Criminal Activity in the Information Society and the IT Act

IntroductionA crime is an act or the commission of an act which is forbidden by law or the
omission of a duty that is commanded by public law which leaves the offender liable to
criminal proceedings and penal consequences. It is a wrong that is against the entire society at
large.
Crimes are not new to arena of life. Wherever the power of human grows, in
whichever field there is human development, there are crimes there. The field of computers
and the Internet is clearly not an exception to this. The invention of computers bought a
revolution in the world. In 1837, Charles Babbage was the first man to conceptualize and
design a fully programmable computer. With the earliest computers in 1944 like Harvard
Mark 1 that were room big in size with air conditioning compulsory and were used mainly
for calculation, now we have computers that are portable, popularly known as laptops,
which can be used for far more applications and not are not just used as calculators. The
computer technology has certainly changed our lifestyle and now many people are even of
the opinion that day to day activities could not have been so easily done without the use of
these systems around us. The connectivity of these systems to a common network is like a
cherry on the top. The origins of this common network widely known as the Internet can be
traced back to the research commissioned by the United States government in the 1960s to
build communication via computer networks. The funding by the National Science
Foundation in the 1980s and many other private funding led to worldwide participation in
the development of network technologies and the merger of many networks. 1 Known as the
network of networks, the Internet carries an extensive range of information resources and
services, such as the interlinked hypertext document of the World Wide Web (WWW), the
infrastructure to support e-mail, and peer to peer networks and has enabled and accelerated
new forms of human interactions through instant messaging, Internet forums, and social
networking etc.
But as there are two faces of a coin, similarly, something being beneficial to the humanity and
the human society, it has its own repercussions. All the content being digital on the web,
every offender of law out there gets a virtual mask of anonymity on and with its help, he is
1 Available at:http://en.m.wikipedia.org/wiki/Internet, (10-09-2013)

able to achieve his twisted aims. There can be pornographic materials and defamatory
materials put up on the web. Many a times, intellectual property rights of a person are
suffered due to the unauthorised circulation of his work. In addition to this, we are also
familiar with the concept of fraud, whether it is an identity fraud or financial fraud.
This technological advancement is so powerful that it touches upon the life of everyone who
is related to it directly or indirectly. What is so special about this advancement is that it has
changed the world into a room where there are no virtual boundaries and the distance
between people is merely nothing. And so, the Information Technology has become an
advantage to the human community but this paradigm shift has also reflected in the area of
crime. There are a lot of positive features but there is a wide spectrum of negatives which is a
cause of worry because the negative facets are efficiently utilized by the criminal minds for
committing crimes in the information society called the Cyber Crimes.

Crimes related to computers or cyber crimes can be classified into three major categories.
These are:
1. Content related crime like child pornography and criminal copyright infringement
2. Conventional crimes committed with the help of a computer system for example using
a computer for forging documents or to cheat someone.
3. Attacks on computers and computer systems like hacking etc.
The first category i.e. content related crimes involve material that may lead to civil disputes
such as defamation and copyright infringement. Though, illegal content such as pornography
usually amounts to criminal offence and the third kind also come under the ambit of cyber
crimes.
Backdrop to the Information Technology Act, 2000
Mid 90s saw an impetus in globalization and computerisation, with more and more nations
computerizing their governance, and e-commerce seeing an enormous growth. Until then,
most of international trade and transactions were done through documents being transmitted
through post and or by telex only. Evidences and records, until then, were predominantly
paper evidences and paper records or other forms of hard-copies only. To keep pace with the
changing times due to much of international trade being done through electronic
communication and with email gaining momentum, an urgent need was felt for recognizing

electronic records i.e. the data what is stored in a computer or an external storage attached
thereto.
The United Nations Commission on International Trade Law (UNCITRAL) adopted the
Model Law on e-commerce in 1996. The General Assembly of United Nations passed a
resolution in January 1997 inter alia, recommending all States in the UN to give favourable
considerations to the said Model Law, which provides for recognition to electronic records
and according it the same treatment like a paper communication and record.2
Aims and objectives of the Act:
The Information Technology Act, 2000 (No.21 of 2000) got Presidential assent on 9 June,
2000 and its aim in the Gazette of India was published as:
...to provide legal recognition for transactions carried out by means of electronic data
interchange and other means of electronic communication, commonly referred to as
"electronic commerce", which involve the use of alternatives to paper-based methods
of communication and storage of information, to facilitate electronic filing of
documents with the Government agencies and further to amend the Indian Penal
Code, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the
Reserve Bank of India Act, 1934 and for matters connected therewith or incidental
thereto.
The Act essentially dealt with the following issues:
a)
b)
c)
d)

Legal Recognition of Electronic Documents

Legal Recognition of Digital Signatures
Offenses and Contraventions
Justice Dispensation Systems for cyber crimes.

