Class Cyber Security PDF
Document Details
Uploaded by SkillfulSolarSystem
Tags
Summary
This presentation discusses cyber security topics including the internet, servers, data transfer methods, and international mechanisms, laws and regulations in India.
Full Transcript
tr-5A2J5D7I7J 3K 8A CLASS r s. c o m a n k e Cyber Security o p...
tr-5A2J5D7I7J 3K 8A CLASS r s. c o m a n k e Cyber Security o p r tr-5R2T5N7N7P 3S8O T tr-5R2T5N7N7P 3S8O § Inernet : Inter connectted network. c o m Internet?? rs tr-5A2J5D7I7J 3K 8A a n k e o p r tr-5R2T5N7N7P 3S8O T tr-5R2T5N7N7P 3S8O § Server between 2 user § Server is in Data center(YT data in google data center). c o m rs tr-5A2J5D7I7J 3K 8A a n k e o p r tr-5R2T5N7N7P 3S8O T tr-5R2T5N7N7P 3S8O § Small use others like taking from Amazon § FB Google Amazon Microsoft data center is in usa § How to take data from Server? 1)Satellite but very slow 2)Optical Fiber : Sent via Light Signal (3 lac km / second). c o m rs tr-5A2J5D7I7J 3K 8A a n k e o p r tr-5R2T5N7N7P 3S8O T tr-5R2T5N7N7P 3S8O § Below water fiber cable § For phone : this cable is connected to near by Tower § How Server know which data to whom?. c o m rs tr-5A2J5D7I7J 3K 8A a n k e o p r tr-5R2T5N7N7P 3S8O T tr-5R2T5N7N7P 3S8O § IP Address is solution like Postal Address so that data from server to your IP Address is delivered § Every domain also have its IP Address(DNS) § DNS maintained by ICANN(Internet Corporation for Assigned Names and Numbers (ICANN) § Data packets : ex Image slow Opening c o m § Sequence of data packets by Internet Protocol they use. rs tr-5A2J5D7I7J 3K 8A Router a n k e § Internet is provided by ISP(Jio) o p r § ISP = Cable at international level ,Cable at National tr-5R2T5N7N7P 3S8O T level ,Cable at city level tr-5R2T5N7N7P 3S8O § The term, ‘Cyber’ is used in relation to the culture of computers, information technology, and virtual reality.. c o m § The connection between internet ecosystems forms Basics rs tr-5A2J5D7I7J 3K 8A a n k e cyberspace. § The threat to cyberspace leads to an issue and gives o p r rise to the need for cybersecurity. tr-5R2T5N7N7P 3S8O T tr-5R2T5N7N7P 3S8O § Malware, short for malicious software refers to any kind of software that is designed to cause damage to a single computer, server, or computer network. Ransomware, Spy ware, Worms, viruses, and Trojans are all varieties of malware. § Phishing: It is the method of trying to gather personal information using deceptive e-mails and websites. o m § Denial of Service attacks: A Denial-of-Service (DoS). c Types of Attacks rs attack is an attack meant to shut down a machine or tr-5A2J5D7I7J 3K 8A a n k e network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, o p r or sending it information that triggers a crash. tr-5R2T5N7N7P 3S8O T § Man-in-the-middle (MitM) attacks, also known as eavesdropping attacks, occur when attackers insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal data. tr-5R2T5N7N7P 3S8O § SQL Injection:A SQL injection attack specifically targets such kind of servers, using malicious code to get the server to divulge information it normally wouldn’t. § Cross-Site Scripting (XSS):Instead the malicious code c m the attacker has injected, only runs in the user's o browser when they visit the attacked website, and it. rs tr-5A2J5D7I7J 3K 8A goes after the visitor directly, not the website. a n k e § Social engineering is an attack that relies on human o p r interaction to trick users into breaking security tr-5R2T5N7N7P 3S8O T procedures in order to gain sensitive information that is typically protected. tr-5R2T5N7N7P 3S8O Ø The International Telecommunication Union (ITU) is a specialized agency within the United Nations which plays a leading role in the standardization and development of International m telecommunications and cyber security issues.(1865) Mechanisms tr-5A2J5D7I7J 3K 8A rs. c o Ø Budapest Convention on Cybercrime: It is an international a n k e treaty that seeks to address Internet and computer crime (cybercrime) by harmonizing national laws, improving o p r investigative techniques, and increasing cooperation among nations. It came into force on 1 July 2004. India is not a tr-5R2T5N7N7P 3S8O T signatory to this convention. tr-5R2T5N7N7P 3S8O Ø Internet Corporation for Assigned Names and Numbers (ICANN): It is a non-profit organization responsible for coordinating the maintenance and International. c o m procedures of several databases related to the rs tr-5A2J5D7I7J 3K 8A namespaces and numerical spaces of the Internet, Mechanisms a n k e ensuring the network's stable and secure operation. It has its headquarters in Los Angeles, U.S.A.