Joga Rao S. V (2004), Law of Cyber Crimes & Information Technology Law. 1st Edition, p.46
Joga Rao S. V (2004), Law of Cyber Crimes & Information Technology Law. 1st Edition, p.46
Joga Rao S. V (2004), Law of Cyber Crimes & Information Technology Law. 1st Edition, p.46
The word ‘cyber’ is the virtual world of internet, where there are no limited boundaries between the
people who use it. It is reality that the extent to which information technology has spread, its reach
and influence, makes societies that much more vulnerable to any possible use and misuse of the
technology.1
Cybertort is a neoligism (coined from the terms cyberspace and tort) = tort law as it relates to the
internet/world wide web. The term ‘cyber torts’ is a misnomer. This term has nowhere been defined
in any statute /Act passed or enacted by the Indian Parliament. The concept of cyber is not radically
different from the concept of conventional torts. Both include conduct whether act or omission,
which cause breach of rules of law and counterbalanced by the sanction of the state.
Cyber torts is the latest and perhaps the most complicated problem in the cyber world. Cyber torts
may be said to be those species, of which, genus is the conventional torts, and where either the
computer is an object or subject of the conduct constituting crime. Any tortuous Activity that uses a
computer either as an instrumentality, target or a means for perpetuating further torts comes within
the ambit of cyber torts.
A generalized definition of cyber torts may be “ unlawful acts wherein the computer is either a tool
or target or both” The computer may be used as a tool in the following kinds of activity financial
crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail
spoofing, forgery, cyber defamation, cyber stalking.
The computer may however be target for unlawful acts in the following cases- unauthorized access
to computer/ computer system/ computer networks, theft of information contained in the electronic
form, e-mail bombing, data didling, salami attacks, logic bombs, Trojan attacks, internet time thefts,
web jacking, theft of computer system, physically damaging the computer system.
The use of internet has brought about a lot of benefits, such as e-commerce, e-banking, unlimited
information, easy and inexpensive communication through e-mail, messengers, voice chat, social
websites, etc. But there are some demerits also, like hacking stalking, defamation, spamming,
viruses, gambling.
It is very necessary to have regular checks and balance everything that exists with the interference
of the law, to regulate the people in their behavior. Politics and pornography are not the only
reasons why government would interfere in the use of internet, there were financial aspects like
taxation, intellectual property rights, commerce trade and the gambling so that the government
could have their revenues. The internet started to gain importance from mid-1990s onwards, with
1
Joga Rao S. V(2004), law of cyber crimes & information technology law. 1st edition, p.46
the country realizing the potentiality of the internet through its tremendous growth. Computers with
internet facilities have become the most dominant medium of communication.
The internet with all the benefits of anonymity reliability and convenience has become an
appropriate breeding place for persons interested in making use of the met for illegal gainful
purposes, either monetary or otherwise. The biggest challenge to the law is to keep pace with the
technology. Some of the challenges of making technology based laws are that there is a chance of
them being soon outdated. So as far as possible technology must be formulated in a technology
neutral way. There has to be a consistency between the laws.
There is apparently no distinction between cyber and conventional tort. However on a deep
introspection we may say that there exists a fine line of demarcation between the conventional and
cyber tort, which is appreciable. The demarcation lies in the involvement of the medium in cases of
cyber tort. The sine qua non for cyber tort is that there should be an involvement, at any stage, of
the virtual cyber medium i,e. Cyber space.
CONVENTIONAL CRIME -Crime is a social and economic phenomenon and is as old as the human
society. Crime is a legal concept and has the sanction of the law. Crime or an offence is “a legal
wrong that can be followed by criminal proceedings which may result into punishment2.” The
hallmark of criminality is that, it is breach of the criminal law. Per Lord Atkin “the criminal quality of
an act cannot be discovered by reference to any standard but one: is the act prohibited with penal
consequences”. A crime may be said to be any conduct accompanied by act or omission prohibited
by law and consequential breach of which is visited by penal consequences.3
CYBER CRIME- Cybercrime is the latest and perhaps the most complicated problem in the cyber
world. “Cybercrime may be said to be those species, of which, genus is the conventional crime, and
where either the computer is an object or subject of the conduct constituting crime”. “Any criminal
activity that uses a computer either as an instrumentality, target or a means for perpetuating further
crimes comes within the ambit of cybercrime”4
A generalized definition of cybercrime may be “ unlawful acts wherein the computer is either a tool
or target or both”5. The computer may be used as a tool in the following kinds of activity financial
crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail
spoofing, forgery, cyber defamation, cyber stalking. The computer may however be target for
unlawful acts in the following cases- unauthorized access to computer/ computer system/ computer
2
Granville Williams
3
Proprietary Articles Trade Association v. A.G.for Canada (1932)
4
Duggal Pawan
5
Nagpal R. – What is Cyber Crime?
networks, theft of information contained in the electronic form, e-mail bombing, data diddling,
salami attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer
system, physically damaging the computer system.
Hart in his work “The Concept of Law” has said ‘human beings are vulnerable so rule of law is
required to protect them’. Applying this to the cyberspace we may say that computers are
vulnerable so rule of law is required to protect and safeguard them against cyber tort. The reasons
for the vulnerability of computers may be said to be:
1. Capacity to store data in comparatively small space- The computer has unique characteristic
of storing data in a very small space. This affords to remove or derive information either through
physical or virtual medium makes it much more easier.
