JAMIA MILLIA ISLAMIA

CYBERCRIMES AND LAW

SEMINAR PROJECT

FAHIMIMUDDIN AHMED KHAN

FIFTH YEAR – SECTION A
2015
SUBMITTED TO: Dr. ASAD MALIK
 CONTENTS

ACKNOWLEDGEMENT..........................................................................................................4

LIST OF ABBREVIATIONS......................................................................................................5

TABLE OF CASES...................................................................................................................6

CHAPTER 1 INDTRODUCTION...........................................................................................8

1.1 NEED OF THE STUDY.............................................................................................9

1.2 STATEMENT OF PROBLEM..................................................................................10

1.3 OBJECTIVE OF THE PROJECT...............................................................................10

1.4 HYPOTHESIS........................................................................................................10

1.5 RESEARCH METHODOLOGY................................................................................11

Research Methodology is a systematized investigation to gain new knowledge about the

phenomena or problems. Legal phenomena require their own research methodology. The
research methodology applied here is doctrine method of research. The systematic
investigation of problems and of matters concerned with the topic “CYBERCRIMES
AND LAW” has been done. The books in the library, articles, case laws and materials
available on the internet have been used to study the social and behavioural phenomena
of the topic and its verification..................................................................................11

The main object of this legal research is to gain familiarity with legal phenomena and to
test and verify old facts to disguise the weakness or merits of old legal aspects to analyze
the facts into new theoretical frameworks.................................................................11

CHAPTER 2 CYBERCRIME.................................................................................................12

2.1 DEFINITION OF CYBERCRIME..............................................................................12

2.2 HISTORICAL BACKGROUND................................................................................14

2.3 HOW CYBERCRIME DIFFERENT FROM CONVENTIONAL CRIME?......................15

2.4 WHY CYBERCRIME?............................................................................................16

2.5 WHO COMMITS CYBERCRIMES?.........................................................................17

2
CHAPTER 3 CYBER LAWS IN INDIA..................................................................................18

3.1 NEED FOR CYBER LAWS......................................................................................19

3.2 INFORMATION TECHNOLOGY ACT, 2000...........................................................20

3.2.1 History behind its Enactment.....................................................................20

3.2.2 Aims and Objectives....................................................................................21

3.2.3 The IT Act and Cybercrimes........................................................................21

3.2.4 Various Sections That Deal With Cybercrimes...........................................22

3.3 OTHER LEGISLATIONS REGARDING CYBERCRIME..............................................34

3.4 RULES ISSUED UNDER IT ACT.............................................................................35

3.5 CRITICISM OF IT ACT...........................................................................................37

3.5.1 Awareness...................................................................................................37

3.5.2 Jurisdiction...................................................................................................38

3.5.3 Evidences.....................................................................................................38

3.5.4 Non coverage of many crimes....................................................................39

CHAPTER 4 CONCLUSION................................................................................................43

BIBLIOGRAPHY...................................................................................................................45

3
 ACKNOWLEDGEMENT

It is my privilege to record my deep sense to perform gratitude to those who helped me in

completion of this project.

Firstly, I would like to express my sincere gratitude to Dr. Gulam Yazdhani for the
continuous support of my Seminar study and related research, for his patience, motivation,
and immense knowledge. His guidance helped me in all the time of research and writing of
this project.

I thank my fellow classmates and librarian for helping me in research through there
stimulating discussions and ideas. Last but not the least, I would like to thank my family: my
parents and to my brother and sisters for supporting me throughout writing this project and in
my life in general.

MOHAMMAD SABIR

4
 LIST OF ABBREVIATIONS

ARPANET – Advanced Research Projects Agency Network

IP – Internet Protocol
IT – Information Technology
UNODC – United Nations Office on Drug and Crime
ITU – International Telecommunication Union
FBI – Federal Bureau of Investigation
US – United States
NCRB – National Crime Records Bureau
IPC – Indian Penal Code
AIR – All India Reporter
QB – Queens Bench
SC – Supreme Court
SCC – Supreme Court Cases
MIPR – Manupatra Intellectual Property Reports
OSI – Open System Interconnection
FIR – First Information Report
CRLJ – Criminal Law Journal
CBI – Central Bureau of Investigations
DLT – Delhi Law Times
CERT-In – Computer Emergency Response Team of India
MIT – Ministry of Information Technology
NATO – North Atlantic Treaty Organization
DRDO – Defense Research Development Organisation
ISIS – Islamic State of Iraq and Syria
UNDP – United Nation Development Program
UNICITRAL - United Nations Commission on International Trade Law
ISP – Internet Service Provider

5
 TABLE OF CASES

1. Abhinav v. State of Haryana, 2008 CRLJ 4536. 72.

2. Ajay Goswami v Union of India, (2007) 1 SCC 170.

3. Avnish Bajaj v State, CRL.M.C. 3066 0f 2006.

4. Chandrakant Kalyandas Kakodar v. State of Maharashtra, AIR 1970 SC 1390.

5. Director General of Doordarshan v. Anand Patwardhan, (2006) 8 SCC 433.

6. Gramophone Co. of India Ltd. v. Super Cassette Industries Ltd., MIPR 2010 (2) 349.

7. Miller v. California, 413 U.S. 15 (1973).

8. National Association of Software v. Ajay Sood & Other, 119 (2005) DLT 596.

9. Proprietary Articles Trade Association v. A.G. for Canada, 1931 AC 310.

10. Ranjeet D. Udeshi v. State of Maharashtra, (1965) AIR 881.

11. Regina v. Hicklin, (1868), LR 3 QB 360.

12. Reno v. American Civil Liberties Union, 521 US 844.

13. Samaresh Bose v. Amal Mitra, (1985) 4 SCC 289.

14. Shreya Singhal v. Union of India, (2015) 5 SCC 1.

15. Shri Umashankar Sivasubramaniam v. ICICI Bank, 2012.

16. U.S. V Hobe, Megestrate No. 99-889M (C.D. Cal. 4/14/99) U.S.A

17. U.S. v Pirello, 255 F. 3d 728 (9th Cir. 2001) U.S.A.

6
7
 CHAPTER 1 INDTRODUCTION

It has been 46 year when the first data message sent via ARPANET (the network regarded as
the precursor of internet) between University of California and Stanford Research Institute in
October 1969.1 Since its inception the internet or the cyberspace has made much
advancement and achieved various milestones. More than 3.2 Billion people in the world are
online now compared to 400 million in the year 2000. As of 2013, India was the third-largest
online market with more than 154 million internet users, ranked only behind China and the
United States and declaring itself as a market not to be ignored on the global stage. 2 The
numbers are likely to increase as efforts are being made to tap the untapped areas and connect
more and more people through programs like Digital India by Prime Minister Modi to
initiative like ‘Freebasic’ or Internet.org by Facebook.

The application of internet is in every phase of life now. Use for knowledge, e-commerce, e-
governance etc. is increasing day by day and people are getting dependent on internet for
their everyday activities. The increasing usage of internet service has also lead to jump
in cybercrime. In 2014 a total of 9622 incidence of cybercrime was reported in India which
shows an increase of 69% from previous year. As the technology and application of internet
is evolving, the ways of cybercriminals are also evolving. New types of cybercrimes are
being devised such as cyber terrorism, cyber frauds, privacy breaches, identity theft, hacking,
harassments and many other forms. The victims of these cybercrimes are not only individuals
but companies, institutions and governments, which has made it a global concern.

The alarming increase in cybercrimes has led to the demand for effective and stringent cyber
laws. The current cyber law regime in the country has been incapable of tackling the issues
arising in the cyberspace. The borderless space, anonymity of users online, dynamic e-
commerce and rapid digital transmission pose a real challenge to the application of traditional
laws in cyberspace. While dealing with some serious legal problems, people expected the
need of cyber laws to govern the new virtual world.

1
Internet @ 46: 10 must-know facts, Times of India, 29.10.15, available at:
http://timesofindia.indiatimes.com/listshow/49580749.cms.
2
ICT Facts and Figures – The world in 2015, ITU, available at:
http://www.itu.int/en/ITU-D/Statistics/Pages/facts/default.aspx.

8
This project examines the different types of cybercrimes being committed in the society and
how the cyber laws are being evolved with the same. A further study into the concept of
cybercrime and law is done for the better understanding. The present cyberlaws are critically
analyzed and issues regarding grey areas and implementation of these laws have been
addressed and an attempt has been made to answer some questions.

