread viruses or malware to their systems
and through their systems to their company's networks.
Credential attacks are when a cybercriminal aims to steal or guess user IDs and
passwords for the victim's systems or personal accounts. They can be carried out
through the use of brute-force attacks by installing keylogger software or by
exploiting vulnerabilities in software or hardware that can expose the victim's
credentials.

Cybercriminals may also attempt to hijack a website to change or delete content or

to access or modify databases without authorization. For example, an attacker may
use a Structured Query Language (SQL) injection exploit to insert malicious code
into a website, which can then be used to exploit vulnerabilities in the website's
database, enabling a hacker to access and tamper with records or gain unauthorized
access to sensitive information and data, such as customer passwords, credit card
numbers, personally identifiable information (PII), trade secrets and IP.

Other common examples of cybercrime include illegal gambling, the sale of illegal
items -- like weapons, drugs or counterfeit goods -- and the solicitation,
production, possession or distribution of child pornography.

Effects of cybercrime on businesses

The true cost of cybercrime is difficult to assess accurately. In 2018, McAfee
released a report on the economic impact of cybercrime that estimated the likely
annual cost to the global economy was nearly $600 billion, up from $45 billion in
2014.

While the financial losses due to cybercrime can be significant, businesses can also
suffer other disastrous consequences as a result of criminal cyberattacks, including
the following:

 Damage to investor perception after a security breach can cause a drop in the
value of a company.
 In addition to potential share price drops, businesses may also face increased
costs for borrowing and greater difficulty in raising more capital as a result of
a cyber attack.

 Loss of sensitive customer data can result in fines and penalties for companies
that have failed to protect their customers' data. Businesses may also be sued
over the data breach.

 Damaged brand identity and loss of reputation after a cyberattack undermine

customers' trust in a company and that company's ability to keep their financial
data safe. Following a cyberattack, firms not only lose current customers, but
they also lose the ability to gain new customers.

 Businesses may also incur direct costs from a criminal cyberattack, including
increased insurance premium costs and the cost of hiring cybersecurity
companies to do incident response and remediation, as well as public relations
(PR) and other services related to an attack.
Effects of cybercrime on national defense
Cybercrimes may have public health and national security implications, making
computer crime one of DOJ's top priorities. In the U.S., at the federal level, the
Federal Bureau of Investigation's (FBI) Cyber Division is the agency within DOJ
that is charged with combating cybercrime. The Department of Homeland Security
(DHS) sees strengthening the security and resilience of cyberspace as an important
homeland security mission. Agencies such as the U.S. Secret Service (USSS) and
U.S. Immigration and Customs Enforcement (ICE) have special divisions
dedicated to combating cybercrime.

USSS's Electronic Crimes Task Force (ECTF) investigates cases that involve
electronic crimes, particularly attacks on the nation's financial and critical
infrastructures. USSS also runs the National Computer Forensics Institute (NCFI),
which provides state and local law enforcement, judges and prosecutors with
training in computer forensics.
The Internet Crime Complaint Center (IC3), a partnership among the FBI, the
National White Collar Crime Center (NW3C) and the Bureau of Justice Assistance
(BJA), accepts online complaints from victims of internet crimes or interested third
parties.

How to prevent cybercrime

While it may not be possible to completely eradicate cybercrime and ensure
complete internet security, businesses can reduce their exposure to it by
maintaining an effective cybersecurity strategy using a defense-in-depth approach
to securing systems, networks and data.

Cybercrime risks can be reduced with the following steps:

 develop clear policies and procedures for the business and employees;

 create cybersecurity incident response plans to support these policies and

procedures;

 outline the security measures that are in place about how to protect systems
and corporate data;

 use two-factor authentication (2FA) apps or physical security keys;

 activate 2FA on every online account when possible;

 verbally verify the authenticity of requests to send money by talking to a

financial manager;

 create intrusion detection system (IDS) rules that flag emails with extensions
similar to company emails;

 carefully scrutinize all email requests for transfer of funds to determine if the
requests are out of the ordinary;

 continually train employees on cybersecurity policies and procedures and what

to do in the event of security breaches;
 keep websites, endpoint devices and systems current with all software release
updates or patches; and

 back up data and information regularly to reduce the damage in case of a

ransomware attack or data breach.

Information security and resistance to cybercrime attacks can also be built by

encrypting local hard disks and email platforms, using a virtual private network
(VPN) and using a private, secure domain name system (DNS) server.

Cyber Law (IT Law) in India

Cyber Law also called IT Law is the law regarding Information-technology
including computers and internet. It is related to legal informatics and supervises
the digital circulation of information, software, information security and e-
commerce.
IT law does not consist a separate area of law rather it encloses aspects of contract,
intellectual property, privacy and data protection laws. Intellectual property is a
key element of IT law. The area of software license is controversial and still
evolving in Europe and elsewhere.
According to Ministry of Electronic and Information Technology,
Government of India :

Cyber Laws yields legal recognition to electronic documents and a structure to

support e-filing and e-commerce transactions and also provides a legal structure
to reduce, check cyber crimes.
Importance of Cyber Law:
1. It covers all transaction over internet.
2. It keeps eyes on all activities over internet.
3. It touches every action and every reaction in cyberspace.

Area of Cyber Law:

Cyber laws contain different types of purposes. Some laws create rules for how
individuals and companies may use computers and the internet while some laws
protect people from becoming the victims of crime through unscrupulous activities
on the internet. The major areas of cyber law include:
1. Fraud:
Consumers depend on cyber laws to protect them from online fraud. Laws are
 made to prevent identity theft, credit card theft and other financial crimes that
happen online. A person who commits identity theft may face confederate or
state criminal charges. They might also encounter a civil action brought by a
victim. Cyber lawyers work to both defend and prosecute against allegations of
fraud using the internet.

2. Copyright:
The internet has made copyright violations easier. In early days of online
communication, copyright violations was too easy. Both companies and
individuals need lawyers to bring actions to impose copyright protections.
Copyright violation is an area of cyber law that protects the rights of
individuals and companies to profit from their own creative works.

3. Defamation:
Several personnel use the internet to speak their mind. When people use the
internet to say things that are not true, it can cross the line into defamation.
Defamation laws are civil laws that save individuals from fake public
statements that can harm a business or someone’s personal reputation. When
people use the internet to make statements that violate civil laws, that is called
Defamation law.

4. Harassment and Stalking:

Sometimes online statements can violate criminal laws that forbid harassment
and stalking. When a person makes threatening statements again and again
about someone else online, there is violation of both civil and criminal laws.
Cyber lawyers both prosecute and defend people when stalking occurs using
the internet and other forms of electronic communication.