3. Complexity of systems-The computers work on operating systems and these operating systems
in turn are composed of millions of codes. Human mind is fallible and it is not possible that there
might not be a lapse at any stage. These lucanas can be taken advantage of and computer security
systems can be penetrated into.
4. Negligence- Negligence is very closely connected with human conduct. It is therefore very
probable that while protecting the computer system there might be any negligence, which in turn
provides a loop hole to gain access and control and in turn misuse the computer system. 5. Loss of
evidence- Loss of evidence is a very common & obvious problem as all the data are routinely
destroyed as they are updated every next moment. Further collection of data outside the territorial
extent also paralyses this system of investigation.
5. Loss of evidence- Loss of evidence is a very common & obvious problem as all the data are
routinely destroyed as they are updated every next moment. Further collection of data outside the
territorial extent also paralyses this system of investigation.
Mode And Manner Of Committing Cyber Tort
3. Email bombing- This kind of activity refers to sending large numbers of mail to the victim, which
may be an individual or a company or even mail servers there by ultimately resulting into crashing.
4. Data diddling- This kind of an attack involves altering raw data just before a computer processes
it and then changing it back after the processing is completed. The Electricity Board faced similar
problem of data diddling while the department was being computerised.
5. Salami attacks- This kind of crime is normally prevalent in the financial institutions or for the
purpose of committing financial crimes. An important feature of this type of offence is that the
alteration is so small that it would normally go unnoticed. E.g. The Ziegler case wherein a logic bomb
was introduced in the bank’s system, which deducted 10 cents from every account and deposited it
in a particular account.
6. Denial of Service attack- The computer of the victim is flooded with more requests than it can
handle which cause it to crash. Distributed Denial of Service (DDoS) attack is also a type of denial of
service attack, in which the offenders are wide in number and widespread. E.g. Amazon, Yahoo.
7. Virus/worm attacks- Viruses are programs that attach themselves to a computer or a file and
then circulate themselves to other files and to other computers on a network. They usually affect the
data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to
attach themselves to. They merely make functional copies of themselves and do this repeatedly till
they eat up all the available space on a computer's memory. E.g. love bug virus, which affected at
least 5 % of the computers of the globe. The losses were accounted to be $ 10 million. The world's
most famous worm was the Internet worm let loose on the Internet by Robert Morris sometime in
1988 which almost brought the development of Internet to a complete halt.
8. Logic bombs- These are event dependent programs. This implies that these programs are
created to do something only when a certain event (known as a trigger event) occurs. E.g. even some
viruses may be termed logic bombs because they lie dormant all through the year and become active
only on a particular date (like the Chernobyl virus).
9. Trojan attacks- This term has its origin in the word ‘Trojan horse’. In software field this means an
unauthorized program, which passively gains control over another’s system by representing itself as
an authorized program. The most common form of installing a Trojan is through e-mail. E.g. a Trojan
was installed in the computer of a lady film director in the U.S. while chatting. The cyber criminal
through the web cam installed in the computer obtained her nude photographs. He further harassed
this lady.
10. Internet time thefts- Normally in these kinds of thefts the Internet surfing hours of the victim
are used up by another person. This is done by gaining access to the login ID and the password. E.g.
Colonel Bajwa’s Case- the Internet hours were used up by any other person. This was perhaps one of
the first reported cases related to cyber crime in India. However this case made the police infamous
as to their lack of understanding of the nature of cyber tort.
11. Web jacking-This term is derived from the term hi jacking. In these kinds of offences the
hacker gains access and control over the web site of another. He may even mutilate or change the
information on the site. This may be done for fulfilling political objectives or for money. E.g. recently
in the Case of MIT (Ministry of Information Technology) its site was hacked by the Pakistani hackers
and some obscene matter was placed therein. Further the site of Bombay crime branch was also
web jacked. Another case of web jacking is that of the ‘Gold Fish Case’. In this case the site was
hacked and the information pertaining to gold fish was changed. Further a ransom of US $ 1 million
was demanded as ransom. Thus web jacking is a process where by control over the site of another is
made backed by some consideration for it.
The cyber criminals constitute of various groups/ category. This division may be justified on the basis
of the object that they have in their mind. The following are the category of cyber criminals
1. Children and adolescents between the age group of 6–18 years –The simple reason for this
type of delinquent behaviour pattern in children is seen mostly due to the inquisitiveness to know
and explore the things. Other cognate reason may be to prove themselves to be outstanding
amongst other children in their group. Further the reasons may be psychological even. E.g. the Bal
Bharati (Delhi) case was the outcome of harassment of the delinquent by his friends.
2. Organized hackers-These kinds of hackers are mostly organised together to fulfil certain
objective. The reason may be to fulfil their political bias, fundamentalism, etc. Recently the Indian
Government had been targeted with the same. Further the NASA as well as the Microsoft sites is
always under attack by the hackers.
3. Professional hackers/crackers – Their work is motivated by the colour of money. These kinds
of hackers are mostly employed to hack the site of the rivals and get credible, reliable and valuable
information. Further they are employed to crack the system of the employer basically as a measure
to make it safer by detecting the loopholes.