1.1 NEED OF THE STUDY

When the concept of the Internet was founded and later developed little did the developers
know that the Internet would have the power of being transformed into a monster that could
be used for several illegal and immoral activities and it would eventually need to be
regulated. There are several disturbing things that happen in cyberspace ranging from identity
theft and terrorism to money laundering. Due to the anonymous nature of the Internet,
anybody can indulge in a variety of criminal activities with impunity. These “grey areas” are
being exploited by individuals, companies and their like to perpetrate criminal activities in
cyberspace, thus creating the need for cyber laws.3

So, Cyber Law does concern us on our every day daily life. As the nature of Internet is
changing and this new medium is being seen as the ultimate medium ever evolved in human
history, every activity of ours in cyberspace can and will have a Cyber legal perspective.
When we register our e-mail, or when we conduct an online train reservation, do some
electronic commerce transactions, start a bank account, withdraw money from ATM counter
or pay electricity bills, at every point of time, every day there are various Cyber Law issues
involved. We may not be bothered by these issues and we may think that these laws are very
distant from us and they do not have an impact on Cyber activities. But sooner or later, some
process may fail to give response, which may end in loss, and we will be forced to take note
of Cyber Law for our own benefit.4

1.2 STATEMENT OF PROBLEM

The world of internet today has become a parallel form of life and living. The Internet is fast
becoming a way of life for millions of people and also a way of living because of growing

3
Raghu Santanam, M. Sethumadhavan, Cyber Security, Cyber Crime and Cyber Forensics- Applications and
Perspectives, Information Science Reference, U.S.A., 2011.
4
R. Raman Nair & L. Sulochana Devi, Sanskrit Informatics, Centre for Informatics Research and Development
Publications Division, Kerela, 2011.

9
dependence and reliance of the mankind on these machines. Internet has enabled the use of
website communication, email and a lot of anytime anywhere IT solutions for the betterment
of human kind.

However, this new and fast growing technology has paved way to high tech crimes. This
advancement in technology has equipped the criminals with new and highly sophisticated
tools to commit crimes. Crimes like hacking, stalking, frauds, forgery, identity theft,
copyright infringement and many other new forms of crimes have emerged. Both the increase
in the incidence of criminal activity and the possible emergence of new varieties of criminal
activity pose challenges for legal systems, as well as for law enforcement.

To control cybercrimes, cyber laws like IT Act have been put in place. But so far our cyber
law regime has been proven to not as effective as expected. Therefore, we need to have a
second look at our cyber law regime and examine and identify the problems which it is facing
right now. This project addresses the following questions:

 Does the emergence of different types of cybercrimes is affecting our society and its
growth?
 Whether the present cyber laws are sufficient to deal with the new emerging cyber
crimes?

1.3 OBJECTIVE OF THE PROJECT

 To study the new and emerging cybercrimes and develop an understanding of the concept
of cybercrime.
 To study the existing cyber laws in relation to cybercrimes and examine to what extent
they are sufficient to tackle these emerging cybercrimes.
 To examine the recent scenario of cybercrimes in India.

1.4 HYPOTHESIS
This project tries to analyze various scholarly works such and data available regarding
cybercrimes and cyber laws and tries to test the following hypothesis:
 That the current increase in cybercrimes is affecting our society and its growth and if not
checked will bring more harm.
 That the cyber law regime in our country has failed to curb or check cybercrimes.

10
1.5 RESEARCH METHODOLOGY

Research Methodology is a systematized investigation to gain new knowledge about the

phenomena or problems. Legal phenomena require their own research methodology. The
research methodology applied here is doctrine method of research. The systematic
investigation of problems and of matters concerned with the topic “CYBERCRIMES AND
LAW” has been done. The books in the library, articles, case laws and materials available on
the internet have been used to study the social and behavioural phenomena of the topic and its
verification.

The main object of this legal research is to gain familiarity with legal phenomena and to test
and verify old facts to disguise the weakness or merits of old legal aspects to analyze the facts
into new theoretical frameworks.

A uniform mode of citation has been used throughout the assignment.

11
 CHAPTER 2 CYBERCRIME

The Internet has become a basic fact of everyday life for billions of people worldwide, from
e-mail to online shopping. Ever faster and more accessible connections available on a wider
range of platforms, such as mobile phones or person to person portable devices, have spurred
new e-commerce opportunities. In 2013, at least 3.2 billion people, the equivalent of more
than one third of the world’s total population, had access to the internet. Over 60 per cent of
all internet users are in developing countries, with 45 per cent of all internet users below the
age of 25 years. By the year 2017, it is estimated that mobile broadband subscriptions will
approach 70 per cent of the world’s total population. By the year 2020, the number of
networked devices (the ‘internet of things’) will outnumber people by six to one,
transforming current conceptions of the internet. In the hyperconnected world of tomorrow, it
will become hard to imagine a ‘computer crime’, and perhaps any crime, that does not
involve electronic evidence linked with internet protocol (IP) connectivity.5

This section will deal with the concept of cybercrime which includes the definition of
cybercrime and its historical background and will address questions like how is cybercrime
different from conventional crimes, why cybercrime is on the rise? Who are people who
commit these kinds of crimes and why?

2.1 DEFINITION OF CYBERCRIME

The word ‘cybercrime’ itself is not amenable to a single definition, and is likely best
considered as a collection of acts or conduct, rather than one single act. Cybercrime is neither
defined in Information Technology Act 2000 nor in the I.T. Amendment Act 2008 nor in any
other legislation in India. Though, for the purpose of studies we should try to know few of the
definitions of cybercrime.

At the 10th United Nations Congress on the Prevention of Crime and Treatment of Offenders,6
in a workshop devoted to the issues of crimes related to computer networks, cybercrime was
broken into two categories and defined thus:

5
UNODC, Comprehensive Study on Cybercrime- Draft, February 2013, available at:
https://www.unodc.org/...crime/.../CYBERCRIME_STUDY_210213.pdf.
6
10th UN Congress on the Prevention of Crime and the Treatment of Offenders, 2000, A/CONF.187/10;
available at: www.uncjin.org/Documents/congr10/10e.pdf.

12
 a. Cybercrime in a narrow sense (computer crime): Any illegal behavior directed by
means of electronic operations that targets the security of computer systems and the
data processed by them.
b. Cybercrime in a broader sense (computer-related crime): Any illegal behavior
committed by means of, or in relation to, a computer system or network, including
such crimes as illegal possession [and] offering or distributing information by means
of a computer system or network.

The term “cybercrime” is narrower than computer related crimes as it has to involve a
computer network. Computer-related crimes cover even those offences that bear no relation
to a network, but only affect stand-alone computer systems.7

According to David L. Carter a computer crime can be classified into three main categories
namely:8

(i) As crimes where the computer is the target,

(ii) Crimes where computer is the tool of the crime and
(iii) Crimes where the computer is incidental.

In the first category, a perpetrator intentionally attacks an innocent party’s computer. In the
second category, the computer is used to commit a traditional crime in a high-tech way. The
third one is where a computer is mere incidental, in the sense the perpetrator might have
committed the crime even if there was no computer.9

Nandan Kamat says that since the Internet is composed of computers; crimes occurring on the
internet are computer crimes. He also says that a computer can be the subject of a crime by
being stolen or damaged; it can be the site of crime such as fraud or copyright infringement;
or it can be the instrument of a crime such as when it is used to access other machines or store
information illegally. These are all computer crimes in the sense that a computer is
involved.10

7
International Telecommunication Union, Understanding cybercrime: phenomena, challenges and legal
response, September 2012, available at: http://www.itu.int/ITU-D/cyb/cybersecurity/legislation.html.
8
Carter David L, Computer Crime Categories – How the Techno Criminals Operate, FBI Law Enforcement
Bulletin, July, 1995.
9
Marc M Goodman, Why the Police don’t Care about Computer Crime?, 10 Harvard Journal of Law and
Technology 468(1997).
10
Nandan Kamat, Law Relating to Computers Internet and E-commerce, (2d ed. 2000).

13
‘Definitions’ of cybercrime mostly depend upon the purpose of using the term. A limited
number of acts against the confidentiality, integrity and availability of computer data or
systems represent the core of cybercrime. Beyond this, however, computer-related acts for
personal or financial gain or harm, including forms of identity-related crimes, and computer
content-related acts (all of which fall within a wider meaning of the term ‘cybercrime’) do
not lend themselves easily to efforts to arrive at legal definitions of the aggregate term.
Certain definitions are required for the core of cybercrime acts. However, a ‘definition’ of
cybercrime is not as relevant for other purposes, such as defining the scope of specialized
investigative and international cooperation powers, which are better focused on electronic
evidence for any crime, rather than a broad, artificial ‘cybercrime’ construct.11

2.2 HISTORICAL BACKGROUND

The first recorded cybercrime took place in the year 1820. That is not surprising considering
the fact that the abacus, which is thought to be the earliest form of a computer, has been
around since 3500 B.C. in India, Japan and China. The era of modern computers, however,
began with the analytical engine of Charle Babbage. In 1820, Joseph-Marie Jacquard, a
textile manufacturer in France, produced the loom. This device allowed the repetition of a
series of steps in the weaving of special fabrics. This resulted in a fear amongst Jacquard's
employees that their traditional employment and livelihood were being threatened. They
committed acts of sabotage to discourage Jacquard from further use of the new technology.
This is the first recorded cybercrime!

The concept of ‘cyberspace’ entered in to the theory of modern law, when the American
Supreme Court, compared the breach of law in cyber space to the breach of law in real
space.12 The court applied the laws of the real world into the cyberspace. After this judgment
the jurists of the cyberspace were divided into two groups. One group argues that the laws of
real world can be extended to the cyberspace.13 The other group says that the territory based
traditional laws cannot be applied to cyberspace.14
11
UNODC, Comprehensive Study on Cybercrime- Draft, February 2013, available at:
https://www.unodc.org/...crime/.../CYBERCRIME_STUDY_210213.pdf.
12
Reno v. American Civil Liberties Union, 521 US 844.
13
For example, Watkin is of the opinion that the hard evidence of the extent of such crimes and the need for
specific legislation directed at computer crimes is still lacking. See Watkins, Computer Crime: Separating the
Myth from Reality, C.A. Magazine, Jan. 1981. See also Taber, A Survey of Computer Crimes Studies, 2
Computer (CJ 275 (1980).
14
For example, parker believes that the challenges posed by the computer crimes have make the existing legal
regime incapable and ineffective. See Parker, Computer Abuse Research Update, 2 Computer L.J. 329-523

14
2.3 HOW CYBERCRIME DIFFERENT FROM CONVENTIONAL CRIME?

