Kalinga University Faculty of Law

Download as pdf or txt
Download as pdf or txt
You are on page 1of 46

Kalinga University

Faculty of Law

Course-LLM
Subject- Cyber
TORTS
Subject Code–LLMCL204 SEM.-2ND

Unit 3

Very Short Answer type questions


What do you understand by cyber crime?

Cybercrime is criminal activity done using computers and the Internet. Perhaps the most
prominent form of cybercrime is identity theft, in which criminals use the Internet to steal
personal information from other users. Two of the most common ways this is done is through
phishing and harming.
Cybercrime, or computer-oriented crime, is a crime that involves a computer and a network.
The computer may have been used in the commission of a crime, or it may be the target.

1. List out top 5 cyber crimes?

The followings are top 5 cyber crimes:

1. Phishing scams. Phishing is a practice of a cybercriminal or hacker attempting to obtain


sensitive or personal information from a computer user.
2. Identity Thefts cams.
3. Online Harassment.
4. Cyber stalking.
5. Invasion of privacy

1
2. What are the types of cyber crime that can be committed against persons?

Cybercrime is growing at the same rapid rate as new people getting connected to the digital
world. Cybercrime against individuals

This is the one that directly affects any person or their properties. Examples of this type of
cybercrime include but are not limited to: social engineering, phishing, and email harassment,
cyber stalking and spreading illegal adult materials. Let’s look at the most popular ways to
prevent cybercrime in your computer systems:

 Keep your software updated


 Use different/strong passwords
 Use antivirus and anti-malware software
3. What is Hacking?

Hacking refers to activities that seek to compromise digital devices, such as computers, smart
phones, tablets, and even entire networks. And while hacking might not always be for
malicious purposes, nowadays most references to hacking, and hackers, characterize it/them
as unlawful activity by cybercriminals—motivated by financial gain, protest, information
gathering (spying), and even just for the “fun” of the challenge. Hacking is typically technical
in nature (like creating advertising that deposits malware in a drive-by attack requiring no
user interaction).

4. What is digital forgery?

Digital forgery involves falsely altering digital contents such as pictures and documents.
Digital forgery has occurred for many years and still remains a relevant topic today. We see it
every day in newspapers, magazines, the television, and even the internet. Whether altering
the way someone looks, using digital photography in a courtroom, or even bringing a
celebrity back from the dead, digital photography and digital television stimulate countless
questions and queries about the ethics and morals of digital forgery, with respect to today’s
technology, and the involvement of digital forgery in our daily lives.

5. What do you understand by the term Hacker?

2
People, not computers, create computer threats. Computer predators victimize others for their
own gain. Give a predator access to the Internet — and to your PC — and the threat they pose
to your security increases exponentially. Computer hackers are unauthorized users who break
into computer systems in order to steal, change or destroy information, often by installing
dangerous malware without your knowledge or consent. Their clever tactics and detailed
technical knowledge help them access the information you really don’t want them to have.

6. What is Cyber stalking?


Cyber stalking is the use of the Internet or other electronic means to stalk or harass an
individual, group, or organization.
It may in accusations, defamation slander and libel. It may also include monitoring, identity
theft, threats, vandalism, solicitation for sex, or gathering information that may be used to
threaten, embarrass or harass. Cyber stalking is a criminal offense under various state anti-
stalking, slander and harassment laws. A conviction can result in a restraining order,
probation, or criminal penalties against the assailant, including jail.
7. What is cyber harassment?

Cyber harassment is a form of bullying or harassment using electronic means. Cyber bullying
and cyber harassment are also known as online bullying. It has become increasingly common,
especially among teenagers, as the digital sphere has expanded and technology has advanced.
Cyber bullying is when someone, typically a teenager, bullies or harasses others on the
internet and in other digital spaces, particularly on social media sites.
Harmful bullying behavior can include posting rumors, threats, sexual remarks, victims
‘personal or pejorative labels (i.e. hate speech). Bullying or harassment can be identified by
repeated behavior and intent to harm. Victims of cyber bulling may experience lower self-
esteem, increased suicidal ideation, and a variety of negative emotional responses including
being scared, frustrated, angry, or depressed.

