CHAPTER-I

INTRODUCTION
The present age is the age of automation where man is
shifting his maximum burden on machines to get work done.
The Computer Technology helps the present human civilization
to such a greater extend that life without computers seem to be
impossible! Speaking with examples, railway reservations,
aircraft transportations, bio-matrix attendance in offices,
Examination result cards, Traffic signals, Telephonic
communications, Banking transactions, all are now carried out
with the help of computer machines and every data and
information has acquired electronic shape and capable to move
through the optic fibers. Today, voice files, song files,
photographs, currencies, news items, clips, bio-datas, letters,
so on and so forth are capable of being transferred, distributed,
circulated and stored in electronic form. Thus present
generation is greatly depends upon the computer technology
for the easy mechanism and effective operations operated in
electric format through computers . However, the facilities of
computer technology have not come out without drawbacks.
Though it makes the life so speedy and fast, but hurled under
the eclipse of threat from the deadliest type of criminality
termed as 'Cyber crime'. The Cyber crime can halt any railway
where it is, it may misguide the planes on its flight by
misguiding with wrong signals, it may cause any important
military data to fall in the hands of foreign countries, and it may
halt e-media and every system can collapse within a fraction of
seconds. Therefore, it is necessary to examine the deadliest
form of criminality of the present millennium, conceptually
termed as Cyber crime.
Evaluating nature of Crime-Socio-Political-Economical
i)Crime as an evil factor of society

Despite crimeless society is myth, crime is omnipresent

phenomenon, and it is non-separable part of social existence,
one may get irritate by the question, 'Why there is too much
ado about crime?' No one can deny that crime is a social
phenomenon, it is omnipresent, and there is nothing new in
crime as it is one of the characteristic features of the all
societies existed so far, may it be civilized or uncivilized, and it
is one of the basic instincts of all human behaviour! However, it
should bear in mind that the social concern for high crime rate
is not because of it's nature, but due to potential disturbance it
causes to the society. Crime is a prime social concern and the
seriousness of the social effect of crime hardly needs to be
described. The general public is, by definition, always been the
victim of crime. The general public suffers losses from crime
either directly (in the treason or theft and destruction of public
property), or indirectly (in the form of the expense of
maintaining the police and the courts and in the form of
uneasiness or even terror because of the prevalence of crime).
In addition, some individuals are victims of crime in a more
specific sense. The victims of crime may lose anything that has
value. Safety, peace, money, and property are perhaps basic
values, because they contribute to the satisfaction of many
wishes. Therefore there is sentiment having hate for crime,
which reflects into the form of prescription of punishment by
political authority of given society. The crime is always
considered as an evil for the society.
ii)Definition of crime : flagged by Socio-Eco-Political riders
Conceptually, crime is a dynamic and relative phenomenon and
subjected to the relative socio-political & economical changes
occurring in existing system of society. Therefore, neither alltime suitable comprehensive definition encompassing all
aspects of crime is possible at any moment of time nor can a
single definition be made applicable to different society. With
its dynamicity, it is influenced by the changes occuring in the
correlated phenomenon and value system generated by these
changes. As evident in present scenario where money is more
2

valuable than values, a definite hike in the corruption related

offences are observed where social morality is low which
influence the commission of crime attached less social stigma
than ever before. . Incidentally economic crime is on its peak.
This clearly reflects that crime has its interdependency with
other social phenomenon, economic systems and political
machineries. Also, the population is one of the important
factors influencing incidences of crimes. A positive correlation
between the growth in incidences of crime and the population
of the country has been observed. Besides population, the
other factors influencing the crime are such as situation at a
particular place, rate of urbanization, migration of population
from neighbouring places, unemployment, income inequality,
[computer literacy in case of Cyber crime] etc.2 At the same
time, the economic structure of give society is also influence
the economic crimes. As every controlling systems for crime
has much to do with the political system which prescribe
norms, make rules, create preventive measure, the political
structure and system also influence the crime in given society.
This clearly demonstrates that every definition of crime has
correlation with the socio-economical and political factors.
iii)Emergence of Cyber crime
origin is rooted in World War-II The aftermath of World War-II
has witnessed the drastic changes in every domain of life. The
new mechanical adroit appear to convert all relationships of
man with material things vanishing the boundaries between
living and non-living being. Today mechanical adoption by
human being is challenging the standards of conventional
limitations laid down by time and space. The Cyber-technology
has played major role in this transformation. The present study
has been undertaken to touch some aspects, effect and
prospects of this Cyber-technology with special reference to
threat pose by Cyber crime by India. Efforts have been made
to analyze legal framework available for its control in India. To
start with, it is, therefore, necessary to demarcate the
dimensions of word crime. Thus it is beyond doubt that
3

crime is a relative phenomenon, universal in nature and

essentially all societies from ancient to modern have been
evidently demonstrating its presence. Each society have been
providing its own description of criminal behavior and conduct
made punishable by express will of the political community
ruling over the society and it was always influence by religioussocial-political- economical values prevailing in the given
society. Thus from time immemorial the behavior that attracts
penal liability influenced and characterized by overall outcome
of these standards. Parenthetically, just as concept of crime
[has undergone] change with the growth of Information
Technology so the categories of criminals who engage in such
crimes.3 So far Indian society is concerned, particularly during
ancient period, the definition of crime flagged by religious
interpretation. The period was known for complete dominance
of religion. Allpolitical and social activities in general and
'Crime' in particular, considered to be happened due to the
presence of super-natural power. The Demonological theory of
crime causation was an outcome of this period. Gradually
during medieval period, State started to emerge as
independent entity by breaking of religious bondages.
Marching on the line of secularism, State declared the sociopolitical and economical sphere as its sole jurisdiction and as
crime fall in the list, the definition adopted to treat crime
attempted on more secular principles. During this regime
scientific and industrial revolution took place rapidly and State
started to sponsor activities of venturing for new colonies.
Medieval period had evidenced the eras of renaissance and
restoration, which delivered new, and a fresh look to crime.
The concepts like utilitarian, positive approach, analytical
thinking, principles of natural justice, and thoughts of lessie
faire, hedonistic philosophy, and pain and pleasure theory were
outcome of this period which helped to open new horizons for
the study of crime. Latter period paved the way for scientific &
industrial revolution and rational way of interpretation
dominated the thinking. This was the period when European
countries hurled into wars for grabbing colonies in different
4

parts of the globe. Incidentally, the legal systems of various

nations of different parts of the world started to merge and
influence each other. This was the basic factor for defining
'crime' on more secular line having social and psychological
riders. Historiographical developments of crime reflect addition
and deletion of various acts as a crime and non-crime.
Depending on the prevailing dominant factors, the list of
criminal acts modified. During this period Indian Criminal
System shaped by Britishers on colonial footings. This process
lasted long to World War - II when process of colonization not
only stopped, but took reverse gear. Asian and African
countries started to liberate from the iron pawn of continental
countries to shape their own laws on domestic requirement.
However, at the same time, neo-globalization process begins
and new types of crime started to emerge challenging the age
old notion of sovereign and jurisdiction. These trans-national
crimes overthrow the possibility of encompassing it within
domestic definition. One of such categories of crime which is
new in origin, and requires treatment on different footing is
'Cyber crime'.

i.

Cyber crime -By-product of Computer Technology :

In the information age the rapid development of computers,

telecommunications and other technologies have led to the
evolution of new forms of trans-national crime known as 'Cyber
crime'. Cyber crime has no virtual boundaries and may affect
every country in the world. Cyber crime may be defined as
any crime with the help of computer and telecommunication
technology, with the purpose of influencing the functioning of
computer or the computer systems. Thus after World Wars, the
fashion of grabbing of new territory and developing the
colonies were come to an end. The manpower, techniques &
tools, brains and intelligence that were earlier hurled into the
development of new weapons, now turned their attention for
using the technology for other purposes. Soon the result of
5

using electronic technology appears on the scene. Telephone,

radio, television, mobile phones, pagers, video games are
some of the toys invented for the purpose. At the same time,
the electronic technology has provided wider dimensions of its
use in most of the sphere of life such as banking and financial
sectors, accounting, calculations, visual presentations, digital
libraries etc., The electron based technology emerge as an
alternative for paper based culture. Thus at the end of second
millennium and at the start of third millennium we feel to
entering from printing culture to electronic culture where
everything has been done with the help of computers, robots
and adroit.
ii.

Communication by Computer networking: Where the

difference lies?

One of the characteristic features of modern way of

communication is the varieties it provides. The options
available with the communication and information
dissemination through computer networking has its own
limitations and leeway. It can be described in following words,
'.. there is the matter of the differences between computer
networks and other types of communication. The distinctive
character of Internet communications for geographers comes
from the Net's merging of three basic characteristics. First is a
multidirectional interactivity: Any user can be a sender or a
receiver. Second is instantaneity: Delay relate more to the
speed of the processor used by the remote computer than to
the distance of any browsed site. Third is transnationalism:
Embargoing distant computer links is difficult without serving
all outside telephone connections and thereby crippling
economic development. Some of these characteristics may be
shared with other media, such as the telephone and radio, but
computer networks exhibit these characteristics to a unique
degree. Furthermore, the World Wide Web provides a basis for
multiple languages - textual, graphic, photographic, and

cartographic - circulating at a transnational scale in a

multidirectional and instantaneous manner.
iii.

Why does Cyber crime dangerous and the deadliest

crime?

One will wonder, at least, why is there growing importance of

Cyber crime? Why does too much excitement about it? Why is
the present day society treating it as the deadliest form of
crime? And ultimately, why does too much hubbub there for
demand of protective mechanism? The answer is simple to
reply and difficult to digest. Description of dangerous and the
deadliest nature of Cyber crime can be imagined from
following paragraphs

Today we find ourselves dependent on pagers, cellphones,

computers and electronic diaries and we wonder how we
managed without them. The more dependency and the utility of
them in day to day work have given birth to the darker side of
internet age. Network crime[] are the most unpredictable
calamity on the Cyber world. Unauthorized access, hacking,
spreading of viruses, smashing computer networks on very
large scale, the brutal weapons like e-mail bombing, logic
bombs resulting into the disrupt behavior of computer networks
are very few incidences of recent days. This crime is high-tech
and needs trained and equipped personnel to man
investigatory and prosecuting agencies for effective prevention
and control of computer related crime.
The difference between the pace of development of Computer
Technology and efforts to safeguards society from its misuse
and probable harm it may cause, the present situation is
aggravated and worsens due to the computer illiteracy,
resistance to adopt change, blunt response and lack of
awareness in society. Today, technological transformation is
happening across the world without any exception, but

technological utilization, access, technological driving forces

are in the hands of few.
The deadliest nature of Cyber crime can be put in the words of
Vivek Sood, a famous legal thinker and cyber law expert who
has commented
"Cyber crime is the deadliest epidemic confronting our planet in
this millennium. A Cyber criminal can destroy web sites and
portals by hacking and planting viruses, play online frauds by
transfer of funds from one corner of the globe to another and
gain access to highly confidential and sensitive information.
Moreover he can cause harassment by e-mail threats or
obscene material, play tax frauds, indulge in Cyber
pornography involving children, and commit innumerable other
crimes on the Internet. It is said that none is secure in the
Cyber world. The security is only for the present moment. With
the growing use of the Internet, Cyber crime would affect us all,
either directly or indirectly. Cyber crime such as hacking,
planting computer viruses and online financial frauds, have the
potential of shaking economies. Cyber crime is presently
estimated to be growing at the rate of 4.1% per week. From
640 criminal complaints (1.7 per day) in 1993 to the projected
2,82,000 (773 per day) for the year 2000, is not a slow journey
by any standards. These are the figures when no more than
10% of Cyber crime gets reported.
In the light of above description, Cyber crime seems to be the
emerging trend of new criminality, which has potentiality to
change the entire notion of set traditional road map of crime.
Justice J.B. Sinha while commenting on the nature of Cyber
crime observed
To understand Cyber crime as a significantly new phenomenon,
with potentially profoundly new consequences, it is necessary
to recognize it as a constituent aspect of the wider political,
social and economic reconstructing currently effecting
countries worldwide. This new technology not only provides
opportunity for the profitable development of an international
8

information market but has also raised the specter of new

criminal activities to exploit them. They very technology that
enables multinationals to do business more effectively and
challenge the individual controls and regulations of nation
states, also offers the prospect of globally organized criminal
networks. Moreover the free flow of uncensored information on
electronic networks and web-sites is an attractive to insurgents
and extremist groups as it is to dissidents proclaiming their
human rights.
Thus the advancement, inventions and revolution in the
modern age is the basic driving factor for Cyber-technology.
Ignorance of Cyber crime will be no excused
I)Cyber crime -Ignorance may prove fatal
Cyber crime is only important to a few people, but it should be
important to everyone. If everyone becomes aware of the
dangers of being online, the dangers will slowly disappear.8 It
only if anybody tries to understand the potential harm the
Cyber crime may cause can understand the danger of Cyber
criminality. Computers, despite being such high technology
devices, are extremely vulnerable. The description is not
imaginarythat to steal the national secrets from any
government office or any information about military
equipments from the computers of respective organization is
comparative more easily than to steal a loaf of bread from stall
of unattained hawkers standing side by road. All over again,
the risk involve the committing Cyber crime is very less due to
its special characteristics.
Inquisitively, to be noted down, computers facilitate to such a
great extend that one can imagine!! For instance, it is difficult
to filch a book, report, photographs or any other information in
printed form from any house of office. But one can take it in
the form of CD ROM where one can store lakhs of pages,
thousands of photographs from any secure location. And if this
secure place is connected to Internet, even theft can be
9

completed via computer networking without being physically

entering into premises. These make computer related crime
more severe and serious now-a-day. Furthermore, as now a day
the paper-based system is rapidly replacing by electronic based
system and more transactions are switching over to electronic
format, the danger is growing ever fast.

ii. What is Cyberspace & where does it occurs?

First consider the word 'Cyber space'. What exactly it means?
Indeed, in one sense, it is just a pattern of electrons skimming a
net of computers, a construct that describes a location where a
collection of activity occurs.9 But described like this, the space
could not be understood, or at least it could not be understood
by us. It is understood by us only when we put things into it,
when we carry into it our own language, when we colonize it,
when we domesticate it. it is not by an accident that we speak
of e-mail, or that we describe postings on "electronic bulletin
boards," or that we wonder about the dynamics of real-time
discussions in "CB-chat" areas. We have no choice but to take
control of this space at first with our ordinary terms, if indeed
we are to understand it. And it is through a practice of analogy
that this occupation occurs.
i.

Cyber crime: the complex phenomenon

How so far to safeguard? One problem with Cyber crime is its

complexity to understand and safeguards. No doubt,
computers are boon and it is very good servant as well having
lot of potentiality. It works fast, effectively, efficiently,
accurately, without taking pause, and continuously. But after
all computers works through programs specially design for the
purpose. These programs are written in several lines
compatible to computer readable language. These programs
have some tips, instructions, processes and logic to be followed
10

by operating systems. Operating systems are composed of

millions of lines of code and no single individual can claim to
understand the security implications of every bit of these
computer instructions. The hackers are always in search of any
lacuna or loopholes of this programming system. And if they
find it, they can break open the security of the programs and
enter into the security zone where they can do any havoc.
If anyhow the lacuna has detected and patched up, hackers
can easily exploit the numerous weaknesses in operating
system and security products. Thus when one weakness is
exposed and exploited openly by the 'black hat' community,
the operating system (OS) manufacturer patches it up. The
hackers then find another weakness to exploit and the cycle
goes on and on. It is far easier to find weaknesses in existing
operating systems rather than designing and developing a
secure operating system.

