“Introduction to cyber law in India; why the ambit of

cyberlaw needs to be expanded, new laws promulgated to

keep pace with technology”

Advocate Paramvir Singh Narang

PREMIER LEGALIS- ‘The best legal minds’

lawandhumanrights@icloud.com

9560055879

Introduction

We all can surely agree upon a simple fact that Technology has today impacted each and every aspect
of our lives and the field of Law in no exception to this universal aspect. Most business transactions are
being conducted with the aid of computer systems directly or dependent upon applications running on
servers powered by Internet.The power of Internet is probably one of the greatest innovations of man
till date, it has truly been a positively disruptive force which has forced mankind to change the way
they conduct business and communicate with each other. The astonishingly rapid growth of Internet,
which initially started of in early 1970s as a project of U.S. Defense Department's Advanced Research
Projects Agency Network (ARPANET) has raised multifaceted legal dilemas and scenerios. Since
technology is an fast evolving and changes dramatically every three years, most countries throughout
the world are resorting to different approaches towards controlling, regulating and facilitating
electronic communication and commerce.

Not only businesses, but individuals are also increasingly using Technology to create, transmit, store
information in electronic form and the use of paper based documents is gradually declining.The use of
computer systems for sharing and storing information is advantageous due to the ease of use and
storage, less costs and speed of transmitting information almost instantaneously. The biggest
revolutionary change has been the advent of e-commerce which has replaced the traditional way of
doing business, since e-commerce eliminates the need for paper based transactions, there is a need to
legal changes to facilitate this growth of e-commerce. In this context the United Nations Commission
on International Trade Law adopted The Model law on Electronic Commerce in 1996 and India being a
signatory to this Model law has to make necessary amendments into its current legal framework by
bringing in suitable amendments in existing laws. This paper is about importance of Cyber Law
legislation and why amendments are required to keep pace with the ever changing landscape of
Technology which is now an integral part of our lives.
Cyber Law is quinessential for the progress of India as a leading developing nation in todays era, but
these Cyber Laws need to be adoptive, evolving and comprehensive to cover all aspects of a highly
digitalized world. Therefore Cyber Law in its current state is only in its infancy and has a long way to
go and will need support of many subsequent legislations to cover this ever-expanding, evolving and
complex cyberspace.This paper analyses the shortcomings of the existing laws in india vis-a-vis Cyber
laws and discusses various amendments that will bring the law upto-date and on par with the
developments in the field of Technology

II. What is Cyber Law ?

Once we start browsing the net also referred to as cyber space we become netizens i.e citizens of the
net and have to conform to rules, regulations, norms and ethics of cyber space which are collectively
referred to as cyber laws.These laws are necessary in maintaining order and conformity to laws of the
land and they encapsulate legal issues related with use of net and cover a vast domain of issues.Cyber
Law is also referred to as paperless laws for a paperless world. Importance of cyber laws can be gauged
from the fact that computers, Internet, handheld devices/smartphones and other Information
Technologies have transformed an earlier paper based means of communication into e-communications
i.e communications based on a platform of inter-connected computer systems across the globe powered
by complex technologies such as TCP/IP which is one of the basic building block of Internet.This spurt
and growth of computer systems is also referred to as Information Technology revolution, a fine
example of this is in the field of Banking which is to a large extend done today by online banking or e-
banking and ATMs which are all dependent upon computer systems and internet.

But there is a flip side to this extravagant and widespread use of technology, it has increased the
surface area which is vulnerable to criminal acts i.e the abuse of internet and computer systems is quite
prevelant across the globe and criminals in todays world have evolved and adopted to cyber crimes
against innocent and unaware netizens.To tackle these cyber criminals a new league of jurisprudence is
emerging and is referred to as 'Cyber Law' or Information Technology law. Impact of Cyber Law is
direct on issues of jurisdictions, contract, security, privacy, IPR, Consumer protection, content
management, Cyber crimes etc. For example how Cyber Law enforces validity of contractual
obligations of contracts concluded between parties using electronic means and how such contracts can
be enforced.With the volume of data on the internet exploding exponentially. Some of the conventional
areas of laws that are impacted by technology are:Intellectual Property law, Criminal law, Evidence
Law, Business Law,Taxation Law, Banking law, Financial Law, Consumer Protection law,Contract
Law, Tort Law, International law, Privacy law, Health care law, Security Law and so forth.At the
international level the two main laws dealing with cyber space are Model law on e-commerce(1996)
and the model law on Electronic signature(2001).

