"(Cyberspace and the Law : Concepts and Legal Determination, Indian Rules and Regulations with the UNCITRAL Model Law and Related Foreign Legislation including Intellectual Property)""The present new edition covers majorly Cyberspace and the Law - Concepts and Legal Determination : Evolution of Law in Cyberspace: A Perspective on Internet Related Legal Issues · Planning A Business Enterprise on the Internet, Security Concerns, Trade Secrets and Privacy · Tax Aspects of Electronic Commerce Transactions · Intellectual Property in Cyberspace · The Law of Internet Disputes · Business Models: An Analysis of Legal Aspects of B2B and B2C Methods in Europe and their Impact on Indian Trading · Insurance and the Internet · Protection of Personal Data and Privacy · Data Privacy : Fundamental Legal Concepts · Data Privacy : Jurisdiction and Applicable Law · International Data Transfers · Data Privacy : Compliance Challenges and Startegies.""It has been more than six years after the first edition was prepared. The rapid development of information technology presents challenges to legal systems across the globe. A common feature for the business success of Internet transactions is the fact that they are 'direct'. Classical middlemen such as agents, distributors and franchisees, and the costs associated with these intermediaries, may be cut out of distribution chains. On the other hand, the Internet also creates new opportunities for business intermediaries who may now sell products not only in their home markets and in neighbouring states but also all over the world. Of course, all these changes go along with interesting legal issues specific to certain 'special' contractual relationships. In addition, there are the general legal aspects connected with the use of the new technology such as digital signatures, encryption technologies and other aspects of electronic commerce.""The rapid development of information and communication technologies over the past decade has revolutionized business practices. Transactions accomplished through electronic means - collectively "electronic commerce"-have created new legal issues. The shift from paper-based to electronic transactions has raised questions concerning the recognition, authenticity and enforceability of electronic documents and signatures. The challenge for lawmakers has been to balance the sometimes-conflicting goals of safeguarding electronic commerce and encouraging technological development. The Information Technology Act of 2000 aims to facilitate the development of a secure regulatory environment for electronic commerce by providing a legal infrastructure governing electronic contracting, security and integrity of electronic transactions, the use of digital signatures and other issues related to electronic commerce.""Information Technology Act, 2000, Indian Rules & Regulations : Information Technology (Certifying Authorities) Rules, 2000 · Cyber Regulations Appellate Tribunal (Procedure) Rules, 2000 · Electronic Commerce Act, 1988 · ISP Guide Lines · RBI Internet Banking Report · RBI Guidelines on internet banking, etc.""Uncitral Model Laws and Related Foreign Legislation : E-Commerce Legislation: Recent European Community Developments · Uncitral Model Law, 1998 · Singapore Electronic Transactions Act, 1998 · Singapore Electronic Transactions (Certifying Authority) Regulations 1999 · US Uniform Electronic Transactions Act, 1999 · US Uniform Electronic Transactions Act (Nov. 1997 Draft) · UK Data Protection Act, 1988. Intellectual Property : US Digital Millenium Copyright Act, 1998 (US Copyright Office Summary) · WIPO Copy Right Rules, 1996 · WIPO Performances and Phonograms Treaty Rules, 1996 · The ICANN Uniform Domain Name Dispute Resolution Policy · Rules for Uniform Domain Name Dispute Resolution Policy."
GUIDE TO CYBER LAWS
(INFORMATION TECHNOLOGY ACT, 2000,
E-COMMERCE, DATA PROTECTION
& THE INTERNET)
CONTENTS
PART I
CYBERSPACE AND THE LAW: CONCEPTS AND
LEGAL DETERMINATION
CHAP. 1 EVOLUTION OF LAW IN CYBERSPACE: A PERSPECTIVE
ON INTERNET RELATED LEGAL ISSUES 3
1. The Online Landscape: Technological, Social and Legal Issues 4
2. Foundations: Origins of the Internet 5
3. Advancing Technological Capabilities 9
1. Advances in Communications 9
2. Advances in Processing Power and Storage 10
4. Software Developments Driving New Capabilities 12
i. Distributed Computing 12
ii. Peer-to-Peer Networking 13
iii. The Rise of Untethered Computing 14
iv. Pervasive Computing 16
v. The Semantic Web 18
5. The Internet Enabling Changes 20
1. E-mail and Online Conversations 21
2. Web Publishing and Broadcasting 23
3. Online Commerce 24
i. Customization and Web User Information 24
ii. Pricing in an Online Environment 24
iii. Electronic Money 26
iv. Digital Delivery 27
v. Changing the Structures of Organizations and Industries 28
6. Some Observations on the Future 31
7. Who Controls the Internet? 36
8. The Wealth of Networks 37
9. Harmonisation of Laws and the Issue of Jurisdiction Over the Internet 37
— Outlining Problematic Issues 37
10. The Internet and Electronic Trading: an Outline History of E-Commerce 38
— The development of the on-line environ ment. 38
— Globalisation and the Internet media 40
11. The Internet in the Context of International Commerce 43
12. Background to the Information Highway 44
13. Technology and Human Communication: 48
— Understanding the origins and history of the Internet 48
14. The Internet as an International Trade Route-‘the digital silk route’ 54
15. Examples of Practical Commercial Applications 55
16. Illustrating A Typical Transaction 56
17. Government Controls, in General 57
18. Electronic Signature Legislation-a historical respective (with guidelines) 57
— Content of legislation 60
— Technology neutrality 60
— Exceptions 60
— Variation by agreement 61
— Writing 62
— Signature 62
— Original 62
— Evidence [Indian law] 63
— Retention of data messages 63
— Formation and validity of contracts 63
— Attribution of data messages 63
— Acknowledgment of receipt 64
— Time and place of dispatch and receipt of data message 65
— Carriage of goods 65
— International framework 66
— Electronic Commerce: Global Extent 66
“CONVERGING” TELEGRAPH,
CABLE BROADCASTING, SATELLITE AND THE INTERNET
19. Telecommunication Models for Developing Countries An Indian perspective 72
— Telecommunications: A Preview 72
— International Scenario 72
— The Demands of Liberalization 73
— Overview of the Indian telecommunications Industry 74
— Statutory Framework: The Changes Introduced 75
— Liberalization of the Telecommunications sector 75
— Reforms in the Indian Telecommunications sector 75
— Telecom Regulatory Authority of India 76
— National Telecom Policy, 1999 78
— Internet Telephony 79
— Convergence 79
— Future Outlook 80
20. An Overview of Specific Aspects 81
— Non-Contractual Legal Issues 81
— Advertising/Consumer Protection 83
— Data Protection 84
— Intellectual Property 85
— Payment Systems/Banking 85
— Public Law/Gaming 86
— Sale of Goods and Services 87
— Securities 88
— Regulating the e-market in securities 88
21. SEBI Guidelines on Internet Based Trading and Services 89
Decision taken by Committee on Internet Based Trading and Services in its meeting held on 2nd August 2000. 89
— Eligibility Criteria 89
— Network Security 89
— System Operations 90
— Risk Management 90
— Investor information 90
— Decisions taken by Working Group on Dematerialization of Securities in its meeting held on 13th October 2000 91
— Unified electronic information gathering
and retrieval system. 92
— Taxation 93
— Conclusion 93
22. Franchise Relationships : an Analytical Overview 95
— Franchisor Websites as ‘Offering a Franchise’ 95
— Franchise regulatory proposals 96
— Extraterritorial application of US franchise law. 97
— Electronic Sale and Distribution of Goods 98
— Competitive Aspects 98
— Pricing Issues 100
— Resale Price Maintenance in the United States 100
— Resale Price Maintenance in the European Union 101
— Non-Price Vertical Restraints - Territorial restrictions. 101
— US Antitrust law on territorial restrictions 101
— EU Competition law on territorial restraints 102
23. The UNCITRAL Model Law and Electronic Equivalents to Traditional Bills of Lading 104
— UNCITRAL Working Group on Electronic Commerce 105
— Model Law on Electronic Commerce : the framework 106
— Work on transport documents 107
24. Model Law - Electronic commerce in Specific areas 110
— Chapter 1 Carriage of goods 110