8. What is cyber pornography?


Cyber pornography is the act of using cyberspace to create, display, distribute, import, or
publish pornography or obscene materials, especially materials depicting children engaged in

3
Sexual acts with adults. Cyber pornography is a criminal offense, classified as causing harm
to persons.
One of the biggest publicized catches of child pornography perpetrators was launched in May
2002 and called Operation Ore. After the FBI accessed the credit card details, email
addresses, and home addresses of thousands of pornographers accessing a British child
pornography site, the particulars were given to the British police for investigation.
9. List out few examples of cyber stalking?
They are as follows:
a. Cat fishing occurs on social media sites when online stalkers create fake user profiles and
approach their victims as a friend of a friend or expressing romantic interest
b. Monitoring location check-ins on social media - If you’re adding location check-ins to your
Face book and Instagram posts, you’re making it super easy for a cyber stalker to track you
by simply scrolling through your social media profiles.
c. Visiting you virtually via Google Maps Street View- - Cyber stalkers can also virtually
research your environment, surrounding houses, cameras, and alleys, to get a sense about the
neighbors. For more tech-savvy stalkers, knowing the address of the victim is not even
necessary.
10. What do you understand by Identity Theft?
Identity theft is the crime of obtaining the personal or financial information of another person
for the sole purpose of assuming that person's name or identity to make transactions or
purchases. Identity theft is committed in many different ways. Some identity thieves sift
through trash bins looking for bank account and credit card statements; other more high-tech
methods involve accessing corporate databases to steal lists of customer information. Once
they have the information they are looking for, identity thieves can ruin a person's credit
rating and the standing of other personal information.
11. What is Cyber terrorism?
Cyber terrorism is the use of the Internet to conduct violent acts that result in, or threaten, loss
of life or significant bodily harm, in order to achieve political or ideological gains through
threat or intimidation. It is also sometimes considered an act of Internet terrorism where
terrorist activities, including acts of deliberate, large-scale disruption of computer networks
especially of personal computers attached to the Internet by means of tools such as computer
viruses, computer worms, phishing, and other malicious software and hardware methods and
programming scripts.

4
12. Define Cyber Defamation?
The term ‘Cyber Defamation’ basically means publishing of false statement about an
individual in cyberspace that can injure or demean the reputation of that individual. In India,
defamation can be contemplated as both civil and criminal offence, and thus legal remedies
are provided to the victims by the Indian judiciary system.
13. What are the different types of Identity theft?
Types of identity theft include criminal, medical, financial and child identity theft. In criminal
identity theft, a criminal misrepresents himself as another person during arrest to try to avoid
a summons, prevent the discovery of a warrant issued in his real name or avoid an arrest or
conviction record.
a) In medical identity theft, someone identifies himself as another person to obtain free
medical care.
In financial identity theft, someone uses another person's identity or information to obtain
credit, goods, services or benefits. This is the most common form of identity theft.
b) In child identity theft, someone uses a child's identity for various forms of personal gain.
c) Synthetic identity theft allows the criminal to steal money from any credit card companies
or lenders who extend credit based on the fake identity.
14. What do you understand by Identity fraud?
Identity fraud is the use by one person of another person's personal information, without
authorization, to commit a crime or to deceive or defraud that other person or a third person.
Most identity fraud is committed in the context of financial advantage, such as accessing a
victim's credit card, bank or loan accounts.
False or forged identity documents have been used in criminal activity (such as to gain access
to security areas) or in dealings with government agencies, such as immigration. Often today,
the identities of real persons are used in the preparation of these false documents.
15. Who is adjudicating officer under IT Act2000?
The adjudicating officer appointed under section 46 is a quasi-judicial authority. It is clear
that the adjudicating officer is vested with significant judicial powers, including the power to
enforce certain criminal penalties, and is an important quasi-judicial authority.

