UNIT-III

Law relating to electronic records and intellectual property rights in India:

Legal aspects of Electronic records / Digital signatures, Cyber laws, the roles and
regulations of Certifying Authorities in India, Protection of Intellectual Property
Rights in Cyberspace in India.

TEXT BOOK:
1. Cyber Laws and IT Protection, Harish Chander, PHI, 2012
Chapter 4: Legal aspects of Electronic records /
Digital signatures

Recognition of Electronic Records

Under Indian law, information can be in writing or type written form or printed
form or electronic form.
Section 4, IT Act, 2000 provides legal recognition to electronic records and
accepted in an electronic form.
This is based on Article-5 of UNCITRAL(United Nations Commission on
International Trade Law), which states that any information cannot be denied if it is
in the data message form.
Even in the US, the Uniform Electronic Transaction Act, Section 201 states the
same.
UNCITRAL Model law
Article 6 states the basic standards to be met by a data
message.
In many jurisdictions, writing, original and signature overlap,
but model law approaches them as three separate and
different concepts.
But they share common structure and should be read
together.
The legal recognition of Electronic/Digital signatures
In Indian Law – Any information shall be authenticated by affixing the
signature or signed(hand written) document or electronic signature.

 In Article 7 of UNCITRAL Model law – signature is used to

- Method used to identify the person and indicate person’s approval
- Data message is reliable for communication and also includes relevant
agreement.
- The person is associated with that content and endorse authorship of
the text
- The person was in the given place at that time.
The Position in the US
In US Law, Electronic signature means signature in electronic form and it is logically
associated with an electronic record.
- In US law, signature means any symbol, sound, process or encryption or a record
in whole or in part adopted by a person with an intent
- identify the party
- adopt or accept a term or record
- information integrity
- authenticity/validity
The position in Australia
In Court view, signature does not necessarily be handwritten. In some cases initial is
sufficient.
-- printed name only sent by telex was considered
- Ordinary means personally signed it, or mark by a pen or by a stamp.

Person sign means

- Method used to identify the person and indicate person’s approval
- The person is associated with that content, content may be written by someone else.
- The person was in the given place at that time.
Electronic Records and Electronic Signatures/Digital
Signatures and their use by the government and its
agencies in India
In India, Where any law provides –
(a) The filing of any form, application or any document by any office, authority, body or
agency owned or controlled by the appropriate govt.
(b) The issue or grant of any license, permit, sanction or approval of whatever name
called in a particular manner
(c) The receipt or payment of money(fees or charges) in a particular manner, by means
of electronic form as prescribed by the appropriate government. (Section 6, IT Act, 2000)
For the efficient service to the public through electronic means authorise any service
provider setup, maintain and upgrade the computerised facilities.
Due to increase in the growth of commerce and business, the govt. should increase
function with the help of electronic records and electronic signatures.
The provisions like filing the form, application or other documents, creation,
retention or preservation of records, issue or grant of any license or permit or
receipt or payment in govt. offices, need to be done in electronic form in order to
give more efficiency to the functioning of the govt. and its agencies.

Retention of electronic records in India

- Information remains accessible and usable for a subsequent reference.
- The way in which it is generated or received format, same can be retrieved
- Details like origin, destination, date and time facilitate to identify electronic
record.
Note: This clause does not apply for any information which is automatically
generated
(Section 7, IT Act, 2000)
 UNCITRAL Model law relating to retention of data messages
Article 10 of UNCITRAL Model law provides
- Information remains accessible and usable for a subsequent reference.
- The data message is retained in the format in which it was generated or received
or sent.
- Details like origin, destination, date and time facilitate to identify electronic
record.
Note: storage of transmitted information often done by someone else rather than
originator, such as intermediary (third party/database). If the person does not
retain the required information, then it is intended as bad practice or willful
misconduct.
 Position in the US
Under the Uniform Electronic Transactions Act, section 205 deals with provisions
for retention of electronic record. Requirements under law -
- Information remains accessible and usable for a subsequent reference.
- The data message is retained in the format in which it was generated or received
or sent.
- Details like origin, destination, date and time facilitate to identify electronic
record.
Note: Information may become unavailable because of storage and become
incapable of reproducing the information. This is considered as technology
obsolescence.
The Central Government’s Power to make Rules in
India
The rules central govt. may frame w.r.to electronic/digital signatures are
-The type of signature
-The manner and format in which it shall be affixed
-The manner or procedure which facilitates the identification of the person
-Control procedures to ensure adequate integrity, security and confidentiality of
electronic records and payments.