— Article 16: Actions related to contracts of carriage of goods. 110
— Article 17: Transport documents 111
— Conclusion 113
25. Electronic Payment Systems 114
— Solutions currently available 114
— What is the perfect Electronic payment system 115
— Problem of negotiability 116
— Can electronic cash be a negotiable instrument? 117
— Advantages of true electronic cash as an Internet payment mechanism 118
— Future 118
26. Terms of Reference: Suggestions for the Future 119
27. Freedom of Speech and the Internet 120
— Introduction 120
— Freedom of Speech 121
— The Internet and the freedom of speech 122
— New Rules? 123
— Enforcement 124
— Copyright versus freedom of Information 125
CHAP. 2 PLANNING A BUSINESS ENTERPRISE ON THE INTERNET
—SECURITY CONCERNS, TRADE SECRETS AND PRIVACY 127
1. The legal framework 129
— Starting a new enterprise 129
— Establishing contractual obligations 129
— Selecting a commercial entity 130
— Sole proprietorship 130
— Partnership 131
— Nature of a partnership 131
— Formation Procedures 131
— Capital Structure 132
— Relationship of partners 132
— Dissolution 132
— Books and records 132
— Statutory audit 133
2. Taxation of Partnership Firms 133
— Under the Income Tax Laws, a firm is a separate entity 133
— IT enabled products /services. Specification of products/services to be included in IT enabled services under clause (b) of item (i) of Explanation 2 of section 10B and clause (b) of Explanation to section 80HEE for
getting the benefit of tax concession. 133
— Guidelines for automatic route for foreign direct investment proposals relating to the
information technology sector. 134
3. The Economics of the Internet: Understanding Business and Distribution Networks 135
— Internet-Enabled Distribution Models 135
— Webonomics 135
— Internet and distribution 136
4. Emerging network economy distribution models 137
Affiliate programmes 137
— Shopping portals 137
— Internet auctions 138
— Shopping bots 138
— Customised shopping 138
5. Legal Framework 139
— Form requirements 139
— Data protection law 139
— Unfair competition 140
— Consumer protection 140
— Jurisdiction and applicable law 141
— Taxation 141
6. Security Concerns, Trade Secrets and Privacy: Developing Trends and Legal Issues 142
7. Confidential Information 145
8. Protection of Confidential Information 145
— Nature of confidential information 145
— Confidence implied in a contract 145
— Confidence implied by circumstances 146
— Identification of confidential information 146
— Essential requirements of breach of confidence 146
— Exceptions to breach of confidence 146
— Remedies for breach of confidence 147
— Employee Privacy Rights 147
— Employer Protection 148
9. Internet Banking in India : Analysing Legal Issues 150
— The legal challenges of Internet banking 150
— Information Security 150
— Preventing Unauthorised Transactions 150
— Maintaining Integrity of Customers’ Tran-sactions 151
(i) Contractual liability 151
(ii) Negligent Misstatements 151
— Jurisdictional Issues [Jurisdiction and Governing Law] 151
— The UNCITRAL Model and electronic commerce 152
— Security products available 153
— Regulatory Compliance Issues 153
— Regulation of Deposit Taking Business 154
10. Steps to Incorporate a Private Limited Company 154
11. Memorandum of Association of Company Limited by Shares 157
— Memorandum of association of Wadhwa and Company.com (India) Private Limited 157
— [A] The Main Objects Of The Company To Be Pursued On Its Incorporation: 157
— [B] The Objects Incidental or Ancillary to The Attainment of Main Objects Are: 158
— [C] Other Objects 161
12. Articles of Association of Company Limited By Shares 162
— Articles of Association of Wadhwa and Company.com (India) Private Limited 162
1. TABLE ‘A’ 162
2. Definitions 162
3. Private Company 163
4. Share Capital 163
4.1 Authorised Share Capital 163
4.2 Issue of Capital 164
5. Calls on Shares 164
6. Transfer of Shares 164
7. Directors 164
8. Appointments 166
9. Auditors 166
10. Borrowing Powers 166
11. Meetings of the Board of Directors 166
12. General Meetings 167
13. Common Seal 167
14. Indemnity 167
13. A Fresh Look at Web Development and Hosting Agreements 169
— What is Web Development? 169
— What is Web Hosting? 169
— Other Services 170
— Key Issues in Development Agreements 170
— Ownership 170
— Timing 171
— Platform Selection 171
— Pricing and Updates 171
— Conclusion about Web Development 171
— Key Issues in Hosting Agreements 172
— Service Levels 172
— Rights in User Data 173
— Provider’s Post-Termination Duties 173
— Unauthorized Modifications 174
— Compliance with Laws 174
— Conclusion about Web Hosting Agreements 174
— Provider Liability for Customer’s Content. 174
— Defamation and Other “Publisher/Spea-
ker” Torts 175
— Obscenity/Child Pornography 175
— Copyright 175
— Trademarks 177
— What Should a Web Host Do in its Contract with Customers? 177
— Conclusion 177
14. Website Development and Hosting Agreements: Some Issues 178
— Do-It-Yourselfer? 178
— Choosing the Right Vendor 179
— Key Contract Issues 180
— Development Services. 180
— Service Levels 181
— Security 181
— Problem Resolution 182
— Updates 182
— Portability 182
— Fees 183
— Intellectual Property and Proprietary Rights 183
— Audit Rights 183
— Disaster Recovery 184
— Damages 184
— Termination and Migration Assistance 184
— Conclusion 185
15. Specimen Website Development and Hosting Agreement 185
Website Development and Hosting Agreement 185
1. Definitions. 186
2. Website Development. 187
3. Modifications. 188
4. Web Hosting 188
5. Payments 190
6. Term and Termination 191
7. Provider Warranties. 192
8. Customer Covenants. 193
9. Disclaimer of Warranties 193
10. Ownership 193
11. Indemnity 194
12. Confidential Information 195
13. Limitations on Liability 195
14. General Provisions 195
— Website 198
— Platform Requirements 198
— Services 198
— Milestone Schedule 198
— Milestone Description 199
— Responsibility 199
— Date 199
— Fees 199
— Term 199
16. Specimen Dot Com (WEB Hosting) Co-opera-tion Agreement 200
— [On Co. Letter Head] 200
— Effective Date 201
— Payment Conditions 201
— Internet Co [name of the commercial entity/company]'s Warranty and Obligations 202
— Term 202
— Limitation of Liability 202
— Non-Disclosure 202
— Non-competition/Confidentiality 204
— Amendment 204
— No Assignment 204
— Entire Agreement 204
— Waiver 204
— Notices 204
— Governing Law 205
— Arbitration 205
— Signed 205
17. Specimen Memorandum of Understanding Between Internet Co. [name of the commercial entity/company] and …….. [insert appropriate name] 205
18. Non-competition/Confidentiality 206
19. Amendment 207
20. No Assignment 207
21. Entire Agreement 207
22. Notices 207
23. Governing Law 207
24. Arbitration 207
CHAP. 3 TAX ASPECTS OF ELECTRONIC COMMERCE
TRANSACTIONS 209
Permanent establishment risks/aspects 210
1. OECD definition of permanent establishment 211
— Fixed place of business 211
— Dependent agent versus independent agent 211
— Exclusion for preparatory and auxiliary activities 211
— Applying existing OECD PE tax principles to electronic commerce. 212
— Vendors using the Internet 212
— Internet Service Providers (ISP): Analysis of tax consideration 215
2. Classification of Income risk/aspects 216
— Relevancy of the issue 216
— Source of income 217
— Transfer pricing risks/aspects. 217
3. OECD’s guidelines on transfer pricing 217
— Principles 217
— Permanent establishment issue 218
4. Taxation in Cyberspace: a brief introduction to Indian Income Tax Laws 219
— Jurisdictional issues in the taxation of electronic commerce 219
— Corporate Taxation norms in Cyberspace 219
— Taxable Entities 220
— State Tax Issues 222
— Transmission 223
— Content 223
— Essence of Service 224
— Degree of Cognitive Thought 225
— Transmission and Content 225
— International Tax Issues 225
— Sourcing of Sales 226
— Individuals 226
— Commercial Enterprises 227
— Permanent Establishment 227
— Medium Classifications - Tangibles and Intangibles 228
— IRC - Effectively Connected 230
— Enforcement - Nexus 230
— Presence 231
— Physical Presence 231
— Intangible Property Presence 232
— Economic Presence 233
— Attributional Presence 233
— Nexus Conclusions 234
— Recent Developments and Issues 234
— Internet Tax Freedom Act 234
— U.S. Treasury Department 235
— Encryption 235
— Banking and Finance 236
— Conclusions 236
— Adaptability 237
— Flexibility 237
— Collaboration 238
CHAP. 4 INTELLECTUAL PROPERTY IN CYBERSPACE 239
