RAJIV GANDHI NATIONAL UNIVERSITY OF LAW, PUNJAB

(ESTABLISHED UNDER THE PUNJAB ACT 12 OF 2006)

A Project Study Submitted in Partial Fulfilment of the Requirements for

LL.M. Course

CYBER CRIME: EMERGING AREA IN

CRIMINAL LAW

Supervised by Submitted By

Ms. Gurmanpreet Kaur Bhavana Singla

Asst. Professor of Law, Roll No.15537
Rajiv Gandhi National University
of Law, Punjab, Patiala.

Page | 1
 TABLE OF CONTENTS

CHAPTER-1 ............................................................................................................................. 3

INTRODUCTORY: WHAT IS CYBER CRIME? ............................................................... 3

1.1 Introduction ...................................................................................................................... 3

1.2 What is Cyber Crime? ...................................................................................................... 4

1.3 New Emerging Area of Criminal Law: Cyber Crime ...................................................... 5

CHAPTER-2 ............................................................................................................................. 8

CYBER LAW: INDIAN PERSPECTIVE ............................................................................. 8

2.1 The Genesis of IT legislation in India .............................................................................. 8

2.2 Objectives of I.T. legislation in India ............................................................................... 8

2.3 Offences and Penalties under the Act .............................................................................. 9

2.4 Cases of Cyber Crimes in India ..................................................................................... 15

CHAPTER-3 ........................................................................................................................... 17

CHALLENGES/ CONSTRAINTS TO CYBER LAW IN INDIA .................................... 17

3.1 Jurisdiction Issues .......................................................................................................... 17

3.2 Cyber Pornography ........................................................................................................ 17

3.3 Capability of ITA 2008 of recognizing crimes that we see every day in Cyber Space . 18

3.4 Effectiveness of Cyber Judiciary system ....................................................................... 20

3.5 Are “Intermediaries” and “Corporates” co-operative with the law enforcement? ......... 21

Page | 2
CHAPTER-1

INTRODUCTORY: WHAT IS CYBER CRIME?

“The modern thief can steal more with a computer than with a gun. Tomorrow’s terrorist
may be able to do more damage with a keyboard than with a bomb”.

- National Research Council, ‘Computers at Risk’1

1.1 Introduction

Crime is both a social and economic phenomenon. It is as old as human society. Many
ancient books right from pre-historic days, and mythological stories have spoken about
crimes committed by individuals be it against another individual like ordinary theft and
burglary or against the nation like spying, treason etc. Kautilya’s Arthashastra written around
350 BC, considered to be an authentic administrative treatise in India, discusses the various
crimes, security initiatives to be taken by the rulers, possible crimes in a state etc. and also
advocates punishment for the list of some stipulated offences. Different kinds of punishments
have been prescribed for listed offences and the concept of restoration of loss to the victims
has also been discussed in it.

Crime in any form adversely affects all the members of the society. In developing economies,
cyber crime has increased at rapid strides, due to the rapid diffusion of the Internet and the
digitisation of economic activities. Thanks to the huge penetration of technology in almost all
walks of society right from corporate governance and state administration, up to the lowest
level of petty shop keepers computerizing their billing system, we find computers and other
electronic devices pervading the human life. The penetration is so deep that man cannot
spend a day without computers or a mobile. Snatching some one’s mobile will tantamount to
dumping one in solitary confinement.

Cyber Crime is not defined in Information Technology Act 2000 or in the I.T. Amendment
Act 2008 or in any other legislation in India. In fact, it cannot be too. Offence or crime has
been dealt with elaborately listing various acts and the punishments for each, under the Indian
Penal Code, 1860 and quite a few other legislations too. Hence, to define cyber crime, we can

1
Global Economic Crime Survey- India Report, 2013.

Page | 3
say, it is just a combination of crime and computer. To put it in simple terms ‘any offence or
crime in which a computer is used is a cyber crime’. Interestingly even a petty offence like
stealing or pick-pocket can be brought within the broader purview of cyber crime if the basic
data or aid to such an offence is a computer or an information stored in a computer used (or
misused) by the fraudster. The I.T. Act defines a computer, computer network, data,
information and all other necessary ingredients that form part of a cyber crime. In a cyber
crime, computer or the data is itself the target or the object of offence or a tool in committing
some other offence, providing the necessary inputs for that offence. All such acts of crime
will come under the broader definition of cyber crime.