The central govt. framed rules in the year 2004.

Rule 3 is about filing the form, application or document by the appropriate person
using the specified software.
The following things are taken into account w.r.to
electronic records:
- Lifetime
- Preservability
- Accessibility
- Readability
- Comprehensibility in respect of linked information
- Authentication and integrity
- And any license, permit, sanction or approval
 Electronic Records: Attribution Acknowledgement and Dispatch in India
Based on Article 13 of UNCITRAL Model law
-if electronic record was sent by the originator himself
-by a person who had the authority to act on behalf of originator
- Automatically generated (system programmed)

 Acknowledgement of receipt of electronic record in India

Under Article 14 of UNCITRAL Model law provides
-system generated mails (do not reply)
-Stimulate time reply (otherwise treat that mail was not received)
-Return receipt requested ( postal systems)
 The Time and place of dispatch and receipt of electronic records in India
Under Article 15 of UNCITRAL Model law provides
Unless otherwise agreed between the originator and the addressee, the
time of receipt of an electronic record shall be determined as follows,
namely –
(a) if the addressee has designated a computer resource for the purpose of
receiving electronic records
(i) receipt occurs at the time when the electronic record enters the
designated computer resource; or
(ii) if the electronic record is sent to a computer resource of the addressee
that is not the designated computer resource, receipt occurs at the time
when the electronic record is retrieved by the addressee;
(b) if the addressee has not designated a computer resource along with
specified timings, if any, receipt occurs when the electronic record enters
the computer resource of the addressee.
For the purposes of this section –

(a) if the originator or the addressee has more than one place of business, the
principal place of business shall be the place of business;
(b) if the originator or the addressee does not have a place of business, his usual
place of residence shall be deemed to be the place of business;
(c) “Usual Place of Residence”, in relation to a body corporate, means the place
where it is registered.
Chapter 5: The roles and regulations of Certifying Authorities in India

Due to increased use of electronic communications, misuse of the electronic

records and digital signatures also increased, because there is no direct face-to-
face interaction in the electronic transaction, the problems concerning identity,
authenticity and integrity arise from the point of view of law and lawyers.

-Digital signature is used by the business community for securing electronic

records.

In the process of cryptography, a public key infrastructure consisting of certification

authorities as trusted third parties, for sharing public keys in an authenticated and
reliable manner.
The Role of Certifying Authority (CA)
The Certifying Authority (CA) acts as a trusted third party in the public key
infrastructure.
-CA plays important role – is to certify the public key associated with the given
individual.
The general characteristics are as follows:
- The authenticity of the subject participating in the commercial communication.
- The integrity of the message communicated or the communication. The
authenticity, integrity and confidentiality can be ensured by the independent
third party, that is the role of CA under the law.
- The certifying authority can be public authority or private authority. Present the
state govt. agencies act as top level CAs who in turn certify the second tier of
private sector CAs.
Problems:
-The CAs operations are automatic and may be exposed to many computer based
risks.
-System failures – loss of keys
-If CA’s private key is compromised, then corresponding public key can be revoked,
then all the certificates issued would be invalid.