III.Important components of Cyber Law

Considering the vast jurisdiction of cyber laws, main areas of cyber law which need to be discussed
are: jurisdiction, Contracts, Security, Privacy, Intellectual property, consumer protection, content
liability and cyber crimes.

(a) Contractual aspects of cyber law seeks to provide the rules for validity of contracts concluded by
electronic means and procedures of enforcing such contracts or resolving disputes arising from such
contracts .
1

(b) Cyber Jurisdiction in e-contracts, in the physical world for courts to have jurisdiction in a matter all
the material elements of the contract lie within the country's territory, which is not the case in e-
contracts. Cyber law lays down the basic principles that help establish whether the courts of a particular
country have the jurisdiction to adjudicate on a matter.The issue of deciding which jurisdiction laws
apply and which country's courts are competent in case of contestation arising from electronically
concluded agreements

(c) Privacy in Cyber space is another element of cyber law. Contractul interactions in cyberspace are
intentional from both the parties; but there can be situations where persons personal data can be
collected from various extraneous sources as the collection of this data is relatively easier in cyber
space and this can be done without the knowledge of the person whose data is being compromised.This
use of personal data without that persons assent is an serious violation of privacy rights and recently
has been in news under a batch of petitions filed against the Aadhar scheme of the government, which
are challenging the constitutional validity of The Aadhar Act. Therefore Personal data protection is
2

another important component of cyber law, wherein security aspects of cyber law are taken into
account to protect the personal data.

(d)) Security in cyber space is undoubtedly one of the most important goals of cyber laws, they aim at
protecting against criminal acts such as hacking, intentional damage or misuse of computer system,
storing and disseminating of illegal content eg child pornography,breach of secure banking systems and
other illegal acts.Providing for criminalisation of such illegal acts in indian laws will prove to be a
deterence and prevent computer related crimes.

(e)Intellectual property is the buzz word and an area of specialisation for many lawyers in this digital
world.The traditional methods of protecting IP via patents,trademarks,copyright are being integrated
with the cyber world and are reducing the time required to ensure protection of IP.the areas of peculiar
interest related to cyber laws has been in the field of domain name protection, trademark protection and
copyright of computer programs

(f) Public Key Infrastructure(PKI) implementation remains one of the most important aspects for
securing transactions and provide for appropriate identification.The government of India has been
encouraging PKI implementation on a larger scale and facilitate its adoption in a wide-ranging
spectrum of applications.it is comprised of four dimensions Algorithms & Protocols, Implementation &
Standards, Policy & Laws, and Applications.

(g) Digital Signatures when armed with legal sanctity have wide-spread applications cutting across
various sectors and have revolutionized the traditional ways of conducting transactions.From Banking
& Commerce to Procurements, Governance, Communications. Digital Signatures provide the same
elements of trust in an Internet world.

CCA(Controller of Certifying Authorities, Govt. of India) is the government entity incharge of Digital
Signatures and Public Key Infrastructure

(h)Inter Country co-operation and implementation of extradition treaties and arrangements due to the
increased trans border infringements in cyber space. Inter country Co-operation also applies to taxation,
IP rights and other cyber related rights.

IV. Information Technology Act, 2000 and I.T. Amendment Act 2008

In order to keep pace with the changing times, The Parliament of India passed its first Cyberlaw, the
Information Technology Act, 2000 on 17th October 2000, also known as the IT Act 2000 which
provides the legal infrastructure for E-commerce in India. The said Act has received the assent of the
President of India and has become the law of the land in India.This Act applies to whole of India, and
its provisions also apply to any offense or contravention, committed even outside the territorial
jurisdiction of Republic of India, by any person irrespective of his nationality. The Main objective of
India's The Information Technology Act 2000 is to give legal validity to transactions carried out by
means of electronic data interchange and other means of electronic communication referred to as
“Electronic commerce.” which involve the use of alternatives to paper based methods of
communication and storage of information.