4. Discontented employees -This group include those people who have been either sacked by
their employer or are dissatisfied with their employer. To avenge they normally hack the system of
their employee.
There are many cyber torts, that is civil wrongs that is committed with the help of computer
technology. Some of the most common cyber torts are-
Stalking
Spamming
Defamation
Squatting
Spoofing
CYBER STALKING - Stalking has long been known as unwanted activity of an obsessive stalker
towards a distressed stalkee. Although this concept is existing for a long time, its impact attracted
only in the recent times. Cyber stalking is the exploitation of Information and Communications
Technology methods to follow other persons repetitively to cause displeasure, annoyance, distress
and fear.6
Internet services such as e-mails are also abused by the cyber stalkers to send text, graphics, audio
and video based messages to the email account of the victim, transmitting threatening , alarming
and harassing contents. Stalking can be done either directly or indirectly. In the direct harassment,
the stalker sends harassing messages to the targeted victim and in the indirect harassment, the
stalker tries to obtain the personal information and then uses the information to contact the person
through other means. Cyberized stalking threatens a great number of netizens, who in turn cannot
get away from such harassment just by moving to a different place or disconnecting himself/herself
from the internet. Stalking occurring in cyberspaces leaves no direct viewing traces, causes no direct
6
Xiang li, Cyber Stalking: Information and Communications Technology Makes it Different, Cyber Law Journal, The ICFAI
University, feb 2009, pg 32
Viewing efforts except digitalized effects, and leads to no direct viewing detection, except through
computerized detection. Yet it harms the victim living in the real space. 7 The process of stalking has
low controllability. The real identity of the user is not necessary for using the internet. It is necessary
to point out that anonymity not only costs the victim and the law enforcement, nut also the
perpetrator. The impossibility of control over the internet immunizes individuals and institutions
from any liability for the omission of such control. Sometimes personal information is published in
telephone directory or yellow pages, which usually collects names, profession, profession, telephone
numbers, residence addresses, and even e-mail accounts. Publishing such information means anyone
can use the information and contact the person. But the dispute arises about who can, at what time,
how frequently and for what purpose the information is used. Dispute is involved when it becomes
difficult to judge whether an act is normal or abnormal use of information. Thus exploiting new
technological methods, cyber stalking poses severe intimidation to netizens who are in the cyber
space as it helps them to do many things fast and efficiently in this information age.
The Delhi police registered India’s first case of cyber stalking in 2000. Ritu Kohli, complained against
a person who was using her identity to chat over obscene things on the net and her telephone
number and her address was also given to various people by that (one who takes other’s identity)
person. Later the IP address were traced and they arrested Manish Kathuria. He was charged under
section 509, of IPC.8But the cyber stalking does not come under the purview of the section 509, as
the law under this section states that any wrong committed through words which are uttered or a
gesture must be made or any object should be exhibited. But cyber stalking is just about typing and
working on the computer, which does not come under the ambit of section 509 of IPC. There is a
need to create more awareness amongst the legislature and the law enforcing agencies regarding
the cyber torts and crimes in order to enable the early regulation.
SPAMMING- The act of sending unsolicited e-mails in bulk is called “spamming,” and the
unwelcome messages are called “spam.”9 Spamming, which accounts for 40% of global email traffic,
is appealing precisely because it is cheap. The spammer bears basically the same cost for sending
one unsolicited e-mail as she would for sending one million. While the cost to the spammer is
minimal, the cost to consumers and ISPs is immense. Unsolicited bulk e-mail, sometimes referred to
as "Spam" or "Unsolicited Commercial Electronic mail," is electronic mail which is unsolicited and
sent for the purpose of selling the recipient goods, services, or property. Commercial electronic mail
advertisements are most often used to solicit multi-level marketing, get-rich-quick and work-at-
7
Xiang li, Cyber Stalking: Information and Communications Technology Makes it Different, Cyber Law Journal, The ICFAI
University, feb 2009, pg 33
8
Some Cyber Law Perspectives, The ICFAI Journal of Cyber Law, vol 1 ,nov 2002,pg 9
9
Evans C. Anyanwu, When bad thingshappen to good laws :Fighting spamming with the law of Trespass and other novel
approaches, www.cyberlinks.com
home schemes as well as questionable products and pornography. Not only does Spam affect
consumer and citizen e-mail users, but it can cripple businesses and Internet Service Providers. In
each spamming cases , the plaintiff shows some interference, with the efficient functioning of the
computer system; Compuserve,10 for example, presented evidence that the defendant’s mass emails
placed a remendous burden on Compuserve’s equipment by using disk space and draining
processing power, leaving those resources unavailable for the subscribers.
CYBER DEFAMATION -Cyber defamation would imply defamation by anything which can be read,
seen or heard with the help of the computers. There are certain noticeable differences between
online and offline attempt of defamation which makes the online defamation more vigorous and
effective. This occurs when defamation takes place with the help of computers and / or the Internet.
E.g. someone publishes defamatory matter about someone on a website or sends e-mails containing
defamatory information to all of that person’s friends. In a recent occurrence, Surekha (names of
people have been changed), a young girl was about to be married to Suraj. She was really please
because despite it being an arranged marriage, she had liked the boy. He had seemed to be open-
minded and pleasant. Then, one day when she met Suraj, he looked worried and even a little upset.
He was not really interested in talking to her.
