Information

Technology
Act 2000
Dr. Kavita Goel
 Model law on Electronic
Commerce
UNCITRAL Konkan Railway
Corporation Ltd. V. Rani
Construction (P) Ltd.

legal recognition to E-Commerce

Introduction
use of alternatives to paper-based
methods of communication and storage
of information

E-Governance
 Application Sec 1of IT Act 2000
Extends to the whole of India and it applies also
to any offence or contravention thereunder
committed outside India by any person
Art. 253: Legislation for giving effect to
International Agreements
Sec 75: if the conduct or act constituting the
offence or contravention involves a
computer or network located in India
 Negotiable Instrument(Other than a cheque) as
defined in The Negotiable Instruments Act, 1881;

A power-of-attorney as defined in The Powers of

Attorney Act, 1882

Sec 1.4 A trust as defined in The Indian Trusts Act, 1882

Non-
Applicability
A will as defined in The Indian Succession Act,
of Act 2000 1925 including any other testamentary disposition;
First Schedule
Any contract for the sale or conveyance of
immovable property or any interest in such property;

Any such class of documents or transactions as

maybe notified by the Central Government.
Cheque Truncation System

Amendment of definition of Cheque by Negotiable Instruments (Amendment

and Miscellaneous) Act 2002 which came into force in 2003.-Sec 6 Cheque
includes mirror image of paper cheque and truncated cheque.

Cheque Truncation System (CTS) or Image-based Clearing System (ICS), in India,

is a project of the Reserve Bank of India (RBI), commenced in 2010, for faster
clearing of cheques.

PNB first bank to deploy image based clearing system inter city within 48 hours
 Virtual Currency like Bitcoins, Dogecoin,
Laws on cryptocurrency
 No legal regulation in India
 Not a Negotiable Instrument under NI Act 1881
 In global pandemic the price of one Bitcoin has been increased by six times in 12
months
 Investment of around 7 million Indians in crypto assets
 In 2013 one caution was issued by RBI on use of Virtual currencycircular
 In 2018, first formal restrictions by RBI by circular
 Banning of Cryptocurrency & regulation of Official Digital Currency Bill 2019
 Internet and Mobile Association of India V. RBI, 2020SCC online SC 275: struck down
circular issued by RBI in 2018
 Cryptocurrency & regulation of Official Digital Currency Bill 2021
 The Indian Government imposed Anti-Money Laundering provisions on Virtual Digital
Assets (VDA) on 7th March 2023 under Prevention of Money laundering Act(PMLA)
Statement on Development and Regulatory
policies by RBI

 Not to deal with any individuals or entities dealing with VC

 To exit from relationship if they already have VC
 Indian Penal Code: Document

India Evidence Act: electronic

evidence, electronic document
Amended Banker’s Books Evidence Act: Banker’s-
Legislations book, Certified-copy

Reserve Bank of India Act: regulation of

fund transfer through electronic means
 Important Terms

Electronic Record Electronic signature Authentication

Information A way to ensure A way to know who
captured through electronic the document is authentic created the document
devices like soft copy, and it is not altered in the
image, pen drives, mails way
which are machine
readable form.
 E-commerce V. E-Business

E-Business includes e-commerce. Brick Pure play (online mode only)

and Click (online and offline mode)
 Electronic data Interchange
(EDI)-ANSI, EDIFACT,
TRADACOMS, ebXML
E-Commerce
•Computer to computer exchange of
business documents
•Standard Electronic format
•PO, Invoices, buyer document,
payment document etc.

Internet enabled EDI-

SMTP(email), HTTPS etc.

•B2B, B2C, C2B, C2C, P2P

E-Commerce
Models
Business to Business (B2B)

 businesses sell to other

companies
Alibaba: list of manufacturers,
suppliers, products
Business to Consumer (B2C)

 Function of Beauty sells

personal care items for
individuals. It allows them to
customize the product’s
formula according to their
preferences. Offering a
personalization option is one
way this brand creates an
experience unique from other
B2C businesses.
Consumer to Consumer (C2C)

 a business provides an online

platform for consumers to
buy and sell from each
other.
 Facebook Marketplace: This
online marketplace allows
Facebook users living in the
same region to buy and sell
from one another
 E-Bay, OLX, Amazon,
Quikr, cardekho
Consumer to
Business (C2B)

 individuals offer their talents and skills to businesses. Popular examples

of goods or services in this model include freelancing
 It charges service fees per job or per task for the talent
 Social media users who fill out surveys on Survey Junkie or promote
products and services.


