Need for reforms in Cyber Laws: Streamlining the Data Privacy and

Cyber Security Policies

Table of Contents
Chapter 1 1
Introduction 1
1.1 Introductory 1
1.3 Significance of Study 2
1.4 Database and Methodology 2
1.5 Research Questions 2
1.6 Chapterisation Plan 3
Chapter 2 4
Issues in Cyber Space 4
2.1 Definition of Cybercrime 4
2.2 Issues in Cyber Space 5
2.3 Cyber Laws in India 6
2.4 Conclusion 10
Chapter 3 11
CYBER PRIVACY 11
3.1 Definition of Privacy 11
3.2 Privacy and Computers 12
3.3 Activities on Internet which affect privacy 14
3.3.1 Signing up for Internet Services: 14
3.3.3 Cookies 15
3.3.4 Blogging 16
3.3.5 Using Online Banking Services 17
3.5 Conclusion 19
Chapter 4 20
Cyber Security 20
4.1 Meaning of Security 20
4.2.1 Loss of Confidentiality 21
4.2.2. Loss of integrity 22
4.2.3 Loss of availability 22
4.3 Cyber Security scenario in India 22
4.4 Cyber Security in Information Technology Act, 2000 23
4.4.1 Defining appropriate level of compensation 24
4.4.2 Defining penalties for violation 27
4.4.3 Setting up an authority for implementation 27
4.5 Cyber Security Strategy 28
4.6 Conclusion 30
Chapter 5 31
Conclusion & Suggesstions 31
5.1 Net Security be Tightened Up 31
5.2 False E-mail Identity Registration be Treated as an Offence 32
5.3 Liberalization of Law Relating to Search and Seizure 33
5.4 Need for a Universal Legal Regulatory Mechanism 33
5.5 Need for Universalization of Cyber Law 34
5.6 Information Technology (Amendment) Act, 2008 – A Step in the Right Direction 35
5.7 Need for Modernization of Existing Laws and Enactment of New Laws 35

BIBLIOGRAPHY 6
 Chapter 1
Introduction
“This world – cyberspace – is a world that we depend on every single day. It’s our hardware and our
software, our desktops and laptops and cell phones and Blackberries that have become woven into every
aspect of our lives. It’s the broadband networks beneath us and the wireless signals around us, the local
networks in our schools and hospitals and businesses, and the massive grids that power our nation. It’s
the classified military and intelligence networks that keep us safe, and the World Wide Web that has
made us more interconnected than at any time in human history. So cyberspace is real. And so are the
risks that come with it. It’s the great irony of our Information Age – the very technologies that empower
us to create and to build also empower those who would disrupt and destroy. And this paradox – seen
and unseen – is something that we experience every day.”- U.S. President Barack Obama
1.1 Introductory
Internet is the key for development of entire high-tech spectrum through which any information is accessed
and shared lawfully. Cyberspace acts as an e- link between all people across the globe and thereby turning
developing countries to developed ones for establishing a highly sophisticated atmosphere. Unfortunately,
an e-threat to every individual came up in the form of an organized “cybercrime” as a bane having no
evidence of its originator. Malafide intention of Internet criminals is fast approaching in our daily walks of
life with socio-economic, socio-educational and techno-ideological troubles with violence and hatred.
Currently, cybercrime reached to a situation like, the moment innocent people operate computer systems or
laptops or latest mobiles devices, there shall be some unwanted and unauthorized e-programs attacking
them constantly. So, cyberspace not only creates beneficial opportunities but also raises conflicts and cyber
warfare. In the realm of national security, international relations, politics and law, cyber activities now play
an extensive role in all facets of society, situated along an expansive continuum with information analysis
and gathering at one end and hostilities at the other, roughly, and including espionage, surveillance, crime
and other activities along its span.
1.2 Objective and Purpose of Study
The aim of this project is to explore and analyse the impact of technology on the nature of crime. The
study aims at studying various issues which has developed with the advent of Internet such data privacy
issues and cyber security issues. The purpose of study is also analyse the change in law with coming up of
cyber law for example Information Technology Amendment Act 2008. At last the objective of the project
is to give suggestion for improvement in cyber laws so as to combat cyber crimes.
1.3 Significance of Study

The significance of study is to provide solution to new growing issues in cyber crimes. Project provide in
details the impact of advancement in the information technology has affected the nature of crime. Further
emphasis has been laid down on the amendments in existing laws in order to deal with the cyber crimes. In
the project the steps that are taken in order to deal with privacy and cyber security issues are discussed in
detail. The study also provide for reforms in existing laws in order to deal with cyber security and privacy.

1.4 Database and Methodology

The sources of data used are secondary in nature. A host of leading books on cyber laws has been referred
to. Articles from Journals like Cyber law reports, Economic and Political Weekly, Criminal Law Review,
Allahabad Times etc have been used. Internet sources are used in the project.
1.5 Research Questions

The following are research questions:

I. How advancement in the information technology has affected the nature of crime?
II. What are amendments in existing laws in order to deal with the cyber crimes?
III. What are the steps taken in order to deal with privacy and cyber security issues?
IV. What are the loopholes in existing laws relating to cyber crimes?
V. How cyber security and privacy can be provided by reforming the existing laws?

1.6 Chapterisation Plan

Chapter 1 deals with the Introduction . Chapter 2 deals with the issues in cyber crimes which includes
definition of cyber crime and Laws relating to cyber crime. Chapter 3 deals with Data Privacy which
includes definition of privacy, problem of cyber privacy in India and various activities through which
privacy is affected on Internet. Chapter 4 deals with Cyber security in which there is detail study of various
steps taken in India to ensure cyber security. Chapter 5 provides various suggestion in order to combat
cyber crime.