When asked he told her that, members of his family had been receiving e-mails that contained
malicious things about Surekha’s character. Some of them spoke of affairs, which she had had in the
past. He told her 168 that, his parents were justifiably very upset and were also considering breaking
off the engagement. Fortunately, Suraj was able to prevail upon his parents and the other elders of
his house to approach the police instead of blindly believing what was contained in the mails.
During investigation, it was revealed that the person sending those e-mails was none other than
Surekha’s step father. He had sent these e-mails so as to break up the marriage. The girl’s marriage
would have caused him to lose control of her property of which he was the guardian till she got
married. Another famous case of cyber defamation occurred in America. All friends and relatives of a
lady were beset with obscene e-mail messages appearing to originate from her account. These mails
were giving the lady in question a bad name among her friends. The lady was an activist against
pornography. In reality, a group of people displeased with her views and angry with her for opposing
they had decided to get back at her by using such underhanded methods. In addition to sending
spoofed obscene e-mails they also put up websites about her, that basically maligned her character
and sent e-mails to her family and friends containing matter defaming her .
SQUATTING -Cyber squatting is the act of registering a famous domain name and then selling it for
a fortune. This is an issue that has not been tackled in IT act 2000. Cybersquatting is a crime against
10
CompuServe, Inc. v Cyber Promotions, Inc. 115 S.Ct. 2338, 2344 (1995)
the laws and regulations of cyber law. It can be defined as registering, trafficking in, or using a
domain name with bad-faith i.e. mala fide intent to make profit from the goodwill of a trademark
belonging to someone else. The cyber squatter then offers to sell the domain to the person or
company who owns a trademark contained within the name at an inflated price. The term is derived
from squatting, which is the act of occupying an abandoned or unoccupied space or building that the
squatter does not own, rent or otherwise have permission to use. Cybersquatting however, is a bit
different in that the domain names that are being squatted are (sometimes but not always) being
paid for through the registration process by the Cybersquatters. Cybersquatters usually ask for prices
far greater than that at which they purchased it. Some cybersquatters put up derogatory or
defamatory remarks about the person or company the domain is meant to represent in an effort to
encourage the subject to buy the domain from them. The World Intellectual Property Organisation
(WIPO) saw a 20 per cent increase in the number of cyber squatting (abusive registration of
trademarks as domain names) cases filed in 2005 as compared to 2004. In 2005, a total of 1,456
cyber squatting cases were filed with WIPOs Arbitration and Mediation Centre, according to a WIPO
release11.
SPOOFING- A spoofed email is one that appears to originate from one source but actually has
been sent from another source. E.g. Pooja has an e-mail address [email protected]. Her enemy,
Sameer spoofs her e-mail and sends obscene messages to all her acquaintances. Since the e-mails
appear to have originated from Pooja, her friends could take offence and relationships could be
spoiled for life. Email spoofing can also cause monetary damage. In an American case, a teenager
made millions of dollars by spreading false information about certain companies whose shares he
had short sold. This misinformation was spread by sending spoofed emails, purportedly from news
agencies like Reuters, to share brokers and investors who were informed that the companies were
doing very badly. Even after the truth came out the values of the shares did not go back to the
earlier levels and thousands of investors lost a lot of money.
1. Harassment via e-mails- Harassment through e-mails is not a new concept. It is very similar to
harassing through letters. Recently I had received a mail from a lady wherein she complained about
the same. Her former boy friend was sending her mails constantly sometimes emotionally
blackmailing her and also threatening her. This is a very common type of harassment via e-mails.
11
Rima Bhardwaj & Dushyant Upadhyay, A brief legal overview.
computers for producing these obscene materials. Downloading through the Internet, obscene
materials. These obscene matters may cause harm to the mind of the adolescent and tend to
deprave or corrupt their mind. Two known cases of pornography are the Delhi Bal Bharati case and
the Bombay case wherein two Swiss couple used to force the slum children for obscene
photographs. The Mumbai police later arrested them.
4. E mail spoofing- A spoofed e-mail may be said to be one, which misrepresents its origin. It
shows it's origin to be different from which actually it originates. Recently spoofed mails were sent
on the name of Mr. Na.Vijayashankar (naavi.org), which contained virus Rajesh Manyar, a graduate
student at Purdue University in Indiana, was arrested for threatening to detonate a nuclear device in
the college campus. The alleged e- mail was sent from the account of another student to the vice
president for student services. However the mail was traced to be sent from the account of Rajesh
Manyar.
7. Cyber terrorism against the government organization:-At this juncture a necessity may be
felt that what is the need to distinguish between cyber terrorism and cyber torts. Both are
dangerous acts. However there is a compelling need to distinguish between both these acts. A cyber
tort is generally a domestic issue, which may have international consequences, however cyber
terrorism is a global concern, which has domestic as well as international consequences. The
common form of these terrorist attacks on the Internet is by distributed denial of service attacks,
hate websites and hate emails, attacks on sensitive computer networks, etc. Technology savvy
terrorists are using 512-bit encryption, which is next to impossible to decrypt. The recent example
may be cited of – Osama Bin Laden, the LTTE, attack on America’s army deployment system during
Iraq war. Cyber terrorism may be defined to be “ the premeditated use of disruptive activities, or the
threat thereof, in cyber space, with the intention to further social, ideological, religious, political or
similar objectives, or to intimidate any person in furtherance of such objectives” Another definition
may be attempted to cover within its ambit every act of cyber terrorism.