(1998) o p r § Paris call : At UNESCO Internet Governance Forum tr-5R2T5N7N7P 3S8O T (IGF) meeting convened in Paris. tr-5R2T5N7N7P 3S8O § Information Technology Act, 2000 Ø The act regulates use of computers, computer systems, computer networks and also data and information in electronic format. Ø The act lists down among other things, following as Laws related to Cyber Security in. c o m offences: rs tr-5A2J5D7I7J 3K 8A ü Tampering with computer source documents. India an k e ü Hacking with computer system o p r ü Act of cyber terrorism i.e. accessing a protected system with the intention of threatening the unity, integrity, tr-5R2T5N7N7P 3S8O T sovereignty or security of country. ü Cheating using computer resource etc. tr-5R2T5N7N7P 3S8O Offences under IT act 2000 Sections Description Data protection: laws and regulations that makes it illegal to store or share some type of information or Section 43 share information about people without their Important. c m knowledge or permission o Section 66 Hacking of systems present over the network. rs tr-5A2J5D7I7J 3K 8A Sections a n k e Section 69 Cyberterrorism Section 66 Dishonestly receiving stolen computer resources o p r B Publishing electronic Signature certificate false in tr-5R2T5N7N7P 3S8O T Section 73 certain particulars. tr-5R2T5N7N7P 3S8O § Creating mechanisms for security threats and responses to the same through national systems and processes. Ø National Computer Emergency Response Team (CERT-in) functions as the nodal agency for coordination of all cyber security efforts, National Cyber o m emergency responses, and crisis management.. c rs tr-5A2J5D7I7J 3K § Protection and resilience of critical information 8A Policy, 2013 an k e infrastructure with the National Critical Information Infrastructure Protection Centre (NCIIPC) operating o p r as the nodal agency. tr-5R2T5N7N7P 3S8O T Ø NCIIPC has been created under Information Technology Act, 2000 to secure India’s critical information infrastructure. It is based in New Delhi. tr-5R2T5N7N7P 3S8O § It was developed by the Israeli firm NSO Group that was set up in 2010. § It can not only mop up information stored on phones such as photos and contacts, but can also activate a phone’s camera and microphone and turn it into a spying device without the owner’s knowledge. § The earliest avatars of Pegasus used spear phishing to. c m enter phones, utilising a message designed to entice the o target to click on a malicious link. Pegasus rs tr-5A2J5D7I7J 3K 8A ü However, it evolved into using “zero-click” attacks wherein a n k e the phones were infected without any action from the target individual. o p r § It can also be delivered through a nearby wireless tr-5R2T5N7N7P 3S8O T transmitter, or manually inserted if the target phone is physically available. § It had been used in some of the “most insidious digital attacks” on human rights activists in the world. tr-5R2T5N7N7P 3S8O. c o m rs tr-5A2J5D7I7J 3K 8A a n k e o p r tr-5R2T5N7N7P 3S8O T tr-5R2T5N7N7P 3S8O § The report appeared in July 2021 from the Pegasus Project said that in India, at least 40 journalists, Cabinet Ministers, and holders of constitutional positions were possibly subjected to surveillance using Pegasus. Ø According to The Guardian, Amnesty International’s Security Lab tested 67 of the phones linked to the Indian numbers in the database and found that “23 were successfully infected o m and 14 showed signs of attempted penetration”.. c Pegasus in India rs tr-5A2J5D7I7J 3K 8A § A report by The New York Times in January, 2022 stated a n k e that ‘India has bought Pegasus in 2017 as part of a $2- billion’ defence package. o p r Ø India has been aware of the existence of Pegasus since tr-5R2T5N7N7P 3S8O T October 30, 2019 when WhatsApp confirmed that the spyware has been used to exploit a vulnerability in its platform to target activists, academics, journalists and lawyers in India. tr-5R2T5N7N7P 3S8O § In the wake of the Pegasus Project