1. Intellectual Property on The Internet 240
2. Squatting in Cyberspace: A Web of Deception 241
— The Yahoo Case 243
— Other Cases 244
— Practical Difficulties 244
— The ICANN Policy 244
— The Role of WIPO 245
— The advantages of ICANN’s Policy 245
— “Bad Faith” Criteria 246
3. WIPO Cases Involving Complainants from India 247
— The “tata.org” case 247
— The “tridenthotels. com” case 247
— Conclusion 248
4. Intellectual Property (Trade Marks) 249
— The protection of domain names in cybes pace: a critical analysis of intellectual property remedies 249
— Domain Name Litigation 250
— Battling the Cybersquatter 250
— Dilution of a Famous Mark 251
— Use of metatags and hyperlinks 251
— Defenses 252
— Registration of domain names as Trade marks 252
— Meta Tag Litigation 253
— Remedies Available 253
— Protection under Indian Law : an analysis of the “yahoo” case 254
— Use 256
— Standard of Confusion 257
— Similarity Factors: 257
5. Domain Names: ICANN and New Remedies Against Cybersquatting 259
6. Copyrights 262
— From Analogue to Digital
— Copyright Implications 262
— Is a website copyrightable? 262
— Ensuring Ownership of Copyright 263
— Other Issues 263
7. Downloading 263
— Is downloading illegal? 263
8. Evolving precedents in the music industry 264
— The MP3 case 264
— The Napster case 265
9. Domain names, copyright intellectual Property and the Internet: A case study of the Indian approach to intellectual property and e-commerce 265
— Technology used by “the entity” 265
— A perspective on the (Indian) Copyright Act: 266
10. Copyright and the New Media: the law and technology interface 269
11. Technology and the ‘challenge’ to Copyright 270
12. Technological Protection Measures: meeting the challenge posed by technology 271
— Government action required: 273
13. Laws that support ‘technology’: Anti-circum-vention and the WIPO Treaties 274
— Conduct vs. Devices 274
14. Response to Particular Protection Technologies 276
15. Appropriate Exceptions 277
16. The development of copy protection structures 279
17. Early Efforts 280
18. Current Realizations and General Principles 280
19. Introduction of DVD Video 282
20. Origins of CPTWG and DVD Video Copy Protection 283
21. The CSS Technology License 286
22. Related function requirements 287
23. Further Work of the CPTWG 289
24. Digital Transmission Copy Protection 290
25. Conveying Copy Protection Information – Secure Digital Information and “Watermark” Technologies 291
26. DVD Audio Disc Copy Protection 292
27. Secure Digital Music Initiative (“SDMI”) 294
28. Brief descriptions of some existing protection technologies and methods 298
29. Ownership 300
— If Patentable 300
— Under Copyright law: 301
30. Intellectual Property Audits (due diligence on intellectual property) 301
31. Monitoring Intellectual Property Infringement 302
— Domain names and trademark law: an analysis of the “Yahoo” case 303
— Other Cases in Asian Countries 306
32. Specific Problems of Enforcement 308
33. Conclusion 308
— On line Arbitration of Electronic Commerce Disputes 309
34. Hyperlinking and Framing : Intellectual Property (Trade Marks) 310
— Introduction 310
— Hyperlinking 312
— Framing 313
— Unfair Competition 314
35. Systems-on-a-Chip: Intellectual Property and Licensing Issues 315
— Strategic Importance of IP Rights 316
36. Patents, Patent Licensing and Protection in India 317
— Patents 318
— What is a patent? 318
— How is a patent obtained? 319
— Legal issues relating to software 320
— Observations on Internet-related patents 322
37. Evidence - The Internet as Witness Turns Trial 322
38. The Case 323
39. The Internet in Court 323
40. It Worked in Rehearsal ... 324
41. Patent Infringement: IBM versus Amazon.com 326
Protection of Patents in Indian Courts: an overview 327
— Principles and methods for determining infringement of invention and utility patents. 328
— Principles and methods for determining infringement of a design patent 328
42. Business Method Patents 328
43. Intellectual property rights on the Internet 329
1. IPR Laws in Multimedia Environment - International Trends 330
2. Europe - the Commision Green Paper 331
— A number of directives have been adopted/proposed by the EC which are: 331
3. USA - The NII report on IPR 332
4. The UK - DTI Working Party 332
5. The Global Information Infrastructure Commission (GIIC) recommendations on IPR 333
6. The New Copyright Treaties of WIPO 333
44. Spamming, Linking, Framing, Metatagging, Stealthing, crime and business strategy on the web 335
— Spamming 335
— Cases about Spamming 335
— Legislative Regulation of Spam 338
— Possible Strategies When Sending Spam 340
— Linking 340
— Shetland Times
v. Shetland News 341
— Ticketmaster
v. Microsoft 342
— Advice for Those Who Link 342
— Advice for Those Unwillingly Linked 342
CHAP. 5 THE LAW OF INTERNET DISPUTES 345
— Intellectual Property in the context of New Media 345
— Trademarks on the Internet: the Indian perspective on domain names and other ‘signs’ 346
— Domain Name Disputes and the Indian Courts 347
— From ‘Yahoo, Inc.
v. Akash Arora’ to present 347
— Online Content: New Media Copyright Litigation 350
1. Blogs – Legal liability 351
2. General Considerations 351
3. Defamation 352
4. Copyright 353
5. Trademark 354
6. Other Significant Potential Claims 355
7. Disclaimers 355
8. Conclusion 356
9. Alternative Dispute Resolution and Electronic Commerce 357
— The WIPO Arbitration and Mediation Center: observations 358
— Indian Cases at the UDRP: analyzing trends 359
— The Jurisprudence of the Uniform Domain Name Dispute Resolution Policy 362
— Specific problems of enforcement: 365
— An epilogue on problems and new initiatives in managing disputes in the digital environment 366
10. The Indian Domain Name System: Practice Notes 366
— Conditions And Requirements 366
— General Terms And Conditions 366
11. Intellectual Property, the Internet and Electronic Commerce: The Role of the Internet in the Development, Management and Commercialization of Intellectual Property 371
— Beneficial impacts of the Internet on intellectual property 372
— Detrimental impacts of the Internet on intellectual property 373
— State of the art: the Internet with respect to intellectual property 375
— Internet resources related to intellectual property 378
— Anticipating internet trends to manage intellectual property 379
— The impact of electronic commerce on intellectual property 380
— The protection of copyright and related rights in the digital environment 380
— Overview of the Issues 382
— Online service provider liability 383
— Patents 385
— Patentable Subject Matter 386
— Trademarks and unfair competition 388
— Establishment and Maintenance of Trademark Rights 389
— Well-Known Marks 392
— Unfair Competition 394
— Domain names 396
— Emerging Responses: towards a solution 397
CHAP. 6 E-BUSINESS MODELS: AN ANALYSIS OF LEGAL ASPECTS OF B2B AND B2C METHODS IN EUROPE AND THEIR IMPACT ON INDIAN TRADING 403
B. Regulatory challenges for e-com-merce business models in Europe 404
I. European Legislation in the field of E-Commerce 404
1. Distance Selling Directive 27/7/EC of 20 May 1997 405
(a) National Implementations 406
(b) Scope of application (“distance contracts”) 406
(c) Exceptions to the scope 407
(d) Nationally stricter rules 407
2. E-Commerce-Directive 2000/31/EC of 8 June 2000 408
(a) Scope of application 408
(b) National implementations 409
3. Consumer Purchase Directive 1999/44/
EC of 25 May 1999 409
4. Data Protection 410
5. Block Exemption for Vertical Agreements, De-Minimis 410
6. Draft Acts 410
(a) Distance Selling for Financial Services 410
(b) Privacy in tele services 411
(c) European Consumer Law? 411
II. Getting to the Consumer: Advertising and Limitations to doing (Online-) Business 411
1. Online-advertisement by E-mail: Opt-in or Opt-out 412
2. Unrequested Sending of Merchandise 412
3. Links and Frames, Banner and Keyword-Advertising, Metatags 412
(a) Links and Frames 412
(b) Banner and Keyword Advertising 414
(c) Meta tags 414
4. Discounts and other Promotional Activities 415
5. Regulatory Controls on National Level ( -> Online-Pharmacy) 415
III. Online Sale and Consumer Protection 416
1. Information Duties Prior to Concluding a Contract 416
(a) Distance-Selling Directive 97/7/
EC 416
(b) E-Commerce-Directive2000/31/
EC 418
2. Conclusion of Contract 419
(a) E-Commerce-Directive 2000/31/
EC 419
3. Right of Withdrawal for Customer (Distance Selling Directive 97/7/EC) 421
4. Selected National Requirements 422
IV. Privacy 422
