Legal Environment of Business

Cyber Law

By: Prateek Thakur

13BSP1763
Section E
 Contents

1. Introduction

2. Definition of Cybercrime

3. Types of Cyber Crimes

4. Need For Cyber Law

5. History of cyber law in India

6. Cyber Law & India

7. Approach of the Information Technology Act, 2000

8. Aims and Objectives of the Information Technology Act, 2000

9. Effects of the Information Technology Act, 2000

10. Information Technology (Amendment) Act, 2008

11. Indian Case Studies

12. What Cyber Laws Might Teach?

Introduction
Success in any field of human activity leads to crime that needs mechanisms to control it. Legal
provisions should provide assurance to users, empowerment to law enforcement agencies and
deterrence to criminals. The law is as stringent as its enforcement. Crime is no longer limited to
space, time or a group of people. Cyber space creates moral, civil and criminal wrongs. It has
now given a new way to express criminal tendencies. Back in 1990, less than 100,000 people
were able to log on to the Internet worldwide. Now around 500 million people are hooked up
to surf the net around the globe.

Until recently, many information technology (IT) professionals lacked awareness and interest in
the cyber crime phenomenon. In many cases, law enforcement officers have lacked the tools
needed to tackle the problem; old laws didn’t quite fit the crimes being committed, new laws
hadn’t quite caught up to the reality of what was happening, and there were few court
precedents to look to for guidance. Furthermore, debates over privacy issues hampered the
ability of enforcement agents to gather the evidence needed to prosecute these new cases.
Finally, there was a certain amount of antipathy—or at the least, distrust— between the two
most important players in any effective fight against cyber crime: law enforcement agencies
and computer professionals. Yet close cooperation between the two is crucial if we are to
control the cyber crime problem and make the Internet a safe “place” for its users.

Law enforcement personnel understand the criminal mindset and know the basics of gathering
evidence and bringing offenders to justice. IT personnel understand computers and networks,
how they work, and how to track down information on them. Each has half of the key to
defeating the cyber criminal.

IT professionals need good definitions of cybercrime in order to know when (and what) to
report to police, but law enforcement agencies must have statutory definitions of specific
crimes in order to charge a criminal with an offense. The first step in specifically defining
individual cybercrimes is to sort all the acts that can be considered cybercrimes into organized
categories.
United Nations’ Definition of Cybercrime

Cybercrime spans not only state but national boundaries as well. Perhaps we should look to
international organizations to provide a standard definition of the crime. At the Tenth United
Nations Congress on the Prevention of Crime and Treatment of Offenders, in a workshop
devoted to the issues of crimes related to computer networks, cybercrime was broken into two
categories and defined thus:

a. Cybercrime in a narrow sense (computer crime): Any illegal behavior directed by means of
electronic operations that targets the security of computer systems and the data processed by
them.

b. Cybercrime in a broader sense (computer-related crime): Any illegal behavior committed by

means of, or in relation to, a computer system or network, including such crimes as illegal
possession [and] offering or distributing information by means of a computer system or
network.

Of course, these definitions are complicated by the fact that an act may be illegal in one nation
but not in another. Cyber Crimes can also be categorized in many ways

1. Cyber Crimes against Persons:

There are certain offences who affect the personality of individuals can be defined as:

Harassment via E-Mails: It is very common type of harassment through sending letters,
attachments of files & folders i.e. via e-mails. At present harassment is common as usage of
social sites i.e. Facebook, Twitter etc. increasing day by day.

Cyber-Stalking: It means expressed or implied a physical threat that creates fear through the
use to computer technology such as internet, e-mail, phones, text messages, webcam, websites
or videos.

Dissemination of Obscene Material: It includes Indecent exposure/ Pornography (basically

child pornography), hosting of web site containing these prohibited materials. These obscene
matters may cause harm to the mind of the adolescent and tend to deprave or corrupt their
mind.

Defamation: It is an act of imputing any person with intent to lower down the dignity of the
person by hacking his mail account and sending some mails with using vulgar language to
unknown persons mail account.

Hacking: It means unauthorized control/access over computer system and act of hacking
completely destroys the whole data as well as computer programmers. Hackers usually hacks
telecommunication and mobile network.

