MODULE 2 - ONLINE USE OF TRADE MARKS AND DOMAIN NAMES

Domain name system (DNS)

1. Domain name is the unique address to one website In the absence of such system- to name
websites, there would have been total chaos inside the huge & complex world of internet, leave
alone trying to locate your website. With the Domain Name System (DNS) one can create your
desired name for your website which when entered into a web browser leads to your website.
2. Domain Registration has become an industry and there are number of domain registrars who
running it as a business
3. DNS is the system of global navigation used on the internet. DNS is a kind of address where the
web portal of a particular organization or individual is located.
4. DNS request will be entertained only if there is a valid IP address.
5. Each Computer and each Website has been given a number14 and name15, respectively.
6. Domain Name consists of:
 Top Level Domain
 Second Level Domain
 Third level domain
7. The crucial aspect of a domain name is the second level domain, since they are available on a
first-come first serve basis, and may be obtained by any one of a number of domain name
registries.
8. There is a private corporation responsible for the registration and assignment of the (secondary)
domain names. ( In India, ICANN- Internet Corporation for Assigned names and numbers) and
.INRegistry, is the official Registrar of Domain Name in India for “.in” extensions, working
under National Internet exchange of India (NIEI)
9. TLD is divided into two: gTLD (.org) & ccTLD (.in)
Examples of Top Level Domain (TLD) name /(Primary Domain Name)

 .com
 .org
 .ac
 .net
Examples of Secondary Domain Name (SDN)
 kiit.
 tata.
 myntra.
 aiims.
Examples of Tertiary Domain Name (Sub-Domain Name)
 .firm
 .res.
 .gov
 .law.
Examples of ccTLD (Country Code Top Level Domain Name):
 .in
 .uk
 .au
 .uae

1
Trade Mark and Domain Name: similarities and difference
 Domain Name represents Trade Mark of a company in case there is. In case of an individual or
any entity without any Trade Mark, Domain Name can still be given and be protected as an
address of the Organization/website.
 From the perspective of a company, as to how DN is important facet of part of business of a
company, in MTV Networks Inc. v. Curry(867 F Supp 737, 741 (E.D. Va. 1997) ) it was
observed that “a DN mirroring a corporate name may be a valuable corporate asset, as it-
facilitates communication with a customer.
 Domain Name frequently represents a company’s intellectual property in the form of Trade Mark.
 “Trade Mark” according to Section 2 (zb) of The Trade Marks Act, 1999: “a mark capable of
being represented graphically and which is capable of distinguishing the goods or services of one
person from those of others and may include shape of goods, their packing and combination of
colors.”
 In Laxmikant V. Patel v. Chetnabhat Shah ( [2002] AIR SC 275 ) It was held that, a mark
includes amongst others things, name or word also.
 In Tata Sons Ltd. v. Monu Kosuri and others ([2001] PTC 432) the Court affirmed that DNS are
not just internet addresses and must be protected akin to a Trade Mark
 Trade Mark of a Company serves a variety of functions ranging from advertising to guaranteeing
quality.
 Important Point: Trade Marks can be registered as Domain Name of a company. Eg.:
[Link]
 So, with inception of internet it was possible that a particular company despite having its own
Trade Mark registered, its domain name could be registered as Trade Mark of someone else,
thereby preventing trademark owners from establishing web sites using their own mark. Those
are known as „Cyber squatters‟
 Now, so as to keep the reputation and maintain the brand name in the market, for a company or
any business houses, it has become necessary to firstly register their Trade mark and then the
Domain Name of the company attached with the or representing the virtual address of the
company.
Domain name disputes
Cyber squatting : Cyber squatting is an act of a defendant
 to incorporate someone’s registered trade mark in the domain name of the defendant or
 to imitate the similar domain name of plaintiff as that of Defendant or
 to incorporate the deceptively similar domain name of the plaintiff to create likelihood of
confusion in the minds of consumer or user.
In the high-profile case of Yahoo Inc. v Akash Arora & Anr. (1999 IIAD Delhi 229), a lawsuit was
filed by the plaintiff against the defendants seeking a decree of permanent injunction restraining the
defendants from operating any business, selling, advertising and/or dealing in any services or goods on
the internet or otherwise under the trademark and/or domain name ‘[Link]’, or any other
trademark and/or domain name that is identical with or deceptively similar to the plaintiff’s well-known
trademark “Yahoo!”.It was the defendant’s contention that the “Yahoo!” trademark/domain name
purportedly belonging to the plaintiff was not at the time registered in India and therefore could not be
used as a basis for an action in relation to trademark [Link] defendant also argued that the

2
word “Yahoo!” is a general word that is neither unique nor invented and as such, did not possess any
element of [Link] was further submitted that since the defendants had been using a disclaimer
all along, there was no deception and hence no action of passing off could be taken against the
[Link] Court gave its decision in favour of the plaintiff and granted the injunction against the
defendants. It was held that the service rendered by the plaintiff on the internet had become recognized
and accepted globally. The Court agreed that though “Yahoo!” was a dictionary word, it had acquired
sufficient uniqueness and distinctiveness so as to enable the plaintiffs to be protected against passing off.

Panavision International vs. Toepen 141 F.3d 1316

Panavision International, L.P. (Panavision) (plaintiff) owned the Panavision trademark and attempted to
register the domain name [Link]. However, Dennis Toepen (defendant) had already registered
[Link]. Panavision’s counsel sent a letter to Toepen informing Toepen that Panavision held a
trademark in the name Panavision. The letter also demanded that Toepen stop using the [Link]
domain. Toepen offered to sell the domain name to Panavision. Panavision refused the offer and sued
Toepen, claiming that Toepen use of [Link] was an unlawful dilution of Panavision’s trademark.
Toepen argued that a domain name is simply an address used to locate a web page. According to Toepen,
a user who visited [Link] and saw no reference to Panavision would not be likely to conclude
that the web page was related in any way to Panavision. Thus, Toepen claimed that his use of
[Link] could not be considered a dilution of Panavision’s trademark. Panavision filed a case in
California and benefit was given to Panavision.

Anti cyber squatting act: it was held that Dennis Toepen can’t register any other domain name including
[Link] . Dennis Toepen is a cyber squatter

Profit grabbing : try or attempt to take profit from someone else domain name or reputation.
Rediff Communication Limited v Cyber booth : In that case, the defendant had registered the domain
name ‘[Link]’, which was similar to the plaintiff’s domain name ‘[Link]’. Deciding in favour of
the plaintiff, the Court was of the opinion that the high importance and value attached to a domain name
makes it a major corporate asset of any company. It went on to state that a domain name is much more
than an internet address and as such, is entitled to protection equal to that afforded to a registered
trademark.