1. Directive 95/46/EC on Data Protection 423
(a) Scope of Directive 423
(b) Transfer of Personal data to third countries 424
(c) German Example of National Sector Specific additional restrictions 424
2. Draft Directive on Privacy in Electronic Communication 425
V. Conflict of Law Rules and Jurisdiction 426
1. CISG 426
2. E-Commerce Directive 2000/31/EC 427
— Example German conflicts of laws rules (“EGBGB”) 427
3. Jurisdiction 428
(a) The Brussels Convention of 27 September 1968 428
(b) The Brussels Regulations of 22 December, 2000 429
(c) 2001 Hague Conference on Private International Law 430
VI. Lack of Protection for Business Model Patents 431
CHAP. 7 INSURANCE AND THE INTERNET 433
— The growing need for Internet liability insurance 433
— Traditional insurance: a re-examination of basic principles 434
— Essential coverage 434
— Defining key policy terms 436
— Loss prevention: analysing solutions 436
— Property and business interruption coverage 437
— Property coverage issues 437
— Physical loss or damage 437
— Covered cause of loss 439
— Limitations on recovery for harm to business records 439
— Liability coverage 440
— Property damage to third parties 441
— Personal and advertising injury 442
— Invasion of privacy coverage 443
— Geographical scope of CGL policies 444
— E & O coverage issues 444
— Is there a problem for insurers and policyholers? 445
— Levels of interactivity and exposure 445
— Access statistics 446
— Access exposures 446
— Presence statistics 446
— Presence exposures 446
— E-commerce statistics 447
— E-commerce exposures 447
— Internet losses 448
— Opinion in chat rooms, message or bulletin boards 448
— What is company disparagement or defamation? 448
— Coverage issues – teenagers and the internet: a hypothetical case 449
— Jurisdiction 450
— Brussels Regulation 451
— Governing law 452
— Additional consideration 453
CHAP. 8 PROTECTION OF PERSONAL DATA AND PRIVACY 455
— Whither privacy: a prefatory note 455
— Self regulation 456
— Electronic Communications Privacy Act 458
— Computer Abuse and Fraud Act 458
— Children’s Online Privacy Protection Act 459
— Video Privacy Act 459
— Cable TV Privacy Act of 1984 460
— State Statutes 460
— Common law torts 460
— European Union 461
— Security concerns, trade secrets and privacy: developing trends 462
— Confidential Information 465
— Protection of Confidential Information 465
— Nature of confidential information 465
— Confidence implied in a contract 466
— Confidence implied by circumstances 466
— Identification of confidential information 466
— Essential requirements of breach of confidence 466
— Exceptions to breach of confidence 467
— Remedies for breach of confidence 467
— Employee Privacy Rights 467
— Employer Protection 468
— Office Data Theft 470
— Privacy and Internet Law 472
— Privacy overview 472
— Consumer Privacy 473
— Privacy: concluding thoughts 474
— International privacy initiatives 474
— Indian law relating to privacy: an epilogue 474
CHAP. 9 PROTECTION OF PERSONAL DATA AND PRIVACY 477
A. Introduction 477
B. Personal Data 477
C. Data Subject 482
D. Data Processing: Definition and Grounds 484
E. Purpose Limitation 486
F. Legitimate Purposes 487
G. Data Controllers And Data Processors 488
H. Establishment 491
I. Consent 493
J. Sensitive Data 494
K. Access and Information 496
L. Anonymous and Pseudonymous Data 497
M. Third Party 498
N. Freedom of Expression 500
O. Free Flow of Data within the Eu 502
P. Data Transfer 503
Q. Data Minimization 506
CHAP. 10 DATA PRIVACY: JURISDICTION AND APPLICABLE LAW 509
A. Introduction 509
B. Distinguishing Choice of Law and Jurisdiction 511
(1) Overview 511
(2) Jurisdiction rules 512
C. The General Directive 513
(1) Overview 513
(2) Member State implementations 514
(3) Outline of various bases 517
— Establishment of data controller in the EU 517
— Use of equipment in a Member State by a non-EU data controller 518
— Application of EU Law based on public international law 527
(4) Application to data processors 527
(5) Corporate structure 528
(6) Intra-EU conflict of laws 529
(7) Appointment of a representative in the EU 530
D. The Directive on Privacy and Electro-nic Communications 534
CHAP. 11 INTERNATIONAL DATA TRANSFERS 539
A. Introduction 539
B. Basic Principles 541
(1) Data transfer and applicable law 541
(2) Enforcement 542
(3) Requirements of national law 543
(4) Data imports into the EU 545
C. Legal Bases for Data Transfers 545
(1) Introduction 545
(2) Member State law 548
(3) Onward transfers and re-export of data 550
(4) Adequacy 552
— Introduction 552
— US Safe Harbor system 557
— Introduction 557
— Membership 558
— Substantive principles 559
— Issues 562
— Outlook 565
(5) Adequate safeguards and contract clauses 565
— Introduction 565
— Model contract clauses 567
— Controller to controller clauses 567
— Controller to processor clauses 571
— Ad hoc and national contracts 572
(6) Consent of the data subject 574
(7) Transfers necessary for performance of a contract 575
(8) Codes of conduct 577
CHAP.12 DATA PRIVACY : COMPLIANCE CHALLENGES AND STARTEGIES 581
A. Introduction 581
B. Applicable Law and International Data Transfers 581
(1) Introduction 581
(2) Websites based outside Europe 582
(3) Global companies 584
— Determining the applicable law 585
— Providing a legal basis for international transfers 586
(4) Centralized databases 587
C. Notification of Data Processing 589
(1) Introduction 589
(2) Legal obligations 589
(3) Member State law 591
(4) Compliance strategies 593
D. Internet Technology and the Employment Relationship 594
(1) Introduction 594
(2) Special requirements for processing employment data 595
(3) Monitoring employee computer usage 596
(4) Placing employee information on the Internet 604
E. Privacy Policies and Website Compliance 604
(1) Introduction 604
(2) Requirements for websites 605
— Possibilities of realization: 606
— The following are insufficient: 606
(3) Privacy policies 607
F. Standardization and technical Requirements 609
(1) Introduction 609
(2) Standardization 609
— Management Practices 611
— Assessment and Verification 611
— Impact on Privacy of Technologies 611
— Consumer Education 611
(3) Technical security measures 612
G. Future Challenges 614
(1) Introduction 614
(2) Mobile electronic commerce 614
(3) Data protection versus security 615
PART II
INFORMATION TECHNOLOGY ACT, 2000
INFORMATION TECHNOLOGY ACT, 2000 619
— Title: Interpretation 620
— Notes on the Preamble 620
— The need for legislation 621
— The Information Technology Act, 2000 621
1. Observations on the Preamble 622
Jurisdictions proposing to adopt provisions of the Model Law 623
2. UNCITRAL Model Law on Electronic Commerce Part One. Electronic Commerce In General 625
— Article
1. Sphere of application* 625
— Notes 626
— UNCITRAL Guide to Enactment 626
3. UNCITRAL Model Law 627
— Article
3. Interpretation 627
— UNCITRAL Guide to Enactment 628
— Provisions based upon Model Law Article 3 628
— Uniform Electronic Transactions Act (25 November1997 draft) 628
— Illinois Electronic Commerce Security Act (15 December 1997 draft) 629
— Massachusetts Electronic Records and Signatures Act (4 November 1997 draft) 630
— The Law in Australia 631
4. Information Technology Act, 2000: An overview 631
— Introduction 631
— Exemption/Exclusion 631
— Digital Signature 632
— Electronic Governance 632
— Formation of e-corporate business working group 632
— Foreign direct investment. Review of existing sectoral policy and sectoral equity cap for FDI (NRI/OCB investment): Existing restrictions on FDI in domestic trading to be applicable to e-commerce as well. 633
— Acknowledgement and Dispatch of Electronic records 634
— Secured Electronic Records and Digital Signature 634
— Regulation of Certifying Authorities 635
— Digital Signature Certificate 635
— Duties of Subscribers 635
— Penalties and Adjudication 635
— The Cyber Regulations Appellate Tribunal 636
— Offences 636
— Miscellaneous 637
— Provisions which are obscure: Legalese and Legal drafting 637
— Conclusion 638
CHAP.1 PRELIMINARY 639
S.1. Short title, extent, commencement and application 639
Application 640
Statement of Objects and Reasons 640
Objectives of the Act 642
Changes made by Negotiable Instruments (Amendment & Miscellaneous Provisions) Act, 2002 642
Electronic Commerce Act, 1998 [Draft Version Prepared by the Ministry of Commerce, Government of India] 643
3. Purpose and Construction. 643
Jurisdiction in Cyberspace 643