A few types of modern cyber crimes are as follows:

2 Chapter 19 on Cyber Laws from an E-book available
at:http://www.iibf.org.in/documents/Cyber-Laws-chapter-in-Legal-Aspects-Book.pdf

a. Hacking
With an intention act of breaking into a computer system with the objective of
stealing data that can be use for purposes of identity theft, the gaining of unauthorized
access to data stored in computer systems is called Hacking.3
b. BOTS and BOTNETS
BOTS are programs installed covertly on a users system which allows the attacker to
remotely control the targeted computer through a communication channel such as
Internet Relay Chat (IRC), Peer-to-Peer (P2P), or Hyper Text Transfer Protocol
(HTTP). These communication channels allow the attacker to control a large number
of compromised computers in a single channel in a BOTNET (an abbreviation for
Robot Networks).
c. Key Loggers
Keylogger is a software program or a device designed to secretly monitor and log all
keystrokes. The keylogger software /device scan computers and their processes and
data the moment a person strikes a key on the keyboard. This information is
immediately carried over to an external controller.
d. Website Defacement
Website Defacement is usually carried out by the substitution of the home page of a
site by a system cracker that breaks into a web server and alerts the hosted website
creating one of its own. The hacker usually replaces the site matter with his own
message or completely destroys the sites content.
e. Malware Viruses
Malware is another term for viruses introduced into a computer system.
f. Distributed Denial-of-Service (DDOS) Attacks
A DOS (Denial of Service) is an attempt to prevent users from accessing a specific
computer resource such as a website. A DDOS involves overwhelming the targeted
computer with requests so that it is no longer able to communicate with its intended
users.
g. Phishing
Phishing is a criminally fraudulent process masquerading as a trustworthy entity in an
electronic communication in order to trick people into disclosing sensitive
information such as username, password and credit card details.
h. Vishing
The term vishing is basically coined from the words voice and phishing, it is the
criminal practice of using voice over phone system to gain access to details about

3 Aparna Viswanathan, Cyber Law Indian Perspectives and International

Perspectives, p. 89 (Lexis Nexis Butterworth Wadhwa Nagpur)

account numbers, PIN, date of birth and expiry date of credit card holders and using it
for fraudulent activities.
i. Phreaking
The word Phreaking is a combination of the two words phone and freak.
Phreaking refers to people who tamper with systems of telecommunications such as
the public telephone networks and the various phone system audio frequencies.
j. Identity Theft
Identity theft involves pretending to be someone else in order to steal money or get
other benefits. The identity of another individual is impersonated in order to commit
credit card fraud, create false profiles at network sites and operates false email
identities.4
Damage to Computer System
One of the central operating provisions of the IT Act, 2000, is contained in Section 43,
entitled Penalties and Compensation for Damage to Computer, Computer System. Section
43 contains a long list of offences. Prior to the Amendment Act of 2009, a person who
committed any of these offences was liable to pay damages by way of compensation to the
person affected which was capped in the amount of Rs. 10 million cap on compensation and
the list of offences has been amended.5
Section 43: Penalty for damage to computer, computer system, etc.
If any person without permission of the owner or any other person who is in charge of
a computer, computer system or computer network,
(a) accesses or secures access to such computer, computer system or computer
network;
The amendment Act of 2009 added the term or computer resource in this offence. It should
be noted here that the first offence relates to unauthorized access.
The term access is defined in section 2 as follows:
2 (1) (a) "access" with its grammatical variations and cognate expressions means
gaining entry into, instructing or communicating with the logical, arithmetical, or
memory function resources of a computer, computer system or computer network;
4 Aparna Viswanathan, Cyber Law Indian Perspectives and International
Perspectives, p. 90 (Lexis Nexis Butterworth Wadhwa Nagpur)
5 Aparna Viswanathan, Cyber Law Indian Perspectives and International Perspectives,
p. 91 (Lexis Nexis Butterworth Wadhwa Nagpur)

The term computer system is defined as follows:

2 (1) (l) "computer system" means a device or collection of devices, including input
and output support devices and excluding calculators which are not programmable
and capable of being used in conjunction with external files, which contain computer
programmes, electronic instructions, input data and output data, that performs logic,
arithmetic, data storage and retrieval, communication control and other functions;
The term computer network is defined in section 2 (1) (j) as follows:
2 (1) (j) computer network means the interconnection of one or more computers or
computer systems or communication devices through
(i)
the use of satellite, microwave, terrestrial line, wire, wireless or other
(ii)

communication media; and

Terminals or a complex consisting of two or more inter-connected computers
or communication device whether or not the inter-connection is continuously
maintained.

