What is DIGITAL SECURITY?
Author: MAYANK JHA(Student B.B.A.,LL.B., V Year), FIMT School of Law (GGSIPU)
Digital security refers to various ways of protecting computer’s internet account and files from intrusion by an outside user.
Main objectives of digital security can be stated as follows-
· Availability Objective:
Information should be available and usable whenever it is needed. Interactions and transactions can run conveniently all the time.
· Confidentiality Objective:
This objective state that information should be available to only those who have the right to access it. We must keep things private or limit the data’s availability to certain, pre-specified people or organization.
· Integrity Objective:
As per this objective, information should be protected from unauthorized alteration and modification and misuse. We must be sure that the data we are trying to secure has not been modified or corrupted. We must also be sure about the source are we certain it originates from the right person, and is that person who they claim to be?
SECURITY THREATS IN INTERNET AND E-COMMERCE:
Information security aspects in the e-commerce environment will be an area of increasing concern to consumers, merchants, financial institutions and regulators. In this context, the term, “digital security” refers to efforts to protect electronic payment systems from the relevant threats. The main security threats in online payments system are the following.
1. That an individual will break into an electronic system in order to initiate unauthorized transactions on another individual’s legitimate account, thereby stealing money.
2. That an individual will steal customers personal data, enabling the wrongdoer to set up illegitimate credit card accounts, bank accounts and other accounts- this is called identity theft.
3. That an individual will attack or corrupt the data in the electronic system, either as vandalism or to extract money from the sponsoring financial institutions.
4. Internal fraud, that is, fraud committed by employees or other “insiders” in the organization.
5. Viruses: Self-replicating computer programs designed to perform unwanted events.
6. Worms: Special viruses that spread using direct internet connections.
7. Trojan Horses: Disguised as legitimate software and trick users into running the program security.
8. Masquerading or spoofing: Sending a message that appears to be from someone else.
9. Sniffers: Software that illegally access data traversing across the network.
10. Software and operating systems security holes.
11. Security (theft and fraud).
12. Theft of software via illegal copying from company’s servers.
13. Theft of hardware, specifically laptops.
What is computer virus:
Attached to a small pieces of computer code, software, or documents. A virus executes when the software is run on a computer. If the virus spreads to other computers. Those computers could continue to spread the virus.
A virus is transferred to another through e-mail, file transfer and instant messaging. A virus has a potential to corrupt or even delete files on your computer, use e-mail to spread itself to other computers, or even erase your hard drive.
What is worm:
It is a self-replicating program that is harmful to networks worm uses the network to duplicate its code to the hosts a network, often without any user intervention differ from the virus because the worm doesn’t need to attach to a program to infect the host.
It harms networks because it consumes.
What is trojan horse:
Technically it is a worm. Doesn’t need to attached to other software instead trojan threat is hidden in software that appears to do one thing, and get behind the scenes it does another.
The process of attempting to gain unauthorized access of computer resources is called hacking. Some of the examples of hacking are-
Website hacking, Network hacking, Ethical hacking, Email hacking, Password hacking.
It is like a spy; it secretly steals information are the program which are used to monitor/log the activity on the internet and transmits that information in the background to someone else. Can also gather information about e-mail addresses and even passwords and credit card no.
Phishing is a fake e-mail. It is an act of attempting to acquire information such as user names and passwords by misrepresenting as a trustworthy entity in an electronic communication.
Stories that are spread throughout the internet often through email, forums and blogs or showing images that are untrue or alterations of the truth. These types of hoaxes can be merely innocent stories spread in order to play on people’s inherent willingness to believe when presented in a realistic way or can be more malicious efforts to crash servers and spread viruses.
It is used as a term to refer to any software designed to cause damage to a single computer, server or computer network. Thus, malware is any program or file that is harmful to a computer user. Malware includes computer viruses, worms, trojan horses, and also spyware, programming that gathers information about a computer user without permission.
Irrelevant or unsolicited messages sent over the internet, typically to a large number of users, for the purposes of advertising, phishing, spreading malware, etc. Spam includes unwanted electronic communications, generally commercial in nature and likely to be a source of malware.
Antivirus software, or antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name.