1.2 What is Cyber Crime?

Cyber crime is a term used to broadly describe criminal activity in which computers or
computer networks are a tool, a target, or a place of criminal activity and include everything
from electronic cracking to denial of service attacks. It is also used to include traditional
crimes in which computers or networks are used to enable the illicit activity2.

Cyber crimes are technology based crimes and the computer or internet itself can be used as a
weapon or means to do such crimes quite freely. They are organized and whitecollar crimes
like cyber frauds, hacking, data theft, phishing, identity theft etc. Cyber crimes are committed
with the help of technology and cyber criminals have deep understanding of technology. In
fact, cyber criminals are technocrats who understand the intricacies of information
technology. Cyber crimes do not consider any boundaries or territorial barriers3.

According to Information Technology Act, 2000 Cyber Crime is “the acts that are punishable
by the Information Technology Act". It is not exhaustive as the Indian Penal Code also
covers many cyber crimes, such as email spoofing and cyber defamation, sending,
threatening emails4.

2
Dr.B.Muthukumaran, Chief Consultant, Gemini Communication Ltd., “Cyber crime scenario in India”,
Criminal Investigation Department Review-January2008
3
“Common Cyber Crimes and Government Laws and Rules in Information Security” Unit 3, Information
Technology Act
4
Kulwant Malik , “Emergence of Cyber Crime in India” , International Referred Research
Journal,July,2011,ISSN-0975-3486, RNI: RAJBIL 2009/30097, VOL-II *ISSUE 22

Page | 4
1.3 New Emerging Area of Criminal Law: Cyber Crime

Cybercrime incorporates anything from downloading illegal music files to stealing millions
of dollars from online bank accounts. Cybercrime also includes non-money offenses, such as
creating viruses on other computers or posting confidential business information on the
Internet.

These internet connected activities are as vulnerable to crime and can lead to victimization as
effectively as common physical crimes. The types of crimes that are currently occurring have
existed long before the Internet was around. By virtue of the tools being used today to
commit cybercrimes, criminals are now more anonymous and provided with a virtual market
of available victims. The responsibility falls on individuals to protect themselves and their
families through safe online practices.

Cyber crime ranks as one of the top four types of economic crime.

 More than half (58%) perceive Information Technology department as a high risk

Page | 5
 department with respect to committing cyber crime.
 96% said that their organisations monitor internal and external electronic traffic and web-
based activity.
 About 80% of Indian respondents reported that cyber crime threat originates within India or
through a combination of in and outside the country.
 About 2/3rd of respondents did not have access to forensic technology tools that are useful
in combating cyber crime.
 35% of respondents did not have any cyber security training in the last 12 months5.

Reasons for cyber crime emerging as one of the top frauds in India:-

 The increased media attention around recent cyber crime cases, leading to a
heightened awareness about this type of fraud . Organisations may have installed
extra controls in place to detect and therefore report more of such economic crime; or
 Due to ambiguity around the definition of cyber crime and what it constitutes; or
 The respondents may have re-classified some of the more traditional economic crimes
as cyber crime because these were committed by using a computer, electronic devices
or the internet; or
 Increased focus from the regulators; or
 Advancements in technology could have made it easier to commit cyber crimes.

What makes cyber crime different?

Cyber Crime offers low risks and high rewards as compared to traditional crimes. For
example, in an externally perpetrated cyber crime, a fraudster infiltrates a banking system,
remotely, to steal money or personal information. The fraudster is at a lesser risk when
compared to someone who physically steals assets from an organisation.

There are fewer risks when committing cyber crime:

 The fraudster is not present at the location, hence the chances of getting caught are
less.
 Difficulties for law enforcement agencies to follow traditional investigative steps to
prosecute the perpetrator owing to the different location and jurisdiction of the
perpetrator.
 The perpetrators can return to the scene of the crime with relatively minimal fear of
detection.

Page | 6
In the present scenario, Criminals have changed their method and have started relying of the
advanced technology, and in order to deal with them the society the legal and law
enforcement authorities, the private corporations and organizations will also have to change.
Further such experts must not only be knowledgeable but must also be provided with
necessary technical hardware and software so that they can efficiently fight the cyber
criminals. Thus necessary facilities must be established in various parts of the country so that
crime in the virtual world can be contained.