16. Whether Identity theft is theft within the meaning of IPC, 1860
Although by its name, identity theft is a kind of theft of specific kind involving user data, it is
not governed by Section 378 (theft) of the IPC. This is because it caters to only movable

5
Property or such property which is capable of being severed from the earth and is tangible in
nature (Section 22 of IPC).
Electricity has been included within the ambit of theft but in the case of the State, the
Supreme Court held that it is because of Section 39 of the Electricity Act and there was no
intention of widening the scope of Section 378 of the IPC.
Hence, although identity information is in the form of binary data signals of zeros and ones,
governed by streams of electronic waves like electricity, Section 378 cannot be read to
include data or identity theft.
17. Defamation Vs Free Speech. Comment
Freedom of Speech and Expression, as provided by the Constitution under Article 19 (1) (a),
provides that all citizens shall have the right to freedom of speech and expression. However,
such freedom is subject to reasonable restriction. The protection of reputation of another
person falls within the ambit of reasonable restriction and any comment or remark which
hampers the reputation of another person (unless the statement is true) would invite liability
under the law of defamation.
18. Where and when to lodge a complaint in case of Cyber defamation?
Any person aggrieved of cyber defamation can lodge a complaint to the Cyber Crime
Investigation Cell at the National Cyber Crime Reporting Portal. However, it is pertinent to
note that lodging a cyber defamation complaint against a person is one of a serious nature,
since the act of filing a complaint also brings the reputation of the accused in the line of fire.
Further, the onus of proving that he / she has been defamed lies entirely with the complainant
and if he / she is unable to do so, the defendant shall have right to sue for defamation, false
and frivolous complain, and damages thereto.
SECTION B
Short Answer type questions
What is cyber crime? What are the different kinds of cyber crimes?

In plain English, cybercrime is crime committed on the Internet, on local networks, or even
against isolated computers. It can affect any of your digital devices (including PCs,
notebooks, smart TVs, tablets, smart phones, home electronic systems, etc). Cybercrime also
refers to any activity where crime is committed using any computer system.

Cyber criminals are publicly known as hackers, although the term is technically inaccurate,
the correct term is “cracker”.

6
Types of Cyber Crimes:

a) Cyber stalking

Cyber stalking is a form of cyber bullying, where an individual tries to threaten or harass
other persons by using computer systems connected to the Internet. Most cyber stalking cases
involve using anonymous communication systems such as email, social networks, instant
messaging applications, etc.; anything relying on anonymity to protect the cyber stalker’s true
identity.

b) Social engineering

Social engineering is one of the most classic types of cyber attack that can be launched
against individuals or organizations. It involves manipulating people to get valuable
information that can later be used to illegally log into private protected systems or networks.

c) Flood attacks

Flood attacks include Does and Dodos attacks. They’re usually launched by bonnets that can
target your domain names and IP addresses.

d. Identity theft

Also known as identity fraud, this is one of the worst scenarios that can befall a victim of
cybercrime. It starts with someone stealing your identity, allowing digital criminals to use
identifiable data including your name, driver’s license, social security information and more
— To commit fraud, steal property.

1. Write short notes on cyber crimes against individuals.

Cybercrime is defined as a crime where a computer is the object of the crime or is used as a
tool to commit an offense. A cybercriminal may use a device to access a user’s personal
information, confidential business information, government information, or disable a device.
It is also a cybercrime to sell or elicit the above information online.

Types of Cyber Crimes against individuals.