Crime is a social and economic phenomenon and is as old as the human society. Crime is a
legal concept and has the sanction of the law. Crime or an offence is “a legal wrong that can
be followed by criminal proceedings which may result into punishment.”15 The hallmark of
criminality is that, it is breach of the criminal law. Per Lord Atkin, “the criminal quality of an
act cannot be discovered by reference to any standard but one: is the act prohibited with
penal consequences”.16 A crime may be said to be any conduct accompanied by act or
omission prohibited by law and consequential breach of which is visited by penal
consequences.

In this sense, the term ‘cybercrime’ is a misnomer. The concept of cybercrime is not radically
different from the concept of conventional crime. Both include conduct whether act or
omission, which cause breach of rules of law and counterbalanced by the sanction of the
state. However, there are certain differences between the two. It would be relevant to points
out these similarities and differences between the two.

Cybercrime is the latest and perhaps the most complicated problem in the cyber world.
“Cybercrime may be said to be those species, of which, genus is the conventional crime, and
where either the computer is an object or subject of the conduct constituting crime”17 “Any
criminal activity that uses a computer either as an instrumentality, target or a means for
perpetuating further crimes comes within the ambit of cybercrime.”18 The involvement of
medium makes cybercrime distinct from conventional crimes. Cyber space does not have
geographical boundaries. Cyber criminals refuse to be bounded by the conventional
jurisdictional areas of nations, originating an attack from almost any computer in the world,
passing it across multiple national boundaries, or designing attacks that appear to be
originating from foreign sources. Such techniques dramatically increase both the technical
and legal complexities of investigating and prosecuting cybercrimes. Unlike conventional
crimes against persons or property such as rape, burglary and murder, cybercrimes are very
skill intensive. Stock of hacking skills is thus a prerequisite to cyber/online crimes. Whereas

(1980). See also Michael A. Sussmann, The Critical Challenges from the International High-Tech and
Computer related Crime at the Millennium, a DUKEJ. COMP & INT’L L. 451, 435-55 (1999).
15
Granville Williams, Criminal Law, The General Part, (2d ed. 1961).
16
Proprietary Articles Trade Association v. A.G. for Canada, 1931 AC 310.
17
Parthasarathy Pati, Cybercrime, available at http://www.naavi.org/pati/pati_cybercrimes_dec03.htm.
18
Pawan Duggal, Cyber Law- The Indian Perspectives, (3d ed. 2009).

15
minimal skill is needed for opportunistic attacks, targeted attacks require more sophisticated
skills.19

2.4 WHY CYBERCRIME?

Cybercrime is promoted by the various factors like new technologies, complexity and loss of
evidence. The computers are easy to access by means of these new complex technologies.
The unauthorized access to a computer system is made possible by installing technologies
like key loggers that can steal the access codes, voice recorders etc. that can bypass firewalls
and get into the system. Computers work on operating systems, which are composed of
millions of codes. Due to human errors, if some loophole occurs, the cyber criminals use that
to penetrate into the system. At the time of crime investigation, collection of evidence plays
an important role. Collection of data outside the territorial extent is very difficult. This makes
cyber criminals think that they are safe. The magical and intriguing aspects of the Internet lie
primarily in its anonymous nature. Only very few people would actually go to a physical
adult bookstore to view pornography or even rent pornographic videos. But a larger
percentage will visit and browse a virtual adult porn site on the Internet without hesitation.
This occurs primarily because of the false security provided by a sense of anonymity.

Hart in his work, The Concept of Law has said “human beings are vulnerable so rule of law is
required to protect them”. Applying this to the cyberspace we may say that computers are
vulnerable so rule of law is required to protect and safeguard them against cybercrime. The
reasons for the vulnerability of computers may be said to be:

(i) Capacity to store data in comparatively small space - The computer has unique
characteristic of storing data in a very small space. This affords to remove or derive
information either through physical or virtual medium much easily.
(ii) Easy to access - The problem encountered in guarding a computer system from
unauthorised access is that there is every possibility of breach not due to human error
but due to the complex technology. By secretly implanted logic bomb, key loggers
that can steal access codes, advanced voice recorders; retina imagers etc. that can fool
biometric systems and bypass firewalls can be utilized to get past many a security
system.

19
Nir Kshetri, “Pattern of Global Cyber War and Crime: A Conceptual Framework” The University of North
Carolina at Greensboro.

16
(iii) Complex - The computers work on operating systems and these operating systems in
turn are composed of millions of codes. Human mind is fallible and it is not possible
that there might not be a lapse at any stage. The cyber criminals take advantage of
these lacunas and penetrate into the computer system.
(iv) Negligence - Negligence is very closely connected with human conduct. It is therefore
very probable that while protecting the computer system there might be any
negligence, which in turn provides a cyber criminal to gain access and control over
the computer system.
(v) Loss of evidence - Loss of evidence is a very common and obvious problem as all the
data are routinely destroyed. Further collection of data outside the territorial extent
also paralyses this system of crime investigation.

2.5 WHO COMMITS CYBERCRIMES?

(i) Insiders - Disgruntled employees and ex-employees, spouses, lovers.

(ii) Hackers - Crack into networks with malicious intent.
(iii) Virus Writers - Pose serious threats to networks and systems worldwide.
(iv) Foreign Intelligence - Use cyber tools as part of their Services for espionage activities
and can pose the biggest threat to the security of another country.
(v) Terrorists - Use to formulate plans, to raise funds, propaganda.

CHAPTER 3 CYBER LAWS IN INDIA

“Cyber" is a prefix used to describe a person, thing, or idea as part of the computer and
information age. Taken from kybernetes, Greek word for "steersman" or "governor," it was
first used in cybernetics, a word coined by Norbert Wiener and his colleagues. The virtual
world of internet is known as cyberspace20 and the laws governing this area are known as
Cyber laws and all the netizens of this space come under the ambit of these laws as it carries
a kind of universal jurisdiction. Cyber law can also be described as that branch of law that

20
William Gibson coined the term cyberspace in his science fiction novel Neuromancer written in early 1980s.
The plot was largely set in a setting that had no physical existence. The plot involved a hacker employed by an
anonymous employer to hack. Cyberspace was a conceptual hallucination that felt and looked like a physical
space, but was actually computer-generated. In this setting, people, connected to network, carried out business
transactions, worked, played and broke the law. See E.A. Cavazos and Govino Morin, Cyberspace and the Law:
Your Rights and Duties in the online world (1994), p. 1

17
deals with legal issues related to use of inter-networked information technology. In short,
cyber law is the law governing cyber space.21

Cyber law encompasses a wide variety of legal issues related to the use of communication
technology. It addresses issues of cyber space and covers the rights and responsibilities of
Netizens22 who are the citizens of Cyber Space. Cyber law includes legal issues that affect
persons and institutions who control the entry to cyber space, provide access to cyber space,
create hardware and software which enable people to access cyber space or to use their own
devices to enter cyber space.

The Information Communication Technology revolution in India had its beginning in 1970,
when the Government of India strategically decided to setup the Department of Electronics.
After this the National Informatics Centre under the Electronic Commission/Department of
Electronics was established in 1977 and was the outcome of this view and was assisted by
United Nations Development Program (UNDP).23 In 1987 Union Government had taken a
major initiative and introduced satellite based National Computer Networking System after
that in May 1998 major initiative by the government was taken establish National Task Force
of IT and Software Development. This led to the legislation of India’s first ever cyber law.

3.1 NEED FOR CYBER LAWS

In today’s techno-savvy environment, the world is becoming more and more digitally
sophisticated and so are the crimes. Internet was initially developed as a research and
information sharing tool and was in an unregulated manner. As the time passed by it became
more transactional with e-business, e-commerce, e-governance and e-procurement etc. All
legal issues related to internet crime are dealt with through cyber laws. As the number of
internet users is on the rise, the need for cyber laws and their application has also gathered
great momentum.

21
Rohas Nagpal, Introduction to Indian Cyber Law, an extract from IPR & Cyberspace- Indian Perspective,
available at: http://www.asianlaws.org/library/cyber-laws/intro-indian-cyber-law.pdf.
22
A word coined by Michael Hauben to describe an internet user who possesses a sense of civic responsibility
for his/her virtual community as a citizen would feel responsible for a physical community.
23
Sherif Kamel, Electronic Business in Developing Countries- Opportunities and Challenges, 173, Idea Group
Inc., London, 2006.

