Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
There’s no denying India’s need of laws for checking the highly recurrent cyber offences
owing to its arrival in the cyber era, particularly due to UIDAI’s Aadhaar. What I argue,
however, is that the penal provisions under the Information Technology Act, 2000
[hereinafter “IT Act”] are slightly inadequate for this purpose. Although I support the advent
of a new legislation in this regard, I feel the IT Act provisions alone, if worded correctly and
implemented well, would go on to do the needful. This project report is confined to the
Aadhaar database as a computer database that is restricted for reasons of the Security of the
State.
“Crime is crime because it consists in wrongdoing which directly and in serious degree
threatens the security or well-being of society, and because it is not safe to leave it redressible
only by compensation of the party injured.”1 By a reading of these lines, one could
understand the degree of an act that constitutes crime. So to say, wrongdoing which threatens
the society and the fact that it is unjust to settle it only by compensation are the two reasons
for calling an act a crime. However, there is something as essential as the act which this
The essence of criminal law has been said to lie in the maxim – “actus non facit reum nisi
mens sit rea”.2 There can be no crime, large or small, without an evil mind3 as the essence of
the crime is its wrongful intent without which it cannot exist.4 There may or may not be an
1
CK Allen, The Nature of Crime, JOURNAL OF SOCIETY OF COMPARATIVE LEGISLATION, 1931 (221, 233).
2
Eugene J. Chesney, The Concept of Mens Rea in the Criminal Law, 29 J. CRIM. L. & CRIMINOLOGY, (1939)
(627, 629).
3
Francis Bowes Sayre, Mens Rea, 45 HARVARD LAW REVIEW, 1932 (974, 974).
4
BISHOP, Criminal Law, 287 (9th ed., 1930).
intent to engage in any criminal activity.5 To punish conduct without reference to actor’s state
Subba Rao J. has raised a very beautiful question in a case which requires a lot of
brainstorming:7 Whether the intention of the Legislature is to punish persons who break the
Firstly, what exactly constitutes a guilty mind? The meaning of a “guilty mind” is different
for different offences.8 Each crime consists of a prohibited act or omission coupled with
whatever state of mind is called for by the statute which creates the offence.9 Indian Penal
Code, 1860 provides for various ingredients relating to mens rea incorporated in phrases like
‘intentionally’, ‘knowingly’, ‘dishonestly’ etc.10 Such phrases have, of course, been provided
for in the IT Act too. However, no requisite intention has been provided for the provision of
Section 70 (3)11 which penalises simple access to a protected system: Any person who secures
of this section shall be punished with imprisonment of either description for a term which
Secondly, this question brings us to another question which seems quite futile at first, but
worth pondering once we reconsider it: Can the intention of the legislature be to acquit a
person even when he has committed the act with the intention “required” by the statutory
provisions? This question would be answered in the affirmative only in two situations: firstly,
when the legal provision is not worded according to the legislature’s intention and secondly,
5
Laura Evenson & Michelle Quinn, Outlaws on the Cyberpraire, S. F CHRON, 02/04/95.
6
Herbert L. Packer, Mens Rea and the Supreme Court, 1962 THE SUPREME COURT REVIEW, 1962, (107, 109).
7
State of Maharashtra v. Mayer Hans George, AIR 1965 SC 722.
8
KD GAUR, Commentary on the Indian Penal Code, 132 (2006 ed., 2006).
9
SMITH AND HOGAN, Criminal Law, 116 (14th ed., 2015).
10
K.N.C. PILLAI, General Principles of Criminal Law, 8 (2nd ed., 2011).
11
Section 70 (3), Information Technology Act, 2000.
12
Id.
when the implementation of the provision is not in accordance with the legislature’s
intention.
Both these situations are of great relevance when we talk about the provision of S. 66F of the
IT Act. The provision defines the scope of cyber terrorism under 2 alternative parts: 66F (1)
A and 66F (1) B. The problem arises due to the latter which penalises anyone who
authorisation or exceeding authorised access, and by means of such conduct obtains access
to information, data or computer database that is restricted for reasons of the security of the
State or foreign relations; or any restricted information, data or computer database, with
reasons to believe that such information, data or computer database so obtained may be used
to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the
security of the State, friendly relations with foreign States, public order, decency or morality,
advantage of any foreign nation, group of individuals or otherwise”,13 for the commission of
A provision which defines an offence as serious as cyber terrorism shall not be as broad as
the above provision. The problem that underlies this provision is the mens rea prescribed by
it. Firstly, “knowingly” accessing a computer without authorization becomes a cause of great
problem once we consider the fact that an unsafe system like Aadhaar is also “restricted for
reasons of security of the state”. Secondly, it brings within its ambit anyone who
or defamation. (This project report is confined to the first point only) Now, let us consider
13
Section 66F (1) B, Information Technology Act, 2000.