It is a system designed to prevent unauthorized access to or from a private network. You can implement a firewall in either hardware or software form, or a combination of both. Firewalls prevent unauthorized internet users from accessing private networks connected to the internet, especially internets.
Method of protecting information and communications through the use of codes, so that only those for whom the information is intended can read and process it.
Forms of cryptography-
· Secret or Symmetric Key Cryptography: It is an encryption system where the sender and receiver of message use a single common key to encrypt and decrypt messages. Symmetric key systems are faster and simpler but the problem is that sender and receiver have to somehow exchange key in a secure manner. The most popular symmetric key cryptography system is data encryption system.
· Public or Asymmetric Key Cryptography: Under this system a pair of keys is used to encrypt and decrypt information. A public key is used for decryption. Public key and private key are different. Even if the public key is known by everyone the intended receiver can only decode it because he alone knows the private key.
It is the process of encoding information. This converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decipher a ciphertext back to plaintext an access the original information.
4. Secure Socket Layer (SSL):
SSL is a standard security technology for establishing an encrypted link between a server and a client typically a web server and a browser, or a mail server and a mail client.
SSL is a protocol for web browsers and servers that allows for the authentication, encryption and decryption of data sent over the internet.
5. Secure Electronic Transactions (SET):
SET was an early communications protocol used by e-commerce websites to secure electronic debit and credit card payments. Secure electronic transaction was used to facilitate the secure transmission of consumer card information via electronic portals on the internet.
It is a way to measure a person’s physical characteristics to verify their identity. These can include physiological traits, such as fingerprints and eyes, or behavioral characteristics.
7. Digital Signatures:
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents.
PRECAUTIONS WHILE USING INTERNET AND E-PAYMENTS:
A. Checking system security.
B. Acquisition of software from reliable sources.
C. Stop using pirated software.
D. Stop downloading everything.
E. Proper attention to the software installation process.
F. Use antivirus and antimalware software.
G. Use different passwords for different sites.
H. Always use two step authentications.
I. Use virtual keyboard for online shopping.
LEGAL PROVISIONS FOR DIGITAL SECURITY:
It is defined under the IT Act. It is the primary law in India dealing with cybercrime and e-commerce based on the United Nations Model on E-commerce 1996. In India the bill was finalized by group of officials headed by then minister of information technology Mr. Pramod Mahajan.
The bill was passed in the budget session of 2000 and signed by the President K.R. Narayanan on 9th May, 2000. It is applicable across India. Even the persons of other nationalities can also be indicted under the law, of the crime involves a computer or network located in India.
The Act also amended various sections of IPC, Cr PC, IEA, Banker’s Book Evidence Act, 1891 and RBI Act, 1934 to make them compatible with new technology.
· Sec. 65 of IT Act-Tampering with computer source documents
If a person knowingly or intentionally conceals, destroys or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force.
· Sec. 66 of IT Act-Hacking with computer system
If a person with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hack.
· Sec. 66B of IT Act-Receiving stolen computer or communication device
A person receives or retains a computer resource or communication device which is known to be stolen or the person has reason to believe is stolen.
· Sec. 66C of IT Act-Using password of another person
A person fraudulently uses the password, digital signature or other unique identification of another person.
· Sec. 66D of IT Act-Cheating using computer resource
If a person cheats someone using a computer resource or communication.
· Sec. 66E of IT Act-Publishing private images of others
If a person captures, transmits of a person’s private parts without his/her consent or knowledge.
· Sec. 66F of IT Act-Acts of cyber terrorism
If a person denies access to authorized personnel to a computer resource, accesses a protected system or introduces contaminant into a system, with the intention of threatening the unity, integrity, sovereignty or security of India, then he commits cyberterrorism.
· Sec. 67 of IT Act-Publishing information which is obscene in electronic form
If a person publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it.
· Sec. 67A of IT Act-Publishing images containing sexual acts
If a person publishes or transmits images containing a sexually explicit act or conduct.
· Sec. 67B of IT Act-Publishing child porn or predating children online
If a person captures, publishes or transmits images of a child in a sexually explicit act or conduct. If a person induces a child into a sexual act. A child is defined as anyone under 18.
· Sec. 67C of IT Act-Failure to maintain records
Person deemed as intermediary must maintain required records for stipulated time. Failure is an offence.