18
There are various reasons why it is extremely difficult for conventional law to cope with
cyberspace. Some of these are discussed below.24

1. Cyberspace is an intangible dimension that is impossible to govern and regulate using

conventional law.
2. Cyberspace has complete disrespect for jurisdictional boundaries. A person in India could
break into a bank’s electronic vault hosted on a computer in USA and transfer millions of
Rupees to another bank in Switzerland, all within minutes. All he would need is a laptop
computer and a cell phone.
3. Cyberspace handles gigantic traffic volumes every second. Billions of emails are
crisscrossing the globe even as we read this, millions of websites are being accessed
every minute and billions of dollars are electronically transferred around the world by
banks every day.
4. Cyberspace is absolutely open to participation by all. A ten year-old in Bhutan can have a
live chat session with an eight year-old in Bali without any regard for the distance or the
anonymity between them.
5. Cyberspace offers enormous potential for anonymity to its members. Readily available
encryption software and steganographic tools that seamlessly hide information within
image and sound files ensure the confidentiality of information exchanged between
cyber-citizens.
6. Cyberspace offers never-seen-before economic efficiency. Billions of dollars worth of
software can be traded over the Internet without the need for any government licenses,
shipping and handling charges and without paying any customs duty.
7. Electronic information has become the main object of cybercrime. It is characterized by
extreme mobility, which exceeds by far the mobility of persons, goods or other services.
International computer networks can transfer huge amounts of data around the globe in a
matter of seconds.
8. A software source code worth crores of rupees or a movie can be pirated across the globe
within hours of their release.
9. Theft of corporeal information (e.g. books, papers, CD ROMs, floppy disks) is easily
covered by traditional penal provisions. However, the problem begins when electronic
records are copied quickly, inconspicuously and often via telecommunication facilities.

24
Rohas Nagpal, Introduction to Indian Cyber Law, an extract from IPR & Cyberspace- Indian Perspective,
available at: http://www.asianlaws.org/library/cyber-laws/intro-indian-cyber-law.pdf.

19
 Here the “original” information, so to say, remains in the “possession” of the “owner” and
yet information gets stolen.

3.2 INFORMATION TECHNOLOGY ACT, 2000

There are two main statutes that govern the online criminal liabilities are the Indian Penal
Code, 1860 and the Information Technology (IT) Act, 2000. The IT Act, was passed and
enforced on 17th May 2000. The Information Technology Act, 2000 heralded a new cyber
law regime in the country. India became the 12th nation in the world to enact cyber laws.25

3.2.1 History behind its Enactment

The United Nations Commission on International Trade Law (UNCITRAL) adopted the
Model Law on Electronic Commerce in 1996 in order to bring uniformity in the law of
different countries. The General Assembly of the United Nations by Resolution No. 51/162,
dated 30th January 1997, recommended that all the States should give favourable
considerations to this Model Law when they enact or revise their laws. 26 The Ministry of
Commerce Government of India created the first draft of the legislation following these
guidelines termed as "E Commerce Act 1998".27 Since later a separate ministry for
Information technology came into being, the draft was taken over by the new ministry which
re-drafted the legislation as "Information Technology Bill 1999". This draft was placed in the
Parliament in December 1999 and passed in May 2000. After the assent of the President on
June 9, 2000, the act was finally notified with effect from October 17, 2000 vide notification
number G.S.R 788(E).28

3.2.2 Aims and Objectives

This Act provides legal recognition for transactions carried out by means of electronic data
interchange and other means of electronic communication, commonly referred to as
‘electronic commerce’, which involves the use of alternatives paper based method of

25
R.K. Bagga, Kenneth Keniston, The State, I.T. and Development, (1t ed. 2005).
26
Yatinder Singh, Cyber Laws, (4th ed. 2010).
27
Sanjay Pandey, Curbing Cybercrime- A Critique of Information Technology Act, 2000 and IT Act Amendment,
2008, available at: http://www.softcell.in/pdf/IT-Act-Paper.pdf.
28
Ibid.

20
communication and storage of information, to facilitate electronic filling of documents with
the Govt. agencies.29

The said Act has also amended:

1. The Indian Penal Code, 1860

2. The Indian Evidence Act, 1872
3. The Banker’s Book Evidence Act, 1891
4. The Reserve Bank of India Act, 1934.

3.2.3 The IT Act and Cybercrimes

S.1(2) of IT Act30 provides that the Act extends to the whole of India, including Jammu &
Kashmir. To extend the provision of Act to Jammu & Kashmir, Art.253 of Constitution is
used. The Act does not take citizenship into account. The Act provides an extraterritorial
jurisdiction. The S.1(2) when read with S.75,31 the Act can be applied to any offence or
contravention committed outside India by any person irrespective of his/her nationality, if
his/her conduct constituting the offence or contravention involves a computer, computer
system or computer network located in India. The limitation of this provision occurs due to
the lack of international co-operations. This Act is to protect even the owner of a single
computer, computer system or computer network located in India which has been
violated/damaged by any person inside or outside the country.

Chapter IX of the IT Act, 2000 highlights both the penalty provisions and the process of
adjudication for damage to computer, computer system, or computer network. It deals with
the cybercrimes like unauthorized access to computer, computer system or computer
network. The various provisions under this Act is studied with reference to the terms like
computer, computer system, access, computer networks which are defined under the
subsections of the S. 2(1) of IT Act, 2000.

Chapter XI of the IT Act, 2000 deals with the offences. The main distinction between a
contravention and an offence is that, a contravention is generic and is just the violation of
rule. It may or may not be punishable with a liability to pay a penalty whereas an offence is

29
B.S. Moshal, Modern Business Law, (1t ed., 2008).
30
S.1 (2) of IT Act, 2000.
31
S.75 of IT Act, 2000.

21
specific and by doing an offence one can be made punishable with fine and imprisonment or
with either of them.

IT Act deals with various cybercrimes and the provision of penalties in chapters IX and XI.
Chapter IX deals with the penalties and adjudication and chapter XI deals with the offences.
The important sections in IT Act which deals with the various cybercrimes are S. 43, S.65,
S.66, S.67.

3.2.4 Various Sections That Deal With Cybercrimes

S.43. Penalty for damage to the computer, computer system etc.

This section deals with unauthorized access, unauthorized downloading, virus attacks or any
contaminants introduced in the system, denial-of-service access, damages caused. This
section provides for a fine up to Rs. 1 Crore as remedy.

To prove that a system has undergone unauthorized access, one should prove that the access
was unauthorized, the computer performed a function as a consequence of unauthorized
access, the person concerned knew that the access was unauthorized.32

Unauthorised downloading refers to unauthorized retrieving of a file from a remote computer,

computer system, or the computer network. Unauthorised copying is downloading a file or
data and saving it on another part of computer’s hard disk or on any removable disk. The
offenders are liable to pay damages by a compensation not exceeding Rs.1 crore to the
victim.33

Under S.43(c) of the IT Act, 2000, any person who introduces or causes viruses or other
contaminants into the system shall be liable to pay damages by way of compensation not
exceeding Rs.1crore.

Any person who causes denial of service to any authorized person, S.43(f) and who damages
or causes to damage data, files or any hardware-software configuration by means of altering,
deleting, adding, modifying or rearranging the files through virtual or physical
medium,S.43(d) shall be liable to pay damages by way of compensation not exceeding Rs.1

32
IT Act, 2000, section 43(a).
33
IT Act, 2000, section 43(b).

22
crore. S.43(h) is incorporated with the idea to prevent theft, misappropriation,
misrepresentation, fraud or forgery of access code, used ID, password etc. by a person to the
account of another person by manipulating any computer, computer system, or computer
network.

Section 43(i) takes into account any activity which may result into destruction, deletion or
alteration of any information residing in a computer resource or diminishes its (computer
resource) value or utility or affects it (computer resource) injuriously by any means. 43(i) in
way defines ‘computer related contraventions’. One may find the subject matter of clause (i)
and previous section 66 (of old Act) somewhat similar. The only difference is that under
clause (i) “intention or knowledge” in not an essential ingredient.

Clause (j) of section 43 takes into account any activity, which may result into stealing,
concealing, destruction or alteration of any computer source code used for a computer
resource with an intention to cause damage. The essence of this contravention is that the
contravener must have caused (or attempts o cause) stealing, concealing, destruction or
alteration of any computer source code. In a way lawmakers have put clause (j) on a different
pedestal as compared to other clause(s), namely (a) to (i) – where “intention” is not a
mandatory ingredient.

Cybercrime includes both cyber contraventions and cyber offences. The difference between
the both lies in the degree and extend of criminal activity. Unauthorised access to a computer,
computer system, and computer network can be considered as a cyber contravention. It is
covered by S.43(a) to (h) in the IT Act, 2000. Cyber contraventions may result in civil
prosecution and the judicial proceedings are done before the adjudicating officer. Offender
liable to pay damages by way of compensation of an amount not exceeding Rs.1crore to the
victim.

Cyber offences are related with the serious issues. Sections 65 to 74 of the IT Act, 2000 deal
with the various cyber offences. Cyber offences may result in criminal prosecution and the
offender may be punishable with imprisonment or fine or with both. These offences are
classified as cognizable/non-cognizable and bailable/non-bailable.

65. Tampering with Computer Source Documents

23
This offence is classified to be a cognizable offence, triable by first class Magistrate. This is a
non-bailable offence. Computer source documents consists of the listing of programmes,
source code, design etc. The source code represents the intellect of a programmer. It Act
protects the source code in this section. It protectsthe computer documents beyond the range
of Copyright laws. The punishment of the offence under this section is imprisonment up to
three years, or with fine up to Rs.2 lakhs or with both.

