Unit 3 Cyber Security .docx

Full Transcript

**Table of Content**

Key Elements of IT Act, 2000

Rationale Behind the IT Act 2000

IT Act 2000: Electronic Commerce and Internet

Amendments to the IT Act 2000

Non-applicability of the IT Act 2000

Conclusion

Information Technology Act, 2000- FAQs

**Information Technology Act, 2000: Elements, Applicability and
Amendments**

The Information Technology Act, 2000 holds significant importance in
India as a pivotal piece of legislation addressing issues related to
cybercrime and electronic commerce. This act establishes a legal
framework for electronic governance by acknowledging the validity of
electronic records and digital signatures. The primary goal of the IT
Act 2000 is to facilitate lawful and reliable electronic, digital, and
online transactions while also serving as a deterrent against
cybercrimes. Encompassing offenses related to computers, computer
systems, and networks, the act confers legal validity to electronic
contracts and recognizes electronic signatures. The act was enacted to
provide legal support to electronic commerce, enable e-governance, and
combat cybercrime. IT Act 2000 comprises 13 chapters, 4 schedules, and
94 sections, making it one of the most stringent privacy laws globally.

***Key Takeaways:***

- *The Information Technology Act, 2000 is pivotal Indian legislation
addressing cybercrime and e-commerce issues.*

- *The primary goal is to facilitate lawful and reliable digital
transactions while deterring cybercrimes. It also aims to enable
e-governance.*

- *The act establishes a legal framework for e-governance by
recognizing electronic records and digital signatures. It confers
validity on electronic contracts and signatures.*

- *IT Act 2000 encompasses offenses related to computers, computer
systems, and networks.*

- *It comprises 13 chapters, 4 schedules and 94 sections, making it
one of the most stringent privacy laws globally.*

*The IT Act, of 2000 has two schedules: *

- ***First Schedule: **Deals with documents to which the Act shall not
apply.*

- ***Second Schedule: **Deals with electronic signature or electronic
authentication method.*

***What are the Features of The Information Technology Act, 2000?***

*The features of The IT Act, 2000 are as follows:*

1. *The digital signature has been changed to an electronic signature
to make it a greater generation-impartial act.*

1. *It elaborates on offenses, penalties, and breaches.*

1. *It outlines the Justice Dispensation Systems for cyber crimes.*

1. *The Information Technology Act defines in a new segment that a
cyber cafe is any facility wherein access to the net is offered by
any person inside the normal business to the general public.*

1. *It offers the constitution of the Cyber Regulations Advisory
Committee.*

1. *The Information Technology Act is based totally on The Indian Penal
Code, of 1860, The Indian Evidence Act, of 1872, The Bankers' Books
Evidence Act, of 1891, The Reserve Bank of India Act, of 1934, and
many others.*

1. *It adds a provision to Section 81, which states that the provisions
of the Act shall have overriding effect. The provision states that
nothing contained inside the Act shall limit any person from
exercising any right conferred under the Copyright Act, of 1957.*

***The Offenses and the Punishments in IT Act 2000***

*The offenses and the punishments that fall under the IT Act, of 2000
are as follows:-*

1. *Tampering with the computer source documents.*

1. *Directions of Controller to a subscriber to extend facilities to
decrypt information.*

1. *Publishing of information that is obscene in electronic form.*

1. *Penalty for breach of confidentiality and privacy.*

1. *[Hacking ](https://www.geeksforgeeks.org/what-is-hacking-definition-types-identification-safety/)for
malicious purposes.*

1. *Penalty for publishing [Digital Signature
Certificate](https://www.geeksforgeeks.org/digital-signatures-certificates/) false
in certain particulars.*

1. *Penalty for misrepresentation.*

1. *Confiscation.*

1. *Power to investigate offenses.*

1. *Protected System.*

1. *Penalties for confiscation are not to interfere with other
punishments.*

1. *Act to apply for offense or contravention committed outside India.*

1. *Publication for fraud purposes.*

1. *Power of Controller to give directions.*

**Key Elements of IT Act, 2000**

**1. Legal Recognition for Electronic Records and Digital
Signatures: **IT Act, 2000 provides a fundamental legal framework for
the acknowledgment and enforceability of electronic records and digital
signatures. It goes beyond merely facilitating transactions; it
establishes a foundation for the digital realm's legal infrastructure.
According to the legal validity of electronic documents and signatures,
the act enables a seamless transition towards electronic governance and
commerce, streamlining processes and fostering a more efficient and
legally recognized digital environment.