· Sec. 69 of IT Act-Failure/refusal to decrypt data
If the controller satisfied that it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, the security of the state, friendly relations with foreign stales or public order or for preventing incitement to the commission of any cognizable offence, for reasons to be recorded in writing, by order, direct any agency of the government to intercept any information transmitted through any computer resource. The subscribe or any person in charge of the computer resource shall, when called upon by any agency which has been directed, must extend all facilities and technical assistance to decrypt the information. The subscriber or any person who fails to assist the agency referred is deemed to have committed a crime.
· Sec. 70 of IT Act-Securing access or attempting to secure access to a protected system
The appropriate government may, by notification in the official gazette, declare that any computer, computer system or computer network to be a protected system. The AG may, by order in writing, authorize the process who are authorized to access protected systems. If a person who secures access or attempts to secure access to a protected system, then he is committing an offence.
· Sec. 71 of IT Act-Misrepresentation
If anyone makes any misrepresentation to, or suppresses any material fact from, the controller or the certifying authority for obtaining any license or digital signature certificate.
HOW TO FILE A COMPLAINT IN CASE OF CYBER CRIME:
There are many cyber cells established in different cities of India. In any of the forms you may file a complaint either in offline or in online.
First of all, lodge a complaint against the crime.
You need to file a written complaint, in the cyber cell within your jurisdiction.
In the written complaint you have to provide all the necessary information’s which are associated with you like- Name, address, contact details, about crime, etc.
As per stated in the IT Act, cyber crime comes under the ambit of global jurisdiction, so we can file complaint of cybercrime in any cyber cell of India.
HOW TO LODGE AN FIR IN CASE OF CYBER CRIME:
In case if you don’t have the access of any of the cyber cells in India, then in such case you can approach for the alternative option that is FIR.
If the police officials are not lodging your FIR then in such cases you can approach to the commissioner of police, if still the matter is not sort out.
Then you can approach to the judicial magistrate.
The FIR will be lodged under sec. 154 of IPC.
There is no any specific format filing the complaint. Just you need to provide a name, mailing address, telephone no. etc.
What to do if cyber cell refuses to accept your complaint?
In this case we have an option to file a complaint directly in front of the judicial magistrate.
What are the documents required for the cybercrime complaint?
It is not fixed it differs.
For e-mail-based complaints:
Ø Written complaint explaining the incidence.
Ø Copy of the e-mail taken from the original receiver.
Ø Full header of the e-mail.
For mobile app-based complaints:
Ø Screenshot of the alleged app.
Ø About location from where it was downloaded.
Ø Victim’s statements in case any transactions.
For social based complaints:
Ø Screenshot of the alleged profile.
Ø Hard and soft copies of the alleged content.
For data theft complaints:
Ø A copy of stolen data.
Ø Copyright certificate of the allegedly stolen data.
Ø Details of the suspected persons.
Ø Proof of breach of your copyright data.
Ø Devices used by the accused.
So, these are some of the measure steps that we should take in case of cybercrime.
NEW INFORMATION TECHNOLOGY (INTERMEDIARY GUIDELINES AND DIGITAL MEDIA ETHICS CODE) RULES, 2021:
In Feb. 2021, the government has notified these guidelines.
The rules have been framed in exercise of powers under section 87 of IT Act,2000.
Social media platforms welcome to do business in India but they need to follow the constitution and laws of India.
Social media platform can certainly be used for asking questions and criticize.
Social media platforms have empowered ordinary users but they need accountability against its misuse and abuse.
The new rules empower ordinary users of social media, embodying a mechanism for redressal and timely resolution of their grievance.
Rules about digital media and OTT focuses more on in house and self-regulation mechanism whereby a robust grievance redressal mechanism has been provided while upholding journalistic and creative freedom.
The proposed framework is progressive, liberal and contemporaneous.
It seeks to address people’s varied concerns while removing any misapprehension about curbing creativity and freedom of speech and expression.
WHY THE NEED OF RULES?
The digital India programme has now become a movement which is empowering common Indians with the power of technology. The extensive spread of mobile phones, internet etc. has also enabled many social media platforms to expand their footprints in India. Common people are also using these platforms in a very significant way. Some portals, which publish analysis about social media platforms and which have not been disputed, have reported the following numbers as user base of major social media platforms in India:
WhatsApp users- 53 Cr.