Sec 66. Computer Related Offences

If any person, dishonestly, or fraudulently, does any act referred to in section 43, he shall be
punishable with imprisonment for a term which may extend to three years or with fine which
may extend to five lakh rupees or with both.

Computer related offences as articulated above include every sort of computer related
offences. Under this section, if any person, dishonestly or fraudulently, does any act referred
to in section 43, he shall be punishable. In other words, to be charged under section 66, any
person must cause a computer resource to perform a function with dishonest or fraudulent
intent to secure access, knowing that the access he intends to secure is unauthorized.

What distinguishes section 66 from section 43 is that the act must have been done dishonestly
and fraudulently. Thus the essential ingredients are:

i. Unauthorized access to a computer resource; and

ii. Dishonest or fraudulent intent.

It is the essence of this offence that the accused must cause destruction, damage, disruption,
deletion, concealment, tampering, manipulation, stealing or alteration of information residing
in a computer resource. In order to make out an offence under this section, it is necessary to
show that destruction, damage, disruption, deletion, concealment, tampering, manipulation,
stealing or alteration of information residing in a computer resource, which was being owned,
managed, used or operated by or any person (natural or legal). Hence, unless the information
contained in the computer resource was destroyed or altered due to dishonest or fraudulent
action of the accused, no offence under section 66 of the Act could be said to have been
committed.

24
66A Punishment for sending offensive messages through communication service, etc

Supreme Court in Shreya Singhal v. Union of India34, struck down section 66A of the
Information Technology Act, 2000 which provided provisions for the arrest of those who
posted allegedly offensive content on the internet upholding freedom of expression. Section
66A defines the punishment for sending “offensive” messages through a computer or any
other communication device like a mobile phone or tablet and a conviction of it can fetch a
maximum three years of jail and a fine. The following was held in this case.

1. Section 66A of the Information Technology Act, 2000 is struck  down  in  its entirety
being violative of Article 19(1)(a) and  not  saved  under  Article 19(2).
2. Section 69A and the Information Technology (Procedure & Safeguards
for Blocking for Access of Information by Public) Rules 2009 are constitutionally
valid.
3. Section 79 is valid subject to Section 79(3)(b)  being  read  down  to  mean that an
intermediary upon receiving actual knowledge from a court  order  or on being
notified by the appropriate government or its agency that  unlawful acts relatable to
Article 19(2) are going to  be  committed  then  fails  to expeditiously remove or
disable access to  such material.   Similarly,  the Information Technology 
“Intermediary  Guidelines”  Rules,  2011  are  valid subject to Rule 3 sub-rule (4) 
being  read  down  in  the  same  manner  as indicated in the judgment. (Section 79(3)
(b) has to be read down to  mean  that  the  intermediary upon receiving actual
knowledge that a court order has  been  passed  asking it to expeditiously remove or
disable access to certain material must  then fail to expeditiously remove or disable
access to that  material. This is for the reason that otherwise it would be very difficult
for  intermediaries like Google, Facebook etc. to act when millions of requests
are made and the intermediary is then to judge as to 
which of such requests are legitimate and which are not. We have been
informed that in other countries worldwide this view has gained acceptance,
Argentina being in the forefront. Also, the Court order and/or the notification by
the appropriate Government or its agency must strictly conform to the subject matters
laid down in Article 19(2). Unlawful acts beyond what is laid down in Article 19(2)

34
(2015) 5 SCC 1.

25
 obviously cannot form any part of Section 79. With these two caveats, we refrain
from striking down Section 79(3)(b).
4. Section 118(d) of the Kerala Police Act is struck down being violative of Article
19(1)(a) and not saved by Article 19(2).

66B. Punishment for dishonestly receiving stolen computer resource or communication

device

Whoever dishonestly receives or retains any stolen computer resource or communication

device knowing or having reason to believe the same to be stolen computer resource or
communication device, shall be punished with imprisonment of either description for a term
which may extend to three years or with fine which may extend to rupees one lakh or with
both.

The aforesaid section aims at punishing those who dishonestly receives or retains any stolen
computer resource or communication device knowing or having reason to believe the same to
be stolen computer resource or communication device.

66C Punishment for identity theft

Whoever, fraudulently or dishonestly make use of the electronic signature, password or any
other unique identification feature of any other person, shall be punished with imprisonment
of either description for a term which may extend to three years and shall also be liable to
fine which may extend to rupees one lakh.

66D Punishment for cheating by personation by using computer resource

Whoever, by means of any communication device or computer resource cheats by

personation, shall be punished with imprisonment of either description for a term which may
extend to three years and shall also be liable to fine which may extend to one lakh rupees.

66E Punishment for violation of privacy

Whoever, intentionally or knowingly captures, publishes or transmits the image of a private

area of any person without his or her consent, under circumstances violating the privacy of

26
that person, shall be punished with imprisonment which may extend to three years or with
fine not exceeding two lakh rupees, or with both

66F. Punishment for cyber terrorism

(1) Whoever,- (A) with intent to threaten the unity, integrity, security or sovereignty of India
or to strike terror in the people or any section of the people by-

(i) denying or cause the denial of access to any person authorized to access computer
resource; or

(ii) attempting to penetrate or access a computer resource without authorisation or exceeding

authorized access; or

(iii) introducing or causing to introduce any Computer Contaminant.

and by means of such conduct causes or is likely to cause death or injuries to persons or
damage to or destruction of property or disrupts or knowing that it is likely to cause damage
or disruption of supplies or services essential to the life of the community or adversely affect
the critical information infrastructure specified under section 70, or

(B) knowingly or intentionally penetrates or accesses a computer resource without

authorisation or exceeding authorized access, and by means of such conduct obtains access to
information, data or computer database that is restricted for reasons of the security of the
State or foreign relations; or any restricted information, data or computer database, with
reasons to believe that such information, data or computer database so obtained may be used
to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the
security of the State, friendly relations with foreign States, public order, decency or morality,
or in relation to contempt of court, defamation or incitement to an offence, or to the
advantage of any foreign nation, group of individuals or otherwise, commits the offence of
cyber terrorism.

(2) Whoever commits or conspires to commit cyber terrorism shall be punishable with
imprisonment which may extend to imprisonment for life’.

27
This section is a combination of section 66 and 70 of the Act. What separates section 66F
from other sections is the degree and nature of offence. If using a sliding scale approach to
measure the gravity of offence, section 66 is at one end of the spectrum and section 66F is at
the other end of the spectrum.

67. Punishment for publishing or transmitting obscene material in electronic form

Whoever publishes or transmits or causes to be published in the electronic form, any material
which is lascivious or appeals to the prurient interest or if its effect is such as to tend to
deprave and corrupt persons who are likely, having regard to all relevant circumstances, to
read, see or hear the matter contained or embodied in it, shall be punished on first conviction
with imprisonment of either description for a term which may extend to three years and with
fine which may extend to five lakh rupees and in the event of a second or subsequent
conviction with imprisonment of either description for a term which may extend to five years
and also with fine which may extend to ten lakh rupees.

67A Punishment for publishing or transmitting of material containing sexually explicit act,
etc. in electronic form

Whoever publishes or transmits or causes to be published or transmitted in the electronic

form any material which contains sexually explicit act or conduct shall be punished on first
conviction with imprisonment of either description for a term which may extend to five years
and with fine which may extend to ten lakh rupees and in the event of second or subsequent
conviction with imprisonment of either description for a term which may extend to seven
years and also with fine which may extend to ten lakh rupees.

Exception: This section and section 67 does not extend to any book, pamphlet, paper, writing,
drawing, painting, representation or figure in electronic form-

(i) the publication of which is proved to be justified as being for the public good on the
ground that such book, pamphlet, paper, writing, drawing, painting, representation or figure is
in the interest of science,literature,art,or learning or other objects of general concern; or

(ii) which is kept or used bona fide for religious purposes.

28
67B Punishment for publishing or transmitting of material depicting children in sexually
explicit act, etc. in electronic form

Whoever, (a) publishes or transmits or causes to be published or transmitted material in any

electronic form which depicts children engaged in sexually explicit act or conduct or

(b) creates text or digital images, collects, seeks, browses, downloads, advertises, promotes,
exchanges or distributes material in any electronic form depicting children in obscene or
indecent or sexually explicit manner or

(c) cultivates, entices or induces children to online relationship with one or more children for
and on sexually explicit act or in a manner that may offend a reasonable adult on the
computer resource or

(d) facilitates abusing children online or

(e) records in any electronic form own abuse or that of others pertaining to sexually explicit
act with children, shall be punished on first conviction with imprisonment of either
description for a term which may extend to five years and with a fine which may extend to
ten lakh rupees and in the event of second or subsequent conviction with imprisonment of
either description for a term which may extend to seven years and also with fine which may
extend to ten lakh rupees:

Provided that the provisions of section 67, section 67A and this section does not extend to
any book, pamphlet, paper, writing, drawing, painting, representation or figure in electronic
form-

(i) The publication of which is proved to be justified as being for the public good on the
ground that such book, pamphlet, paper writing, drawing, painting, representation or figure is
in the interest of science, literature, art or learning or other objects of general concern; or

(ii) which is kept or used for bonafide heritage or religious purposes

Explanation: For the purposes of this section, "children" means a person who has not
completed the age of 18 years.