5. Freedom of Speech:
Freedom of speech is an important area of cyber law. Even though cyber laws
forbid certain behaviors online, freedom of speech laws also allow people to
speak their minds. Cyber lawyers must advise their clients on the limits of free
speech including laws that prohibit obscenity. Cyber lawyers may also defend
their clients when there is a debate about whether their actions consist of
permissible free speech.

6. Trade Secrets:
Companies doing businesses online often depend on cyber laws to protect their
trade secrets. For example, Google and other online search engines spend lots
of time developing the algorithms that produce search results. They also spend
 a great deal of time developing other features like maps, intelligent assistance
and flight search services to name a few. Cyber laws help these companies to
take legal action as necessary in order to protect their trade secrets.

7. Contracts and Employment Law:

Every time you click a button that says you agree to the terms and conditions
of using a website, you have used cyber law. There are terms and conditions
for every website that are somehow related to privacy concerns.

Advantages of Cyber Law:

 Organizations are now able to carry out e-commerce using the legal
infrastructure provided by the Act.

 Digital signatures have been given legal validity and sanction in the Act.

 It has opened the doors for the entry of corporate companies for issuing Digital
Signatures Certificates in the business of being Certifying Authorities.

 It allows Government to issue notification on the web thus heralding e-

governance.

 It gives authority to the companies or organizations to file any form,

application or any other document with any office, authority, body or agency
owned or controlled by the suitable Government in e-form by means of such e-
form as may be prescribed by the suitable Government.

 The IT Act also addresses the important issues of security, which are so critical
to the success of electronic transactions.

IT Act, 2000
The Information Technology Act, 2000 was enacted by the Indian Parliament in
2000. It is the primary law in India for matters related to cybercrime and e-
commerce.

 The act was enacted to give legal sanction to electronic commerce and
electronic transactions, to enable e-governance, and also to
prevent cybercrime.
 Under this law, for any crime involving a computer or a network located in
India, foreign nationals can also be charged.
  The law prescribes penalties for various cybercrimes and fraud through
digital/electronic format.
 It also gives legal recognition to digital signatures.

 The IT Act also amended certain provisions of the Indian Penal Code (IPC),
the Banker’s Book Evidence Act, 1891, the Indian Evidence Act, 1872 and
the Reserve Bank of India Act, 1934 to modify these laws to make them
compliant with new digital technologies.
 In the wake of the recent Indo-China border clash, the Government of India
banned various Chinese apps under the Information Technology Act. Read
more about this in an RSTV titled, ‘TikTok, Other Chinese Apps Banned’.
Given below are the links of relevant topics that will help aspirants prepare for
their UPS C examination-

Related Links

E-Governance and its Significance Science, Technology and Innovation Pol

Digital India Women in Science Research & Develop

Artificial Intelligence National Cyber Security Policy

Personal Data Protection Bill, 2019 National Cybersecurity Policy

UPSC Monthly Magazine for Current Affairs Right to Information

IT Act – 2008 Amendments

The IT Act, 2000 was amended in 2008. This amendment introduced the
controversial Section 66A into the Act.
Section 66A

 Section 66A gave authorities the power to arrest anyone accused of posting
content on social media that could be deemed ‘offensive’.
 This amendment was passed in the Parliament without any debate.
 As per the said section, a person could be convicted if proved on the charges
of sending any ‘information that is grossly offensive or has menacing
character’.
 It also made it an offence to send any information that the sender knows to
be false, but for the purpose of annoyance, inconvenience, danger,
obstruction, insult, injury, criminal intimidation, enmity, hatred or ill-will,
through a computer or electronic device.
 The penalty prescribed for the above was up to three years’ imprisonment
with fine.
Arguments against Section 66A

 Experts stated that the terms ‘offensive’, ‘menacing’, ‘annoyance’, etc. were
vague and ill-defined or not defined at all.
 Anything could be construed as offensive by anybody.

 There was a lot of scope for abuse of power using this provision to
intimidate people working in the media.
 This also curbed the freedom of speech and expression enshrined as a
fundamental right in the Constitution.
 The section was used most notably to arrest persons who made any
uncharitable remarks or criticisms against politicians.
The government contended that the section did not violate any fundamental right
and that only certain words were restricted. It stated that as the number of internet
users mushroomed in the country, there was a need to regulate the content on the
internet just like print and electronic media. The Supreme Court, however, in 2015,
struck down this section of the IT Act saying it was unconstitutional as it violated
Article 19(1)(a) of the Constitution. This was in the famous Shreya Singhal v
Union of India case (2015).
Section 69A

 Section 69A empowers the authorities to intercept, monitor or decrypt any

information generated, transmitted, received or stored in any computer
resource if it is necessary or expedient to do so in the interest of the
sovereignty or integrity of India, defense of India, the security of the State,
friendly relations with foreign states or public order or for preventing
incitement to the commission of any cognizable offence or for investigation
of any offence.
 It also empowers the government to block internet sites in the interests of the
nation. The law also contained the procedural safeguards for blocking any
site.
  When parties opposed to the section stated that this section violated the right
to privacy, the Supreme Court contended that national security is above
individual privacy. The apex court upheld the constitutional validity of the
section. Also read about privacy laws and India.
 The recent banning of certain Chinese Apps was done citing provisions
under Section 69A of the IT Act.
 Note:- The Indian Telegraph Act, 1885 allows the government to tap
phones. However, a 1996 SC judgement allows tapping of phones only
during a ‘public emergency’. Section 69A does not impose any public
emergency restriction for the government.
Read all the important acts and laws for UPSC & other govt. exams in the
linked article.

Information Technology Intermediary Guidelines (Amendment) Rules, 2018

The Rules have been framed under Section 79 of the Information Technology Act.
This section covers intermediary liability.

 Section 79(2)(c) of the Act states that intermediaries must observe due
diligence while discharging their duties, and also observe such other
guidelines as prescribed by the Central Government.
 Online Intermediaries:

 An intermediary is a service that facilitates people to use the Internet,

such as Internet Services Providers (ISPs), search engines and social
media platforms.
 There are two categories of intermediaries:

 Conduits: Technical providers of internet access or transmission

services.
 Hosts: Providers of content services (online platforms, storage
services).
 Information Technology Intermediary Guidelines (Amendment) Rules were
first released in 2011 and in 2018, the government made certain changes to
those rules.
 In 2018, there was a rise in the number of mob lynchings spurred by fake
news & rumours and messages circulated on social media platforms like
Whatsapp.
  To curb this, the government proposed stringent changes to Section 79 of the
IT Act.
What do the Rules say?