So, CA must also make its own public key available to the parties who want to
verify the certificates of consumers or users and if CA fails to perform its duties ,
results significant loss to large number of innocent parties.
Appointment of controller and his functions
In the context of a certifying authority (CA), the appointment of a controller is an important aspect of
ensuring effective governance and oversight of the CA's operations. The controller, sometimes referred to
as the Certifying Authority Controller or CA Controller, is responsible for various functions within the CA.
The primary role of the controller is to oversee and regulate the activities of the certifying authority. Their
functions typically include:
1. Regulatory Compliance: The controller ensures that the CA operates in compliance with applicable
laws, regulations, and industry standards. They monitor and enforce adherence to legal and regulatory
requirements related to certificate issuance, security practices, data protection, and privacy.
2. Policy Formulation: The controller participates in the formulation of policies and guidelines that govern
the CA's operations. They contribute to the development of rules and procedures related to certificate
issuance, revocation, renewal, and other aspects of the CA's services.
3. Auditing and Monitoring: The controller conducts audits and regular monitoring of the CA's activities to
ensure compliance, accuracy, and security. They review the CA's processes, systems, and controls to
identify any vulnerabilities, risks, or non-compliance issues.
4. Dispute Resolution: The controller may play a role in resolving disputes or complaints related to the
CA's services. They assess complaints, investigate any alleged misconduct or breaches, and take
appropriate actions to address disputes and maintain the integrity of the CA's operations.
5. Key Management: The controller may have responsibilities related to the management and protection
of the CA's cryptographic keys. They ensure the secure generation, storage, and handling of keys, which
are crucial for signing and verifying digital certificates.
6. Collaboration and Coordination: The controller collaborates with other regulatory bodies, industry
stakeholders, and government agencies to ensure effective oversight, coordination, and alignment of
the CA's operations with broader policies and initiatives.
The appointment of a controller helps provide independent oversight and accountability for the certifying
authority. By fulfilling their functions, the controller contributes to the trust, integrity, and reliability of the
CA's services and the overall digital certificate ecosystem.
Chapter 6 : Protection of intellectual property rights in cyberspace in india

The Cyberspace :

Web-based technology through the internet has increased our capacity to access it easily with rapid speed
which is very useful for e-commerce and having quick electronic business transactions.

Information stored in electronic form is cheaper, easy to store, retrieve and speedier to communicate.

The advantages of the internet have naturally attracted many business people to conduct the business
through e-commerce.

Internet has made it possible to replace traditional paper-based communication by paperless communication
which does not know physical or geographical boundaries, and is possible on any part from any part of
global between the parties known or unknown to each other.
The relevance of domain names in intellectual property rights

In the new e-commerce economy it is important a company must be easily traceable on the internet. This
means that the company must have an address in the cyberspace. This requires the company must have
registration under a particular domain name and a website of its own.

The domain name system (DNS) has made it possible for the registration of a company which enable a
company to conduct online transaction and make it easily traceable by the customers, suppliers and other
users.

The representation of the company’s both name and address on the internet can serve as a typical
trademark function of showing a company’s recognition and goodwill in the market place. Therefore,
domain name is relevant as the consumers often see them as performing in e-commerce.

Various types of domain name disputes have come for consideration before the court all over the world.
one of the most serious kind of disputes has been about "cybersquatting" which involves the use of a
domain name by a person with neither registration nor any inherent rights to the name.
what is cybersquatting ?

The term cybersquatting refers to the unauthorized registration and use of Internet domain
names that are identical or similar to trademarks, service marks, company names, or personal
names.

They use special software applications to monitor the expiry of some specific domain names. After
registering the expired domain names, cyber squatters duplicate the original websites and thus
misleading the genuine visitors of such websites
Deception by squatting in cyberspace

The consumer when looking to find the name of the brand on the internet, the easiest way for them is to type a
domain name of the brand or the company.

Generally, in india, a domain name has at least two key parts. The second level domain describes like .Com
or .Gov and third level domain contains familiar name that describes product, service or topic that the website
address.