revelations, several petitions were filed with the Supreme Court alleging that the government had Government. c m indulged in mass surveillance in an attempt to muzzle o free speech and democratic dissent. rs tr-5A2J5D7I7J 3K 8A Response a n k e § The Indian government has so far neither confirmed nor denied that it has deployed Pegasus for any o p r operation. tr-5R2T5N7N7P 3S8O T tr-5R2T5N7N7P 3S8O § The Supreme Court will be hearing the case pertaining to the alleged use of the Pegasus spyware software. o m § The matter first reached the apex court in October. c Judiciary Stand rs tr-5A2J5D7I7J 3K 8A 2021 and it constituted a committee, overseen by a n k e former Supreme Court judge Justice R.V Raveendran, to look into the charges and accordingly o p r submit a report “expeditiously”. tr-5R2T5N7N7P 3S8O T tr-5R2T5N7N7P 3S8O Ø MeitY in consultation with Ministry of Information and Broadcasting (MIB) recently notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 (Intermediary Rules) in February. Ø The Rules replaces the erstwhile Information Technology IT Rules, o m (Intermediary Guidelines) Rules, 2011.. c rs tr-5A2J5D7I7J 3K 8A 2021 a n k e Ø The aim of the new rules is said to be empowerment of ordinary o p r users in relation to social media by providing a mechanism for tr-5R2T5N7N7P 3S8O T redressal and timely resolution of their grievance. Ø The new guidelines were introduced in accordance with Section 87(2) of the Information Technology Act, 2000. tr-5R2T5N7N7P 3S8O § Social media intermediaries have been classified under two categories based on their number of users: 1. Social Media intermediaries: are intermediaries that primarily or Classification of solely enable online interaction between two or more users and Social Media. c o m allow them to create, upload, share, disseminate, modify or rs tr-5A2J5D7I7J 3K 8A access information using its services. intermediaries a n k e Ø The rules require these intermediaries to perform due diligence o p r over their platforms to enjoy the protections available to them under the safe harbor provisions listed under Section 79 of the IT tr-5R2T5N7N7P 3S8O T Act. Ø The Rules now mandate that this information be given within 72 hours of receiving the order. tr-5R2T5N7N7P 3S8O 2. Significant Social Media Intermediaries: This refers to a social media intermediary with users above such threshold as may be notified by the Central Government. Currently, the platforms with over 50 lakh users will qualify as significant social media intermediaries (SSMIs). c o m Ø SSMIs are subject to additional requirements such as:. rs tr-5A2J5D7I7J 3K 8A a n k e Ø Resident Officers: Each SSMI is required to appoint an Indian o p r resident employee as Chief Compliance Officer (CCO), tr-5R2T5N7N7P 3S8O T Grievance Redressal Officer (GRO) and the nodal person of contact of the SSMI. The CCO must be a senior employee or a key managerial personnel. tr-5R2T5N7N7P 3S8O Ø Identification of First Originator: If a court or competent authority issues an order under Section 69 of the IT Act, SSMIs that provide messaging services must be able to identify the first originator of information. Ø It must have an electronic copy of the information relating to c m the first originator and provide the same to the court or o government authority.. rs tr-5A2J5D7I7J 3K 8A a n k e Ø Monthly Compliance Report: SSMIs must publish monthly o p r compliance reports showing details of complaints received, tr-5R2T5N7N7P 3S8O T actions taken thereon and the number of specific communication links or parts of information removed or access disabled as a result of active monitoring by utilizing automated tools. tr-5R2T5N7N7P 3S8O Ø Traceability concerns: As stated earlier, the additional obligation on the SSMIs to trace the first originator of a message will result in breaking of end-to-end encryption. This would raise several security and privacy concerns as Concerns about encryption is used by millions of Indians to prevent identity the Intermediary. c o m theft, code injection attacks and many other threats. rs tr-5A2J5D7I7J 3K 8A Rules 2021 a n k e Ø Concerns regarding the legal immunities enjoyed by social o p r media intermediaries: Section 79 of the Information tr-5R2T5N7N7P 3S8O T Technology Act of 2001 currently grants intermediaries