**2. Facilitation of Electronic Governance and Commerce: **Recognizing
the legal validity of electronic records and signatures, IT Act 2000
actively promotes the facilitation of electronic governance and
commerce. It extends to electronic delivery of government services,
aiming to enhance accessibility and efficiency in public service
delivery. Additionally, the act seeks to create a conducive environment
for secure and legally recognized transactions between entities, further
boosting the growth of e-commerce.

**3. Promotion of IT Sector Growth and Innovation: **IT Act 2000 goes
beyond its role in governance and commerce; it is a key driver in
promoting growth within the Information Technology (IT) sector. By
providing a comprehensive legal framework for digital technologies, the
act encourages innovation and entrepreneurship. It not only safeguards
the interests of firms but also stimulates a dynamic and competitive
landscape that fosters continuous technological advancements and
economic growth within the IT sector.

**4. Cybercrime Regulation and Data Protection:** The act serves as a
critical regulatory tool in addressing the multifaceted challenges posed
by digital technology, electronic communication, and cybersecurity. With
a specific focus on cybercrime regulation and data protection, IT Act
2000 strives to safeguard digital data and combat cyber threats. It
delineates offenses related to computers, computer systems, and
networks, offering a legal apparatus to address and mitigate
cybersecurity risks in an increasingly interconnected digital landscape.

**5. Strict Privacy Laws: **IT Act 2000 is acknowledged as one of the
world's strictest privacy laws, going beyond conventional legalities. It
extends its jurisdiction to cover offenses related to computers,
computer systems, or computer networks. By providing legal validity to
electronic contracts and recognizing electronic signatures, the act not
only ensures the legal standing of digital transactions but also
establishes a robust legal framework for privacy protection in the
digital domain. This comprehensive approach underscores the commitment
to maintaining the privacy and security of individuals and entities
engaging in electronic activities.

**Rationale Behind the IT Act 2000**

Enacted to tackle the evolving challenges of the digital age, the
Information Technology Act, 2000 serves as a comprehensive legal
framework in India, addressing electronic transactions, data protection,
and the prevention of cybercrime. This legislation seeks to regulate
diverse aspects of digital technology, electronic communication, and
cybersecurity. Key objectives encompass providing legal recognition to
electronic records and digital signatures, facilitating electronic
governance and commerce, promoting IT sector growth, and encouraging
innovation in information technology.

Recognized globally as one of the strictest privacy laws, IT Act 2000
covers offenses related to computers, systems, or networks, validating
electronic contracts and signatures. It establishes provisions for
offenses involving data breaches and individual privacy violations,
prescribing penalties. Notably, the act regulates and safeguards
sensitive data held by social media and other electronic platforms,
ensuring the protection of electronic transactions and endorsing
electronic bookkeeping under the Reserve Bank 1934 regulations.
Strengthening its stance, India has further fortified ITA-2000 through
the introduction of new IT rules in 2021 and additional data protection
and privacy laws, reflecting the nation's commitment to enhancing its IT
regulations and safeguarding the interests of its citizens.

**IT Act 2000: Electronic Commerce and Internet**

**1. [E-Commerce](https://www.geeksforgeeks.org/impact-of-e-commerce-on-traditional-retail-business/) Regulation
under IT Act 2000: **The advent of the internet has propelled a rapid
surge in online activities, particularly in the realm of e-commerce.
With a staggering 2.41 billion online shoppers as of 2021, the
e-commerce industry is anticipated to constitute a substantial 22.0
percent of global retail sales by 2023. This surge in online
transactions has necessitated a robust legal framework to address
pertinent issues such as copyright concerns, data protection, and the
pervasive challenges tied to the dynamic e-commerce landscape.

**2. [Intellectual Property
Rights](https://www.geeksforgeeks.org/importance-and-types-of-intellectual-property-rights-ipr/) and
Privacy Concerns in E-Commerce:** E-commerce, being a dynamic and
expansive marketplace, grapples with significant challenges related to
intellectual property rights (IPR) protection and user privacy. The
vastness of the internet and the absence of comprehensive regulations
create an environment where safeguarding IPR becomes a complex task.
Additionally, the collection of personal information during e-commerce
transactions raises privacy concerns, emphasizing the need for stringent
regulations to ensure data protection.