Cracking: It is amongst the gravest cyber crimes known till date. It is a dreadful feeling to know
that a stranger has broken into your computer systems without your knowledge and consent
and has tampered with precious confidential data and information.

E-Mail Spoofing: A spoofed e-mail may be said to be one, which misrepresents its origin. It
shows its origin to be different from which actually it originates.

SMS Spoofing: Spoofing is a blocking through spam which means the unwanted uninvited
messages. Here an offender steals identity of another in the form of mobile phone number and
sending SMS via internet and receiver gets the SMS from the mobile phone number of the
victim. It is very serious cyber crime against any individual.

Carding: It means false ATM cards i.e. Debit and Credit cards used by criminals for their
monetary benefits through withdrawing money from the victim’s bank account. There is always
unauthorized use of ATM cards in this type of cyber crimes.

Cheating & Fraud: It means the person who is doing the act of cyber crime i.e. stealing
password and data storage has done it with having guilty mind which leads to fraud and
cheating.

Child Pornography: It involves the use of computer networks to create, distribute, or access
materials that sexually exploit underage children.
Assault by Threat: refers to threatening a person with fear for their lives or lives of their
families through the use of a computer network i.e. E-mail, videos or phones.

2. Crimes against Persons Property:

As there is rapid growth in the international trade where businesses and consumers are
increasingly using computers to create, transmit and to store information in the electronic form
instead of traditional paper documents. There are certain offences who affect person’s
property which are as follows:

Intellectual Property Crimes: Intellectual property consists of a bundle of rights. Any unlawful
act by which the owner is deprived completely or partially of his rights is an offence. The
common form of IPR violation may be said to be software piracy, infringement of copyright,
trademark, patents, designs and service mark violation, theft of computer source code, etc.

Cyber Squatting: It means where two persons claim for the same Domain Name either by
claiming that they had registered the name first on by right of using it before the other or using
something similar to that previously. For example two similar names i.e. www.yahoo.com and
www.yaahoo.com.

Cyber Vandalism: Vandalism means deliberately destroying or damaging property of another.

Thus cyber vandalism means destroying or damaging the data when a network service is
stopped or disrupted. It may include within its purview any kind of physical harm done to the
computer of any person. These acts may take the form of the theft of a computer, some part of
a computer or a peripheral attached to the computer.

Hacking Computer System: Hacking attacks those included Famous Twitter, blogging platform
by unauthorized access/control over the computer. Due to the hacking activity there will be loss
of data as well as computer. Also research especially indicates that those attacks were not
mainly intended for financial gain too and to diminish the reputation of particular person or
company.
Transmitting Virus: Viruses are programs that attach themselves to a computer or a file and
then circulate themselves to other files and to other computers on a network. They usually
affect the data on a computer, either by altering or deleting it. Worm attacks plays major role in
affecting the computerize system of the individuals.

Cyber Trespass: It means to access someone’s computer without the right authorization of the
owner and does not disturb, alter, misuse, or damage data or system by using wireless internet
connection.

Internet Time Thefts: Basically, Internet time theft comes under hacking. It is the use by an
unauthorized person, of the Internet hours paid for by another person. The person who gets
access to someone else’s ISP user ID and password, either by hacking or by gaining access to it
by illegal means, uses it to access the Internet without the other person’s knowledge. You can
identify time theft if your Internet time has to be recharged often, despite infrequent usage.

3. Cybercrimes against Government:

There are certain offences done by group of persons intending to threaten the international
governments by using internet facilities. It includes:

Cyber Terrorism: Cyber terrorism is a major burning issue in the domestic as well as global
concern. The common form of these terrorist attacks on the Internet is by distributed denial of
service attacks, hate websites and hate e-mails, attacks on sensitive computer networks etc.
Cyber terrorism activities endanger the sovereignty and integrity of the nation.

Cyber Warfare: It refers to politically motivated hacking to conduct sabotage and espionage. It
is a form of information warfare sometimes seen as analogous to conventional warfare
although this analogy is controversial for both its accuracy and its political motivation.

Distribution of pirated software: It means distributing pirated software from one computer to
another intending to destroy the data and official records of the government.
Possession of Unauthorized Information: It is very easy to access any information by the
terrorists with the aid of internet and to possess that information for political, religious, social,
ideological objectives.