Tata Sons Ltd v Manu Kosuri & Ors. Another high-profile case involves the Tata Group, a
multinational conglomerate. In Tata Sons Ltd v Manu Kosuri & Ors. [IIIAD Delhi 545, 90 (2001)], the
defendant registered a series of domain names incorporating the well-known trademark “TATA”.The
Court, in delivering judgement, referred to Rediff Communication Limited v Cyberbooth and Yahoo Inc.
v Akash Arora & Anr., both mentioned above, and held that internet domain names are not merely
internet addresses but are in fact corporate assets that are extremely important and valuable and as such,
are entitled for protection equivalent to that afforded to registered trademarks.

Satyam infoway v siffynet solutions: The Respondent (Sifynet Solutions (P) Ltd.) had registered domain
names [Link] were similar to the Plaintiff’s domain
name [Link] (Satyam Infoway Ltd.) had considerable reputation in the
market and had registered the name ‘Sifynet’ and various other names with the Internet Corporation for
Assigned Names (ICANN) and WIPO. The word ‘Sify’ was first coined by the plaintiff using elements
from its corporate name Satyam Infoway and had a very wide reputation and goodwill in the market. The
Appellant was incorporated in the year 1995 and had registered its various domain names using the prefix
‘Sify’ in the year 1999. The Respondent started carrying on its business under the above stated domain
names since 5th June, 2001.
On coming to know of use of the word ‘Siffy’ by the Respondent, the Appellant filed a suit in the City

3
Civil Court against the Respondent on the basis that the Respondent was passing off its business and
services by using the appellant’s business name and domain name. An application for temporary
injunction was also filed. The City Civil Court Judge decided in favor of appellants and allowed the
application for temporary injunction on the following grounds:

 The balance of convenience was in favor of the Respondent;

 The business of the Appellant and Respondent was dissimilar;
 The Respondent had invested a large amount in establishing its business and has enrolled 50,000
members,
 The Respondent would be put to greater hardship, inconvenience and irreparable [Link],
the Appellant filed a Special Leave Petition before the Supreme Court.

ISSUES: 
1) Whether a domain name can be said to be a word or name which is capable of distinguishing the
subject of trade or service made available to potential users of the internet.
2) Whether internet domain names are subject to the legal norms applicable to other intellectual
properties such as trademarks.
3) Would the principles of trademark law and in particular those relating to passing off apply?

JUDGEMENTS
Issue no. 1
Issue no. 1 was answered in the affirmative and to come to the conclusion, the Hon’ble supreme court
gave the following reasons:

 With the increase of commercial activity on the internet, a domain name is also used as a business
identifier;
 Domain name identifies the specific internet site;
 As more and more commercial enterprises trade or advertise their presence on the web, domain
names have become more and more valuable and the potential for dispute is high. Whereas a
large number of trademarks containing the same name can comfortably co-exist because they are
associated with different products, belong to business in different jurisdictions etc, the distinctive
nature of the domain name
ISSUE NO. 2 & 3
Issue No. 2 & 3 was commonly answered in the affirmative as they were interlinked and to come to the
said conclusion, the Hon’ble Supreme Court gave the following reasons:

 The use of similar domain name may lead to diversion of users as ordinary customers seeking to
locate the functions available less than one domain name may be confused with another domain
name which may offer dissimilar services. Thus, the customers may conclude misrepresentation,
which will result in loss of customers.
 Further, a use of similar domain name has all the ingredients of a passing off action, such as
preservation of reputation and goodwill, safeguarding the public, misrepresentation by the
defendant, loss or likelihood of loss. Thus, the Hon’ble Supreme Court held that that a domain
name may have all the characteristics of a trade mark and one can also file an action for passing
for the same.
Zippo manufacturing v Zippo dot. com 952 [Link].1119

4
Plaintiff Zippo Manufacturing Company ("Manufacturing"), a Pennsylvania corporation, makes the well-
known "Zippo" pocket lighters. Zippo Dot Com ("Dot Com"), a California corporation, operated an
Internet web site that offered access to USENET newsgroups. Dot Com registered the domain names
"[Link]," "[Link]" and "Zippo [Link]."
Dot Com's contacts with Pennsylvania occurred exclusively over the Internet. Dot Com's offices,
employees and Internet servers were located in California. Dot Com did not maintain any offices,
employees or agents in Pennsylvania. Dot Com's advertising for its service to Pennsylvania residents
involved posting information about its service on its web page, which was accessible to Pennsylvania
residents as well as everyone [Link] Com had approximately 140,000 paying subscribers worldwide,
and approximately two percent (3,000) of those were Pennsylvania [Link] subscribers contracted
to receive Dot Com's service by visiting its website and filling out an application. Dot Com also entered
into agreements with seven Internet access providers in Pennsylvania to permit their subscribers to access
Dot Com's USENET database, including two providers in the Western District of Pennsylvania.
Zippo Manufacturing filed a five-count complaint against Dot Com alleging trademark dilution,
infringement, and false designation under the Lanham Act and state law trademark dilution
[Link]'s basis of the trademark claims was Dot Com's use of the word "Zippo" in the
domain names in numerous locations in its website and in the heading of Internet newsgroup messages
that were posted by Dot Com subscribers
InterNIC –Internet network information center (“interNIC”) maintains and administers the central
database of all internet domain [Link] came in the year 1998 it stands for internet corporation for
assigned names and numbers which authorize or give you an arbitration panel .indrp .NIXI
.indrp - file application today on NIXI any discrepancy send it back to the complainant to make the
changes and submit it within 3 days to make the necessary changes. If there’s no change then it will be
send it to the defendant within 3 days followed by defendant has to reply within 5 days with proper
explanations. If he doesn’t reply then it will be rejected or over called. .in registry- NIXI has 3 members
in the arbitration panel if the reply comes then the arbitration panel will fix the appointment and all the
hearing will be done in 60 days. Exceptional case is allowed to 30 days ( extension means within 3
months) if either of the party aggrieves then re apply can be happen after 5 days formal notice will be
served of the hearing.

UDRP

In order to prevail in UDRP arbitration, the mark owner must prove three things:

 the domain name is identical or confusingly similar to the trademark in question;

 the registrant has no rights or legitimate interests in the domain name,
 the domain name was registered and/or is being used in bad Faith

If the trademark owner successfully proves all three points in the administrative proceeding, then the
domain name can either be canceled or transferred to the prevailing trademark owner.

If the trademark owner fails to prove one of these points, the administrative panel will not cancel nor
transfer the domain name.

To prove a legitimate right or interest in a domain name is by showing:

use or preparations to use the domain name in connection with a bonafide offering of goods or services
prior to any notice of the dispute;

5
that the domain name owner has been commonly known by the second level domain name; or

that the domain name owner is making legitimate non-commercial or fair use of the domain name,
without intent of :-

(i) commercial gain,

(ii) misleadingly diverting consumers, or

(iii) tarnishing the trademark at issue.