**3. Cybercrime Challenges in E-Commerce:** While e-commerce continues
to thrive, it also becomes a prime target for cybercrime, posing a
significant threat to online transactions. Cybercriminals exploit
vulnerabilities in e-commerce platforms to gain unauthorized access,
compromise consumer information, engage in activities such as the
illicit exchange of valuable financial data, or deploy malware to
compromise computer systems.

**4. Amendments and Evolving Legislation:** The IT Act 2000 has spurred
amendments to existing acts to incorporate provisions related to IT
offenses. Notable amendments include changes to the Indian Penal Code
and the Indian Evidence Act to recognize electronic records and
documents. The Information Technology (Amendment) Act, 2008 made the IT
Act more technology-neutral and acknowledged the legal validity of
digital signatures and electronic records. The Consumer Protection
(E-Commerce Law) Rules, 2020, under the Consumer Protection Act 2019,
further fortify regulations in e-commerce to prevent unfair practices,
protect consumer interests, and ensure transparency on e-commerce
platforms. These continuous legal adaptations signify India's commitment
to refining its e-commerce laws and safeguarding the interests of its
consumers in an evolving digital landscape.

**Amendments to the IT Act 2000**

**1. 2008 Amendment:** In 2008, the IT Act 2000 underwent a pivotal
amendment to effectively combat cybercrimes and regulate electronic
communication. **Section 66A** was introduced, penalizing the
transmission of "offensive messages," while **Section 69** granted the
government authority to intercept, monitor, or decrypt
computer-generated information. These amendments aimed to fortify the
legal framework, keeping pace with the growing complexity of cyber
threats in India.

**2. Reinforcement through 2011 Amendments:** Building upon the
foundation laid in 2008, the 2011 amendments expanded the scope of
cybercrimes. Offenses such as child pornography, voyeurism, identity
theft, and privacy breaches were incorporated, accompanied by increased
penalties for various offenses. These amendments demonstrated a
commitment to staying ahead of emerging threats and bolstering the act's
efficacy in addressing a broader spectrum of cybercrimes.

**3. Enforcement Mechanisms and Oversight:** The IT Act 2000 empowers
the central government to appoint controlling officers, ensuring
vigilant oversight and compliance with its provisions. Supervision of
data protection, storage, and cybersecurity adherence falls under the
purview of the Indian Computer Emergency Response Team (CERT-In),
highlighting the act's commitment to fostering a secure and resilient
digital environment.

**4. Institutional Framework and Impact: **The act established the Cyber
Regulations Appellate Tribunal, dedicated to adjudicating IT-related
disputes and hearing appeals, providing a specialized mechanism for
legal recourse in the digital realm. Furthermore, the legislative
framework facilitated the creation of the[ Unique Identification
Authority of India
(UIDAI)](https://www.geeksforgeeks.org/uidai-full-form-features-and-importance/),
responsible for issuing UID numbers to Indian residents.

**5. Scrutiny and Calls for Comprehensive Reform:** Despite its
commendable contributions, certain provisions of the act, particularly
those related to intermediary liability, surveillance, and data
protection, have faced criticism from experts. The evolving digital
landscape has spurred calls for a more comprehensive data protection law
to address contemporary challenges and uphold the rights of individuals
in the digital domain.

**6. Catalyst for Growth and Governance: **Notwithstanding the
critiques, the IT Act 2000 played a pivotal role in fostering the growth
of the IT and business process outsourcing sectors in India.
Additionally, it has been instrumental in facilitating e-governance
initiatives, positioning itself as a key enabler in India's digital
transformation journey.

**Non-applicability of the IT Act 2000**

**1. Limitations on Document Types: **The scope of the Information
Technology Act (IT Act) is distinctly defined regarding the types of
documents it governs. Primarily, the IT Act does not extend its
applicability to physical or paper-based documents and transactions.
This exclusion is exemplified by instances such as a handwritten
signature on a traditional contract, which falls outside the purview of
this law. The IT Act exclusively pertains to electronic documents and
e-signatures, emphasizing its focus on the digital realm.

