This article aims at understanding the cornerstone of e-commerce; i.e., electronic contracts. Further, the paper will focus on the various security and privacy issues that tag along with e-contracts and bring trouble in the cyberspace.
Electronic contracts are now booming in India due to growing electronic commercial business. The rise in technology and the internet has led to the acceptance of these contracts. This paper titled ‘Security and Privacy Issues in Cyber Contracts’ understands the world of e-contracts and targets the issues surrounding these cyber contracts.
Electronic Contracts in India
An e-contract is computerized facilitation of a contract in a cross-organizational business progression. It essentially facilitates electronic trading relationships between parties. In essence, it is modelled, executed, specified, controlled, enacted, monitored and either fully or partially deployed by a software system.
Apart from being on the internet, e-contracts are in essence, similar to paper-based contracts. Retailers present their prices, products and required terms to prospective buyers while consumers negotiate prices and terms when possible, place orders and make payments. The retailers then deliver the purchased products or services to the consumers.
The fundamental principles of paper-based contracts apply to e-contracts with regard to the essential features of the contract and conclusion of the contract. A problem does arise as people question how traditional and conventional contract law principles apply to modern and unique forms of technology. However, as of today, the essentials, elements and methods to conclude e-contracts remain the same as those provided for paper-based contracts.
The essentials of an e-contract include an offer to sell, an acceptance to offer, lawful consideration, intention to create legal relations, competency of parties, free consent, lawful object and the certainty and possibility of legal performance.
Similarly, an e-contract may be concluded through electronic communication, by acceptance of offers on e-commerce websites, through an electronic data interchange, through online agreements and via other electronic agents.
There are also various types of e-contracts including click-wrap contracts which are enforced by clicking on an ‘I Agree’ icon. There exists a browse-wrap contract wherein the terms and conditions are provided through a hyperlink and is pre-determined. Shrink-wrap contracts refer to license agreements that are wrapped with the software. E-mail contracts are entered through electronic communications.
I. ENFORCEABILITY OF E-CONTRACTS
The Information Technology Act of 2000 was implemented and enacted in India to provide legal sanctity to transactions that are undertaken through electronic means. The validity of e-contracts in India is provided for via §10-A of the IT Act. This section specifies that if an e-contract fulfils all the essentials as specified in the Indian Contracts Act of 1872, it is considered as a valid and enforceable contract in the Courts of India.
The enforceability of different types of contract was challenged first in various US Courts. In a case involving Google, the US Court states that a click-wrap contract, as long as it obeyed the essentials of a paper-based contract, was valid.
While click-wrap contracts have gotten incredible support from Courts, browse-wrap contracts do not receive the same assent from foreign Courts. Judicial precedents show that for browse-wrap contracts to be valid, it’s necessary for the party to have actual notice of the terms and conditions laid within.
Therefore, if it fails to specify it in clear terms, the contract is not executed. As a consequence of these precedents, websites tend to stick to click-wrap contracts. With regard to shrink-wrap contracts, the Court infers the assent of the party from the tearing of the shrink-wrap which has the terms and conditions printed on it.
The Indian judiciary has not been as successful in questioning the validity of these e-contracts. Thus, there is no real precedent in India which lays down any type of ground rules for the enforceability of electronic contracts. The Supreme Court did try to define such contracts in 1995 by referring to them as ‘dotted contracts’.
In 2010, the Supreme Court went one step ahead to state that a contract whose terms and conditions were solely recognized and discussed through e-mails between parties, though no formal contract was signed, is still valid in the eyes of the law. Thus, reliance in India is still placed on foreign judgments and there exists a strong necessity for proper legislative structure in our nation.
II. SECURITY AND PRIVACY ISSUES FACED BY E-CONTRACTS
The growing scale of e-commerce in India allows consumers to purchase goods through transactions that are agreed, transferred and settled in an open virtual network environment. As a result, there are numerous security and privacy issues that are of concern to the consumers which needs to be addressed.
Technology has played an incredible role in enhancing the capacity of internet organizations and companies to collect and analyse huge amounts of data relating to the customers who merely visit their web sites. Therefore, this raises plenty of concerns about how this data is treated and used.
Most businesses around the world collect a variety of information on a regular basis about their customer base so as to understand their clients better, improve their own business processes and so as to target special offers and cater to their crowd.
Before the advent of the internet, companies used to track their customer’s purchases individually and meticulously, however, the stance now is that companies can also record pages of websites that grab a customer’s attention.
For example, a lot of companies request their customers to register with the company through their websites by providing personal information. However, there are plenty of websites that decline services to customers if they refuse to register with them.
If the consumer does choose to register, there is no guarantee as to what may be done with the information provided to them. More often than not, companies sell the information gained from consumers to third parties who can then use it for illegal and illicit purposes.
The issue of identity theft is a huge concern for consumers who face an invasion of their privacy in the virtual world.
Identity theft refers to when a thief gains access to the personal information of a consumer which then lets him impersonate the said consumer and gives him access to start buying goods and services on the internet. However, through the process of impersonating the consumer, the thief’s goods and services are billed to the consumer and thus begins a vicious cycle of monetary loss that the consumer faces.
Most of the time, consumers don’t realise the effects of identity theft immediately as the thief usually begins by making small transactions that are not very noticeable before moving on to bigger ones.
Furthermore, the use of credit cards, debit cards and other smart cards can also lead to recording, tracking and selling of the consumer’s shopping and banking practices. There are various techniques by which data theft can be committed.