wide legal immunity if they exercise "due diligence" and obey "guidelines" established by the government. tr-5R2T5N7N7P 3S8O § A nine-judge bench of the Supreme Court in Justice K. held. c o m S. Puttaswamy (Retd) Vs Union of India unanimously that Indians have a constitutionally Right to Privacy rs tr-5A2J5D7I7J 3K 8A protected fundamental right to privacy that is an a n k e intrinsic part of life and liberty under Article 21. o p r tr-5R2T5N7N7P 3S8O T tr-5R2T5N7N7P 3S8O § Justice B.N.ShriKrishna that submitted its report in July Steps Taken and. c o m 2018 along with a draft Data Protection Bill. rs tr-5A2J5D7I7J § Information Technology Act, 2000: The IT Act 3K 8A Issues an k e provides for safeguard against certain breaches in o p r relation to data from computer systems. tr-5R2T5N7N7P 3S8O T tr-5R2T5N7N7P 3S8O § The Bill is based on the following seven principles: 1. The principle of consented, lawful and transparent use of personal data; 2. The principle of purpose limitation (use of personal data only for the purpose specified at the time of obtaining consent of the Data Principal); o m 3. The principle of data minimisation (collection of only as much. c 2023 rs tr-5A2J5D7I7J 3K 8A personal data as is necessary to serve the specified purpose); an k e 4. The principle of data accuracy (ensuring data is correct and updated); o p r 5. The principle of storage limitation (storing data only till it is needed for the specified purpose); tr-5R2T5N7N7P 3S8O T 6. The principle of reasonable security safeguards; and 7. The principle of accountability (through adjudication of data breaches and breaches of the provisions of the Bill and imposition of penalties for the breaches). tr-5R2T5N7N7P 3S8O § Personal data is information that relates to an identified or identifiable individual. § Businesses as well as government entities process personal data for delivery of goods and services. § Processing of personal data allows understanding. c o m preferences of individuals, which may be useful for customisation, targeted advertising, and developing Highlights rs tr-5A2J5D7I7J 3K 8A recommendations. a n k e § Processing of personal data may also aid law enforcement. o p r § Unchecked processing may have adverse implications for tr-5R2T5N7N7P 3S8O T the privacy of individuals, which has been recognised as a fundamental right. § It may subject individuals to harm such as financial loss, loss of reputation, and profiling. tr-5R2T5N7N7P 3S8O § Currently, India does not have a standalone law on data protection. § Use of personal data is regulated under the Information Technology (IT) Act, 2000. § In 2017, the central government constituted a Committee of Experts on Data Protection, chaired by Justice B. N. Srikrishna, to examine issues relating to data protection in the country. o m § The Committee submitted its report in July 2018.. c rs § Based on the recommendations of the Committee, the Personal Data tr-5A2J5D7I7J 3K 8A a n k e Protection Bill, 2019 was introduced in Lok Sabha in December 2019. § The Bill was referred to a Joint Parliamentary Committee which submitted o p r its report in December 2021. tr-5R2T5N7N7P 3S8O T § In August 2022, the Bill was withdrawn from Parliament. § In November 2022, a Draft Bill was released for public consultation § In August 2023, the Digital Personal Data Protection Bill, 2023 was introduced in Parliament. tr-5R2T5N7N7P 3S8O 3. The Bill has few other innovative features: § The Bill is concise and SARAL, that is, Simple, Accessible, o m Rational &Actionable Law as it—. c Other Features rs tr-5A2J5D7I7J 3K 1. Uses plain language; 8A an k e 2. Contains illustrations that make the meaning clear; o p r 3. contains no provisos (“Provided that…”); and 4. Has minimal cross-referencing. tr-5R2T5N7N7P 3S8O T tr-5R2T5N7N7P 3S8O The Bill will apply to the processing of digital personal data within India where such data is collected online, or collected offline and is digitised. It will also apply to such processing outside India, if it is for offering goods or services in India. The Digital Personal Data c o m Personal data may be processed only for a lawful purpose upon consent of an individual.. rs tr-5A2J5D7I7J 3K 8A Protection Act, 2023 a n k e Consent may not be required for specified legitimate uses such as