CRIME: TRADITIONAL AND MODERN APPROACH

Crime, the subject matter of criminal law ,is not a new
thought ,it is as old as human life, though the term crime is
used at later stage of legal evolution. Crime is both a social
and economic phenomenon. It is as old as human society.
Many ancient books right from pre-historic days, and
mythological stories have spoken about crimes committed by
individuals be it against another individual like ordinary theft
and burglary or against the nation like spying, treason etc.
Kautilyas Arthashastra written around 350 BC, considered to
be an authentic administrative treatise in India, discusses the
various crimes, security initiatives to be taken by the rulers,
possible crimes in a state etc. and also advocates punishment
for the list of some stipulated offences .Crime can be defined
as an act which is followed by legal consequences if it is
considered as a mistake that is against the law, it was well
11

said by Per Lord Atkin that the only standard thing that can
measure the criminality of act is the punishment or the
penalisation given to that particular act. Crime in any form
adversely affects all the members of the society. In
developing economies, cyber crime has increased at rapid
strides, due to the rapid diffusion of the Internet and
technology in almost all walks of society right from corporate
governance and state administration, up to the lowest level of
petty shop keepers computerizing their billing system,
computers and other electronic devices pervading the human
life, man cannot spend a day without computers or a mobile.
ELEMENTS OF CRIME : ACTUS REUS AND MENS REA

Mens rea refers to the crime's mental elements of the

defendant's intent. This is a necessary elementthat is, the
criminal act must be voluntary or purposeful. Mensrea is the
mental intention (mental fault), or the defendant's state of
mind at the time of the offense, sometimes called the guilty
mind1. It stems from the ancient maxim of obscure origin,
"actus reus non facit reum nisi mens sit reas" that is translated
as "the act is not guilty unless the mind is guilty."For example,
the mens rea of aggravated battery is the intention to do
serious bodily harm.
All crimes require actus reus. That is, a criminal act or an
unlawful omission of an act, must have occurred 2. A person
cannot be punished for thinking criminal thoughts. This element
is based on the problem of standards of proof. Further, the law's
purview is not to punish criminal ideas but to punish those who
act upon those ideas voluntarily. Unlike thoughts, words can be
1 R.C NIGAM, LAW OF CRMES IN INDIA ,PRINCIPLES OF CRIMINAL LAW,VOL.1 ) 6
2 UNDER THE TREASON ACT,1351(AS AMENDED) THOUGH IT IS AN OFFENCE TO IMAGIN
THE DEATH OF THE SOVEREIGN BUT THE COURT IN R. V THISTLEWOOD,1820 RULED
THAT THE INTENTION MUST BE REFLECTED BY SOME OVERT ACT.
12

considered acts in criminal law. For example,

threats, perjury, conspiracy, and solicitation are offenses in
which words can constitute the element of actus reus. The
omission of an act can also constitute the basis for criminal
liability. Mens rea is almost always a necessary component in
order to prove that a criminal act has been committed. Mens
rea varies depending on the offense. For murder, the mental
element requires the defendant acted with "malice
aforethought". Others may require proof the act was committed
with such mental elements such as "knowingly" or "willfulness"
or "recklessness". Arson requires an intent to commit a
forbidden act, while others such as murder require an intent to
produce a forbidden result. Motive, the reason the act was
committed, is not the same as mens rea and the law is not
concerned with motive. This can be summed up in these words:
a man will be criminally responsible if:
1. he was acting voluntarily
2. knew what he was doing;
3. in those crimes where particular consequences form a part
of the actus reus,foresaw the likelihood of those
consequences

CYBER CRIME

13

The term 'cyber crime' has not been defined in any Statute or
Act. The Oxford Reference Online defines 'cyber crime' as crime
committed over the Internet.
The Encyclopedia Britannica defines 'cyber crime' as any crime
that is committed by means of special knowledge or expert use
of computer technology. So what exactly is Cyber Crime. Cyber
Crime could reasonably include a wide variety of criminal
offences and activities.
CBI Manual defines cyber crime as:
1. Crimes committed by using computers as a means,
including conventional crimes.
2. Crimes in which computers are targets.
A generalized definition of cyber crime may be "unlawful acts
where in the computer is either a tool or target or both".

DOCTRINE OF
CYBER CRIME :

MENSREA

AND

ACTUS

REUS

IN

Doctrine of mens rea applies to cyber crimes also. In it, one

should see what the state of mind of a hacker was and that the
hecker knew that the access was unauthorised in relation to
any computer. The following two ingredients form the mens rea
applied to a hacker3:
1. The access intented to be secured must have been
unauthorised.
2. There should be awareness on part of the hacker
regarding the access.
Actus reus in cyber crimes has become a challenge as the
entire act is committed in intangible surroundings. Every
time a computer is moved by human hands, any of the
following actions may follow which may be regarded as actus
reus:
3 ANKIT MAJUMDAR, A practice on hyper linking,framing and met tagging ,law relating
to computers ,internet and e-commerce.(2002 edition.)272
14

1. Trying to do some act using computer.

2. Either attempting to access the data stored on the
computer or from outside through the said computer.

CHAPTER-II
15

CYBER CRIME: A DEVIANCE FROM TRADITIONAL CRIMES

Internet has revolutionized the conventional notion of crime.
The deviance is noted in the following manner : cyber crime are
easy to commit, require few resources related to the potential
damage caused, can be committed in a jurisdiction without
being physically present in it and they are often not clearly
illegal.
Traditional crime

Scene of
occurrence
Can be
spotted

report to
the police

alleged
accused is
generally a
common
man

Arrest
and
seizure

Investigatio
n

trial by
court having
jurisdiction

productio
n of
evidence

Multinationa
l jurisdiction

Intangible
and
volatile
evidence

Cyber crime

Scene of
occurrence
unknown

Latency in
report to
the police

alleged
accused is
generally a
computer

Police is
untrained

Investigatio
n High tec

CYBER CRIMES - THREE CATEGORIES

16

AGAINST PROPERTY Financial crimes cheating on-line illegal

funds transfer.
AGAINST PERSONS On-line harassment, Cyber Stalking,
Obscenity.
AGAINST NATIONS Cyber Terrorism Damaging critical
information in frastructures.

MODUS OPERANDI OF CYBER CRIME:

It is a system of actions of the criminals united by one
intention directed on preparing ,committing ,and covering up
crime and connected to use of corresponding Facilities and
means. Modus operandi of committing cybercrime mainly
involves illegal interference in computer ,computer system and
network operation.such interference is of two types i.e direct
access and indirect access.4
I.

OFFENSIVE MESSAGES
(Messaging, annoying, intimidating, insulting, misleading,
defaming)
1. SMS-SMS may be sent using mobile phone of ones own
identity or by acquiring a fade identity.Few SMSs had been
circulated affecting public tranquillity; Eg: False Tsunami
warning, false alarm as target of explosion.
2. MMS-Multimedia messages often defaming or obscene
aresent among small groups using mobile phones/
Bluetooth.If there had been a sharing in many mobile
equipmentsthe first source couldnt be fixed. Eg., Arrest of
theManaging Director of bazee.com in a school MMS
scandal in Delhi. Often captured in private places
unknowingly forfuture exploitation.
3. Web based SMS-SMS can be sent by logging onto sites
likeway2sms.com by becoming a member of the sitetyping
the message of choice and choosing destinationto be sent

4 Valadmir golubev,computer crime typology16-1-2004.

17

any where in the world by concealing onesidentity

Way2sms never share the IP logs with law
enforcementagencies.
4. Chat room messages- Chat room messages in internet
relay chats happens bydirect connection between each
others machines inwhich the IP logs are stored neither by
Yahoo norGoogle and so information shared in Chat rooms
maybe saved but can never be traced retrospectively to
itsorigin.
II.

OFFENSIVE CALLS
(Offender calls either by his/her own name or by acquiring
false identity- Landlinecalls/mobile calls, web based calls
etc.)
1. Landline/mobile calls- Many landlines still have no caller
Ids.Difficulty if the connection is in a non-existentfictitious
address.
2. Web based calls- Calls can be made by spoofing the
mobile numberusing the sites like
http://www.phonetrick.net/www.prankdial.com/

III.

DECEPTIVE MESSAGES
(Lottery, cheating, job racket) (SMS of lottery
cheating, emailsof prize money, articles, falsepromise of
jobs, false mail foradmission to a reputedUniversity).Greed
of the victim is the main reason why cyber frauds are
successful. SMS/Email messages of winning a lottery of
prizemoney or articles, alluring people to deposit
money.Clues available are email IDs and sometimes
fewmobile phone numbers.Live.com, Yahoo.co.uk domains
IP which arefrequently used never share the login IPs and
itprovides a conducive climate for commission ofcrimes.To
the extent it was made available, the IP logsinvariably had
shown some Nigerian, Mediterranean,Middle East and
American countries. Hence usersdetails are not available.

18

IV.

DATA THEFT
(Theft of proprietary information causing breach of
confidentiality and integrity and There by altering its
utility value. More due to disharmony in
employee/employer situations by disgruntled employees.)
Sensitive information belonging to business organizations
is targeted by rivals, criminals and sometimes even by
disgruntled employees.
Disharmony in work place often makes the ex-employees
to take away the
valuable data or design or client
information.
Sometimes they damage it; delete it; or sell it to a
competitor.
Many a times the employers become suspicious about
their ex-employees and attribute instances of data theft
which the ex-employee was holding in his possession to
carryout his official duties at the time of his employment.
Frequently breach of Non Disclosure of Agreement(NDA)
and Memorandum of terms of employment are often
attributed to criminal activity by employers which in truth
may be a civil violation.

V.

IDENTITY THEFT
Identity theft involves fraudulent or dishonest use of
someones electronic signature, password or other unique
identification feature.It is the first step towards credit card
fraud, onlineshare trading scams and e-banking crimes.

VI.

INTERNET VIOLATIONS OF COPY RIGHTS

(Internet violation of copyrighted informations like feature
films, songs, music etc.IPR theft)
Posting of features films, part of the films, causing loss to
the revenue and criminal violations of Copy Right Act,
1957 often challenges the film industries and law
enforcement.
Uploading happening in Indian servers can be deleted.
19

 If it is an International server, deletion happens by

request. Despite that if persisting, deletion becomes a
task of chance and persons behind the activity may not
surface at all.
VII.

FINANCIAL CRIMES SPOOFING/ PHISHIHG/

INTERNET BANKING
(Offender creates/Spoofs, the webpage of a bank or any
organization in the guise ofenhancing their security or
updating the services, collects personal confidential
information at various stages and abuses the information
for causing wrongful loss,fraudulent transfer of funds in
Internet banking)

This is a wide term that includes credit card fraud, online

share trading scams and e-banking crimes.
In todays highly digitalized world, almost everyone is
affected by financial crimes.
Phishing usually involves spoofed emails that contain links
to fake websites.
Spoofing becomes a pre-requisite for causing deceptive
belief and it follows phishing of vital information.
Spoofing of the sites normally happens in bank pages if
the intention is for a financial fraud. Other sites get
spoofed for misleading the viewer or for causing
embarrassment.
A spoofed page becomes difficult to be distinguished by
normal viewers.
Phishing normally happens for credit card related
information or for password details of internet banking.
Internet Banking requires unique authentication. Forgotten
PIN or password option generates new ones if answers to
the questions match. New PIN orPasswords reach as
mobile SMS, mobile phone security if compromised,
criminals then know the precious PIN or Password.
Fund transfer normally goes to bogus fictitious accounts
within the country but far apart in Geography.
20

 Quick withdrawal happens through short living accounts

and the offender manages to open further bogus accounts
as a preparation for his future crimes.
VIII.

WEB PAGE HACKING

(The page gets defaced by altering the content of the file
and appearance causing embarrassment and denial of
service)
The primary objective in web page hacking is to deface
and embarrass an organization or an institute.
The intention may extend from causing a denial of service
to bringing down a business competitor.
Government sites get hacked and hackers sometimes
claim responsibility for hacking; the intention being to
cause defamation and damage to the dignity of
theinstitution.

IX.

SPAM/MALWARE/ ESPIONAGE
Spam is the abuse of electronic messaging systems to
send unsolicited bulk messages indiscriminately.
E-mail spam, known as junk mail, is the practice of
sending unwanted email messages, frequently with
commercial content, in large quantities to an
indiscriminate set of recipients.
Malware is software designed to infiltrate or damage a
computer system without the owners informed consent.
Malware is a wide term that includes viruses, worms,
Trojans, rootkits, backdoors, spyware, botnets, keystroke
loggers and dialers.
Cyber espionage is the act of obtaining personal, sensitive
proprietary or classified information without permission.
Also known as cyber spying, it involves the use of
cracking techniques and malicious software including
Trojans and spyware.

21

X.

MOBILE DEVICE ATTACKS

Threats to the security of mobile devices include
unauthorized access, stolen, handsets, data theft,
malware, phishing etc.
Mobile devices are getting more computing power and are
becoming increasingly feature rich. This increases the
likelihood of attacks against potential vulnerabilities.

XI.

DENIAL OF SERVICE
This involves flooding a computer with more requests than
it can handle, causing it to crash.
In a Distributed Denial of Service (DDoS) attack, the
perpetrators are many and are geographically
widespread.5

XII.

SOCIALENGINEERING
A social engineering attack tricks people into revealing
passwords or other confidential information by making
people believe an unanticipated situation.
Training the personnel for handling such situations and
effectively ensuring the need to know basis may be a
viable solution.

XIII.

VIOLATION OF PRIVACY
(Capturing and publishing the images, pictures and videos
of individuals often without the knowledge and
concurrence and thereby passing humiliation
andembarrassment)
Normally females victimized in this way by the posting of
pictures with an attachment of an unwanted message,
often with the phone number to cause incessant
disturbance by calls from international strangers.

5Susan W. Brenner, Cybercrime: Criminal Threats from Cyberspace, ABC-CLIO, 2010, pp. 91
22

 Social networking sites like Orkut have fairly responded to

Police requests by furnishing the IP addresses and log
details.
Face book has proved to be a non-responsive, despite
requests not withstanding even if addressed to any of the
International organizations like Child ExploitationOn-line
Protection forums.
Social networking sites like face book have maintained its
unbroken silence if requests for deletion of posted pictures
were addressed.
XIV.

CYBER TERRORISM
Cyber terrorism involves the use or threat of disruptive
cyber activities for ideological, religious or political
objectives. Government officials and Information
Technology security specialists have documented a
significant increase in Internet problems and server scans
since early 2001. But there is a growing concern among
federal officials[who?] that such intrusions are part of an
organized effort by cyber terrorists, foreign intelligence
services, or other groups to map potential security holes in
critical systems. A cyber terrorist is someone who
intimidates or coerces a government or organization to
advance his or her political or social objectives by
launching computer-based attack against computers,
network, and the information stored on them.
Cyber terrorism in general, can be defined as an act of
terrorism committed through the use of cyberspace or
computer resources (Parker 1983). As such, a simple
propaganda in the Internet, that there will be bomb
attacks during the holidays can be considered cyber
terrorism. As well there are also hacking activities directed
towards individuals, families, organized by groups within
networks, tending to cause fear among people,
demonstrate power, collecting information relevant for
ruining peoples' lives, robberies, blackmailing etc.
23

Cyber extortion is a form of cyber terrorism in which a

website, e-mail server, or computer system is subjected to
repeated denial of service or other attacks by malicious
hackers, who demand money in return for promising to
stop the attacks. According to the Federal Bureau of
Investigation, cyber extortionists are increasingly
attacking corporate websites and networks, crippling their
ability to operate and demanding payments to restore
their service. More than 20 cases are reported each month
to the FBI and many go unreported in order to keep the
victim's name out of the public domain. Perpetrators
typically use a distributed denial-of-service attack.
XV.

OBSCENITY &PORNOGRAPHY
(Uploading obscene and lascivious materials in Internet
and causing propagation and transmission: abusing
children and uploading of images of such abuse)

International online sharing sites like

Rapidshare,megaupload and various sites have provided a
nurturing platform for the cultivation, propagation and
transmission of the menace of pornography including
children.
Surprisingly sites like Paypal and other online payment
sites have been hand in glove with such sites
promptingone to infer that there might be a sharing of
theproceeds of income by the propagation of pornography.
Blocking of porno-sites had been a challenge both in
technical and legal means because the content can
behosted in a different domain names or in different IP
addresses from different geographies of the world.
XVI.