Jurisdictional Paradigms and Technological Changes 645
The Relevance of Physical Location [‘lex situs’] 646
Targeting 647
Power Parameters [‘the balance between buyer and seller’] 649
Contractual Choice 650
The Intersection Between Jurisdiction and Substantive Liability for Intermediaries 651
The Jurisprudential Framework 652
Personal Jurisdiction 652
Prescriptive Jurisdiction 678
Constitutional and Other Local Restraints 678
The Restraint of International Law 680
The Relationship of Choice of Law to Prescriptive
Jurisdiction 682
American and European Approaches to Choice of
Law 686
Torts 687
Contracts 687
Consumer Contracts 688
Article 5—Certain Consumer Contracts 689
Article 7—Mandatory rules 689
4. 3. Enforcement Jurisdiction 691
S.2. Definitions 693
Defining the scope of the Act 699
Provisions based upon Model Law Article 1 699
Uniform Electronic Transactions Act (25 November 1997 draft) 699
Massachusetts Electronic Records and Signatures Act (4 November 1997 draft) 701
The Law in Australia 702
UNCITRAL Model Law 702
Article
2. Definitions 702
UNCITRAL Guide to Enactment 703
Provisions based upon Model Law Article 2 704
Uniform Electronic Transactions Act (25 November 1997 draft) 704
Illinois Electronic Commerce Security Act (15 December 1997 draft) 704
The Law in India 705
Definitions 709
Interpretation 709
Variation by agreement 710
Legal Recognition 710
Form Requirements - Writing, Signature and Original 710
Evidence 710
Retention of Data Messages 710
Formation and validity of contracts 711
Attribution of data messages and Acknowledgment of receipt 711
Time and place of dispatch and receipt of data
message 711
Carriage of goods 711
Suggestions for Resolution of Issues 712
(i) Contract 712
(ii) Determination by the courts 713
(iii) Legislation 714
The Regulation of Electronic Commerce 717
International context 717
The Australian Context 719
Content of Legislation : A Study 720
(a) General issues 720
Technology neutrality 721
Scope 723
Variation by agreement 727
(b) Specific provisions 728
(i) Legal recognition 729
(ii) Writing 729
(iii) Signature 731
(iv) Original 734
(v) Evidence 735
(vi) Retention of Data Messages 735
(vii) Formation and validity of contracts 736
(viii) Attribution of data messages 736
Article 13 (1) and (2) - attribution rules 737
Article 13 (5) - message integrity 738
(ix) Acknowledgment of receipt 741
(x) Time and place of dispatch and receipt of data message 742
(xi) Carriage of Goods 743
(xii) International framework 743
(
xiii) Other issues 744
URL References 744
Terms of Reference 746
Definitions. In this Act, unless the context otherwise requires— 748
Definitions under the Singapore Electronic Transactions Act, 1998 756
2. Interpretation 756
Websit-wordmeaning 759
Overview 759
CHAP. 2 DIGITAL SIGNATURE 761
S.3. Authentication of electronic records 761
Authentication of Digital Signature [Rule 3] 763
Creation of Digital Signature [Rule 4] 764
Digital Signatures: The ‘sign of our times’ 764
Examining the need for regulation 764
Regulating cyberspace: a reading of the “act” 765
Digital Signatures 765
Electronic Governance 765
Securing electronic transactions 766
Digital Signature 767
Status of Digital signature under Indian Law 767
Acknowledgement and Dispatch of Electronic records 768
Secured Electronic Records and Digital Signature 768
Regulation of Certifying Authorities 768
Digital Signature Certificate 768
Duties of Subscribers 769
Penalties and Adjudication 769
Technology Specific 770
Authentication of Electronic Records using Digital Signatures 770
— Signatures and the Law 773
— Digital Signature : apparatus analysed 777
— Public Key Certificates 781
— Challenges and Opportunities 784
— A note on digital signatures 785
— Standards and policies 785
— Private Keys - Direct Privacy Implications 786
— Private key generation 787
— Private key storage and backup 787
— Private key escrow 787
— Private key access 788
— Private key revocation 788
— Public Keys - Privacy Issues: a cause for concern 789
— Certification identification requirements 789
— Registers of public keys, or certificates - or both? 789
— Certificate Revocation Lists (CRLs) - some ‘Australia Card’ issues 790
— Privacy Implications 791
— Expectations of identification 791
— Chip-storage as a means of carriage of the private key 792
— Central storage of biometrics 792
— The Privacy Act 1988’s limited role - as it stands, and proposed changes 792
— New privacy rights needed - Privacy rights in public registers 793
— New privacy rights needed - Identification rights 793
— A right to unauthenticated transactions 794
— Authenticated anonymity - or pseudonymity? 794
— Multiple identities - or pseudonymity? 794
References 795
Guidelines under the Singapore Electronic Transactions Act, 1998 796
— Certifying Authorities 796
— Introduction 796
— Overview of Guidelines 796
— Overall Management and Obligations of a CA 797
— Certificate Management 797
— Key Management 798
— Systems and Operations 798
— Application Integration 798
— Conclusion 798
Notes on International Digital Signature Law 799
1. Information Technology and National Information Infrastructure 799
2. Technology Shift 799
3. Legal Issues 800
4. Authentication of instructions 801
5. Digital Signature 802
6. Categories of Digital Signature 802
Prescriptive Approach 802
Criteria-Based Approach 803
Signature-Enabling Approach 803
Electronic Records and Signatures 804
7. International Scenario 804
Uncitral 804
United States of America 804
Overview of the Federal E-Sign Act 805
Overview of Uniform Computer Information Transaction Act 805
Practical Trends in Online Contracting 805
Arizona 806
California 806
Connecticut 807
Delaware 807
Florida 807
Hawaii 807
Iowa 807
Louisiana 807
New Mexico 808
Utah 808
Virginia 809
Washington 809
Best Practices 810
European Union 810
Cryptography: an introduction 811
Cryptography: Fundamental Aspects 812
Cryptography 812
Encryption 813
Advantages of Encryption 813
Elements of Encryption 813
Encryption algorithm 813
Encryption keys 813
Key length 814
Plaintext 814
Ciphertext 814
Message Digests 814
Digital Signature 814
Cryptographic Algorithms 815
Private key cryptography 815
Public key cryptography 815
Hybrid public/private cryptosystems 815
Secret key 815
Key Escrow 815
Key Splitting 815
Key Recovery 816
Encryption Standard 817
Export Control 817
International Scenario 818
G-7 Countries 818
Information Infrastructure 818
OECD Guidelines 819
US Govt. Guidelines 820
Cryptography in India: a technical note 821
Annexure 821
Algorithm Description 821
Electronic Signatures 822
Other Government reports on electronic signatures 823
Electronic Signature Technology 824
Certification authorities 827
Public key infrastructures 828
Signature Dynamics 828
Existing and Proposed Legislative Regimes 828
Analysis of Legislation world wide 830
(a) Utah Digital Signature Act 830
(b) German Digital Signature Law 834
(c) Californian Digital Signature Legislation 836
(d) Massachusetts Electronic Records and
Signature Act (4 November 1997) (Massachusetts Bill) 838
(e) NCCUSL Uniform Electronic Transactions Act (25 November 1997 draft) 839
(f) Illinois Electronic Commerce Security Act 1997 (15 December 1997 draft) 841
(g) Electronic Financial Services Efficiency Act 1997 (Baker Bill) 844
Conclusions 847
CHAP. 3 ELECTRONIC GOVERNANCE 851
S.4. Legal recognition of electronic records 851
UNCITRAL Model Law 852
— Chapter II. Application of Legal Requirements to Data Messages 852
— Article
5. Legal recognition of data messages 852
— UNCITRAL Guide to Enactment 852
— Uniform Electronic Transactions Act (25 November 1997 draft) 852
— Illinois Electronic Commerce Security Act (15 December 1997 draft) 853
— Massachusetts Electronic Records and Signatures Act (4 November 1997 draft) 853
— The Law in Australia 853
— UNCITRAL Model Law 853
— UNCITRAL Guide to Enactment 853
— Uniform Electronic Transactions Act (25 November 1997 draft) 855
— Illinois Electronic Commerce Security Act (15 December 1997 draft) 856
— Massachusetts Electronic Records and Signatures Act (17 April 1997 draft) 858
— British Columbia, Canada - Offence Act R.S.B.C. 1996, c. 338. 858
— The Law in Australia 858
— International Law - Form Requirements 860
— The United Nations Convention on Contracts for the International Sale of Goods 1980 860
— The Convention on the Recognition and Enforcement of Foreign Arbitral Awards 861
S.5. Legal recognition of digital signatures 862
— UNCITRAL Model Law 863
— Article