A terrorist means a person who indulges in wanton killing of persons or in violence or in disruption
of services or means of communications essential to the community or in damaging property with
the view to –
(2) affecting adversely the harmony between different religious, racial, language or regional groups
or castes or communities; or
(3) coercing or overawing the government established by law; or endangering the sovereignty and
integrity of the nation and a cyber terrorist is the person who uses the computer system as a means
or ends to achieve the above objectives. Every act done in pursuance thereof is an act of cyber
terrorism.
8. Trafficking:- Trafficking may assume different forms. It may be trafficking in drugs, human
beings, arms weapons etc. These forms of trafficking are going unchecked because they are carried
on under pseudonyms. A racket was busted in Chennai where drugs were being sold under the
pseudonym of honey.
5. Fraud & Cheating:- Online fraud and cheating is one of the most lucrative businesses that are
growing today in the cyber space. It may assume different forms. Some of the cases of online fraud
and cheating that have come to light are those pertaining to credit card crimes, contractual crimes,
offering jobs, etc. Recently the Court of Metropolitan Magistrate Delhi (17) found guilty a 24-year-
old engineer working in a call centre, of fraudulently gaining the details of Campa's credit card and
bought a television and a cordless phone from Sony website. Metropolitan magistrate Gulshan
Kumar convicted Azim for cheating under IPC, but did not send him to jail. Instead, Azim was asked
to furnish a personal bond of Rs 20,000, and was released on a year's probation
STATUTORY PROVISONS:
The Indian parliament considered it necessary to give effect to the resolution by which the General
Assembly adopted Model Law on Electronic Commerce adopted by the United Nations Commission
on Trade Law. As a consequence of which the Information Technology Act 2000 was passed and
enforced on 17th May 2000.the preamble of this Act states its objective to legalise e-commerce and
further amend the Indian Penal Code 1860, the Indian Evidence Act 1872, the Banker‟s Book
Evidence Act1891 and the Reserve Bank of India Act 1934.
The basic purpose to incorporate the changes in these Acts is to make them compatible with the Act
of 2000. So that they may regulate and control the affairs of the cyber world in an effective manner.
The Information Technology Act deals with the various cybercrimes in chapters IX & XI. The
important sections are Ss. 43,65,66,67. Section 43 in particular deals with the unauthorised access,
unauthorised downloading, virus attacks or any contaminant, causes damage, disruption, denial of
access, interference with the service availed by a person. This section provide for a fine up to Rs. 1
Crore by way of remedy. Section 65 deals with „tampering with computer source documents‟ and
provides for imprisonment up to 3 years or fine, which may extend up to 2 years or both. Section 66
deals with „hacking with computer system‟ and provides for imprisonment up to 3 years or fine,
which may extend up to 2 years or both. Further section 67 deals with publication of obscene
material and provides for imprisonment up to a term of 10 years and also with fine up to Rs. 2 lakhs
The Information Technology Amendment Act, 2008 The Information Technology Amendment Act,
2008 was passed by the Indian Parliament on December 22, 2008 and following Presidential assent it
has become a law from February 5, 2009. The amendment bears a certain degree of similarity to the
prevailing law in the United States of America ("USA"). In USA, intermediaries such as SNWs,
internet service providers and other interactive web service providers are exempted from liability
under defamation if:
(i) they prove that they have no control over the statement or content and
(ii) they remove such statement or content from their website or network immediately upon
receiving the notice from the plaintiff. The amended Section 79 of this Amendment Act provides the
mechanism equivalent to the law of USA. Following are the relevant provisions of the
Information Technology Act (after the said amendment comes into force).
Section 79:
(1) Notwithstanding anything contained in any other law for the time being in force but subject to
the provisions of sub-sections (2) and (3), an intermediary shall not be liable for any third party
information, data, or communication link made available by him.
(2) The provisions of sub-section (1) shall apply if-:
(a) the function of the intermediary is limited to providing access to a communication system over
which information made available by third parties is transmitted or temporarily stored; or
(b) the intermediary does not— initiate the transmission,
select the receiver of the transmission, and
select or modify the information contained in the transmission.
(3) The provisions of sub-section (1) shall not apply if -:
(a) the intermediary has conspired or abetted in the commission of the unlawful act;
(b) upon receiving actual knowledge, or on being notified by the appropriate Government or its
agency that any information, data or communication link residing in or connected to a computer
resource controlled by the intermediary is being used to commit the unlawful act, the intermediary
fails to expeditiously remove or disable access to that material on that resource without vitiating the
evidence in any manner.
(4) Intermediary shall observe such other guidelines as the Central Government may prescribe in this
behalf. Explanation.--For the purpose of this section, the expression "third party information" means
any information dealt with by an intermediary in his capacity as an intermediary. Section 2(w) –:
"intermediary", with respect to any particular electronic records, means any person who on behalf of
another person receives, stores or transmits that record or provides any service with respect to that
record and includes telecom service providers, network service providers, internet service providers,
web-hosting service providers, search engines, online payment sites, online auction sites, online
market places and cyber cafes, but does not include body corporate referred to in section 43A."