7
a) Cyber stalking

Cyber stalking is a form of cyber bullying, where an individual tries to threaten or harass
other persons by using computer systems connected to the Internet. Most cyber stalking cases
involve using anonymous communication systems such as email, social networks, instant
messaging applications, etc.; anything relying on anonymity to protect the cyber stalker’s true
identity.

b) Social engineering

Social engineering is one of the most classic types of cyber attack that can be launched
against individuals or organizations. It involves manipulating people to get valuable
information that can later be used to illegally log into private protected systems or networks.

c) Flood attacks

Flood attacks include Does and Dodos attacks. They’re usually launched by bonnets that can
target your domain names and IP addresses.

d. Identity theft
Also known as identity fraud, this is one of the worst scenarios that can befall a victim of
cybercrime. It starts with someone stealing your identity, allowing digital criminals to use
identifiable data including your name, driver’s license, social security information and more
— to commit fraud, steal property.

2. How to protect yourself against cybercrimes.

The most popular ways to prevent cybercrime in your computer systems:

d. Keep your software updated

This is a critical requirement for any computer system and application. Always keep your OS
system, services and applications updated to have the latest bugs and vulnerabilities patched.
This advice applies to smart phones, tablets, local desktop computers, notebooks, online
servers and all applications they run internally.

e. Enable your system firewall

8
Most operating systems include a full pre-configured firewall to protect against malicious
packets from both the inside and the outside. A system firewall will act as the first digital
barrier whenever someone tries to send a bad packet to any of your open ports.

f. Use different/strong passwords

Never use the same password on more than one website, and always make sure it combines
letters, special characters and numbers.

g. Use antivirus and anti-malware software

This is an excellent measure for both desktop and corporate users. Keeping antivirus and anti-
malware software up to date and running scans over local storage data is always
recommended.

h. Activate your email’s anti-spam blocking feature

A lot of computer hacking takes place whenever you open an unsolicited email containing
suspicious links or attachments. First things first: enable the anti-spam feature of your email
client; and second (and most important): never open links or attachments from unsolicited
recipients. This will keep you safe from phishing attacks and unwanted infections.

i. Encrypt your local hard disk

Digital crime doesn’t only occur on the Internet — suppose someone breaks into your house
and steals your notebook. That’s why the best way to protect your data will always be to
encrypt your hard drive, so in case criminals want to take a look at your drive content, they
won’t be able to.

j. Shop only from secure and well-known websites

To prevent you from being a victim of man-in-the-middle attacks and crimes against your
credit cards or online wallets, first make sure that the site you’re shopping on is encrypted
with HTTPS. Also make sure you’re shopping on a well-known site, such as Amazon, EBay,
Wal-Mart, etc.
3. Who is a hacker? What are the things that a hacker can do?

9
People, not computers, create computer threats. Computer predators victimize others for their
own gain. Give a predator access to the Internet — and to your PC — and the threat they pose
to your security increases exponentially. Computer hackers are unauthorized users who break
into computer systems in order to steal, change or destroy information, often by installing
dangerous malware without your knowledge or consent. Their clever tactics and detailed
technical knowledge help them access the information you really don’t want them to have.
While your computer is connected to the Internet, the malware a hacker has installed on your
PC quietly transmits your personal and financial information without your knowledge or
consent. Or, a computer predator may pounce on the private information you unwittingly
revealed. In either case, they will be able to:

 Hijack your usernames and passwords


 Steal your money and open credit card and bank accounts in your name
 Ruin your credit
 Request new account Personal Identification Numbers (PINs) or additional credit cards
 Make purchases
 Add themselves or an alias that they control as an authorized user so it’s easier to use
your credit
 Obtain cash advances
 Use and abuse your Social Security number
 Sell your information to other parties who will use it for illicit or illegal purposes
Predators who stalk people while online can pose a serious physical threat. Using extreme
caution when agreeing to meet an online “friend” or acquaintance in person is always the best
way to keep safe.

4. What are the types of hackers? Explain in brief.

Hackers can be classified into three different categories:


1. Black Hat Hacker
2. White Hat Hacker
3. Grey Hat Hacker

10
Black Hat Hacker

Black-hat Hackers are also known as an Unethical Hacker or a Security Cracker. These
people hack the system illegally to steal money or to achieve their own illegal goals. They
find banks or other companies with weak security and steal money or credit card information.
They can also modify or destroy the data as well. Black hat hacking is illegal.