Prior to the Amendment Act of 2009, this definition did not contain a specific reference to
wire and wireless.
Among the other offences enlisted in Section 43 of the IT Act, 2000, the 2009 Amendments
have introduced the following two offences (i) and (j):
(i) Destroys, deletes or alters any information residing in a computer resource or
diminishes its value or utility or affects it injuriously by any means;
(j) steal, conceals, destroys or alters or causes any person to steal, conceal. Destroy or
alter any computer source code used for a computer resource with an intention to cause
damage
However, the last offence surprisingly creates a civil and not a criminal offence, as it includes
mens rea i.e. intention to cause damage which is an element of criminal offence and not a
civil offence. This point here reveals the poor drafting of this section which can certainly be
re-drafted again in future.6
Other offences enlisted in Section 43 are as follows:

6 Aparna Viswanathan, Cyber Law Indian Perspectives and International

Perspectives, p. 35 (Lexis Nexis Butterworth Wadhwa Nagpur)

(b) downloads, copies or extracts any data, computer data base or information from
such computer, computer system or computer network including information or data
held or stored in any removable storage medium;
(c) introduces or causes to be introduced any computer contaminant or computer virus
into any computer, computer system or computer network;
(d) damages or causes to be damaged any computer, computer system or computer
network, data, computer data base or any other programmes residing in such
computer, computer system or computer network;
(e) disrupts or causes disruption of any computer, computer system or computer
network;
(f) denies or causes the denial of access to any person authorised to access any
computer, computer system or computer network by any means;
(g) provides any assistance to any person to facilitate access to a computer, computer
system or computer network in contravention of the provisions of this Act, rules or
regulations made thereunder;
(h) charges the services availed of by a person to the account of another person by
tampering with or manipulating any computer, computer system, or computer
network,

If any of the above acts mentioned in Section 43 are done dishonestly or fraudulently,
a person may be punished with imprisonment for a term of three years and/or a fine
upto 5 lakh rupees.7
Section 66 of the Act defined the offence of hacking and provided a penalty of imprisonment
and fine. Under the amended Act, section 66 no longer refers to hacking, but instead relates to
computer related offences and sets forth a series of new offences designed to thwart the
growing menace of cyber crime. Furthermore, the explanation attached to this section
declares that concepts of dishonestly and fraudulently are to be interpreted in the same
manner as in the Indian Penal Code.

The amended section 66 provides:

7 Information Technology Amendment Act, 2009, s. 66

S 66: Computer related offences.If any person, dishonestly or fraudulently, does any act referred to in section 43, he
shall pe punished with imprisonment for a term which may extend to three years or
with fine which may extend to five lakh rupees or with both.
Explanation.- For the purposes of this section,(a) The word dishonestly shall have the meaning assigned to it in the section 24
of the Indian Penal Code (45 of 1860);
(b) The word fraudulently shall have the meaning assigned to it in the section 25
of the Indian Penal Code (45 of 1860);
Section 66 before the Amendment Act was as follows:
S 66. Hacking with computer system.
(1) Whoever with the intent to cause or knowing that he is likely to cause wrongful
loss or damage to the public or any person destroys or deletes or alters any
information residing in a computer resource or diminishes its value or utility or affects
it injuriously by any means, commits hack:
(2) Whoever commits hacking shall be punished with imprisonment up to three years,
or with fine which may extend upto two lakh rupees, or with both.8
There was considerable opposition raised due to the deletion of the word hacking since it
was felt that there was no rationale in deleting the offence of hacking under section 66 as the
provisions before the suggested amendment had been wide enough to fight newly emerging
kinds of cyber crimes. Hence, its deletion would affect the capacity of the law enforcing
agencies to bring the offenders under the violation of the IT Act.
To this, the Department of Information Technology (DIT) expressed the view that the term
hacking was a colloquial term and that its ambit might change with the changing times.
They further submitted that all the features of hacking were adequately covered in the
amended section 43. It was said that section 66 was amended this way on the grounds that
section 66 seemed to be a criminal offence. But however, sections 43 and 66 were being

8 Information Technology Act, 2000

mapped together and section 43 was to be of the nature of a civil offence. So for the sake of
seamless mapping of sections 43 and 66, the term hacking was deleted.9
New Offences
The Information Technology (Amendment) Act, 2009 introduced certain new offences in
sections 66A to 66F:
i.
ii.
iii.
iv.
v.
vi.