4. Cybercrimes against Society at large:

An unlawful act done with the intention of causing harm to the cyberspace will affect large
number of persons. These offences include:

Child Pornography: It involves the use of computer networks to create, distribute, or access
materials that sexually exploit underage children. It also includes activities concerning indecent
exposure and obscenity.

Cyber Trafficking: It may be trafficking in drugs, human beings, arms weapons etc. which
affects large number of persons. Trafficking in the cyberspace is also a gravest crime.

Online Gambling: Online fraud and cheating is one of the most lucrative businesses that are
growing today in the cyber space. There are many cases that have come to light are those
pertaining to credit card crimes, contractual crimes, offering jobs, etc.

Financial Crimes: This type of offence is common as there is rapid growth in the users of
networking sites and phone networking where culprit will try to attack by sending bogus mails
or messages through internet. Ex: Using credit cards by obtaining password illegally.

Forgery: It means to deceive large number of persons by sending threatening mails as online
business transactions are becoming the habitual need of today’s life style.

Need for Cyber law

In today’s techno-savvy environment, the world is becoming more and more digitally
sophisticated and so are the crimes. Internet was initially developed as a research and
information sharing tool and was in an unregulated manner. As the time passed by it became
more transactional with e-business, e-commerce, e-governance and e-procurement etc. All
legal issues related to internet crime are dealt with through cyber laws. As the number of
internet users is on the rise, the need for cyber laws and their application has also gathered
great momentum.

In today's highly digitalized world, almost everyone is affected by cyber law. For example:

1. Almost all transactions in shares are in demat form.

2. Almost all companies extensively depend upon their computer networks and keep their
valuable data in electronic form.

3. Government forms including income tax returns, company law forms etc. are now filled in
electronic form.

4. Consumers are increasingly using credit cards for shopping.

5. Most people are using email, cell phones and SMS messages for communication.

6. Even in "non-cyber crime" cases, important evidence is found in computers / cell phones e.g.
in cases of divorce, murder, kidnapping, tax evasion, organized crime, terrorist operations,
counterfeit currency etc.

7. Cyber crime cases such as online banking frauds, online share trading fraud, source code
theft, credit card fraud, tax evasion, virus attacks, cyber sabotage, phishing attacks, email
hijacking, denial of service, hacking, pornography etc are becoming common.

8 Digital signatures and e-contracts are fast replacing conventional methods of transacting
business.

Technology per se is never a disputed issue but for whom and at what cost has been the issue
in the ambit of governance. The cyber revolution holds the promise of quickly reaching the
masses as opposed to the earlier technologies, which had a trickledown effect. Such a promise
and potential can only be realized with an appropriate legal regime based on a given socio-
economic matrix.
History of cyber law in India

The information Technology Act is an outcome of the resolution dated 30th January 1997 of the
General Assembly of the United Nations, which adopted the Model Law on Electronic
Commerce, adopted the Model Law on Electronic 17 Commerce on International Trade Law.
This resolution recommended, interalia, that all states give favourable consideration to the said
Model Law while revising enacting new law, so that uniformity may be observed in the laws, of
the various cyber-nations, applicable to alternatives to paper based methods of communication
and storage of information.

The Department of Electronics (DoE) in July 1998 drafted the bill. However, it could only be
introduced in the House on December 16, 1999 (after a gap of almost one and a half years)
when the new IT Ministry was formed. It underwent substantial alteration, with the Commerce
Ministry making suggestions related to e-commerce and matters pertaining to World Trade
Organization (WTO) obligations. The Ministry of Law and Company Affairs then vetted this joint
draft.

After its introduction in the House, the bill was referred to the 42-member Parliamentary
Standing Committee following demands from the Members. The Standing Committee made
several suggestions to be incorporated into the bill.

However, only those suggestions that were approved by the Ministry of Information
Technology were incorporated. One of the suggestions that were highly debated upon was that
a cyber café owner must maintain a register to record the names and addresses of all people
visiting his café and also a list of the websites that they surfed. This suggestion was made as an
attempt to curb cyber crime and to facilitate speedy locating of a cyber criminal. However, at

The same time it was ridiculed, as it would invade upon a net surfer’s privacy and would not be
economically viable. Finally, this suggestion was dropped by the IT Ministry in its final draft.

