INTRODUCTION

The 21st century can very easily be called the ‘internet century.’ Our worlds revolve around
our smart devices. Which in turn revolves around the internet. We cannot even imagine the
world where Facebook or Snapchat or Paytm doesn’t exist. The Internet has immense power
and with the rate of its popularity the online crimes have increased drastically. The effect of
these crimes varies to a great extend from occident to orient and it has become a global
phenomenon. Cyber-crimes are still not explicitly defined. While most countries have laws in
place to deal with such issues, the underlying crime itself varies from case to case. Moreover,
cyber activities are not governed by geographical borders. Which makes dealing with such
crimes all the more confusing and complex. As a result of which, a lot of cyber-crimes either
go unreported or simply unconvicted. Cyber-crimes are relatively a new phenomenon but
same has occupied the cynosure of global attention simply because all citizens of the world,
irrespective of whether private or public, are vulnerable to it. The said vulnerability is almost
unavoidable for the fact that the world is in an information age precisely; cyber-crimes
emerged with the introduction of the Internet, thereby providing a conducive clime for crimes
engendered by cyber criminals.1
It is pertinent to note that there was no rule or laws in India which governed the issue of
cybercrimes including the matters of privacy issues, jurisdiction and intellectual property
rights issues and due to the misuse of technology there was a strict need of a statute and that
is how the Information Technology Act, 2000 (hereinafter referred to as “Act”) comes into
the picture. It was drafted by the government to protect the different fields of e-commerce, e
–banking and e- governance and with it also introduced various provisions on the liabilities
and punishments of cybercrimes.2 Although, the Act gives a lot of offences and with it also
prescribes the penalty but does it still lack the conviction and potentiality that the other acts
of different countries have? This article will analyse the Indian Act with the cybercrime acts
of different developed countries and whether the Indian Act requires to undergo any changes?
HYPOTHESIS

1. The analysis and comparison between the Information Technology Act, 2000 and the
cybercrime acts United states of America.
2. Whether the Information Technology Act, 2000 has to undergo any change after this
comparison?
JUSTIFICATION/VALIDATION OF THE HYPOTHESIS

1. Analysis of Cyber laws in India:

It has to be noted the Indian Penal code, 1872 is the central legislation which deals with
conventional crimes in India. primarily in India, there are two statutes which deals with the
cybercrimes:
a) Indian Penal Code, 1872

