INFORMATION TECHNOLOGY LAW

Internal Assessment. I

‘Critical analysis of the laws against cyber-crimes in India’

Faculty In- Charge: Asst Prof. Aditya Kedari

SUBMITTED BY: VAIJAYANTI SHARMA

15010125112
DIV B
B.A LL.B (HONS.)
 TABLE OF CONTENTS

Introduction and background................................................................................................... 3

1. Changing Nature of Crime ............................................................................................. 3

2. What is cyber crime ....................................................................................................... 3

3. Relevance of Cyber Law in India .................................................................................. 4

Cyber laws in india.................................................................................................................... 4

1. Genesis of IT legislation in india ................................................................................... 4

2. Information Technology Act 2000................................................................................. 4

3. Amendment Act 2008 .................................................................................................... 5

AN ANALYSIS OF THE LAW ................................................................................................ 6

1. Landmark Provisions ..................................................................................................... 6

a. Computer.................................................................................................................... 6
b. Digital signature ......................................................................................................... 6
c. e-Governance ............................................................................................................. 6
d. Penalties and Punishment for damage to computers and systems. ............................ 6
e. Corporate Liability for Data Protection ..................................................................... 7
f. Adjudication ............................................................................................................... 7

2. Landmark Cases ............................................................................................................. 8

a. Syed Asifuddin And Ors. vs The State Of Andhra Pradesh ...................................... 8
b. Poona Auto Anillaries Pvt. Ltd., Pune Versus Punjab National Bank, HO New
Delhi & Others ................................................................................................................... 8
f. PIL against Google, Facebook, Yahoo , Microsoft and Whatsapp ............................ 9

CONCLUSION........................................................................................................................ 10

References ............................................................................................................................... 11

Books ................................................................................................................................... 11

Databases ............................................................................................................................. 11

~Information Technology Law~ PAGE| 2

 INTRODUCTION AND BACKGROUND

1. CHANGING NATURE OF CRIME

Technology has overtaken every facet of our lives today. Professional and personal lives, both
have seen a revolution of sorts in the 21st century. Today, the economies and industries are
more reliant on technology as ever and with growing usage of technology for furthering causes
for innovation and development, there comes greater risk for the means to be used as a weapon
to harness potential offences.
The negative side to the coin is lurking anti social and criminal behaviour with a new brand of
law breakers. The rapid transnational expansion of a large scale of computer networks and the
ability to access many systems through regular channels increases the vulnerability of these
systems and the opportunity for criminal activity. The costs of this activity are serious on not
only on an economic level, but also on that of social security1.

2. WHAT IS CYBER CRIME

With no specific definition, the contours of cyber crime can be traced to its method of
commission. The misuse of Information Technology are only increasing and thus a definition
will be an antithesis to its natural being. The conventional definition and types of crime covers
almost all cybercrimes.
Cyber Law , for the sake of generality deals with all aspects of electronic communication and
regulatory nodes of the Internet. It means that anything concern with, related to or any legal
activity of the internet user in the cyber space covered in the cyber law. The IT revolution has
created a digital world, which is the biggest challenge to legal system all over the world.
Paperless contracts, digital signature, online transactions have taken the legal world on the
verge to think about the new challenges, thus internet completely ignore geographical
boundaries. Due to this digital world, the criminals have also get the new ways to commit the
crime, and this new generations crime are known as a cyber crime2.
The changes and development in society has hampered to enact the new laws as like
Information Technology Act , 2000.

1
International Review of Criminal Policy—United Nations Manual on the Prevention and Control of Computer
related crimes www.ifs.univie.ac.at.
2
http://shodhganga.inflibnet.ac.in/bitstream/10603/203654/8/08_chapter%203.pdf
~Information Technology Law~ PAGE| 3
 3. RELEVANCE OF CYBER LAW IN INDIA
With the changing landscape of technology and Globalisation being at its peak, India has not
been behind in terms of adopting technology as a means of encouraging efficiency and growth.
If today Business are funded , persistent , precise and globally connected then so are cyber
criminals.
Today Cybercrime is one of the fastest growing fraud risks in India. With the Technologym,
media and Telecommunication sector being the most affected followed by a dangerous swing
in the financial sector and then spread across the Automation , PSU, Real Estate & Hospitality,
Retail, education, manufacturing and so and so forth3.
An analysis done by a Report by E&Y4 highlighted that incidents highlighted in the listed
surveys were targeted attacks aimed to extract and exploit specific companies and sectors.
Financial motives are at the centre of these crimes and thus leeching to the vulnerability of the
sectors server safety.

CYBER LAWS IN INDIA

1. GENESIS OF IT LEGISLATION IN INDIA

With the economy being open to Global collaboration in 1991 computerisation and e-
commerce witnessed enormous growth in the country. International trade and transactions
including documentation took a leap of faith to online record keeping and email and India was
in urgent need of recognizing this.
The United Nations Commission on International Trade Law (UNICITRAL) adopted the
model law on e-commerce in 1996. Pursuant to the same the resolution by GA in 1997 inter
alia recommended all states in the UN to adopt the model law and give recognition to electronic
records .