The Union Cabinet approved the bill on May 13, 2000 and on May 17, 2000; both the houses of
the Indian Parliament passed the Information Technology Bill. The Bill received the assent of
the President on 9th June 2000 and came to 18 be known as the Information Technology Act,
2000. The Act came into force on 17th October 2000.

With the passage of time, as technology developed further and new methods of committing
crime using Internet & computers surfaced, the need was felt to amend the IT Act, 2000 to
insert new kinds of cyber offences and plug in other loopholes that posed hurdles in the
effective enforcement of the IT Act, 2000.

This led to the passage of the Information Technology (Amendment) Act, 2008 which was made
effective from 27 October 2009. The IT (Amendment) Act, 2008 has brought marked changes in
the IT Act, 2000 on several counts.

Cyber Law & India

In India the cyber laws are synonymous with the Information Technology Act, 2000. The IT
revolution, in India started in mid 1980s and since then it has been moving like a juggernaut.
While India was riding the information superhighway without any traffic rules, other countries
in the world were framing rules and regulations to control access to Internet and also for
business over the worldwide web. Since Internet is not confined within the geographical limits
of a country, one of the United Nations agencies ‘United Nations Commission on International
Trade Law’ (UNCITRAL) proposed a certain level of uniformity of laws in all member countries.
To this effect, the Model Law on Electronic Commerce was adopted by the United Nations
Commission on International Trade Law (UNCITRAL) 10 in its twenty-ninth session. Later a
resolution11 of the General Assembly recommended that all States give favourable
consideration to the Model Law on Electronic Commerce when they enact or revise their laws,
in view of the need for uniformity of the law applicable to alternatives to paper-based methods
of communication and storage of information.

In India, the then Department of Electronics (DoE) was given the mandate to have an
enactment in place, on the lines of the UNCITRAL’s Model Law on Electronic Commerce soon
after its adoption by the UN General Assembly. It was a foresight on the part of the
Government of India to initiate the entire process of enacting India’s first ever information
technology legislation soon after its adoption by the UN General Assembly.

There were two reasons:

(a) To facilitate to the development of a secure regulatory environment for electronic

commerce by providing a legal infrastructure to govern electronic contracts, authenticity and
integrity of electronic transactions, the use of digital signatures and other issues related to
electronic commerce; and

(b) To showcase India’s growing IT knowledgebase and the role of Government in safeguarding
and promoting IT sector.

India enacted the Information Technology Act, 2000 based on the UNCITRAL’s Model Law on
Electronic Commerce. It received the assent of the President on the June 9, 2000 and came into
force on October 17, 2000. It is important to understand that while enacting the Information
Technology Act, 2000, the legislative intent has been not to ignore the national perspective of
information technology and also to ensure that it should have an international perspective as
advocated by the said Model Law.

Approach of the Information Technology Act, 2000

Since the Information Technology Act, 2000 is based on the UNCITRAL’s Model Law on
Electronic Commerce, which provides for “functional equivalent approach”. It is based on an
analysis of the purposes and functions of the traditional paper-based requirement with a view
to determining how those purposes or functions could be fulfilled through electronic-
commerce techniques. The idea is that the adoption of the functional-equivalent approach
should not result in imposing on users of electronic commerce more stringent standards of
security (and the related costs) than in a paper-based environment.

For example, it treats paper document and its electronic equivalent (electronic record) at par.
That is, if a paper document is admissible in a court of law, then its functional equivalent in the
‘electronic form’, i.e., the electronic record should also be admissible in the court of law.
Aims and Objectives of the Information Technology Act, 2000

The preamble of the Information Technology Act, 2000 reads “ An Act to provide legal
recognition for transactions carried out by means of electronic communication, commonly
referred to as “electronic commerce”’ which involve the use of alternatives to paper-based
methods of communication and storage of information, to facilitate electronic filing of
documents with the Government agencies”.