**2. Inadequacies in Addressing Cyber Crimes: **The IT Act's provisions
on cybercrimes exhibit limitations in their comprehensiveness. Various
cyber offenses, including online stalking, bullying, phishing, and
fraud, remain conspicuously absent from explicit inclusion in this
legislation. The narrow definition of cybercrimes within the IT Act
poses challenges for law enforcement agencies, hindering their ability
to effectively investigate emerging digital offenses. This gap
underscores the need for a more expansive and up-to-date legal framework
to address the evolving landscape of cyber threats.

**3. Content Regulation and Censorship: **Distinct from the IT Act,
matters concerning content regulation and censorship are governed by
separate laws, notably the **Information Technology (Intermediary
Guidelines) Rules 2021.** The IT Act itself lacks the authority to
empower the government to block websites or remove content, except in
specific cases involving the dissemination of obscene information.
Content regulation primarily falls within the purview of the
Constitution of India rather than the IT Act, elucidating the nuanced
governance structure surrounding digital content.

**4. Evolution with Personal Data Protection Bill: **With the advent of
the Personal Data Protection Bill, a crucial shift in the regulatory
landscape is imminent. Once enacted, this bill is poised to supersede
the privacy sections of the IT Act. The Personal Data Protection Bill
will assume jurisdiction over matters relating to privacy and data
protection, marking a significant evolution in India's legal framework
to align with contemporary challenges in safeguarding sensitive digital
information. This impending transition signifies a proactive step toward
enhancing privacy and data protection regulations beyond the confines of
the IT Act.

**Information Technology Act, 2000- FAQs**

**What does the technology law in India mean?**

*In India, cyber laws are encapsulated in the Information Technology Act
2000, which became effective on October 17, 2000. The primary objective
of the act is to provide legal recognition to electronic commerce and
facilitate the submission of electronic records to the government.*

**What are the features of the 2000 IT Act with the 2008 amendment?**

*The 2008 amendment to the IT Act brought about significant changes,
expanding the definition of cybercrime and introducing penalties for
offenses such as identity theft, unauthorized publication of private
images, cheating by impersonation, and transmitting offensive or
sexually explicit content through electronic means.*

**What are the latest amendments to the IT Act?**

*The latest amendments to the Information Technology Act 2000, as
notified through the Jan Vishwas (Amendment of Provisions) Act, 2023,
came into effect on November 30. These amendments include the
decriminalization of five offenses and an increase in penalties.*

**What are the pivotal objectives of the IT Act 2000?**

*The primary objectives of the IT Act 2000 include granting legal
recognition to electronic records and digital signatures. It aims to
confer legal validity and enforceability on electronic records and
digital signatures, treating them equivalently to physical documents and
handwritten signatures.*

**Whom does the IT Act apply to?**

*The IT Act 2000 extends its applicability to the entire country,
encompassing the whole of India. Unless specified otherwise in the act,
it also applies to offenses or contraventions committed outside India by
any person.*

*Sections and Punishments under the Information Technology Act, of 2000
are as follows :*

***SECTION*** ***PUNISHMENT***
-------------------------- ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
***Section 43*** ***This section of the IT Act, 2000 states that any act of destroying, altering, or stealing a computer system/network or deleting data with malicious intentions without authorization from the owner of the computer is liable for the payment to be made to the owner as compensation for damages.***
***Section 43A*** ***This section of the IT Act, 2000 states that any corporate body dealing with sensitive information that fails to implement reasonable security practices causing the loss of another person will also be liable as a convict for compensation to the affected party.***
***Section 66*** ***Hacking a Computer System with malicious intentions like fraud will be punished with 3 years imprisonment or a fine of Rs.5,00,000 or both.***
***Section 66 B, C, D*** ***Fraud or dishonesty using or transmitting information or **[identity theft](https://www.geeksforgeeks.org/cyber-crime-identity-theft/)** is punishable with 3 years imprisonment or a Rs. 1,00,000 fine or both.***
***Section 66 E*** ***This Section is for Violation of privacy by transmitting an image of a private area is punishable with 3 years imprisonment or a 2,00,000 fine or both.***
***Section 66 F*** ***This Section is on **[Cyber Terrorism](https://www.geeksforgeeks.org/what-is-cyber-terrorism/)** affecting the unity, integrity, security, and sovereignty of India through digital mediums is liable for life imprisonment.***
***Section 67*** ***This section states publishing obscene information or pornography or transmission of obscene content in public is liable for imprisonment of up to 5 years or a fine of Rs. 10,00,000 or both.***