29
The aforesaid section criminalizes all kinds of online child pornography. The tern online
refers to publishing or transmitting of material depicting children in sexually explicit act, etc.,
in electronic form.

67 C. Preservation and Retention of information by intermediaries

(1) Intermediary shall preserve and retain such information as may be specified for such
duration and in such manner and format as the Central Government may prescribe.

(2) Any intermediary who intentionally or knowingly contravenes the provisions of sub
section (1) shall be punished with an imprisonment for a term which may extend to three
years and shall also be liable to fine.

Sec 71 Penalty for misrepresentation

Whoever makes any misrepresentation to, or suppresses any material fact from, the
Controller or the Certifying Authority for obtaining any license or Electronic Signature
Certificate, as the case may be, shall be punished with imprisonment for a term which may
extend to two years, or with fine which may extend to one lakh rupees, or with both.

Sec 72 Breach of confidentiality and privacy

Save as otherwise provided in this Act or any other law for the time being in force, any
person who, in pursuant of any of the powers conferred under this Act, rules or regulations
made there under, has secured access to any electronic record, book, register,
correspondence, information, document or other material without the consent of the person
concerned discloses such electronic record, book, register, correspondence, information,
document or other material to any other person shall be punished with imprisonment for a
term which may extend to two years, or with fine which may extend to one lakh rupees, or
with both.

Sec 72A. Punishment for Disclosure of information in breach of lawful contract

Save as otherwise provided in this Act or any other law for the time being in force, any
person including an intermediary who, while providing services under the terms of lawful
contract, has secured access to any material containing personal information about another

30
person, with the intent to cause or knowing that he is likely to cause wrongful loss or
wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful
contract, such material to any other person shall be punished with imprisonment for a term
which may extend to three years, or with a fine which may extend to five lakh rupees, or with
both.

Sec 73. Penalty for publishing electronic Signature Certificate false in certain particulars

(1) No person shall publish a Electronic Signature Certificate or otherwise make it available
to any other person with the knowledge that

(a) the Certifying Authority listed in the certificate has not issued it; or

(b) the subscriber listed in the certificate has not accepted it; or

(c) the certificate has been revoked or suspended, unless such publication is for the purpose
of verifying a digital signature created prior to such suspension or revocation.

(2) Any person who contravenes the provisions of sub-section (1) shall be punished with
imprisonment for a term which may extend to two years, or with fine which may extend to
one lakh rupees, or with both.

Sec 74 Publication for fraudulent purpose

Whoever knowingly creates, publishes or otherwise makes available a Electronic Signature

Certificate for any fraudulent or unlawful purpose shall be punished with imprisonment for a
term which may extend to two years, or with fine which may extend to one lakh rupees, or
with both

Sec 75 Act to apply for offence or contraventions committed outside India

(1) Subject to the provisions of sub-section (2), the provisions of this Act shall apply also to
any offence or contravention committed outside India by any person irrespective of his
nationality.

31
(2) For the purposes of sub-section (1), this Act shall apply to an offence or contravention
committed outside India by any person if the act or conduct constituting the offence or
contravention involves a computer, computer system or computer network located in India.

Sec 77 Compensation, penalties or confiscation not to interfere with other punishment

No compensation awarded, penalty imposed or confiscation made under this Act shall
prevent the award of compensation or imposition of any other penalty or punishment under
any other law for the time being in force.

Sec 77 A Compounding of Offences

(1) A Court of competent jurisdiction may compound offences other than offences for which
the punishment for life or imprisonment for a term exceeding three years has been provided
under this Act.

Provided that the Court shall not compound such offence where the accused is by reason of
his previous conviction, liable to either enhanced punishment or to a punishment of of a
different kind.

Provided further that the Court shall not compound any offence where such offence affects
the socio-economic conditions of the country or has been committed against a child below the
age of 18 years or a woman.

(2) The person accused of an offence under this act may file an application for compounding
in the court in which offence is pending for trial and the provisions of section 265 B and 265
C of Code of Criminal Procedures, 1973 shall apply.

Sec 77 B Offences with three years imprisonment to be cognizable

(1) Notwithstanding anything contained in Criminal Procedure Code 1973, the offence
punishable with imprisonment of three years and above shall be cognizable and the offence
punishable with imprisonment of three years shall be bailable.

Sec 84B Punishment for abetment of offences

32
Whoever abets any offence shall, if the act abetted is committed in consequence of the
abetment, and no express provision is made by this Act for the punishment of such abetment,
be punished with the punishment provided for the offence under this Act.

Explanation: An Act or offence is said to be committed in consequence of abetment, when it

is committed in consequence of the instigation, or in pursuance of the conspiracy, or with the
aid which constitutes the abetment.

Sec 84C Punishment for attempt to commit offences

Whoever attempts to commit an offence punishable by this Act or causes such an offence to
be committed, and in such an attempt does any act towards the commission of the offence,
shall, where no express provision is made for the punishment of such attempt, be punished
with imprisonment of any description provided for the offence, for a term which may extend
to one-half of the longest term of imprisonment provided for that offence, or with such fine as
is provided for the offence or with both.

Sec 85 Offences by Companies.

(1) Where a person committing a contravention of any of the provisions of this Act or of any
rule, direction or order made there under is a Company, every person who, at the time the
contravention was committed, was in charge of, and was responsible to, the company for the
conduct of business of the company as well as the company, shall be guilty of the
contravention and shall be liable to be proceeded against and punished accordingly:

Provided that nothing contained in this sub-section shall render any such person liable to
punishment if he proves that the contravention took place without his knowledge or that he
exercised all due diligence to prevent such contravention.

(2) Notwithstanding anything contained in sub-section (1), where a contravention of any of

the provisions of this Act or of any rule, direction or order made there under has been
committed by a company and it is proved that the contravention has taken place with the
consent or connivance of, or is attributable to any neglect on the part of, any director,
manager, secretary or other officer of the company, such director, manager, secretary or other

33
officer shall also be deemed to be guilty of the contravention and shall be liable to be
proceeded against and punished accordingly.

The various provisions of the IT Act, 2000 enables to fight against the various cybercrimes.
There are some other legislation, along with IT Act to enforce that the cyber space is free
from crime. These statutory provisions will control and regulate the various activities in cyber
space.

3.3 OTHER LEGISLATIONS REGARDING CYBERCRIME

IT Act is not the only Act which deals with cybercrimes, as stated earlier, IPC also has
various sections dealing with cybercrimes. Apart from IPC many other laws such as Indian
Evidence Act 1872, The Bankers’ Books Evidence(BBE) Act 1891, the Reserve Bank of
India Act, 1934, etc have been amended by IT Act. The sections dealing with cybercrime are
given in the table below.

Sending threatening messages by e-mail Sec .503 IPC

Word, gesture or act intended to insult the modesty of a woman Sec.509 IPC
Sending defamatory messages by e-mail Sec .499 IPC
Bogus websites , Cyber Frauds Sec .420 IPC
E-mail Spoofing Sec .463 IPC
Making a false document Sec.464 IPC
Forgery for purpose of cheating Sec.468 IPC
Forgery for purpose of harming reputation Sec.469 IPC
Web-Jacking Sec .383 IPC
E-mail Abuse Sec .500 IPC
Punishment for criminal intimidation Sec.506 IPC
Criminal intimidation by an anonymous communication Sec.507 IPC
When copyright infringed:- Copyright in a work shall be deemed to be Sec.51
Infringed

Offence of infringement of copyright or other rights conferred by this Act.

Any Sec.63
person who knowingly infringes or abets the infringement of

Enhanced penalty on second and subsequent convictions Sec.63A

34
 Knowing use of infringing copy of computer programme to be an offence Sec.63B
Obscenity Sec. 292 IPC
Printing etc. of grossly indecent or scurrilous matter or matter intended for Sec.292A IPC
Blackmail

Sale, etc., of obscene objects to young person Sec .293 IPC

Obscene acts and songs Sec.294 IPC
Theft of Computer Hardware Sec. 378
Punishment for theft Sec.379
Online Sale of Drugs NDPS Act
Online Sale of Arms Arms Act

3.4 RULES ISSUED UNDER IT ACT

I. The Information Technology (Reasonable security practices and procedures and
sensitive personal data or information) Rules, 2011
These rules are regarding sensitive personal data or information and are applicable to
the body corporate or any person located within India. It basically require entities
holding sensitive personal information of users to maintain certain specified security
standards.
II. The Information Technology (Electronic Service Delivery) Rules, 2011
These rules provide for creation of a system of electronic delivery of services. Under
the Electronic Service Delivery Rules the government can specify certain services, such
as applications, certificates, licenses etc, to be delivered electronically.
III. The Information Technology (Intermediaries guidelines) Rules, 2011
These rules provide the rights and responsibilities of internet intermediaries in India. If
the Internet intermediaries follow these rules and exercise proper cyber due diligence,
they are entitled to a “safe harbour protection”. Otherwise, they are liable for various
acts or omission occurring at their respective platforms once the matter has been
brought to their notice.
IV. The Information Technology (Guidelines for Cyber Cafe) Rules, 2011
According to these guidelines, cyber cafes should register themselves with an
appropriate government agency, and provide services to users only after establishing