The Offences pertaining to computer and computer networks are referred to as Cyber offences, which
are unlawful acts carried in a sophisticated manner in which either the computer is the tool or target or
both. Some of the offences and relevant sections under the IT Act 2000 are as follows:


 Tampering with the computer source documents.- Sec 65

  Hacking with computer system(Sec 66)-The importance of this section can be gauged from
the fact that recently there has been a spurt of hacking of government websites by foreign and
domestic hackers intending to make a tend in the credibility of these government
institutions.Now under the provision of this section "Whoever with the intent to cause or
knowing that he is likely to cause wrongful loss or damage to the public or any person
destroys or deletes or alters any information residing in a computer resource or diminishes its
value or utility or affects it injuriously by any means, commits hacking." Further for the first
time, punishment for hacking as a cyber crime prescribed in the form of imprisonment upto 3
years or with fine which may extend to Rs. 2,00,000/- or with both.So hackers will now be
promptly prosecuted under section 66 of the IT Act,2000.
 Publishing of information which is obscene in electronic form- Sec 67
 Un-authorised access to Protected system- Sec 70
 Penalty for breach of confidentiality and privacy-Sec 72
 Penalty for publishing Digital Signature Certificate false in certain particulars-Sec 73


Shortcomings of IT Act, 2000

Demerits of IT Act 2000: Though the main objective of IT Act 2000 is to provide legal recognition to
electronic methods of communication and storage of information, the law is a classic case of a patchy
compilation of vague definitions in important areas like legality of credit card transactions, hacking
web sites, online copyrights. The bone of contention and quite un-popular section of The IT act had
been the Section 66A which punished persons for sending offensive messages and was found to be
patently in violation of Art. 19(1)(a) of our Constitution as it restricted free speech. It was often used an
tool to gag free speech and this lead to a lot of hue and cry against the act. On 24 March 2015, the
Supreme Court of India, gave the verdict that Section 66A is unconstitutional in the Shreya Singhal v.
Union of India case as it invades right to free speech, every expression used in it is nebulous. Some of
3

the other existing challenges of the IT Act are : Inapplicability, Digital signatures (Recognize only PKI
system), Misuse of police powers, No IPR protection guaranteed, ISP not held liable,lack of awareness
and non-compliance, Overhaul of judicial system and entire mechanism to deliver, speedy trial still a
fallacy.

I.T. Amendment Act 2008

The IT Act, 2000 was having some conspicuous omissions resulting in more and more reliance on one
and half century-old Indian Penal Code even in technology based cases with the I.T. Act and the
reliance more on IPC rather on the ITA. Thus the need for an amendment was felt for the I.T. Act in
2003 and it lead to after incorporation of suggestions from various quarters to an consolidated
amendment called the Information Technology Amendment Act 2008.

Some of the key features of this act were :

Some of the distinguishing features of the ITAA are : Focussing on data privacy Focussing on
Information Security, Defining cyber cafe, Making digital signature technology neutral, Defining
reasonable security practices to be followed by corporates, Redefining the role of intermediaries,
Recognising the role of Indian Computer Emergency Response Team, Inclusion of some additional
cyber crimes like child pornography and cyber terrorism, authorizing an Inspector to investigate cyber
offences (as against the DSP earlier)

V. Desired amendments to Cyber Laws in India

The existing cyber laws in India are not able to keep pace with cyber crimes reported in modern times
and therefore require amendments to bring them in conformity with The Model law on Electronic
Commerce.Apart from the amendments new encryption standards and privacy policies to ensure data
protection relating to Information Technology is addressed to in the most speedy manner. Though the
IT Act has four schedules that amend the Indian Penal Code, 1860, the Indian Evidence Act, 1872, The
Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act, 1934 to make them in tune with
the provisions of the IT Act, but still a lot needs to be desired.

Recent Amendments to conventional laws

(a) Indian Evidence Act, 1872-earlier there were only two evidences legally recognised under this act
oral and documentary. Electronic record was not legally recognised and accepted as
evidence.Ultimately amendments were made to this act to grant legal recognition to electronic record
as that it can be accepted as evidence.