***Digital Signatures and Certificates***

***Encryption** -- Process of converting electronic data into another
form, called ciphertext, which no one except the authorized parties can
easily understand. This assures data security. \
*

***Decryption**-- Process of translating code to data. *

- *The message is encrypted at the sender's side using various
encryption algorithms and decrypted at the receiver's end with the
help of the decryption algorithms.*

- *When some message is to be kept secure like username, password,
etc., encryption and decryption techniques are used to assure data
security.*

*Experience the ease of obtaining legally binding signatures online, all
while maintaining the highest standards of security and compliance with
the leading e-signature
platform,[ SignNow](https://signnow.sjv.io/baEbJm). It is a secure and
efficient electronic signature solution designed to streamline your
document signing process while ensuring top-tier security features.*

***Types of Encryption ***

*Data encryption transforms information into a code that is only
accessible to those with a password or secret key, sometimes referred to
as a decryption key. Data that has not been encrypted is referred to as
plaintext, whereas data that has been encrypted is referred to as
ciphertext. In today's business sector, encryption is one of the most
popular and effective data protection solutions. By converting data into
ciphertext, which can only be decoded with a special decryption key
generated either before or at the time of the encryption, data
encryption serves to protect the secrecy of data.*

- ***Symmetric Encryption**\
Data is encrypted using a key and the decryption is also done using
the same key. There are a few strategies used in cryptography
algorithms. For encryption and decryption processes, some algorithms
employ a unique key. In such operations, the unique key must be
secured since the system or person who knows the key has complete
authentication to decode the message for reading.*

Screenshot44

***Fig: Symmetric Encryption***

- ***Asymmetric Encryption**\
Asymmetric Cryptography is also known as public-key cryptography. It
uses public and private keys for the encryption and decryption of
message. One key in the pair which can be shared with everyone is
called the public key. The other key in the pair which is kept
secret and is only known by the owner is called the private key.*


*Asymmetric Encryption*

***Public key**-- Key which is known to everyone. Ex-public key of A is
7, this information is known to everyone. \
**Private key**-- Key which is only known to the person who's private
key it is. \
**Authentication**-Authentication is any process by which a system
verifies the identity of a user who wishes to access it. \
**Non- repudiation**-- Non-repudiation is a way to guarantee that the
sender of a message cannot later deny having sent the message and that
the recipient cannot deny having received the message. \
**Integrity**-- to ensure that the message was not altered during the
transmission. \
**Message digest** -The representation of text in the form of a single
string of digits, created using a formula called a one way hash
function. Encrypting a message digest with a private key creates a
digital signature which is an electronic means of authentication.. \
 *

***Digital Signature***

***What is a digital signature?***

*A digital signature is a mathematical technique used to validate the
authenticity and integrity of a message, software, or digital
document. *

1. ***Key Generation Algorithms**: Digital signature is electronic
signatures, which assure that the message was sent by a particular
sender. While performing digital transactions authenticity and
integrity should be assured, otherwise, the data can be altered or
someone can also act as if he was the sender and expect a reply.*

1. ***Signing Algorithms**: To create a digital signature, signing
algorithms like email programs create a one-way hash of the
electronic data which is to be signed. The signing algorithm then
encrypts the hash value using the private key (signature key). This
encrypted hash along with other information like the hashing
algorithm is the digital signature. This digital signature is
appended with the data and sent to the verifier. The reason for
encrypting the hash instead of the entire message or document is
that a hash function converts any arbitrary input into a much
shorter fixed-length value. This saves time as now instead of
signing a long message a shorter hash value has to be signed and
moreover hashing is much faster than signing.*

1. ***Signature Verification Algorithms** : Verifier receives Digital
Signature along with the data. It then uses Verification algorithm
to process on the digital signature and the public key (verification
key) and generates some value. It also applies the same hash
function on the received data and generates a hash value. If they
both are equal, then the digital signature is valid else it is
invalid.*