voluntary sharing of data by the individual or processing o p r by the State for permits, licenses, benefits, and services. tr-5R2T5N7N7P 3S8O T Data fiduciaries will be obligated to maintain the accuracy of data, keep data secure, and delete data once its purpose has been met. tr-5R2T5N7N7P 3S8O The Bill grants certain rights to individuals including the right to obtain information, seek correction and erasure, and grievance redressal. The central government may exempt government agencies o m from the application of provisions of the Bill in the interest of. c rs tr-5A2J5D7I7J 3K 8A specified grounds such as security of the state, public order, and a n k e prevention of offences. o p r The central government will establish the Data Protection Board of India to adjudicate on non-compliance with the tr-5R2T5N7N7P 3S8O T provisions of the Bill. tr-5R2T5N7N7P 3S8O Applicability: The Bill applies to the processing of digital personal data within India where such data is: (i) collected online, or (ii) collected offline and is digitised. c o m It will also apply to the processing of personal data outside. Features rs tr-5A2J5D7I7J 3K 8A India if it is for offering goods or services in India. a n k e Processing has been defined as wholly or partially automated o p r operation or set of operations performed on digital personal tr-5R2T5N7N7P 3S8O T data. It includes collection, storage, use, and sharing. tr-5R2T5N7N7P 3S8O Personal data may be processed only for a lawful purpose after obtaining the consent of the individual. A notice must be given before seeking consent. The notice should contain details about the personal data to be collected and the purpose of processing. Consent c o m Consent may be withdrawn at any point in time.. rs tr-5A2J5D7I7J 3K 8A a n k e Consent will not be required for ‘legitimate uses’ including: (i) specified purpose for which data has been provided by an o p r individual voluntarily, (ii) provision of benefit or service by the tr-5R2T5N7N7P 3S8O T government, (iii) medical emergency, will be provided by the parent or the legal guardian. and employment. For individuals below 18 years of age, consent (iv) tr-5R2T5N7N7P 3S8O An individual whose data is being processed (data principal), will have the right to: (i) obtain information about processing, (ii) seek correction and erasure of personal data, (iii) nominate another person to exercise rights in the event of death Rights and. c o m or incapacity, and (iv) grievance redressal. duties of data rs tr-5A2J5D7I7J 3K 8A principal a n k e Data principals will have certain duties. They must not: (i) register a false or frivolous complaint, and o p r (ii) furnish any false particulars or impersonate another person in tr-5R2T5N7N7P 3S8O T specified cases. Violation of duties will be punishable with a penalty of up to Rs 10,000. tr-5R2T5N7N7P 3S8O The entity determining the purpose and means of processing, (data fiduciary), must: (i) make reasonable efforts to ensure the accuracy and completeness of data, (ii) build reasonable security safeguards to prevent a data Obligations of breach,. c o m (iii) inform the Data Protection Board of India and affected data rs tr-5A2J5D7I7J 3K 8A fiduciaries a n k e persons in the event of a breach, and (iv) erase personal data as soon as the purpose has been met and o p r retention is not necessary for legal purposes (storage tr-5R2T5N7N7P 3S8O T limitation). In case of government entities, storage limitation and the right of the data principal to erasure will not apply. tr-5R2T5N7N7P 3S8O o m Transfer of personal data outside India: The Bill allows. c rs tr-5A2J5D7I7J 3K 8A transfer of personal data outside India, except to countries a n k e restricted by the central government through notification. o p r tr-5R2T5N7N7P 3S8O T tr-5R2T5N7N7P 3S8O § Rights of the data principal and obligations of data fiduciaries (except data security) will not apply in specified cases. These include: § (i) prevention and investigation of offences, and § (ii) enforcement of legal rights or claims.. c o m § The central government may, by notification, exempt certain Exemptions rs tr-5A2J5D7I7J 3K 8A a n k e activities from the application of the Bill. These include: § (i) processing by government entities in the interest of the o p r security of the state