1
Ajayi, E. F. G., Challenges to enforcement of cyber-crimes laws and policy, 6 Journal of Internet and
Information Systems 2016.
2
Vinod Joseph, Cyber Crimes Under The IPC And IT Act - An Uneasy Co-Existence, MONDAQ,
https://www.mondaq.com/india/it-and-internet/891738/cyber-crimes-under-the-ipc-and-it-act--an-uneasy-co-
existence (accessed on 19.02.2021 at 06:45 P.M.).
 b) Information Technology Act, 2000
India had by the early 2000s, identified IT as a key factor in its quest to achieve economic
superiority and overall growth. The governments which were present at the centre and at the
state started incentivizing the growth of centres for the things which were related to IT, like
IT education, the widespread drives of computer learning in rural areas etc. 3 The investment
made in the development of the IT sector yielded the results soon enough, and the IT industry
boomed in the country. The industry dedicated to IT was of tertiary nature and assisted the
primary as well as the secondary sectors of the economy. However, undoubtedly a small
population resorted to utilizing their proficiency in IT to certain ulterior motives. The
Information Technology Act, 2000 was legislated both to cater to the growing needs of the IT
community in the country and to identify and punish the fringe elements who indulged in
misusing information technology.
The chapter 11 of the Information Technology Act, 2000 from sections 65 to 78 gives the
different cybercrimes and the associated punishments and liabilities to be taken by the
accused. Herein, some of them are discussed to give a better overview of the legislation.
1. TAMPERING WITH SOURCE DOCUMENTS:4 The IT Act prescribes a punishment for
concealing, destroying and altering any data which is required not to be maintained
and preserved in accordance with the law. For instance, if a disc is required as an
evidence to be submitted before a court, alteration in its contents or the production of
a fabricated copy of the same may attract a 3-year prison sentence along with a fine.
2.  IDENTITY THEFT:5 The concept of identity theft refers to the act of using the
electronic signature or password etc. of an individual. The same is made liable under
the Act with a 3-year prison sentence along with a fine.
3. CHEATING BY PERSONATION:6 The Act penalizes cheating by personation using a
computer source with a 3-year prison sentence and a fine.
4. PRIVACY VIOLATION:7 In wake of the acknowledgement of the fundamental right to
privacy by the Hon’ble Supreme Court of India. and the recent exposes relating to
privacy violation by big MNCs like Google and Facebook, Privacy violations have
taken the centre stage at various national debates. The IT Act, 2000 prescribes a 3-
year prison sentence and a fine for the same u/s 66E.
5. CYBER TERRORISM:8 The act of putting a nation’s sovereignty in danger by the use of
a computer resource is referred to as cyber terrorism. Often the use of computer
programs such as viruses etc. aids the acts of cyber-terrorists, these acts tend to affect
the lives of the people adversely and can even lead to the death of people.  The Act
has dealt with cyber terrorism very strictly and has made it punishable with life
imprisonment u/s 66 F.
3
Md Sahabuddin Mondal, Critical Study and Analysis of Cyber Law Awareness, https://lawcorner.in/critical-
study-and-analysis-of-cyber-law-awareness/#:~:text=Indian%20Penal%20Code%2C%201860%3A,the%20e
%2Drecords%20and%20documents, (accessed on 20.02.2021 at 04:00 P.M.).
4
Section 65 of the Information Technology act, 2000.
5
Section 66C of the Information Technology act, 2000.
6
Section 66D of the Information Technology act, 2000.
7
Section 66E of the Information Technology act, 2000.
8
Section 66F of the Information Technology act, 2000.
 6. Transmission of Pornographic Material: 9 Transmission of pornographic content
has been discussed very strictly under the Act. The implications of the transmission of
pornographic content have been appreciated by the legislatures and, since the
transmission is bound to have a long term and intense adverse effect on the lives of
the victims Section 67 prescribes a minimum punishment of 3-years’ worth jail-time
and 5 lakhs in fine. The punishment for a second-time offender has been set at a jail-
term for 5 years and a fine of 10 lakhs. Section 67-B exclusively deals with child
pornography for victims below the age of 18 years. The prescribed punishments for a
first conviction in cases of child pornography is 5-years of jail time and a fine of 10
lakh rupees, a second conviction can land one a sentence of 7 years and an additional
fine of 10 lakh rupees.
7. Compensation for failure to protect data: S. 43-A of the IT Act deals provides for
compensation in case a body corporate which handles sensitive personal data fails to
protect the same. The body corporate operating with sensitive personal data are
required under the section to adopt reasonable security practices and procedures to
prevent the loss of data failing which they will be liable to compensate for the loss of
the data.
While the common cybercrimes have been adequately dealt with under the IT Act, 2000, the
legislature constantly keeps bringing about new rules to cater to the growing corpus of the
crimes. Currently a key issue faced by the nation at large is that of ‘Data Privacy’, herein the
researcher has analysed how the laws have emerged around the same to accord protection to
the people’s fundamental right to privacy. S.66 C of the IT Act, 2000 penalizes Identity theft
and S.66 E penalizes violation of an individual’s privacy. B.N. Shrikrishna committee further
analysed the various jurisdictions globally in light of the Right to Privacy, data protection etc.
and submitted a report which provided a basis for the recent Right to Privacy Bill, 2017. The
bill shields an individual’s right to privacy against the world at large and attempts to establish
the control of one’s personal data in their own hands. It can be said India has achieved
2. The United States of America
The USA is the world leader in cybercrimes. It has been the top affected country of the world
in terms of internet related crimes with 23% of world cybercrime rate. However, it is also the
country with strongest cyber laws in place. About 60% of the cyber cases registered, end in
conviction and prison sentences. The first effective law against such crimes was first
established in 1984 termed as The Computer Fraud and Abuse Act (CFAA). However, the act
did not include a provision for intentional harming of devices by using malicious code. Or in
lay man language, for viruses.
In order to improve this act, the NIIA (National Information Infrastructure Protection Act)
was introduced in the USA. And after the passage of this laws, USA has strengthened the
definitions of the and the punishments related to the cybercrimes. Some of the penalties there
includes expulsion to criminal misdemeanour, felony in cyber bullying, fines for identity theft
etc. USA imposes the penalty six to twenty years for hacking and damage to computer
properties whereas for the identity theft, a 15-year punishment is given to the accused.
Therefore, it can be clearly seen that it has a stronghold on the cybercrimes. In various legal,