 According to the 2018 Rules, social media intermediaries should publish

rules and privacy policy to curb users from engaging in online material
which is paedophilic, pornographic, hateful, racially and ethnically
objectionable, invasive of privacy, etc.
 The 2018 Rules further provide that whenever an order is issued by the
government agencies seeking information or assistance
concerning cybersecurity, then the intermediaries must provide them the
same within 72 hours.
 The Rules make it obligatory for online intermediaries to appoint a ‘Nodal
person of Contact’ for 24X7 coordination with law enforcement agencies
and officers to ensure compliance.
 The intermediaries are also required to deploy such technologies based on
automated tools and appropriate mechanisms for the purpose of identifying
or removing or disabling access to unlawful information.
 The changes will also require online platforms to break end-to-end
encryption in order to ascertain the origin of messages.
 Online Intermediaries are required to remove or disable access to unlawful
content within 24 hours. They should also preserve such records for a
minimum period of 180 days for the purpose of investigations.
Rationale behind the Rules

 The government intends to make legal frameworks in order to make social

media accountable under the law and protect people and intermediaries from
misusing the same.
 The government wants to curb the spread of fake news and rumours, and
also pre-empt mob violence/lynching.
 There is a need to check the presentation of incorrect facts as news by social
media, that instigates people to commit crimes.
There has been criticism of the Rules from certain quarters, that says that the State
is intruding into the privacy of the individual. Some also say that this law widens
the scope of state surveillance of its citizens. These criticisms are notwithstanding
the fact that the new Rules are in line with recent SC rulings.
  Tehseen S. Poonawalla case (2018): SC said that authorities have full
freedom to curb the dissemination of explosive and irresponsible messages
on social media, that could incite mob violence and lynchings.
 Prajwala Letter case (2018): SC ordered the government to frame the
necessary guidelines to “eliminate child pornography, rape and gang rape
imagery, videos, and sites in content hosting platforms and other
applications”.

Frequently Asked Questions Related to Information Technology Act 2000

What is the main provision of IT Act 2000?

The original act addressed electronic documents, e-signatures, and authentication
of those records. It also enacted penalties for security breach offenses including
damaging computer systems or committing cyber terrorism.

What are the features of IT Act 2000?

Features of the Information Technology Act, 2000

 All electronic contracts created through secure electronic channels were

legally valid.
 Legal recognition for digital signatures.
 Security measures for electronic records and conjointly digital signatures are
in place.

How many sections are in the IT Act 2000?

The original Act contained 94 sections, divided into 13 chapters and 4 schedules.
What Is Intellectual Property Law?

Intellectual property law deals with the rules for securing and enforcing legal rights
to inventions, designs, and artistic works. Just as the law protects ownership of
personal property and real estate, so too does it protect the exclusive control of
intangible assets. The purpose of these laws is to give an incentive for people to
develop creative works that benefit society, by ensuring they can profit from their
works without fear of misappropriation by others.

Article I, Section 8 of the U.S. Constitution gives Congress express authority to

grant authors and inventors exclusive rights to their creations. Section 8 also gives
Congress the power to regulate interstate and foreign commerce, providing further
support for its right to legislate in this area. Intellectual property laws passed by
Congress are administered by two government agencies, the U.S. Patent and
Trademark Office, and the U.S. Copyright Office.

Patents give inventors the right to use their product in the marketplace, or to profit
by transferring that right to someone else. Depending on the type of invention,
patent rights are valid for up to 20 years. Qualifying items include new machines,
technological improvements, and manufactured goods, including the "look" of a
product. Patent protection will be denied if an invention is found to be obvious in
design, not useful, or morally offensive.

Trademarks protect symbols, names, and slogans used to identify goods and
services. The purpose is to avoid confusion, deter misleading advertising, and help
consumers distinguish one brand from another. Since the goal is to distinguish,
generic or purely descriptive marks may not qualify. Rights can potentially last
forever, and they are obtained by simply using a mark. While not required, owners
can register their marks for additional protection.

Copyrights apply to writings, music, motion pictures, architecture, and other

original intellectual and artistic expressions. Protection is not available for theories
or ideas, or anything that has not been captured in a fixed medium. The act of
creation itself produces a copyright and unpublished works are still protected. Use
of a copyright symbol and date is common, but not mandatory. Most copyrights are
valid for the creator's lifetime, plus 70 years.

Protecting Against Infringement

Infringement refers to the unauthorized use of intellectual property. To protect

against infringement, owners should take steps to put the world on notice that their
rights exist. Providing notice helps deter infringement by making the owner's rights
more visible to those who might inadvertently violate them. It also triggers
additional legal benefits, and puts the owner in a better position to prosecute an
infringement in court, if that becomes necessary.

Inventors can give notice of their rights by marking their product with the patent
number assigned to it by the Patent and Trademark Office. The label "patent
pending" can also be used to discourage others from copying the design before the
patent is awarded. Notice of trademarks and copyrights is given by placing the
appropriate symbol (™, ©, etc.) on the material, and then registering the mark or
copyright, so it can be added to the government's database.

If infringement does occur, rights to intellectual property can be enforced in federal

court. Before filing a lawsuit, however, owners will want to consult with an
attorney and carefully consider whether litigation is in their best interests.
Infringement cases are expensive to prosecute, and there is always a risk that the
owner's rights, once held up to the scrutiny of a court proceeding, will be revealed
as invalid or less extensive than the owner believed.

In the event an owner of intellectual property does sue, and the lawsuit is
successful, a number of remedies will be available. The court can order an
injunction, meaning the infringer must stop what it is doing. Substantial money
damages may also be available. In addition, once the owner's rights are established
in court, the infringer may agree to a license agreement. This allows use of the
intellectual property to continue, with payments going to the owner.

Rights to intellectual property can be incredibly lucrative, making individuals huge

sums of money. Infringement claims have also bankrupted large, profitable
companies without warning. With so much at stake, anyone dealing with issues in
this area of the law should seek the advice of an attorney. Firms specializing in
intellectual property law are available to help owners who are looking to establish,
profit from, or defend their rights.

Copyrights in Cyber Law

Rights of owner of intellectual property on the Web
This article provides information to the reader about the rights available and
security of an Intellectual Property owned by an original creator on the web.