A trademark owner can show that a domain name was registered and used in bad faith in a variety of
ways, including by showing that the domain name owner: registered the name primarily for the purpose
of selling or transferring the domain name to the trademark owner or a competitor of the trademark owner
for a price greater than out of pocket costs;engaged in a pattern of registering trademarks of others to
prevent the use of the domain name by the trademark owner;registered the domain name primarily to
disrupt the business of a competitor; or is attempting to attract users to a web site for commercial gain by
creating a likelihood of confusion with the trademark owner's trademark.

Process of UDRP

First, you must use one of the these Approved Providers. These organizations will oversee and administer
the arbitration. They include :-

(1) Asian Domain Name Dispute Resolution Centre;

(2) National Arbitration Forum;

(3) World Intellectual Property Organization(WIPO).

(4)Czech Arbitration Court Arbitration Center for Internet Disputes.

These organizations have lists of qualified and approved arbitrators from around the world to hear and
resolve cases.

AND THE PROCESS BEGINS

Complaint filed. (by the Complainant)

Formal commencement

Response due (within 20 days)(Counterclaim)

1 or 3 panelist(s) appointed

Decision due to WIPO (arbitrator) (within 14 days)

6
WIPO forwards decision to parties, ICANN and registrar (within 3 days)

Decision implemented by registrar. However, the registrar has to wait for 10 days after the receipt of
decision and before the implementation for the appeal by the respondent.

If no appeal, then decision is implemented with the registrar.

DECISION MAY BE:- CANCELLED/TRANSFERRED and no monetary damage is given.

MODULE 3 : INTERNET AND THE PROTECTION OF COPYRIGHT

Copyright violations have become rampant since the advent of Cyberspace and the development of
related information [Link] factors like ease of sharing digital content, low cost of
distribution and download, lack of supranational authority to regulate, difficulties in tracing violators,
uncertainties in determining jurisdiction over infringing acts, etc., have contributed to increasing
copyright infringements. Various stakeholders are faced with the dichotomy of new opportunities and
threats related to copy rights in cyberspace. With the advent and growth of Internet has resulted in the
creation of an unruly and anarchic space called the cyberspace, which poses extremely serious threats to
copyrights. Threats to copyrights existed even before Internet, however, they have manifested at alarming
levels since the advent of World Wide Web (WWW). The increased levels of copyright threats in
cyberspace could be attributed to some of the unique characteristics of the Internet, the new possibilities it
creates and its unprecedented growth worldwide. Internet is a two edged sword for business fraternity. On
the one hand, business firms look for greater development of network technologies in order to increase
the viability and quality of digital content delivery. On the other hand, the growth of the very technology
has resulted in increased levels of violation of their IPR. For example, increase in broadband speed, while
enabling faster and efficient delivery of digital content, increases the risk of widespread copyright
violations.

The opportunities v threats discussed here are limited only for the purpose of demonstrating that use of
Internet for exploiting copyrights involves apparent costs and benefits. In order to ensure that the benefits
outweigh the costs, various related measures are needed to improve Internet as a viable channel for E-
commerce in copyrighted products. Various measures are being adopted to increase the utility of Internet
for exploiting copyright. Often technological measures are adopted to protect copyrighted products
online. Unfortunately, technological measures to protect copyrighted products are often vulnerable to
other circumventing technologies and could not provide a fool proof protection. Although protection
technologies are increasingly becoming inviolable, relying solely on them may not provide a total
guarantee. Often other measures are needed to supplement technological measures in order to consolidate
copyright protection in cyberspace. There are a range of measures, which could be relevant in this
context. They include policy measures to strengthen copyright protection, social measures to educate
consumers against piracy, economic measures including support programs to encourage the use of
licensed copyright protected products, punitive measures to discourage copyright infringements, etc.
Different set of measures have a different utilitarian value and they together help develop stronger
copyrights protection in any given society. Among various measures highlighted above, the role of legal
measures in improving the copyright protection in cyberspace is increasingly found indispensable. Legal
measures to protect copyrights in cyberspace, however, face different challenges which need to be
addressed effectively.

Legal Challenges related to Copyright Protection in Cyberspace Threats to IPR in cyberspace are
rampant. This leaves legal fraternity with various IPR challenges. These challenges are more often
difficult to identify and address. As technology continues to grow, new business applications and online
business strategies are being developed, and this continuous state of flux does not leave much room for

7
legal [Link] as such is relatively a new field for legal regulation. It may not be an
exaggeration to observe that the cyberspace created by Internet is still anarchic and even the general legal
attempts to regulate the same are still in its rudimentary state. Moreover, legal principles relating to E-
commerce operations are generally slow to develop. The slow legal response could be attributed to
various reasons including the continued evolution of cyber technologies, the infancy of E commerce
operations, digital divide among and within nations, lack of consensus with regard to standards of
protection and methods of regulation, etc. IPR protection in cyberspace is no exception. Among various
forms of IPR, the threats to copyrights in cyberspace have gained particular prominence due to the
commercial potential of cyberspace for digital products. Specific legal challenges related to copyrights in
cyberspace need to be understood clearly before investigating whether existing copyright regimes are
equipped with effective provisions to address the challenges. A major legal challenge pertaining to
protection of digital products is related to the scope and limitation of the legal protection granted by
traditional copyright laws. Traditionally, copyrights are perceived as exclusive rights conferred on the
authors of literary and artistic works, to reproduce, distribute, perform and display their works publicly.
Copyright laws protected the expression of the ideas by authors and unlike patent rights did not protect
the ideas themselves or other related interests. However, in case of certain digital products like computer
programs or databases, the scope of protection offered by traditional copyright laws is considered to be
insufficient. This is mainly because of the new technologies, which have created range of possibilities for
exploitation and use of digital products that often make the scope of protection insufficient. Legal regimes
are forced to conceive new ways of protection of digital products, which often go beyond the scope of
protection offered under traditional copyrights laws. Before the advent of cyberspace, authors of works
filed copyright protection in individual markets, where they intend to exploit their works. Such protection
was limited to the jurisdiction of the markets where copyrights are granted. In the virtual world of
cyberspace the demarcation of individual markets are often blurred and the need to protect copyrights
beyond individual markets arise.