DRUG TRAFFICKING
Drug traffickers are increasingly taking advantage of the
Internet to sell their illegal substances through
24

encrypted e-mail and other Internet Technology.

Some drug traffickers arrange deals at internet cafes, use
courier Web sites to track illegal packages of pills, and
swap recipes for amphetamines in restricted-access chat
rooms.
The rise in Internet drug trades could also be attributed to
the lack of face-to-face communication. These virtual
exchanges allow more intimidated individuals to more
comfortably purchase illegal drugs. The sketchy effects
that are often associated with drug trades are severely
minimized and the filtering process that comes with
physical interaction fades away

CHAPTER-III
INFORMATION TECHNOLOGY ACT, 2000 :

25

Cyber Crime is not defined in Information Technology Act

20006 or in the I.T. Amendment Act 2008 or in any other
legislation in India. In fact, it cannot be too. Offence or crime
has been dealt with elaborately listing various acts and the
punishments for each, under the Indian Penal Code, 1860 and
quite a few other legislations too. The I.T. Act defines a
computer, computer network, data, information and all other
necessary ingredients that form part of a cyber crime. Cyber
crime is a generic term that refers to all criminal activities
done using the medium of computers, the Internet,cyber
space and the worldwide web. There isnt really a fixed
definition for cyber crime. The Indian Law has not given any
definition to the term cyber crime. In fact, the Indian Penal
Code does not use the term cyber crime at any point even
after its amendment by the Information Technology
(amendment) Act 2008, the Indian Cyber law. But Cyber
Security is defined under Section (2) (b) means of protecting
information, equipment, devices computer, computer
resource, communication device and information stored
therein from unauthorized access, use, disclosure, disruption,
modification or destruction.
The Act totally has 13 chapters and 90 sections (the last four
sections namely sections 91 to 94 in the ITA 2000 dealt with
the amendments to the four Acts namely the Indian Penal
Code 1860, The Indian Evidence Act 1872, The Bankers
Books Evidence Act 1891 and the Reserve Bank of India Act
1934).

6 The bill was passed by both houses of the Parliament and received president assent on
9-6-2000.

26

THE GENESIS OF IT LEGISLATION IN INDIA:

Mid 90s saw an impetus in globalization and computerisation,
with more and more nations computerizing their governance,
and e-commerce seeing an enormous growth. Until then,
most of international trade and transactions were done
through documents being transmitted through post and by
telex only. Evidences and records, until then, were
predominantly paper evidences and paper records or other
forms of hard-copies only. With much of international trade
being done through electronic communication and with email
gaining momentum, an urgent and imminent need was felt for
recognizing electronic records ie the data what is stored in a
computer or an external storage attached thereto.
The United Nations Commission on International Trade Law
(UNCITRAL) adopted the Model Law on e-commerce in 1996.
The General Assembly of United Nations passed a resolution
in January 1997 inter alia, recommending all States in the UN
to give favourable considerations to the said Model Law,
which provides for recognition to electronic records and
according it the same treatment like a paper communication
and record.

OBJECTIVES OF I.T. LEGISLATION IN INDIA:

It is against this background the Government of India enacted
its Information Technology Act 2000 with the objectives 7 as
follows, stated in the preface to the Act itself.
to provide legal recognition for transactions carried out by
means of electronic data "electronic commerce", which
involve the use of alternatives to paper-based methods of
communication and storage of information, to facilitate
7 Statements of objects and reasons(I.T) ACT 2000.
27

electronic filing of documents with the Government

agencies and further to amend the Indian Penal Code, the
Indian Evidence Act, 1872, the Bankers' Books Evidence
Act, 1891 and the Reserve Bank of India Act, 1934 and for
matters connected therewith or incidental thereto.
The Information Technology Act, 2000, was thus passed as the
Act No.21 of 2000, got President assent on 9 June and was
made effective from 17 October 2000. The Act essentially
deals with the following issues:
Legal Recognition of Electronic Documents
Legal Recognition of Digital Signatures
Offences and Contraventions
Justice Dispensation Systems for cyber-crimes.

INFORMATION TECHNOLOGY AMENDMENT ACT,2008

In the last week of December, 2008, the Parliament of India
has passed the amendments to the Information Technology
Act 2000, which is popularly known as Indian cyberlaw. The IT
Amendment Act 2008 brings about various sweeping changes
in the existing Cyberlaw.
Being the first legislation in the nation on technology,
computers and ecommerce and e-communication, the Act
was the subject of extensive debates, elaborate reviews and
detailed criticisms, with one arm of the industry criticizing
some sections of the Act to be draconian and other stating it
is too diluted and lenient. There were some conspicuous
omissions too resulting in the investigators relying more and
more on the time-tested (one and half century-old) Indian
Penal Code even in technology based cases with the I.T. Act
also being referred in the process and the reliance more on
IPC rather on the ITA.
Thus the need for an amendment a detailed one was felt
for the I.T. Act almost from the year 2003- 04 itself. Major
industry bodies were consulted and advisory groups were
28

formed to go into the perceived lacunae in the I.T. Act and

comparing it with similar legislations in other nations and to
suggest recommendations. Such recommendations were
analysed and subsequently taken up as a comprehensive
Amendment Act and after considerable administrative
procedures, the consolidated amendment called the
Information Technology Amendment Act 2008 was placed in
the Parliament and passed without much debate, towards the
end of 2008 (by which time the Mumbai terrorist attack of 26
November 2008 had taken place). This Amendment Act got
the President assent on 5 Feb 2009 and was made effective
from 27 October 2009.

Some of the notable features of the ITAA are as follows:

Focussing on data privacy
Focussing on Information Security
Defining cyber caf
Making digital signature technology neutral
Defining reasonable security practices to be followed by
corporate
Redefining the role of intermediaries
Recognising the role of Indian Computer Emergency
Response Team
Inclusion of some additional cyber crimes like child
pornography and cyber terrorism
authorizing an Inspector to investigate cyber offences (as
against the DSP earlier)

29

SCHEME OF OFFENCES

Schemes of
offences

INFORMATION
TECHNOLOGY
ACT,2000

INFORMATION
TECHNOLOGY
AMENDMENT ACT
20008

Section 43 (a)- (j)

New sections 43 A ,
66 A to F, 67,67 A to
C, 68(2), 69, 69- a &
b,72-A, 84-B And 84 C.

Sections 65 - 72

30

IT ACT, 2000 VS IT (AMENDMENT ) ACT, 2008

1. Electronic signatures introducedThis includes digital signatures as one of the modes of
signatures and is far broader in ambit covering biometrics
and other new forms of creating electronic signatures. It
allows 3 forms of authentication that are simpler to use
such as retina scanning can be quite useful in effective
implementation of the Act.
2. Corporate responsibility introduced in S. 43A
The corporate responsibility for data protection is
incorporated in S 43A in the amended IT Act, 2000 whereby
corporate bodies handling sensitive personal information or
data in a computer resource are under an obligation to
ensure adoption of reasonable security practices to
maintain its secrecy, failing which they may be liable to pay
damages.
3. Critique on amended section 43 of IT ActThe amended Act provides the distinction between
contravention and offence by introduction of the
element of mens rea for an offence (s 43 for contraventions
and s 66 of the Act for offences). S.43 is to cover only acts
done inadvertently or by negligence. This certainly cannot
be the intention /objective of the amendment.

31

4. Important definitions added

Two very important definitions are added to the IT Act
through IT Amendment Act,2008- Section 2(ha)Communication device and Section 2 (w)
intermediary. Although cell phones and other devices
used to communicate would fall under the definition of
computer in the IT Act.This amendment removes any
ambiguity and brings within the ambit of the Act all
communication devices, cellphones, ipods or other devices
used to communicate, send or transmit any text ,video
,audio or image. The insertion of definition of
intermediary similarly clarifies the categories of service
providers that come within its definition that includes
telecom service providers,network service
providers,internet service provider, webhosting service
providers,search engines,online payment sites,online
auction sites,online market places and cyber cafes.
5. Legal validity of electronic documents reemphasizedTwo new sections Section 7A and 10A in the amended Act
reinforce the equivalence of paper based documents to
electronic documents. Section 7A in the amended Act
makes audit of electronic documents also necessary
wherever paper based documents are required to be
audited by law. Section 10A confers legal validity &
enforceability on contracts formed through electronic
means.

6. Critique on Power of Controller under the amended

ActSection 28 of the Act provides that the Controller or any
authorized officer shall investigate any contravention of
the provisions of this Act, rules or regulations made
thereunder.These words should be replaced with words
any contravention of the provisions of this Chapter in light
32

of the fact that the amendment in Section 29 for Controllers

power to access computers and data has been curtailed by
removal of words any contravention of the provisions of
this Act, rules or regulations made thereunder for insertion
of words any contravention of the provisions of this
Chapter . Also, the Controllers power cannot mean to
overlap with Adjudicating officers who are authorized to
adjudicate on cases of contravention that fall under Section
43 or the subject matter jurisdiction of CAT or the Police.
Therefore , the power of Controller has to be interpreted
keeping in view the intent & objectives of the Act which can
be clarified. The role of the Controller to act as repository of
digital signatures has been repealed by the IT Amendment
Act, 2008. This role has now been assigned to the Certifying
Authority in Section 30 of the IT Act. This change poses a
major challenge to ensuring the secrecy and privacy of
electronic signatures is maintained. The Certifying
authorities will bear greater responsibility and need to
strengthen their security infrastructure to ensure its role as
repository is delivered with efficacy. It will need to allocate
more resources and manpower to regularly publish
information regarding its practices, electronic signatures
certificates and publish the current status of each
certificate.
7. The Role of Adjudicating officers under the amended
ActThe Adjudicating officer s power under the amended Act in
Section 46 (1A) is limited to decide claims where claim for
injury or damage does not exceed 5 crores. Beyond 5 crore
the jurisdiction shall now vest with competent court. As per
Section 46(2),the quantum of compensation that may be
awarded is left to the discretion of Adjudicating officers.This
leaves a wide room for subjectivity and quantum should be
decided as far as possible objectively keeping in view the
parameters of amount of unfair advantage gained amount
of loss caused to a person (wherever quantifiable), and
33

repetitive nature of default.In the IT Act,2000 the office of

adjudicating officer had the powers of civil court and all
proceedings before it are deemed to be judicial
proceedings.
8. Composition of CATThe amended Act has changed the composition of the
Cyber Appellate Tribunal .The Presiding officer alone would
earlier constitute the Cyber Regulations Appellate Tribunal
which provision has now been amended. The tribunal would
now consist of Chairperson and such number of members
as Central Government may appoint. The qualifications for
their appointment, term of office salary , power of
superintendence, resignation and removal, filling of
vacancies have been incorporated. The decision making
process allows more objectivity with Section 52 D that
provides that the decision shall be taken by majority. It is
pertinent to note that there has not been any amendment
in Section 55 by 2008 amendments which states that no
order of CAT shall be challenged on ground that there
existed a defect in constitution of appellate tribunal.
However, in my view this runs contrary to principles of
natural justice. An analogy is drawn to Arbitrations where
defect in constitution of a tribunal renders an award subject
to challenge as per Indian laws.

NEW CYBERCRIMES AS OFFENCES UNDER

AMENDED ACT-

Sec 66

As proposed in ITAA, 2008, this Section

combines contraventions indicated in
Section 43 with penal effect and reduces
34

Sec 66 A

Sec 66 B
Sec 66C
Sec 66 D
Sec 66 E
Sec 66 F
Sec 67

Sec 67 A

Sec 72

the punishment from 3 years to 2 years.

It also introduces the pre-conditions of
"Dishonesty" and "Fraud" to the current
Section 66.
Punishment for sending offensive
messages through communication
service, etc.
Punishment for dishonestly receiving
stolen computer resource
orcommunication device
Punishment for identity theft
Punishment for cheating by
personation by using computer
resource
Punishment for violation of privacy
Punishment for cyber terrorism
Punishment for publishing or
transmitting obscene material
inelectronic form.
Punishment for publishing or
transmitting of material
containingsexually explicit act, etc., in
electronic form

Any person who, in pursuance of any of

the powers conferred underIT Act, has
secured access to any electronic record,
book, register, correspondence,
information or document without the
consen of the person concerned
discloses such electronic record, book,
register,
correspondence, information, document
to any other person.
Publishing Digital Signature Certificate
35

Sec 73

Sec 74

false in certain particulars.Publishing a

Digital Signature Certificate or otherwise
making it available to any other person
with the knowledge that the certifying
Authority listed in the certificate has not
issued to other subscriber listed in the
certificate has not accepted it or the
certificate has been
revoked or suspended, unless such
publication is for the purpose of verifying
a digital signature created prior to such
suspension or revocation.
Creation, publication or otherwise
making available a DigitalSignature
Certificate for any fraudulent or unlawful
purpose

Many cybercrimes for which no express provisions existed in

the IT Act,2000 now stand included by the IT (Amendment)
Act, 2008. Sending of offensive or false messages (s 66A),
receiving stolen computer resource (s 66B), identity theft (s
66C), cheating by personation (s 66D), violation of privacy (s
66E). A new offence of Cyber terrorism is added in Section 66
F which prescribes punishment that may extend to
imprisonment for life . Section 66 F covers any act committed
with intent to threaten unity ,integrity,security or sovereignty
of India or cause terror by causing DoS attacks, introduction
of computer contaminant, unauthorized access to a computer
resource, stealing of sensitive information, any information
likely to cause injury to interests of sovereignty or integrity of
India, the security, friendly relations with other states, public
order, decency , morality, or in relation to contempt of court,
defamation or incitement to an offence , or to advantage of
any foreign nation, group of individuals or otherwise. For
other offences mentioned in Section 66 , punishment
prescribed is generally upto three years and fine of one/two
lakhs has been prescribed and these offences are cognisable
36

and bailable. This will not prove to play a deterrent factor for
cyber criminals. Further, as per new S. 84B, abetment to
commit an offence is made punishable with the punishment
provided for the offence under the Act and the new S. 84C
makes attempt to commit an offence also a punishable
offence with imprisonment for a term which may extend to
one-half of the longest term of imprisonment provided for that
offence. In certain offences, such as hacking (s 66)
punishment is enhanced from 3 years of imprisonment and
fine of 2 lakhs to fine of 5 lakhs. In S. 67, for publishing of
obscene information imprisonment term has been reduced
from five years to three years (and five years for subsequent
offence instead of earlier ten years) and fine has been
increased from one lakh to five lakhs (rupees ten lakhs on
subsequent conviction). Section 67A adds an offence of
publishing material containing sexually explicit conduct
punishable with imprisonment for a term that may extend to
5 years with fine upto ten lakhs. This provision was essential
to curb MMS attacks and video vouyerism. Section 67B
punishes offence of child pornography, childs sexually
explicit act or conduct with imprisonment on first conviction
for a term upto 5 years and fine upto 10 lakhs. This is a
positive change as it makes even browsing and collecting of
child pornography a punishable offence. Punishment for
disclosure of information in breach of lawful contract under
sec 72 is increased from 2 yrs upto 5 yrs and from one lakh to
5 lakh or both. This will deter the commission of such crime.
By virtue off Section 84 B person who abets a cybercrime will
be punished with punishment provided for that offence under
the Act. This provision will play a deterrent role and prevent
commission of conspiracy linked cybercrimes. Also,
punishment for attempt to commit offences is given under
Section 84 c which will be punishable with one half of the
term of imprisonment prescribed for that offence or such fine
as provided or both.