White Hat Hacker

White hat Hackers are also known as Ethical Hackers or a Penetration Tester. White hat
hackers are the good guys of the hacker world.

These people use the same technique used by the black hat hackers. They also hack the
system, but they can only hack the system that they have permission to hack in order to test
the security of the system. They focus on security and protecting IT system. White hat
hacking is legal.

Gray Hat Hacker

Gray hat Hackers is Hybrid between Black hat Hackers and White hat hackers. They can
hack any system even if they don't have permission to test the security of the system but they
will never steal money or damage the system.

In most cases, they tell the administrator of that system. But they are also illegal because they
test the security of the system that they do not have permission to test. Grey hat hacking is
sometimes acted legally and sometimes not.
5. Explain in brief digital forgery.
Digital forgery involves falsely altering digital contents such as pictures and documents.
Digital forgery has occurred for many years and still remains a relevant topic today. We see it
every day in newspapers, magazines, the television, and even the internet. Whether altering
the way someone looks, using digital photography in a courtroom, or even bringing a
celebrity back from the dead, digital photography and digital television stimulate countless
questions and queries about the ethics and morals of digital forgery, with respect to today’s
technology, and the involvement of digital forgery in our daily lives.
Picture-editing software often comes readily installed with most current computers, meaning
that most people with current computers or lap tops have access to technology for digital

11
Editing. Social networking websites, such as facebook.com and myspace.com, give users the
ability to post up almost any type of picture or photo, regardless of whether the picture has
undergone some type of alteration. Though often misleading, especially in the cases of digital
forgery with pictures of the actual user, the question of whether the altering of the picture
itself is right or wrong depends on the users viewing the image and their opinions. Depending
on the intent of those who partake in digital forgery, the misleading appearances of digital
forgery could potentially be detrimental to the other people. Hypothetically, a user of a social
networking website might try to establish a relationship with another user based on the
viewing of digitally altered pictures or photographs of that user.

For example, identity theft, where a person forges the signature of another, is a felony and is
punishable by a fine and some years of imprisonment. Digital forgery involves changing
elements of a document or image and representing the changes as true copies of the original.

6. How can you protect yourself from cyber stalking?

As frightening as cyber stalking is, there are quite a few ways you can protect your privacy
online.

a) Review your privacy settings on social media sites. Adjust your settings so only people
from your friends’ list can see your photos, updates and personal info. Also, avoid accepting
strangers to your social media networks.

b) Feeling tempted to tag the location of that really cool coffee place you’re at?

c) Face book events are great for planning, but they can also be the worst in terms of
privacy. When appearing in the feed, they can show your stalker where and when to find you
and indicate your interests.

d) Set strong and unique passwords for your online accounts and don’t share them with
anyone.

e) Enable two-factor authentication (2FA) where possible to get an extra layer of security.
This way, even if someone gets a hold of your credentials, they won’t be able to hack your
account.

12
f) Cyber stalkers can exploits the poor security of public Wi-Fi networks to snoop on your
online activity. Therefore, avoid sending private emails or sharing your sensitive information
when connected to unsecured public Wi-Fi.

7. Explain in brief legal status of cyber pornography in India?

Cyber pornography is in easy words defined as the act of by means of cyberspace to generate,
display, import, distribute, or obscene materials or publish pornography. With the coming on
of cyberspace, traditional pornographic comfortable has now been for the most part replaced
by online/digital pornographic comfortable.

Cyber pornography is forbidden in many countries & legalized in some. In India, In the
Information Technology Act, 2000, this is a grey region of the law, where it is not illegal but
not legalized either.

There is one case in which presentation Cyber pornography is carrying a punishment of with
imprisonment up to 5 years & fine up to 10 lakhs. Where the comfortable contains children
attractive with one an additional or with adults in sexually clear acts. Downloading Child
pornography online is also a carrying a punishment of offence under the Information
Technology Act. The formation of child pornography is also carrying a punishment of under
the Act.