Page | 7
CHAPTER-2

CYBER LAW: INDIAN PERSPECTIVE

The primary source of cyber law in India is the Information Technology Act, 2000 (IT Act)
which came into force on 17 October 2000.

2.1 The Genesis of IT legislation in India

Mid 90’s saw an impetus in globalization and computerisation, with more and more nations
computerizing their governance, and e-commerce seeing an enormous growth. Until then,
most of international trade and transactions were done through documents being transmitted
through post and by telex only. Evidences and records, until then, were predominantly paper
evidences and paper records or other forms of hard-copies only. With much of international
trade being done through electronic communication and with email gaining momentum, an
urgent and imminent need was felt for recognizing electronic records ie the data what is
stored in a computer or an external storage attached thereto.

The United Nations Commission on International Trade Law (UNCITRAL) adopted the
Model Law on e-commerce in 1996. The General Assembly of United Nations passed a
resolution in January 1997 inter alia, recommending all States in the UN to give favourable
considerations to the said Model Law, which provides for recognition to electronic records
and according it the same treatment like a paper communication and record.

2.2 Objectives of I.T. legislation in India

It is against this background the Government of India enacted its Information Technology
Act 2000 with the objectives as follows, stated in the preface to the Act itself.

“to provide legal recognition for transactions carried out by means of electronic data
interchange and other means of electronic communication, commonly referred to as
"electronic commerce", which involve the use of alternatives to paper-based methods of
communication and storage of information, to facilitate electronic filing of documents with
the Government agencies and further to amend the Indian Penal Code, the Indian Evidence
Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934
and for matters connected therewith or incidental thereto.”

Page | 8
The Information Technology Act, 2000, was thus passed as the Act No.21 of 2000, got
President assent on 9 June and was made effective from 17 October 2000.

The Act essentially deals with the following issues:

 Legal Recognition of Electronic Documents

 Legal Recognition of Digital Signatures
 Offenses and Contraventions
 Justice Dispensation Systems for cyber crimes

2.3 Offences and Penalties under the Act

The various offences and the punishment provided for them are contained in Chapters IX and
XI of the Act. These offences are briefly stated as follows:—

1. Unauthorized Access (Section 43)

The section lays down that any person who accesses or secures access to a computer,
computer system or computer network without permission of the owner or any person in
charge of such computer, computer system or computer network, shall be liable to pay
damages by way of compensation not exceeding one crore rupees to the person who is so
affected.

The term “access” as defined in Section 2(1)(a) of the I.T. Act, means “gaining entry into,
instructing or communicating with the logical, arithmetical or monetary function resources of
a computer, computer system or computer network.”

The following acts have been construed to fall within the purview of the term ‘access’ as
contemplated by the Act:—

a) Unlawfully switching over a computer;

b) Using a software program installed on a computer;
c) Viewing the contents of a floppy disk illegally;
d) Illegally switching off a computer;
e) Taking a computer print-out illegally;
f) Logging on the Internet; and
g) Pinging a computer.

Page | 9
The offence of unauthorised access is completed when data, data-base or information is
downloaded, copied or extracted illegally from one computer to another. The term
“download” connotes transfer of information from one computer to another.

A new Section 43-A inserted in the principal Act by the amendment Act of 2008 provides for
compensation (to the person affected) for failure to protect personal data or information in a
computer resource. The section thus seeks to provide security to personal data and
information against unauthorised assess.

2. Failure to furnish information, return etc. (Section 44)

Where a person is required under this Act or any rules made there under to furnish any
document, return or report to the Controller or Certifying Authority, fails to furnish the same,
he shall be liable to pay penalty not exceeding 1.5 lakh rupees for each failure and in case of
default, a penalty of 5,000/- rupees for everyday during which such failure or default
continues.

Section 45 of the Act provides for penalty for contravention of any rules made under the Act
for which no penalty is specially provided in the Act. Thus, this section relates to residuary
penalty and applies to certain sections of tine Act.

Section 46 of the Act provides for adjudication of penalties to be imposed on the contravener
after giving him reasonable opportunity of making representation in his case. The
Adjudication officer shall have power to adjudicate matters in which the claim for injury or
damage does not exceed five crore rupees. However, where the claim or damage exceeds this
limit the jurisdiction to adjudicate shall vest in the competent court.