Chapter 2
Issues in Cyber Space

2.1 Definition of Cybercrime

Cybercrimes are activities in which computers, telephones, cellar equipment and other technological
devices are used for illicit purposes such as fraud, theft, electronic vandalism, violating intellectual
properties rights, and breaking and entering into computer systems and networks. Cybercrimes can be
plainly defined as “ crimes directed at a computer or computer system” But the complex nature of the
cyber crimes cannot be sufficiently defined in such simple and limited terms.
Some authorities also use the term “information technology offences” instead of cybercrimes. Thus it is
defined as
“Information technology offences have been taken to encompass any criminal offence, in the investigation
of which investigating authorities must obtain access to information being processed or transmitted in
computer system.”
This definition is too wide as it entails any offence where computer or the information stored in the
computer is involved in its investigation. It has no reference to certain absuses or security breaches which
still do not fall under the term “criminal offence”. it is given from the viewpoint of the investigator and
from the viewpoint of substantive criminal law which requires a reference to the malicious act or to the
guilty mind. Some of the common definitions of cybercrimes are:
i) A criminal activity that involves unlawful access to or utilization of computer systems.
ii) Any illegal action in which computer is used as tool or object of the crime, in other words, any crime,
the means or purpose of which is to influence the functions of the computer.
iii) Any incident associated with computer technology in which a victim suffered or could have suffered
loss and a perpetrator, by intention made or could have made a gain.
iv) Any violation of the law in which computer is target of or the means for committing crime.
v) Any activity which involves the unauthorized and unlawful access to or utilization of computer systems
or networks in order to tamper with the data, or to intentionally transact anything illegal with the help of
computers and the Internet, can be broadly be called as cyber crime.
Cybercrime are the products of the Internet. These crimes were unknown to the legal world prior to the
birth of the Internet and include not only acts which are employed to commit traditional crime s using Net
but also those crimes which are committed thoroughly and exclusively using the Internet.
2.2 Issues in Cyber Space
Internet is otherwise known as Cyberspace. Cyberspace is anonymous and borderless unlike physical
space. In general, the nature of Internet and its relative anonymity enable individuals to behave differently
from the physical world. Also, the cyberspace renders virtual environment where anybody can blot out his
identity on the network and creates a false name or can take on some other identity. Crimes committed in
cyber space constitute most of Cyber-crimes. According to UK government cyber-crime strategy “the
nature of cyber space not only allows criminals to be located in various countries and far away from the
victim, they can also target many thousands of victims at once.. For example, a phishing email or hacking
of data servers can be done by a single person to acquire data to harm millions of victims.
Privacy is almost a myth nowadays as technology and internet have given the government and other
entities, unrestricted admission into the lives of the public. The vulnerability of one’s private information is
more exposed online as the users do not have control over the information generated in an online portal.
With the rise of online transactions, unscrupulous internet entities have started defrauding users. The
globally digitalized era of today requires laws to govern the menace of cyber crimes.
The risk in cyberspace is multiple. They threaten personal data security. Victims on the whole suffer
financial loss through frauds and get defamed by willful perpetrators. Therefore, online risks may often
lead to physical or mental harm or both to the individual. Cybercriminals can effectively function from any
place in the world in many disguises and intermediaries and target large number of people or businesses all
around international boundaries. Therefore the challenges are wide, varying and great in magnitude.
2.3 Cyber Laws in India
Information Technology Act, 2000 is India’s nodal legislation regulating the use of computers, computer
systems and computer networks as also data and information in the electronic format. This legislation has
touched varied aspects pertaining to electronic authentication, digital (electronic) signatures, cyber crimes
and liability of network service providers. The Preamble to the Act states that it aims at providing legal
recognition for transactions carried out by means of electronic data interchange and other means of
electronic communication, commonly referred to as "electronic commerce", which involve the use of
alternatives to paper-based methods of communication and storage of information and aims at facilitating
electronic filing of documents with the Government agencies. This Act was amended by Information
Technology Amendment Bill, 2008 which was passed in Lok Sabha on 22nd December, 2008 and in Rajya
Sabha on 23rd December, 2008. It received the assent of the President on 5th February 2009 and was
notified with effect from 27/10/2009.
2.3.1 Offences under The Information Technology Act 2000
Section 65. Tampering with computer source documents:
Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes
another to conceal, destroy or alter any computer source code used for a computer, computer Programme,
computer system or computer network, when the computer source code is required to be kept or
maintained by law for the being time in force, shall be punishable with imprisonment up to three year, or
with fine which may extend up to two lakh rupees, or with both.

Explanation: For the purpose of this section “computer source code” means the listing of programmes,
computer commands, design and layout and programme analysis of computer resource in any form.
The object of the section is to protect the “intellectual property” invested in the computer. It is an attempt
to protect the computer source documents (codes) beyond what is available under the Copyright Law. In
the case of Frios v/s State of Kerela it was declared that the FRIENDS application software as protected
system. The author of the application challenged the notification and the constitutional validity of software
under Section 70. The court upheld the validity of both. It included tampering with source code. Computer
source code the electronic form, it can be printed on paper. The court held that Tampering with Source
code are punishable with three years jail and or two lakh rupees fine of rupees two lakh rupees for altering,
concealing and destroying the source code.
Parliament Attack Case: In this case several terrorist attacked on 13 December, 2001Parliament House. In
this the Digital evidence played an important role during their prosecution. The accused argued that
computers and evidence can easily be tampered and hence should not be relied.In Parliament Attack
case several smart device storage disks and devices, a Laptop were recovered from the truck intercepted at
Srinagar pursuant to information given by two suspects. The laptop included the evidence of fake identity
cards, video files containing clips of the political leaders with the background of Parliament in the
background shot from T.V news channels. In this case design of Ministry of Home Affairs car sticker,
there was game “wolf pack” with user name of ‘Ashiq’. There was the name in one of the fake identity
cards used by the terrorist. No back up was taken therefore it was challenged in the Court. Court held that
Challenges to the accuracy of computer evidence should be established by the challenger. Mere theoretical
and generic doubts cannot be cast on the evidence.
Section66. Hacking with the computer system:
(1) Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the
public or any person destroys or deletes or alters any information residing in a computer resource or
diminishes its value or utility or affects it injuriously by any means, commits hacking.
(2) Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which
may extend up to two lakh rupees, or with both.
The perspective of the section is not merely protect the information but to protect the integrity and security
of computer resources from attacks by unauthorized person seeking to enter such resource, whatever may
be the intention or motive.
Section 67. Publishing of obscene information in electronic form:
Whoever publishes or transmits or causes to be published in the electronic form, any material which is
lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt
persons who are likely, having regard to all relevant circumstance, to read see or hear the matter
contained or embodied in it, shall be punished on first conviction with imprisonment of either description
for a term which may extend to five years and with fine which may extend to one lakh rupees and in the
event of a second or subsequent conviction with imprisonment of either description for a term which may
extend to ten years and also with fine which may extend to two lakh rupees.
The case of State of Tamil Nadu v/s Suhas Katti is about posting obscene, defamatory and annoying
message about a divorcee woman in the Yahoo message group. E-mails were forwarded to the victim for
information by the accused through a false e- mail account opened by him in the name of the victim. These
postings resulted in annoying phone calls to the lady. Based on the complaint police nabbed the accused.
He was a known family friend of the victim and was interested in marrying her. She married to another
person, but that marriage ended in divorce and the accused started contacting her once again. And her
reluctance to marry him he started harassing her through internet. The accused is found guilty of offences
under section 469, 509 IPC and 67 of IT Act 2000 and the accused is convicted and is sentenced for the
offence to undergo RI for 2 years under 469 IPC and to pay fine of Rs.500/-and for the offence u/s 509 IPC
sentenced to undergo 1 year Simple imprisonment and to pay fine of Rs.500/- and for the offence u/s 67 of
IT Act 2000 to undergo RI for 2 years and to pay fine of Rs.4000/- All sentences to run concurrently.”
By IT Amendment Act, 2008 various new offences has been introduced in the Act. Section 66A states any
offensive information with demean character or information known as false but sent for purpose of causing
annoyance, inconvenience, danger, enmity, hatred or criminal intimidation to mislead the recipient is liable
for imprisonment upto 3 years with (or) without fine. Section 66 B,C,D for fraudulently or dishonesty
using or transmitting information or Identity theft is punishable with 3 yr imprisonment or 1,00,000 fine or
both. Section 66 E provide punishment for Violation of privacy by transmitting image of private area
which is 3 yr imprisonment or 2,00,000 fine or both. Section 66 F deals with Cyber Terrorism affecting
unity, integrity security, sovereignity of India through digital medium is liable for life imprisonment
Section 67 states publishing obscene information or pornography or transmitting obscene information in
public is liable for imprisonment upto 5 years or penalty of Rs. 10,00,000 or both.
2.4 Conclusion
The Information Technology (IT) Act 2000, which also deals with cyber crimes, is unlikely to protect the
Indian IT companies' interests. The Act also does not have proper mechanism to encourage online
transactions, which forms a major portion of the business transactions overseas. Indian Penal Code, 1860
also provide for punishment for cyber crimes. For example making Forged document (Section 463) ,
sending defamatory message or images E-mail is punishable under Section 499 and 500 of IPC, 1860. So it
can be concluded that keeping in view the changing circumstances legislation has enacted laws. Cyber
laws are made to combat new offences which are developing with advancement in information technology.
Chapter 3
CYBER PRIVACY