35
 their identity. It also deals with maintenance of records of such identity as well as log
of sites visited, among others.
V. The Cyber Appellate Tribunal (Salary, Allowances and other terms and conditions of
service of Chairperson and Members) Rules, 2009
These rules provide for the salary, allowances and terms of service of the Chairperson
and members of the Cyber Appellate Tribunal.
VI. The Cyber Appellate Tribunal (Procedure for investigation of Misbehaviour or
Incapacity of Chairperson and Members) Rules, 2009
These rules provide for the procedure for investigation of misbehavior or incapacity of
the Chairperson and members of the Cyber Appellate Tribunal.
VII. The Information Technology (Procedure and Safeguards for Blocking for Access of
Information by Public), 2009
The rules provide for the designation of an officer of the Central Government for the
purpose of issuing direction for blocking for access by the public any information
generated, transmitted, received, stored or hosted in any computer resource. It
provides the procedure and the safeguards to be followed by the designated officer.
VIII. The Information Technology (Procedure and Safeguards for interception, monitoring
and decryption of information) Rules, 2009
These rules explain the procedure and safeguards subject to which such interception
or monitoring or decryption may be carried out. i) The Information Technology
(Procedure and Safeguard for Monitoring and Collecting Traffic Data or Information)
Rules, 2009
It contains the procedure for aggregate monitoring of communications and the
procedural safeguards to be observed in them.
IX. The Information Technology (Use of electronic records and digital signatures) Rules,
2004
These rules deal with the manner and format in which the electronic records should be
filed, created or issued. It also states the manner or method of payment of any fees or
charges for filing or creating any electronic record.
X. The Information Technology (Security Procedure) Rules, 2004

36
 These rules prescribe the provisions relating to secure digital signatures and secure
electronic records.
XI. The Information Technology (Other Standards) Rules, 2003
The rules deal with the standards to be observed by the Controller to ensure that the
secrecy and security of the digital signatures are assured.
XII. The Information Technology (Certifying Authority) Regulations, 2001
The regulation details the technical standards and procedures to be used by a
Certifying Authority.
XIII. Information Technology (Certifying Authorities) Rules, 2000
This rule deals with licensing of Certifying authorities and the procedures that need to
be complied by them. It also prescribed the eligibility, appointment and working of
Certifying Authorities.

3.5 CRITICISM OF IT ACT35

Having discussed in detail all the provisions of IT Act, let us now look at some of the broader
areas of omissions and commissions in the Act and the general criticism the Acts have faced
over the years.

3.5.1 Awareness

There is no serious provision for creating awareness and putting such initiatives in place in
the Act. The government or the investigating agencies like the Police department (whose job
has been made comparatively easier and focused, thanks to the passing of the IT Act), have
taken any serious step to create public awareness about the provisions in these legislations,
which is absolutely essential considering the fact that this is a new area and technology has to
be learnt by all the stake-holders like the judicial officers, legal professionals, litigant public
and the public or users at large. Especially, provisions like scope for adjudication process is
never known to many including those in the investigating agencies.

35
Cyber Laws in India, Indian Institute of Banking and Finance, available at
http://www.iibf.org.in/documents/Cyber-Laws-chapter-in-Legal-Aspects-Book.pdf.

37
3.5.2 Jurisdiction

This is a major issue which is not satisfactorily addressed in the ITA or ITAA. Jurisdiction
has been mentioned in Sections 46, 48, 57 and 61 in the context of adjudication process and
the appellate procedure connected with and again in Section 80 and as part of the police
officers’ powers to enter, search a public place for a cyber crime etc. In the context of
electronic record, Section 13 (3) and (4) discuss the place of dispatch and receipt of electronic
record which may be taken as jurisprudence issues.

However some fundamental issues like if the mail of someone is hacked and the accused is a
resident of a city in some state coming to know of it in a different city, which police station
does he go to? If he is an employee of a Multi National Company with branches throughout
the world and in many metros in India and is often on tour in India and he suspects another
individual say an employee of the same firm in his branch or headquarters office and informs
the police that evidence could lie in the suspect’s computer system itself, where does he go to
file he complaint. Often, the investigators do not accept such complaints on the grounds of
jurisdiction and there are occasions that the judicial officers too have hesitated to deal with
such cases. The knowledge that cyber crime is geography-agnostic, borderless, territory-free
and sans all jurisdiction and frontiers and happens in ‘cloud’ or the ‘space’, has to be spread
and proper training is to be given to all concerned players in the field.

3.5.3 Evidences

Evidences are a major concern in cyber crimes. Pat of evidences is the ‘crime scene’ issues.
In cyber crime, there is no cyber crime. We cannot mark a place nor a computer nor a
network, nor seize the hard-disk immediately and keep it under lock and key keep it as an
exhibit taken from the crime scene.

Very often, nothing could be seen as a scene in cyber crime! The evidences, the data, the
network and the related gadgets along with of course the log files and trail of events
emanating or recorded in the system are actually the crime scene. While filing cases under IT
Act, be it as a civil case in the adjudication process or a criminal complaint filed with the
police, many often, evidences may lie in some system like the intermediaries’ computers or
some times in the opponent’s computer system too. In all such cases, unless the police swing
into action swiftly and seize the systems and capture the evidences, such vital evidences

38
could be easily destroyed. In fact, if one knows that his computer is going to be seized, he
would immediately go for destruction of evidences (formatting, removing the history,
removing the cookies, changing the registry and user login set ups, reconfiguring the system
files etc) since most of the computer history and log files are volatile in nature.

There is no major initiative in India on common repositories of electronic evidences by which

in the event of any dispute (including civil) the affected computer may be handed over to a
common trusted third party with proper software tools, who may keep a copy of the entire
disk and return the original to the owner, so that he can keep using it at will and the copy will
be produced as evidence whenever required. For this there are software tools like ‘EnCase’
wih a global recognition and our own C-DAC tools which are available with much retrieval
facilities, search features without giving any room for further writing and preserving the
original version with date stamp for production as evidence.

3.5.4 Non coverage of many crimes

While there are many legislations in not only many Western countries but also some smaller
nations in the East, India has only one legislation -- the IT Act. Hence it is quite natural that
many issues on cyber crimes and many crimes per se are left uncovered. Many cyber crimes
like cyber squatting with an evil attention to extort money. Spam mails, ISP’s liability in
copyright infringement, data privacy issues have not been given adequate coverage.

Besides, most of the Indian corporate including some Public Sector undertakings use
Operating Systems that are from the West especially the US and many software utilities and
hardware items and sometimes firmware are from abroad. In such cases, the actual reach and
import of IT Act Sections dealing with a utility software or a system software or an Operating
System upgrade or update used for downloading the software utility, is to be specifically
addressed, as otherwise a peculiar situation may come, when the user may not know whether
the upgrade or the patch is getting downloaded or any spyware getting installed. The Act does
not address the government’s policy on keeping the backup of corporates including the PSUs
and PSBs in our county or abroad and if kept abroad, the subjective legal jurisprudence on
such software backups.

We find, as has been seen earlier in the chapter, that most of the cybercrimes in the nation are
still brought under the relevant sections of IPC read with the comparative sections of IT Act

39
which gives a comfort factor to the investigating agencies that even if the IT Act part of the
case is lost, the accused cannot escape from the IPC part.

To quote the noted cyber law expert in the nation and Supreme Court advocate Shri Pavan
Duggal, “While the lawmakers have to be complemented for their admirable work removing
various deficiencies in the Indian Cyberlaw and making it technologically neutral, yet it
appears that there has been a major mismatch between the expectation of the nation and the
resultant effect of the amended legislation. The most bizarre and startling aspect of the new
amendments is that these amendments seek to make the Indian cyberlaw a cyber crime
friendly legislation; - a legislation that goes extremely soft on cyber criminals, with a soft
heart; a legislation that chooses to encourage cyber criminals by lessening the quantum of
punishment accorded to them under the existing law; ….. a legislation which makes a
majority of cybercrimes stipulated under the IT Act as bailable offences; a legislation that is
likely to pave way for India to become the potential cyber crime capital of the world……”

This being said, we should remember that it is a commendable piece of legislation, a

landmark first step and a remarkable mile-stone in the technological growth of the nation. But
let us not be complacent that the existing law would suffice. Let us remember that the
criminals always go faster than the investigators and always try to be one step ahead in
technology. After all, steganography was used in the Parliament Attack case to convey a one-
line hidden message from one criminal to another which was a lesson for the investigators to
know more about the technology of steganography. Similarly Satellite phones were used in
the Mumbai attack case in November 2008 after which the investigators became aware of the
technological perils of such gadgets, since until then, they were relying on cell phones and
the directional tracking by the cell phone towers and Call Details Register entries only.
Hopefully, more and more awareness campaign will take place and the government will be
conscious of the path ahead to bring more and more legislations in place. Actually, bringing
more legislations may just not be sufficient, because the conviction rate in Cybercrime
offences is among the lowest in the nation, much lower than the rate in IPC and other
offences. The government should be aware that it is not the severity of punishment that is a
deterrent for the criminals, but it is the certainty of punishment. It is not the number of
legislations in a society that should prevent crimes but it is the certainty of punishment that
the legislation will bring.