2. INFORMATION TECHNOLOGY ACT 2000

The Government enacted the Act in 2000 in the preface of the model law. It gave legal
recognition transactions carried out electronically. It also accordingly amended the Indian

3
The Times of India, ‘Report cyber attacks in 6 hrs: RBI to banks’:
https://www.ey.com/Publication/vwLUAssets/ey-responding-to-cybercrime-incidents-in-india-new/$FILE/ey-
responding-to-cybercrime-incidents-in-india.pdf
4
Indiatoday.in ‘Comp Emergency Response Team proposed to check cyber frauds’; Ibid
~Information Technology Law~ PAGE| 4
Penal Code, The Indian Evidence Act, The Bankers’ Book Evidence Act, 1891 and The
Reserve Bank of India Act 1934 for matters connected incidentally to its objectives
The act deals with
➢ Legal Recognition of Electronic Documents
➢ Legal Recognition of Digital Signatures
➢ Offenses and Contraventions
➢ Justice Dispensation Systems for cyber crimes.

3. AMENDMENT ACT 2008

In the face of evolving nature of the subject matter, discussions, reviews and studies and
primary research, certain provisions of the act became rather draconian and obsolete coupled
with it showing its loopholes. Some prominent features of the act are
➢ Focussing on data privacy
➢ Focussing on Information Security
➢ Defining cyber café
➢ Making digital signature technology neutral
➢ Defining reasonable security practices to be followed by corporate
➢ Redefining the role of intermediaries
➢ Recognising the role of Indian Computer Emergency Response Team
➢ Inclusion of some additional cyber crimes like child pornography and cyber terrorism
➢ authorizing an Inspector to investigate cyber offences (as against the DSP earlier)5

5
“IT” Security of IIBF Published by M/s TaxMann Publishers
~Information Technology Law~ PAGE| 5
 AN ANALYSIS OF THE LAW

1. LANDMARK PROVISIONS

Important Electronic and IT related definitions had to be now defined which was definitely a
challenge for the legislators. The everchanging landscape and the unsure terrain in India were
all a grey area to navigate and foresee the legal implications.

a. Computer6
The definition of computer has been constructed to include a collection of devices with
input, output and storage capabilities with an elaboration of technical and high processing
abilities. However innovation happening every minute, in technality high performing
machines can also be brought under the ambit of the definition. The amendment however
widened inclusion by inserting ‘communication devices’ and ‘cyber cafés ‘ .

b. Digital signature7
While the 2000 Act defines digital signature, the 2008 act defines electronic signature as
well. Section 3 lays down the procedure to obtain authentication for electronic records and
giving it legal validity. The 2008 act gives effect to validity to biometrics and new forms
of signatures, changing the landscape for identity theft and giving it more recognition as a
cyber crime. However It has been over 10 years since the last revision to the act and there
is a need to recognize the new ways of authentication.

c. e-Governance
Chapter III discusses the issues and procedures and the legal validity electronic records.
Along with procedure relating to e-signatures and regulations for appointing authorities
who have the authority to sign off on the validity of the same.

d. Penalties and Punishment for damage to computers and systems.

Ever since records started being computerised and the banking and payment systems got
digitized, offendors have found new ways to steal money, data and identities. Section 43 of

6
Section 2(1)c, Information Technology Act, 2000.
7
Section 3, Information Technology Act, 2000.
~Information Technology Law~ PAGE| 6
 the act is the first major step in combatting the issue of data theft in the country and much
awaited provision at that. This sections is the civil liability attached with data theft. Section
65 and 66 attach criminality to the same.

e. Corporate Liability for Data Protection

Section 43-A was inserted by 2008 act after the fallout of the bazee.com case8. Corporate
negligence of failing to protecting data owned of it’s employees was considered to be a
grave misstep in the process of necessary due diligence. Further The Central Government
vide its notification dates 11 April 2011 gave a full list pf all such data which includes
password, details of bank accounts or card details, ,medical records etc. This notification
was an eye openor to any organisation which held and dealt with any kind of private data
of employees and customers and there was a wave of change in the way social electronic
security was viewed.

f. Adjudication
Powers and procedures of adjudication in Section 46 lay down the civil remedy in case
offences. The IT Secretary of state is normally appointed adjudicator. There is an appellate
procedure under this process and the composition of Cyber Appellate Tribunal at
the national level has also been described in the Act.
This provision has been extremely criticised during its living as very few applications were
made in the first decade out of which less than 5 adjudications were obtained. The first
adjudication was given in the ICICI Case9 in which the bank was told to compensate the
applicant with the amount wrongfully debited in Internet banking along with costs and
damages.