37

1. Section 67 C to play a significant role in cyber crime

prosecutionSection 67 C brings a very significant change in the IT
Act,2000 .According to this section, intermediaries shall be
bound to preserve and retain such information as may be
prescribed by the Central government and for such duration
and format as it may prescribe. Any intermediary that
contravenes this provision intentionally or knowingly shall
be liable on conviction for imprisonment for a term not
exceeding 2 yrs or fine not exceeding one lac or both. Many
cybercrime cases cannot be solved due to lack of evidence
and in many cases this is due to the fact that ISP failed to
preserve the record pertaining to relevant time .This
provision is very helpful in collection of evidence that can
prove indispensable in cybercrime cases.
2. Section 69-Power of the controller to intercept
amended
Section 69 that deals with power of Controller to intercept
information being transmitted through a computer resource
when necessary in national interest is amended by Section
69.In fact the power vests now with the Central Government
or State Government that empowers it to appoint for
reasons in writing, any agency to intercept, monitor or
decrypt any information generated , transmitted , received
or stored in any computer resource . This power is to be
exercised under great caution and only when it is satisfied
that it is necessary or expedient to do so in interests of
sovereignty,or integrity of India, defence of India,security of
the State , friendly relations with foreign states or public
order or for preventing incitement to the commission of any
cognizable offence relating to above or for investigation of
any offence . The procedure and safeguards to exercise this
power are laid out by the Information Technology
(procedure and safeguards for interception , monitoring and
decryption of Information ) Rules, 2009 . The subscriber or
intermediary that fails to extend cooperation in this respect
38

is punishable offence with a term which may extend to 7 yrs

and imposition of fine. The element of fine did not exist in
the erstwhile Section 69. The said rules provide ample
safeguards to ensure the power in this section is diligently
exercised, with due authorization procedures complied with
and not abused by any agency/intermediary including
maintaining confidentiality and rules for maintaining or
destruction of such records.
3. Power to block unlawful websites should be
exercised with cautionSection 69A has been inserted in the IT Act by the
amendments in 2008 and gives power to Central
government or any authorized officer to direct any agency
or intermediary(for reasons recorded in writing ) to block
websites in special circumstances as applicable in Section
69.Under this Section the grounds on which such blocking is
possible are quite wide. In this respect, the Information
Technology (Procedure and Safeguards for Blocking for
Access of Information by Public ) Rules, 2009 were passed
vide GSR 781(E) dated 27 Oct 2009 whereby websites
promoting hate content, slander, defamation, promoting
gambling, racism, violence and terrorism, pornography,
violent sex can reasonably be blocked. The rules also allow
the blocking of websites by a court order. It further provides
for review committee to review the decision to block
websites. The intermediary that fails to extend cooperation
in this respect is punishable offence with a term which may
extend to 7 yrs and imposition of fine. We need to use this
power with caution as it has a thin line that distinguishes
reasonable exercise of power fro Censorship.
4. Section 69B added to confer Power to collect,
monitor traffic data
As a result of the amendments in 2008 , Section 69 B
confers on the Central government power to appoint any
agency to monitor and collect traffic data or information
generated ,transmitted, received,or stored in any computer
39

resource in order to enhance its cybersecurity and for

identification, analysis, and prevention of intrusion or
spread of computer contaminant in the country . The
Information Technology (procedure and safeguard for
monitoring and collecting traffic data or information ) Rules,
2009 have been laid down to monitor and collect the traffic
data or information for cyber security purposes under
Section 69B .It places responsibility to maintain
confidentiality on intermediaries, provides for prohibition of
monitoring or collection of data without authorization. This
prescribes stringent permissions required to exercise the
powers under this Section which are fully justified as abuse
of this power can infreinge the right to privacy of netizens.
It also provides for review of its decisions and destruction of
records. The intermediary that fails to extend cooperation in
this respect is punishable offence with a term which may
extend to 3 yrs and imposition of fine.
5. Significance of the term Critical Information
Infrastructure Section 70 has a very important definition added by the IT
(amendment) Act,2008. The explanation to Section 70
defines what is critical information infrastructure .It
encompasses the computer resource the destruction of
which not only has an adverse impact on defence of India
but also economy, public health or safety. This is very
significant step as today our IT infrastructure may also be
used to manage certain services offered to public at large,
destruction of which may directly affect public health and
safety . Hence, their protection is equally important as is
the maintaining of security and sovereignty of India. By
virtue of Section 70 A and B Indian CERT has been
appointed as the National nodal agency for critical
information infrastructure protection. The CERT shall play an
indispensable role in maintaining cybersecuriy within the
country. A very important step is coordination between
CERT and service providers, data centres, body
40

corporates,and other persons ( Section 70B (6)). That will

lead to effective performance of the role of CERT in. It has
multiple roles education ,alert system , emergency
response, issuing guidelines , reporting of cyber incident
amongst other functions . Incase any person fails to comply
with its directions, such person shall be punishable with
imprisonment of term that may extend to one year and fine
of one lakh or both. It also excludes the court from taking
cognizance of any offence under this section except on a
complaint made by authorized officer of CERT to prevent
misuse of the Section.
6. Important clarifications on the Acts application &
effect
By virtue of Section 77 in the amended Act, it has been
clarified that awarding of compensation ,penalty imposed or
confiscation made under this Act shall not prevent the
award of compensation,or imposition of any other penalty
or punishment under any law for the time being in
force.This Section can be read with Section 81 proviso
wherein it is clarified that IT Act shall not restrict any person
from exercising any right conferred under copyright Act,
1957 or patents Act, 1970.
7. The combined effect of Section 77 and 77 BBy virtue of Section 77 Compounding of offences other than
offences for which imprisonment for life or punishment for a
term exceeding has been provided has been made possible.
Section 77 B makes offences punishable with imprisonment
of three years and above as cognizable and offence
punishable with 3 years of punishment as bailable. Since
the majority of cyber crime offences defined under the
amended IT Act are punishable with imprisonment for three
years, the net effect of all amendments is that a majority of
these cybercrimes are bailable. This means that the
moment a cybercriminal is arrested by the police, barring a
few offences, in almost all other cyber crimes, he has to be
released on bail as a matter of right, by the police. A cyber
41

criminal, once released on bail, will immediately attempt at

destroying or deleting all electronic traces and trails of his
having committed any cyber crime. This makes the task of
law enforcement agencies extremely challenging.
8. Combined effect of Section 78 & 80The Section 78 of the Act is amended to confer power to
investigate offences under the Act from DSP level to
Inspector level. This will be instrumental in quicker
investigation in the cybercrime cases provided adequate
tools and training is provided. Section 80 has been
amended and power to enter and search in a public place is
now vested in any police officer not below the rank of
inspector or any authorized officer of central government or
state government. Such officer is empowered to arrest
without warrant a person found therein who is reasonably
suspected of having committed or of committing or being
about to commit any offence under this Act. However, this
section may be misused easily. Unless it is reasonably
suspected that a person has committed , is committing or is
about to commit an offence, he should not be arrested
without warrant . Otherwise cybercafs , in particular could
be adversely affected.
9. Liability of Intermediary amendedThe earlier section 79 made network service providers liable
for third party content only when it fails to prove that the
offence was committed without his knowledge or that he
had exercised due diligence to prevent the commission of
such offence or contravention. The burden of proof was on
the network service provider. The amended Section 79
states that the intermediary shall not be liable for any third
party information if it is only providing access to a
communication system over which information made
available by third parties is transmitted or temporarily
stored or hosted or the intermediary does not initite the
transmission, select the receiver and select or modify the
information contained in transmission. It provides that the
42

Intermediary shall be liable if he has conspired or abetted or

induced,whether by threats or promise or otherwise in the
commission of the unlawful act ( Section 79(3)(a). However,
it is pertinent to note that the onus to prove conspiracy has
now shifted on the complainant. This may be extremely
difficult for a complainant to prove. Section 3 (b) renders an
intermediary liable in case upon receiving actual knowledge
or on receiving notice from a government agency, the
intermediary fails to expeditiously remove or disable access
to the unlawful material without vitiating the evidence in
any manner.
10. Examiner of Electronic Evidence createdWith amendments in 2008, Section 79 A is added that
empowers the Central government to appoint any
department or agency of Central or State government as
Examiner of Electronic Evidence. This agency will play a
crucial role in providing expert opinion on electronic form of
evidence The explanation to the Section has an inclusive
definition of electronic form evidence that means any
information of probative value that is either stored or
transmitted in electronic form and includes computer
evidence,digital audio, digital video,cellphones , digital fax
machines.With the increasing number of cybercrime cases
it will become necessary to set up atleast one Examiner of
Electronic Evidence in each State. The CFSIL laboratory in
Hyderabad is playing similar role at present in cybercrime
cases where forensic study of hard discs and other
computer accessories, digital equipment is undertaken to
provide expert opinion on the digital evidence analysed.
DIGITAL SIGNATURE:
Electronic signature was defined in the ITAA -2008
whereas the earlier ITA -2000 covered in detail about digital
signature, defining it and elaborating the procedure to
obtain the digital signature certificate and giving it legal
validity. Digital signature was defined in the ITA -2000 as
43

authentication of electronic record as per procedure laid

down in Section 3 and Section 3 discussed the use of
asymmetric crypto system and the use of Public Key
Infrastructure and hash function etc. This was later
criticized to be technology dependent ie., relying on the
specific technology of asymmetric crypto system and the
hash function generating a pair of public and private key
authentication etc.
Thus Section 3 which was originally Digital Signature was
later renamed as Digital Signature and Electronic
Signature in ITAA - 2008 thus introducing technological
neutrality by adoption of electronic signatures as a legally
valid mode of executing signatures. This includes digital
signatures as one of the modes of signatures and is far
broader in ambit covering biometrics and other new forms
of creating electronic signatures not confining the
recognition to digital signature process alone. While M/s.
TCS, M/s. Safescript and M/s. MTNL are some of the digital
signature certifying authorities in India, IDRBT (Institute for
Development of Research in Banking Technology the
research wing of RBI) is the Certifying Authorities (CA) for
the Indian Banking and financial sector licensed by the
Controller of Certifying Authorities, Government of India.
It is relevant to understand the meaning of digital signature
(or electronic signature) here. It would be pertinent to note
that electronic signature (or the earlier digital signature) as
stipulated in the Act is NOT a digitized signature or a
scanned signature. In fact, in electronic signature (or digital
signature) there is no real signature by the person, in the
conventional sense of the term. Electronic signature is not
the process of storing ones signature or scanning ones
signature and sending it in an electronic communication like
email. It is a process of authentication of message using the
procedure laid down in Section 3 of the Act.

44

The other forms of authentication those are simpler to use

such as biometric based retina scanning etc can be quite
useful in effective implementation of the Act. However, the
Central Government has to evolve detailed procedures and
increase awareness on the use of such systems among the
public by putting in place the necessary tools and
stipulating necessary conditions. Besides, duties of
electronic signature certificate issuing authorities for biometric based authentication mechanisms have to be
evolved and the necessary parameters have to be
formulated to make it user-friendly and at the same time
without compromising security.

REASONABLE SECURITY PRACTICES

Site certification
Security initiatives
Awareness Training
Conformance to Standards, certification
Policies and adherence to policies
Policies like password policy, Access Control, email Policy
etc
Periodic monitoring and review.
The Information Technology (Reasonable security practices
and procedures and sensitive personal data or information)
Rules have since been notified by the Government of India,
Dept of I.T. on 11 April 2011. Any body corporate or a
person on its behalf shall be considered to have complied
with reasonable security practices and procedures, if they
have implemented such security practices and standards
and have a comprehensive documented information
security programme and information security policies
containing managerial, technical, operational and physical
security control measures commensurate with the
information assets being protected with the nature of
45

business. In the event of an information security breach, the

body corporate or a person on its behalf shall be required to
demonstrate, as and when called upon to do so by the
agency mandated under the law, that they have
implemented security control measures as per their
documented information security programme and
information security policies. The international Standard
IS/ISO/IEC 27001 on "Information Technology Security
Techniques - Information Security Management System Requirements" is one such standard referred to in sub-rule
(1).
In view of the foregoing, it has now become a major
compliance issue on the part of not only IT companies but
also those in the Banking and Financial Sector especially
those banks with huge computerised operations dealing
with public data and depending heavily on technology. In
times of a litigation or any security breach resulting in a
claim of compensation of financial loss amount or damages,
it would be the huge responsibility on the part of those body
corporate to prove that that said Reasonable Security
Practices and Procedures were actually in place and all the
steps mentioned in the Rules passed in April 2011 stated
above, have been taken.
In the near future, this is one of the sections that is going to
create much noise and be the subject of much debates in
the event of litigations, like in re-defining the role of an
employee, the responsibility of an employer or the top
management in data protection and issues like the actual
and vicarious responsibility, the actual and contributory
negligence of all stake holders involved etc.
The issue has wider ramifications especially in the case of a
cloud computing scenario (the practice of using a network
of remote servers hosted on the Internet to store, manage,
and process data, rather than a local server, with the
46

services managed by the provider sold on demand, for the

amount of time used) where more and more organisations
handle the data of others and the information is stored
elsewhere and not in the owners system. Possibly, more
debates will emanate on the question of information owners
vis a vis the information container and the information
custodians and the Service Level Agreements of all parties
involved will assume a greater significance
ADJUDICATION:
Adjudication powers and procedures have been elaborately
laid down in Sections 46 and thereafter. The Central
Government may appoint any officer not below the rank of
a director to the Government of India or a state
Government as the adjudicator. The I.T. Secretary in any
state is normally the nominated Adjudicator for all civil
offences arising out of data thefts and resultant losses in
the particular state. If at all one section can be criticized to
be absolutely lacking in popularity in the IT Act, it is this
provision. In the first ten years of existence of the ITA, there
have been only a very few applications made in the nation,
that too in the major metros almost all of which are under
different stages of judicial process and adjudications have
been obtained in possibly less than five cases. The first
adjudication obtained under this provision was in Chennai,
Tamil Nadu, in a case involving ICICI Bank in which the bank
was told to compensate the applicant with the amount
wrongfully debited in Internet Banking, along with cost and
damages. in April 2010.
There is an appellate procedure under this process and the
composition of Cyber Appellate Tribunal at the national
level, has also been described in the Act. Every adjudicating
officer has the powers of a civil court and the Cyber
Appellate Tribunal has the powers vested in a civil court
under the Code of Civil Procedure.
47

After discussing the procedures relating to appeals etc and

the duties and powers of Cyber Appellate Tribunal, the Act
moves to the actual criminal acts coming under the broader
definition of cyber crimes. It would be pertinent to note that
the Act only lists some of the cyber crimes, (without
defining a cyber crime) and stipulates the punishments for
such offences. The criminal provisions of the IT Act and
those dealing with cognizable offences and criminal acts
follow from Chapter IX titled Offences
Section 65: Tampering with source documents is dealt with
under this section. Concealing, destroying, altering any
computer source code when the same is required to be kept
or maintained by law is an offence punishable with three
years imprisonment or two lakh rupees or with both.
Fabrication of an electronic record or committing forgery by
way of interpolations in CD produced as evidence in a court
(Bhim Sen Garg vs State of Rajasthan and others,
2006, Cri LJ, 3463, Raj 2411) attract punishment under
this Section. Computer source code under this Section
refers to the listing of programmes, computer commands,
design and layout etc in any form.
Section 66:Computer related offences are dealt with under
this Section. Data theft stated in Section 43 is referred to in
this Section. Whereas it was a plain and simple civil offence
with the remedy of compensation and damages only, in that
Section, here it is the same act but with a criminal intention
thus making it a criminal offence. The act of data theft or
the offence stated in Section 43 if done dishonestly or
fraudulently becomes a punishable offence under this
Section and attracts imprisonment upto three years or a
fine of five lakh rupees or both. Earlier hacking was defined
in Sec 66 and it was an offence.