Sending offensive message through communication service etc.

Dishonestly receiving stolen computer resources or communication device
Identity theft
Cheating by personation by using computer resource
Violation of privacy
Cyber terrorism

In the following paragraphs, we will go through the sections that cover the above mentioned
points one by one each.
Section 66 A imposes criminal penalties and fine on a person who sends information that
comes under the following categories:
1. Information that is grossly offensive or has a menacing character
2. Information which the offender knows to be false but for purpose of annoyance,
inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity,
hatred or ill will, persistently by making use of such computer resource or
communication device, or
3. Any electronic mail or or electronic message for purpose of causing annoyance or
inconvenience or to deceive or to mislead the addressee or recipient about the origin
of such message.
The last point here is intended to include phishing where the offender pretends to be
someone else. However, impersonating or phishing is covered independently in section 66C
later.
S 66 A Punishment for sending offensive messages through communication
service, etc.-

9 Aparna Viswanathan, Cyber Law Indian Perspectives and International Perspectives,

p. 94 (Lexis Nexis Butterworth Wadhwa Nagpur)

Any person who sends, by means of a computer resource or a communication device.a) any information that is grossly offensive or has menacing character; or
b) any information which he knows to be false, but for the purpose of causing
annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation,
enmity, hatred, or ill will, persistently makes by making use of such computer
resource

or

communication

device,

c) any electronic mail or electronic mail message for the purpose of causing
annoyance or inconvenience or to deceive or to mislead the addressee or recipient
about the origin of such messages, shall be punishable with imprisonment for a term
which may extend to two three years and with fine.
Explanation: For the purposes of this section, terms "Electronic mail" and
"Electronic Mail Message" means a message or information created or transmitted or
received on a computer, computer system, computer resource or communication
device including attachments in text, image, audio, video and any other electronic
record, which may be transmitted with the message
Section 66 B imposes criminal penalties on a person who deliberately receives or retains any
stolen computer resource or communication device knowing or having reason to believe such
computer resource or communication device to be stolen. This section says that such a person
shall be punishable with imprisonment up to three years or with a monetary fine up to
Rs. 100, 000 or both.

S 66B. Punishment for dishonestly receiving stolen computer resource or

communication device.Whoever dishonestly receives or retains any stolen computer resource or
communication device knowing or having reason to believe the same to be stolen
computer resource or communication device, shall be punished with imprisonment of
either description for a term which may extend to three years or with fine which may
extend to rupees one lakh or with both.

The crime of identity theft has been dealt with in the IT Act for the first time in the section 66
C which applies to a person who fraudulently or dishonestly uses the electronic signature,

password or any other unique identification feature of another. The offender is liable to be
punished with imprisonment for up to three years and with a fine up to

Rs. 100, 000.

S 66C. Punishment for identity theft.

Whoever, fraudulently or dishonestly make use of the electronic signature, password
or any other unique identification feature of any other person, shall be punished with
imprisonment of either description for a term which may extend to three years and
shall also be liable to fine which may extend to rupees one lakh.

The infamous crime of impersonation or phishing was first dealt with in the section 66 D in
the ITAA and the offender is subject to imprisonment up to three years or fine up to Rs.
100,000.
S 66D. Punishment for cheating by personation by using computer resource
Whoever, by means of any communication device or computer resource cheats by
personation, shall be punished with imprisonment of either description for a term
which may extend to three years and shall also be liable to fine which may extend to
one lakh rupees.

The next offence covered in section 66 E is intended to curb the growing peril of electronic
publication of sexually explicit material. The infamous case of Bazee.com can be cited as an
example here where a student took photograph with his cell phone of himself and another
female student in a compromising position. This photograph was subsequently circulated
amongst other students and published on the Internet. Section 66 E is an attempt to prevent
such incidents from taking place in the future. The offender under this section shall be
punished with imprisonment up to three years and/or fine of Rs. 200, 000. The terms used in
the section have all been defined separately in the Explanation given to the section. The
phrase under circumstances violating privacy refers to the circumstances in which a person
can have a reasonable expectation that:
i.

He or she could disrobe in privacy, without being concerned that an image of his

ii.

private parts was being captured, or

Any part of his or her would not be visible to the public, regardless of whether
that person is in a public or private place.

