Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
India became independent on 15th August, 1947. In the 49th year of Indian
independence, Internet was commercially introduced in our country. The
beginnings of Internet were extremely small and the growth of subscribers
painfully slow. However as Internet has grown in our country, the need has
been felt to enact the relevant Cyberlaws which are necessary to regulate
Internet in India. This need for cyberlaws was propelled by numerous
factors.
Secondly, the existing laws of India, even with the most benevolent and
liberal interpretation, could not be interpreted in the light of the emerging
cyberspace, to include all aspects relating to different activities in
cyberspace. In fact, the practical experience and the wisdom of judgment
found that it shall not be without major perils and pitfalls, if the existing
laws were to be interpreted in the scenario of emerging cyberspace, without
enacting new cyberlaws. As such, the need for enactment of relevant
cyberlaws.
Thirdly, none of the existing laws gave any legal validity or sanction to the
activities in Cyberspace. For example, the Net is used by a large majority of
users for email. Yet till today, email is not "legal" in our country. There is no
law in the country, which gives legal validity, and sanction to email. Courts
and judiciary in our country have been reluctant to grant judicial recognition
to the legality of email in the absence of any specific law having been
enacted by the Parliament. As such the need has arisen for Cyberlaw.
All these and other varied considerations created the conducive atmosphere
for the need for enacting relevant cyberlaws in India. The Government of
India responded by coming up with the draft of the first Cyberlaw of India -
The Information Technology Bill, 1999. One question that is often asked is
why should we have Cyberlaw in India, when a large chunk of the Indian
population is below the poverty line and is residing in rural areas ? More
than anything else, India, by its sheer numbers, as also by virtue of its
extremely talented and ever growing IT population, is likely to become a
very important Internet market in the future and it is important that we
legislate Cyberlaws in India to provide for a sound legal and technical frame
work which, in turn, could be a catalyst for growth and success of the
Internet Revolution in India.
[H
What is e-commerce?
Electronic commerce or e-commerce refers to a wide range of online business
activities
for products and services.1 It also pertains to “any form of business transaction in
which the parties interact electronically rather than by physical exchanges or direct
physical contact.”2
E-commerce is usually associated with buying and selling over the Internet, or
conducting
any transaction involving the transfer of ownership or rights to use goods or
services through a computer-mediated network.3 Though popular, this definition is
not comprehensive enough to capture recent developments in this new and
revolutionary
business phenomenon. A more complete definition is: E-commerce is the
use of electronic communications and digital information processing technology in
business transactions to create, transform, and redefine relationships for value
creation
between or among organizations, and between organizations and individuals.4
International Data Corp (IDC) estimates the value of global e-commerce in 2000 at
US$350.38 billion. This is projected to climb to as high as US$3.14 trillion by 2004.
IDC also predicts an increase in Asia’s percentage share in worldwide e-commerce
revenue from 5% in 2000 to 10% in 2004 (See Figure 1).
Figure 1. Worldwide E-Commerce Revenue, 2000 &2004
(as a % share of each country/region)
7
Asia-Pacific e-commerce revenues are projected to increase from $76.8 billion at
year-end of 2001 to $338.5 billion by the end of 2004.
Electronic data interchange (EDI) is the structured transmission of data between organizations
by electronic means. It is used to transfer electronic documents or business data from one
computer system to another computer system, i.e. from one trading partner to another trading
partner without human intervention.
It is more than mere e-mail; for instance, organizations might replace bills of lading and
even cheques with appropriate EDI messages. It also refers specifically to a family of standards,
e.g. UN/EDIFACT, ANSI X12.
EDI STANDARDS
All of these standards first appeared in the early to mid 1980s. The standards prescribe the
formats, character sets, and data elements used in the exchange of business documents and
forms. The complete X12 Document List includes all major business documents, including
purchase orders (called "ORDERS" in UN/EDIFACT and an "850" in X12) and invoices (called
"INVOIC" in UN/EDIFACT and an "810" in X12).
The EDI standard says which pieces of information are mandatory for a particular document,
which pieces are optional and give the rules for the structure of the document. The standards are
like building codes. Just as two kitchens can be built "to code" but look completely different, two
EDI documents can follow the same standard and contain different sets of information. For
example a food company may indicate a product's expiration date while a clothing manufacturer
would choose to send color and size information.
EDI security
The types of security controls networks should have are crucial when your
organization adopts EDI as you and your trading partners are entrusting some
of your most crucial and confidential data to the network.
Securing an EDI system is much like securing any kind of computer network
with this difference : EDI extends to more than one company. Not only must
organizations make sure their system is secure, but their trading partners must
all do the same.
In any given EDI application or software, there might be some data you are not
allowed to see, some you can see but not alter, some to which you can add
information and some where you can change existing information. Application
level security makes use of passwords to admit different catagories of users to
the different levels of application to which they can gain access. For example, a
clerical staff may only be given authority to key in data in an electronic
purchase order but not the authority to send the EDI document to the supplier.
A higher level managerial staff may hold a password which allows him to view
the data keyed in by the clerical staff, make the necessary corrections and send
the document out.
The idea behind the MAC process is to ensure that only authorized senders and
receivers correspond and that no one is impersonating another correspondent.
(iv) Hashing
Hashing is a technique used to protect against modification of data.
Message content integrity can be achieved by the sender including with the
message an integrity control value (or known as hash value). The receiver of
the message computes the integrity control value of the data actually received
using the corresponding algorithms and parameters and compares the result
with the value received.
The use of digital signatures provides not only non-repudiation of origin and
receipt, but also message content integrity and origin authentication.