7. Signature 863
— UNCITRAL Guide to Enactment 864
— Uniform Electronic Transactions Act (25 November draft) 865
— Illinois Electronic Commerce Security Act (15 December 1997 draft) 868
— Massachusetts Electronic Records and Signatures Act (4 November 1997 draft) 869
— British Columbia, Canada - Offence Act R.S.B.C. 1996, c. 338. 869
— Other signature legislation 870
— Exceptions to functional equivalence 870
— The Law in Australia 871
S.6. Use of electronic records and digital signatures in Government and its agencies 873
S.7. Retention of electronic records 874
— UNCITRAL Model Law 875
— UNCITRAL Guide to Enactment 876
— Provisions based upon Model Law article 10 877
— Uniform Electronic Transactions Act (25 November 1997 draft) 877
— Section 205. Retention of Electronic Records 877
— Illinois Electronic Commerce Security Act (15 December 1997 draft) 878
— Section 206. Retention of Electronic Records 878
— Massachusetts Electronic Records and Signatures Act (4 November, 1997 draft) 879
— The Law in Australia 879
— Company Law 880
— Income Tax Act 882
— Record retention requirements for government 883
S.8. Publication of rule, regulation, etc., in Electronic Gazette 885
S.9. Sections 6, 7 and 8 not to confer right to insist document should be accepted in electronic form 886
S.10. Power to make rules by Central Government in respect of digital signature 886
CHAP. 4 ATTRIBUTION, ACKNOWLEDGMENT AND DISPATCH OF ELECTRONIC RECORDS 889
Mode of Acknowledgment of Electronic Record 889
S.11. Attribution of electronic records 890
— UNCITRAL Model Law 890
— UNCITRAL Guide to Enactment 891
— Provisions based upon Model Law Article 13 893
— Uniform Electronic Transactions Act (25 November 1997 draft) 893
— Illinois Electronic Commerce Security Act (15 December 1997 draft) 895
S.12. Acknowledgment of Receipt 897
— UNCITRAL Model Law 898
— UNCITRAL Guide to Enactment 899
— Legislative Provisions based upon Model Law Article 14 900
— Uniform Electronic Transactions Act (25 November 1997 draft) 900
S.13. Time and place of dispatch and receipt of electronic record 901
— UNCITRAL Model Law 903
— UNCITRAL Guide to Enactment 904
1. Relatively low value of typical B2C purchases. 906
2. Adherence to the regulations may not be mandatory 907
3. The consumer may be unaware of their rights or a change to their rights 907
4. The consumer lacks the resources to identify and pursue the offender. 908
— Are these watchdogs all bark and no bite? 908
— Legislative Provisions based upon Model Law Article 15 908
— Uniform Electronic Transactions Act (25 November 1997 draft) 908
The formation of a Contract in Cyberspace 911
— International Legal Rules for Electronic Commerce are Uncertain 912
— Contract Formation Practices are Evolving 913
— Electronic Commerce on the Web is Consumer Oriented 914
— Privacy of Personally Identifiable Information on Individuals is A Global Concern 915
— A Balanced approach toward Database and other Information Protection is Important to the Growth of Global Electronic Commerce 916
— Authentication 918
— Is authentication by electronic means equivalent to the traditional signature? 918
— Offer 919
— Acceptance 920
— Internet communication which involves an intermediary or where there is likely to be a delay between sending [the offer] and receiving the acceptance 922
— The evolution of online contract laws 923
— Information Technology Act, 2000: regulating “Indian” cyberspace 923
— Contractual Issues on the World Wide Web 924
? The Agreement and Form 924
? Offer 925
? Acceptance 926
? Revocation of offer 927
? Revocation of acceptance 928
? Where the Contract is concluded 928
? Law relating to written documents 930
? Evidence 931
? Digital Signature and Encryption 932
— Co-regulating the Internet: the role of Government and Industry 936
— Guidelines for on-line contract formation: practical approaches to consumer protection 936
— A walk through the ‘virtual mall’ 936
UNCITRAL Model Law 938
Chapter III. Communication of Data Messages 938
— Article
11. Formation and validity of contracts 938
— Provisions based upon Model Law Article 11 939
— Uniform Electronic Transactions Act (25 November 1997 draft) 939
— Section 401. Formation and Validity 939
— Massachusetts Electronic Records and Signatures Act (4 November, 1997 draft) 941
— Section 108. Use of Electronic Records and Electronic Signatures by Business Entities. 941
— Recognition of electronic communications 942
— Conclusion of contracts not involving human intervention 943
Uncitral Model Law 943
Variation by Agreement under the Uncitral Model Law 944
—
2.
4.5 Illinois Electronic Commerce Security Act (15 December 1997 draft) 946
— Section 103. Variation by Agreement. 946
CHAP. 5 SECURE ELECTRONIC RECORDS AND SECURE DIGITAL SIGNATURES 947
S.14. Secure electronic record 947
— Verification of Digital Signature [Rule 5] 947
— Digital Signature Certificate Standard [Rule 7] 948
S.15. Secure digital signature 948
S.16. Security procedure 949
Electronic Communications In an International Network 950
— Preliminary Notes 950
— Technology 951
— Email 951
— Electronic Data Interchange. 951
— Internet and Intranets 951
— Legal Issues 952
— Protection strategies 953
— General electronic communication issues 955
— Contract issues 955
— Litigation issues 956
— Confidentiality and legal communications 957
CHAP. 6 REGULATION OF CERTIFYING AUTHORITIES 959
S.17. Appointment of Controller and other officers 959
Regulation of Certifying Authorities 960
Encryption Technologies and Certifying Authorities 960
— Digital signatures and the supporting legislation 960
— Concept 963
— Analysis of the contractual validity and efficacy of the digital signature; the certification authorities. 964
— Current Spanish legislation relating to contractual form 965
— Analysis of the Proposal 965
— Spanish legislation permitting encryption methods 966
— Agreement of the CNMV (Comision Nacional del Mercado de Valores', that is, the Entity in charge of the surveillance of the stocks) dated 11 March 1998 (the Agreement) 967
— Property Register 968
— Spanish judicial cases 968
S.18. Functions of Controller 968
S.19. Recognition of foreign Certifying Authorities 970
— SEBI expresses need for foreign certification authorities 971
S.20. Controller to act as repository 971
S.21. Licence to issue Digital Signature Certificates 972
S.22. Application for Licence 972
— Licensing of Certifying Authorities [Rule 8] 973
— Location of the Facilities [Rule 9] 976
— Submission of Application [Rule 10] 976
S.23. Renewal of Licence 977
S.24. Procedure for grant or rejection of Licence 978
S.25. Suspension of Licence 978
— Licence Fee [Rule 11] 979
— Cross Certification [Rule 12] 979
— Validity of licence [Rule 13] 980
— Suspension of Licence [Rule 14] 980
— Renewal of licence [Rule 15] 980
— Issuance of Licence [Rule 16] 981
— Refusal of Licence [Rule 17] 981
— Governing Laws [Rule 18] 982
— Security Guidelines for Certifying Authorities [Rule 19] 982
— Commencement of Operation by Licensed Certifying Authorities [Rule 20] 983
— Requirements Prior to Cessation as Certifying Authority [Rule 21] 983
— Database of Certifying Authorities [Rule 22] 984
S.26. Notice of suspension or revocation of licence 985
S.27. Power to delegate 986
S.28. Power to investigate contraventions 986
S.29. Access to computers and data 986
S.30. Certifying Authority to follow certain procedures 987
S.31. Certifying Authority to ensure compliance of the Act, etc. 988
S.32. Display of licence 988
S.33. Surrender of licence 988
S.34. Disclosure 989
CHAP.7 DIGITAL SIGNATURE CERTIFICATES 991
S.35. Certifying Authority to issue Digital Signature Certificate 991
— Digital Signature Certificate [Rule 23] 992
— Generation of Digital Signature Certificate [Rule 24] 994
— Issue of Digital Signature Certificate [Rule 25] 994
— Certificate Lifetime [Rule 26] 994
— Archival of Digital Signature Certificate [Rule 27] 995
— Compromise of Digital Signature Certificate [Rule 28] 995
— Revocation of Digital Signature Certificate [Rule 29] 995
— Fees for issue of Digital Signature Certificate [Rule 30] 996
— Annual Audit [Rule 31] 996
— Auditor’s relationship with Certifying Authority [Rule 32] 997
— Confidential Information [Rule 33] 997
— Access to Confidential Information [Rule 34] 997
— Information Technology (IT) Security Guidelines 998
— Interpretation 998
S.36. Representations upon issuance of Digital Signature Certificate 999
S.37. Suspension of Digital Signature Certificate 999