S 66 E. Punishment for violation of privacy.Whoever, intentionally or knowingly captures, publishes or transmits the image of a
private area of any person without his or her consent, under circumstances violating the
privacy of that person, shall be punished with imprisonment which may extend to three
years or with fine not exceeding two lakh rupees, or with both
Explanation For the purposes of this section
(a) transmit means to electronically send a visual image with the intent that it be
viewed by a person or persons;
(b) capture, with respect to an image, means to videotape, photograph, film or record
by any means;
(c) private area means the naked or undergarment clad genitals, pubic area, buttocks or
female breast;
(d) publishes means reproduction in the printed or electronic form and making it
available for public;
(e) under circumstances violating privacy means circumstances in which a person can
have a reasonable expectation that
(i) he or she could disrobe in privacy, without being concerned that an image of his
private area was being captured; or
(ii) any part of his or her private area would not be visible to the public, regardless of
whether that person is in a public or private place.

The Amendment Act of 2009 has created a new offence regarding cyber terrorism which is
punishable with life imprisonment.10
S 66F. Punishment for cyber terrorism.(1) Whoever,(A) with intent to threaten the unity, integrity, security or sovereignty of India or to
strike terror in the people or any section of the people by

10 ITAA, 2009

(i) denying or cause the denial of access to any person authorized to access computer
resource; or
(ii) attempting to penetrate or access a computer resource without authorisation or
exceeding authorized access; or

(iii) introducing or causing to introduce any Computer Contaminant and by means of

such conduct causes or is likely to cause death or injuries to persons or damage to or
destruction of property or disrupts or knowing that it is likely to cause damage or
disruption of supplies or services essential to the life of the community or adversely
affect the critical information infrastructure specified under section 70, or
(B) knowingly or intentionally penetrates or accesses a computer resource without
authorization or exceeding authorized access, and by means of such conduct obtains
access to information, data or computer database that is restricted for reasons of the
security of the State or foreign relations; or any restricted information, data or
computer database, with reasons to believe that such information, data or computer
database so obtained may be used to cause or likely to cause injury to the interests of
the sovereignty and integrity of India, the security of the State, friendly relations with
foreign States, public order, decency or morality, or in relation to contempt of court,
defamation or incitement to an offence, or to the advantage of any foreign nation,
group of individuals or otherwise, commits the offence of cyber terrorism.

(2) Whoever commits or conspires to commit cyber terrorism shall be punishable with
imprisonment which may extend to imprisonment for life.

Obscenity and Child Pornography

Section 67 deals with publishing or transmitting obscene material in electronic form. The
earlier Section in ITA was later widened as per ITAA 2008 in which child pornography and
retention of records by intermediaries were all included.

Publishing or transmitting obscene material in electronic form is dealt with here. Whoever
publishes or transmits any material which is lascivious or appeals to the prurient interest or if
its effect is such as to tend to deprave and corrupt persons who are likely to read the matter
contained in it, shall be punished with first conviction for a term upto three years and fine of
five lakh rupees and in second conviction for a term of five years and fine of ten lakh rupees
or both.
This Section is of historical importance since the landmark judgement in what is considered
to be the first ever conviction under I.T. Act 2000 in India, was obtained in this Section in the
famous case State of Tamil Nadu v Suhas Katti on 5 November 2004. The strength of the
Section and the reliability of electronic evidences were proved by the prosecution and
conviction was brought about in this case, involving sending obscene message in the name of
a married women amounting to cyber stalking, email spoofing and the criminal activity stated
in this Section.11
The amendment act has inserted section 67-A in the Act to punish the publication or
transmission of material containing sexually explicit acts in the electronic form.12
This section providesS 67A. Punishment for publishing or transmitting of material containing sexually
explicit act, etc. in electronic form.
Whoever publishes or transmits or causes to be published or transmitted in the
electronic form any material which contains sexually explicit act or conduct shall be
punished on first conviction with imprisonment of either description for a term which
may extend to five years and with fine which may extend to ten lakh rupees and in the
event of second or subsequent conviction with imprisonment of either description for
a term which may extend to seven years and also with fine which may extend to ten
lakh rupees.