Management of Copyright in Digital Environment and Protection of Technological Measures (Anti-

circumvention law. (Section 65 A and Section 65 B of Copyright Act, 1957)
Protection against counter technologies OR Protection of Technological measures OR Legal
protection against “Circumvention of technological measures‟ OR Anti-circumvention law

A) Legal Protection against „circumvention of Technological Measures‟ (Anti-circumvention law):

Along with Rights Management Information (discussed hereinafter) help of certain digital technologies
are being taken to „secure‟ & „protect‟ copyrighted material from being infringed or being pirated or to
avoid unauthorized use of the same. Those are:
1. Digital Watermarking
2. Encryption
3. Identification
4. Copy control flags
As a result of it, counter-technologies are being employed to circumvent above mentioned technologies,
so as to gain the access to „copyrighted material‟ or „work‟ and thereby leaving scope for unauthorized
use or piracy or infringement of copyright.
To counter/discourage those “counter-technologies”, a legal protection is given to technological
measures to protect copyright work, so as to prevent circumvention of the same by counter-
technologies.
 Article 11 of WIPO Copyright Treaties: Obligation of state parties concerning
“technological measures”:

8
Contracting Parties shall provide adequate legal protection and effective legal remedies against the
circumvention of effective technological measures that are used by authors in connection with the
exercise of their rights under this Treaty or the Berne Convention and that restrict acts, in respect of their
works, which are not authorized by the authors concerned or permitted by law.
Section 65A :

(1) Any person who circumvents an “Effective technological measure‟ applied for the purpose of
protecting any of the rights conferred by this Act, with the intention of infringing such rights, shall be
punishable with imprisonment which may extend to two years and shall also be liable to fine.
(2) Nothing in sub-section (1) shall prevent any person from,-
(a) doing anything referred to therein for a purpose not expressly prohibited by this Act:
Provided that any person facilitating circumvention by another person of a technological measure for
such a purpose shall maintain a complete record of such other person including his name, address and
all relevant particulars necessary to identify him and the purpose for which he has been facilitated; or
(b) doing anything necessary to conduct encryption research using a lawfully obtained encrypted copy;
or
(c) conducting any lawful investigation; or
(d) doing anything necessary for the purpose of testing the security of a computer system or a computer
network with the authorization of its owner; or
(e) operator; or
(f) doing anything necessary to circumvent technological measures intended for identification or
surveillance of a user; or
(g) taking measures necessary in the interest of national security.
 Management of Copyright in Digital Environment-Rights Management Information
(RMI):
Presence of copyrighted work in digital environment has become inevitable keeping in view following
bundle of copyrights (exclusive rights) in a given work:
1. Right of reproduction
2. Right of adaptation
3. Right of distribution
4. Right to communicate
5. Right to use it in any medium
6. Making derivative rights

 It has made the reproduction, distribution and communication of works easier and within the
competence of ordinary individual. New copies can be made with ease, speed and with absolute
fidelity to the original and transmitted over vast distances and dispersed to millions of people in a
few minutes or even seconds.

 This has spread widespread unauthorized use and has increased piracy of copyrighted work
materially affecting the economic interest of the owners.

 So as to make USERS aware of whom work belong and under which system it has been
protected, attempts are being made to secure work by displaying “certain information”
surrounding the work as a „caution note‟ for the users or viewers or readers to use, read, view,
or deal with it by keeping in view information surrounding the work. This is in the form of data
identifying the information of the work‟. This data is classified as “Rights Management

9
 Information.
This is being considered as suitable in the sense it helps in serving following purposes:
1. Proving ownership/authorship
2. Making a case of infringement
3. Displays information as to License, if any
4. Preventing users to deal with the work with restrictions (terms & conditions)
5. Allow consumers to rely on the accuracy of the information by creating a feeling of security in
transacting online.
6. Confidentiality
7. Content integrity
8. Record of transaction
Article 12 (2) of WIPO Copyright Treaty (WCT) defines “Rights Management Information”:
 information which identifies the work, the author of the work, the owner of any right in the work,
or information about the terms and conditions of use of the work, and any numbers or codes that
represent such information, when any of these items of information is attached to a copy of a
work or appears in connection with the communication of a work to the public.
 Obligation State Parties to Provide legal protection to RMI: (Article 12 (1): contracting states
are under obligation to provide legal remedies for: any kind of removal or alteration of any of the
above information as well as distribution of or communication to the public of copies of work
with such removals or alterations.
 India and Copyright Act, 1957: Though India has not adopted WCT yet it has amended the
Copyright Act, 1957 by inserting two parallel provisions to this effect:
Section 2 (xa): Rights Management Information
 the title or other information identifying the work or performance;
 the name of the author or performer;
 the name and address of the owner of rights;
 terms and conditions regarding the use of the rights; and
 any number or code that represents the information referred to in sub-clauses (a) to (d),
 but does not include any device or procedure intended to identify the user
Section 65B: Protection of Rights Management Information:
 Any person, who knowingly,-
 (i) removes or alters any rights management information without authority, or
 (ii) distributes, imports for distribution, broadcasts or communicates to the public, without
authority, copies of any work, or performance knowing that electronic rights management
information has been removed or altered without authority,
 shall be punishable with imprisonment which may extend to two years and shall also be liable to
fine:
 Provided that if the rights management information has been tampered with in any work, the
owner of copyright in such work may also avail of civil remedies provided under Chapter XII
against the persons indulging in such acts.
IV. LIABILITY OF ISP/INTERMEDIARY IN COPYRIGHT INFRINGEMENT
 This issue is with regard to the internet related activities and their culmination into the
infringement of copyright in cyberspace.

10
  The entire internet related transactions work by the transmission of information from one place to
another so the primary actors involved are the: 1) sender of that information and the recipient of
the information. But making a work available over the internet, involves chain of service
providers i.e. intermediaries who are secondary actors involved. Those are Internet Service
Providers, Search Engines, and Host of a Website (who retains information through a web page).
 In this context (fixing liability for copyright infringement), one needs to understand the role of
these entities and their functioning in the internet.
 Because of inherent difficulties of enforcing copyrights against individual Internet users
worldwide, the copyright owners have found the solution in fixing the liability to place a legal
liability on the shoulders of ISPs, who allow and enable Internet copyright pirates to exist.
ISP enables a user‟s computer to communicate with other computers on the Internet. A user can
then browse the WWW, transfer files, and send and receive e-mails.
 Online copyright infringement occurs when a copyrighted work such as a song, movie, or text is
copied, modified, displayed, or performed electronically without the copyright owner's
authorization. When a copyright in a work of a person is infringed electronically, it is all the more
difficult to find the infringer and to bring him to justice. The debate is whether any liability can
be fixed on the internet service providers (for example website owners which serves as platform
for online publishing of information, e.g.: YouTube, face book, etc.), and if yes, to what extent
can these service providers be held liable for or what shall be their duties or responsibilities.
 There are two arguments in this regard, one that Copyright owners may consider ISPs for liability
for copyright infringement, because they (ISPs) are in position of policing the internet. On the
other hand, second argument which being cited that ISPs are passive carriers and should be
granted some immunity from liability and any such attempt of considering them for liability
would stifle the growth of internet.
INDIA:
Indian Copyright Act, 1957 was drafted when there was no influence and impact of cyberspace or internet
in case of copyright nor does it contain any express provision for determining or limiting ISP liability.
Nevertheless, some provisions of the Act could be interpreted so as to have some bearing on the liability
of ISPs. Reference to Section 51 can be given in this regarding and that too some of the words which are
used under same provision.
Relevant provisions of Copyright Act, 1957:
1. Section 51 (a) (ii): When copyright infringed
2. Section 52 (b) (c): Certain acts not to be infringement of copyright
3. Section 63: Any person who knowingly infringes or abets the infringement
Liability of ISP as per Information Technology Act, 2000:
1. Section 2 (w): "Intermediary"
2. Section 79: Limited liability (subject to “Notice & Take Down”)
3. Section 81: Overriding effect of the IT Act.
Section 2(w) of the IT Act defines intermediary as: "Intermediary" with respect to any particular
electronic records, means any person who on behalf of another person receives, stores or transmits that
record or provides any service with respect to that record and includes telecom service providers,
network service providers, internet service providers, web hosting service providers, search engines,
online payment sites, online-auction sites, online market places and cyber cafes.
Section 79 Exemption from liability of intermediary in certain cases

(1) Notwithstanding anything contained in any law for the time being in force but subject to the
provisions of sub-sections (2) and (3), an intermediary shall not be liable for any third party information,
data, or communication link made available or hosted by him.