9
Section 67 of the Information Technology act, 2000.
strategic and academic documents of United States the terms cyber-crime, cyber-attack,
computer attack, electronic attack, and cyber-terrorism are coined and defined.
Cybercrime laws are covered in the Title 18 of the United States Code (18 U.S.C.), which is
the Criminal and Penal Code of the United States. The Electronic Communications Privacy
Act of 1986 and describes requirements for disclosures of data, conditions for mobile
tracking devices and surveillance, and interception of communication data. It covers
interception of wire, oral, or electronic communication and the preservation and disclosure of
stored wire and electronic communication.
The act of computer misuse was addressed in the US way back in 1984 through the Computer
Fraud and Abuse Act. This act governs cases with a compelling federal interest, where
computers of the federal government or certain financial institutions are involved, where the
crime itself is interstate in nature or computers used in interstate and foreign commerce.
This act punishes anyone who not just commits or attempts to commit an offense under the
Computer Fraud and Abuse Act but also those who conspire to do so. This act has been
further amended by the US Patriot Act, 2001 which enhanced the scope and penalties
imposed. First offense penalties are ten years imprisonment and second offense penalty is
imprisonment of 20 years. These are much more stringent considering Indian law provides
for just around three years of punishment in most cases.10
The punishments given under the USA are less of civil nature and more of criminal nature.
Further the crimes have stringent repercussions unlike India and they are widely enforced.
SUGGESTIONS

Owing to the fact that India is not a signatory to the Budapest Convention 2001, the
investigative processes concerning cybercrimes have faced a major setback due to lack of a
standard code prescribing ways and measures to carry out such tasks. The Budapest
Convention is the first of its kind, since it seeks to develop a common criminal policy aimed
at protection of society from cybercrimes, by formulating domestic legislations in a manner
to effectively fight against such crimes and develop mutual cooperation amongst countries. It
is also one of a kind as it tries to effectively provide for a distinct definition of the term child
pornography.11
Though our cyber legislation is modelled in a way to provide for punishment in case of
publishing or transmission of sexually explicit content involving children, the terminology
used is quite ambiguous, hence making it difficult to convict persons under the said
provision. Also, Section 67B of the Act cannot be read alone, but has to be read with Sections
67 of the Act and 67A, since they together form a complete code. The fact that the conviction
rates are low under the said legislation is itself proof of the complexity of procedure relating
to cybercrimes in India. Further, the Courts have traditionally been using the same standard
test to deal with cases concerning pornography and obscenity. However, all the obscene

10
Stephen E. Blythe, A Critique Of India's Information Technology Act And Recommendations For
Improvement, 34 Syracuse Journal of International Law and Commerce 1 (2006),
https://surface.syr.edu/jilc/vol34/iss1/2/ (accessed on 14.02.2021 at 05:00 P.M.).
11
Aishwarya Deb, A Critical Analysis of the Information Technology Act, 2000 vis-à-vis Mitigation of Child
Pornography, 7 Christ University Law Journal 2 (2018), https://core.ac.uk/download/pdf/236436895.pdf
(accessed on 21.02.2021 at 23:19 P.M.).
content on the internet cannot be classified as pornography. The Act merely provides that the
investigative agencies have the same powers as enshrined under the Code of Criminal
Procedure, 1973.
Considering the fact that cyberspace has its own unique characteristics, the procedures used
for carrying out investigations in real world are ineffective when it comes to dealing with
cybercrimes. Child pornography investigations are most of the times initiated due to a
complaint made by a third party, who discovers what he or she believes to be pornographic
content involving children on any electronic media, to a law enforcement agency. The
investigative agencies may face various issues while carrying out an investigation pertaining
to a case of child pornography. For instance, there might be jurisdictional issues when the
required evidence has to be retrieved from some other country which eventually leads to the
question of geographical determinacy.
The Budapest Convention provides for certain standards regulating the intrusive surveillance
and interception of communication, which are major components of cybercrime investigation.
For instance, the Convention makes it obligatory for the State parties to empower its
competent authorities, to order a person in its territory to submit specified computer data in
that person’s possession or control. Also, a service provider is expected to submit subscriber
information relating to such services in that service provides possession or control. Since
India is not a signatory to this Convention but USA is, it cannot avail this provision for
smooth functioning of the investigation process, in cases involving pornographic content.
Apart from this, the Convention also obligates the contracting parties to co-operate with each
other through the application of international instruments on international co-operation, in
criminal matters.
CONCLUSION