YouTube users- 44.8 Cr.
Facebook users- 42 Cr.
Instagram users- 21 Cr.
Twitter users- 1.75 Cr.
Of late some very disturbing developments are observed on the social media platforms. Persistent spread of fake news has compelled many media platforms to create fact check mechanisms. Rampant abuse of social media to share morphed images of women and contents related to revenge porn have often threatened the dignity of women. Misuse of social media for setting corporate in unethical manner has become a major concern for businesses. Instances of use of abusive language, defamatory and obscene contents and blatant disrespect to religious sentiments through platforms are growing.
Over the years, the increasing instances of misuse of social media by criminals, anti- national elements have brought new challenges for law enforcement agencies. These include inducement of terrorist’s circulation of obscene content, spread of disharmony, financial frauds, incitement of violence, public order, etc.
It was found that currently there is no robust complaint mechanisms wherein the ordinary users of social media and OTT platforms can register their complaint. Lack of transparency and absence of robust grievance redressal mechanism have left the users totally dependent on the victims. It has been seen that a user who has spent his time, energy and money in developing a social media profile is left with no remedies.
Rationale and justification for new guidelines-
These rules substantially empower the ordinary users of digital platforms to seek redressal for their grievances and command accountability in case of infringement of their rights. In this direction, the following developments are noteworthy:
The SC in Suo-moto writ petition (Pranjala Case) had observed that the government of India may frame necessary guidelines to eliminate child pornography, rape, such videos and sites in contest hosting platforms and other applications.
For all intermediaries
Ø Due diligence shall be followed by intermediaries.
Ø Intermediaries must setup grievance redressal mechanism.
Ø Intermediaries must ensure online safety and dignity of users, especially women users.
Ø Intermediaries shall remove or disable access within 24 hours of receipt of complaints.
Ø Intermediaries must bring voluntary user verification mechanism.
Ø Intermediaries must remove unlawful information.
Ø Upon receiving actual knowledge in the form of an order by a court or being notified by the appropriate government platforms should not host or publish any information which is prohibited.
Additional due diligence only for significant social media intermediary
Ø Appoint a chief compliance officer who shall be responsible for ensuring compliance with the act and rules. Such a person should be a resident in India.
Ø Appoint a nodal contact person for 24x7 co-ordination with law enforcement agencies. Such a person shall be a resident in India.
Ø Appoint a resident grievance officer who shall perform the functions mentioned under the grievance’s redressal mechanism. Such a person shall be a resident in India.
Ø Publish a monthly compliance report mentioning the details of complaints received and action taken on the complaints as well as details of contents removed proactively by the significant social media intermediary.
Ø Significant social media intermediaries providing services primarily in the nature of messaging shall enable identification of the first originator of the information.
Digital Media Ethics Code Relating to Digital Media and OTT Platform
Ø Code of ethics for online news, OTT platforms and digital media.
Ø Platforms should be required to implement parental locks for content classified as U/A 13+ or higher, and reliable age verification mechanisms for content classified as “A”.
Ø Publishers of news on digital media would be required to obscene norms of journalistic conduct of the press council of India and the programme code under the cable television networks regulation act.
Ø A three-level grievance redressal mechanism has been established under the rules with different levels of self-regulation.
Self-regulation by the publishers: Publisher shall appoint a grievance redressal officer based in India (15 days to resolve grievance)
Self-regulation by the self-regulating bodies of the publishers: There may be one or more self-regulatory bodies of publishers, such a body shall be headed by a retired judge of the SC, a HC or independent eminent person and have not more than six members.
Oversight mechanism: Ministry of Information and Broadcasting shall formulate an oversight mechanism. It shall publish a charter for self-regulating bodies, including codes of practices. It shall establish an Inter Departmental Committee for hearing grievances.
Cyber Security is one of the most important aspects of the fast-paced growing digital world. The threats of it are hard to deny, so it is crucial to learn how to defend from them and teach others how to do it.
DISCLAIMER: Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of A & S Jurisprudentia Ltd. A & S Jurisprudentia Ltd. also does not certify correctness of the Language, Spelling, Grammar, context etc. of the Blog and disclaims any Liability, consequences which may arise of this Blog.