***The steps followed in creating digital signature are : ***

1. *Message digest is computed by applying hash function on the message
and then message digest is encrypted using private key of sender to
form the digital signature. (digital signature = encryption (private
key of sender, message digest) and message digest = message digest
algorithm(message)).*

1. *Digital signature is then transmitted with the message.(message +
digital signature is transmitted)*

1. *Receiver decrypts the digital signature using the public key of
sender.(This assures authenticity, as only sender has his private
key so only sender can encrypt using his private key which can thus
be decrypted by sender's public key).*

1. *The receiver now has the message digest.*

1. *The receiver can compute the message digest from the message
(actual message is sent with the digital signature).*

1. *The message digest computed by receiver and the message digest (got
by decryption on digital signature) need to be same for ensuring
integrity.*

*Message digest is computed using one-way hash function, i.e. a hash
function in which computation of hash value of a message is easy but
computation of the message from hash value of the message is very
difficult. *

\* *

***Assurances about digital signatures***

*The definitions and words that follow illustrate the kind of assurances
that digital signatures offer.*

1. ***Authenticity**: The identity of the signer is verified.*

1. ***Integration:** Since the content was digitally signed, it hasn't
been altered or interfered with.*

1. ***Non-repudiation: **demonstrates the source of the signed content
to all parties. The act of a signer denying any affiliation with the
signed material is known as repudiation.*

1. ***Notarization: **Under some conditions, a signature in a Microsoft
Word, Microsoft Excel, or Microsoft PowerPoint document that has
been time-stamped by a secure time-stamp server is equivalent to a
notarization.*

***Benefits of Digital Signatures***

- ***Legal documents and contracts:** Digital signatures are legally
binding. This makes them ideal for any legal document that requires
a signature authenticated by one or more parties and guarantees that
the record has not been altered.*

- ***Sales contracts: **Digital signing of contracts and sales
contracts authenticates the identity of the seller and the buyer,
and both parties can be sure that the signatures are legally binding
and that the terms of the agreement have not been changed.*

- ***Financial Documents: **Finance departments digitally sign
invoices so customers can trust that the payment request is from the
right seller, not from a bad actor trying to trick the buyer into
sending payments to a fraudulent account.*

- ***Health Data: **In the healthcare industry, privacy is paramount
for both patient records and research data. Digital signatures
ensure that this confidential information was not modified when it
was transmitted between the consenting parties.*

***Drawbacks of Digital Signature***

- ***Dependency on technology:** Because digital signatures rely on
technology, they are susceptible to crimes, including hacking. As a
result, businesses that use digital signatures must make sure their
systems are safe and have the most recent security patches and
upgrades installed.*

- ***Complexity: **Setting up and using digital signatures can be
challenging, especially for those who are unfamiliar with the
technology. This may result in blunders and errors that reduce the
system's efficacy. The process of issuing digital signatures to
senior citizens can occasionally be challenging.*

- ***Limited acceptance: **Digital signatures take time to replace
manual ones since technology is not widely available in India, a
developing nation.*

***Digital Certificate***

*Digital certificate is issued by a trusted third party which proves
sender's identity to the receiver and receiver's identity to the
sender. \
A digital certificate is a certificate issued by a Certificate Authority
(CA) to verify the identity of the certificate holder. Digital
certificate is used to attach public key with a particular individual or
an entity. *

***Digital certificate contains***

- *Name of certificate holder.*

- *Serial number which is used to uniquely identify a certificate, the
individual or the entity identified by the certificate*

- *Expiration dates.*

- *Copy of certificate holder's public key.(used for decrypting
messages and digital signatures)*

- *Digital Signature of the certificate issuing authority.*

*Digital certificate is also sent with the digital signature and the
message. *

***Advantages of Digital Certificate***

- ***NETWORK SECURITY : **A complete, layered strategy is required by
modern cybersecurity methods, wherein many solutions cooperate to
offer the highest level of protection against malevolent actors. An
essential component of this puzzle is digital certificates, which
offer strong defence against manipulation and man-in-the-middle
assaults.*

- ***VERIFICATION : **Digital certificates facilitate cybersecurity by
restricting access to sensitive data, which makes authentication a
crucial component of cybersecurity. Thus, there is a decreased
chance that hostile actors will cause chaos. At many different
endpoints, certificate-based authentication provides a dependable
method of identity verification. Compared to other popular
authentication methods like biometrics or one-time passwords,
certificates are more flexible.*