While there is some United States law that does restrict access to materials on the internet, it does
not truly filter the internet. Many Asian and Middle Eastern nations use any number of combinations
of code-based regulation (one of Lessig's four methods of net regulation) to block material that their
governments have deemed inappropriate for their citizens to view.
China and Saudi Arabia are two excellent examples of nations that have achieved high degrees of
success in regulating their citizens access to the internet. In many countries, speech through
cyberspace has proven to be another means of communication which has been regulated by the
government. The Open Net Initiative, whose mission statement is "to investigate and challenge state
filtration and surveillance practices" in order to "...generate a credible picture of these practices,"
has released numerous reports documenting the filtration of internet-speech in various countries.
While China has thus far proven to be the most rigorous in its attempts to filter unwanted parts of
the internet from its citizens, many other countries - including Australia Arabia, and Tunisia,
Singapore, Iran, Saudi - have engaged in similar practices of internet censorship. In one of the most
vivid examples of information-control, the Chinese government for a short time transparently
forwarded requests to the Google search engine to its own, state-controlled search engines .
These examples of filtration bring to light many underlying questions concerning the freedom of
speech, namely, does the government have a legitimate role in limiting access to information? And if
so, what forms of regulation are acceptable? The recent blocking of "blogspot" and other websites in
India failed to reconcile the conflicting interests of speech and expression on the one hand and
legitimate government concerns on the other hand.
The Indian parliament considered it necessary to give effect to the resolution by which the General
Assembly adopted Model Law on Electronic Commerce adopted by the United Nations Commission
on Trade Law. As a consequence of which the Information Technology Act 2000 was passed and
enforced on 17th May 2000.the preamble of this Act states its objective to legalise e-commerce and
further amend the Indian Penal Code 1860, the Indian Evidence Act 1872, the Banker’s Book
Evidence Act1891 and the Reserve Bank of India Act 1934. The basic purpose to incorporate the
changes in these Acts is to make them compatible with the Act of 2000.
So that they may regulate and control the affairs of the cyber world in an effective manner. The
Information Technology Act deals with the various cyber crimes in chapters IX & XI. The important
sections are Ss. 43,65,66,67.
Section 43 in particular deals with the unauthorised access, unauthorised downloading, virus attacks
or any contaminant, causes damage, disruption, denial of access, interference with the service
availed by a person. This section provide for a fine up to Rs. 1 Crore by way of remedy.
Section 65 deals with ‘tampering with computer source documents’ and provides for imprisonment
up to 3 years or fine, which may extend up to 2 years or both.
Section 66 deals with ‘hacking with computer system’ and provides for imprisonment up to 3 years
or fine, which may extend up to 2 years or both.
Further section 67 deals with publication of obscene material and provides for imprisonment up to
a term of 10 years and also with fine up to Rs. 2 lakhs.
Here I like to present a list of cyber laws existing in different parts of the world:
INDIA
IN Domain Name Registration Policy The Information Technology (Amendment) Bill, 2006
USA
Europe
European Model EDI Agreement Legal Provisions UK Electronic Communications Act 2000
UK: Copyright and Rights in Databases Regulations Council of Europe's Convention on Cybercrime
2001
The British Code of Advertising, Sales Promotion ... UK: The Consumer Protection Regulations 2000
Malaysia
Pakistan
The Information Technology Act 2000 was undoubtedly a welcome step at a time when there was
no legislation on this specialised field. The Act has however during its application has proved to be
inadequate to a certain extent. The various loopholes in the Act are
1. The hurry in which the legislation was passed, without sufficient public debate, did not
really serve the desired purpose Experts are of the opinion that one of the reasons for the
inadequacy of the legislation has been the hurry in which it was passed by the parliament and it is
also a fact that sufficient time was not given for public debate.
2. “Cyber laws, in their very preamble and aim, state that they are targeted at aiding e-
commerce, and are not meant to regulate cybercrime”(6) – Mr. Pavan Duggal holds the
opinion that the main intention of the legislators has been to provide for a law to regulate the e-
commerce and with that aim the I.T.Act 2000 was passed, which also is one of the reasons for its
inadequacy to deal with cases of cybercrime. At this point I would like to express my respectful
dissent with Mr. Duggal. I feel that the above statement by Mr. Duggal is not fundamentally correct.
The reason being that the preamble does state that the Act aims at legalising e-commerce. However
it does not stop here. It further amends the I.P.C., Evidence Act, Banker‟s Book Evidence and RBI Act
also. The Act also aims to deal with all matters connected therewith or incidental thereto. It is a
cardinal rule of interpretation that “text should be read as a whole to gather the meaning”. It seems
that the above statement has been made in total disregard of this rule of interpretation. The
preamble, if read as a whole, makes it very clear that the Act equally aims at legalising e-commerce
and to curb any offences arising there from.
3.Cyber torts- The recent cases including Cyber stalking cyber harassment, cyber nuisance, and
cyber defamation have shown that the I.T.Act 2000 has not dealt with those offences. Further it is
also contended that in future new forms of cybercrime will emerge which even need to be taken
care of. Therefore India should sign the cybercrime convention. However the I.T.Act 2000 read with
the Penal Code is capable of dealing with these felonies.