S.38. Revocation of Digital Signature Certificate 1000
S.39. Notice of suspension or revocation 1001
CHAP. 8 DUTIES OF SUBSCRIBERS 1003
S.40. Generating key pair 1003
S. 41. Acceptance of Digital Signature Certificate 1003
S. 42. Control of private key 1004
— Cryptography: an introduction 1005
— Cryptography: fundamental aspects 1006
— Cryptography 1006
— Encryption 1007
— Advantages of Encryption 1007
— Elements of Encryption 1007
— Encryption algorithm 1007
— Encryption keys 1008
— Key length 1008
— Plaintext 1008
— Ciphertext 1008
— Message Digests 1008
— Digital Signature 1008
— Cryptographic Algorithms 1009
— Private key cryptography 1009
— Public key cryptography 1009
— Hybrid public/private cryptosystems 1009
— Secret key 1009
— Key Escrow 1009
— Key Splitting 1010
— Key Recovery 1010
— Encryption Standard 1011
— Export Control 1011
— International Scenario 1012
— G-7 Countries 1012
— Information Infrastructure 1012
— OECD Guidelines 1013
— US Govt. Guidelines 1014
— Cryptography in India: a technical note 1015
— Annexure 1015
CHAP. 9 PENALTIES AND ADJUDICATION 1017
S. 43. Penalty for damage to computer, computer system, etc. 1017
— Private rule making and adjudication 1020
— Expand private international law to cover computer crimes and torts 1020
— Rely on existing mechanisms 1021
— Political realities 1021
S. 44. Penalty for failure to furnish information, return, etc. 1022
— Penalities for failure to furnish information 1023
S. 45. Residuary penalty 1023
S. 46. Power to adjudicate 1024
— Adjudicating officers for cyber crimes appointed in India 1025
S. 47. Factors to be taken into account by the adjudicating officer 1026
CHAP. 10 THE CYBER REGULATIONS APPELLATE TRIBUNAL 1029
S. 48. Establishment of Cyber Appellate Tribunal 1029
— Regulatory Bodies: identifying a global understanding of regulation 1030
— Why regulatory bodies? Perception and methodology n defining theoretical aspects 1031
— Criticism/drawbacks 1033
— Legal Foundations of Regulation 1033
— Common Law basis of Regulation 1033
— The Introduction of regulation in India: jurisprudential analysis and socio-economic impact. 1034
— International Securities Regulation (Case Study) 1035
— Securities and Investments Regulation in the United Kingdom 1035
— Regulation of the Indian Securities Market: The Securities and Exchange Board of India 1036
— Lessons to be learnt from the international realm 1037
— Changes influenced in the Indian Capital Markets: a result of the changing outlook 1037
— A brief analysis of American Securities Laws 1037
— Federal Securities Laws 1038
Common Law and the Securities Markets 1039
S. 49. Composition of Cyber Appellate Tribunal 1039
S. 50. Qualifications for appointment as Presiding Officer of the Cyber Appellate Tribunal 1040
S. 51. Term of office 1040
S. 52. Salary, allowances and other terms and conditions of service of Presiding Officer 1040
S. 53. Filling up of vacancies 1041
S. 54. Resignation and removal 1041
S. 55. Orders constituting Appellate Tribunal to be final and not to invalidate its proceedings 1042
S. 56. Staff of the Cyber Appellate Tribunal 1042
S. 57. Appeal to Cyber Appellate Tribunal 1043
S. 58. Procedure and powers of the Cyber Appellate Tribunal 1044
— Cyber Regulations Appellate Tribunal (Procedure) Rules, 2000. 1045
— Procedure for filing applications with the Registrar. [Rule 3]- 1045
— Presentation and scrutiny of applications [Rule 4]. - 1045
— Application fee [Rule 6] 1046
— Contents of application [Rule 7] 1046
— Registration of legal practitioner's clerks [Rule 23]- 1046
S. 59. Right to legal representation 1047
S. 60. Limitation 1047
S. 61. Civil court not to have jurisdiction 1048
Jurisdiction of Criminal Courts to Try Offences 1048
S. 62. Appeal to High court 1048
S. 63. Compounding of contraventions 1049
Compounding of offences (s. 63) 1049
S. 64. Recovery of penalty 1050
CHAP. 11 OFFENCES 1051
S. 65. Tampering with computer source documents 1051
— Regulation of Communications 1052
— Introduction 1052
— Central [Federal] Control over Telecommunications 1052
— Constitutional Support for State-Owned Telecom Monopolies 1052
— Statutory Regulation of Telecommunications: The Telegraph Act 1053
i. The meaning of “telegraph” 1053
ii. Government control over “telegraphs” 1054
— Major Regulatory Agencies and Entities 1054
— National Telecom Policy, 1994 1056
— Restrictions on Foreign Investment in Telecommunications 1056
— Licensing Process and Judicial Review 1057
— Telecom Regulatory Authority of India 1058
i. Recommendatory Functions of TRAI 1059
ii. Supervisory Functions of TRAI 1060
— India’s Commitments to the WTO on Telecommunications 1061
i. Voice services 1061
ii. Cellular Services 1062
iii. Reference Paper Commitments 1062
— The Controversy over Telecom Licenses 1063
— New Telecom Policy 1999 1064
— Internet Services 1065
— Proposed Umbrella Statute for Communications 1066
— Information Technology Act 1066
— Offences 1066
— Cyber Crimes : Legal and Regulatory Trends 1067
General Notes and Observations 1068
— Commercial crime and fraud on the Internet 1068
Cyber Crime: Notes And General Observations 1069
— The Cyber Crime Investigation Cell (CCIC) of the Central Bureau of Investigation (CBI) 1070
The Architecture of Cyberspace 1071
I. Cybercrime 1073
A. The Scope of Cyber crime 1075
B. The Types of Cyber crime 1076
1. Fraud 1076
2. Forgery 1076
3. Computer Sabotage 1077
4. Unauthorized Access to Computer Services or Systems 1078
5. Unauthorized Copying of Computer Programs 1078
6. Cyber stalking 1078
Profiling the Cyber criminal 1079
II. Cyberjurisdiction 1079
A. Cyber jurisdiction in Civil Cases 1080
B. Minnesota's Internet Warning: Sign Post of the Future? 1084
C. Cyber jurisdiction in Criminal Cases 1086
D. Cyber jurisdiction in International Cases 1088
III. Conclusion 1092
S. 66. Hacking with computer system 1092
S. 67. Publishing of information which is obscene in electronic form 1093
— Definitions 1095
— Pornography: 1095
— Obsenity 1095
— Child Pornography: 1095
— Federal Statutes 1095
— Communications Decency Act of 1996 1095
— Federal Obscenity Statute: 18 U.S.C. para 1462. 1097
— Transportation of obscene materials for sale or distribution. 18 U.S.C. para 1465 1098
— Federal Child Pornography Statute: 18 U.S.C. para 2252 1098
— Definitions from: 18 U.S.C. § 2256 1100
— CASES 1100
— Several cases have been brought dealing with this Act which clarify certain points 1100
S. 68. Power of the Controller to give directions 1101
S. 69. Directions of Controller to a subscriber to extend facilities to decrypt information 1102
— The Structure of the Indian Communications Convergence Bill 1103
— Indian Communications Convergence Regulatory Scheme 1104
— Indian Communications Convergence Regulatory Scheme 1106
— The Anatomy of the Bill 1107
— Hearing of complaints and resolution of disputes by the Commission 1108
— Spectrum Management Committee 1108
— Licenses for Communication Services and Network Infrastructure Facilities 1109
— Breach of terms and conditions of Licenses, Penalties and Adjudication 1109
— The Adjudication Officer 1110
— Communications appellate tribunal 1110
— Procedure and powers of a civil court 1111
— Problems Regarding Spectrum Management 1112
S. 70. Protected system 1112
S. 71. Penalty for misrepresentation 1112
S. 72. Penalty for breach of confidentiality and privacy 1113
S. 73. Penalty for publishing Digital Signature Certificate false in certain particulars 1113
S. 74. Publication for fraudulent purpose 1114
S. 75. Act to apply for offences or contravention committed outside India 1114
— Jurisdiction, liabilities and responsibilities 1115
— Background 1117
— Fundamental Jurisdictional Principles under International Law 1117
— Fundamental Personal Jurisdictional Principles in Europe 1118
— Fundamental Personal Jurisdictional Principles in the United States 1119
— A Comparison of U.S. and European Approaches to Choice of Law: Choice of Law Differences Generally 1120
— The Effects of the Internet on Traditional Principles of Jurisdiction 1122
— The application of traditional jurisdictional principles to the Internet. 1128
— Jurisdictional Precedents Arising From Print, Telephone and Radio Cases. 1128
— Towards a Global Online Standards Commission. 1151
— Conclusion 1153
— Jurisdiction and You -- Yahoo! 1153
— Bibliography and web links 1153
— Background 1153
— American Jurisdiction and the Internet 1154
— Cybersell, Inc.