(b) Indian Penal Code, 1860-Earlier offences could be committed against the documents and electronic
records were not within the purview of IPC and therefore no offence against electronic records was
recognised, but after the amendment legal recognition was granted to electronic records and were
brought under the purview of IPC.

(c)Reserve Bank of India, Act 1934-Earlier Electronic fund transfer between financial institutions was
not legally recognised, only after this act had been amended was legal recognition and facilitation for
electronic fund transfers between financial institutions allowed.The importance of this amendment can
be gauged from the fact that more than 50% of the banking transactions are now done via online
methods such as NEFT/IMPS/NEFT/MMID /Online transfer.
(d) Bankers Books Evidence Act,1891-Earlier under conventional law e-books of accounts were not
legally recognised, therefore this act was amended so at to give legal sanctity for books of accounts
maintained in the electronic form by the banks

Desired Amendments

1. Consumer protection Act,1986- in todays digital world when most of the trasactions are taking
place in cyber space it is very important to ensure that laws for protection of consumers such
as the Consumer protection act are regularly updated or amended.a question which arises
under this act is whether a cyber consumer is different than an ordinary consumer or whether
he is covered under the consumer protection act,1986.The definition of consumer u/s 2(1)(d)
should be broadened to include cyber consumers who purchases goods or hires services using
the internet.Also services of certifying authorities under the IT Act, 2000 shall be covered
under the definition of services and subscriber under the definition of consumer.
2. Indian contract Act,1872- In the business to consumer model of e-commerce eg amazon .com,
there are several kind of legal issues involved pertaining to contracts. For example: When an
online merchant delivers goods, but the consumer does not admit that they have received the
goods ever; or when the merchant delivers goods, but the consumer refuses to pay as his
minor child had ordered without authorisation; or when consumer pays for the goods but the
merchant does not deliver the goods; or the goods are wrong/partial/damaged/non-working.To
address these issues the Indian Contract act, 1872 needs vast amendments to incorporate the
validity of such e-contracts.
3. Tort based laws-Issues which are civil in nature involving civil liability and action are covered
under Tort.Cases involving fraud, negligence, misrepresentation, false advertisements,
defamation, IPR infringements.Some of the issues related to Tort that need to be accounted for
by cyber laws are: Strict liability:A product that produces wrong solution causing injury to
others falls under the ambits of strict liability or negligence.The basis of product liability is
covered under tort law and if such a product is purchased online causing injury to another
person the question that needs to be answered is whether the rule of strict liability would be
applicable.Another aspect that needs to be remedied is sale of defective products or services
online by manufacturers, e-merchants, sellers, service providers.In online transactions every
person involved in the transaction would be liable

Fraud- The growth of cyber space has created a new and a unique problem which was unheard
of earlier and obviously not incorporated in any of the existing acts or laws.For example, If an
e-merchant gives false advertisements on their website or sells wrong products or if a
consumer gives an unauthorised credit/debit card over the internet, whether he or she will be
liable for fraud and what is the mechanism to process such kind of fraudulent activities under
the ambits of law. The IT Act, 2000 is not clear and is silent about the liability under law of
 tort arising in cyber space and this is an major hurdle and definately amendments are required
not only in IT Act but also Indian Contract Act.