Over the course of the past few years, the internet has brought about a substantial change in how we
function. Electronic communication and e-commerce have become essential parts of our daily lives and it
is difficult to envisage a life wherein such facilities do not exist. A major reason as to why the internet has
been so vociferously adopted and given such importance is its ease of use and accessibility and the relative
security it supposedly offers. Websites now store bank details of their customers, Government run websites
allow us to file income tax returns online, social media sites enable us to carry out private conversations
without ‘anyone’ eavesdropping. As a faceless organisation, the internet seems to offer both anonymity
and security – something which may be hard to come across in real life. It seems almost inconceivable that
our privacy could be infringed in any way, much less by the very agencies which purport to protect us.
3.1 Definition of Privacy
Every person has a desire to keep a part of his life private. This is broad meaning of “Privacy”. The area of
life which one wants to keep away from the public gaze may relate to one’s personality, one’s name, one’s
private life, one’s papers and the like. Privacy has been defined by Black’s Law Dictionary as the “right to
be let alone; the right of a person to be free from unwarranted publicity; and the right to live without
unwarranted interference by the public in matters with which the public is not necessarily
concerned.” Privacy may be defined as the claim of individuals, groups or institutions to determine when, how and to
what extent information about them is communicated to others. Right to Privacy like any other right is not absolute;
disclosure of personal information is justified under certain circumstances. Article 12 of the Universal Declaration
of Human Rights (1948) further states that “No one shall be subjected to arbitrary interference with his
privacy, family, home or correspondence nor to attacks upon his honour and reputation. Everyone has the
right to the protection of the law against such interference or attacks." The International Covenant of Civil
and Political Rights (to which India is a party) states under Article 17 that "No one shall be subjected to
arbitrary or unlawful interference with his privacy, family, home and correspondence, nor to unlawful
attacks on his honour and reputation." Hence privacy, in simple terms, can be defined as the right to be left
alone. Each and every person should have the right to control the amount of information about himself
which he wishes to share.
The Hon’ble Supreme Court of India in R. Rajagopal v. State of T.N. held the right to privacy as an
integral part of the fundamental right to life under Article 21 of The Constitution of India. The right to
privacy is a right to be let alone. None can publish anything concerning the above matters without his
consent, whether truthful or otherwise and whether laudatory or critical. If he does so, he would be
violating the right to privacy of the person concerned and would be liable in an action for damages.
3.2 Privacy and Computers
Before the internet came into our lives, it was considerably simpler to trace the breach of privacy. In regard
to computers it is informational privacy” that becomes material. In Germany, it is called “informational
self-determination.” The varying nature and volume of information, which is generated, stored and
retrieved in computers, renders this right very important. Many people assume that use of the Internet is
anonymous, private: not tracked, and not watched. The idea arises because users are rarely if ever asked
explicitly to provide personal information as they use the Internet, and when they are the request is usually
accompanied by a convincingly worded privacy or security guarantee. However, the assumption is
misplaced. The Internet has many data collection mechanism able to collect variety of information about
surfers; good purchased, site visited, personal information and so on. It is possible to create personal
profiles from information collected from a range of sources, which can be paired with information about
the user’s computer. This lead to the creation of a personal profile attached to a particular computer.
Therefore, it is possible to collect, organise, buy utilise much more information than might first be thought.
For example, during the confirmation hearings in the information in the nomination process of Robert
Bork for a seat on the US Supreme Court , a journalist was able to obtain a computerised record of 146
videos hired by Bork and his wife. While this might seem to be innocuous enough, it has wider
implications for the security of personal data.
In the revolutionary cyber age, breach of privacy has made an individual a fully transparent entity and
privacy has evolved from a right close to a marketable commodity. Today, the cyberspace is embedded
with a rich trove of personal data and privacy has emerged as a saleable commodity and has joined the list
of other controversial commodities discussed in Margaret Jane Radin’s well-known book Contested
Commodities like body parts, wombs, babies, etc. Technological devices are being used to break the
confidentiality of the data stored in computers raising grim privacy and legal concerns. The following
query explains it all, “who is stealing your information”. In today’s enterprises, the answer is…everyone.”
In the age of Information technology, right to privacy may be infringed in the following ways:
i) Utilising private data for a purpose other than that for which it was collected.
ii) Sending of unsolicited e-mails or spamming
iii) Unauthorised reading of e-mails of employees etc.
Phone-tapping, leaking of documents, stalking, monitoring etc. can all be discerned to an extent. However
the relative anonymity offered by the internet and poor understanding of it functions has lead to breaches
in privacy users may not even be aware of. The technical language adopted while attempting to explain
cyber security such as data packets, internet protocol, gateway etc often fails to hold the attention of the
average user. Inadequate information hence leads to low awareness and failure to adopt proper security
measures. Companies in an effort to increase their revenue monitor usage patterns in order to present
personalised advertisements for the user’s potential needs. A few years ago, the popular social networking
site, Facebook, came under fire for leaking the private information of its users to third parties, in particular
advertisement agencies. The company later introduced a clause in its agreement with the user wherein the
user could decide whether or not he/she wished Facebook to share information with third parties. Though
the fire was put out, concerns still existed as the privacy policies of social media sites.
3.3 Activities on Internet which affect privacy
While travelling in cyberspace, we provide information to others at almost every step of the way. Often
this information is like a puzzle that needs to be connected before our picture is revealed. Information we
provide to one person or company may not make sense unless it is combined with the information which
we provide to another person or company. There are various ways in which we give information to others
which are discussed below.
3.3.1 Signing up for Internet Services:
When we pay for internet ourself, we signed up with an Internet Service Provider (ISP). The ISP provides
the mechanism for connecting the computer to the Internet. There are thousands of ISPs around the world
offering a variety of services. They vary from well-known ones like AOL. Earthlink, and our cable and
telephone providers to small ones that may be located offshore. Each computer connected to the Internet
has a unique address known as IP address. It is the number that actually allows us to send and receive
information over the Internet. Our IP address by itself does not provide personally identifiable information.
However, because our ISP knows our address, it is possible weak link when it comes protecting our
privacy. Most ISPs work to protect privacy, but each had its own privacy policy. It’s up to us to read the
privacy and understand it.
3.3.2 E-mail and List-serves
When we correspond through e-mail we are no doubt aware that we are giving information to the recipient.
We might also be giving the information to any number of people, including our employer, the
government, or e-mail provider, and anybody that the receipent paases our message to. When participating
i online discussion groups, which are sometime called “list-servers, we must remember that either the