8
Sharat Babu Digumarti vs State, Govt. of NCT of Delhi RL.REV.P. 127/2015 & CRL.M.A.No.3194/2015
9
April 2010.
~Information Technology Law~ PAGE| 7
 2. LANDMARK CASES

a. Syed Asifuddin And Ors. vs The State Of Andhra Pradesh10

The TATA Indicom staff members tampered with Reliance model handsets activating
TATA networks dubiously making an offence under Section 6511 of the act.

b. Poona Auto Anillaries Pvt. Ltd., Pune Versus Punjab National Bank, HO New
Delhi & Others12
One of the largest compensation awards13 granted in 2013 where PNB was ordered to pay
45 Lakh to complainant , MD of Pune based Poona Auto Ancillaries. After being Phished
by an email , money was transferred from the MD’s account to PNB. Complainant
responded to the phishing and so was partially liable by the bank was also negligent.

c. Shreya Singhal v.UOI14.

Section 66A of the Information Technology Act, 2000 is struck down in its entirety being
violative of Article 19(1)(a) and not saved under Article 19(2). )Section 69A and the
Information Technology (Procedure & Safeguards for Blocking for Access of Information
by Public) Rules 2009 are constitutionally valid. Further, Section 79 is valid subject to
Section 79(3)(b) being read down and so on.

d. Christian Louboutin Sas Versus Nakul Bajaj & Ors15

Intermediaries abet the sale of online products that violate Intellectual property and cannot
go scott free. The complainant was granted injunction against the site that hosted products
that violated trademarks of the complainants and consequently Section 79 of the IT Act16.

e. Harpal Singh v. State of Punjab17

Admissibility of electronic evidence under Section 65B of Indian Evidence Act, 1872 was
discussed. It was held that in the absence of a certificate under the Section 65B(4) the
evidence is inadmissible.

10
2005 CriLJ 4314
11
Tampering with computer source documents.
12
Complaint No. 4 of 2011
13
Section 43, IT Act 2000.
14
AIR 2015 SC 1523
15
CS (COMM) 344/2018
16
Network service providers not to be liable in certain cases
17
(2017) 1 SCC 734
~Information Technology Law~ PAGE| 8
 f. PIL against Google, Facebook, Yahoo , Microsoft and Whatsapp
In 2017, the Supreme court took suo motto cognizance of the matter of child pornography
and asked CBI to investigate for offences under POCSO and Section 67: Punishment for
publishing or transmitting obscene material in electronic form. Justice Madan B. Lokur and
U.U. Lalit, by order dated April 16, 2018 ordered all social networks to inform the response
of the actions taken by them in the next hearing i.e. May 18, 2018. But the major websites
did not file any response18.

18
http://www.mondaq.com/india/x/714246/Crime/Supreme+Court+Imposes+Cost+Of+Rs+1+Lakh+On+Internet
+Giants+Like+Google+Facebook+Yahoo+Microsoft+And+WhatsApp+For+Online+Child+Pornography+Cases
~Information Technology Law~ PAGE| 9
 CONCLUSION

It will be just naïve to think that cyber crimes won’t be on the rise with the advent of technology
and means of harnessing it. It is time that the law progresses with the minds of those who have
learned to use it for their means. It is the duty of all the stakeholders that is law maker,
intermediaries as well as consumers to come up with plans and legal backings including the
following
1. Build awareness and training in the law enforcement departments for cyber crimes and
how to deal with them.
2. The issue of jurisdiction is not sufficiently tackled by Sections 46,48,57 and 62 of the
act. But where geographical boundaries are transient there is a looming question as to
where the cause of action actually arises. Often transnational nature of cyber crimes
stop them from gaining recognition in the eyes of law enforcement as their registration
in terms of jurisdiction is restricted.
3. Evidence capturing and preservation is of major frailty today. Unless the enforcement
is equipped to identify the veracity of data or retrieve erased data, evidence can be easily
forged and wiped with the crime thus being virtually erased.
While legislation has come a long way there are various cyber crimes that do not find
recognition in the act and in terms of offences. Spam emails and messages , Internet service
provider liability in copyright infringement like in terms of John Doe cases19, and privacy
issues especially in the light of the new Right to privacy judgement20 are to be included as
being the need of the hour.

19
Eros International Media Ltd & Another V. Bharat Sanchar Nigam Ltd Ors Suit C.S. No.620 of 2016 (2016).
(India)
20
Justice K S Puttaswamy and anr. V. UOI 255 ( 2018 ) DLT 1
~Information Technology Law~ PAGE| 10
 REFERENCES

BOOKS
1. Book on “IT” Security of IIBF Published by M/s TaxMann Publishers
2. Apar Gupta: Commentary on Information Technology Act.(2016)
3. Ratanlal & Dhirajlal: Law of Evidence, Updated 23rd Edition

DATABASES
1. Manupatra
2. Lexis Nexis
3. SCC Online

~Information Technology Law~ PAGE| 11