Copyrights and digital law:

Copyright is a term that incorporates the right given to makers for their masterful
work, by and large, it covers scholarly works, for example, books, sonnets, plays,
reference, paperwork, melodic pieces, etc. Copyright subsists in a work by virtue
of creation; thus, it is not mandatory to register. Web copyright laws give the first
creators or specialists the option to prohibit others from replicating their work or
guaranteeing it as their own. While online copyright insurance doesn't ensure
realities, thoughts, frameworks, or techniques for activity, it might secure the
manner in which these things are communicated.

Types of Copyright Infringement on the Internet:

The peculiar element with infringement of copyright on the web is that it is
difficult to find if a work is a 'duplicate' of a secured work. Infringement may not
generally be purposeful. It might be because of 'obliviousness'. The infringement in
Cyberspace will occur in various manners, for example:

 Framing
 Linking
 Caching
 Public Display of the Right by transferring on the Internet
 Archiving

Framing
is the process of permitting a client to view the content of one site while it is
outlined by data of another site, like the "image in-picture" highlight offered on
certain TVs. In Future Dontics, Inc versus Applied Anagramics Inc, the plaintiff
was granted the exclusive use of a telephone number and a service mark of a
business. The plaintiff later built up a site to publicize the business. The defendant
imitated the Future Dontic webpage on a different frame in the defendant's site.
The Court held that it adds up to the infringement of Copyright.

Linking
Linking is connecting the user from the original site to a linked site. The client is
provided with access to a website through the original site. The Universal Resource
Locator (URL) need not be typed separately. Linking, for research purposes, gives
ease to the client. Tragically, it ascends a few legal issues. Linking might be of
different types, for example, Surface linking, profound linking, and in-line linking.
Shetland Times, Ltd. v. Jonathan Wills and others are viewed as the first "linking"
case" the issue introduced in Shetland Times was whether the Shetland ("News")
"deep link" to inserted pages of the Shetland ("Times") the site, using Times site's
news headlines, was a demonstration of copyright infringement under British law.
The matter settled on the day of trial, shortly after the court had issued a
preliminary injunction precluding the deep link.
Caching
Caching is the process in which material is duplicated from a unique source to the
cache. Such material would be accessible to the user for a temporary timeframe.
Caching may be executed in three ways; Firstly, replicating of the record itself
which is shown on the computer screen while getting to the web. Secondly, the
record that is being shown is duplicated and held alongside the reports evaluated
by the user in the past. Thirdly, the archives are not stored on a personal computer
but on an ISP (Internet Service Provider) or on a website.

Public Display Or Rights By Posting Pictures:

When any work is published on the Internet, it can be viewed by any user without
any hindrance. Thus, when Copyright material is published on the web without
approval, it turns into an instance of infringement. However, the Courts have not
given any guidelines to come to such an end result but they have conveyed mixed
reactions subject to the realities of each case. In Playboy Enterprises Inc v Frena,
the defendant made a BBS (Bulletin Board Service) which contained infringed
content. The plaintiff sued the defendant alleging infringement. The defendant
contended and stated that he was uninformed of any infringement. However, the
US District Court held the defendant liable.

Archiving:
In Archiving, the process involves downloading and putting away the material of
another site and incorporating the same. Regardless of whether there exists a
hyperlink, the connection will take the client to another region of a similar site
where the material of another site has been stored. Archiving without the
authorization of the copyright proprietor may add up to infringement.

Privileges of creators under copyright system in India:

In India, Copyright exists in the source code of a computer program. Computer
software is secured as literary work and so are computer databases according to
Section 2(o) of Copyright Act, 1957. Subsequently, a unique database is similarly
secured by copyright.

As indicated by Section 14 of the Copyright Act, 1957 a creator of a work has the
sole and exclusive option to enjoy and abuse a few rights given by the Act for
literary, dramatic, musical, or artistic work, cinematographic film, and sound
recording. Rights referenced under Section 14 incorporate the option to imitate the
work, to give its duplicates, perform it in public, make transformations,
interpretations, selling, or rental rights in regard to various categories of work.
Term of copyright is a lifetime of the author and sixty years from the beginning of
the calendar year next following the year in which the author dies.

Multimedia works by their inclination are works combining different databases, for
example, text, sound, pictures, and moving images. It is difficult to determine
which provisions ought to apply to a multimedia work in as it may be an
amalgamation of distinct works such as sound recording, artistic work, and literary
work or software wherein separate copyrights vest in the author conferring
differing rights with respect to a category of work as per Copyright Act.

Copyright Infringement and remedies:

Where copyright is infringed, the owner of the copyright is entitled to sue for
remedies including injunction, damages, the profit of accounts, and delivery of
infringed goods. Section 51 states that copyright in a work is considered infringed
when a person without a license from the owner or registrar of copyrights or
contravening conditions of a license does anything the which is the right of the
owner as per the Act or permits for a profit.

It also amounts to an infringement where a person, for sale or hire or displays or

offers for sale or distributes for trade or to prejudicially affect the owner of the
copyright or by way of trade exhibit in public or import into India infringing copies
of work (excluding one copy for the personal use of importer).

As registration is not compulsory, suits for infringement can be filed even if the
plaintiff has secured no registration of the work. Civil remedies available to the
owner of copyright are also available to the exclusive licensee. Electronic contracts
are considered legally valid in most jurisdictions such as India and electronic
licensing or assignment is also legally valid.

Fair Dealing as a Defence:

Section 52(a) accommodates exemptions for infringements named "Fair dealing".
According to Section 62 of the Copyright Act, a suit or a civil proceeding will be
petitioned for the infringement of copyright in the district court having jurisdiction
to hear the case. Section 63 of the Copyright Act provides punishments for the
offense of copyright infringement. Any individual who purposely abets the
infringement of the copyright in a work or some other right presented by the Act is
culpable with imprisonment for a term which will not be under 6 but which may
extend to three years and a fine which shall not be less than Rs. 50,000 but may
extend to 2 lacs.

On second and subsequent conviction imprisonment is for a term not less than one
year but which may extend to three years and a fine which will not be less than one
lac but may extend to 2 lacs.

Punishment may be reduced if infringements are not made for commercial gain.
According to Section 63 B, the use of an infringing duplicate of a computer
program is culpable with imprisonment for a term of at least 7 days and it may
extend to three years and a fine of at least Rs. 50,000 yet which may reach out to
Rs. 2 lacs. Punishment might be decreased if encroachments are not made for
benefit or profits.

Section 69 provides that if an offense is committed by an organization, each

individual, who at the time of the commission of the offense was in charge and
responsible for the conduct of the business of the company shall be deemed guilty
of such offense and liable for punishment unless he/she proves that the offense was
committed without his/her knowledge or that he/she exercised due diligence to
prevent the commission of such offense.