48

Now after the amendment, data theft of Sec 43 is being

referred to in Sec 66 by making this section more
purposeful and the word hacking is not used. The word
hacking was earlier called a crime in this Section and at
the same time, courses on ethical hacking were also
taught academically. This led to an anomalous situation of
people asking how an illegal activity be taught academically
with a word ethical prefixed to it. Then can there be
training programmes, for instance, on Ethical burglary,
Ethical Assault etc say for courses on physical defence?
This tricky situation was put an end to, by the ITAA when it
re-phrased the Section 66 by mapping it with the civil
liability of Section 43 and removing the word Hacking.
However the act of hacking is still certainly an offence as
per this Section, though some experts interpret hacking as
generally for good purposes (obviously to facilitatenaming
of the courses as ethical hacking) and cracking for illegal
purposes. It would be relevant to note that the technology
involved in both is the same and the act is the same,
whereas in hacking the owners consent is obtained or
assumed and the latter act cracking is perceived to be an
offence.
Thanks to ITAA, Section 66 is now a widened one with a list
of offences as follows:
Section 66A: Sending offensive messages through
communication service, causing annoyance etc through an
electronic communication or sending an email to mislead or
deceive the recipient about the origin of such messages
(commonly known as IP or email spoofing) are all covered
here. Punishment for these acts is imprisonment upto three
years or fine.
Section 66B: Dishonestly receiving stolen computer
resource or communication device with punishment upto
three years or one lakh rupees as fine or both.
49

Section 66C: Electronic signature or other identity theft

like using others password or electronic signature etc.
Punishment is three years imprisonment or fine of one lakh
rupees or both.
Section 66D: Cheating by personation using computer
resource or a communication device shall be punished with
imprisonment of either description for a term which extend
to three years and shall also be liable to fine which may
extend to one lakh rupee.
Section 66E: Privacy violation Publishing or transmitting
private area of any person without his or her consent etc.
Punishment is three years imprisonment or two lakh rupees
fine or both.
Section 66F: Cyber terrorism Intent to threaten the unity,
integrity, security or sovereignty of the nation and denying
access to any person authorized to access the computer
resource or attempting to penetrate or access a computer
resource without authorization. Acts of causing a computer
contaminant (like virus or Trojan Horse or other spyware or
malware) likely to cause death or injuries to persons or
damage to or destruction of property etc. come under this
Section. Punishment is life imprisonment.
It may be observed that all acts under S.66 are cognizable
and non-bailable offences. Intention or the knowledge to
cause wrongful loss to others ie the existence of criminal
intention and the evil mind ie concept of mens rea,
destruction, deletion, alteration or diminishing in value or
utility of data are all the major ingredients to bring any act
under this Section.
To summarise, what was civil liability with entitlement for
compensations and damages in Section 43, has been
50

referred to here, if committed with criminal intent, making it

a criminal liability attracting imprisonment and fine or both.
Section 67deals with publishing or transmitting obscene
material in electronic form. The earlier Section in ITA was
later widened as per ITAA 2008 in which child pornography
and retention of records by intermediaries were all included.
Publishing or transmitting obscene material in electronic
form is dealt with here. Whoever publishes or transmits any
material which is lascivious or appeals to the prurient
interest or if its effect is such as to tend to deprave and
corrupt persons who are likely to read the matter contained
in it, shall be punished with first conviction for a term upto
three years and fine of five lakh rupees and in second
conviction for a term of five years and fine of ten lakh
rupees or both.
This Section is of historical importance since the landmark
judgement in what is considered to be the first ever
conviction under I.T. Act 2000 in India, was obtained in this
Section in the famous case State of Tamil Nadu vs Suhas
Katti on 5 November 2004. The strength of the Section and
the reliability of electronic evidences were proved by the
prosecution and conviction was brought about in this case,
involving sending obscene message in the name of a
married women amounting to cyber stalking, email spoofing
and the criminal activity stated in this Section.
Section 67-Adeals with publishing or transmitting of
material containing sexually explicit act in electronic form.
Contents of Section 67 when combined with the material
containing sexually explicit material attract penalty under
this Section.
Section 67-BChild Pornography has been exclusively
dealt with under Section 67B. Depicting children engaged in
51

sexually explicit act, creating text or digital images or

advertising or promoting such material depicting children in
obscene or indecent manner etc or facilitating abusing
children online or inducing children to online relationship
with one or more children etc come under this Section.
Children means persons who have not completed 18 years
of age, for the purpose of this Section. Punishment for the
first conviction is imprisonment for a maximum of five years
and fine of ten lakh rupees and in the event of subsequent
conviction with imprisonment of seven years and fine of ten
lakh rupees.
Bonafide heritage material being printed or distributed for
the purpose of education or literature etc are specifically
excluded from the coverage of this Section, to ensure that
printing and distribution of ancient epics or heritage
material or pure academic books on education and
medicine are not unduly affected. Screening videographs
and photographs of illegal activities through Internet all
come under this category, making pornographic video or
MMS clippings or distributing such clippings through mobile
or other forms of communication through the Internet fall
under this category.
Section 67C fixes the responsibility to intermediaries that
they shall preserve and retain such information as may be
specified for such duration and in such manner as the
Central Government may prescribe. Non-compliance is an
offence with imprisonment upto three years or fine.
TRANSMISSION OF ELECTRONIC MESSAGE AND
COMMUNICATION:
Section 69: This is an interesting section in the sense that
it empowers the Government or agencies as stipulated in
the Section, to intercept, monitor or decrypt any
information generated, transmitted, received or stored in
52

any computer resource, subject to compliance of procedure

as laid down here. This power can be exercised if the
Central Government or the State Government, as the case
may be, is satisfied that it is necessary or expedient in the
interest of sovereignty or integrity of India, defence of India,
security of the State, friendly relations with foreign States
or public order or for preventing incitement to the
commission of any cognizable offence relating to above or
for investigation of any offence. In any such case too, the
necessary procedure as may be prescribed, is to be
followed and the reasons for taking such action are to be
recorded in writing, by order, directing any agency of the
appropriate Government. The subscriber or intermediary
shall extend all facilities and technical assistance when
called upon to do so.
Section 69A inserted in the ITAA, vests with the Central
Government or any of its officers with the powers to issue
directions for blocking for public access of any information
through any computer resource, under the same
circumstances as mentioned above. Section 69B discusses
the power to authorise to monitor and collect traffic data or
information through any computer resource.
COMMENTARY ON THE POWERS TO INTERCEPT,
MONITOR AND BLOCK WEBSITES:
In short, under the conditions laid down in the Section,
power to intercept, monitor or decrypt does exist. It would
be interesting to trace the history of telephone tapping in
India and the legislative provisions (or the lack of it?) in our
nation and compare it with the powers mentioned here.
Until the passage of this Section in the ITAA, phone tapping
was governed by Clause 5(2) of the Indian Telegraph Act of
1885, which said that On the occurrence of any public
emergency, or in the interest of the public safety, the
Government may, if satisfied that it is necessary or
53

expedient so to do in the interests of the sovereignty and

integrity of India, the security of the State, friendly relations
with foreign States or public order or for preventing
incitement to the commission of an offence, for reasons to
be recorded in writing, by order, direct that any message or
class of messages to or from any person or class of persons,
or relating to any particular subject, brought for
transmission by or transmitted or received by any
telegraph, shall not be transmitted, or shall be intercepted
or detained, or shall be disclosed to the Government
making the order or an officer thereof mentioned in the
order. Other sections of the act mention that the
government should formulate precautions to be taken for
preventing the improper interception or disclosure of
messages. There have been many attempts, rather many
requests, to formulate rules to govern the operation of
Clause 5(2). But ever since 1885, no government has
formulated any such precautions, maybe for obvious
reasons to retain the spying powers for almost a century.
A writ petition was filed in the Supreme Court in 1991 by
the Peoples Union for Civil Liberties, challenging the
constitutional validity of this Clause 5(2). The petition
argued that it infringed the constitutional right to freedom
of speech and expression and to life and personal liberty. In
December 1996, the Supreme Court delivered its judgment,
pointing out that unless a public emergency has occurred
or the interest of public safety demands, the authorities
have no jurisdiction to exercise the powers given them
under 5(2). They went on to define them thus: a public
emergency was the prevailing of a sudden condition or
state of affairs affecting the people at large calling for
immediate action, and public safety means the state or
condition of freedom from danger or risk for the people at
large. Without those two, however necessary or
expedient, it could not do so. Procedures for keeping such
records and the layer of authorities etc were also stipulated.
54

Now, this Section 69 of ITAA is far more intrusive and

more powerful than the above-cited provision of Indian
Telegraph Act 1885. Under this ITAA Section, the nominated
Government official will be able to listen in to all phone
calls, read the SMSs and emails, and monitor the websites
that one visited, subject to adherence to the prescribed
procedures and without a warrant from a magistrates
order. In view of the foregoing, this Section was criticised to
be draconian vesting the government with much more
powers than required.
Having said this, we should not be oblivious to the fact that
this power (of intercepting, monitoring and blocking) is
something which the Government represented by the
IndianComputer Emergency Response Team, (the
National Nodal Agency, as nominated in Section 70B of
ITAA) has very rarely exercised. Perhaps believing in the
freedom of expression and having confidence in the selfregulative nature of the industry, the CERT-In has stated
that these powers are very sparingly (and almost never)
used by it.
Critical Information Infrastructure and Protected System
have been discussed in Section 70. The Indian Computer
Emergency Response Team (CERT-In) coming under the
Ministry of Information and Technology, Government of
India, has been designated as the National Nodal Agency
for incident response. By virtue of this, CERT-In will perform
activities like collection, analysis and dissemination of
information on cyber incidents, forecasts and alerts of cyber
security incidents, emergency measures for handling cyber
security incidents etc.
The role of CERT-In in e-publishing security vulnerabilities
and security alerts is remarkable. The Minister of State for
55

Communications and IT Mr.Sachin Pilot said in a written

reply to the Rajya Sabha said that (as reported in the Press),
CERT-In has handled over 13,000 such incidents in 2011
compared to 8,266 incidents in 2009. CERT-In has observed
that there is significant increase in the number of cyber
security incidents in the country. A total of 8,266, 10,315
and 13,301 security incidents were reported to and handled
by CERT-In during 2009, 2010 and 2011, respectively,"
These security incidents include website intrusions,
phishing, network probing, spread of malicious code like
virus, worms and spam, he added. Hence the role of CERT-In
is very crucial and there are much expectations from CERT
In not just in giving out the alerts but in combating cyber
crime, use the weapon of monitoring the web-traffic,
intercepting and blocking the site, whenever so required
and with due process of law.
Penalty for breach of confidentiality and privacy is
discussed in Section 72 with the punishment being
imprisonment for a term upto two years or a fine of one
lakh rupees or both.
Considering the global nature of cyber crime and
understanding the real time scenario of fraudster living in
one part of the world and committing a data theft or
DoS(Denial of Service) kind of an attack or other cyber
crime in an entirely different part of the world, Section 75
clearly states that the Act applies to offences or
contravention committed outside India, if the contravention
or the offence involves a computer or a computer network
located in India.
This Act has over-riding provisions especially with regard to
the regulations stipulated in the Code of Criminal Procedure.
As per Section 78, notwithstanding anything contained in
the Code of Criminal Procedure, a police officer not below
the rank of an Inspector shall investigate an offence under
56

this Act. Such powers were conferred to officers not below

the rank of a Deputy Superintendent of Police earlier in the
ITA which was later amended as Inspector in the ITAA.
DUE DILIGENCE:
Liability of intermediaries and the concept of Due Diligence
has been discussed in Section 79. As per this, intermediary
shall not be liable for any third party information hosted by
him,
if his function is limited to providing access to a
communication system over which information made
available by third parties is transmitted or temporarily
stored or hosted or if he does not initiate the transmission,
select the receiver of the transmission and select or modify
the information contained in the transmission and if he
observes due diligence and follows the guidelines
prescribed by the Central Government.
This concept of due diligence is also much being debated.
Due Diligence was first discussed as an immediate fallout of
the famous bazee.com case in New Delhi, when the NRI
CEO of the company was arrested for making the MMS
clipping with objectionable obscene material depicting
school children was made available in the public domain
website owned by him, for sale (and later the CD was sold).
The larger issue being discussed at that time was how far is
the content provider responsible and how far the Internet
Service Provider and what is due diligence which as the CEO
of the company, he should have exercised.
After passage of the ITAA and the introduction of
reasonable security practices and procedures and the
responsibility of body corporate as seen earlier in Section
43A, and to set at rest some confusion on the significance
of due diligence and what constitutes due diligence, the DIT
came out with a set of rules titled Information Technology
57

(Intermediaries Guidelines) Rules on 11 April 2011. As per

this, the intermediary, on whose computer system the
information is stored or hosted or published, upon obtaining
knowledge by itself or been brought to actual knowledge by
an affected person in writing or through email signed with
electronic signature about any such information as
mentioned in sub-rule (2) above, shall act within thirty six
hours and where applicable, work with user or owner of
such information to disable such information that is in
contravention of sub-rule (2). Further the intermediary shall
preserve such information and associated records for at
least ninety days for investigation purposes..
In essence, an intermediary shall be liable for any
contravention of law committed by any user unless the
Intermediary can prove that he has exercised due diligence
and has not conspired or abetted in the act of criminality.
Power to enter, search etc has been described in Section
80. Notwithstanding anything contained in the Code of
Criminal Procedure, any police officer, not below the rank of
an Inspector or any other officer .authorised .may enter
any public place and search and arrest without warrant any
person found therein who is reasonably suspected of having
committed or of committing or of being about to commit
any offence under this Act. This is another effective weapon
that has been rarely and almost never utilised by the police
officers.
The Act is applicable to electronic cheques and truncated
cheques (ie the image of cheque being presented and
processed curtailing and truncating the physical movement
of the cheque from the collecting banker to the paying
banker).
Overriding powers of the Act and the powers of Central
Government to make rules and that of State Governments
58

to make rules wherever necessary have been discussed in

the Sections that follow.
INFORMATION TECHNOLOGY ACT, 2000 & INDIAN PENAL CODE

All cyber crimes do not come under the IT Act.Many cyber

crimes come under the Indian Penal Code

Sending threatening message

by email

Sec 506 IPC

Sec 499 IPC

Sending defamatory message by

email
Sending a mail outraging the
modesty

Forgery of electronic records

Bogus websites, cyber frauds,

phishing

Email spoofing

Web-jacking

Criminal breach of trust

Online sale of Narcotics

Sec 509 IPC

Sec 465 IPC
Sec420 IPC
Sec 465,419
Sec 383 IPC
Sec.406, 409
IPC
NDPS Act
Arms Act
Sec 66 of IT Act

Online sale of Weapons

Sec 67 of IT Act

Hacking

Sec 66 of IT Act

Pornography
Email bombing
59

Sec 43 of IT Act
Denial of Service Attack

THE INDIAN EVIDENCE ACT 1872

This is another legislation amended by the ITA. Prior to the
passing of ITA, all evidences in a court were in the physical
form only. With the ITA giving recognition to all electronic
records and documents, it was but natural that the
evidentiary legislation in the nation be amended in tune with
it. In the definitions part of the Act itself, the all documents
including electronic records were substituted. Words like
digital signature, electronic form, secure electronic record
information as used in the ITA, were all inserted to make
them part of the evidentiary mechanism in legislations.
Evidences (information) taken from computers or electronic
storage devices and produced as print-outs or in electronic
media are valid if they are taken from system handled
properly with no scope for manipulation of data and ensuring
integrity of data produced directly with or without human
intervention etc and accompanied by a certificate signed by a
responsible person declaring as to the correctness of the
records taken from a system a computer with all the
precautions as laid down in the Section.
However, this Section is often being misunderstood by one
part of the industry to mean that computer print-outs can be
taken as evidences and are valid as proper records, even if
they are not signed. We find many computer generated
letters emanating from big corporates with proper space
below for signature under the words Your faithfully or
truly and the signature space left blank, with a Post Script
remark at the bottom This is a computer generated letter
and hence does not require signature. The Act does not
60

anywhere say that computer print-outs need not be signed

and can be taken as record.
THE BANKERS BOOKS EVIDENCE(BBE) ACT 1891
Amendment to this Act has been included as the third
schedule in ITA. Prior to the passing of ITA, any evidence from
a bank to be produced in a court, necessitated production of
the original ledger or other register for verification at some
stage with the copy retained in the court records as exhibits.
With the passing of the ITA the definitions part of the BBE Act
stood amended as: "bankers 'books include ledgers, daybooks, cash-books, account-books and all other books used in
the ordinary business of a bank whether kept in the written
form or as printouts of data stored in a floppy, disc, tape or
any other form of electro-magnetic data storage device.
THE RESERVE BANK OF INDIA ACT, 1934
The next Act that was amended by the ITA is the Reserve
Bank of India Act, 1934. Section 58 of the Act sub-section
(2), after clause (p), a clause relating to the regulation of
funds transfer through electronic means between banks (ie
transactions like RTGS and NEFT and other funds transfers)
was inserted, to facilitate such electronic funds transfer and
ensure legal admissibility of documents and records therein.