The aims and objectives of the Act make it:

(a) A facilitating Act,

(b) An enabling Act, and

(c) A regulating Act

(a) A Facilitating Act

The Information Technology Act, 2000 is a facilitating Act as it facilitates both e-commerce and
e-governance. Interestingly, the UNCITRAL Model Law of E-commerce on which this Act is
based has made no reference to e-governance. But it was the collective wisdom of the
legislature, which saw the necessity of introducing concepts like e-governance in this Act.
Sections form the basic law related to electronic governance rights, which have been conferred
to the persons and the Government(s) – both Central and State Governments. It is applicable to
the whole of India, including the State of Jammu and Kashmir.

It is important to understand that the Information Technology Act, 2000 is the first enactment
of its kind in India, which grants ‘e-governance rights’ to the citizens of India.

(b) An Enabling Act

The Information Technology Act, 2000 is an enabling Act as it enables a legal regime of
electronic records and digital signatures. That is, in order to be called legally binding all
electronic records, communications or transactions must meet the fundamental requirements,
one authenticity of the sender to enable the recipient (or relying party) to determine who really
sent the message, two message’s integrity, the recipient must be able to determine whether or
not the message received has been modified en route or is incomplete and third, non-
repudiation, the ability to ensure that the sender cannot falsely deny sending the message, nor
falsely deny the contents of the message.

The Act provides for Digital signatures12, which may be considered functional equivalent to
physical world signatures capable of meeting all the fundamental requirements, like
authenticity of the sender, message integrity and non-repudiation. Digital signature is a
misnomer. It does not mean scanning the handwritten signatures electronically. In fact by
applying digital signatures one may actually transform an electronic message into an
alphanumeric code. It requires a key pair (private key for encryption and public key for
decryption) and a hash function (algorithm).

(c) A Regulating Act

The Information Technology Act, 2000 is a regulating Act as it regulates cyber crimes. As stated
above, cyber crime is a collective term encompassing both ‘cyber contraventions’ and ‘cyber
offences’. The Act not only demarcates contraventions from offences, but also provides a
separate redressal mechanism for both.

The classification of cyber contraventions and cyber offences is as follows:

Cyber Contraventions under the Act Cyber Offences under the Act

Deals primarily with unauthorized Deals with computer, computer

access to computer, computer system system or computer network related
or computer network serious offences
Section 43 (a) to (h) Sections 65-74

May result in civil prosecution May result in criminal prosecution

Judicial proceedings before the Judicial proceedings to be held before

Adjudicating Officer the appropriate ‘Court’ as per the
nature of offence, whether cognizable
or non-cognizable

Provision of appeal Provision of appeal

Power to investigate any Power to investigate any offence lies

contravention lies with the with the police officer not below the
Adjudicating Officer, Controller or rank of Deputy Superintendent of
any officer authorized by him Police

Offender liable to pay damages by Offender punishable with

way of compensation not exceeding imprisonment term or fine or with
one crore rupees to the person so both
affected.

Table: Cyber Contraventions and Cyber Offences under the Act

With the enactment of the Information Technology Act, 2000, in India, the law has taken a
quantum jump to include even the intangibles under its purview. This Act is a proactive piece of
legislation and is not only in tune with the UNCITRAL’s Model Law on Electronic Commerce but
it also unfolds various aspects of information technology to promote efficient delivery of
Government services by means of reliable electronic records.
Cyber laws are new legal resources to check violations in cyberspace. It would be wrong to treat
them differently from the other widely prevalent physical laws. All laws flow from the
Constitution of a country and cyber laws (of a country) are no different! The aims & objectives,
scope, approach, criteria of cyber law may be different but that does not mean that they are
superior to the laws applicable previously. The legal construction of cyber law provisions is no
different from other statutes, codes and enactments. The idea is to maintain uniformity with
other statutory provisions. Cyber laws may have been given a special status by the lawmakers
but that does not mean its superiority in a legal system.

Effects of the Information Technology Act, 2000

The Information Technology (IT) Act, 2000, specifies the acts which have been made
punishable. Since the primary objective of this Act is to create an enabling environment for
commercial use of I.T., certain omissions and commissions of criminals while using computers
have not been included. With the legal recognition of Electronic Records and the amendments
made in the several sections of the IPC vide the IT Act, 2000, several offences having bearing on
cyber-arena are also registered under the appropriate sections of the IPC. During the year
2003, 60 cases were registered under IT Act as compared to 70 cases during the previous year
thereby reporting a decline of 14.3 percent in 2003 over 2002. Of the total 60 cases registered
under IT Act 2000, around 33 percent (20 cases) relate to Obscene Publication / Transmission in
electronic form, normally known as cases of cyber pornography. 17 persons were arrested for
committing such offences during 2003.