Maintenance services are a
great example of Business to
B2G transactions. To maintain Government
public buildings and open spaces, (B2G)
government agencies may solicit
the services from businesses
Consumer to
Government
(C2G)
Payment of Taxes
online, license fees
etc.
Government to Birth certificate,
Consumer (G2C) death certificate,
Adhar card
Types of eCommerce by Revenue
Model
 Drop shipping
 Wholesaling
 Private Labeling
 White Labeling
 Subscription Service
 Dropshipping

 you will work with a third-party

wholesaler and market their
products online. When someone
makes an order, you will notify
the supplier to deliver the item to
the buyer. If the sale is successful,
you will receive a share of the
profits.
 This method generally has low
startup costs. Getting started only
requires a website and a
partnership with a
wholesaler. E.g. Amazon
 Wholesaling
 A wholesaler purchases
goods in large volumes
from manufacturers and
resells them to retailers.
 S&S Activewear is a
wholesaling company
that sells branded
apparel to retailers. They
also offer blank clothing
for printing companies
that make custom
apparel for clients.
Private Labeling

 A private label business works

with a manufacturer to create
a product using its brand
name. The company will
control the item’s features,
including its material, function,
and packaging.
 Zadiko is a tea company
started by YouTuber Zach
Kornfeld. He works with the
manufacturer Art of Tea to
create unique tea blends for
his products and uses his own
branding on his sales channels.
White Labeling

 In white labeling, a
company purchases a
ready-made product line
from a manufacturer and
applies its own branding to
sell them.
 The Chocolate Gift offers
white labeling services for
businesses that want to
resell their chocolate bars.
Customers may order at
least 240 items using a
custom brand design
 Subscription Service

In this model, the business will

provide a product or service
recurrently to a consumer in
exchange for periodic payments –
usually weekly, monthly, or annually.
  Virus Attack
 Installation of Unwanted programme
 Browser Parasites: monitor or change settings in
user's device
 Adware: pop up ads
 Spyware: for stealing information
Security  Phishing and Identity theft: for financial gain
 Hacking: access on website of competitors
Issues in E-  Spoofing

commerce  DOS and DDOS

 Sniffer: sniff trafficking
 Insider job: poorly designed server and client software
and complexity of programmes which increase
vulnerabilities for hackers to exploit.
DEFENSIVE MEASURES AGAINST
SECURITY ISSUES IN E-COMMERCE
 Security in E-Commerce

Fundamental requirement
•Authenticity of sender
•Message's integrity
•Non-repudiation

Cryptography (Symmetric
and Asymmetric)
 Data Encryption
Standard: 58 bits

Private Key
Cryptographic 3 Data Encryption
System: Secret Standard: 192 bits Symmetric
Key

Plaintext- Advanced
ciphertext - Encryption
plaintext Standard: 128-256
decryption bits
Asymmetric

 Public key Cryptographic System

 Two key for encryption and
decryption
 Public and private key
 Based on principle of IRREVERSIBILITY
 Third party-Certifying Authority
Hash Function