11
(2) The provisions of sub-section (1) shall apply if -
(a) the function of the intermediary is limited to providing access to a communication system over which
information made available by third parties is transmitted or temporarily stored or hosted; or
(b) the intermediary does not -
(i) initiate the transmission,
(ii) select the receiver of the transmission, and
(iii) select or modify the information contained in the transmission;
(c) the intermediary observes due diligence while discharging his duties under this Act and also observes
such other guidelines as the Central Government may prescribe in this behalf.
(3) The provisions of sub-section (1) shall not apply if -
(a) the intermediary has conspired or abetted or aided or induced, whether by threats or promise or
otherwise in the commission of the unlawful act;
(b) upon receiving actual knowledge, or on being notified by the appropriate Government or its agency
that any information, data or communication link residing in or connected
to a computer resource controlled by the intermediary is being used to commit the unlawful act, the
intermediary fails to expeditiously remove or disable access to that material on that resource without
vitiating the evidence in any manner.
Explanation:-For the purposes of this section, the expression "third party information" means any
information dealt with by an intermediary in his capacity as an intermediary.
The section limits the liability of the ISPs by two ways:

• ISP has exercised all due diligence to prevent commission of offence and
• Offence so committed is without the knowledge of ISP
These safe harbor principles can be summaries under following heads:
1. Lack of knowledge as to presence of infringing copies
2. It must not receive any financial benefit or profit out of such infringement
3. No interference on the part of ISP
4. Transmission and storage of infringing content/information must be a part of automatic technical
process
5. Upon notice of the infringement, ISP must respond expeditiously by taking down or blocking
access to the material.
6. It must not have a control over user‟s activities; and the mere ability to terminate user‟s account
or block user access to the system is enough to constitute “control”.
7. On receiving “cease and desist” letter/notice from copyright owner, Operator/ISP must “do
something” (including making changes to the system architecture) to stop infringement, or else
face liability

MODULE 4 : HYPER LINKING, FRAMING AND META-TAGGING

"Linking" allows a Web site user to visit another location on the Internet. By simply clicking on a "live"
word or image in one Web page, the user can view another Web page elsewhere in the world, or simply
elsewhere on the same server as the original page. This technique is what gives the Web its unique
communicative power. At the same time, however, linking may undermine the rights or interests of the
owner of the page that is linked to.

Links are of two kinds: surface linking and deep-linking. A link is just a URL, the Internet addresses of a
website and is not copyrightable and can be used only for the purpose of navigation.

12
Surface Linking : is the linking to the first page or home page of the web site. Each website contains what
is technically called a “home page” or the first access [Link] home page of the website usually
provides information about organization or website, such as the name, logo, other information, etc.
Surface or homepage link transfers the user from the web page of one site (from which link is provided)
to the homepage of the linked site.

Deep Linking : It allows visitors to bypass information and advertisements at the home page and go
directly to an internal page. There is no law or court ruling prohibiting deep linking. However, businesses
dislike deep links because:

 linked-to sites can lose income since their revenues are often tied to the number of viewers who
pass through their home page, and
 it may mistakenly create the impression in a user's mind that the two linked sites endorse each
other.

Framing

"Framing" is the process of allowing a user to view the contents of one website while it is framed by
information from another site, similar to the "picture-in-picture" feature offered on some televisions.
Framing may trigger a dispute under copyright and trademark law theories, because a framed site
arguably alters the appearance of the content and creates the impression that its owner endorses or
voluntarily chooses to associate with the framer.
META-TAGS

Meta tag misuse, the third component of this module, may generate less obvious but equally serious
problems. Web sites are written in the HTML language. This language is nothing more than a list of
"tags" that can be used to format and arrange text, images, and other multimedia files. "Meta tags" are
tags that have no visible effect on the Web page. Instead, they exist in the source code for a Web page to
assist search engines in ascertaining the content of the page.  Problems arise when companies include in
their own Web sites meta tags containing the names or descriptions of other companies.   Suppose, for
example, that Coca Cola used the keyword "Pepsi" in its meta tags.  Web surfers who used search engines
to obtain information about "Pepsi" would then be directed to Coca Cola's Web site.

Cases under Linking

1) Ticketmaster Corp. v. Microsoft Corp. [CV 97-3055RAP] (C.D. Cal., filed April 28, 1997)

The plaintiffs, Ticketmaster Corporation and Ticket Online-City Search, Inc. (hereafter referred as
Ticketmaster), and defendant [Link], Inc. (hereafter referred as [Link]), were in the business
of selling online tickets to all kinds of events (sports, concerts, plays, etc.) to the public. Both the plaintiff
and the defendant had websites providing information about events, such as time, date, location,
description of the event and ticket prices. The web pages of the plaintiffs and defendant had many
subsidiary (or interior) web pages, describing one event each. Each page of Ticketmaster’s website had a
separate electronic address or Uniform Resource Locator (“URL”) which, if possessed by the internet
user, allows the user to reach the web page for any particular event by by-passing the ‘home’ web page
and proceeding past the index to reach the interior web page for the event in [Link] had
exclusive agreements with the events it carried on its web pages so that tickets were not generally
available to those events except through Ticketmaster (or reserved for sale by the event itself, or available
from premium ticket brokers who generally charge higher than the face value).For a number of events

13
[Link] also used to be a ticket seller. Wherever [Link] did not itself sell the tickets, a place (on
[Link]’s website) was given to the customers to click for a reference to another ticket broker, or to
another on-line ticket seller.

In the instances of Ticketmaster, [Link] had provided a link titled “Buy this ticket from another on-
line ticketing company”. Clicking on the link used to instantly transfer the customer to the interior web
page of Ticketmaster (bypassing the homepage) for the particular event. The plaintiff had alleged that
[Link] had copied interior web page and extracted basic information from them. The first claim
(copyright infringement) was denied because the complaint had alleged actual copying of copyrighted
material. The court held that a copyright may not be claimed to protect factual [Link] court had further
clarified that hyper linking does not itself involve a violation of the Copyright Act since no copying is
involved, the customer is automatically transferred to the particular genuine web page of the original
[Link], the court held that “The contract claim is not preempted. Aside from copying (which is
preempted), the contract claim alleges adherence by Tickets to a contract not to use for commercial
purposes (possibly not preempted) and not to deep link (not preempted)

Ticketmaster later narrowed its claims only to contract, to copyright infringement and trespass to chattels
theory. [Link] moved for summary judgment against those [Link] contended that,
although URLs are strictly functional, they are entitled to copyright protection because there are several
ways to write a URL, and, thus, original authorship is used.