11 Chapter 19 on Cyber Laws from an E-book available

at:http://www.iibf.org.in/documents/Cyber-Laws-chapter-in-Legal-Aspects-Book.pdf

12 The Standing Committee on Information Technology, (2007-2008), 50 th Report,

para 24, p.56

The new section does not mention either the word pornography or child pornography. The
department of Information Technology was of the opinion that the word pornography which
has been mentioned in the Act will include child pornography but the Committee took a
contrary view.13
The standing committee stated that there should not be room for assumptions and
presumptions and when a fresh amendment is being introduced, the subject has to be made as
clear as possible.12
The Act, as amended, has retained the provisions in section 67 which impose punishment for
publishing in electronic form any material that is obscene. However, the punishment has been
amended. Prior to the 2009 amendments, on the first conviction, the punishment was
imprisonment up to 5 years and Rs. 100, 000 penalty. This has been changed to imprisonment
up to 3 years and Rs. 500, 000 penalties. Formerly, the punishment upon the second
conviction and the subsequent conviction was up to 10 years imprisonment and penalty of Rs.
200, 000. Now the imprisonment is up to 5 years and a penalty of Rs. 10, 00, 000.
Another new offence designed to combat child pornography s section 67 B which imposes
punishment for publishing material depicting children in a sexually explicit act.
The section providesS 67B. Punishment for publishing or transmitting of material depicting children
in sexually explicit act, etc. in electronic form.Whoever,(a) publishes or transmits or causes to be published or transmitted material in any
electronic form which depicts children engaged in sexually explicit act or conduct or
(b) creates text or digital images, collects, seeks, browses, downloads, advertises,
promotes, exchanges or distributes material in any electronic form depicting children
in obscene or indecent or sexually explicit manner or

13 Ibid.

(c) cultivates, entices or induces children to online relationship with one or more
children for and on sexually explicit act or in a manner that may offend a reasonable
adult on the computer resource or

(d) facilitates abusing children online or

(e) records in any electronic form own abuse or that of others pertaining to sexually
explicit act with children, shall be punished on first conviction with imprisonment of
either description for a term which may extend to five years and with a fine which
may extend to ten lakh rupees and in the event of second or subsequent conviction
with imprisonment of either description for a term which may extend to seven years
and also with fine which may extend to ten lakh rupees:

Provided that the provisions of section 67, section 67A and this section does not
extend to any book, pamphlet, paper, writing, drawing, painting, representation or
figure in electronic form(i) The publication of which is proved to be justified as being for the public good on
the ground that such book, pamphlet, paper writing, drawing, painting, representation
or figure is in the interest of science, literature, art or learning or other objects of
general concern; or

(ii) which is kept or used for bonafide heritage or religious purposes

Explanation: For the purposes of this section, "children" means a person who has not
completed the age of 18 years.
Case laws in India
Pune Citibank Mphasis Call Center Fraud

It was a case of sourcing engineering. US $ 3,50,000 from City bank accounts of four US
customers were dishonestly transferred to bogus accounts in Pune, through internet. Some
employees of a call centre gained the confidence of the US customers and obtained their PIN
numbers under the guise of helping the customers to help them out in difficult situations.
Later they used these numbers to commit fraud. Highest security prevails in the call centers in
India as they know that they will lose their business. The call center employees are checked
when they go in and out so they cannot copy down numbers and therefore they could not
have noted these down. They must have remembered these numbers, gone out immediately to
a cyber caf and accessed the Citibank accounts of the customers. All accounts were opened
in Pune and the customers complained that the money from their accounts was transferred to
Pune accounts and thats how the criminals were traced. Police has been able to prove the
honesty of the call center and has frozen the accounts where the money was transferred.
Another famous case was that of State of Tamil Nadu v Suhas Katti which was related to
posting of obscene, defamatory and annoying message about a divorcee woman in the yahoo
message group. E-Mails were also forwarded to the victim for information by the accused
through a false e-mail account opened by him in the name of the victim. The posting of the
message resulted in annoying phone calls to the lady in the belief that she was soliciting.
Based on a complaint made by the victim in February 2004, the Police traced the accused to
Mumbai and arrested him within the next few days. The accused was a known family friend
of the victim and was reportedly interested in marrying her. She however married another
person.
This marriage later ended in divorce and the accused started contacting her once again. On
her reluctance to marry him, the accused took up the harassment through the Internet.
On the prosecution side 12 witnesses were examined and entire documents were marked as
Exhibits. The court relied upon the expert witnesses and other evidence produced before it,
including witnesses of the Cyber Cafe owners and came to the conclusion that the crime was
conclusively proved and convicted the accused. This is considered as the first case in Tamil
Nadu in which the offender was convicted under section 67 of Information Technology Act
2000 in India.
In this case of SMC Pneumatics (India) Pvt. Ltd. v Jogesh Kwatra, the defendant Jogesh
Kwatra being an employee of the plaintiff company started sending derogatory, defamatory,
obscene, vulgar, filthy and abusive emails to his employers as also to different subsidiaries of