and public order, and tr-5R2T5N7N7P 3S8O T § (ii) research, archiving, or statistical purposes. tr-5R2T5N7N7P 3S8O Data Protection Board of India: The central government will establish the Data Protection Board of India. Key functions of the Board include: (i) monitoring compliance and imposing penalties, (ii) directing data fiduciaries to take necessary measures in the. c m event of a data breach, and o (iii) hearing grievances made by affected persons. rs tr-5A2J5D7I7J 3K 8A Board a n k e members will be appointed for two years and will be eligible for re-appointment. o p r The central government will prescribe details such as the tr-5R2T5N7N7P 3S8O T number of members of the Board and the selection process. Appeals against the decisions of the Board will lie with TDSAT. tr-5R2T5N7N7P 3S8O § The schedule to the Bill specifies penalties for various offences such as up to: § (i) Rs 200 crore for non-fulfilment of obligations for children, and. c o m Penalties rs tr-5A2J5D7I7J 3K 8A a n k e § (ii) Rs 250 crore for failure to take security measures to prevent data breaches. Penalties will be imposed by the Board after o p r conducting an inquiry. tr-5R2T5N7N7P 3S8O T tr-5R2T5N7N7P 3S8O § Personal data processing by the State has been given several exemptions under the Bill. As per Article 12 of the Constitution, the State includes:. c o m § (i) central government, Exemption rs § (ii) state government, tr-5A2J5D7I7J 3K 8A a n k e § (iii) local bodies, and o p r § (iv) authorities and companies set up by the government. There tr-5R2T5N7N7P 3S8O T may be certain issues with such exemptions. tr-5R2T5N7N7P 3S8O § Right to data portability and the right to be forgotten not provided § The Bill does not provide for the right to data portability and the right to be forgotten. § The 2018 Draft Bill and the 2019 Bill introduced in Parliament provided for these rights.. c o m § The Joint Parliamentary Committee, examining the 2019 Bill, rs tr-5A2J5D7I7J 3K 8A recommended retaining these rights.2 GDPR also recognises a n k e these rights. o p r § The Srikrishna Committee (2018) observed that a strong set of rights of data principals is an essential component of a data tr-5R2T5N7N7P 3S8O T protection law.4 These rights are based on principles of autonomy, transparency, and accountability to give individuals control over their data.4 tr-5R2T5N7N7P 3S8O § Right to data portability: The right to data portability allows data principals to obtain and transfer their data from data fiduciary for their own use, in a structured, commonly used, and machine-readable format. It gives the data principal greater control over their data. It may facilitate the migration of data from one data fiduciary to another. One possible concern has o m been that it may reveal trade secrets of the data fiduciary.4 The. c rs tr-5A2J5D7I7J 3K 8A Srikrishna Committee (2018) had recommended that to the a n k e extent it is possible to provide the information without revealing such trade secrets, the right must be o p r guaranteed.4 The Joint Parliamentary Committee had observed tr-5R2T5N7N7P 3S8O T that trade secrets cannot be a ground to deny the right data portability, and it may only be denied on the ground of technical feasibility.2 tr-5R2T5N7N7P 3S8O § Right to be forgotten: The right to be forgotten refers to the right of individuals to limit the disclosure of their personal data on the internet.4 The Srikrishna Committee (2018) observed that the right to be forgotten is an idea that attempts to instil the limitations of memory into an otherwise limitless digital c m sphere.4 However, the Committee also highlighted that this o right may need to be balanced with competing rights and. rs tr-5A2J5D7I7J 3K 8A interests. Exercise of this right may interfere with someone a n k e else’s right to free speech and expression and the right to o p r receive information.1 Its applicability may be decided on factors such as the sensitivity of the personal data to be tr-5R2T5N7N7P 3S8O T restricted, the relevance of the personal data to the public, and the role of the data principal in public life.1 tr-5R2T5N7N7P 3S8O 7. The Bill safeguards the personal data of children also. §. c o m 1. The Bill allows a Data Fiduciary to process the personal data of children only with parental consent. Children