The court on the issue held that, “A URL is simply an address, open to the public, like the street address
of a building, which, if known, can enable the user to reach the building. There is nothing sufficiently
original to make the URL a copyrightable item, especially the way it is used. ” Another issue of the
copyright violation was, whether [Link]’s deep linking caused the unauthorized public display of
Ticketmaster’s event pages in violation of Ticketmaster’s exclusive rights of reproduction and display
under 17 U.S.C. § 106? While arguing about the deep linking, the Ticketmaster also stated that a smaller
window containing Ticketmaster’s web site was framed by the larger window of [Link].
[Link], on the above issue clarified that, the occurrence of the ‘Framing’ depends on the settings of
user’s computer, which is not controlled by [Link]. Therefore, framing may occur in some cases and
may not occur in other cases. According to the court, “even if the TM (Ticketmaster) site may have been
displayed as a smaller window that was literally “framed” by the larger TX ([Link]) window, it is
not clear that, as matter of law, the linking … event pages would constitute a showing or public display in
violation of 17 U.S.C. § 106(5). Accordingly, summary judgment is granted on the copyright claims of
TM (Ticketmaster) and it is eliminated from this action

2) Shetland Times, Ltd. v. Dr. Jonathan Wills and Another

is another important Scottish case on the subject matter of linking. In this case, the plaintiff Shetland
Times was the provider of many items in the printed version of its newspaper. The defendant was the
owner and operator of a website of a similar nature. The defendant allegedly reproduced headlines of
Shetland Times and they were hyper linked to the internal pages of the plaintiff’s site. The defendant had
bypassed the front page (homepage) of the Shetland Times, which carries paid advertisements. Therefore,
it had diminished the value of the website for potential advertisers. The main issue in Shetland Times case
was whether “deep-linking” to internal or embedded pages through the use of the plaintiff web site's news
headlines was an act of copyright infringement under the United Kingdom's Copyright Designs and
Patents Act of [Link] court agreed that the plaintiff presented prima facie case and issued an interim
interdict barring the defendant from getting involved in the above mentioned activities. The case was
settled out of court by the parties. The defendant agreed not to deep-link with the plaintiff’s site.

3) Intellectual Reserve, Inc. v. Utah Lighthouse Ministry, Inc. , Case No. 2:99-CV-808C (C.D. Utah, Dec.
6, 1999) the defendant was directed by the court to remove the plaintiff’s copyrighted material (Church

14
Handbook of Instructions) from its website. After removing the Church Handbook of Instructions from its
website, the defendant posted a message on its website and provided URLs of the websites at which the
book was available. The court issued a preliminary injunction against the defendant on the ground of
contributory infringement. The court held that posting a message with a URL provides users the location
of the infringing material, and by apparently aiding the users in viewing the copyrighted material, the
defendant had committed contributory infringement.

Cases under Framing

1) Washington Post Co. v. Total News, Inc. (97 Civ. 1190 (SDNY)

In this case it was observed that plaintiff ( Washington Post Co) filed a suit for copyright infringement
and trademark dilution against defendant (Total News) because the defendant has a website named as
[Link] which was the source for all the news around the world and at the same time
Washington post company has website where the link of the plaintiff’s website get hyper linked and
redirected to [Link] when someone wants to click Washington posts. The Total News used
to generate revenue from advertisements on its website. The matter was settled out of court by parties.

2) Futuredontics, Inc. v. Applied Anagramics, Inc. , No. 97-56711, 1998 U.S. App. LEXIS 17012 (9th Cir.
07/23/98)

In Futuredontics, Inc., v. Applied Anagramics, Inc. and others,the plaintiff, Futuredontics, Inc.
(“Futuredontics”) filed a complaint against defendants, Applied Anagramics, Inc. and others on
September 22, 1997. Plaintiff, in its first amended complaint (FAC), alleged cause of action for: (1)
violation of the Lanham Act, 15 U.S.C. § 1125(a); violation of California Business and Professions Code
§§ 17200 and 17500; and (3) copyright infringement. The Futuredontics, Inc., plaintiff in general alleged
that it operates a dental referral business utilizing the anagramatic phone number “1-800-DENTIST”.
Applied Anagramics, Inc. (AAI) also owns the registered service mark “1-800-DENTIST.”It is further
stated that AAI (APPLIED ANAGRAMICS, INC.) has granted the plaintiff exclusive use of the
telephone number and service mark throughout the United [Link] is also stated in the first amended
complaint that “The current 1- 800-DENTIST dental referral service has been entirely designed and
developed by Futuredontics, which is solely responsible for its success.”Defendant Applied Anagramics,
Inc., without authorization, created a hyperlink which caused content from plaintiff Futuredontics’
website to appear in one of the several frames on Applied Anagramics’ [Link] defendant argued that the
copyright infringement claim shall be dismissed because framing does not create any derivative work as
defined under US Copyright Law (i.e.17 U.S.C. § 101). Court denies preliminary injunction against AAI's
use of a framed link to Futuredontics' web site.  The denial was upheld on appeal. 

MODULE 5 Database Protection

 Electonic Databases and the need for legal protection

Electronic databases are an important part of the information [Link] Internet, and the development
of on-line services as an effective business tool, has meant that electronic databases are now one of the
key platforms for the delivery of information and content. As such, electronic databases are now viewed
as a valuable business asset, with database producers and owners keen to ensure that the commercial
value inherent in their databases is properly protected.

Components of an Electronic Database

15
An electronic database typically consists of an operating platform (the hardware and operating system
software on which the database resides), the database application software (the family of programs used
to manipulate the database), the data, and the database itself (by which we mean the aggregated collection
of data). In addition, between the database software application layer and the data sits the database
architecture, comprising the structure and schema of the database. Each of these components can attract a
range of different rights under UK law.

Copyright Protection of Electronic Databases

Databases were capable of copyright protection under UK law as "tables and compilations"Provided a
data compilation was "original", copyright would subsist. The originality threshold was the one that
applied, and which continues to apply, to most other literary works: a sufficient degree of skill, labour and
judgement must have gone into the creation of those works. There is no statutory definition of originality
in this context, but case law has established that the threshold is low and, in general terms, can be
regarded as having been met as long as the compilation has not been copied from another work, and that
more than "negligible" or "trivial" effort has gone into its creation. Under this originality test, copyright
has been found to subsist in a wide range of data compilations, including telephone directories, football
fixture lists, and television programme listings.