3. Tampering with computer source documents (Section 65)

Tampering with the computer source documents is made punishable under Section 65 of the
I.T. Act. The offences in respect of computer source documents (codes) are to be kept or
maintained by law include knowingly or intentionally (i) concealing; (ii) destroying; (iii)
altering; (iv) causing another to conceal; (v) causing another to destroy; (vi) causing another
to alter the computer source code. In simpler words, for the purpose of Section 65, tampering
means to conceal (hide or keep secret), destroy (demolish or reduce to nothing) or alter
(change in characteristic or position) the computer source document.

Page | 10
4. Hacking (Section 66)

The essential ingredients of the hacking are intention to cause wrongful loss or damage to any
person by unlawful means or having knowledge that information residing in a computer
resource document if concealed, destroyed or altered would cause damage to any person.
This offence is punishable under this section with imprisonment which may extend to three
years or with fine, which may extend to two lakh rupees or with both.

5. Publishing of information which is obscene in electronic form (Section 67)

Pornography on the internet is punishable under section 67 of the I.T. Act. The term
‘publishing’ for the purpose of this section means, “To make generally known, formally
promulgate or issue copies for sale to public.” This disseminating of pornographic material
on the website is an offence punishable with imprisonment upto three years or with fine
which may extend to two lakh rupees, or with both.

6. Failure to comply with directions of Controller (Section 68)

Section 68 authorises the Controller or Certifying Authority to intercept any information

transmitted through any computer resource whenever it is expedient to do so. Failure to
comply with such order shall render a person liable to imprisonment for a term upto three
years or fine upto two lakh rupees, or with both. However, the order passed by the Controller
or Certifying Authority should be made if it is necessary to ensure compliance of any of the
provisions of the I.T. Act or the rules made there under.

7. Power to issue directions of interceptions or monitoring or decryption of any

information through any computer resource. (Section 69)

The Controller or Certifying Authority or any employee of such Authority is authorised to

intercept any information transmitted through any computer resource when it is expedient to
do so in the interest of the sovereignty or integrity of India, the security of the state, friendly
relations with foreign states or public order or for preventing incitement to commission of
any cognizable offence.

The new Section 69-A inserted in the principal Act by the Amendment Act of 2008 further
empowers the Central Government to issue directions for blocking for public access of any
information through any computer resource, in the interest of sovereignty and integrity of

Page | 11
India. The reasons for doing so, should, however, he recorded in writing. The intermediary
who fails to comply with the direction issued by the Government under this Section, shall be
punished with imprisonment for a term which may extend to seven years, and shall also be
liable to fine.

Section 69-B as inserted by the I.T. (Amendment) Act of 2008 further empowers the
Government to authorise monitoring and collection of traffic data or information through any
computer resource for cyber security purposes. The punishment for contravention of this
provision by the intermediary shall be imprisonment which may extend to three years and
also fine.

The information referred to in this section would apply to e-mail messages, pass-word
protected files, encrypted information etc.

8. Accessing Protected System (Section 70)

The special provisions contained in Section 70 relate to protected systems. The section
provides that the appropriate Government may, by notification in the Official Gazette, declare
any computer, computer system or computer network to be a ‘protected system’.

Any person who secures access or attempts to secure access to a protected system in
contravention of the provisions of this section shall be liable to punishment with
imprisonment of either description which may extend to ten years and shall also be liable to
fine.

Two new sections, namely, Secs. 70-A and 70-B have been inserted in the principal Act by
the IT. (Amendment) Act, 2008 which provide for appointment of a National Nodal Agency
which will be responsible for all measures including Research and Development relating to
protection of Central Information Infrastructure. Any organisation of the Govt, may be
designated as the National Nodal Agency for this purpose. The National Nodal Agency so
appointed, shall be called the Indian Computer Emergency Response Team (Section 70-B).

9. Misrepresentation (Section 71)

Any misrepresentation while applying for a digital signature certification to the Controller or
Certifying Authority has been made an offence under section 71 of the Act. Both,
misrepresentation of any material fact and/or suppressing any material fact from the

Page | 12
Controller or Certifying Authority for obtaining licence or digital signature certificate shall
constitute an offence.

A person while applying for a licence has to fill in the form as required by Rule 10 of the I.T.
(Certifying Authorities) Rules, 2000 giving full details about himself. In case of applying for
a digital signature certificate, a person is required to fill in the form prescribed by Rule 23
with complete information about himself.