61


CHAPTER-IV
TYPES OF
CYBER CRIME
Cyber law is a term used to describe the legal issues related to
use of communications technology, particularly cyberspace,
i.e. the Internet. It is less of a distinct field of law in the way
that property or contract are, as it is an intersection of many
legal fields, including intellectual property, privacy, freedom of
expression, and jurisdiction. In essence, cyber law is an attempt
to apply laws designed for the physical world, to human activity
on the Internet. In India, The IT Act, 2000 as amended by The IT
(Amendment) Act, 2008 is known as the Cyber law. It has a
separate chapter XI entitled Offences in which various cyber
crimes have been declared as penal offences punishable with
imprisonment and fine.

1. HACKING
Hacking is not defined in The amended IT Act, 2000. According
to wikipedia, Hacking means unauthorized attempts to bypass
the security mechanisms of an in formation system or network.
Also, in simple words Hacking is the unauthorized access to a
computer system, programs, data and network resources.
(The term hacker originally meant a very gifted
programmer. In recent years though, with easier access to
multiple systems, it now has negative implications.)
LAW & PUNISHMENT: Under Information Technology (Amendment)
Act, 2008, Section 43(a) read with section 66 is applicable and
62

Section 379 & 406 of Indian Penal Code, 1860 also are
applicable. If crime is proved under IT Act, accused shall be
punished for imprisonment, which may extend to three years
or with fine, which may extend to five lakh rupees or both.
Hacking offence is cognizable, bailable, compoundable with
permission of the court before which the prosecution of such
offence is pending and triable by any magistrate.

2.DATA THEFT
According to Wikipedia, Data Theft is a growing problem,
primarily perpetrated by office workers with access to
technology such as desktop computers and handheld devices,
capable of storing digital information such as flash drives, iPods
and even digital cameras. The damage caused by data theft
can be considerable with todays ability to transmit very large
files via e-mail, web pages, USB devices, DVD storage and
other hand-held devices. According to Information Technology
(Amendment) Act, 2008, crime of data theft under Section 43
(b) is stated as - If any person without permission of the owner
or any other person, who is in charge of a computer, computer
system of computer network - downloads, copies or extracts
any data, computer data base or information from such
computer, computer system or computer network including
information or data held or
stored in any removable storage medium, then it is data theft.
LAW & PUNISHMENT: Under Information Technology (Amendment)
Act, 2008, Section 43(b) read with Section 66 is applicable and
under Section 379, 405 & 420 of Indian Penal Code, 1860 also
applicable. Data Theft offence is cognizable, bailable,
compoundablewith permission of the court before which the
prosecution of such offence is pending
and triable by any magistrate.

63

3. SPREADING VIRUS

OR

WORMS

In most cases, viruses can do any amount of damage, the

creator intends them to do. They can send your data to a third
party and then delete your data from your computer. They can
also ruin/mess up your system and render it unusable without a
re-installation of the operating system. Most have not done this
much damage in the past, but could easily do this in the future.
Usually the virus will install files on your system and then will
change your system so that virus program is run every time
you start your system. It will then attempt to replicate itself by
sending itself to other potential victims.
Law & Punishment: Under Information Technology
(Amendment)Act, 2008, Section 43(c) & 43(e) read with Section
66 is applicable and under Section 268 of Indian Penal Code,
1860 also applicable. Spreading of Virus offence is cognizable,
bailable, compoundablewith permission of the court before
which the prosecution of such offence is pending and triable by
any magistrate.

4. IDENTITY THEFT
According to wikipedia Identity theft is a form of fraud or
cheating of another persons identity in which someone
pretends to be someone else by assuming that persons
identity, typically in order to access resources or obtain credit
and other benefits in that persons name. Information
Technology (Amendment) Act, 2008, crime of identity theft
under Section 66-C, whoever, fraudulently or dishonestly make
use of the electronic signature, password or any other unique
identification feature of any other person known as identity
theft. Identity theft is a term used to refer to fraud that involves
64

stealing money or getting other benefits by pretending to be

someone else. The term is relatively new and is actually a
misnomer, since it is not inherently possible to steal an
identity, only to use it. The person whose identity is used can
suffer various consequences when they are held responsible for
the perpetrators actions. At one time the only way for
someone to steal somebody elses identity was by killing that
person and taking his place. It was typically a violent crime.
However, since then, the crime has evolved and todays white
collared criminals are a lot less brutal. But the ramifications of
an identity theft are still scary.
LAW & PUNISHMENT: Under Information Technology (Amendment)
Act, 2008, Section 66-C and Section 419 of Indian Penal Code,
1860 also applicable. Identity Theft offence is cognizable,
bailable, compoundable with permission of the court before
which the prosecution of such offence is pending and triable by
any magistrate.

5. E-MAIL SPOOFING
According to wikipedia, e-mail spoofing is e-mail activity in
which the sender addresses and other parts of the e-mail
header are altered to appear as though the e-mail originated
from a different source. E-mail spoofing is sending an e-mail to
another person in such a way that it appears that the e-mail
was sent by someone else. A spoof emailis one that appears to
originate from one source but actually has been sent from
another source. Spoofing is the act of electronically disguising
one computer as another for gaining as the password system. It
is becoming so common that you can no longer take for
granted that the e-mail you are receiving is truly from the
person identified as the sender. Email spoofing is a technique
used by hackers to fraudulently send email messages in which
the sender address and other parts of the email header are
alteredto appear as though the email originatedfrom a source
other than its actual source.
65

Hackers use this method to disguise the actual email address

from which phishing and spam messages are sent and often
use email spoofing in conjunction with Web page spoofing to
trick users into providing personal and confidential information.
LAW & PUNISHMENT: Under Information Technology (Amendment)
Act, 2008, Section 66-D and Section417, 419 & 465of Indian
Penal Code, 1860 also applicable. Email spoofing offence is
cognizable, bailable, compoundable with permission of the
court before which the prosecution of such offence is pending
and triable by any magistrate.
OBSERVATIONS ON ITA,2000 AND ITAA,2008:
Having discussed in detail all the provisions of ITA and ITAA,
let us now look at some of the broader areas of omissions and
commissions in the Act and the general criticism the Acts
have faced over the years.
While the lawmakers have to be complemented for their
appreciable work removing various deficiencies in the Indian
Cyberlaw and making it technologically neutral, yet it appears
that there has been a major mismatch between the
expectation of the nation and the resultant effect of the
amended legislation.
The most bizarre and startling aspect of the new amendments
is that these amendments seek to make the Indian Cyber law
a cyber crime friendly legislation; a legislation that goes
extremely soft on cyber criminals, with a soft heart; a
legislation that chooses to encourage cyber criminals by
lessening the quantum of punishment accorded to them
under the existing law; a legislation that chooses to give far
more freedom to cyber criminals than the existing legislation
envisages; a legislation which actually paves the way for
cyber criminals to wipe out the electronic trails and electronic
evidence by granting them bail as a matter of right; a
66

legislation which makes a majority of cybercrimes stipulated

under the IT Act as bailable offences; a legislation that is
likely to pave way for India to become the potential cyber
crime capital of the world. A perusal of the said legislation
shows that there is hardly any logical or rational reason for
adopting such an approach. Currently, the IT Act, 2000, has
provided for punishment for various cyber offences ranging
from three years to ten years. These are non-bailable offences
where the accused is not entitled to bail as a matter of right.
However what amazes the lay reader is that the amendments
to the IT Act have gone ahead and reduced the quantum of
punishment. Taking a classical case of the offence of online
obscenity, Section 67 has reduced the quantum of
punishment on first conviction for publishing, transmitting or
causing to be published any information in the electronic
form, which is lascivious, from the existing five years to three
years. Similarly, the amount of punishment for the offence of
failure to comply with the directions of the Controller Of
Certifying Authorities is reduced from three years to two
years.
Further it is shocking to find that the offences of hacking, as
defined under Section 66 of the existing Information
Technology Act, 2000, has been completely deleted from the
law book. In fact, the existing language of the under Section
66 has now been substituted by new language. Deleting
hacking as a specific defined offence does not appeal to any
logic. The cutting of certain elements of the effects of hacking
under the existing Section 66 and putting the same under
Section 43 make no legal or pragmatic sense. This is all the
more so as no person would normally diminish the value and
utility of any information residing in a computer resource or
affect the same injuriously by any means, with the permission
of the owner or any such person who is in charge of the
computer, computer system or computer network.
At that time when the entire world is going hammer and tongs
against Cyber Crimes and Cyber Criminals, here comes a
contrary trend from the Indian legislature. Cyber criminals of
67

the world targeting India or operating in India need not

despair. The legislation has now stipulated that Cyber crimes
punishable with imprisonment of three years shall be bailable
offences. Since the majority of cyber crime offences defined
under the amended IT Act are punishable with three years,
the net effect of all amendments is that a majority of these
cybercrimes shall be bailable. In common language, this
means that the moment a cybercriminal will be arrested by
the police, barring a few offences, in almost all other cyber
crimes, he shall be released on bail as a matter of right, by
the police, there and then.
Keeping in account human behaviour and psychology, it will
be but natural to expect that the concerned cyber criminal,
once released on bail, will immediately go and evaporate,
destroy or delete all electronic traces and trails of his having
committed any cyber crime, thus making the job of law
enforcement agencies to have cyber crime convictions, a near
impossibility.
The fertile liberal treatment meted out to cyber criminals, by
the new IT Act amendments, facilitating the environment
where they can tamper with, destroy and delete electronic
evidence, is likely to make a mockery of the process of law
and would put the law enforcement agencies under extreme
pressure. In the 14-odd years since internet has been
commercially introduced in our country, India has got only
three cyber crime convictions. I believe if the new
amendments come into force, India is likely to see a drought
of cyber crime convictions.
Another major change that the new amendments have done
is that cyber crimes in India shall now be investigated not by
a Deputy Superintendent of Police, as under the existing law,
but shall now be done by a low level police inspector. So , all
of us need to remember that henceforth, your local police
inspector is going to be your next point of contact, the
moment you are a victim of any cyber crime. The efficacy of
such an approach is hardly likely to withstand the test of time,
given the current non- exposure and lack of training of
68

Inspector level police officers to cyber crimes, their detection,

investigation and prosecution.
Given this new development, it is probable that the concept of
e-hafta (or electronic hafta is likely to be far more reinforced
and developed as an institutional practice. This is so as the
law has now produced more powers to the inspector than
ever before, regarding cybercrimes. The expectations of the
nation for effectively tackling cyber crime and stringently
punishing cyber criminals have all been let down by the
extremely liberal amendments, given their soft corner and
indulgence for cyber criminals. All in all, given the glaring
loopholes as detailed above, the new IT Act Amendments are
likely to adversely impact corporate India and all users of
computers, computer systems and computer networks, as
also data and information in the electronic form.
AWARENESS:
There is no serious provision for creating awareness and
putting such initiatives in place in the Act. The government or
the investigating agencies like the Police department (whose
job has been made comparatively easier and focused, thanks
to the passing of the IT Act), have taken any serious step to
create public awareness about the provisions in these
legislations, which is absolutely essential considering the fact
that this is a new area and technology has to be learnt by all
the stake-holders like the judicial officers, legal professionals,
litigant public and the public or users at large. Especially,
provisions like scope for adjudication process is never known
to many including those in the investigating agencies.

JURISDICTION:
This is a major issue which is not satisfactorily addressed in
the ITA or ITAA.Jurisdiction has been mentioned in Sections
46, 48, 57 and 61 in the context of adjudication process and
the appellate procedure connected with and again in Section
80 and as part of the police officers powers to enter, search a
public place for a cyber crime etc. In the context of electronic
record, Section 13 (3) and (4) discuss the place of dispatch
69

and receipt of electronic record which may be taken as

jurisprudence issues.
However some fundamental issues like if the mail of someone
is hacked and the accused is a resident of a city in some state
coming to know of it in a different city, which police station
does he go to? If he is an employee of a Multi National
Company with branches throughout the world and in many
metros in India and is often on tour in India and he suspects
another individual say an employee of the same firm in his
branch or headquarters office and informs the police that
evidence could lie in the suspects computer system itself,
where does he go to file he complaint. Often, the
investigators do not accept such complaints on the grounds of
jurisdiction and there are occasions that the judicial officers
too have hesitated to deal with such cases. The knowledge
that cyber crime is geography-agnostic, borderless, territoryfree and sans all jurisdiction and frontiers and happens in
cloud or the space, has to be spread and proper training is
to be given to all concerned players in the field.

EVIDENCES:
Evidences are a major concern in cyber crimes. Pat of
evidences is the crime scene issues. In cyber crime, there is
no cyber crime. We cannot mark a place nor a computer nor a
network, nor seize the hard-disk immediately and keep it
under lock and key keep it as an exhibit taken from the crime
scene.
Very often, nothing could be seen as a scene in cyber crime!
The evidences, the data, the network and the related gadgets
along with of course the log files and trail of events
emanating or recorded in the system are actually the crime
scene. While filing cases under IT Act, be it as a civil case in
the adjudication process or a criminal complaint filed with the
police, many often, evidences may lie in some system like the
intermediaries computers or some times in the opponents
computer system too. In all such cases, unless the police
swing into action swiftly and seize the systems and capture
70

the evidences, such vital evidences could be easily destroyed.

In fact, if one knows that his computer is going to be seized,
he would immediately go for destruction of evidences
(formatting, removing the history, removing the cookies,
changing the registry and user login set ups, reconfiguring the
system files etc) since most of the computer history and log
files are volatile in nature.
There is no major initiative in India on common repositories of
electronic evidences by which in the event of any dispute
(including civil) the affected computer may be handed over to
a common trusted third party with proper software tools, who
may keep a copy of the entire disk and return the original to
the owner, so that he can keep using it at will and the copy
will be produced as evidence whenever required. For this
there are software tools like EnCase wih a global recognition
and our own C-DAC tools which are available with much
retrieval facilities, search features without giving any room for
further writing and preserving the original version with date
stamp for production as evidence.