sender or recipient consent to the inspection or disclosure of the e-mail. Additionally, if we are concerned
about junk mails, forwarded messages, or other unsolicited mail, we should note that we are giving our e-
mail address to numerous persons. Sometime message boards and list-serves are archived. For Example,
Google Groups have saved discussion going back to 1981.
3.3.3 Cookies
Through the use of a data-gathering technique called Internet cookies, online businesses and Web-site
owners can store and retrieve information about a user who visits their Web sites, typically without that
user's knowledge or consent. Cookies technology has generated considerable controversy, in large part,
because of the novel way in which certain information about Internet users can be collected and stored.
Information about an individual's online browsing preferences can be "captured" while that user is visiting
a Web site, and then stored on a file placed on the hard drive of the user's computer system. The
information can then be retrieved from the user's system and resubmitted to a Web site the next time the
user accesses that site. Cookies technology is the only data-gathering technique that actually stores the data
it gathers about a user on the user's computer system.
The owners and operators of one Web site cannot access cookies-related information pertaining to a user's
activities on another Web site. However, information about a user's activities on different Web sites can,
under certain circumstances, be gathered and compiled by online advertising agencies. For example, online
advertising agencies such as DoubleClick.net, who pay to place advertisements on Web sites, include a
link from a host site's Web page to the advertising agency's URL. So when a user accesses a Web page that
contains an advertisement from DoubleClick.net, a cookie is sent to the user's system not only from the
requested Web site but also from that online advertising agency. The advertising agency can then retrieve
the cookie from the user's system and use the information it acquires about that user in its marketing
advertisements. The agency can also acquire information about that user from cookies retrieved from other
Web sites the user has visited, assuming that the agency advertises on those sites as well. The information
can then be combined and cross-referenced in ways which enable a marketing profile of that user's online
activities to be constructed and used in more direct advertisements.
To assist Internet users in their concerns about cookies, a number of privacy-enhancing tools have recently
been made available. One such product from Pretty Good Privacy (PGP) is pgpcookie.cutter, which
enables users to identify and block cookies on a selective basis. In the newer versions of most Web
browsers, users have an option to "disable" cookies. As such, users can either opt-in or opt-out of cookies,
assuming that they are aware of cookies technology and assuming that they know how to enable/disable
that technology on their Web browsers.The reason that privacy threats associated with cookies can be
categorized as an Internet-specific privacy concern, of course, is that the privacy threats posed by that
particular data-gathering technique is unique to the Internet.
3.3.4 Blogging
Web logs, or “blogs,” are journals (or newsletters) that are frequently updated and intended for general
public consumption. Depending on the service you use to post your blog, your private information may be
available. Generally blog services will allow you at least some control over how much personal
information you make public. Read the service agreement carefully to determine exactly what is required
and what will be revealed. Most blogs also allow comments by readers. Although some allow you to
comment anonymously, others require registration and at least an e-mail address. Consider carefully how
much information you’re willing to give and if you want your personal information linked to your
comments or posts forever. Most blogs will record your IP address, which may enable them to determine
your identity. In addition, if the blog has placed a cookie on your device, it may be able to associate your
post with other comments that you have made.In addition to information you may be providing through
signing up for the blog, the contents of your blog are published for everyone, including employers, to
see. There have been reports of employers firing employees for blogging. The content does not even
necessarily have to be about the employer.
3.3.5 Using Online Banking Services
Being able to check your balances, transfer money between accounts, pay your bills, and track your checks
online is a great convenience. But online banking requires you to transmit a lot of sensitive information
over the Internet. While it makes sense for the bank to have that information, you don’t want anyone else
to get it. Most banks and other financial institutions use a system of passwords and encryption to safeguard
your information. While managing our financial accounts we must be sure to use a different password for
online banking (and for any other online financial accounts) than one use on any other website.
There are many other activities on Internet that affect our privacy such as Web Bugs, direct Marketing,
Illegal activites, Spyware, Pishing, Hacking etc.
3.4 Privacy under Information Technology Act, 2000.
Till recently India did not have legislation on privacy and it had been the judiciary’s responsibility to
interpret privacy within existing legislations. Information technology Act,2000 provides for penalty for
breach of confidentiality and privacy.
72. Penalty for breach of confidentiality and privacy.-Save as otherwise provided in this Act or any other
law for the time being in force, if any person who, in pursuance of any of the powers conferred under this
Act, rules or regulations made thereunder, has secured access to any electronic record, book, register,
correspondence, information, document or other material without the consent of the person concerned
discloses such electronic record, book, register, correspondence, information, document or other material
to any other person shall be punished with imprisonment for a term which may extend to two years, or with
fine which may extend to one lakh rupees, or with both. "
Section 72 of the Information Technology Act, 2000 provided for a penalty of imprisonment for a term
extending to two years, or with fine which may extend to one lakh rupees, or with both for the disclosure
of information by a person without obtaining the consent of the person whose information has been
obtained. In 2011, the Ministry of Communications and Information Technology notified the Information
Technology (Reasonable security practices and procedures and sensitive personal data or information)
Rules, 2011 under the Information Technology Act, 2000. Now, body corporate need to provide policy for
privacy and disclosure of information.
The U.N. Special Rapporteur on Promotion and Protection of Right to Freedom, in his report of April 17,
2013, has concluded that apart from increasing public awareness of threats to privacy, States must
“regulate the commercialization of surveillance technology”.However, what is being ignored in the
clamour for the protection of an individual’s privacy rights is the fact that the motivation behind such
monitoring and surveillance is to prevent the commission of any offence, example – the Al Qaeda has been
known to make usage of the internet in order to plan and execute their operations. The primary motivation
behind such surveillance and breach of privacy would be the age old adage “prevention is better than
cure”. Ironically, it is in order to protect the most fundamental right, the right to life, that invasion of
privacy and hence infringement of the right to privacy.
3.5 Conclusion
In conclusion, surveillance and monitoring by the State was always inevitable. Though it is a breach of
privacy and hence a cyber crime, for the greater good of the general population at large, such intense
measures would be required as it allows the State to prevent the commission of an offence and the
inevitable blame game which follows such events. Security is of paramount importance and over time it
might become acceptable that certain aspects of a person’s rights need to be put aside to ensure overall
safety. In an ideal world perhaps such invasion of privacy would not occur, but then again in an ideal
world such threats to national sovereignty and integrity, state security, etc. would not occur.
Chapter 4
Cyber Security