There were 21 cases of Hacking of computer systems wherein 18 persons were arrested in
2003. Of the total (21) Hacking cases, the cases relating to Loss/Damage of computer
resource/utility under Sec 66(1) of the IT Act were to the tune of 62 percent (13 cases) and that
related to Hacking under Section 66(2) of IT Act were 38 percent (8cases).
During 2003, a total of 411 cases were registered under IPC Sections as compared to 738 such
cases during 2002 thereby reporting a significant decline of 44 percent in 2003 over 2002.
Andhra Pradesh reported more than half of such cases (218 out of 411) (53 percent). Of the 411
cases registered under IPC, majority of the crimes fall under 3 categories viz. Criminal Breach of
Trust or Fraud (269), Forgery (89) and Counterfeiting (53).

Though, these offences fall under the traditional IPC crimes, the cases had the cyber tones
wherein computer, Internet or its related aspects were present in the crime and hence they
were categorised as Cyber Crimes under IPC.

During 2003, number of cases under Cyber Crimes relating to Counterfeiting of

currency/Stamps stood at 53 wherein 118 persons were arrested during 2003. Of the 47,478
cases reported under Cheating, the Cyber Forgery (89) accounted for 0.2 per cent. Of the total
Criminal Breach of Trust cases (13,432), the Cyber frauds (269) accounted for 2 percent. Of the
Counterfeiting offences (2,055), Cyber Counterfeiting (53) offences accounted for 2.6 percent.

A total of 475 persons were arrested in the country for Cyber Crimes under IPC during 2003. Of
these, 53.6 percent offenders (255) were taken into custody for offences under Criminal Breach
of Trust/Fraud (Cyber) and 21.4 percent (102) for offences under ‘Cyber Forgery’.

The age-wise profile of the arrested persons showed that 45 percent were in the age-group of
30-45 years, 28.5 percent of the offenders were in the age-group of 45-60 years and 11
offenders were aged 60 years and above. Gujarat reported 2 offenders who were below 18
years of age.

Fraud/Illegal gain (120) accounted for 60 per cent of the total Cyber Crime motives reported in
the country. Greed/Money (15 cases) accounted for 7.5 percent of the Cyber Crimes reported.
Eve-teasing and Harassment (8 cases) accounted for around 4 per cent. Cyber Suspects include
Neighbours / Friends / Relatives (91), disgruntled employees (11), Business Competitors (9),
Crackers Students / Professional learners (3).

Information Technology (Amendment) Act, 2008

Salient Feature:

i. The term 'digital signature' has been replaced with 'electronic signature' to make the Act
more technology neutral.

ii. A new section has been inserted to define 'communication device' to mean cell phones,
personal digital assistance or combination of both or any other device used to communicate,
send or transmit any text video, audio or image.

iii. A new section has been added to define cyber cafe as any facility from where the access to
the internet is offered by any person in the ordinary course of business to the members of the
public.

iv. A new definition has been inserted for intermediary.

v. A new section 10A has been inserted to the effect that contracts concluded electronically
shall not be deemed to be unenforceable solely on the ground that electronic form or means
was used. 20

vi. The damages of Rs. One Crore prescribed under section 43 of the earlier Act of 2000 for
damage to computer, computer system etc. has been deleted and the relevant parts of the
section have been substituted by the words, 'he shall be liable to pay damages by way of
compensation to the person so affected'.

vii. A new section 43A has been inserted to protect sensitive personal data or information
possessed, dealt or handled by a body corporate in a computer resource which such body
corporate owns, controls or operates. If such body corporate is negligent in implementing and
maintaining reasonable security practices and procedures and thereby causes wrongful loss or
wrongful gain to any person, it shall be liable to pay damages by way of compensation to the
person so affected.