This includes hacking, phishing, e-mail spoofing, carding and vishing. Further, there is intellectual property theft that happens wherein theft of material that is copyrighted or theft of trade secrets takes place. One of the most common known consequence of IP theft is counterfeit goods and piracy.
The crime of identity theft essentially happens in two steps; a wrongful collection of personal identity of an individual and then the wrongful use of such information with an intention to cause legal harm. Since identity theft involves both theft and fraud, the provisions of forgery under IPC, 1860 is often invoked.
Sections such as forgery, making false documents, forgery for purpose of cheating, reputation, using as genuine a forged document and possession of a document known to be forged and intending to use it as genuine can be coupled and read with various sections of the IT Act.
The provisions from the IT Act that deal with cyber theft include §66 read with §43 which states that if any person, dishonestly or fraudulently, does any act that causes damage to the computer or computer system without the owner’s permission, then he is punishable with imprisonment for a term up to 3 years or with a fine up to INR 5 lakh or both.
Further, §66B provides punishment for anyone who dishonestly receives stolen computer resources or communication devices. §66C provides for the punishment of identity theft as whoever, fraudulently or dishonestly makes use of someone’s electronic signature, password or other unique identification features shall be imprisoned for up to 3 years and liable to pay a fine up to INR 1 lakh. §66D was inserted to punish cheating by impersonation using computer resources.
Technological advancements in the nation have inspired the people of our country to adopt and adapt to the growing surge of the internet. These trends have now made e-contracts an important cornerstone in the development of our e-commerce industry in India. However, changes require strong guidance for proper implementation and administration.
The IT Act so far has rather failed to provide adequate rules for data protection in internet banking, identity theft, phishing et cetera. Therefore, there is a huge need for separate and stringent legislation for the governance of e-contracts in India so as to overcome the shortcomings of the present legislation.
This will further help in providing structural framework towards the legal and technical aspects of these e-contracts. With the implementation of the stringent legislature and adequate amendments to tackle issues, the e-commerce industry is set to bloom and grow further.
With the increase in the number of internet frauds and cyber-related crimes, the Government is trying to come up with more refined regulations that can help protect the interest of consumers and safeguard them from security and privacy issues.
Furthermore, stronger laws have been formulated in the country with regard to the protection of sensitive personal data in the hands of intermediaries and service providers or body corporates by way of the 2008 Amendment, thereby ensuring data protection and privacy. Hopefully, the law continues to get amended so as to be strong enough to adapt to any future cybercrimes.
- Information Technology Act, No. 21 of 2000, Acts of Parliament, 2000, India.
- Indian Penal Code, No. 45 of 1860, Acts of Parliament, 1860, India.
- S. Rana & Co. Advocates, India: Cyber Theft – A Serious Concern in India, Mondaq Paper, 2019.
- Parul Sinha, Electronic Contracts and Consumer Protection: Does Legislation Provide Adequate Consumer Protection, Bharati Law Review, 2017.
- Anirudh Sarin, India: Legal Issues Pertaining to the Internet of Things, Mondaq Paper, 2018.
- Shashank Tyagi and Shivangi Rana, E-Contracts in India: Issues and Challenges, International Science and Technology Journal, 2018.
- Ayushi Singh and Sukhwinder Singh, E-Contract in India: Issues and Challenges, International Journal of Interdisciplinary Research and Innovations, 2019.
- Shubhada Gholap, Electronic Contracts in India: An Overview, International Journal of Research in Humanities, Arts and Literature, 2018.
- Sankalp Jain, Electronic Contracts: Nature, Types and Legal Challenges, 2016.
- Vijay Dalmia, Electronic Contracts, Vaish Associates Advocates, 2015.
- Daisy Roy, All that you must know about E-Contracts, IP leaders Blog, 2019.
- Sethuram Sundaram, E-Contracts in India: The Legal Framework, Issues and Challenges, International Journal of Emerging Innovations in Science and Technology, 2018.
- R. Subaashini and Shaji.M, Legal Issues arising in e-contracts in India: An Analysis, International Journal of Pure and Applied Mathematics, 2018.
 §10, Information Technology Act, No. 21 of 2000, Acts of Parliament, 2000, India.
 Feldman v. Google Inc. 513 F. Supp 2d 229 (E.D Pa. 2007).
 Specht v. Netscape Communication Corps 2002 U.S. App. Lexis 20714.
 ProCD Inc. v. Zeidenburg 86 F. 3d 1447 (7th Cir. 1996).
 L.I.C. India v. Consumer Education and Research Centre 1995 AIR 1811.
 Trimex International FZE v. Vedanta Aluminium Ltd. India 2010 (1) SCALE 574.
 §464, Indian Penal Code, No. 45 of 1860, Acts of Parliament, 1860, India.
 §465, Information Technology Act, No. 21 of 2000, Acts of Parliament, 2000, India.
 §468, Indian Penal Code, No. 45 of 1860, Acts of Parliament, 1860, India.
 §469, Indian Penal Code, No. 45 of 1860, Acts of Parliament, 1860, India.
 §471, Indian Penal Code, No. 45 of 1860, Acts of Parliament, 1860, India.
 §474, Indian Penal Code, No. 45 of 1860, Acts of Parliament, 1860, India.
 §66 read with §43, Information Technology Act, No. 21 of 2000, Acts of Parliament, 2000, India.
 §66B, Information Technology Act, No. 21 of 2000, Acts of Parliament, 2000, India.
 §66C, Information Technology Act, No. 21 of 2000, Acts of Parliament, 2000, India.
 §66D, Information Technology Act, No. 21 of 2000, Acts of Parliament, 2000, India.