Database Copyright

The Database Directive changed this position in two important ways. First, it introduced into UK law a
statutory definition of database: "a collection of independent works, data or other materials which (a) are
arranged in a systematic or methodical way, and (b) are individually accessible by electronic or other
means". Second, it introduced a new originality threshold which databases falling within this statutory
definition must meet in order to attract copyright – these databases must "by reason of the selection or
arrangement of [their contents,] constitute the author’s own intellectual creation".8 These changes apply
to all databases created on or after 27 March 1997. Databases created before that date, even if they fall
within the statutory definition, will be subject to the traditional originality [Link] new originality
test introduced by the Database Directive is significant for two reasons: first, it focuses on the intellectual
creation invested in the selection and arrangement of the database contents – any skill and labour
invested in gathering together the database contents are irrelevant; second, this originality threshold is
almost certainly higher than the traditional originality test which applies to other literary works, in that it
appears to require some subjective and qualitative contribution from the author. Although there is no
further guidance in the Database Directive as to what is required under this test, the travaux
preparatoires to the Database Directive support the interpretation that it is a higher test than the
traditional originality test under UK law

Copyright

These programs are, of course, capable of attracting copyright protection as literary works under UK
law.18 In addition, a program’s preparatory design materials will be capable of copyright protection, both
as literary works in their own right, and as part of the computer programs to which they relate. (As
discussed below, in light of recent UK case law in this area, this latter point may well assume an
increasingly important role in situations where there has been copying of non-literal elements of a
computer program.)Finally, it is to be noted that computer programs which are made up of a series of sub-
programs, routines and sub-routines have been held to be copyright protected as compilations under UK
law

Indian jurisdiction

16
Protection of database and associated rights is gaining traction in India. The vast volume and deluge of
data available with the Business Processing Offices in India from jurisdictions which have stringent
database protection laws have increased the awareness and need for adequate protection of personal data
through domestic legislation or international commitments. So there’s a debatable question whether in
Indian jurisdiction any protection is there regarding database protection.

Personal and sensitive data is protected under the Information Technology (Reasonable Security Practices
and Procedures and Sensitive Personal Data or Information) Rules 2011 (“IT Rules”). While the IT Rules
check the compliance with the international standard of protecting personal data, it needs to be
understood that database right is not limited to only personal and sensitive data. The IT Rules protect
information pertaining only to:      
a)      Passwords;
b)      Financial information;
c)      Physical, physiological and mental health condition;
d)     Sexual orientation;
e)      Medical records and history; and
f)       Biometric information. 

Indian provisions for protection of database rights

In India there is no separate legislation for the protection of general database rights as is the case in the
European Union (EU Data Protection Directive 1995) or the one proposed in Singapore (Personal Data
Protection Bill). The limited protection available to database rights in India is as follows:          
(1)      Article 21 of the Constitution guarantees every citizen the fundamental right to personal liberty
which includes the right to privacy and by extension private data not available in public domain. This
right extends to data in electronic forms and the Information Technology Act, 2000 (“IT Act”) vide
Section 66E dealing with punishment for violation of privacy, facilitates protection of such data.        
(2)      Copyright to a database (rights associated with the labour and investment involved in compiling
data, verifying it and presenting and using it in a format which creates a value in such data) is  protected
under the Copyright Act, 1957 (“Copyright Act”) and the provisions of the IT Act which deal with  
protection of data along with penal provisions dealing with compensation and violation of the same act as
a deterrent  in respect of a person seeking to divulge the data without the express consent of the person
whose data has been provided.    

 Encryption

What are Symmetric and Asymmetric encryption?

Encryption algorithms can be broadly classified into two categories: symmetric and asymmetric.
Symmetric algorithms use the same key to lock and unlock a document whereas,Asymmetric algorithms
use two different keys: when one is used to lock a document only the other can be used to unlock it.
Symmetric keys are usually large random numbers. Asymmetric keys are usually generated in a set of
pairs called key pairs. The best-known asymmetric encryption algorithm is the RSA algorithm.

What is a key pair and how is it used?

A key pair comprises of two keys.. Each key comprising of very large numbers, say 200 to 300 digits in
length that are mathematically linked. The keys are named as “Private key” and “Public key”. However,
the same key cannot be used to lock as well as unlock.

Rather than using the same key to both encrypt and decrypt the data, public key encryption uses a
matched pair of encryption and decryption keys. Each key performs a one-way transformation on the

17
data. Each key is the inverse function of the other; what one does, only the other can undo. A Public Key
is made publicly available by its owner, while the Private Key is kept secret. The key pair can also be
used to send private/secret messages. To send a private message, an author scrambles the message
(encrypts) with the intended recipient's Public Key. Once so encrypted, the message can only be decoded
with the recipient's Private Key.

How secure is modern cryptography?

Cryptography is the science of devising methods that allow information to be sent in a secure form in
such a way that the only person able to retrieve this information is the intended recipient. The basic
principle is this: A message being sent is known as plain text. The message is then coded using a
cryptographic algorithm. This process is called encryption. An encrypted message is known as cipher
text, and is turned back into plain-text by the process of decryption

CONCEPT OF ENCRYPTION

A cryptosystem consists of three major elements: (1) an encryption mechanism, typically a mathematical
algorithm for turning plain text (the original message) into cipher text (the message in encrypted form);
(2) a decryption mechanism, typically an algorithm for turning cipher text back into plain text; and (3) a
mechanism for generating and distributing keys. A cryptographic key functions similarly to a physical
key or combination lock. A physical key is cut slightly differently to fit a particular lock, such as for a car.
Similarly, a combination lock, similar to those used for high school lockers, uses a sequence of numbers
or symbols to open the lock. To take a simple example, suppose that encryption occurs by changing each
letter in plain text into a letter x spaces later in the alphabet. If x=2, then “a” shifts two letters to “c” and
“b” becomes “d.” Decryption happens by reversing the operation, so “c” becomes “a” and “d” becomes
“b.” In this example, the key is “2”, or the number of letters to shift in the alphabet. In this example, there
are 26 possible keys, because “a” can turn into any one of the 26 letters of the alphabet (including “a,”
which would leave the message in plain text). In that situation, the key could range from the numbers 1 to
26. In this approach, Alice and Bob would use the same encryption algorithms for encoding and decoding
a message. When Alice wishes to send a message to Bob, she wraps the plain text message with an
agreed-upon secret key. Upon receipt of the encrypted message, Bob unwraps the message using the same
private key. This approach is known as “symmetric” encryption, because the key is the same on both ends
of the communication. It is also known as “private key encryption,” because the key has to remain private
—secret—to possible attackers, and known only to Alice and Bob.

 Monitoring Decryption and Interception

The newly amended IT Act completely rewrote its provisions in relation to lawful interception. The new
Section 69 dealing with “Power to issue directions for interception or monitoring or decryption of any
information through any computer resource” is much more elaborate than the one it replaced, In October
2009, the Central Government notified rules under Section 69 which lay down procedures and safeguards
for interception, monitoring and decryption of information (the “Interception Rules 2009”).