viii. Sections 66A to 66F have been added to Section 66 prescribing punishment for offences
such as obscene electronic message transmissions, identity theft, cheating by impersonation
using computer resource, violation of privacy and cyber terrorism.
ix. Section 67 of the IT Act, 2000 has been amended to reduce the term of imprisonment for
publishing or transmitting obscene material in electronic form to three years from five years
and increase the fine thereof from Rs.100, 000 to Rs. 500,000. Sections 67A to 67C have also
been inserted. While Sections 67A and B deals with penal provisions in respect of offences of
publishing or transmitting of material containing sexually explicit act and child pornography in
electronic form, Section 67C deals with the obligation of an intermediary to preserve and retain
such information as may be specified for such duration and in such manner and format as the
central government may prescribe.

x. In view of the increasing threat of terrorism in the country, the new amendments include an
amended section 69 giving power to the state to issue directions for interception or monitoring
of decryption of any information through any computer resource. Further, sections 69A and B,
two new sections, grant power to the state to issue directions for blocking for public access of
any information through any computer resource and to authorize to monitor and collect traffic
data or information through any computer resource for cyber security.

xi. Section 79 of the Act which exempted intermediaries has been modified to the effect that an
intermediary shall not be liable for any third party information data or communication link
made available or hosted by him if;

(a) The function of the intermediary is limited to providing access to a communication system
over which information made available by third parties is transmitted or temporarily stored or
hosted;

(b) The intermediary does not initiate the transmission or select the receiver of the
transmission and select or modify the information contained in the transmission;

(c) The intermediary observes due diligence while discharging his duties. However, section 79
will not apply to an intermediary if the intermediary has conspired or abetted or aided or
induced whether by threats or promise or otherwise in the commission of the unlawful act or
upon receiving actual knowledge or on being notified that any information, data or
communication link residing in or connected to a computer resource controlled by it is being
used to commit an unlawful act, the intermediary fails to expeditiously remove or disable
access to that material on that resource without vitiating the evidence in any manner. 22

xii. A proviso has been added to Section 81 which states that the provisions of the Act shall
have overriding effect. The proviso states that nothing contained in the Act shall restrict any
person from exercising any right conferred under the Copyright Act, 1957.

Some Indian Case Studies

1. Pune Citibank MphasiS Call Center Fraud

US $ 3, 50,000 from accounts of four US customers were dishonestly transferred to bogus

accounts. This will give a lot of ammunition to those lobbying against outsourcing in US. Such
cases happen all over the world but when it happens in India it are a serious matter and we
cannot ignore it. It is a case of sourcing engineering. Some employees gained the confidence of
the customer and obtained their PIN numbers to commit fraud. They got these under the guise
of helping the customers out of difficult situations. Highest security prevails in the call centers
in India as they know that they will lose their business. There was not as much of breach of
security but of sourcing engineering.

The call center employees are checked when they go in and out so they cannot copy down
numbers and therefore they could not have noted these down. They must have remembered
these numbers, gone out immediately to a cyber café and accessed the Citibank accounts of the
customers.

All accounts were opened in Pune and the customers complained that the money from their
accounts was transferred to Pune accounts and that’s how the criminals were traced. Police has
been able to prove the honesty of the call center and has frozen the accounts where the money
was transferred.
There is need for a strict background check of the call center executives. However, best of
background checks can not eliminate the bad elements from coming in and breaching security.
We must still ensure such checks when a person is hired. There is need for a national ID and a
national data base where a name can be referred to. In this case preliminary investigations do
not reveal that the criminals had any crime history. Customer education is very important so
customers do not get taken for a ride. Most banks are guilt of not doing this.

2. Bazee.com case

CEO of Bazee.com was arrested in December 2004 because a CD with objectionable material
was being sold on the website. The CD was also being sold in the markets in Delhi. The Mumbai
city police and the Delhi Police got into action. The CEO was later released on bail. This opened
up the question as to what kind of distinction do we draw between Internet Service Provider
and Content Provider. The burden rests on the accused that he was the Service Provider and
not the Content Provider. It also raises a lot of issues regarding how the police should handle
the cyber crime cases and a lot of education is required.

3. State of Tamil Nadu Vs Suhas Katti

The Case of Suhas Katti is notable for the fact that the conviction was achieved successfully
within a relatively quick time of 7 months from the filing of the FIR. Considering that similar
cases have been pending in other states for a much longer time, the efficient handling of the
case which happened to be the first case of the Chennai Cyber Crime Cell going to trial deserves
a special mention.