What is semiconductor law in cyber security?

Asemiconductor performs an electronic function and consists of two or more

layers, containing material forming a fixed pattern. In 1984 the Semiconductor
Chip Protection Act of 1984 (the SCPA) was enacted as law to protect the
topography of semiconductor chips.

Are semiconductor chips copyrightable?

After much lobbying by the semiconductor industry, Congress settled on creating a

new type of copyright for a “mask work” for these semiconductor designs. In 1984,
Congress passed the Semiconductor Chip Protection Act (“SCPA”) and created an
entirely new IP right, the first new IP right in 100 years.

What are semiconductor chips used for?

From the perspective of functionality, semiconductor memory chips store data and
programs on computers and data storage devices. Random-access memory (RAM)
chips provide temporary workspaces, whereas flash memory chips hold
information permanently unless erased.

What is a semiconductor chip?

A semiconductor chip is an electric circuit with many components such as

transistors and wiring formed on a semiconductor wafer. An electronic device
comprising numerous these components is called “integrated circuit (IC)”.

What is cybersecurity risk management?

Risk Management is the process of identifying risk, assessing risk, and taking steps
to reduce risk to an acceptable level. Organisations use risk assessment, the first
step in the risk management methodology, to determine the extent of the potential
threat, vulnerabilities and the risk associated with the IT system.

What are the cyber laws in India?

Cyber crimes can involve criminal activities that are traditional in nature, such as
theft, fraud, forgery, defamation and mischief, all of which are subject to the Indian
Penal Code. The abuse of computers has also given birth to a gamut of new age
crimes that are addressed by the Information Technology Act, 2000.

What is the patent law?

Patent law is the branch of intellectual property law that deals with new inventions.
Traditional patents protect tangible scientific inventions, such as circuit boards, car
engines, heating coils, or zippers. Once granted, a patent gives the inventors the
exclusive right to sell their invention for 20 years.

What are mask works copyright?

Mask Works are defined in the Act as: a series of related images, however fixed or
encoded (1) having or representing the predetermined three-dimensional pattern of
metallic, insulating, or semiconductor material present or removed from the layers
of a semiconductor chip product; and (2) in which series the relation of …

Why is there a shortage of semiconductor chips?

Semiconductors have been in short supply this year, due to a number of reasons
including factory closures resulting from the Covid-19 pandemic and heightened
demand for consumer electronics.

Who is the best semiconductor company?

Best Semiconductor Stocks to Buy Now

 ASML Holding N.V. (NASDAQ: ASML)

 Microchip Technology Incorporated (NASDAQ: MCHP)
 Analog Devices, Inc.
 Broadcom Inc.
 NXP Semiconductors N.V. (NASDAQ: NXPI)
 Maxim Integrated Products, Inc.
 Advanced Micro Devices, Inc.
 QUALCOMM Incorporated (NASDAQ: QCOM)

Why is there a chip shortage?

What is the chip shortage? The chip shortage is a result of the COVID-19
pandemic, which increased demand for the personal electronics such as cell phones
and laptops that the chips are used in to the point where production could not keep
pace with demand.

What are the 5 methods used to manage treat risks?

The basic methods for risk management—avoidance, retention, sharing,

transferring, and loss prevention and reduction—can apply to all facets of an
individual’s life and can pay off in the long run.

What did the semiconductor chip Protection Act of 1984 do?

An act to amend title 28, United States Code, with respect to the places where
court shall be held in certain judicial districts, and for other purposes.

How is a chip protected under the SCPA?

Chip protection is acquired under the SCPA by filing with the US Copyright Office
an application for “mask work” registration under the SCPA, together with a filing
fee.
Why is it important to protect the semiconductor industry?

In the semiconductor industry, innovation is indispensable; research breakthroughs

are essential to the life and health of the industry. But research and innovation in
the design of semiconductor chips are threatened by the inadequacies of existing
legal protection against piracy and unauthorized copying.
A patent is a type of intellectual property that gives its owner the legal right to
exclude others from making, using, or selling an invention for a limited period of
time in exchange for publishing an enabling disclosure of the invention.[1] In most
countries, patent rights fall under private law and the patent holder must sue
someone infringing the patent in order to enforce their rights. In
some industries patents are an essential form of competitive advantage; in others
they are irrelevant.[2]: 17
The procedure for granting patents, requirements placed on the patentee, and the
extent of the exclusive rights vary widely between countries according to national
laws and international agreements. Typically, however, a patent application must
include one or more claims that define the scope of protection that is being sought.
A patent may include many claims, each of which defines a specific property right.
These claims must meet various patentability requirements, which in the US
include novelty, usefulness, and non-obviousness.[3][4]
Under the World Trade Organization's (WTO) TRIPS Agreement, patents should
be available in WTO member states for any invention, in all fields of technology,
provided they are new, involve an inventive step, and are capable of industrial
application.[5] Nevertheless, there are variations on what is patentable subject
matter from country to country, also among WTO member states. TRIPS also
provides that the term of protection available should be a minimum of twenty
years.