This further thickens the legal regime in this context.

Unlawful intercept

In August 2007, Lakshmana Kailash K. a techie from Bangalore was arrested on the suspicion of having
posted insulting images of Chhatrapati Shivaji, a major historical figure in the state of Maharashtra, on
the social-networking site Orkut. The police identified him based on IP address details obtained from
Google and Airtel – Lakshmana’s ISP. He was brought to Pune and detained for 50 days before it was
discovered that the IP address provided by Airtel was erroneous. The mistake was evidently due to the
fact that while requesting information from Airtel, the police had not properly specified whether the

18
suspect had posted the content at 1:15 pm or am. Taking cognizance of his plight from newspaper
accounts, the State Human Rights Commission subsequently ordered the company to pay Rs 2 lakh to
Lakshmana as damages.

The incident highlights how minor privacy violations by ISPs and intermediaries could have impacts that
gravely undermine other basic human rights In addition to Section 69, the Government has been
empowered under the newly inserted Section 69B to “monitor and collect traffic data or information
generated, transmitted, received or stored in any computer resource”. “Traffic data” has been defined in
the section to mean “any data identifying or purporting to identify any person, computer system or
computer network or any location to or from which communication is or may be transmitted.” Rules have
been issued by the Central Government under this section (the “Monitoring and Collecting Traffic Data
Rules 2009”)

Who may lawfully intercept?

Section 69 empowers the “Central Government or a State Government or any of its officers specially
authorized by the Central Government or the State Government, as the case may be” to exercise powers
of interception under this section. Under the Interception Rules 2009, the Secretary in the Ministry of
Home Affairs has been designated as the “competent authority”, with respect to the Central Government,
to issue directions pertaining to interception, monitoring and decryption.

Purposes for which interception may be directed

Under Section 69, the powers of interception may be exercised by the authorized officers “when they are
satisfied that it is necessary or expedient” to do so in the interest of

a) sovereignty or integrity of India,

b) defense of India,

c) security of the State,

Under Section 69B, the competent authority may issue directions for monitoring for a range of “cyber
security purposes including, inter alia, “identifying or tracking of any person who has breached, or is
suspected of having breached or being likely to breach cyber security”

Contents of direction

The reasons for ordering interception must be recorded in [Link] the case of a direction under Section
69, in arriving at its decision, the competent authority must consider alternate means of acquiring the
information other than issuing a direction for [Link] Direction must specify the name and
designation of the officer to whom information obtained is to be disclosed, and also specify the uses for
which the information is to be employed.

Duration of interception and periodic review

Once issued, an interception direction issued under Section 69 remains in force for a period of 60 days
(unless withdrawn earlier), and may be renewed for a total period not exceeding 180 days.A direction
issued under Section 69B does not expire automatically through the lapse of time and theoretically would
continue until withdrawn.

What powers of interception do they have?

19
Accordingly, the subscriber or intermediary or any person in charge of the computer resource is must, if
required by the designated government agency, extend all facilities, equipment and technical assistance to

(a) provide access to or secure access to the computer resource generating, transmitting,

receiving or storing such information; or

(b) intercept, monitor, or decrypt the information, as the case may be; or

(e) provide information stored in computer resource.

How long can information collected during interception be retained?

The Interception Rules require all records, including electronic records pertaining to interception to be
destroyed by the government agency “in every six months except in case where such information is
required, or likely to be required for functional purposes”.

In the case of the Monitoring and Collecting of Traffic Data Rules 2009, this period is nine months from
the date of creation of record.

In addition, all records pertaining to directions for interception and monitoring are to be destroyed by the
intermediary within a period of two months following discontinuance of interception or monitoring,
unless they are required for any ongoing investigation or legal proceedings. In the case of Monitoring
Rules, this period is six months from the date of discontinuance.

What penalties accrue to intermediaries and subscribers for resisting interception?

Section 69 stipulates a penalty of imprisonment up to a term of seven years and fine for any “subscriber
or intermediary or any person who fails to assist the agency” empowered to intercept.

Data Retention Requirements of ‘Intermediaries’

Section 67C of the amended IT Act mandates ‘intermediaries’ to maintain and preserve certain
information under their control for duration which are to be specified by law.

Sensitive Personal Information

Rule 3 of these Draft Rules designates the following types of information as ‘sensitive

personal information’:

(i) password;

(ii) user details as provided at the time of registration or thereafter;

(iii) information related to financial information such as Bank account / credit

card / debit card / other payment instrument details of the users;

(iv) Physiological and mental health condition;

(v) Medical records and history;

(vi) Biometric information;

(vii) Information received by body corporate for processing, stored or processed

20
under lawful contract or otherwise;

(viii) Call data records;

Penalties and Remedies for breach of Data Protection

Civil Liability for Corporates

As mentioned above, any body corporates who fail to observe data protection norms may be liable to pay
compensation if :

a) it is negligent in implementing and maintaining reasonable security practices, and thereby

b) causes wrongful loss or wrongful gain to any person

Claims for compensation are to be made to the Adjudicating Officer appointed under Section 46 of the IT
Act. Further details of the powers and functions of this officer are given in succeeding sections of this
note.

Criminal liability for disclosure of information obtained in the course of exercising powers under
the IT Act

Section 72 of the Information Technology Act imposes a penalty on “any person” who, having secured
access to any electronic record, correspondence, information, document or other material using powers
conferred by the Act or Rules, discloses such information without the consent of the person concerned.
Such unauthorized disclosure is punishable “with imprisonment for a term which may extend to two
years, or with fine which may extend to one lakh rupees, or with both.”

Criminal Liability for unauthorized disclosure of information by any person of information

obtained under contract

Section 72A of the IT Act imposes a penalty on any person (including an intermediary) who

a) has obtained personal information while providing services under a lawful contract and

b) discloses the personal information without consent of the person,

c) with the intent to cause, or knowing it is likely to cause wrongful gain or wrongful loss

Such unauthorized disclosure to a third person is punishable with imprisonment up to three years or with
fine up to Rupees Five Lakh, or both.

Cloud Computing

Cloud computing provides flexible, location-independent access to computing resources that are quickly
and seamlessly allocated or released in response to demand. Services (especially infrastructure) are
abstracted and typically visualized, generally being allocated from a pool shared as a fungible resource
with other customers. Charging, where present, is commonly on an access basis, often in proportion to the
resources used. Cloud providers often determine the 'means' of processing - the hardware, software, data
centers, etc used to process users' data - and therefore risk being considered 'controllers'. An alternative
characterization is that the cloud user determines the means, at least at a high level, for example by
choosing a particular cloud provider's facilities and tools. WP169 recognizes that processors have some
'margin of manoeuvre' in determining 'means' of processing, such as what hardware to use, without being
considered 'controller' thereby. WP169 assists further in this regard by introducing a concept of 'effective

21
means': one who determines either the purposes of processing or the 'effective means' of processing is a
'controller'

22