Deception by squatting in cyberspace refers to the practice of registering domain names that are similar to
well-known brands or trademarks with the intention of misleading or deceiving consumers.
To combat this issue, ICANN, the Internet Corporation for Assigned Names and Numbers, has implemented
the Uniform Domain Name Dispute Resolution Policy (UDRP). This policy provides an expedited
administrative process for trademark holders to challenge and resolve cases of abusive domain name
registrations. The UDRP allows for the cancellation, suspension, or transfer of domain names by the registrar.
The advantages of ICANN's dispute system include its quick resolution of disputes and relatively low costs.
The proceedings can be conducted entirely through electronic filings, offering convenience and efficiency to
the involved parties.
Bad Faith in Relation to Domain Name Infringement
In order to establish “bad faith” in the proceeding for infringement of a domain name a complainant has to
establish the following points in order to obtain relief:

• The respondent's domain name is identical or confusingly similar to a trademark or service mark owned
by the complainant.
• The respondent has no legitimate right or interest in the domain name. They cannot demonstrate a
valid reason for owning or using it.
• The respondent registered and is using the domain name in bad faith. This means they intended to
cause confusion, deceive consumers, or unfairly benefit from the reputation or goodwill associated with
the complainant's trademark.
In order to file administrative proceedings successfully the complaint must prove that each of the above three
elements are present for the purpose of proof of bad faith on the part of the defendant.

It has also to be shown that the complainant had its registered domain name and the defendant is using it in bad
faith.
• Registering the domain name with the primary aim of subsequently selling it at a profit.
• Registering the domain name primarily for disrupting the business of the competitor.
• Registering the domain name in order to prevent the owner of the trade mark from reflecting the mark in a
corresponding domain name.
• Using the domain name to attract internet users to one’s website by creating a likelihood of confusion with the
complainant’s trademark.
Some Leading Cases Involving Complaints From India before WIPO

Before World Intellectual Property Organization (WIPO), the number of complaints have been filed in Indian
corporate houses or media companies.
In most of the cases the Indian complaints involving domain names before WIPO have been decided in favor
of the complaints.
We may cite two cases.
In Tata Sons Ltd. V. The advanced information Technology Association, it was decided by the WIPO
Administrative panel, Instructing Network Solutions Inc. to transfer the impugned domain name tata.org to
the complainant Tata Sons Ltd.
The administrative panellist relied on the decisions that had been earlier given in favour of Tata Sons Ltd. By
the Indian courts providing protection to the Tata trademark from abusive registrations.
Similarly in tridenthotels.com case the complainant was Oberoi hotels which owned trade marks ‘Trident’
and ‘Trident Hotels’ in India. In this case the panel held that the use of the word ‘Trident’ in combination
with the word hotels has a certain distinctive character as it indicates a chain hotels such as the complainants
group.
The domain name tridenthotels.com signifies that the domain name was intended to be used for a chain of
hotels.
Protection of Copyright on Cyberspace

The new technology which is multi-functional IT or the Internet poses number of challenges for
laws to protect copyrights. Copyright being an intellectual property gives right to the authors in
literay, artistic, dramatic and musical works.

As in other intellectual property rights available under the copyright are essential negative in nature,
similarly these are basically the rights to stop others from doing certain things as for example, right
to stop privacy, counterfeit, copying or imitation.
Rights of Software Copyright Owners

We have brief pointed out the rights of the copyright owner as provided for under Section 14 of the
copyright Act, 1957. Here we will explain to understand the copyrights particularly of the software
copyright owners.