Definition

The word patent originates from the Latin patere, which means "to lay open"
(i.e., to make available for public inspection). It is a shortened version of the
term letters patent, which was an open document or instrument issued by a
monarch or government granting exclusive rights to a person, predating the
modern patent system. Similar grants included land patents, which were land
grants by early state governments in the US, and printing patents, a precursor
of modern copyright.
In modern usage, the term patent usually refers to the right granted to anyone who
invents something new, useful and non-obvious. A patent is often referred to as a
form of intellectual property right,[7][8] an expression which is also used to refer
to trademarks and copyrights,[8] and which has proponents and detractors (see
also Intellectual property § The term "intellectual property"). Some other types of
intellectual property rights are also called patents in some jurisdictions: industrial
design rights are called design patents in the US,[9] plant breeders' rights are
sometimes called plant patents,[10] and utility models and Gebrauchsmuster are
sometimes called petty patents or innovation patents.
The additional qualification utility patent is sometimes used (primarily in the US)
to distinguish the primary meaning from these other types of patents. Particular
species of patents for inventions include biological patents, business method
patents, chemical patents and software patents.
Effects
A patent does not give a right to make or use or sell an invention. [1] Rather, a patent
provides, from a legal standpoint, the right to exclude others[1] from making, using,
selling, offering for sale, or importing the patented invention for the term of the
patent, which is usually 20 years from the filing date [6] subject to the payment
of maintenance fees. From an economic and practical standpoint however, a patent
is better and perhaps more precisely regarded as conferring upon its proprietor "a
right to try to exclude by asserting the patent in court", for many granted patents
turn out to be invalid once their proprietors attempt to assert them in court. [4] A
patent is a limited property right the government gives inventors in exchange for
their agreement to share details of their inventions with the public. Like any other
property right, it may be sold, licensed, mortgaged, assigned or transferred, given
away, or simply abandoned.
A patent, being an exclusionary right, does not necessarily give the patent owner
the right to exploit the invention subject to the patent. For example, many
inventions are improvements of prior inventions that may still be covered by
someone else's patent.[1] If an inventor obtains a patent on improvements to an
existing invention which is still under patent, they can only legally use the
improved invention if the patent holder of the original invention gives permission,
which they may refuse.
Some countries have "working provisions" that require the invention be exploited
in the jurisdiction it covers. Consequences of not working an invention vary from
one country to another, ranging from revocation of the patent rights to the
awarding of a compulsory license awarded by the courts to a party wishing to
exploit a patented invention. The patentee has the opportunity to challenge the
revocation or license, but is usually required to provide evidence that the
reasonable requirements of the public have been met by the working of invention.
Challenges[edit]
In most jurisdictions, there are ways for third parties to challenge the validity of an
allowed or issued patent at the national patent office; these are called opposition
proceedings. It is also possible to challenge the validity of a patent in court. In
either case, the challenging party tries to prove that the patent should never have
been granted. There are several grounds for challenges: the claimed subject matter
is not patentable subject matter at all; the claimed subject matter was actually not
new, or was obvious to the person skilled in the art, at the time the application was
filed; or that some kind of fraud was committed during prosecution with regard to
listing of inventors, representations about when discoveries were made, etc. Patents
can be found to be invalid in whole or in part for any of these reasons.[30][31]
Infringement[edit]
Main article: Patent infringement
Patent infringement occurs when a third party, without authorization from the
patentee, makes, uses, or sells a patented invention. Patents, however, are enforced
on a national basis. The making of an item in China, for example, that would
infringe a US patent, would not constitute infringement under US patent law unless
the item were imported into the US.[32]
Infringement includes literal infringement of a patent, meaning they are performing
a prohibited act that is protected against by the patent. There is also the Doctrine of
Equivalents. This doctrine protects from someone creating a product that is
basically, by all rights, the same product that is protected with just a few
modifications.[33] In some countries, like the United States, there is liability for
another two forms of infringement. One is contributory infringement, which is
participating in another’s infringement. This could be a company helping another
company to create a patented product or selling the patented product which is
created by another company.[34] There is also inducement to infringement, which is
when a party induces or assists another party in violating a patent. An example of
this would be a company paying another party to create a patented product in order
to reduce their competitor’s market share.[35] This is important when it comes to
gray market goods, which is when a patent owner sells a product in country A,
wherein they have the product patented, then another party buys and sells it,
without the owner’s permission, in country B, wherein the owner also has a patent
for the product. With either national or regional exhaustion being the law the in
country B, the owner may still be able to enforce their patent rights; however, if
country B has a policy of international exhaustion, then the patent owner will have
no legal grounds for enforcing the patent in country B as it was already sold in a
different country.[36]
Enforcement[edit]
Patents can generally only be enforced through civil lawsuits (for example, for a
US patent, by an action for patent infringement in a United States federal district
court), although some countries (such as France and Austria) have criminal
penalties for wanton infringement.[37] Typically, the patent owner seeks monetary
compensation (damages) for past infringement, and seeks an injunction that
prohibits the defendant from engaging in future acts of infringement, or seeks
either damages or injunction. To prove infringement, the patent owner must
establish that the accused infringer practises all the requirements of at least one of
the claims of the patent. (In many jurisdictions the scope of the patent may not be
limited to what is literally stated in the claims, for example due to the doctrine of
equivalents.)
An accused infringer has the right to challenge the validity of the patent allegedly
being infringed in a counterclaim. A patent can be found invalid on grounds
described in the relevant patent laws, which vary between countries. Often, the
grounds are a subset of requirements for patentability in the relevant country.
Although an infringer is generally free to rely on any available ground of invalidity
(such as a prior publication, for example), some countries have sanctions to
prevent the same validity questions being relitigated. An example is the
UK Certificate of contested validity.
Patent licensing agreements are contracts in which the patent owner (the licensor)
agrees to grant the licensee the right to make, use, sell, or import the claimed
invention, usually in return for a royalty or other compensation. [38][39] It is common
for companies engaged in complex technical fields to enter into multiple license
agreements associated with the production of a single product. Moreover, it is
equally common for competitors in such fields to license patents to each other
under cross-licensing agreements in order to share the benefits of using each
other's patented inventions. Freedom Licenses like the Apache 2.0 License are a
hybrid of copyright/trademark/patent license/contract due to the bundling nature of
the three intellectual properties in one central license. This can make it difficult to
enforce because patent licenses cannot be granted this way under copyright and
would have to be considered a contract.[40]
Ownership[edit]
In most countries, both natural persons and corporate entities may apply for a
patent. In the United States, however, only the inventor(s) may apply for a patent,
although it may be assigned to a corporate entity subsequently [41] and inventors
may be required to assign inventions to their employers under an employment
contract. In most European countries, ownership of an invention may pass from the
inventor to their employer by rule of law if the invention was made in the course of
the inventor's normal or specifically assigned employment duties, where an
invention might reasonably be expected to result from carrying out those duties, or
if the inventor had a special obligation to further the interests of the employer's
company.[42] Applications by artificial intelligence systems, such as DABUS, have
been rejected in the US, the UK, and at the European Patent Office on the grounds
they are not natural persons.[43]

The plate of the Martin ejector seat of a military aircraft, stating that the product is
covered by multiple patents in the UK, South Africa, Canada and pending in
"other" jurisdictions. Dübendorf Museum of Military Aviation.
The inventors, their successors or their assignees become the proprietors of the
patent when and if it is granted. If a patent is granted to more than one proprietor,
the laws of the country in question and any agreement between the proprietors may
affect the extent to which each proprietor can exploit the patent. For example, in
some countries, each proprietor may freely license or assign their rights in the
patent to another person while the law in other countries prohibits such actions
without the permission of the other proprietor(s).
The ability to assign ownership rights increases the liquidity of a patent as
property. Inventors can obtain patents and then sell them to third parties. [44] The
third parties then own the patents and have the same rights to prevent others from
exploiting the claimed inventions, as if they had originally made the inventions
themselves.
Governing laws