If any of the above information/details are misrepresented or suppressed, then the person
guilty of such misrepresentation shall be punished with imprisonment for a term which may
extend to two years, or with fine which may extend to one lakh rupees or with both.

10. Penalty for breach of confidentiality or privacy (Section 72)

Any person who wrongfully secures access to any electronic record, book, register,
correspondence, information, document or other material in contravention of any provisions
of the I.T. Act or rule framed there under shall be punished with imprisonment which may
extend to two years or with fine upto one lakh rupees, or with both. However, this provision
would not apply to disclosure of personal information of a person by a website by his/her e-
mail service provider.

A new Section 72-A has been inserted by the Information Technology (Amendment) Act,
2008 providing punishment for disclosure of information in breach of lawful contract and
securing access to any material containing personal information with intent to cause wrongful
loss to a person or wrongful gain by the disclosure. The offence shall be punishable with
imprisonment for a term which may extend to three years, or with fine which may extend to
five lakh, or with both.

11. Publishing Digital Signature Certificate false in certain particulars (Section 73)

Publishing digital signature certificate false in certain particulars is a cyber offence

punishable under section 73 of the Act. The punishment may extend to imprisonment upto
two years, or with fine which may extend to one lakh rupees, or with both.

It may be stated that provisions relating to acceptance of the Digital Signature Certificate by
the subscriber are contained in Section 41 of the I.T. Act whereas the provisions relating to
suspension of digital signature certificate are enshrined in Section 37 of the Act.

Page | 13
The I.T. Act prohibits making available a Digital Signature Certificate with the knowledge
that—

a) The Certifying Authority listed in the certificate has not issued it; or
b) The subscriber listed in the certificate has not accepted it; or
c) The certificate has been revoked or suspended.

12. Publishing Digital Signature Certificate for fraudulent purposes (Section 74)

This section provides that whoever knowingly creates, publishes or otherwise makes
available a Digital Signature Certificate for any fraudulent or unlawful purpose or knowingly
publishes or makes it available for any such purpose, commits an offence under the I.T. Act
and the offender may be punished with imprisonment for a term which may extend to two
years, or with fine which may extend to one lakh rupees, or with both.

13. Compounding of Offences (Section 77-A)

The new section inserted in the principal Act by the I.T. (Amendment) Act, 2008, provides
for compounding of offences under the Act by the court of competent jurisdiction provided
they are not punishable with imprisonment for life or imprisonment for a term exceeding
three years. However, the court shall not compound any offence where the accused by reason
of his previous conviction is liable to enhanced punishment or the accused is charged for any
socio-economic offence or the offence has been committed against a child below 18 years of
age or a woman.

14. Offences with three years punishment to be bailable (Section 77-B)

The new section added in the principal Act by the Amendment Act of 2008 provides that the
offences punishable under the Act upto three years imprisonment shall be cognizable and
bailable notwithstanding anything contained in the Code of Criminal Procedure 1973.

Initially, the power to investigate offence under the Act was vested in a police office not
below the rank of Deputy Superintendent of Police vide Section 78 of the Act, but this
section has been amended by the I.T. (Amendment) Act, 2008 and now this power vests in
the Inspector of Police.

Page | 14
2.4 Cases of Cyber Crimes in India

1) Pune Citibank Mphasis call center fraud

It is a case of sourcing engineering. US $ 3, 50,000 from City bank accounts of four US

customers were dishonestly transferred to bogus accounts in Pune, through internet. Some
employees of a call centre gained the confidence of the US customers and obtained their PIN
numbers under the guise of helping the customers out of difficult situations. Later they used
these numbers to commit fraud. Highest security prevails in the call centers in India as they
know that they will lose their business. The call center employees are checked when they go
in and out so they cannot copy down numbers and therefore they could not have noted these
down. They must have remembered these numbers, gone out immediately to a cyber café and
accessed the Citibank accounts of the customers. All accounts were opened in Pune and the
customers complained that the money from their accounts was transferred to Pune accounts
and that’s how the criminals were traced. Police has been able to prove the honesty of the call
center and has frozen the accounts where the money was transferred.