Information Technology plays an important and vital role in all sectors of society. As consequences,
security has become an essential component of IT. However, it is a complex subject and the appropriate
measures will often depend, to a large extent, on the type and location of IT equipment. The potential
security threats and risks have to be carefully assessed in every situation. It is absolutely vital that all
concerned persons were made aware of the threats an risks that may affect them, and over which they have
control. Only then will they fully understand and apply the appropriate security procedure. Threat to
information system may arise from intentional or unintentional acts and may come from internal or
external sources.
4.1 Meaning of Security
The very nature of the Internet makes it vulnerable to attack. It was designed to allow for the freest
possible exchange of information, data and files and it has successfully admirably, far beyond its
designers’ wildest expectations. However, that freedom carries a price. Hackers and virus writers try to
attack the Internet and Computer connected to the internet, those who want to invade others’ privacy
attempt to crack database of sensitive information or snoop on information as it travels across the Internet
and distasteful and pornographic sites have sprung up on the web and on Usenet newsgroups. The Internet
is notoriously insecure network; anything sent across it can be easily snooped upon. This is of particular
concern when highly confidential information, such as corporate data and credit card numbers, is
transmitted across the Internet. Unless there is some way to protect that kind of information, the internet
will never be a secure place to do business or send private, personal correspondence.
Security is a broad topic and covers a multitude of sins. In its simplest form, it is concerned with making
sure that nosy people cannot read, or worst yet, modify messages intended for other recipients. It is
concerned with people trying to access remote services that they are not authorised to use. Security also
deals with the form of legitimate messages being captured and replayed, and with people trying to deny
that they sent certain messages. Most security problem are intentionally caused by malicious people trying
to gain some benefits or harm someone. It involves outsmarting often intelligent, dedicated and sometime
well funded adversaries. So in nutshell, we define security threat as a circumstance, condition or event,
with the potential to cause economic hardship to data or network resources in the form of destruction,
disclosure, and modification of data, denial of services, and/or fraud, waste and abuse.
4.2 Majors concerns of Security:
The three major concerns regarding security on the internet are:
4.2.1 Loss of Confidentiality
Concepts related to people using this information are authentication, authorisation, and non repudiation.
When information is read or copied by someone not authorised to do so, the result is known as loss of
confidentiality. For some type of information, confidentiality is very important attribute. Example research
data, medical and insurance records, new product specifications, and corporate investment strategies. In
some locations, there may be a legal obligation to protect the privacy of individuals. This is particularly
true for most bank and loan companies, debt collecting agencies, business that offer credit to their
customers, debt collecting agencies, business that offer credit to their customers or issue credit cards,
hospitals, doctors, individual or agencies that offer services such as drug treatment and agencies that
collect taxes.
4.2.2. Loss of integrity
Information can be corrupted when it is available on an insecure network. When information is modified in
unexpected ways, the result is known as loss of integrity. This means that unauthorised changes are made
to information, whether by human error or intentional tampering. Integrity is particularly important for
critical safety and financial data used for activities such as electronic fund transfers, air traffic control, and
financial accounting.
4.2.3 Loss of availability
Information may be erased or become inaccessible, resulting in loss of availability. This mean the people
who are authorised to get information cannot get what they need. Availability is often most important
attribute in service-oriented businesses that depend on information. Availability of the network itself is
important to anyone whose business or education relies on a network connection. When a user cannot get
access to the network or specific services provided on the network, they experience a denial of services.
4.3 Cyber Security scenario in India
In keeping with the general trend of growth of information technology worldwide, in India too there has
been tremendous growth in use of information technology in all walks of life. The internet user base has
increased to 100 million and total broadband subscriber base has increased to 12.69 million. The target for
broadband connections by 2014 is 22 million. Today, India has 134 major ISPs, 10 million registered
domain names (1 million ‘.in’ domains) and over 260 data centers all over the country. Information
Technology (Amendment) Act, 2008 has defined cyber security as protecting information, equipment,
devices, computer, computer resources, communication device and information stored therein from
unauthorized access, use disclosure, disruption, modification or destruction.
Significant increase in cyber space activities and access to internet use in the country has resulted in
increased opportunities for technology related crime. Coupled with this, lack of user end discipline
inadequate protection of computer systems and the possibility of anonymous use of ICT – allowing users
to impersonate and cover their tracks of crime, has emboldened more number of users experimenting with
ICT abuse for criminal activities. This aspect, in particular, has a significant impact in blunting the
deterrence effect created by legal framework in the form of Information Technology Act 2000 and other
well-intended actions of enhancing cyber security in the country. As a result, today Indian cyber threat
landscape, like other parts of the world, has seen a significant increase in spam & phishing activities, virus
and worm infections, spread of bot infected systems. The rate of computer infections and spam & phishing
activities in the country keep fluctuating, making India figure among the active sources, as is generally
seen in developed economies with high rate of IT usage.
4.4 Cyber Security in Information Technology Act, 2000
The amendments which has transformed ITA 2000, the landmark cyber legislation in India which was first
enacted with effect from October 17, 2000, has provided a new focus on Information Security in India.
Information Technology (Amendment) Act, 2008 has defined cyber security in Section 2 (nb) as protecting
information, equipment, devices, computer, computer resources, communication device and information
stored therein from unauthorized access, use disclosure, disruption, modification or destruction. The term
incorporates both the physical security of devices as well as the information stored there in. It covers
"Protection from unauthorised access, use, disclosure, disruption, modification and destruction"
To support the development of the Cyber Security infrastructure, the amendments also focus on
a) Defining penalties for violation
b) Defining appropriate level of compensation
c) Setting up an authority for implementation
4.4.1 Defining appropriate level of compensation
Section 43 in The Information Technology Act, 2000
43 Penalty and compensation for damage to computer, computer system, etc. -If any person without
permission of the owner or any other person who is incharge of a computer, computer system or computer
network,-
(a) accesses or secures access to such computer, computer system or computer network [or computer
resource];
(b) downloads, copies or extracts any data, computer data base or information from such computer,
computer system or computer network including information or data held or stored in any removable
storage medium;
(c) introduces or causes to be introduced any computer contaminant or computer virus into any computer,
computer system or computer network;
(d) damages or causes to be damaged any computer, computer system or computer network, data,
computer data base or any other programmes residing in such computer, computer system or computer
network;
(e) disrupts or causes disruption of any computer, computer system or computer network;
(f) denies or causes the denial of access to any person authorised to access any computer, computer system
or computer network by any means;
(g) provides any assistance to any person to facilitate access to a computer, computer system or computer
network in contravention of the provisions of this Act, rules or regulations made thereunder;
(h) charges the services availed of by a person to the account of another person by tampering with or
manipulating any computer, computer system, or computer network,
(i) destroys, deletes or alters any information residing in a computer resource or diminishes its value or
utility or affects it injuriously by any means;
If any person without permission of the owner or any other person who is incharge of a computer,
computer system or computer network-
(i) accesses such computer, computer system or computer network or computer resource; (ii) downloads,
copies or computer system or computer network or computer resource; (ii) downloads, copies or extracts
any data, computer data-base or information; (iii) introduces or causes to be introduced any computer
contaminant or computer virus; (iv) damages or causes to be damaged any computer, computer system or
computer network data, computer database or any other programmes; (v) disrupts or causes disruption;
(vi) denies or causes the denial of access to any person authorised to access; (vii) provides any assistance