• First the author of the s/w has the right to reproduce and make any number of copies of his work as
he hikes.
• Secondly the s/w copyright owner may display his software on the internet which would amount to
display to the public which right is provided.
•The owner of the copyright s/w enjoys an exclusive right to distributed copies of the work to the
public by sale or by transfer of ownership or by rental. This right to distribute in India flows from
Section 14 of the Copyright Act, 1957, which provides the right to publication.
•Similarly, the owner of the S/W copyright has the right to adaption of his work by updating,
changing and modifying his s/w copyright.
Cyber Space, the Internet, Websites and the Nature of the Copyright

In the context of intellectual property laws, the digital nature of works on the internet is a crucial
characteristic. Unlike traditional analog methods of recording intellectual property on physical mediums
such as paper or film, digitization converts all elements—words, images, sounds, graphics, and films—
into binary numbers, represented as ones and zeros.
When creating a website, it is important for the website creator to ensure that they own the copyright in
all aspects involved in its creation. This includes original content, images, graphics, code, and any other
elements used to make the website function.
Downloading copyrighted works from the internet and saving them permanently on a computer's hard
drive constitutes reproduction of the copyrighted work. This act of making permanent copies without
permission from the copyright owner infringes on their exclusive rights.
Overall, the digital nature of intellectual property on the internet requires careful consideration of
copyright ownership and proper adherence to copyright laws to protect the rights of creators and prevent
infringement.
Linking, Hyper-Linking and Framing
The internet or the web was initially created for the purpose of enabling hypertext capabilities
allowing one side to link or hyperlink and access another sight.
In this way the user could make sense of the great mass data contained on the internet.
As linking or hyperlinking was used for education or research purpose, it was both accepted and
encouraged when internet was a research network.

On the commercial internet the sight owner have contended that before employing a link, the
website must seek permission from the website to which it want to link.

Framing is a relatively recent phenomenon as compared to linking.

By using a specific command in its HTML code, a framing site links to another site and displays that
site within a window or frame.
The frame itself is comprised of content from the framing site.
Remedies for Infringement of Copyright on Cyberspace
Under the copyright Act, 1957, for the infringement of the copyrighted
works without a license granted by the owner of the copyright or the
Registrar.
We have three types of remedies laws available.
(i) Civil remedies
(ii) Administrative remedies
(iii)Criminal remedies

Civil remedies may include two categories

a) Preventive civil remedies
b) Compensatory remedies
Preventive civil remedies
Under the copyright Act, 1957 preventive civil remedies may include
interlocutory injunction and the final injunction in the suite for
infringement of copyright.
Injunction is the most important remedy against the infringement of
copyright under the law.
Injunction means a judicial process by which one who is threatening to
invade or has invade the leag or equitable rights of another.

Compensatory remedies
A compensatory remedy is also available to the plaintiff which includes
damages, account of profit and delivery of infringing copies.
Damages are granted to a owner of the copyright for the loss or damange
caused to him by the infringement of copyright.
The Liabilities of an Internet Services Provider (ISP) in
Cyberspace

The liabilities of ISPs may arises in a verity of legal areas, such as criminal law,
Torts law, Trade secret law, Copyright law, Trademark law, Unfair Competition law.
Many countries have tried to define the liability of ISOs in disseminating third
party contents.

The function of service provides is to host content, such as web pages of subscriber,
over which the service provider exercises no control.
It is impossible practically to monitor or screen the activities of users of network
services.

For example : Educational institutions, libraries and museums and service

providers, they should have no legal obligations to monitor what is transmitted, or
seek facts or circumstance indicating illegal activity.
Cyberspace and the protection of patent in India

The law of patents is very relevant for the information technology industry as it is
in other industries.
The owner of a patent is granted certain exclusive right to a particular invention.
The rights of patent owner include the right to make, the right to use, and the right
to sell the invention and also the obvious extensions connected with the rights of
inventions.
In the computer technology which is fast-paced, being the first to develop and to
patent an invention which satisfies the demand in a market can provide significant
leverage over competitors.
The patent owners can also have an agreement to let others make use of the
patented invention.
We can see the effects of IBM’s (Indian Business Machines) decision to license the
operating system for its personal computer from a company which has become
famous like Microsoft.