4.Cybercrime in the Act is neither comprehensive nor exhaustive- Mr. Duggal believes that
we need dedicated legislation on cybercrime that can supplement the Indian Penal Code. The
contemporary view is held by Mr. Prathamesh Popat who has stated- "The IT Act, 2000 is not
comprehensive enough and doesn't even define the term 'cybercrime". Mr. Duggal has further
commented, “India, as a nation, has to cope with an urgent need to regulate and punish those
committing cybercrimes, but with no specific provisions to do so. Supporters of the Indian Penal
Code School vehemently argue that IPC has stood the test of time and that it is not necessary to
incorporate any special laws on cybercrime. This is because it is debated by them that the IPC alone
is sufficient for all kinds of crime.
However, in practical terms, the argument does not have appropriate backing. It has to be distinctly
understood that cybercrime and cyberspace are completely new whelms, where numerous new
possibilities and opportunities emerge by the day in the form of new kinds of crimes. I feel that a
new legislation on cybercrime is totally unwarranted. The reason is that the new legislation not come
alone but will bring with it the same confusion, the same dissatisfaction and the same desire to
supplant it by further new legislation.
Mr. Duggal has stated above the need to supplement IPC by a new legislation. If that is the issue
then the present legislation along with the Penal Code when read harmoniously and co- jointly is
sufficient to deal with the present problems of cybercrime. Further there are other legislations to
deal with the intellectual property crimes on the cyber space such as the Patents Act, Copy Right Act,
Trade Marks Act.
5.Ambiguity in the definitions- The definition of hacking provided in section 66 of the Act is very
wide and capable of misapplication. There is every possibility of this section being misapplied and in
fact the Delhi court has misapplied it. The infamous go2nextjob has made it very clear that what may
be the fate of a person who is booked under section 66 or the constant threat under which the
netizens are till s. 66 exists in its present form. Further section 67 is also vague to certain extent. It is
difficult to define the term lascivious information or obscene pornographic information. Further our
inability to deal with the cases of cyber pornography has been proved by the Bal Bharati case.
6. Uniform law- Mr. Vinod Kumar holds the opinion that the need of the hour is a worldwide
uniform cyber law to combat cybercrime. Cybercrime is a global phenomenon and therefore the
initiative to fight it should come from the same level. E.g. the author of the love bug virus was
appreciated by his countrymen.
7.Lack of awareness -One important reason that the Act of 2000 is not achieving complete success
is the lack of awareness among the s about their rights. Further most of the cases are going
unreported. If the people are vigilant about their rights the law definitely protects their right. E.g. the
Delhi high court in October 2002 prevented a person from selling Microsoft pirated software over
and auction site. Achievement was also made in the case before the court of metropolitan
magistrate Delhi wherein a person was convicted for online cheating by buying Sony products using
a stolen credit card.
8. Jurisdiction issues- Jurisdiction is also one of the debatable issues in the cases of cybercrime
due to the very universal nature of cyber space. With the ever-growing arms of cyber space the
territorial concept seems to vanish. New methods of dispute resolution should give way to the
conventional methods. The Act of 2000 is very silent on these issues.
9. Extra territorial application Though S.75 provides for extra-territorial operations of this law,
but they could be meaningful only when backed with provisions recognizing orders and warrants for
Information issued by competent authorities outside their jurisdiction and measure for cooperation
for exchange of material and evidence of computer crimes between law enforcement agencies.
10. Raising a cyber-army -By using the word „cyber army‟ by no means I want to convey the
idea of virtual army, rather I am laying emphasis on the need for a well-equipped task force to deal
with the new trends of hi tech crime. The government has taken a leap in this direction by
constituting cybercrime cells in all metropolitan and other important cities. Further the
establishment of the Cyber Crime Investigation Cell (CCIC) of the Central Bureau of Investigation
(CBI) 11) is definitely a welcome step in this direction. There are many cases in which the C.B.I has
achieved success. The present position of cases of cybercrime is –
Case 1: When a woman at an MNC started receiving obscene calls, CBI found her colleague had
posted her personal details on Mumbaidating.com.
Status: Probe on
Case 2: CBI arrested a man from UP, Mohammed Feroz, who placed ads offering jobs in Germany.
He talked to applicants via e-mail and asked them to deposit money in his bank account in Delhi.
Status: Charge sheet not filed
Case 3: The official web-site of the Central Board of Direct Taxes was hacked last year. As Pakistan-
based hackers were responsible, authorities there were informed through Interpol.
11. Cyber savvy bench Cyber savvy judges are the need of the day. Judiciary plays a vital role
in shaping the enactment according to the order of the day. One such stage, which needs
appreciation, is the P.I.L., which the Kerala High Court has accepted through an email. The role of the
judges in today‟s word may be gathered by the statement- judges carve „law is‟ to „law ought to
be‟. Mr T.K.Vishwanathan, member secretary, Law Commission , has highlighted the requirements
for introducing e-courts in India. In his article published in The Hindu he has stated “if there is one
area of Governance where IT can make a huge difference to Indian public is in the Judicial System”.
12. Dynamic form of cybercrime- Speaking on the dynamic nature of cybercrime FBI Director
Louis Freeh has said, "In short, even though we have markedly improved our capabilities to fight
cyber intrusions the problem is growing even faster and we are falling further behind.”
The(de)creativity of human mind cannot be checked by any law. Thus the only way out is the liberal
construction while applying the statutory provisions to cybercrime cases.