to any person to facilitate access in contravention of the provisions of this Act; (viii) charges the services
availed of by a person to the account of another person by tampering with or manipulating any computer,
computer system or computer network; destroys, deletes or alters any information residing in a computer
resource or diminishes its value or utility or affects it injuriously by any means; (x) steal, conceals,
destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code with
intention to cause damage; he shall be liable to pay damages by way of compensation to the person so
affected.
Section 43 deals with penalties and compensation for damage to computer, computer system etc. This
section is the first major and significant legislative step in India to combat the issue of data theft. The IT
industry has for long been clamouring for legislation in India to address the crime of data theft, just like
physical theft or larceny of goods and commodities. This Section addresses the civil offence of theft of
data.
Thus the new Section 43-A is dealing with compensation for failure to protect data was introduced in the
ITAA -2008.
43A.Compensation for failure to protect data. –
Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a
computer resource which it owns, controls or operates, is negligent in implementing and maintaining
reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any
person, such body corporate shall be liable to pay damages by way of compensation, not exceeding five
crore rupees, to the person so affected. (Change vide ITAA 2008)
Explanation: For the purposes of this section
(i) "body corporate" means any company and includes a firm, sole proprietorship or other association of
individuals engaged in commercial or professional activities
(ii) "reasonable security practices and procedures" means security practices and procedures designed to
protect such information from unauthorised access, damage, use, modification, disclosure or impairment,
as may be specified in an agreement between the parties or as may be specified in any law for the time
being in force and in the absence of such agreement or any law, such reasonable security practices and
procedures, as may be prescribed by the Central Government in consultation with such professional
bodies or associations as it may deem fit.
(iii) "sensitive personal data or information" means such personal information as may be prescribed by the
Central Government in consultation with such professional bodies or associations as it may deem fit.
This is another watershed in the area of data protection especially at the corporate level.As per this Section,
where a body corporate is negligent in implementing reasonable security practices and thereby causes
wrongful loss or gain to any person, such body corporate shall be liable to pay damages by way of
compensation to the person so affected. The Section further explains the phrase ‘body corporate’ and quite
significantly the phrases ‘reasonable security practices and procedures’ and ‘sensitive personal data or
information’. Thus the corporate responsibility for data protection is greatly emphasized by inserting
Section 43A whereby corporate are under an obligation to ensure adoption of reasonable security practices.
Further what is sensitive personal data has since been clarified by the central government vide its
Notification dated 11 April 2011 giving the list of all such data which includes password, details of bank
accounts or card details, medical records etc. After this notification, the IT industry in the nation including
techsavvy and widely technology-based banking and other sectors became suddenly aware of the
responsibility of data protection and a general awareness increased on what is data privacy and what is the
role of top management and the Information Security Department in organisations in ensuring data
protection, especially while handling the customers’ and other third party data.
The Information Technology (Reasonable security practices and procedures and sensitive personal data or
information) Rules have since been notified by the Government of India, Dept of I.T. on 11 April 2011.
Any body corporate or a person on its behalf shall be considered to have complied with reasonable security
practices and procedures, if they have implemented such security practices and standards and have a
comprehensive documented information security programme and information security policies containing
managerial, technical, operational and physical security control measures commensurate with the
information assets being protected with the nature of business. In the event of an information security
breach, the body corporate or a person on its behalf shall be required to demonstrate, as and when called
upon to do so by the agency mandated under the law, that they have implemented security control
measures as per their documented information security programme and 7 information security policies.
The international Standard IS/ISO/IEC 27001 on "Information Technology – Security Techniques -
Information Security Management System - Requirements" is one such standard referred to in sub-rule
(1). The essence of Section 43 is civil liability. Criminality in the offence of data theft is being separately
dealt with later under Sections 65 and 66.
4.4.2 Defining penalties for violation
Section 66 [Computer Related Offences] amended vide Information Technology Amendment Act 2008
reads as under:
If any person, dishonestly, or fraudulently, does any act referred to in section 43, he shall be punishable
with imprisonment for a term which may extend to two three years or with fine which may extend to five
lakh rupees or with both.
Explanation: For the purpose of this section,- the word "dishonestly" shall have the meaning assigned to it
in section 24 of the Indian Penal Code; the word "fraudulently" shall have the meaning assigned to it in
section 25 of the Indian Penal Code.
4.4.3 Setting up an authority for implementation
Section 69B and 70B provides for setting up authority for implementation of provision of the Act to
enhance Cyber Security.
69B. Power to authorize to monitor and collect traffic data or information through any computer resource
for Cyber Security.- (1) The Central Government may, to enhance Cyber Security and for identification,
analysis and prevention of any intrusion or spread of computer contaminant in the country, by notification
in the official Gazette, authorize any agency of the Government to monitor and collect traffic data or
information generated, transmitted, received or stored in any computer resource.
(2) The Intermediary or any person in-charge of the Computer resource shall when called upon by the
agency which has been authorized under sub-section (1), provide technical assistance and extend all
facilities to such agency to enable online access or to secure and provide online access to the computer
resource generating, transmitting, receiving or storing such traffic data or information.
(3) The procedure and safeguards for monitoring and collecting traffic data or information, shall be such
as may be prescribed.
(4) Any intermediary who intentionally or knowingly contravenes the provisions of subsection (2) shall be
punished with an imprisonment for a term which may extend to three years and shall also be liable to fine.
Explanation: For the purposes of this section,
(i) "Computer Contaminant" shall have the meaning assigned to it in section 43
(ii) "traffic data" means any data identifying or purporting to identify any person, computer system or
computer network or location to or from which the communication is or may be transmitted and includes
communications origin, destination, route, time, date, size, duration or type of underlying service or any
other information
Under Section 70B (4),
The Indian Computer Emergency Response Team shall serve as the national agency for performing the
following functions in the area of Cyber Security,-
(a) collection, analysis and dissemination of information on cyber incidents
(b) forecast and alerts of cyber security incidents
(c) emergency measures for handling cyber security incidents
(d) Coordination of cyber incidents response activities
(e) issue guidelines, advisories, vulnerability notes and white papers relating to information security
practices, procedures, prevention, response and reporting of cyber incidents
(f) such other functions relating to cyber security as may be prescribed Under Section 70 (B) (6),
For carrying out the provisions of sub-section (4), the agency referred to in sub-section (1) maycall for
information and give direction to the service providers, intermediaries, data centers, body corporate and
any other person Under Section 70 (B)(7)
Any service provider, intermediaries, data centers, body corporate or person who fails to provide the
information called for or comply with the direction under sub-section (6) , shall be punishable with
imprisonment for a term which may extend to one year or with fine which may extend to one lakh rupees or
with both.
The cumulative effect of the above provisions of ITA 2008 is to create a new Cyber Security
Implementation infrastructure in India and is considered a highly positive development in the industry.
4.5 Cyber Security Strategy
India also needs to develop its own Cyber Security Strategy keeping in view the situation in its
neighborhood. The NCSP essentially speaks of a framework for the protection of information in
cyberspace by eliminating vulnerabilities. Major clauses include greater emphasis on research and
development of indigenous security technology, and their effective testing and deployment. The policy
also calls for enhanced public and private partnership vis-à-vis technical and operational cooperation,
aimed at encouraging organizations to adopt individually tailored IT regulations and infrastructure, in
conformity with international best practices. Development of human resources through training programs
 and other capacity-building measures is another crucial priority. Following steps can be initiated
immediately.
I. Formulate National Cyber Security Strategy.