2) Parliament attack case

Bureau of Police Research and Development at Hyderabad had handled some of the top cyber
cases, including analyzing and retrieving information from the laptop recovered from
terrorist, who attacked Parliament. The laptop which was seized from the two terrorists, who
were gunned down when Parliament was under siege on December 13 2001, was sent to
Computer Forensics Division of BPRD.

The laptop contained several evidences that confirmed of the two terrorists’ motives, namely
the sticker of the Ministry of Home that they had made on the laptop and pasted on their
ambassador car to gain entry into Parliament House and the fake ID card that one of the two
terrorists was carrying with a Government of India emblem and seal. The emblems (of the
three lions) were carefully scanned and the seal was also crafty made along with residential
address of Jammu and Kashmir. But careful detection proved that it was all forged and made
on the laptop.

3) Andhra Pradesh tax case

The owner of a plastics firm in Andhra Pradesh was arrested and Rs. 22 crore cash was
recovered from his house by the Vigilance Department. They sought an explanation from him

Page | 15
regarding the unaccounted cash. The accused person submitted 6,000 vouchers to prove the
legitimacy of trade, but after careful scrutiny of vouchers and contents of his computers it
revealed that all of them were made after the raids were conducted. It was revealed that the
accused was running five businesses under the guise of one company and used fake and
computerized vouchers to show sales records and save tax. Thus the dubious tactics of the
prominent businessman from Andhra Pradesh was exposed after officials of the department
got hold of computers used by the accused person.

4) The bank NSP case

The Bank NSP case is the one where a management trainee of the bank was engaged to be
married. The couple exchanged many emails using the company computers. After some time
the two broke up and the girl created fraudulent email ids such as “Indian bar associations”
and sent emails to the boy’s foreign clients. She used the banks computer to do this. The
boy’s company lost a large number of clients and took the bank to court. The bank was held
liable for the emails sent using the bank’s system.

Page | 16
CHAPTER-3

CHALLENGES/ CONSTRAINTS TO CYBER LAW IN INDIA

3.1 Jurisdiction Issues

Jurisdiction is one of the debatable issues in the case of cyber crime due to the very universal
nature of the cyber crime. With the ever-growing arm of the cyber space the territorial
concept seems to vanish. New Methods dispute resolution should give way to the
conventional methods. Thus, the Information Technology Act, 2000 is silent on these issues.

Though S. 75 provides for extra-territorial operations of this law, but they could be
meaningful only when backed with provisions recognizing orders and warrants for
Information issued by competent authorities outside their jurisdiction and measure for
cooperation‘s for exchange of material and evidence of computers crimes between law
enforcement agencies.

3.2 Cyber Pornography

Cyber pornography refers to stimulating sexual or other erotic activity over the internet. It
would include pornographic websites; pornographic magazines produced using computers (to
publish and print the material) and the Internet (to download and transmit pornographic
pictures, photos, writing, etc.)

Information technology made it much easier to create and distribute pornographic materials
through the Internet, as it can be transmitted in any part of the world within a few seconds.

The pornographic industry is larger than the revenues of the top technology companies
combined: Microsoft, Google, Amazon, Yahoo!, e-bay, and the likes.

The growth of technology has flip side to it causing multiple problems in everyday life.
Internet has provided a medium for the facilitation of crimes like pornography. As a result
50% of the websites exhibit pornographic material on the internet and thus, considered to be,
one of the largest businesses on the Internet today. The increasing numbers of pornographic
websites that flourish on the Internet are evidence to it.

Page | 17
Owing to the fast reproduce on new storage media like Hard-disk, CD-ROMS, Pen- Drives,
etc. it proves as a fast means of its distribution.

Reasons for Rise in Cyber Pornography

a) Firstly, the technological development has reached to such an extent that life without
such communication devices is not possible. This led to fast and easy access to these
technologies, making it more and more effortless as compared to the traditional form.
With this, one can access the pornographic material online. One can view this content
at free of cost in the privacy of their own home.
b) One finds it difficult to purchase this type of content in the printed form, especially
the youngsters and children‘s. There was a fear among them which comes with
purchasing pornographic materials or embarrassment of being caught or with it. Such
hurdles have now been removed as it is available in a matters of seconds and without
any fear of being caught.

3.3 Capability of ITA 2008 of recognizing crimes that we see every day in Cyber
Space

Cyber Crime is an evolving field. As and when technology moves new types of misuse
surface. It is not possible for law to exactly identify different types of crimes and suggest
remedies. Hence Cyber Law has to describe offences only in general terms. This means that
“incidents” need to be “interpreted” and mapped to different offences mentioned in the Act.