The grant and enforcement of patents are governed by national laws, and also by
international treaties, where those treaties have been given effect in national laws.
Patents are granted by national or regional patent offices. [45] A given patent is
therefore only useful for protecting an invention in the country in which that patent
is granted. In other words, patent law is territorial in nature. When a patent
application is published, the invention disclosed in the application becomes prior
art and enters the public domain (if not protected by other patents) in countries
where a patent applicant does not seek protection, the application thus generally
becoming prior art against anyone (including the applicant) who might seek patent
protection for the invention in those countries.
Commonly, a nation or a group of nations forms a patent office with responsibility
for operating that nation's patent system, within the relevant patent laws. The
patent office generally has responsibility for the grant of patents, with infringement
being the remit of national courts.
The authority for patent statutes in different countries varies. In the UK,
substantive patent law is contained in the Patents Act 1977 as amended. [46] In the
United States, the Constitution empowers Congress to make laws to "promote the
Progress of Science and useful Arts ...". The laws Congress passed are codified
in Title 35 of the United States Code and created the United States Patent and
Trademark Office.
There is a trend towards global harmonization of patent laws, with the World
Trade Organization (WTO) being particularly active in this area. [citation
needed]
The TRIPS Agreement has been largely successful in providing a forum for
nations to agree on an aligned set of patent laws. Conformity with the TRIPS
agreement is a requirement of admission to the WTO and so compliance is seen by
many nations as important. This has also led to many developing nations, which
may historically have developed different laws to aid their development, enforcing
patents laws in line with global practice.
Internationally, there are international treaty procedures, such as the procedures
under the European Patent Convention (EPC) [constituting the European Patent
Organisation (EPOrg)], that centralize some portion of the filing and examination
procedure. Similar arrangements exist among the member states
of ARIPO and OAPI, the analogous treaties among African countries, and the
nine CIS member states that have formed the Eurasian Patent Organization. A key
international convention relating to patents is the Paris Convention for the
Protection of Industrial Property, initially signed in 1883. The Paris Convention
sets out a range of basic rules relating to patents, and although the convention does
not have direct legal effect in all national jurisdictions, the principles of the
convention are incorporated into all notable current patent systems. The Paris
Convention set a minimum patent protection of 20 years, but the most significant
aspect of the convention is the provision of the right to claim priority: filing an
application in any one member state of the Paris Convention preserves the right for
one year to file in any other member state, and receive the benefit of the original
filing date. Another key treaty is the Patent Cooperation Treaty (PCT),
administered by the World Intellectual Property Organization (WIPO) and
covering more than 150 countries. The Patent Cooperation Treaty provides a
unified procedure for filing patent applications to protect inventions in each of its
contracting states along with giving owners a 30 month priority for applications as
opposed to the standard 12 the Paris Convention granted. A patent application filed
under the PCT is called an international application, or PCT application. The steps
for PCT applications are as follows:
1. Filing the PCT patent application
2. Examination during the international phase
3. Examination during the national phase.[47]
Alongside these international agreements for patents there was the Patent Law
Treaty (PLT). This treaty standardized the filing date requirements, standardized
the application and forms, allows for electronic communication and filing, and
avoids unintentional loss of rights, and simplifies patent office procedures.[48]
Sometimes, nations grant others, other than the patent owner, permissions to create
a patented product based on different situations that align with public policy or
public interest. These may include compulsory licenses, scientific research, and in
transit in country.[49]
Application and prosecution
Before filing for an application, which must be paid for whether a patent is granted
or not, a person will want to ensure that their material is patentable. A big part of
this is that patentable material must be man-made, meaning that anything natural
cannot be patented. For example, minerals, materials, genes, facts, organisms, and
biological processes cannot be patented, but if someone were to take this and
utilize and inventive, non-obvious, step with it to create something man-
made, that, the end result, could be patentable. That includes man-made strains of
bacteria, as was decided in Diamond v. Chakrabarty. [50] Patentability is also
dependent on public policy, if it goes against public policy, it will not be
patentable. An example of this is patent a man-modified higher life-form, such as a
mouse as seen in Harvard College v. Canada. [51] Additionally, patentable materials
must be novel, useful, and a non-obvious inventive step.[52]
A patent is requested by filing a written application at the relevant patent office.
The person or company filing the application is referred to as "the applicant". The
applicant may be the inventor or its assignee. The application contains a
description of how to make and use the invention that must provide sufficient
detail for a person skilled in the art (i.e., the relevant area of technology) to make
and use the invention. In some countries there are requirements for providing
specific information such as the usefulness of the invention, the best mode of
performing the invention known to the inventor, or the technical problem or
problems solved by the invention. Drawings illustrating the invention may also be
provided.
The application also includes one or more claims that define what a patent covers
or the "scope of protection".
After filing, an application is often referred to as "patent pending". While this term
does not confer legal protection, and a patent cannot be enforced until granted, it
serves to provide warning to potential infringers that if the patent is issued, they
may be liable for damages.[53][54][55]
Once filed, a patent application is "prosecuted". A patent examiner reviews the
patent application to determine if it meets the patentability requirements of that
country. If the application does not comply, objections are communicated to the
applicant or their patent agent or attorney through an Office action, to which the
applicant may respond. The number of Office actions and responses that may occur
vary from country to country, but eventually a final rejection is sent by the patent
office, or the patent application is granted, which after the payment of additional
fees, leads to an issued, enforceable patent. In some jurisdictions, there are
opportunities for third parties to bring an opposition proceeding between grant and
issuance, or post-issuance.
Once granted the patent is subject in most countries to renewal fees to keep the
patent in force. These fees are generally payable on a yearly basis. Some countries
or regional patent offices (e.g. the European Patent Office) also require annual
renewal fees to be paid for a patent application before it is granted.
Software Piracy
Software Piracy is the illegal approach of copying, distributing, modifying,
selling, or using the software which is legally protected. So in a simple term, we
can say Software piracy is the act of stealing legal software in an illegal way. This
software piracy refers to the unauthorized copy and use of legal software. And now
this critical problem has turned into a global issue.
Regulation for Software Piracy :
Software piracy is illegal and there are strict laws for these illegal activities. So
monetary penalties are also there for this lawbreaker who breaks these copyright
laws and creates copyright violation.
End-User License Agreement(EULA) is a license agreement which is mostly used
for software to protect its legality. It is a contract between the manufacturer and the
end-user. This rule defines the rules for legal software. One common rule in EULA
is that it prevents the user from sharing the software with others.
Types of Software Piracy :
There are mainly 5 types of Software Piracy. Each type of software piracy is
explained well below:
1. Softlifting-
It is the most common type of software piracy. In this piracy, the legal owner
of the software is one, but the users are multiple. For instance, someone
purchases the genuine software, and others will illegally use that software by
downloading the software to their computer.
For example, many times we borrow the software from our colleague and
install a copy of that on our computer just to save the money which rises to
softlifting one type of software piracy.
2. Hard-disk Loading-
It is the most common type of software piracy which mainly happens in PC
resell shops. The shop owner buys a legal copy of the software and reproduces
its copies in multiple computers by installing it. Most of the time customers/PC
users are not aware of these things and get the pirated version of the software
in the original S/W price or less than the original price. It is one type of
Commercial software piracy.
3. Counterfeiting-
In counterfeiting the duplicates are created of genuine/legal software programs
with the appearance of authenticity. Then these duplicate software are sold out
at less price.
4. Client-Server overuse –
In client-server overuse, more copies of the software are installed than it has
licensed for. Mainly it has seen in local business sectors when they work under
a local area n/w and install the software in all the computers for use by a
number of employees which is an unauthorized practice.
5. Online Piracy-
In online piracy, the illegal software is acquired from online auction sites and
blogs which is mainly achieved through the P2P(Peer to Peer) file-sharing
 system. As it is acquired by means of the Internet, often it is called Internet
Piracy.
Software Piracy is a danger because:
 Many times it fails or malfunction.
 No warranty of the product as it is acquired by illegal way.
 Risk of security issues.
 No upgrade and improvement in features and functionality
 High risk of virus and malware infection to the computer.
Software piracy may be easily avail the pirated software in a cheaper price, but
users should aware about its bad effects on the system, data, security point of view
as well as users should be aware about the strict consequences for offenders
breaking the law.
Software Licenses Types Explained