4. Taxation laws-The income tax act and related taxation laws in India also need to be amended
to account for the enormous increase in taxation difficulties arising due to the exponential
growth of ecommerce. Issues of international cross border taxation, customs and duties on
products purchased online needs to be clarified and is a bone of contention at this point of
time.The sooner clarity is brought on taxation issues the better it will be for growth of
businesses and customer satisfaction thereby creating an viable atmosphere for economic
growth. As many online transactions involve parties residing and operating in different legal
and tax jurisdictions therefore moot question is which authority has the necessary tax
jurisdiction and it is not clear in many situation,also enforcement of tax laws on the internet is
equally difficult. For this tax authorities need to frame common tax policies and sugest
changes in The Income Tax Act,1961 as well as The IT Act,2000.
5. Copyright,trademarks and Patent Law-Copyright and patent violations under law are issues
when infringements occur in cyber space.The key question that arises is, if there is a
infringement of IP rights online whether and how it is covered under IP Right laws.So
whenever there is a violation of copyright or patent right in the cyber space then the author or
inventor should have all the rights conferred under these acts. Similarly trademrk
infringements in digital medium, and domain names disputes are other areas that require
appropriate amendments in laws.The IT act is silent about trademark infringement in digital
medium and domain name disputes.
6. Domain Names-Many companies use their names as Trademarks eg Tata,Reliance,Birla and it
makes sense for them to have a presence on the Internet.But the problem arises when a
company's domain name has already been registered by someone else, as domain name
registration is on a first come first serve basis. This trend of unauthorised/un-connected person
or company's registering someone elses trademark, as his domain name is known as 'cyber-
squatting'. These cyber-squatters or pirates have no good reason to register the mark or use it
other than to extort money from the trademark holder.In India there have been numerous
litigations on protection of domain names.In Titan industries v Prashant Kooapti , also known
4

as the Tanishq case, where the defendant had registered www.tanishq.com which is a brand of
plaintiff which had been using it for the watches manufactured by it and they sued the
defendants for passing off, alleging that the use of domain name by the defendant would lead
to confusion and deception,damaging the goodwill and reputation of the plaintiff. The Delhi
High Court granted an injunction restraining the defendant from using the name tanishq.
Another landmark case on domain names was yahoo v akash arora ,in this case the defendants
5

use of yahooindia was found to be in violation of trademark of the plaintiff.And the court also
rejected the defendants plea that The Indian Trademark Act will not be applicable to the use of
domain name on net.
 In another case of rediff communication limited v cyber booth , the paintiff sought an
6

injunction to restrain the defendants from using the domain name radiff which was deceiving
and causing confusion between 'radiff.com' and 'rediff.com'.The court ruled that domain name
was more than an internet address and is entitled to equal protection as trademark and held
that the defendants have adopted the domain name 'radiff' with the intention to trade on the
plaintiffs reputation.So basically we can see that there is a general consensus in the legal
fraternity on according rights to domain names but due to lack of any protection in the
Trademarks Act or the IT Act, there seems to be a lot of confusion and a loophole which is
being taken advantage of by cyber-squatters, therefore an amendment in IT act and
Trademarks Act is needed at the earliest.

7. Cyber Jurisdiction, which basically means jurisdiction in cyber space refers to a real world
governments power and normally existing courts authority over internet users and their
activities in the cyber world.But the issue is that The IT Act, 2000 does not cover the issue of
jurisdiction in a clear manner and a lot of ambiguity is there. Jurisdiction plays the most
important role in deciding which place to file the case.At the present time the law of
jurisdictions applicable in the physical world is being utilised and applied to the cyber space to
solve any questions on jurisdictional matters.Therefore an amendment is required to settle this
issue and confusion regarding jurisdiction of cyber space matters.

VI. Shortcomings in Cyber Law

Some of the basic shortcomings in the field of cyber law are:

Awareness: There seems to be no government initiatives or serious provision for creating awareness
and putting such initiatives in place in the Act.The government agencies like the Police department
have not taken any serious step to create public awareness about the provisions in IT and ITAA,which
is necessary as it is a new area and technology has to be learnt by all the stake-holders like the judicial
officers, legal professionals, litigant public and the public at large.

Jurisdiction: This is a major issue which has not been satisfactorily addressed in the ITA or ITAA.
Jurisdiction has been mentioned in Sections 46, 48, 57 and 61 in the context of adjudication process
and the appellate procedure connected with and again in Section 80 and as part of the police officers’
powers to enter, search a public place for a cyber crime etc. In the context of electronic record, Section
13 (3) and (4) discuss the place of dispatch and receipt of electronic record which may be taken as
jurisprudence issues. However some fundamental issues like if the mail of someone is hacked and the
accused is a resident of a city in some state coming to know of it in a different city, which police
station does he go to? If he is an employee of a MNC with branches throughout the world and in many
metros in India and is often on tour in India and he suspects another individual say an employee of the
same firm in his branch or headquarters office and informs the police that evidence could lie in the
suspect’s computer system itself, where does he go to file he complaint. The knowledge that cyber
crime is geography-agnostic, borderless, territory-free and sans all jurisdiction and frontiers and
happens in ‘cloud’ or the ‘space’, has to be spread and proper training is to be given to all concerned
players in the field.