Description of offences in ITA 2000 was more generic than in ITA 2008. Under ITA 2008
(Sec 66), “Diminishing the value or utility of information residing inside a computer by any
means” was recognized as an offence. This was broad enough to fit any offence involving
electronic information. To the extent this description remains a part of ITA 2008, except for
the addition of the words “dishonestly” and “fraudulently”, it is possible to interpret most
offences using an electronic document under ITA 2008.

However, in ITA 2008, there is an attempt to add many sections to cover offences which can
be covered under the above generic definition. As a result there is an overlap of some
sections.

Introduction of Sec 66A (Covering offences using e-mails), Section 66F (Providing life
imprisonment for Cyber Terrorism), Section 67B (providing a more stringent provision

Page | 18
for Child Pornography), Section 66B (retention of stolen computer devices) have added
additional dimension to the description of crimes. Sections 67,67A along with Section 66E
provide protection against obscenity. Section 43A and Section 72A have provided teeth to
“Data Protection”. Section 43 is now integrated with Sec 66 and covers any offence where
there has been an “Unauthorized Access” of a computer system resulting in wrongful harm.
Sec 67C is a powerful section that increases the responsibilities of companies and
intermediaries and also adds special strength to Section 65 which was already in existence.

Sections 69,69A and 69B supported by Sec 70Bprovide enormous powers to Government
agencies to enforce information security in the Cyber Space including households and private
corporate sector. Sec 70 continues to provide powers to control information security in the
Government systems.

Sections 71, 73 and 74 provide protection to the Digital Signature system. 66C and 66 D
supplement the controls against misuse of identity in the form of password theft or otherwise.

There is an attempt to clarify on punishment for “Attempt to commit and offence” and
“Assistance” as well as cognizability and compoundability.

Overall therefore the provisions of ITA 2008 regarding defining of Cyber Crimes are
reasonably covered.

One omission is in the area of Cyber Squatting and domain name related disputes where there
may be a need for creative interpretation of some of the existing provisions to bring offences
under ITA 2008.

Making offences with not more than 3 year imprisonment as “Bailable” has been considered
as one of the weaknesses in ITA 2008. However this can also be considered as a measure of
protecting innocent victims from being harassed.

If this provision can be misused by offenders to manipulate evidences, it would be necessary

for the Police to ensure that evidences are secured quickly. Judiciary should also be
responsive in certain cases to sanction “E Discovery” so that evidence is secured before they
are erased.

Cyber Forensic capability being available within reach of Police at short notice therefore
becomes a necessity in the emerging days.

Page | 19
3.4 Effectiveness of Cyber Judiciary system

Cyber Judiciary system envisaged under ITA 2000/8 essentially wanted that civil disputes are
resolved without the enormous delays that exist in the country’s civil judiciary system. Hence
though the powers of Civil Court were conferred on the Adjudicators and the Cyber
Appellate Tribunal (CAT), these institutions were freed from being constrained by Civil
Procedure Code and asked to follow the principles of natural justice.

Adjudication was structured as more of an “Enquiry” so that the complaint was not required
to provide evidences and witnesses and proof as may be necessary in a normal Civil Court.
The role of the complainant was only to report the incident and the Adjudicator was more
responsible to gather evidences through an enquiry and investigation through Police.

Further the complainants were allowed to be represented by subject experts so that

“Resolution” was the focus of the judicial bodies and not “procedures”. Also a time limit of 4
to 6 months was suggested for both the Adjudicator and the CAT to complete the process
before the matter could reach the conventional judiciary at the High Courts as an appeal
against the CAT.

ITA 2008 also ensured that CAT can be a multi member body, can sit anywhere in India and
also provided for setting up of multiple CATs in the country.

The system of Adjudication and CAT as envisaged in ITA 2000/8 is therefore highly
commendable and is an important instrument of making Cyber Law regime in the Country
successful.