13. Hesitation to report offences- As stated above one of the fatal drawbacks of the Act has been
the cases going unreported. One obvious reason is the non-cooperative police force. This was proved
by the Delhi time theft case. "The police are a powerful force today which can play an instrumental
role in preventing cybercrime. At the same time, it can also end up wielding the rod and harassing
innocent s, preventing them from going about their normal cyber business."(10) This attitude of the
administration is also revelled by incident that took place at Meerut and Belgaum. (for the facts of
these incidents refer to naavi.com). For complete realisation of the provisions of this Act a
cooperative police force is require
India became independent on 15th August, 1947. In the 49th year of Indian independence, Internet
was commercially introduced in our country. The beginnings of Internet were extremely small and
the growth of subscribers painfully slow.12 However as Internet has grown in our country, the need
has been felt to enact the relevant Cyber laws which are necessary to regulate Internet in India. This
need for cyber laws was propelled by numerous factors.
Firstly, India has an extremely detailed and well-defined legal system in place. Numerous laws have
been enacted and implemented and the foremost amongst them is The Constitution of India. We
have interalia, amongst others, the Indian Penal Code, the Indian Evidence Act 1872, the Banker's
Book Evidence Act, 1891 and the Reserve Bank of India Act, 1934, the Companies Act, and so on.
However the arrival of Internet signalled the beginning of the rise of new and complex legal issues. It
may be pertinent to mention that all the existing laws in place in India were enacted way back
keeping in mind the relevant political, social, economic, and cultural scenario of that relevant time.
Nobody then could really visualize about the Internet. Despite the brilliant acumen of our master
draftsmen, the requirements of cyberspace could hardly ever be anticipated. As such, the
12
Why cyber laws in India, www.pavanduggalassociates.com
coming of the Internet led to the emergence of numerous ticklish legal issues and problems which
necessitated the enactment of Cyber laws.
Secondly, the existing laws of India, even with the most benevolent and liberal interpretation, could
not be interpreted in the light of the emerging cyberspace, to include all aspects relating to different
activities in cyberspace. In fact, the practical experience and the wisdom of judgment found that it
shall not be without major perils and pitfalls, if the existing laws were to be interpreted in the
scenario of emerging cyberspace, without enacting new cyber laws. As such, the need for enactment
of relevant cyber laws.
Thirdly, none of the existing laws gave any legal validity or sanction to the activities in Cyberspace.
For example, the Net is used by a large majority of users for email. Yet till today, email is not "legal"
in our country. There is no law in the country, which gives legal validity, and sanction to email. Courts
and judiciary in our country have been reluctant to grant judicial recognition to the legality of email
in the absence of any specific law having been enacted by the Parliament. As such the need has
arisen for Cyber law.
Fourthly, Internet requires an enabling and supportive legal infrastructure in tune with the times.
This legal infrastructure can only be given by the enactment of the relevant Cyber laws as the
traditional laws have failed to grant the same. E-commerce, the biggest future of Internet, can only
be possible if necessary legal infrastructure compliments the same to enable its vibrant growth. The
latest statistics show that cyber torts/crime is actually on the rise. However, it is true that in India,
cyber torts/crime is not reported too much about. Consequently there is a false sense of
complacency that cyber torts/crime does not exist and that society is safe from cyber torts/crime.
This is not the correct picture. The fact is that people in our country do not report cyber torts/crimes
for many reasons. Many do not want to face harassment by the police. There is also the fear of bad
publicity in the media, which could hurt their reputation and standing in society. Also, it becomes
extremely difficult to convince the police to register any cyber torts/crime, because of lack of
orientation and awareness about cyber torts/crimes and their registration and handling by the
police. The absolutely poor rate of cyber crime conviction in the country has also not helped the
cause of regulating cyber torts/crime. There has only been few cyber torts/crime convictions in the
whole country, which can be counted on fingers.
CONCLUSION
One question that is often asked is why should we have Cyberlaw in India, when a large chunk of the
Indian population is below the poverty line and is residing in rural areas ? More than anything else,
India, by its sheer numbers, as also by virtue of its extremely talented and ever growing IT
population, is likely to become a very important Internet market in the future and it is important that
we legislate Cyberlaws in India to provide for a sound legal and technical frame work which, in turn,
could be a catalyst for growth and success of the Internet Revolution in India. ASLU survey 2003
reports that most cyber case remain unreported due to the fear of negative publicity or under a
belief that India does not have adequate legal & enforcement mechanism to deal with such crimes.13
Therefore, it is imperative that effective measures be adopted to increase awareness of the laws
applicable to e-crimes and positive initiatives be taken by the government to train its police officers,
personnel in the judiciary and other law enforcement agencies to effectively combat cyber crimes.
Thus cyber laws are very important, esp., in a developing country like India for its growth. These
crimes/torts hamper the technological growth of the country. It can be controlled to a great extent
through the education of the people about the cyber crimes and its consequences and also its safety.
There are different users like people who hold data, system operators, buyers, sellers, those who
create intellectual property etc. each of these section of people have to be educated as to how
technology can be used to help or hurt others. And should also be taught the basic safe computing.
13
Karnika Seth, INDIA - CYBER CRIMES AND THE ARM OF LAW - AN INDIAN PERSPECTIVE, www.cyberlawsconsultingcenter.com