Evidences: Evidences are a major concern in cyber crimes.We cannot mark a place nor a computer nor
a network, nor seize the hard-disk immediately and keep it under lock and key keep it as an exhibit
taken from the crime scene. Very often, nothing could be seen as a scene in cyber crime! The
evidences, the data, the network and the related gadgets along with of course the log files and trail of
events emanating or recorded in the system are actually the crime scene. While filing cases under IT
Act, be it as a civil case in the adjudication process or a criminal complaint filed with the police, many
often, evidences may lie in some system like the intermediaries’ computers or some times in the
opponent’s computer system too. In all such cases, unless the police swing into action swiftly and seize
the systems and capture the evidences, such vital evidences could be easily destroyed. In fact, if one
knows that his computer is going to be seized, he would immediately go for destruction of evidences
(formatting, removing the history, removing the cookies, changing the registry and user login set ups,
reconfiguring the system files etc) since most of the computer history and log files are volatile in
nature.

Other existing short comings in the Cyber law arena in India

There is no major initiative in India jurisprudence on common repositories of electronic evidences by

which in the event of any dispute (including civil) the affected computer may be handed over to a
common trusted third party with proper software tools, who may keep a copy of the entire disk and
return the original to the owner, so that he can keep using it at will and the copy will be produced as
evidence whenever required. For this there are software tools like ‘EnCase’ which has a global
recognition, search features without giving any room for further writing and preserving the original
version with date stamp for production as evidence.

Non coverage of many crimes: India has only one legislation the ITA and ITAA, compared to
numerous legislation that western countries have to protect cyber space. Many cyber crimes like cyber
squatting with attention to extort money, Spam mails, ISP’s liability in copyright infringement, data
privacy issues, Denial of service(DOS) attacks have not been given adequate coverage. Besides, most
of the Indian corporate including some Public Sector undertakings use Operating Systems that are from
the West especially the US and many software utilities and hardware items and sometimes firmware
are from abroad. In such cases, the actual reach and import of IT Act Sections dealing with a utility
software or a system software or an Operating System upgrade or update used for downloading the
software utility, is to be specifically addressed, as otherwise a peculiar situation may come, when the
user may not know whether the upgrade or the patch is getting downloaded or any spyware getting
installed. The Act does not address the government’s policy on keeping the backup of corporates
including the PSUs and PSBs in our county or abroad and if kept abroad, the subjective legal
jurisprudence on such software backups. Most of the cyber crimes in the nation are still brought under
the relevant sections of IPC read with the comparative sections of ITA or the ITAA which gives a
comfort factor to the investigating agencies that even if the ITA part of the case is lost, the accused
cannot escape from the IPC part.

Conclusion

Our current legislation seems to go soft on cyber criminals, some cyber law experts feel that the
existing set of cyber laws are sort of encouraging cyber criminals by lessening the quantum of
punishment accorded to them under the existing law. For example majority of cyber crimes stipulated
under the IT Act are bailable offences and this is not a good deterrent for potential cyber criminals.Also
the existing conviction rate in Cyber crime offences is among the lowest in the nation much lower than
the rate in IPC and other offences. Therefore the Government of India must take proactive steps to
ensure that all relevant laws in India are updated and at the same time have enough deterrence to
prevent any future cyber crimes from taking place.

1http://www.cespam.net/documents/events/swaziland2005/cyberlaw%20development%20&%
20harmonisation.pdf

2https://thewire.in/170700/right-to-privacy-aadhaar-supreme-court/

3 Shreya Singhal v. Union of India (AIR SC 2015)

4 Titan industries v Prashant Kooapti

5Yahoo v Akash Arora(1999 PTC 19,20 Delhi High Court)

6 rediff communication limited v cyber booth(AIR 2000 Bom)