The difficulties that are encountered in the Cyber Judiciary can be summarized as follows.

a) Adjudicators who are IT Secretaries are hesitant to take up additional responsibilities

associated with Adjudication. Hence complainants are turned off (subject to exceptions in
some States like Tamil Nadu) just like the Police Stations refuse to register Cyber Crime
complaints.
b) Advocates familiar with the CPC are unable to accept the summary proceedings and the
“Enquiry” nature of the proceedings at the Adjudication and find it difficult to adjust to the
system. Gaining adjournments on flimsy grounds and taking unreasonable time for filing
replies and counters every time is a strategy adopted by some counsels to delay matters. Since
these are common in Civil Courts, there is a danger of the Cyber Judiciary system also going

Page | 20
the Civil Judiciary way (as regards time required for completion of proceedings) unless the
tendency is nipped in the bud.

c) Most of the participants are so tuned to CPC that they are unable to avoid being bogged
down by procedures which may consist of application being made in a certain number of
copies, in a certain format, with Court fee stamping been affixed, with legal paper being used
etc. and miss the essence of the “Principle of Natural Justice”. The casualty in this process is
the “Time Limit” for completion of the adjudication or hearing of the Appeal in CAT.

d) Coupled with the time delays is the issue of change of guard of either the Adjudicator or
the CAT chief. By the time the incumbent comes to get a hang of Cyber Crimes and nuances
of Cyber Crime judiciary, their term may come to an end and the learning curve starts again.

e) Most of the Cyber Judicial offices are yet to use Virtual conference tools as provided in
ITA 2000 and accompanying rules so as to reduce the cost of litigation and also to reduce
delays.

f) Substantial work is therefore required to ensure that Cyber Judiciary system lives up to the
great expectations raised by ITA 2000/8.

3.5 Are “Intermediaries” and “Corporates” co-operative with the law enforcement?

Intermediaries and Corporates always look at law enforcement as an intrusion to their work
and hence will try to avoid working with them even when the corporate interest itself is
involved. Most of the time Crimes committed within the corporate network is not reported
and when identified, the perpetrator is only eased out of the job and not handed over to the
law enforcement even when it is necessary in the interest of the society. Intermediaries in
particular are store houses of investigative information and they are a big stumbling block in
bringing cyber criminals to book.

ITA 2000/8 therefore makes corporates and intermediaries liable for civil and criminal
penalties when their resources are used in the commission of a crime.

Though there is an element of opposition to the concept of “Due Diligence” amongst the
corporate sector, this is the only way that cybercrimes can be reduced. Hence major IT
service providers such as Internet and Mobile Companies, Banking and Share broking
companies, E Commerce companies etc. need to implement information security from the

Page | 21
perspective of preventing its users being saddled with liabilities.

There is a need therefore to make every intermediary undergo periodical ITA 2008
compliance audit and take reasonable precautions to prevent occurrence of Cyber Crimes
within their domain.

This requires a change of heart in the commercially minded business entities to set aside
some investment for information security and consumer education.

There has only been few cybercrime convictions in the whole country, which can be counted
on fingers which has helped making India a heaven for Cyber criminals. Challenges are more
and they will be increasing with time. Our law enforcement agency needs to be more aware
about the basics of Cyber Crime and they need to be oriented about the Cyber Laws in India.
The judges also need to be aware about the cyber crimes as well as the conviction need to be
faster.

There is an urgent need to effectively implement cyber law and the reasons why it is
extremely difficult for conventional law to cope with cyberspace are:

1. Cyberspace is an intangible dimension that is impossible to govern and regulate using

conventional law.
2. Cyberspace has complete disrespect for jurisdictional boundaries. A person in India
could break into a bank’s electronic vault hosted on a computer in USA and transfer
millions of Rupees to another bank in Switzerland, all within minutes. All he would
need is a laptop computer and a cell phone.
3. Cyberspace handles gigantic traffic volumes every second. Billions of emails are
crisscrossing the globe even as we read this, millions of websites are being accessed
every minute and billions of dollars are electronically transferred around the world by
banks every day.
4. Cyberspace is absolutely open to participation by all. A ten-year-old in Bhutan can
have a live chat session with an eight year-old in Bali without any regard for the
distance or the anonymity between them.
5. Cyberspace offers enormous potential for anonymity to its members. Readily
available encryption software tools that seamlessly hide information within image and
sound files ensure the confidentiality of information exchanged between cyber-
citizens.

Page | 22
6. Cyberspace offers never-seen-before economic efficiency. Billions of dollars worth of
software can be traded over the Internet without the need for any government licenses,
shipping and handling charges and without paying any customs duty.

Page | 23