the said company all over the world with the aim to defame the company and its Managing
Director Mr. R K Malhotra. The plaintiff filed a suit for permanent injunction restraining the
defendant from sending derogatory emails to the plaintiff. The plaintiff contended that the
emails sent by the defendant were distinctly obscene, vulgar, abusive, intimidating,
humiliating and defamatory in nature and the aim of sending the said emails was to malign
the high reputation of the plaintiffs all over India and the world.
The Delhi High Court restrained the defendant from sending derogatory, defamatory,
obscene, vulgar, humiliating and abusive emails either to the plaintiffs or to its sister
subsidiaries all over the world including their Managing Directors and their Sales and
Marketing departments. Further, Hon'ble Judge also restrained the defendant from publishing,
transmitting or causing to be published any information in the actual world as also in
cyberspace which is derogatory or defamatory or abusive of the plaintiffs. This order of Delhi
High Court assumes tremendous significance as this is for the first time that an Indian Court
assumes jurisdiction in a matter concerning cyber defamation and grants an injunction
restraining the defendant from defaming the plaintiffs by sending defamatory emails.14
Bazee.com case
In this case, CEO of Baazee.com was arrested in December 2004 because a CD with
objectionable material was being sold on the website. The CD was also being sold in the
markets in Delhi. The Mumbai city police and the Delhi Police got into action. The CEO was
later released on bail. This opened up the question as to what kind of distinction do we draw
between Internet Service Provider and Content Provider. The burden rests on the accused that
he was the Service Provider and not the Content Provider. It also raises a lot of issues
regarding how the police should handle the cyber crime cases and a lot of education is
required.15
Online Defamation
Defamation occurs when one publishes, or makes public, a statement which damages a
persons reputation and tends to lower him in the estimation of right-thinking members of the
14 Article prepared by Dr.A. Prasanna, Associate Fellow IMG ,Thiruvananthapuram.Available at:
http://www.img.kerala.gov.in/docs/downloads/cyber%20crimes.pdf

15 Available at:http://www.cyberlawclinic.org/casestudy.asp, (20-09-13)

society. Defamatory statements are very common. It is a fact that people like too gossip. But
these that are exchanged in a light way are fine; they stay in the air for a second and then they
go away. But actionable defamation is the type of defamatory statement which causes an
action to end up before a judge, and is worlds away from what we call gossip. These are
basically statements published in the press or broadcasted on television radio.16
Defamation is defined as an intentional false communication, either published or publicly
spoken, that injures anothers reputation or good name17
Defamation is a personal wrong. It includes the common law torts of libel (involving written
or printed statements) and slander (involving oral statements). The only difference in online
defamation is that here it occurs when the defamatory imputation is published in electronic
form, rest everything remains the same.18
The process leading to defamation starts with publication. Publication occurs when the
contents of the publication, oral, spoken or written are seen or overheard, and comprehended
by the reader or hearer. As far as the plaintiff is concerned, the process of publication is
complete when the communication reaches him.
Another important thing is the mode in which the publication was made. It is important
whether it is audio video, textual or multimedia. Internet publishing is in electronic form.
Where publication has occurred, it is not easy to define the area of jurisdiction because the
defamatory statement he has posted can be accessed anywhere in the world. But in case of
Internet, if the plaintiff makes it a matter of reasonable inference that the publication was
accessible in the said jurisdiction.
Depending upon its functional attributes, an Internet Service Provider may act as an
information distributor (carrier) or information publisher. An information distributor acts
16 Andrew Murray, Information Technology Law The Law and the Society, p.
135 (Oxford University Press)
17 Blacks Law Dictionary
18 Vakul Sharma, Information Technology Law and Practice Cyber Law and Ecommerce, page 306 (Universaal Law Publishing Co. Pvt. Ltd.)

as a carrier of information transmitting the said electronic message. As information

publisher, the function is not just publishing but to transmit the information and take
reasonable care regarding the said publication. So, it is important to look into the cases,
where the court has identified ISPs as either information distributors or information
publishers.19
In India, the issue of defamation has been so far dealt with under the provision of the Indian
Penal Code in section 499-502.
The key ingredients in this are:
1. Making or publishing any imputation concerning any person
2. Such reputation must have been made by
a. Words, either spoken or intended to be read; or
b. Signs; or
c. Visible representations
3. Such imputation must have been made with the intention of harming or with
knowledge or reason to believe that it will harm the reputation of the person for whom
it is made.20
The code highlights that the alleged defamatory material must be published. In the case of
Bennett Coleman v Union of India21 , the Supreme Court held that communicating
defamatory statements only to the person defamed is not publication.