A RELEVANT OBSERVATION
UIDAI’s inefficient management of Aadhaar has not been unknown to the world.14 An
identification project that involves the collection of the biometric and demographic
information of 1.3 billion15 people, creating the largest biometric identity project in the world,
must be scrutinized carefully to assess its compliance with human rights.16 The UIDAI has
not only declared Aadhaar a “protected system”17 under Section 70 (1),18 but also the
biometric information amounts to “sensitive personal data” under Section 43A19. The latter
provision imposes a duty of care on the government to protect such information from being
Basically, Aadhaar is a protected system for namesake and the government is not using
reasonable practices to fulfil its duty under Section 43A Say, in such a scenario, someone has
shared a link on whatsapp wherein all the details of 1.3 billion Indian citizens are accessible,
Technically, from a legal point of view, everyone who opens such link would fall within the
purview of Sections 66F and 70(3) of the IT Act. However, the government, who has never
provided clarity as to the security framework that is in place for the “sensitive personal data”,
would evade the liability under Section 43A because it only expects the government to
Now, let us get back to the debate over mens rea. In such a scenario, was the intention of the
legislature to punish the public who have accessed the link shared on whatsapp for offences
14
Aadhaar: 'Leak' in world's biggest database worries Indians, BBC NEWS, 05/01/18,
https://www.bbc.com/news/world-asia-india-42575443
15
Krishnadas Rajagopal, ‘Aadhaar in numbers: key figures from UIDAI CEO's presentation to the Supreme
Court’, THE HINDU, 22/03/18.
16
K.S. Puttuswamy v. Union of India, 2018 SCC OnLine SC 1642.
17
G.S.R. 993(E), Ministry of Electronics and Information Technology, 11 December, 2015.
18
Section 70 (1), Information Technology Act, 2000.
19
Section 43A, Information Technology Act, 2000.
as grave as cyber terrorism and that under Section 70? Perhaps it was not. However, these
people have knowingly accessed the information protected for the reasons of security of state
and hence, they are criminals under Section 66F. Further, mere access to a protected system
is punishable under Section 70, hence these people fall within the same.
become criminally liable, the person should be able to form the requisite criminal intent in
committing the crime.21 In fact even, a hacker who penetrates a computer just to know about
the actual working of the computer system does not intend to engage into any criminal
activity.22 Someone who tries to point out the fallacy in Aadhaar system in order to inform
the public about such a relevant problem does not engage in criminal activity by simply
accessing the system. Such ethical hackers, who do not have a criminal intent, should be
differentiated from serious computer criminals.23 Mere knowledge of harm that will be
caused without any criminal action does not make the accused liable if his act is done to
Apart from the mens rea aspect, the principle of proportionality should be considered too:
conduct.25 The state which has breached such a huge duty is liable for a civil wrong 26 under
Section 43A, which in any case it escapes. Whereas, the citizens, who have, by chance, fell
into the trap of words of the statute, are charged for grave crimes which are punishable by
imprisonment which might extend up to 10 years27 or even lifetime28. This is gross injustice
20
PROF. RK CHAUBEY, An Introduction to Cyber Crime and Cyber Law, 372 (2nd ed., 2012).
21
R v. Bedworth, Southwark Crown Court, 21st May, 1993.
22
Abhinav Gupta v. State of Haryana, 2008 Cr LJ 4536.
23
R v. Gold, (1988) 1 AC 1063.
24
RATANLAL AND DHIRAJLAL, Indian Penal Code, 138 (35th ed., 2017).
25
Andrew von Hirsch, Proportionality in the Philosophy of Punishment, 16 CRIME AND JUSTICE, 1992 (55, 56).
26
APARNA VISHWANATHAN, Cyber Law, 97, (1st ed., 2012).
27
Section 70, Information Technology Act, 2000.
28
Section 66F, Information Technology Act, 2000.
once we consider the principle of crimes being proportional to the punishment that should be
given for them. This, like mens rea¸ is one of the most fundamental principles of criminal law
which should always be one of the most important considerations while framing of penal
statutes.
CONCLUSION
This project report has shown us how the wording of the IT Act and the current situation due
to UIDAI’s Aadhaar can lead to problems and what has been going wrong in this regard.
Considering the aforementioned, one could sense the need for further amendment in the IT
Act so as to incorporate some much needed changes pertaining to the above issues.
A useful suggestion for improving the state of affairs would be to incorporate other degrees
of mens rea in criminal provisions like Section 66F and Section 70 of the IT Act. For
instance, Section 66 which is a criminal provision too: Acts, falling under S. 43 of the IT Act,
when done “fraudulently or dishonestly”, assume a criminal nature and amount to computer
related offences.
Dishonest - An intention to gain wrongfully29 by getting what one does not have30 amounts to
Fraudulent - An act is done fraudulently when done with an intention to defraud 32. Where
29
Indian Penal Code, §24
30
Section 5 (3), The Fraud Act, 2006.
31
KN Mehra v State of Rajasthan, AIR 1957 SC 369.
32
Indian Penal Code, § 25
33
Haycraft v. Creasy, (1801) 2 East 92.
34
In re B.V. Padmanabha Rao, 1970 Cr LJ 1502 (Mysore).
35
Vimla v. Delhi Administration, AIR 1963 SC 1572.
Changing the requisite intention for the concerned provisions would restrict their ambit and
would ensure that the instances like the “observation” do not fall within it, hence, solving the
problem to an extent. And in case of Section 43A, the standards need to be clearer. “Ensuring
reasonable security practices” is something that allows someone like the government to
Such problems need judicial so as to provide proper interpretation to the provisions of the Act
or legislative assistance to word the provisions in a better manner. While I agree that the Act
is a relatively new law and is still undergoing changes, these are some serious issues which
need attention.