NON COVERAGE OF MANY CRIMES:

While there are many legislations in not only many Western
countries but also some smaller nations in the East, India has
only one legislation -- the ITA and ITAA. Hence it is quite
natural that many issues on cyber crimes and many crimes
per se are left uncovered. Many cyber crimes like cyber
squatting with an evil attention to extort money. Spam mails,
ISPs liability in copyright infringement, data privacy issues
have not been given adequate coverage.
Besides, most of the Indian corporate including some Public
Sector undertakings use Operating Systems that are from the
West especially the US and many software utilities and
hardware items and sometimes firmware are from abroad. In
such cases, the actual reach and import of IT Act Sections
dealing with utility software or a system software or an
Operating System upgrade or update used for downloading
the software utility, is to be specifically addressed, as
71

otherwise a peculiar situation may come, when the user may

not know whether the upgrade or the patch is getting
downloaded or any spyware getting installed. The Act does
not address the governments policy on keeping the backup of
corporates including the PSUs and PSBs in our county or
abroad and if kept abroad, the subjective legal jurisprudence
on such software backups.
Most of the cyber crimes in the nation are still brought under
the relevant sections of IPC read with the comparative
sections of ITA or the ITAA which gives a comfort factor to the
investigating agencies that even if the ITA part of the case is
lost, the accused cannot escape from the IPC part. To quote
the noted cyber law expert in the nation and Supreme Court
advocate Shri Pavan Duggal, While the lawmakers have to be
complemented for their admirable work removing various
deficiencies in the Indian Cyberlaw and making it
technologically neutral, yet it appears that there has been a
major mismatch between the expectation of the nation and
the resultant effect of the amended legislation. The most
bizarre and startling aspect of the new amendments is that
these amendments seek to make the Indian cyber law a cyber
crime friendly legislation; - a legislation that goes extremely
soft on cyber criminals, with a soft heart; a legislation that
chooses to encourage cyber criminals by lessening the
quantum of punishment accorded to them under the existing
law; .. a legislation which makes a majority of cybercrimes
stipulated under the IT Act as bailable offences; a legislation
that is likely to pave way for India to become the potential
cyber crime capital of the world
Let us not be pessimistic that the existing legislation is cyber
criminal friendly or paves the way to increase crimes.
Certainly, it does not. It is a commendable piece of legislation,
a landmark first step and a remarkable mile-stone in the
technological growth of the nation. But let us not be
complacent that the existing law would suffice. Let us
remember that the criminals always go faster than the
investigators and always try to be one step ahead in
72

technology. After all, steganography was used in the

Parliament Attack case to convey a one-line hidden message
from one criminal to another which was a lesson for the
investigators to know more about the technology of
steganography. Similarly Satellite phones were used in the
Mumbai attack case in November 2008 after which the
investigators became aware of the technological perils of
such gadgets, since until then, they were relying on cell
phones and the directional tracking by the cell phone towers
and Call Details Register entries only. Hopefully, more and
more awareness campaign will take place and the
government will be conscious of the path ahead to bring more
and more legislations in place. Actually, bringing more
legislations may just not be sufficient, because the conviction
rate in Cyber crime offences is among the lowest in the
nation, much lower than the rate in IPC and other offences.
The government should be aware that it is not the severity of
punishment that is a deterrent for the criminals, but it is the
certainty of punishment. It is not the number of legislations in
a society that should prevent crimes but it is the certainty of
punishment that the legislation will bring.
E-RECORDS MAINTENANCE POLICY OF BANKS:
Computerisation started in most of the banks in India from
end 80s in a small way in the form of standalone systems
called Advanced Ledger Posting Machines (Separate PC for
every counter/activity) which then led to the era of Total
Branch Automation or Computerisation in early or mid 90s.
TBA or TBC as it was popularly called, marked the beginning
of a networked environment on a Local Area Network under a
client-server architecture when records used to be maintained
in electronic manner in hard-disks and external media like
tapes etc for backup purposes.
Ever since passing of the ITA and according of recognition to
electronic records, it has become mandatory on the part of
banks to maintain proper computerized system for electronic
records. Conventionally, all legacy systems in the banks
always do have a record maintenance policy often with RBIs
73

and their individual Board approval stipulating the period of

preservation for all sorts of records, ledgers, vouchers,
register, letters, documents etc.
Thanks to computerisation and introduction of computerized
data maintenance and often computer generated vouchers
also, most of the banks became responsive to the
computerized environment and quite a few have started the
process of formulating their own Electronic Records
Maintenance Policy. Indian Banks Association took the
initiative in bringing out a book on Banks e-Records
Maintenance Policy to serve as a model for use and adoption
in banks suiting the individual banks technological setup.
Hence banks should ensure that e-records maintenance policy
with details of e-records, their nature, their upkeep, the
technological requirements, off-site backup, retrieval systems,
access control and access privileges initiatives should be in
place, if not already done already.
On the legal compliance side especially after the Rules were
passed in April 2011, on the Reasonable Security Practices
and Procedures as part of ITAA 2008 Section 43A, banks
should strive well to prove that they have all the security
policies in place like compliance with ISO 27001 standards etc
and e-records are maintained. Besides, the certificate to be
given as an annexure to e-evidences as stipulated in the BBE
Act also emphasizes this point of maintenance of e-records in
a proper ensuring proper backup, ensuring against
tamperability, always ensuring confidentiality, integrity,
availability and Non Repudiation.
This policy should not be confused with the Information
Technology Business Continuity and Disaster Recovery Plan or
Policy nor the Data Warehousing initiatives..

CHAPTER-V
LEGISLATIONS IN OTHER NATIONS:

74

As against the lone legislation ITA and ITAA in India, in many

other nations globally, there are many legislations governing
e-commerce and cyber crimes going into all the facets of
cyber crimes. Data Communication, storage, child
pornography, electronic records and data privacy have all
been addressed in separate Acts and Rules giving thrust in
the particular area focused in the Act.
In the US, they have the Health Insurance Portability and
Accountability Act popularly known as HIPAA which inter alia,
regulates all health and insurance related records, their
upkeep and maintenance and the issues of privacy and
confidentiality involved in such records. Companies dealing
with US firms ensure HIPAA compliance insofar as the data
relating to such corporate are handled by them. The
Sarbanes-Oxley Act (SOX) signed into law in 2002 and named
after its authors Senator Paul Sarbanes and Representative
Paul Oxley, mandated a number of reforms to enhance
corporate responsibility, enhance financial disclosures, and
combat corporate and accounting fraud. Besides, there are a
number of laws in the US both at the federal level and at
different states level like the Cable Communications Policy
Act, Childrens Internet Protection Act, Childrens Online
Privacy Protection Act etc.

IN THE UK, THE DATA PROTECTION ACT AND THE PRIVACY AND
ELECTRONIC COMMUNICATIONS REGULATIONS ETC ARE ALL REGULATORY
LEGISLATIONS ALREADY EXISTING IN THE AREA OF INFORMATION SECURITY
AND CYBER CRIME PREVENTION, BESIDES CYBER CRIME LAW PASSED
RECENTLY

IN

AUGUST

2011.SIMILARLY,

WE

HAVE

CYBER

CRIME

LEGISLATIONS AND OTHER RULES AND REGULATIONS IN OTHER NATIONS.

WHAT

ARE GOVERNMENTS DOING TO FIGHT CYBER BATTLE

According to the US Defense Secretary Robert Gates,

cyberspace is the new domain in which war will be fought, after
75

land, sea, air and space.54 The US government has been

focusing on protecting its digital infrastructure, declaring it a
strategic national asset. Similarly, Iran, Israel, North Korea,
Russia and many other countries are now creating and training
cyber armies. Such increased vigilance is gaining attention, as
both governments and corporate entities have become prime
targets of cyber attacks.
Countries cracking down on cyber crime US is
facilitating global cyber security:
In January 2011, US Senators Joseph Lieberman and Susan
Collins re-introduced a bill the Cybersecurity and Internet
Freedom Act of 2011 granting President Barack Obama the
authority to shut down the internet in the country in the event
of a cyber attack. However, the bill is still under debate, and
has been opposed by many organizations that believe it may
give the government more power and control over the internet.
Privacy experts such as Marc Rotenberg, Executive Director of
the Electronic Privacy Information Center, believe that such a
bill could obstruct communication and economic activities.
In January 2011, the US Department of Commerce announced
that it is planning to launch an office the National Strategy
for Trusted Identities in Cyberspace (NSTIC) to promote
online trusted identity technologies. The NSTIC aims to promote
a platform where internet users will receive IDs, thereby
increasing trust among users.
The US Federal Bureau of Investigation (FBI) has established
a separate division to address cyber crime in a coordinated
manner. In October 2010, the FBI arrested more than 90
people, who were believed to be engaged in an international
crime syndicate that hacked into US computer networks to
steal US$70 million. Hackers used spam email to target the
computers of small businesses and individual users. By gaining
access to users passwords and bank account details, the
hackers were able to transfer money from those accounts.
76

crime UK is investing to improve its defense tactics

against cyber :
The UK considers cyber crime to be a tier 1 threat, equating it
to international terrorism and major incidents. In 2008, the
Police Central e-Crime Unit (PCeU) was set up to fight national
cyber crime. The PCeU collaborates with law enforcement
agencies and private industries.
In October 2010, the UK government commited to providing
GBP650 million (US$1 billion) to cyber security initiatives. By
February 2011, GBP63 million (US$100 million) had been
allocated for cyber security. According to a UK government
spokesman, "The government is determined to build an
effective law enforcement response to the cyber crime threat,
building upon the existing expertise within SOCA (national
police unit responsible for pro-active operations against serious
and organized crime) and the Met Police Central e-Crime Unit.
Apart from increasing investments, the UK also plans to
coordinate with Poland on information secu- rity policy while
planning for the Euro2012 football championships and the
London 2012 Olympics.

China is fighting cyber crime with the

international support :
Although China has been regarded as the largest source of
targeted hacking attacks, the country is also on the receiving
end of attacks. In 2009, nearly 200 Chinese government
websites were attacked or infiltrated daily.
In 2009, China incorporated computer crimes into its
criminal law legislation.
The country is collaborating with the UN, Association of
Southeast Asian Nations (ASEAN) and other international
communities and governments in efforts to fight cyber crime.

77

 In 2003, China signed the ASEAN-China Coordination

Framework for Network and Information Security Emergency
Responses and an agreement among the governments of the
SCO Member States on Cooperation in the Field of Ensuring
International Information Security with the ASEAN and SCO
member states, respectively.69, 70 The US has been
supporting the Chinese government in its fight against cyber
crime. Over 200910, the US provided assistance to China in 13
major cases of internet crime.
In an effort to protect confidential information, by May 2010,
China had tightened its Guarding State Secrets law, by holding
internet and mobile phone operators responsible for customers
who try to leak confidential information.

Iran is launching cyber police unit:

In January 2011, Iran officially launched its cyber police unit
to ramp up its fight against cyber crime. The designated web
watchdog team will be responsible for targeting specific
networking websites that engage in espionage and incite riots.
By the end of 2011, nearly all police stations in Iran will have
their own cyber police unit.
Indian government is setting up IT institute :
In January 2011, the Indian government announced that it
plans to set up an institute dedicated to training professionals
and developing technologies to tackle cyber crime. The
institute will be a public-private partnership initiative, with a
total cost of INR1 billion (US$21 million).
In November 2010, Indias Central Bureau of Investigation
(CBI) signed an agreement with industry body Nasscom to
share expertise on ways to counter cyber attacks.
In July 2010, the Indian government proposed an initiative to
develop a unit that will include a group of hackers acting as a
specialized team as counter offence to hacking activities from
foreign countries. The National Technical Research Organisation
78

(NTRO), along with the Defence Intelligence Agency (DIA), was

delegated to create this capability. International organizations
zero in on cyber security Europol enforces EU cyber security
initiatives
In June 2010, Europol (the EUs law enforcement agency)
created the European Union Cyber crime Task Force.78 The task
force includes an expert group of representatives from Europol,
Eurojust (the EU judicial cooperation body) and the European
Commission.
Europol provides the EU members with investigative and
analytical support on cyber crime, and facilitates cross-border
cooperation and information exchange.
NATO alliance provides platform for coordinated
initiative:
At the North Atlantic Treaty Organization (NATO) summit in
November 2010, the EU, NATO and the US, approved plans for
a coordinated approach to tackle cyber crime in member
states. Under the approval, by 2013, an EU cyber crime center
will be established to coordinate cooperation between member
states. Also by that time, a European information sharing and
alert system will facilitate communication between rapid
response teams and law enforcement authorities.
By 2012, the European Commission is expected to create a
network of Computer Emergency Response Teams (CERTs)
that can react in case of computer-related emergencies, such
as cyber attacks with a CERT center in each EU country.

79

SOME INDIAN CASE LAWS

1. Pune Citibank MphasiS Call Center

Fraud
US $ 3,50,000 from accounts of four US customers were
dishonestly transferred to bogus accounts. This will give a lot of
ammunition to those lobbying against outsourcing in US.Such
cases happen all over the world but when it happens in India it
is a serious matter. It is a case of sourcing engineering. Some
employees gained the confidence of the customer and obtained
their PIN numbers to commit fraud. They got these under the
guise of helping the customers out of difficult situations.
Highest security prevails in the call centers in India as they
know that they will lose their business. There was not as much
of breach of security but of sourcing engineering.The call center
employees are checked when they go in and out so they can
not copy down numbers and therefore they could not have
noted these down. They must have remembered these
numbers, gone out immediately to a cyber caf and accessed
the Citibank accounts of the customers. All accounts were
opened in Pune and the customers complained that the money
from their accounts was transferred to Pune accounts and
thats how the criminals were traced. Police has been able to
80

prove the honesty of the call center and has frozen the
accounts where the money was transferred. There is need for a
strict background check of the call center executives. However,
best of background checks can not eliminate the bad elements
from coming in and breaching security. We must still ensure
such checks when a person is hired. There is need for a national
ID and a national data base where a name can be referred to. In
this case preliminary investigations do not reveal that the
criminals had any crime history. Customer education is very
important so customers do not get taken for a ride. Most banks
are guilt of not doing this.

2. Bazee.com case
CEO of Bazee.com was arrested in December 2004 because a
CD with objectionable material was being sold on the website.
The CD was also being sold in the markets in Delhi. The
Mumbai city police and the Delhi Police got into action. The CEO
was later released on bail. This opened up the question as to
what kind of distinction do we draw between Internet Service
Provider and Content Provider. The burden rests on the accused
that he was the Service Provider and not the Content Provider.
It also raises a lot of issues regarding how the police should
handle the cyber crime cases and a lot of education is
required.8

3. State of Tamil Nadu Vs Suhas

Katti
The Case of Suhas Katti is notable for the fact that the
conviction was achieved successfully within a relatively quick
time of 7 months from the filing of the FIR. Considering that
similar cases have been pending in other states for a much
longer time, the efficient handling of the case which happened
to be the first case of the Chennai Cyber Crime Cell going to
8Avnish Bajaj v State (N.C.T.) of Delhi (2005) 3 Comp LJ 364 (Del)
81

trial deserves a special mention. The case related to posting of

obscene, defamatory and annoying message about a divorcee
woman in the yahoo message group. E-Mails were also
forwarded to the victim for information by the accused through
a false e-mail account opened by him in the name of the victim.
The posting of the message resulted in annoying phone calls to
the lady in the belief that she was soliciting. Based on a
complaint made by the victim in February 2004, the Police
traced the accused to Mumbai and arrested him within the next
few days. The accused was a known family friend of the victim
and was reportedly interested in marrying her. She however
married another person. This marriage later ended in divorce
and the accused started contacting her once again. On her
reluctance to marry him, the accused took up the harassment
through the Internet. On 24-3-2004 Charge Sheet was filed u/s
67 of IT Act 2000, 469 and 509 IPC before The Honble Addl.
CMM Egmore by citing 18 witnesses and 34 documents and
material objects. The same was taken on file in
C.C.NO.4680/2004. On the prosecution side 12 witnesses were
examined and entire documents were marked as Exhibits. The
Defence argued that the offending mails would have been
given either by ex-husband of the complainant or the
complainant her self to implicate the accused as accused
alleged to have turned down the request of the complainant to
marry her. Further the Defence counsel argued that some of the
documentary evidence was not sustainable under Section 65 B
of the Indian Evidence Act. However, the court relied upon the
expert witnesses and other evidence produced before it,
including the witnesses of the Cyber Cafe owners and came to
the conclusion that the crime was conclusively proved. Ld.
Additional Chief Metropolitan Magistrate, Egmore, delivered the
judgement on 5-11-04
as follows:
The accused is found guilty of offences under section
469, 509 IPC and 67 of IT Act 2000 and the accused is
convicted and is sentenced for the offence to undergo RI
for 2 years under 469 IPC and to pay fine of Rs.500/-and
82

for the offence u/s 509 IPC sentenced to undergo 1 year

Simple imprisonment and to pay fine of Rs.500/- and for
the offence u/s 67 of IT Act 2000 to undergo RI for 2
years and to pay fine of Rs.4000/- All sentences to run
concurrently.The accused paid fine amount and he was
lodged at Central Prison, Chennai. This is considered as
the first case convicted under section 67 of Information
Technology Act 2000 in India.9

4. The Bank NSP Case

The Bank NSP case is the one where a management trainee of
the bank was engaged to be married. The couple exchanged
many emails using the company computers. After some time
the two broke up and the girl created fraudulent email ids such
as Indian barassociations and sent emails to the boys foreign
clients. She used the banks computer to do this. The boys
company lost a large number of clients and took the bank to
court. The bank was held liable for the emails sent using the
banks system.