II. Identify, categorize and prioritize national information systems and critical information infrastructures whether in private or
government sector and make them resilient and secure. Mandatory certification of such infrastructure under ISO 27001:2005
should be undertaken in a time bound manner. We also need to develop our own information security standards and make
them mandatory for critical sectors.
III. Establish National Critical Information Infrastructure Protection Authority.
IV. Appoint an apex level agency to oversee country-wide implementation of the cyber security measures.
V. Allocate sufficient resources and funds for national cyber defence.

VI. Strengthen legal framework with laws similar to US laws like Federal Information Security Management Act, Health
Insurance Portability and Accountability Act, Gramm-Leach-Bliley Act etc.
VII. Carry out nationwide mock cyber security exercises to test cyber preparedness and take corrective steps accordingly.
VIII. Increase cyber surveillance, investigation and detection skills and capabilities of Indian intelligence and police organizations
(Muktesh3, 2003).
IX. Introduce cyber security courses in higher education to build a cadre of information security specialists and cyber warriors to
strengthen our cyber defence mechanism.
X. Strengthen inter-agency and inter-ministerial coordination on cyber security issues.

XI. Increase information security awareness and education of computer users public and all stakeholders. A nation-wide culture
of cyber security needs to be introduced.
XII. Promote use of encryption and digital signatures by departments dealing with sensitive information.
XIII. Promote inter-disciplinary research & development in cyber security.
XIV. Develop indigenous cyber forensics, diagnostics andsecurity tools suitable for Indian conditions.
XV. Secure participation of industry, academia and NGO’s for a coordinated response to cyber threats

XVI. XVI.Collaborate with other countries/regional and international bodies for tackling cyber crime &information security
issues. International and regional treaties need to be signed in this regard.

4.6 Conclusion
So it can be concluded that Cyber security has become an essential component of Information Technology.
In India Standing Committee on Information Technology in its 52 report has dealt with Cyber security
nd

and privacy issues. Moreover, Information Technology Amendment Act focused on Information security
in India. There are number of steps taken by the Government in order to provide cyber security which is
necessary in today’s scanerio. But still there is no proper cyber security available.
Chapter 5
Conclusion & Suggesstions

Commenting on the information technology revolution which has transformed the world into global
community, Walter B Wriston observed, “technology has made a global community in the literal sense of
the term. The advancement of technology has brought about radical changes in the modern society. But
human experience has shown every technological change bring with it some unforeseen problems, taking
advantage of which the law breakers explore new techniques to perpetrate their criminal activities. Internet
has given arise to the menace of cybercrime.
The menace of cyber criminality is not confined to one or two countries but the whole world is facing this
gigantic problem as a ‘technological scorn’. India is no exception to this computer generated menace.
However, as a measure to prevent and control internet crimes, the Parliament enacted the Information
Technology Act, 2000 which came into force on October 17, 2000. The Act categorically defines offences
relating to cyberspace such as tempering with computer source document, hacking with computer system,
breach of confidentiality and privacy etc. It is not that prior to this legislation there was no law to deal with
these offences. The Indian Penal Code, 1860 already contained provisions to prevent and control
cybercrimes but they were not found to be sufficient enough to tackle all varieties of cyberspace crimes.
The obvious reason being that no one knew about computer or internet at the time when the Indian Penal
Code was enacted. Following are suggestion in order to bring reform in cyber laws.
5.1 Net Security be Tightened Up
Computer technology has proved to be a boom to the commercial world. Perhaps, it is the area which has
been most benefitted by the advent of computers. Most of the commercial, industrial and business
transactions are carried on through internet services at the national as well as the international level. The
increasing use of computers in the field of trade and commerce has at the same time opened new vistas for
the perpetration of cybercrimes by the offenders for their personal monetary gain. With the liberalization
and globalization of economy, the business houses now believe that there is a huge and profitable market
for commercially exploiting the networks. With the increased dependence on computer in commercial
field, most of the money transactions are being carried out with the help of computer network making it
possible for the cyber criminals to illegally intercept and commit financial frauds. It is, therefore,
necessary that an adequate security mechanism be developed for safeguarding e-commerce and e-banking
against possible online frauds, forgeries, or misappropriation of money etc.
As regards the legality of financial transactions on the internet, the Securities Exchange Board of India
(SEBI) vide its notification dated January 25, 2000, has provided that trading of securities on internet will
be valid in India but there is no provision to this effect in the Information Technology Act, 2000 which
provides legal validity and prevent security frauds and stock manipulations over the internet. A specific
provision for protection of confidentiality in the net-trading, therefore, needs to be incorporated in the
Information Technology Act, 2000.
5.2 False E-mail Identity Registration be Treated as an Offence
Cyber criminals often furnish fictitious information while registering themselves for an e-mail address
with a website because the e-mail service providers refuse to provide two ID’s to the same person. This
false and misleading information on the internet helps the criminal to suppress his real identity and mislead
the investigating authorities in reaching the real culprit. There being no provision in the Information
Technology Act, 2000 to prevent registration of a person for an e-mail address with a website by providing
false information, a person can establish false e-mail identity with a fictitious IP address and misuse the
same for the perpetration of a cybercrime. This lacuna in the Act has been taken care of by inserting a new
Section 66A in the principal Act by the I.T. (Amendment) Act, 2008 which provides that any false e-mail
identity registration with a website will be an offence punishable up to 2 years of imprisonment. It is
certainly a step forward towards the prevention and control of cybercrimes.
5.3 Liberalization of Law Relating to Search and Seizure
Government’s regulatory mechanism to control widespread cyber criminality needs to be further
intensified. Most importantly, the existing legal regimes should enable the law enforcement agencies to
accomplish their tasks fearlessly without any external pressure. The law enforcement agencies should be
empowered to seek such details from the Service Providers as may be necessary for the investigation of
internet crime without, however, violating any of the fundamental or privacy rights of the parties. The law
relating to search, seizure and arrest as applicable to cyber-offences needs to be liberalized so as to enable
the police or the investigating agencies to apprehend the cyber offenders and initiate criminal proceedings
against them. The telecommunication department should also review its policy towards ISPs and impose
selective restrictions on them while extending internet services by classifying them on the basis of age,
profession or standing as Internet Service Providers.
5.4 Need for a Universal Legal Regulatory Mechanism
Law and criminal justice delivery system have not kept pace with the technological advancements made
around the world during the preceding years, which has provided ample scope for the abuse of internet.
The conventional old laws pertaining to protection of property are no longer valid for protecting the
unauthorized manipulation of information through computer networks. Therefore, there is need for
restructuring of the substantive as well as the procedural law relating to computer generated crimes so that
offenders may be brought to justice. At present, the definition of cybercrime varies from country to
country depending on the incidence of such crimes and the State’s sensitivity to them. In the absence of
any universally accepted definition of cybercrime, investigation of cross-border crime cases is carried on
according to the procedural law of the place where the cybercrime is committed. The problem arising due
to divergence of laws and procedure of different nations may be eliminated to a considerable extent if at
least major cybercrimes are uniformly recognized and incorporated by all the countries in their penal laws.
This would ensure uniformity as regards identification of various actions as cybercrime. Since these crimes
have wide ranging ramifications, the penalties imposable on cyber offenders should be stringent and even
exemplary so that they may desist from indulging in cyberspace criminality.
The question of a nation’s jurisdiction in case of a cybercrime committed outside the country but having
disastrous effect on that country itself, still remains unresolved as there is no general consciousness of
 different nations on this vital issue. The jurisdictional uncertainty regarding crimes committed in
cyberspace has made committing of such crime easier but punishing the perpetrator thereof more difficult.
Therefore, the need of the hour is drafting of a uniform global cyber law with the cooperation of all the
countries of the world. Jurisdictional uncertainty as regards the investigation and trial of cybercrime is
perhaps the most ticklish problem which the law enforcement agencies all over the world are facing. Cyber
criminals may cause irreparable damage to victims from a distant place without the risk of being spotted
out or identified. This enables them to commit crimes beyond national borders without being physically
present at the scene of crime. The cross-country jurisdictional nature of internet and lack of adequate
international cooperation to address the problem of cross-border cyber criminality enables criminals to
escape arrest and prosecution. Therefore, in order to meet the jurisdictional challenges involved in
cybercrimes, it has been suggested that an International Criminal Tribunal with global jurisdiction be set
up with power to investigate, try and punish cybercrime criminals
5.5 Need for Universalization of Cyber Law
It has been generally observed that the perpetrators of cybercrime usually exploit the weaknesses inherent
in the computer which is being used or attacked. Therefore, some special security measures may be
adopted to prevent unauthorized use of the computer systems. It is often alleged that the domestic laws
controlling computer security are mostly directed to safeguard national safety, security and integrity rather
than providing adequate protection to computer users, whether they are individuals or corporate entities.
Therefore, the criminal laws of various countries including cyber law should be universalized so as to
extend adequate protection to citizens, institutions, organizations, government and non-government
agencies and society as a whole against the menace of cybercrime.
5.6 Information Technology (Amendment) Act, 2008 – A Step in the Right Direction
With the march of time and advance of technology, the problem of cybercrime is touching alarming dimensions and
therefore, calls for concerted action to evolve a universal regulatory mechanism for the prevention and control of these
crimes. In the Indian setting, there is need to inculcate information consciousness among the Indian citizens. Though the
Information Technology Act, 2000 as amended in 2008, has reasonably succeeded in providing relief to computer
owners/users by extending the reach of law to almost all the online criminal activities and increasing
awareness among the people, but it is not a foolproof law as yet since it was primarily enacted for the
promotion of e-commerce to meet the needs of globalization and liberalization of economy. The Act still
suffers from certain lacunae as it does not provide adequate security against web-transactions nor does it
contain adequate provisions to prevent securities fraud, stock confidentiality in the internet trading
although the Securities Exchange Board of India (SEBI) has notified that trading of securities on internet is
legally recognized and valid.
5.7 Need for Modernization of Existing Laws and Enactment of New Laws