This tutorial explains the software licensing model in detail. Learn how many types
of software licenses are there and what are the differences between different types
of software licenses.

A software license is a legal agreement between the developer and end-user that
defines how the end-user can use or redistribute the software. There are mainly two
types of software: open source and proprietary. Both types use different types of
licensing models. Let's discuss both types and their license models.

Open-source software

In this type of software, the source code of the software is provided with the
software to the end-user. The end-user can view, edit and modify the source code.
The user can also redistribute the modified version of the software. There are
different models of open source licenses offering more or less freedom of
redistribution rights.

The most popular open-source licensing models are the following.

Public domain

This is the most flexible license. It grants almost all rights to the end-user. The
end-user can modify and redistribute the modified code without any restrictions.
The end-user can redistribute the modified code under his license.

Permissive
In the flexibility, this license type stands on the second number. Besides the
redistribution right, this license also grants all rights to the end-user. The end-user
can view and modify the source code. The end-user can also redistribute the
modified code but under the same license type. To redistribute the modified code,
the end-user cannot use the different license type.

Copyleft or Restrictive

In the flexibility, this license stands on the third number. It adds an additional
restriction on redistribution. This license does not allow the end-user to modify the
original license. To redistribute the modified code, the end-user has to use the
original license. Besides the redistribution right, this license does not put any other
restriction on the source code.

GNU/LGPL

This license allows the end-user to link or use open source libraries in his project
or software. If the end-user only links open source libraries, the end-user can
release his project under any license type. But if the end-user copies the open-
source libraries in his project, the end-user has to release his project under the same
GNU license.

Creative Commons Software

This license model allows the publishers or developers of the software to decide
what rights they want to reserve and what rights they want to grant the end-users.
This license type uses the simplest form of terms and conditions. This license type
is mostly used by the publishers who want to release their project or software
application under an open-source license but at the same time also want to reserve
some rights.
Proprietary software

In this type of software, ownership of the software remains with the software
publisher. The software publisher neither shares nor allows the end-user to view
and modify the source code of the software. The publisher only grants the use of
one or more copies of software under a license agreement, known as EULA (End
User License Agreement). A EULA contains the terms and conditions that define
what the user can and cannot do. To use the software, the end-user must accept the
EULA of the software.

To create a EULA, the software publisher can use a pre-defined licensing model or
can create a custom license for the software. The most popular proprietary
licensing models are the following.

Perpetual License

In this model, a version of the software application is sold on a one-time payment

basis. A user can use the purchased version of the software application forever.
The user gets updates and patches for the purchased version till the last date of the
support cycle of the purchased version. However, this license does not include the
subsequent versions of the software. If the user wants to use the next version of the
software, he has to purchase it separately. For example, you purchased Windows7,
you will get all updates and patches of Windows7, but you will not get any access
to Windows10. If you want to use Windows10, you have to purchase its license
separately.

Floating License

In this model, a license is used to define the number of users who can use the
software application simultaneously. This license works on a "first come first
served basis". Once all defined licenses are used, no additional user is allowed to
access the application. If an additional user wants to use the application, either he
has to purchase an additional license or has to request a license holder user to
release his license. Let take an example. Suppose a company has 10 users. The
company purchased a software application with 5 floating licenses. Now, any 5
users can use the application at a time. The company can rotate users in the pool.
For example, it can exclude a user to include another user but it can't include more
than five users at a time.

Subscription License

In this model, a license is used to define the time frame in which the user is
allowed to use the software application. The time frame could be 7 days (a weekly
subscription), 30 days (a monthly subscription), 365 days (a yearly subscription),
or a custom duration. Once the subscription period is expired, the user has to renew
the subscription. Netflix and Amazon prime are examples of subscription-based
services.

Use-time license

In this model, a license is used to provide time-based access to the application. The
license expires after a specific time duration. Once the license is expired, the user
is not allowed to access the application. To access the application again, the user
has to renew the license. Usually, the application notifies the user ahead of time
that the license will expire soon. Notifications help the user to renew the license
before it expires.

Academic License
Software companies use this type of license to provide their software to students or
engineers free of cost or at a minimal cost for educational or learning purposes.
The main idea behind this marketing stagey is that if a student becomes familiar
with an application during his academic courses, he is more likely to use the same
application during his job. For example, Microsoft and Adobe offer huge discounts
for students. To take advantage of the discount, students are required to verify their
academic status at the time of purchase or registration.

Metered License

In this model, a license is used to provide access to certain features of the

application. The user can access only the allowed feature of the application. For
example, this license can be used to define the number of allowed login sessions,
the number of files that can be created or accessed, etc.

Feature license

The software vendor uses this license to control the features of the software that
the end-user can use. This license is also used to limit the number of times a
specific feature can use.

Trial license

In this model, a license is used to allow access to all features or certain features of
the application software for a specific time duration. During this period, a user can
test the application. If the user wants to use the application after the trial, he has to
purchase a regular license.