Hence it can be said that there are certain things that India should learn from developed
countries and then accordingly implement it. The more stringent laws are the less chances are
it to be infringed. The penalties levied by the IT Act are minimal compared to GDPR, and the
manner of implementation is even more dismal. For instance, the IT Act has provided for
damages of up to INR 5 crore, under section-43 of the IT Act. The Indian IT Act, 2000 was
formed to grant legality to electronic transactions and to promote e-commerce. However, the
Act hasn't been amended in 20 years, barring once in 2008.
There are some problems with the amendment of 2008, they were:
 The IT (Amendment) Act, 2008, reduced the quantum of punishment for a majority of
cybercrimes. This needs to be rectified.
 The majority of cybercrimes need to be made non-bailable offenses.
 The IT Act does not cover a majority of crimes committed through mobiles. This
needs to be rectified.
 A comprehensive data protection regime needs to be incorporated in the law to make
it more effective.
 Detailed legal regime needed to protect the privacy of individuals and institutions.
  Cyberwar as an offense needs to be covered under the IT Act.
 Parts of Section 66A of the IT Act are beyond the reasonable restrictions on freedom
of speech and expression under the Constitution of India. These need to be removed
to make the provisions legally sustainable.
REFERENCES

1. Stephen E. Blythe, A Critique Of India's Information Technology Act And

Recommendations For Improvement, 34 Syracuse Journal of International Law and
Commerce 1 (2006), https://surface.syr.edu/jilc/vol34/iss1/2/ (accessed on 14.02.2021
at 05:00 P.M.).
2. Aishwarya Deb, A Critical Analysis of the Information Technology Act, 2000 vis-à-
vis Mitigation of Child Pornography, 7 Christ University Law Journal 2 (2018),
https://core.ac.uk/download/pdf/236436895.pdf (accessed on 21.02.2021 at 23:19
P.M.).
3. Md Sahabuddin Mondal, Critical Study and Analysis of Cyber Law Awareness,
https://lawcorner.in/critical-study-and-analysis-of-cyber-law-
awareness/#:~:text=Indian%20Penal%20Code%2C%201860%3A,the%20e
%2Drecords%20and%20documents, (accessed on 20.02.2021 at 04:00 P.M.).
4. Ajayi, E. F. G., Challenges to enforcement of cyber-crimes laws and policy, 6
Journal of Internet and Information Systems 2016.
5. Vinod Joseph, Cyber Crimes Under The IPC And IT Act - An Uneasy Co-Existence,
MONDAQ, https://www.mondaq.com/india/it-and-internet/891738/cyber-crimes-
under-the-ipc-and-it-act--an-uneasy-co-existence (accessed on 19.02.2021 at 06:45
P.M.).
6. Roderic G. Broadhurst, Organizations and Cybercrime: An Analysis of the nature of
groups engaged in cybercrime, 8 International Journal of Cyber Criminology 1
(2014),
https://www.researchgate.net/publication/272304698_Organizations_and_Cybercrime
_An_Analysis_of_the_nature_of_groups_engaged_in_cybercrime (accessed on
11.02.2021 at 06:00 A.M.).
7. Kerr, Orin S. 2003. Cybercrime's Scope: Interpreting 'Access' and 'Authorization' in
Computer Misuse Statutes. New York University Law Review, 78, no. 5: 1596-668.