The case related to posting of obscene, defamatory and annoying message about a divorcee
woman in the yahoo message group. E-Mails were also forwarded to the victim for information
by the accused through a false e-mail account opened by him in the name of the victim. The
posting of the message resulted in annoying phone calls to the lady in the belief that she was
soliciting.
Based on a complaint made by the victim in February 2004, the Police traced the accused to
Mumbai and arrested him within the next few days. The accused was a known family friend of
the victim and was reportedly interested in marrying her. She however married another person.
This marriage later ended in divorce and the accused started contacting her once again. On her
reluctance to marry him, the accused took up the harassment through the Internet.

On 24-3-2004 Charge Sheet was filed u/s 67 of IT Act 2000, 469 and 509 IPC before The Hon’ble
Addl. CMM Egmore by citing 18 witnesses and 34 documents and material objects. The same
was taken on file in C.C.NO.4680/2004. On the prosecution side 12 witnesses were examined
and entire documents were marked as Exhibits.

The Defense argued that the offending mails would have been given either by ex-husband of
the complainant or the complainant herself to implicate the accused as accused alleged to have
turned down the request of the complainant to marry her.

Further the Defense counsel argued that some of the documentary evidence was not
sustainable under Section 65 B of the Indian Evidence Act. However, the court relied upon the
expert witnesses and other evidence produced before it, including the witnesses of the Cyber
Cafe owners and came to the conclusion that the crime was conclusively proved.

Ld. Additional Chief Metropolitan Magistrate, Egmore, delivered the judgment on 5-11-04 as
follows:

“ The accused is found guilty of offences under section 469, 509 IPC and 67 of IT Act 2000 and
the accused is convicted and is sentenced for the offence to undergo RI for 2 years under 469
IPC and to pay fine of Rs.500/-and for the offence u/s 509 IPC sentenced to undergo 1 year
Simple imprisonment and to pay fine of Rs.500/- and for the offence u/s 67 of IT Act 2000 to
undergo RI for 2 years and to pay fine of Rs.4000/- All sentences to run concurrently.”
The accused paid fine amount and he was lodged at Central Prison, Chennai. This is considered
as the first case convicted under section 67 of Information Technology Act 2000 in India.

What Cyber Laws Might Teach?

The purpose of studying cyber laws is crucial from today’s perspective, as technology has
become part of our everyday existence. Study of cyber laws would provide:

(a) Sense of Security

The study of cyber law provides a sense of security to the learner. It brings in a level of
confidence in the sense that it would make the learner knowledgeable about what are his rights
in cyberspace and would become aware of what constitutes a wrongful behavior. Further, he
would become aware of the legal remedies available to him in case of violation of his rights in
cyberspace. It would help the learner to appreciate technology as a law abiding citizen.

(b) Global Recognition

Cyber law is a common usage term in the legal parlance. It includes legislations such as:
Information Technology law, Computer law, Internet law, E-commerce law, E-transactions law,
Digital signature law, Electronic Signature law etc.

Irrespective of the nationality of cyber law legislation(s) presently available in the world, the
fact is that all such legislations are based on mother law, i.e., The United Nations Commission
on International Trade Law (UNCITRAL) Model Law on E-commerce, 1996. It makes Cyber law
education scalable, globally. In other words, knowledge of cyber laws of one country would
help in understanding similar laws elsewhere.

Value Addition

To a learner, knowledge of cyber laws would be a value addition, irrespective of his professional
qualifications and would certainly help the learner to move up on the value chain. Cyber law
education does not call for any specialized knowledge either in law or technology. It is a
valuable resource to meet challenges and explore opportunities in the global village. Learning
about cyber laws is an opportunity to be in sync with the present day world. Many believe that
cyberspace simply cannot be regulated.

They argue that behavior in cyberspace is beyond government’s reach. The anonymity and
multi-jurisdictionality of cyberspace makes control by government in cyberspace impossible.
This belief about cyberspace is wrong. It is wrong to assume that its architecture cannot be
changed or that government cannot take steps to change this architecture.

X-------------------X