rs tr-5A2J5D7I7J 3K 8A a n k e 2. The Bill does not permit processing which is detrimental to well- being of children or involves their tracking, behavioural o p r monitoring or targeted advertising. tr-5R2T5N7N7P 3S8O T tr-5R2T5N7N7P 3S8O Exemptions to data processing by the State on grounds such as national security may lead to data collection, processing, and retention beyond what is necessary. This may violate the fundamental right to privacy. The Bill does not regulate risks of harms arising from processing of personal data. Key Issues of. c o m The Bill does not grant the right to data portability and the rs tr-5A2J5D7I7J 3K 8A right to be forgotten to the data principal. the Bill a n k e The Bill allows transfer of personal data outside India, o p r except to countries notified by the central government. The members of the Data Protection Board of India will be tr-5R2T5N7N7P 3S8O T appointed for two years and will be eligible for re- appointment. The short term with scope for re-appointment may affect the independent functioning of the Board. tr-5R2T5N7N7P 3S8O § Sec 66A made defamation as cognizable offence with a punishment of not more than 3 years with/without fine.. c o m § Sec 69A provided power to govt. to issue directions 66A and 69A rs tr-5A2J5D7I7J 3K 8A a n k e to block public access of any information through any computer source. o p r tr-5R2T5N7N7P 3S8O T tr-5R2T5N7N7P 3S8O § Section 66A had extremely wide parameters, which allow whimsical interpretations by law enforcement agencies. Why m challenged? tr-5A2J5D7I7J 3K 8A rs. c o § There was no clarity over terms like offensive, grossly menacing, causing annoyance, etc opening it to many a n k e interpretations. o p r § It outlawed all political satire, cartoons, caricatures and spoof writing indirectly. tr-5R2T5N7N7P 3S8O T § Shreya Singhal vs Union of India 2015. tr-5R2T5N7N7P 3S8O § The Section 66A of the IT Act acts as a necessary deterrent against publishing or writing “objectionable” or “grossly offensive” contents in cyberspace. Governments m Stand tr-5A2J5D7I7J 3K 8A § The rs. c o provision is essential for inflammatory content provoking violence. controlling a n k e § The Centre failed to impress the bench, by assuring that o p r it will be administered in a reasonable manner. tr-5R2T5N7N7P 3S8O T tr-5R2T5N7N7P 3S8O § It violated the freedom of speech and expression given under Article 19 (1)(a). Affects FR. c o m § ISP argued that it even violated right to equality given rs tr-5A2J5D7I7J 3K 8A a n k e under Art. 14, as separate offences cannot be created for people using internet. o p r tr-5R2T5N7N7P 3S8O T tr-5R2T5N7N7P 3S8O § SC held that Sec 66A is unconstitutional and void on the ground that it was excessively vague, open-ended and undefined. § It did not give clear direction, either to the users of Court m Judgement tr-5A2J5D7I7J 3K 8A rs. c o internet or to the law enforcement agencies on what acts performed on internet would amount to a n k e defamation. o p r § Court held that vagueness of Sec 66A, took away the freedom of speech and the right to descent. It had tr-5R2T5N7N7P 3S8O T a intimidating effect on free speech. tr-5R2T5N7N7P 3S8O § Some experts argue that India’s IT Act provides legal remedies for a just a handful of cyber crimes & many have been left out. § The new kinds of cyber crimes are emerging on a daily basis, which was facilitated by the vagueness of Concerns Sec 66A.. c o m rs tr-5A2J5D7I7J 3K 8A a n k e § The ruling will only mean several steps backwards for the govt. and the country on this aspect. o p r § However, it maybe very difficult to prove instances tr-5R2T5N7N7P 3S8O T of cyber stalking, bullying or annoyance by applying provisions of the non-Internet world. tr-5R2T5N7N7P 3S8O § SC upheld the constitutional validity of section 69A, which is exercised by govt. to issue directions to block an internet site. Judgement of m 69A tr-5A2J5D7I7J 3K 8A rs. c o § Although, reasons for blocking have to be recorded in writing, which would be amenable to judicial scrutiny. a n k e § Powers under section 69A comes under ‘reasonable’ o p r restriction as expressed in article 19(2) and thus it is legal. tr-5R2T5N7N7P 3S8O T tr-5R2T5N7N7P 3S8O. c o m rs tr-5A2J5D7I7J 3K 8A a n k e o p r tr-5R2T5N7N7P 3S8O T tr-5R2T5N7N7P 3S8O