- ***BUYER SUCCESS : **Astute consumers demand complete assurance that
the websites they visit are reliable. Because digital certificates
are supported by certificate authority that users' browsers trust,
they offer a readily identifiable indicator of reliability.*

***Disadvantages of Digital Certificate***

- ***Phishing attacks:** To make their websites look authentic,
attackers can fabricate bogus websites and obtain certificates.
Users may be fooled into providing sensitive information, such as
their login credentials, which the attacker may then take advantage
of.*

- ***Weak encryption: **Older digital certificate systems may employ
less secure encryption methods that are open to intrusions.*

- ***Misconfiguration:** In order for digital certificates to work,
they need to be set up correctly. Websites and online interactions
can be attacked due to incorrectly configured certificates.*

***Digital certificate vs digital signature***

*Digital signature is used to verify authenticity, integrity,
non-repudiation ,i.e. it is assuring that the message is sent by the
known user and not modified, while digital certificate is used to verify
the identity of the user, maybe sender or receiver. Thus, digital
signature and certificate are different kind of things but both are used
for security. Most websites use digital certificate to enhance trust of
their users\
 *

***Feature*** ***Digital Signature*** ***Digital Certificate***
--------------------------- -------------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------------------------
***Basics / Definition*** *A digital signature secures the integrity of a digital document in a similar way as a fingerprint or attachment.* *Digital certificate is a file that ensures holder's identity and provides security.*
***Process / Steps*** *Hashed value of original data is encrypted using sender's private key to generate the digital signature.* *It is generated by CA (Certifying Authority) that involves four steps: Key Generation, Registration, Verification, Creation.*
***Security Services*** ***Authenticity** of Sender, **integrity** of the document and **non-repudiation**.* *It provides security and **authenticity** of certificate holder.*
***Standard*** *It follows Digital Signature Standard (DSS).* *It follows X.509 Standard Format*

**[Cyberlaw ]**

Cyber law is the legal framework that governs digital activities,
including online communication, e-commerce, and cybercrime. It also
includes laws that protect data privacy and balance the rights of
individuals with the interests of data controllers. 

***Cyber Laws yields legal recognition to electronic documents and a
structure to support e-filing and e-commerce transactions and also
provides a legal structure to reduce cyber crime**.*

Some examples of cyber law include: Software and source code licenses,
Trademark law, Semiconductor law, Patent law, and Data protection and
privacy laws. 

Cybercrime is a criminal activity that involves a computer, network, or
networked device. Cybercriminals may use cybercrime to generate a
profit. Cyberstalking is a type of cybercrime that involves harassing or
stalking a victim through electronic or digital means. 

Cyber law, also known as Internet Law or Cyber Law, is the part of the
overall legal system thet is related to legal informatics and supervises
the digital circulation of information, e-commerce, software and
information security. It is associated with legal informatics and
electronic elements, including information systems, computers, software,
and hardware. It covers many areas, such as access to and usage of the
Internet, encompassing various subtopics as well as freedom of
expression, and online privacy.

Cyber laws help to reduce or prevent people from cybercriminal
activities on a large scale with the help of protecting information
access from unauthorized people, freedom of speech related to the use of
the [Internet](https://www.javatpoint.com/internet), privacy,
communications, email, websites, intellectual property, hardware and
software, such as data storage devices. As Internet traffic is
increasing rapidly day by day, that has led to a higher percentage of
legal issues worldwide. Because cyber laws are different according to
the country and jurisdiction, restitution ranges from fines to
imprisonment, and enforcement is challenging.

**Importance of Cyber Law:** 

1. It covers all transactions over the internet. 

2. It keeps eye on all activities over the internet. 

3. It touches every action and every reaction in cyberspace. \

**Why are cyber laws needed?**

There are many security issues with using the Internet and also
available different malicious people who try to unauthorized access your
computer system to perform potential fraud. Therefore, similarly, any
law, cyber law is created to protect online organizations and people on
the network from unauthorized access and malicious people. If someone
does any illegal activity or breaks the cyber rule, it offers people or
organizations to have that persons sentenced to punishment or take
action against them.