19 Id. p.310
20 Ratanlal and Dhirajlal, The Indian Penal Code, p. 686, 28th Edn.
21 (1972) 2 SCC788

It is worth noting that the English and Indian position on the concept of words spoken is
different. English law recognizes it as a mode of defamation but Indian law does not. This
was held in the case of Balraj Khanna v Moti Ram22 by the SC.
By saying that defamation could happen by means of signs or visible representations, the
Code has included every possible form of defamation, including the one in electronic form.23

As we have ITA and ITAA in India, in many other nations, there are many legislations
governing e-commerce and cyber crimes going into all the facets of cyber crimes. Data
Communication, storage, child pornography, electronic records and data privacy have all
been addressed in separate Acts and Rules giving thrust in the particular area focused in the
Act.
In the US, they have the Health Insurance Portability and Accountability Act popularly
known as HIPAA which inter alia, regulates all health and insurance related records, their
upkeep and maintenance and the issues of privacy and confidentiality involved in such
records.
Companies dealing with US firms ensure HIPAA compliance insofar as the data relating to
such corporate are handled by them. The Sarbanes-Oxley Act (SOX) signed into law in 2002
and named after its authors Senator Paul Sarbanes and Representative Paul Oxley, mandated
a number of reforms to enhance corporate responsibility, enhance financial disclosures, and
combat corporate and accounting fraud. Besides, there are a number of laws in the US both at
the federal level and at different states level like the Cable Communications Policy Act,
Childrens Internet Protection Act, Childrens Online Privacy Protection Act etc.
In the UK, the Data Protection Act and the Privacy and Electronic Communications
Regulations etc are all regulatory legislations already existing in the area of information
security and cyber crime prevention, besides cyber crime law passed recently in August
2011.24
22 AIR 1971 SC 1389
23 Vakul Sharma, Information Technology Law and Practice Cyber Law and Ecommerce, pages 315-317 (Universaal Law Publishing Co. Pvt. Ltd.)
24 Chapter 19 on Cyber Laws from an E-book available
at:http://www.iibf.org.in/documents/Cyber-Laws-chapter-in-Legal-Aspects-Book.pdf

There is a constant rise in cyber crime in India and experts hold the toothless IT Act
responsible for this problem.
A Supreme Court lawyer and a leading cyber law expert, Pavan Duggal said "The IT Act has
not at all been effective in checking cyber crime. In fact, it is a toothless wonder in the fight
against cyber crime," He further said "A historical mistake was made when the IT
(Amendment) Act, 2008, made almost all cyber crimes, barring a couple, bailable offences.
The focus is more on enhancing the quantum of civil liability and reducing the quantum of
punishment, which explains the reason why the number of cyber crime convictions in the
country is in single digits,"
The government had enacted the original IT legislation in 2000. The IT (Amendment) Act
came into force in 2009 and though it aimed at facilitating e-governance, preventing cyber
crime and fostering security practices within the country, most of the experts in this field and
even the techno-legal fields feel that this Act needs restructuring and re-drafting.25
According to a news report published in the Indian Express recently on 11 th September 2013,
very soon Bangalore famously known as the IT hub of India will have a central
cybercrime laboratory to increase conviction rates of these cyber criminals in the state. Also,
six new police stations are also set up. According to the report, this should be done in next
two months. The laboratory will be helping the Police track down and identify Internet
Protocol (IP) addresses and with that knowledge it will be easier to track down cyber
criminals red handed.
These measures taken by the government are going to be very helpful in cracking
most cases at their nascent level although in my opinion, there are a lot more loopholes in this
Act that claims to govern the e-laws in our country. Firstly, the punishment for committing
cyber crimes should be increased so as to set out precedents so as to discourage the criminal
minds from committing these crimes. Further, these days mobile banking and mobile net
surfing are on the rise and thus we should have more laws governing these aspects. With the
need to cover new crimes under the ambit of this Act, there are many other crimes that have
25 An article in the DNA by Haris Zargar, available
at:http://www.dnaindia.com/scitech/1818328/report-india-s-information-technology-acthas-not-been-effective-in-checking-cyber-crime-expert

gone unmentioned in the IT Act which is yet to be rectified. The law needs to be made more
rigid and powerful so that its difficult for the offenders to skirt the laws and escape free.
Also, a comprehensive data protection regime needs to be incorporated in the law to make it
more effective and to protect privacy of individuals and institutions.
Lastly, the provisions of law need to be changed with changing and improving
technology. It should be changed in such a way that it is flexible and rigid at the same time so
that it can be used for the needs of the society and the new technological advancements.