40
In our next chapter we will be seeing the cybercrime rate scenario of India in the year 2014
and try to analyze the data in the light of the discussions above.

41
42
 CHAPTER 4 CONCLUSION

The role of internet and Information and Technology is tremendous and touches all the aspect
of life be it political, economical or social sphere of life. But the increase in rate and types of
cybercrimes has affected our society to fully utilize the potential of these technologies. The
applications of these technologies are endless and it can be our way to the future. It can be the
key to most of the problems faced by a country like India where problems like poverty,
illiteracy, unemployment, corruption etc. are prevalent. Programs like Digital India, Skill
India, Make in India, Startup India etc. are very ambitious and much needed for the growth of
this country. It will be difficult to achieve these goals if serious issues like cybercrime will
not be dealt with properly.

The introduction of Information and Technology Act, 2000 was a great and a commendable
step taken by our government. But unfortunately due to several reasons expressed in this
project it has not been able to perform to its fullest. Lack of awareness, lack of trained
personnel, lack of timely updation of the IT Act, non coverage of the new crimes, inability to
properly punish the criminals and improper implementation are some of the problems faced
by the current Act. The data provided by NCRB clearly shows the situation of cybercrime in
India and indicates that the current cyber law system has failed to perform.

What we need now is to review our legal system and try to cover all the grey areas. We need
take appropriate steps to check cybercrimes and strengthen our legal framework. To sum up,
though a crime-free society is Utopian and exists only in dreamland, it should be constant
endeavour of rules to keep the crimes lowest. Especially in a society that is dependent more
and more on technology, crime based on electronic offences are bound to increase and the
law makers have to go the extra mile compared to the fraudsters, to keep them at bay.
Technology is always a double-edged sword and can be used for both the purposes – good or
bad. Steganography, Trojan Horse, Scavenging (and even DoS or DDoS) are all
technologies and per se not crimes, but falling into the wrong hands with a criminal intent
who are out to capitalize them or misuse them, they come into the gamut of cyber crime and
become punishable offences. Hence, it should be the persistent efforts of rulers and law

43
makers to ensure that technology grows in a healthy manner and is used for legal and ethical
business growth and not for committing crimes.

44
 BIBLIOGRAPHY

STATUTES

1. Copyright Act, 1957.

2. Indian Evidence Act, 1872.
3. Indian Penal Code, 1860.
4. Information and Technology Act, 2000.

INTERNATIONAL DOCUMENTS

1. 10th UN Congress on the Prevention of Crime and the Treatment of Offenders, 2000,
A/CONF.187/10; available at: www.uncjin.org/Documents/congr10/10e.pdf.
2. International Telecommunication Union, Understanding cybercrime: phenomena,
challenges and legal response, September 2012, available at:
http://www.itu.int/ITU-D/cyb/cybersecurity/legislation.html.
3. UNODC, Comprehensive Study on Cybercrime- Draft, February 2013, available at:
https://www.unodc.org/...crime/.../CYBERCRIME_STUDY_210213.pdf.

BOOKS CITED

1. B.S. Moshal, Modern Business Law, (1t ed., 2008).

2. Dr. Farooq Ahmad, Cyber Law in India (Law on Internet), (3d ed. 2008).
3. Granville Williams, Criminal Law, The General Part, (2d ed. 1961)
4. Nandan Kamat, Law Relating to Computers Internet and E-commerce, (2d ed. 2000).
5. Pawan Duggal, Cyber Law- The Indian Perspectives, (3d ed. 2009).
6. R.K. Bagga, Kenneth Keniston, The State, I.T. and Development, (1t ed. 2005).
7. Vakul Sharma, Information Technology – Law & Practice, (3d ed. 2011)
8. Yatinder Singh, Cyber Laws, (4th ed. 2010).

JOURNALS

1. Carter David L, Computer Crime Categories – How the Techno Criminals Operate, FBI
Law Enforcement Bulletin, July, 1995.

45
2. David S Wall, “Policing and Regulation of Internet”, Criminal Law Review Special
Edition 81(1998).
3. Marc M Goodman, Why the Police don’t Care about Computer Crime?, 10 Harvard
Journal of Law and Technology 468(1997).
4. Michael A. Sussmann, The Critical Challenges from the International High-Tech and
Computer related Crime at the Millennium, a DUKEJ. COMP & INT’L L. 451, 435-55
(1999).
5. Parker, Computer Abuse Research Update, 2 Computer L.J. 329-523 (1980).
6. R. Raman Nair & L. Sulochana Devi, Sanskrit Informatics, Centre for Informatics
Research and Development Publications Division, Kerela, 2011.
7. Raghu Santanam, M. Sethumadhavan, Cyber Security, Cyber Crime and Cyber
Forensics- Applications and Perspectives, Information Science Reference, U.S.A., 2011.
8. Sherif Kamel, Electronic Business in Developing Countries- Opportunities and
Challenges, 173, Idea Group Inc., London, 2006.
9. Taber, A Survey of Computer Crimes Studies, 2 Computer (CJ 275 (1980).
10. Vineet Kandpal & R. K. Singh, Latest Face of Cybercrime and Its Prevention In India,
International Journal of Basic and Applied Sciences Vol. 2. No. 4. 2013.
11. Karnika Seth, Cyberlaws, Indian Law Institute Publication, 2011.

ARTICLES

1. 10 Most Destructive Computer Worms and Viruses Ever, available at:

http://wildammo.com/2010/10/12/10-most-destructive-computer-worms-and-viruses-
ever/.
2. Computer Crime: Separating the Myth from Reality, C.A. Magazine, Jan. 1981
3. Cyber Laws in India, Indian Institute of Banking and Finance, available at
http://www.iibf.org.in/documents/Cyber-Laws-chapter-in-Legal-Aspects-Book.pdf.
4. Cybercrime in India: Cyber Stalking – Online Harassment, available at:
http://www.indianchild.com/cyberstalking.htm.
5. Full Guide on Cybercrimes in India, available at:
http://indiaforensic.com/compcrime1.htm.
6. ICT Facts and Figures – The world in 2015, ITU, available at: http://www.itu.int/en/ITU-
D/Statistics/Pages/facts/default.aspx.

46
7. India Affected by 'Bioazih' Trojan, Warns CERT-In, Reuter Thomson, 14 May 2015,
available at: http://gadgets.ndtv.com/internet/news/india-affected-by-bioazih-trojan-
warns-cert-in-692347.
8. India army site hacked does India have the right attitude to tackle cybercrime, available
at: http://tech.firstpost.com/news-analysis/indian-army-site-hacked-does-india-have-the-
right-attitude-to-tackle-cyber-crime-262503.html
9. India Arrests Its First Ever Cyber Criminal, available at:
http://motherboard.vice.com/blog/india-arrests-its-first-ever-cyber-criminal
10. Internet @ 46: 10 must-know facts, Times of India, 29.10.15, available at:
http://timesofindia.indiatimes.com/listshow/49580749.cms
11. Kim Zetter, Logic Bomb Set Off South Korea Cyberattack, WIRED, 21 March 2013,
available at: http://www.wired.com/2013/03/logic-bomb-south-korea-attack/.
12. Meera Bhardwaj, Present Laws Can’t Tackle Cyber Terror, The New Indian Express, 13
December 2014, available at:
http://www.newindianexpress.com/cities/bengaluru/%E2%80%98Present-Laws-Can
%E2%80%99t-Tackle-Cyber-Terror%E2%80%99/2014/12/13/article2568972.ece.
13. Nir Kshetri, “Pattern of Global Cyber War and Crime: A Conceptual Framework” The
University of North Carolina at Greensboro.
14. OLX Is Becoming A Breeding Ground For Cyber Harassment And Cyber Stalking,
available at: http://ptlb.in/ccici/?p=265.
15. Parthasarathy Pati, Cybercrime, available at
http://www.naavi.org/pati/pati_cybercrimes_dec03.htm.
16. Rohas Nagpal, Introduction to Indian Cyber Law, an extract from IPR & Cyberspace-
Indian Perspective, available at: http://www.asianlaws.org/library/cyber-laws/intro-
indian-cyber-law.pdf.
17. Sagar Rahurkar, Law Relating to Cyber Terrorism, available at:
http://www.chmag.in/article/nov2011/law-relating-cyberterrorism.
18. Sanjay Pandey, Curbing Cybercrime- A Critique of Information Technology Act, 2000
and IT Act Amendment, 2008, available at: http://www.softcell.in/pdf/IT-Act-Paper.pdf.
19. Satish Misra, India Needs a Creative Strategy to Counter ISIS's Cyber Terror, The New
Indian Express, 6 September 2015, available at:
http://www.newindianexpress.com/columns/India-Needs-a-Creative-Strategy-to-Counter-
ISISs-Cyber-Terror/2015/09/06/article3012296.ece.

47
WEBSITE REFERED

1. http://deity.gov.in/
2. http://ncrb.gov.in/
3. http://tech.firstpost.com/
4. http://www.asianlaws.org/
5. http://www.newindianexpress.com/
6. http://www.technopedia.com/
7. http://www.wired.com/
8. www.indiankannon.com
9. www.mondaq.com
10. www.scconline.com
11. www.ssrn.com
12. www.timesofindia.com

48
49