**What happens if anyone breaks a cyber law?**

If anyone breaks a cyber law, the action would be taken against that
person on the basis of the type of cyberlaw he broke, where he lives,
and where he broke the law. There are many situations like if you break
the law on a website, your account will be banned or suspended and
blocked your [IP (Internet
Protocol)](https://www.javatpoint.com/ip-full-form) address.
Furthermore, if any person performs a very serious illegal activity,
such as causing another person or company distress, hacking, attacking
another person or website, advance action can be taken against that
person.

**Importance of Cyber Law**

Cyber laws are formed to punish people who perform any illegal
activities online. They are important to punish related to these types
of issues such as online harassment, attacking another website or
individual, data theft, disrupting the online workflow of any enterprise
and other illegal activities.

If anyone breaks a cyber law, the action would be taken against that
person on the basis of the type of cyberlaw he broke, where he lives,
and where he broke the law. It is most important to punish the criminals
or to bring them to behind bars, as most of the cybercrimes cross the
limit of crime that cannot be considered as a common crime.

These crimes may be very harmful for losing the reliability and
confidentiality of personal information or a nation. Therefore, these
issues must be handled according to the laws.

- When users apply transactions on the Internet, cyber law covers
every transaction and protect them.

- It touches every reaction and action in cyberspace.

- It captures all activities on the Internet.

-

**Areas involving in Cyber Laws**

These laws deal with multiple activities and areas that occur online and
serve several purposes. Some laws are formed to describe the policies
for using the Internet and the computer in an organization, and some are
formed to offer people security from unauthorized users and malicious
activities. There are various broad categories that come under cyber
laws; some are as follows:

**Fraud**

Cyber laws are formed to prevent financial crimes such as identity
theft, credit card theft and other that occurring online. A person may
face confederate or state criminal charges if he commits any type of
identity theft. These laws have explained strict policies to prosecute
and defend against allegations of using the internet.

**Copyrighting Issues**

The Internet is the source that contains different types of data, which
can be accessed anytime, anywhere. But it is the authority of anyone to
copy the content of any other person. The strict rules are defined in
the cyber laws if anyone goes against copyright that protects the
creative work of individuals and companies.

**Scam/ Treachery**

There are different frauds and scams available on the Internet that can
be personally harmful to any company or an individual. Cyber laws offer
many ways to protect people and prevent any identity theft and financial
crimes that happen online.

**Online Insults and Character Degradation**

There are multiple online social media platforms that are the best
resources to share your mind with anyone freely. But there are some
rules in cyber laws if you speak and defaming someone online. Cyber laws
address and deal with many issues, such as racism, online insults,
gender targets to protect a person\'s reputation.

**Online Harassment and Stalking**

Harassment is a big issue in cyberspace, which is a violation of both
criminal laws and civil. In cyber laws, there are some hard laws defined
to prohibit these kinds of despicable crimes.

**Data Protection**

People using the internet depends on cyber laws and policies to protect
their personal information. Companies or organizations are also relying
on cyber laws to protect the data of their users as well as maintain the
confidentiality of their data.

**Contracts and Employment Law**

When you are visiting a website, you click a button that gives a message
to ask you to agree for terms and conditions; if you agree with it, that
ensures you have used cyber law. For every website, there are terms and
conditions available that are associated with privacy concerns.

**Trade Secrets**

There are many organizations that are doing online businesses, which are
often relying on cyber laws to protect their trade secrets. For example,
online search engines like Google spend much time to develop the
algorithms that generate a search result. They also spend lots of time
developing other features such as intelligent assistance, flight search
services, to name a few and maps. Cyber laws help these organizations to
perform legal action by describing necessary legal laws for protecting
their trade secrets.

**Advantages of Cyber Law:** 

- Organizations are now able to carry out e-commerce using the legal
infrastructure provided by the Act. \

- Digital signatures have been given legal validity and sanction in
the Act. \

- It has opened the doors for the entry of corporate companies for
issuing Digital Signatures Certificates in the business of being
Certifying Authorities. \

- It allows Government to issue notifications on the web thus
heralding e-governance. \

- It gives authority to the companies or organizations to file any
form, application, or any other document with any office, authority,
body, or agency owned or controlled by the suitable Government in
e-form using such e-form as may be prescribed by the suitable
Government. \

- The IT Act also addresses the important issues of security, which
are so critical to the success of electronic transactions. \

- Cyber Law provides both hardware and software security.