There is a need for modernizing the penal laws of countries which predate the advent of computers. On the
one hand, the existing laws have to be changed to cope up with computer-related frauds such as hacking,
data theft, software theft, etc. and on the other hand, new legislation is also necessary to ensure data
protection and privacy.
Finally, it may be concluded that in the present computer age of 21st century, internet has influenced every
facet of human life and no one can even think of life without the use of computers. Therefore, in the
present scenario, it is highly desirable that the computer technology should be preserved for the progress
and prosperity of the society rather than being allowed to be misused by the criminal conduits for
perpetration of crimes. At present, there are number of websites in the cyberspace that provide powerful
tools for communicating, storing and processing information. The web service providers should therefore,
exercise due diligence and caution while pasting information in their web page. The ease with which the
data and information flows through the internet across the world may sometime be exploited by the
criminals for the commission of crimes, which may be a serious cause of concern for the law enforcement
agencies at the national as well as the international level.

BIBLIOGRAPHY/ References
BOOKS
1. AF, Westin, Privacy and Freedom, Atheneum, New York , 1967
2. Agarwal, S.C., “Training on Cyber Law, Cyber Crime and Investigation by Police: Need of Awareness and Requirements”,
CBI Bulletin, February, 2001
3. Bakha & U. Rama Mohan, Cyber Law & Crimes, Asia Law House, Hydreabad, 2010.
4. Bakshi, P.M., Handbook of Cyber & E-commerce Laws, Bharat Publishing House, New Delhi, 2002.
5. ChaubeY, R.K., An Introduction to Cyber Crime and Cyber Law, Kamal Law House, Kolkata, 2008.
6. Fatima, Talat, Cybercrimes, Eastern Book Company, Lucknow, 2011.
7. Goel, Harish, Cyber Crime, Rajat Publications, New Delhi, 2007.
8. Lim, Yee Fen, Cyberspace Law Commentaries and Materials, Oxford University Press, New Delhi, 2008
9. Mishra, R C, Cyber Crime Impacts in the New Millennium, Authorspress, New Delhi, 2010.
10. Pandey, Ashish, Cyber Crimes Detention and Prevention, JBA Publishers, New Delhi, 2006
11. Paranjape , Vishwananth, Legal Dimensions of Cyber Crimes and Preventive Laws, Central Law Agency, Allahabd, 2010
12. Singh, Gurjeet & Vicky Sandhu, Emergence of Cyber Crime: A challenge for the New Millennium, (2001 ) 23 DLR 28.
13. Stephenson, Peter, Investigating Computer- Related Crime, CRC Press, Washington, 2000.
14. Vishwanathan , Suresh T., “The Criminal Aspect in Cyber Law”, The Indian Cyber Laws, 2001. Aggarwal, S.K. & Rastogi
Rahul, “Computer and the Intenet”, S.K.Verma (eds.), Legal Dimensions of Cyber Space, Indian Law Institute, New Delhi,
2004
15. Wriston, Walter B., The Twilight of Sovereignty – How the Information Technology Revolution is Transforming Our World,
Charles Scribner's Sons, New York, 2003

Dictionary, Journals & Law Reports

1. Andhra Law Times
2. Black’s Law Dictionary
3. Civil and Military Law Journal
4. Criminal Law Journal
5. Delhi Law Review
6. Economic and Political Weekly
7. Harvard Law Review
8. Marshall Law Rev

9. Law Commission of India - One Hundred Eightieth Report On Article 20(3) Of The Constitution Of India And The Right
To Silence

10. Standing Committee on Information Technology 2013-14, Cyber Crime, Cyber Security and Right To Privacy, 52nd Report,
Fifteenth Lok Sabha Secretariat, New Delhi. 201

Statutes
1. The Information Techonology Act, 2000
2. The Constitution of India, 1950
3. Indian Penal Code, 1860.

Websites
1. www. Infosecuritymag.com
2. http://www.reuters.com
3. www.Privacyrights.org.
4. www.bc.edu
5. www.privacyrights.org
6. www.theguardian.com
7. www.bbc.com
8. www.thehindu.com
9. www.ohchr.org/
10. www.interpol.int
11. http://gcis.ca/internet_security.html
12. http://cybercrime.planetindia.net
13. www.privacyrights.org