 Can be used to map data

of arbitrary size to fixed-size
values.
 Contract-Offer
and acceptance

Oral or in writing with

E- traditional signature
commerce
reusable,
easy to modify
Electronic record
easy to replace
new one
 Sec 3 Authentication of Electronic
Records
 any subscriber may authenticate an electronic record by affixing his digital
signature.
 The authentication of the electronic record shall be affected using
asymmetric crypto system and hash function which envelop and transform
the initial electronic record into another electronic record
 "hash function" means an algorithm mapping or translation of one sequence
of bits into another, generally smaller, set known as "hash result" such that an
electronic record yields the same hash result every time the algorithm is
executed with the same electronic record as its input making it
computationally infeasible-
 (a) to derive or reconstruct the original electronic record from the hash result
produced by the algorithm;
 (b) that two electronic records can produce the same hash result using the algorithm.
 Sec 3A
(1) Notwithstanding anything contained in section 3, but subject to the provisions of sub-
section (2), a subscriber may authenticate any electronic record by such electronic signature
or electronic authentication technique which-
(a) is considered reliable; and
(b) may be specified in the Second Schedule.
(2) For the purposes of this section any electronic signature or electronic authentication
technique shall be considered reliable if-
(a) the signature creation data or the authentication data (Private Cryptography Keys or passwords)
are, within the context in which they are used, linked to the signatory or, as the case may be, the
authenticator and to no other person;
(b) the signature creation data or the authentication data were, at the time of signing, under the
control of the signatory or, as the case may be, the authenticator and of no other person;
(c) any alteration to the electronic signature made after affixing such signature is detectable;
(d) any alteration to the information made after its authentication by electronic signature is
detectable; and
(e) it fulfils such other conditions which may be prescribed.
 Contd.

 (3) The Central Government may prescribe the procedure for the
purpose of ascertaining whether electronic signature is that of
the person by whom it is purported to have been affixed
or authenticated.
 (4) The Central Government may, by notification in the Official
Gazette, add to or omit any electronic signature or
electronic authentication technique and the procedure for affixing
such signature from the Second Schedule: Provided that no
electronic signature or authentication technique shall be specified
in the Second Schedule unless such signature or technique is
reliable.
 Contd.
 Users with an Aadhaar ID, the unique identification number issued by the
Indian government to all Indian residents, are free to use an online e-
signature service to securely sign documents online. In this case, the online
e-signature service integrates with an Application Service Provider (ASP) to
provide users with a mobile or web app interface that they can interact
with.
 The users then use this app interface to apply e-signatures to any online
document by authenticating their identity using an eKYC service such as
OTP (one-time passcode) provided by an e-sign service provider. The
online e-signature service works with an accredited service provider to
provide certificates and authentication services that comply with
government guidelines
 e-sign services
 Authentication under 2nd Schedule
2nd schedule
E-KYC and CA
Trusted third party-after amendment of 2020
e-KYC" means the transfer of digitally signed demographic
data such as Name, Address, Date of Birth, Gender,
Mobile number, Email address, photograph etc of an
individual. collected and verified by e-KYC provider on
successful authentication of same individual
The applicable e-KYC services provider for eSign are
UIDAI ( Online Aadhaar e-KYC Services)
eSign User Account with CA
 Signatures under IT Act
2000
 Sec 2(ta) Electronic
Signature: means authentication of
any electronic record by a
subscriber by means of the
electronic technique specified in
the Second Schedule and includes
digital signature
 Sec 2(p) Digital Signature: means
authentication of any electronic
record by a subscriber by means of
an electronic method or procedure
in accordance with the provisions of
section 3
 Electronic signature (name in the end of email, PIN,
Digital Signature
image of sign, bio-metric identifier)

A digital signature relies on public key infrastructure An electronic signature is simply a legally valid
which authenticates the electronic signature electronic replacement of a handwritten signature.

Digital signatures carry a user's information along Electronic signatures do not contain any
with electronic signatures. authentication attached to them.
A digital signature secures a document. An electronic signature verifies the document.
Digital signatures are validated by licensed Electronic signatures are not validated by licensed
certifying authorities such as eMudhra. certifying authorities.
Electronic signatures do not come with encryption
Digital signatures come with encryption standards.
standards.
A digital signature consists of various security An electronic signature is less secure and is more
features and is less prone to tampering. vulnerable to tampering.
An electronic signature can be a file, image, or
A digital signature acts as an electronic fingerprint
symbol attached to a document to give consent
that consists of a person's identification.
for a signature.
An electronic signature offers lower security and no
A digital signature is created via cryptographic
cryptographic algorithms are used in creating a
algorithms.
simple electronic signature.
A digital signature is authenticated using a digital An electronic signature is authenticated using a