5. SMC Pneumatics (India) Pvt. Ltd.

v. Jogesh Kwatra
In India's first case of cyber defamation, a Court of Delhi
assumed jurisdiction over a matter where a corporates
reputation was being defamed through emails and passed an
important ex-parte injunction. In this case, the defendant
Jogesh Kwatra being an employ of the plaintiff company started
sending derogatory, defamatory, obscene, vulgar, filthy and
abusive emails to his employers as also to different subsidiaries
of the said company all over the world with the aim to defame
the company and its Managing Director Mr. R K Malhotra. The
plaintiff filed a suit for permanent injunction restraining the
defendant from doing his illegal acts of sending derogatory
9{State of Tamil Nadu Vs. Suhas Katti, CMM, Egmore, Chennai in 2004}.
83

emails to the plaintiff. On behalf of the plaintiffs it was

contended that the emails sent by the defendant were
distinctly obscene, vulgar, abusive, intimidating, humiliating
and defamatory in nature. Counsel further argued that the aim
of sending the said emails was to malign the high reputation of
the plaintiffs all over India and the world. He further contended
that the acts of the defendant in sending the emails had
resulted in invasion of legal rights of the plaintiffs. Further the
defendant is under a duty not to send the aforesaid emails. It is
pertinent to note that after the plaintiff company discovered
the said employ could be indulging in the matter of sending
abusive emails, the plaintiff terminated the services of the
defendant. After hearing detailed arguments of Counsel for
Plaintiff, Hon'ble Judge of the Delhi High Court passed an exparte ad interim injunction observing that a prima facie case
had been made out by the plaintiff. Consequently, the Delhi
High Court restrained the defendant from sending derogatory,
defamatory, obscene, vulgar, humiliating and abusive emails
either to the plaintiffs or to its sister subsidiaries all over the
world including their Managing Directors and their Sales and
Marketing departments. Further, Hon'ble Judge also restrained
the defendant from publishing, transmitting or causing to be
published any information inthe actual world as also in
cyberspace which is derogatory or defamatory or abusive of the
plaintiffs. This order of Delhi High Court assumes tremendous
significance as this is for the first time that an Indian Court
assumes jurisdiction in a matter concerning cyber defamation
and grants an ex-parte injunction restraining the defendant
from defaming the plaintiffs by sending derogatory,
defamatory, abusive and obscene emails either to the plaintiffs
or their subsidiaries.

6. PARLIAMENT ATTACK CASE

Bureau of Police Research and Development at Hyderabad had
handled some of the top cyber cases, including analysing and
retrieving information from the laptop recovered from terrorist,
84

who attacked Parliament. The laptop which was seized from the
two terrorists, who were gunned down when Parliament was
under siege on December 13 2001, was sent to Computer
Forensics Division of BPRD after computer experts at Delhi
failed to trace much out of its contents. The laptop contained
several evidences that confirmed of the two terrorists motives,
namely the sticker of the Ministry of Home that they had made
on the laptop and pasted on their ambassador car to gain entry
into Parliament House and the the fake ID card that one of the
two terrorists was carrying with a Government of India emblem
and seal. The emblems (of the three lions) were carefully
scanned and the seal was also craftly made along with
residential address of Jammu and Kashmir. But careful detection
proved that it was all forged and made on the laptop.

7. Andhra Pradesh Tax Case

Dubious tactics of a prominent businessman from Andhra
Pradesh was exposed after officials of the department got hold
of computers used by the accused person. The owner of a
plastics firm was arrested and Rs 22 crore cash was recovered
from his house by sleuths of the Vigilance Department. They
sought an explanation from him regarding the unaccounted
cash within 10 days. The accused person submitted 6,000
vouchers to prove the legitimacy of trade and thought his
offence would go undetected but after careful scrutiny of
vouchers and contents of his computers it revealed that all of
them were made after the raids were conducted. It later
revealed that the accused was running five businesses under
the guise of one company and used fake and computerised
vouchers to show sales records and save tax.

8. SONY.SAMBANDH.COM CASE
India saw its first cybercrime conviction recently. It all began
after a complaint was filed by Sony India Private Ltd, which runs
a website called www.sony-sambandh.com, targeting Non
85

Resident Indians. The website enables NRIs to send Sony

products to their friends and relatives in India after they pay for
it online. The company undertakes to deliver the products to
the concerned recipients. In May 2002, someone logged onto
the website under the identity of Barbara Campa and ordered a
Sony Colour Television set and a cordless head phone. She gave
her credit card number for payment and requested that the
products be delivered to Arif Azim in Noida. The payment was
duly cleared by the credit card agency and the transaction
processed. After following the relevant procedures of due
diligence and checking, the company delivered the items to Arif
Azim. At the time of delivery, the company took digital
photographs showing the delivery being accepted by Arif Azim.
The transaction closed at that, but after one and a half months
the credit card agency informed the company that this was an
unauthorized transaction as the real owner had having made
the purchase. The company lodged a complaint for online
cheating at the Central Bureau of Investigation which registered
a case under Section 418, 419 and 420 of the Indian Penal
Code. The matter was investigated into and Arif Azim was
arrested. Investigations revealed that Arif Azim, while working
at a call centre in Noida gained access to the credit card
number of an American national which he misused on the
companys site. The CBI recovered the colour television and the
cordless head phone In this matter, the CBI had evidence to
prove their case and so the accused admitted his guilt. The
court convicted Arif Azim under Section 418, 419 and 420 of
the Indian Penal Code this being the first time that a
cybercrime has been convicted. The court, however, felt that as
the accused was a young boy of 24 years and a first-time
convict, a lenient view needed to be taken. The court therefore
released the accused on probation for one year. The judgment
is of immense significance for the entire nation. Besides being
the first conviction in a cybercrime matter, it has shown that
the the Indian Penal Code can be effectively applied to certain
categories of cyber crimes which are not covered under the
Information Technology Act 2000. Secondly, a judgment of this
86

sort sends out a clear message to all that the law cannot be
taken for a ride.

9. Nasscom vs. Ajay Sood & Others

In a landmark judgment in the case of National Association of
Software and Service Companies vs Ajay Sood & Others,
delivered in March, 05, the Delhi High Court declared
`phishing on the internet to be an illegal act, entailing an
injunction and recovery of damages. Elaborating on the concept
of phishing, in order to lay down a precedent in India, the
court stated that it is a form of internet fraud where a person
pretends to be a legitimate association, such as a bank or an
insurance company in order to extract personal data from a
customer such as access codes, passwords, etc. Personal data
so collected by misrepresenting the identity of the legitimate
party is commonly used for the collecting partys advantage.
court also stated, by way of an example, that typical phishing
scams involve persons who pretend to represent online banks
and siphon cash from e-banking accounts after conning
consumers into handing over confidential banking details. The
Delhi HC stated that even though there is no specific legislation
in India to penalise phishing, it held phishing to be an illegal act
by defining it under Indian law as amis representation made in
the course of trade leading to confusion as to the source and
origin of the e-mail causing immense harm not only to the
consumer but even to the person whose name, identity or
password is misused. The court held the act of phishing as
passing off and tarnishing the plaintiffs image. The plaintiff in
this case was the National Association of Software and Service
Companies (Nasscom), Indias premier software association.
The defendants were operating a placement agency involved in
head-hunting and recruitment. In order to obtain personal data,
which they could use for purposes of headhunting, the
defendants composed and sent e-mails to third parties in the
name of Nasscom. The high court recognised the trademark
rights of the plaintiff and passed an ex-parte ad interim
87

injunction restraining the defendants from using the trade

name or any other name deceptively similar to Nasscom. The
court further restrained the defendants from holding
themselves out as being associates or a part of Nasscom. The
court appointed a commission to conduct a search at the
defendants premises. Two hard disks of the computers from
which the fraudulent e-mails were sent by the defendantsto
various parties were taken into custody by the local
commissioner appointed by the court. The offending e-mails
were then downloaded from the hard disks and presented as
evidence in court. During the progress of the case, it became
clear that the defendants in whose names the offending e-mails
were sent were fictitious identities created by an employee on
defendants instructions, to avoid recognition and legal action.
On discovery of this fraudulent act, the fictitious names were
deleted from the array of parties as defendants in the case.
Subsequently, the defendants admitted their illegal acts and
the parties settled the matter through the recording of a
compromise in the suit proceedings. According to the terms of
compromise, the defendants agreed to pay a sum of Rs1.6
million to the plaintiff as damages for violation of the plaintiffs
trademark rights. The court also ordered the hard disks seized
from the defendants premises to be handed over to the
plaintiff who would be the owner of the hard disks. This case
achieves clear milestones: It brings the act of phishing into
the ambit of Indian laws even in the absence of specific
legislation; It clears the misconception that there is no
damages culture in India for violation of IP rights; This case
reaffirms IP owners faith in the Indian judicial systems ability
and willingness to protect intangible property rights and send a
strong message to IP owners that they can do business in India
without sacrificing their IP rights.

10. Infinity e-Search BPO Case

The Gurgaon BPO fraud has created an embarrassing situation
for Infinity e-Search, the company in which Mr Karan Bahree
88

was employed. A British newspaper had reported that one of its

undercover reporters had purchased personal information of
1,000 British customers from an Indian call-center employee.
However, the employee of Infinity eSearch, a New Delhi-based
web designing company, who was reportedly involved in the
case has denied any wrongdoing. The company has also said
that it had nothing to do with the incident. In the instant case
the journalist used an intermediary, offered a job, requested for
a presentation on a CD and later claimed that the CD contained
some confidential data. The fact that the CD contained such
data is itself not substantiated by the journalist. In this sort of a
situation we can only say that the journalist has used "Bribery"
to induce a "Out of normal behavior" of an employee. This is
not observation of a fact but creating a factual incident by
intervention. Investigation is still on in this matter.

CONCLUSION & SUGGESTIONS:

The IT( Amendment ) Act,2008 from an overall perspective
has introduced remarkable provisions and amendments that
will facilitate the effective enforcement of cyber law in India.
India is now technologically neutral with electronic signatures
replacing the requirement of digital signatures . In this era of
convergence the definition of communication device and
intermediary have been rightly inserted/revisited and
validity of e-contracts is reinforced by insertion of Section 10
A. Section 46(5) of the IT Act is a welcome provision that
empowers the Adjudicating officers by conferring powers of
execution on the office of Adjudicating officer at par with a
civil court. Plethora of new cyber crimes have been
incorporated under chapter XI as offences under the amended
Act to combat growing kinds of cyber crimes particularly,
89

serious crimes such as child pornography, and cyber

terrorism. The Intermediaries have been placed under an
obligation to maintain and provide access to sensitive
information to appropriate agencies to assist in solving
cybercrime cases under Section 67C, Section 69. However,
liability of ISPs has been revisited and onus shall lie on
complainant to prove lack of due diligence or presence of
actual knowledge by intermediary as proving conspiracy
would be difficult. These are some of the challenges that
cyber law enforcement teams will be faced with The power of
interception of traffic data and communications over internet
will need to be exercised in strict compliance of rules framed
under respective Sections in the Act conferring such powers
of monitoring, collection , decryption or interception. Power
for blocking websites should also be exercised carefully and
should not transgress into areas that amounts to
unreasonable censorship. Many of the offences added to the
Act are cognizable but bailable which increases the likelihood
of tampering of evidence by cybercriminal once he is released
on bail. The police must therefore play a vigilant role to
collect and preserve evidence in a timely manner .For this ,
the police force will need to be well equipped with forensic
knowledge and trained in cyber laws to effectively investigate
cybercrime cases. The introduction of Examiner of Electronic
Evidence will also aid in effective analysis of digital evidence
& cybercrime prosecution. Having discussed the new
amendments and challenges before Indian cyber law regime ,
employing the strategies recommended below can facilitate
the enforcement of cyber laws in our country
i. Educating the common man and informing them about
their rights and obligations in Cyberspace. The practical
reality is that most people are ignorant of the laws of the
cyberspace, different kinds of cybercrimes, and forums
for redressal of their grievances. There is an imperative
need to impart the required legal and technical training
to our law enforcement officials, including the Judiciary

90

and the Police officials to combat the Cybercrimes and to

effectively enforce cyber laws .
ii.

The reporting and access points in police department

require immediate attention. In domestic territory, every
local police station should have a cybercrime cell that
can effectively investigate cybercrime cases .
Accessibility is one of the greatest impediments in
delivery of speedy justice.

iii.

Also we have only one Government recognized forensic

laboratory in India at Hyderabad which prepares forensic
reports in cybercrime cases. We need more such labs to
efficiently handle the increasing volume of cybercrime
investigation cases. Trained and well-equipped law
enforcement personnel - at local, state, and global levels
can ensure proper collection of evidence, proper
investigation, mutual cooperation and prosecution of
cybercases.

iv.

Further under Section 79 of the IT Act ,2000 no

guidelines exist for ISPs to mandatorily store and
preserve logs for a reasonable period to assist in tracing
IP addresses in Cybercrime cases. This needs urgent
attention and prompt action.

v.

The investigation of cybercrimes and prosecution of

cybercriminals and execution of court orders requires
efficient international cooperation regime and
procedures. Although Section 1(2) read with Section 75
of the IT Act,2000, India assumes prescriptive jurisdiction
to try accused for offences committed by any person of
any nationality outside India that involves a computer,
computer system or network located in India, on the
enforcement front, without a duly signed extradition
treaty or a multilateral cooperation arrangement, trial of
such offences and conviction is a difficult proposition. IT
91

(Amendment) Act, 2008 is a step in the right direction ,

however, there are still certain lacunae in the Act, (few
of which were briefly pointed out in this paper) which will
surface while the amendments are tested on the anvil of
time and advancing technologies!
To sum up, though a crime-free society is Utopian and exists
only in dreamland, it should be constant endeavour of rules to
keep the crimes lowest. Especially in a society that is
dependent more and more on technology, crime based on
electronic offences are bound to increase and the law makers
have to go the extra mile compared to the fraudsters, to keep
them at bay. Technology is always a double-edged sword and
can be used for both the purposes good or bad.
Steganography, Trojan Horse, Scavenging (and even DoS or
DDoS) are all technologies and per se not crimes, but falling
into the wrong hands with a criminal intent who are out to
capitalize them or misuse them, they come into the gamut of
cyber crime and become punishable offences. Hence, it
should be the persistent efforts of rulers and law makers to
ensure that technology grows in a healthy manner and is
used for legal and ethical business growth and not for
committing crimes.
It should be the duty of the three stake holders viz
i)
the rulers, regulators, law makers and investigators
ii)
Internet or Network Service Providers or banks and
other intermediaries and
iii)
the users to take care of information security playing
their respective role within the permitted parameters
and ensuring compliance with the law of the land.

92