v. Cybersell, Inc. 1154
— International Jurisdiction 1156
— Fallout from the Yahoo! Case 1157
— Yahoo! Appeals 1158
— Jurisdiction in Cyberspace. 1158
— Online jurisdiction issues in Gutnick v. Dow Jones 1161
The Durban Principles 1162
The ‘French’ Yahoo Case: 1164
— Background 1164
— Appellate considerations 1165
— Implication 1166
Notes on Jurisdiction 1167
— Intergovernmental Efforts to Prepare a Convention on Jurisdiction and the Enforcement of Judgments 1167
S. 76. Confiscation 1168
S. 77. Penalties confiscation not to interfere with other punishments 1168
S. 78. Power to investigate offences 1169
CHAP. 12 NETWORK SERVICE PROVIDERS NOT TO BE LIABLE IN CERTAIN CASES 1171
S. 79. Network service providers not to be liable in certain cases 1171
Network Service Providers not to be Liable in Certain Cases 1172
— Enforcement 1173
Internet Service Providers and ‘Cyber Terrorism’ 1174
— Data protection concerns 1175
— Proportionality 1176
— Implementation costs 1176
— The US position 1177
— Comparative provision under the Singapore Electronic Transactions Act, 1998 1178
— Intermediary liability 1179
— Two competing views of intermediaries 1179
— Common-carrier immunity 1181
— Immunize servers of mere pointers 1182
— Extend the Cubby standard 1182
— Minimize prior restraint 1183
— Encourage closed networks rather than open ones 1184
— Relationship between jurisdiction to regulate and intermediary targeting 1185
— Impact of different architectures 1186
— Legal approaches to intermediary liability 1189
— The aim to be achieved by legislation 1189
CHAP. 13 MISCELLANEOUS 1191
S. 80. Power of police officer and other officers to enter, search, etc. 1191
S. 81. Act to have overriding effect 1192
S. 81A. Application of the Act to electronic cheque and truncated cheque 1192
— Applicability of Act to Electronic Cheque and truncated cheque 1193
S. 82. Controller, Deputy Controller and Assistant Controllers to be public servants 1194
S. 83. Power to give directions 1194
S. 84. Protection of action taken in good faith 1194
S. 85. Offences by companies 1194
S. 86. Removal of difficulties 1195
S. 87. Power of Central Government to make rules 1196
S. 88. Constitution of Advisory Committee 1198
S. 89. Power of Controller to make regulations 1199
S. 90. Power of state Government to make rules 1200
S. 91. Amendment of Act 45 of 1860 1201
S. 92. Amendment of Act 1 of 1872 1202
Indian Evidence Act 1203
Evidence—The Internet as Witness Turns Trial 1204
The Case 1204
The Internet in Court 1205
It Worked in Rehearsal 1205
S. 93. Amendment of Act 18 of 1891 1207
S. 94. Amendment of Act 2 of 1934 1208
The First Schedule 1209
The Second Schedule 1212
The Third Schedule 1217
The Fourth Schedule 1219
Annexure 1220
PART III
APPENDICES
INDIAN RULES, REGULATIONS & GUIDELINES
APP. 1 AMENDMENTS TO THE INFORMATION TECHNOLOGY ACT, 2000 1233
APP. 2 CYBER LAWS—FREQUENTLY ASKED QUESTIONS 1265
APP. 3 CYBER REGULATIONS APPELLATE TRIBUNAL (PROCEDURE) RULES, 2000 1291
APP. 4 INFORMATION TECHNOLOGY (CERTIFYING AUTHORITIES) RULES, 2000 1299
APP. 5 INFORMATION TECHNOLOGY (CERTIFYING AUTHORITIES)
REGULATIONS, 2001 1337
APP. 6 GUIDELINES FOR SUBMISSION OF APPLICATION FOR LICENCE TO OPERATE AS A CERTIFYING AUTHORITY UNDER THE I.T. ACT, 2002 1351
APP. 7 ELECTRONIC COMMERCE ACT, 1998 1357
APP. 8 ISP GUIDELINES 1377
APP. 9 RBI GUIDELINES ON INTERNET BANKING 1415
APP. 10 INFORMATION TECHNOLOGY ACTION PLAN (PART –I) 1419
APP. 11 DATA PROTECTION BILL (2006) 1465
APP. 12 THE INFORMATION TECHNOLOGY (OTHER STANDARDS) RULES, 2003 1479
APP. 13 THE INFORMATION TECHNOLOGY (OTHER POWERS OF CIVIL COURT VESTED IN CYBER APPELLATE TRIBUNAL) RULES, 2003 1481
APP. 14 THE CYBER REGULATIONS APPELLATE TRIBUNAL (PROCEDURE FOR INVESTIGATION OF MISBEHAVIOUR OR INCAPACITY OR INCAPACITY OF PRESIDING OFFICER) RULES, 2003 1483
APP. 15 THE INDOOR USE OF WIRELESS LAN (W-LAN) EQUIPMENT USING BLUETHOOTH AND IEEE 802. 11B STANDARD IN 2.4 GHZ BAND EXEMPTION FROM LICENSING REQUIREMENT) RULES, 2003 1485
APP. 16 THE INFORMATION TECHNOLOGY (USE OF ELECTRONIC RECORDS AND DIGITAL SIGNATURES) RULES, 2004 1487
APP. 17 THE INFORMATION TECHNOLOGY (SECURITY PROCEDURE) RULES, 2004 1489
APP. 18 INDIA—GUIDELINES FOR SUBMISSION OF APPLICATION FOR LICENCE TO OPERATE AS A CERTIFYING AUTHORITY UNDERTHE I.T. ACT, 2002 1491
APP. 42 RBI INTERNET BANKING REPORT 1929
RELATED FOREIGN LEGISLATION
APP. 19 MALAYSIA—DIGITAL SIGNATURE ACT, 1997 1497
APP. 20 SINGAPORE—ELECTRONIC TRANSACTIONS ACT, 1998 1519
APP. 21 SINGAPORE—ELECTRONIC TRANSACTIONS (CERTIFICA-TION AUTHORITY) REGULATIONS, 1999 1535
APP. 22 UNITED KINGDOM—DATA PROTECTION ACT, 1998 1547
APP. 23 UNITED KINGDOM—ELECTRONIC COMMUNICATIONS ACT, 2000 1579
APP. 24 UNITED KINGDOM—ELECTRONIC SIGNATURES REGU-LATIONS, 2000 1591
APP. 25 UNITED STATES OF AMERICA—ELECTRONIC TRAN-SACTIONS ACT (1999) 1597
APP. 26 UNITED STATES OF AMERICA—PAPERWORK ELIMINATION ACT, 2001 1607
APP. 27 UNITED STATES OF AMERICA—UNIFORM COMPUTER INFORMATION TRANSACTIONS ACT 1609
APP. 28 E-COMMERCE LEGISLATION : RECENT EUROPEAN COM-MUNITY DEVELOPMENTS 1761
APP. 29 CONVENTION ON CYBERCRIME 1769
APP. 30 EUROPEAN UNION—DIRECTIVE 97/66/EC OF THE EURO-PEAN PARLIAMENT AND OF THE COUNCIL—OF 15 DECE-MBER, 1997 1785
APP. 31 EUROPEAN UNION—DIRECTIVE 1999/93/EC OF THE EU-ROPEAN PARLIAMENT AND OF THE COUNCIL 1793
APP. 32 EUROPEAN UNION—DIRECTIVE 2000/31/EC OF THE EU-ROPEAN PARLIAMENT AND OF THE COUNCIL 1803
Uncitral Model Laws
APP. 33 UNCITRAL MODEL LAW, 1998 1821
APP. 34 UNCITRAL MODEL LAW ON ELECTRONIC SIGNATURES (A/RES/56/80, DT. 24-1-2002) 1998 1881
INTELLECTUAL PROPERTY
APP. 35 US—DIGITAL MILLENIUM COPYRIGHT ACT, 1998 (US COPY RIGHT OFFICE SUMMARY) 1887
APP. 36 WIPO COPY RIGHT RULES, 1996 1897
APP. 37 WIPO PERFORMANCES AND PHONOGRAMS TREATY RU-LES, 1996 1901
APP. 38 THE ICANN UNIFORM DOMAIN NAME DISPUTE RESO-LUTION POLICY 1907
APP. 39 RULES FOR UNIFORM DOMAIN NAME DISPUTE RESOLUTION POLICY (THE “RULES”) 1911
APP. 40 IN DOMAIN NAME DISPUTE RESOLUTION POLICY (INDRP) 1919
APP. 41 (DOT).IN DOMAIN NAME DISPUTE RESOLUTION POL-
ICY (INDRP) 1923
GLOSSARY 1993
SUBJECT INDEX 2009
For customer support, please contact:
Tel: +91 12 4477 4477
help.in@lexisnexis.com