Under Section 67 of the Information Technology Act, 2000 making, transmitting and
distribution of cyber pornography is an offence. However, browsing and viewing online
pornography is not punishable. Making, distributing and even browsing Online Child
Pornography is punishable under cyber laws.

8. Throw some light on Section 67 and Section 67 A of Information Technology Act?


Cyber pornography is banned in many countries but legalized in some. Cyber Pornography is
neither banned nor legalized under the IT Act, 2000. The IT Act prohibits the production and
distribution of cyber pornography but does not prohibit the viewing or downloading of
pornographic content if it is not child pornography.
Section 67 of the Information Technology Act, 2000 makes the following acts punishable
with imprisonment up to 3 years and a fine up to 5 lakhs:

13
1. Publication– It includes uploading of pornographic content on a website, WhatsApp
group or any other digital portal where third parties can have access to such pornographic
content.
2. Transmission– It means to send obscene material to any person electronically.
3. Causing to be published or transmitted– It is a comprehensive terminology which would
end up making the intermediary portal liable, using which the offender has published or
transmitted such obscene content. The Intermediary Guidelines under the Information
Technology Act put an onus on the Intermediary/Service Provider to exercise due diligence
to ensure that their portal is not being misused.
Section 67A of the Information Technology Act makes publication, transmission and causing
to be transmitted and published any material containing sexually explicit act or conduct
punishable with imprisonment up to 5 years and a fine up to ₹10 lakhs.

9. Write short notes on Cyber Defamation.

The term ‘Cyber Defamation’ basically means publishing of false statement about an
individual in cyberspace that can injure or demean the reputation of that individual. In India,
defamation can be contemplated as both civil and criminal offence, and thus legal remedies
are provided to the victims by the Indian judiciary system.

Cyber defamation involves defaming a person through a new and far more effective method
such as the use of modern Electronic devices. It refers to the publishing of defamatory
material against any person in cyberspace or with the help of computers or the Internet.

E.g.: If a person publishes any kind of defamatory statement against any other person on a
website or sends E-mails containing defamatory material to that person to whom the
statement has been made would tantamount to Cyber defamation.
As per section 65A and 65B of the Indian Evidence Act –

1. Any electronic record printed on a paper or recorded or copied in optical or magnetic


media shall be considered as a document and shall be admissible by court.
2. Online chats are also admissible.
3. Electronic mails are also admissible.

14
10. Identity Theft vs. Identity Fraud. Bring out the difference.
Technology now enables criminals to commit identity theft on a broad scale — hacking into
business and government computer systems, for instance, to steal the personal information of
millions of people at once. The hackers can then use the stolen personal information, such as
full names, birthdates, and Social Security numbers, to commit their crimes.
Identity Theft:
There are many other ways criminals can steal your personal information, including:

 Phishing: Fraudsters email intended victims, hoping to trick the recipient into taking
action that might give the criminals access to significant amounts of personal information.
 Malware: Using the lure of “something for nothing,” fraudsters attempt to trick their
would-be victims into downloading free software from the Internet. What the victims might
not realize is that the free software can include malicious software, or malware, that can give
the criminals access to the victims’ computers or entire networks.
 Low-tech tactics: Even without the somewhat sophisticated skills required for a
technology-based attack, criminals can still commit identity theft. Mail theft and dumpster
diving are two simple ways identity thieves can put their hands on documents containing
personal information that can be used to steal others ‘identities.
Identity fraud?
Identity theft and fraud usually refer to the same crime. Still, one could make the case that the
fraud is the actual use of the stolen information for illicit gain.Eg:

 Credit card fraud: Using someone else’s credit card or credit card number to make
fraudulent purchases
 Employment or tax-related fraud: Using someone else’s Social Security number and other
personal information to gain employment or file an income tax return
 Phone or utilities fraud: Using another person’s personal information to open a cell phone
or utility account
 Bank fraud: Using someone else’s personal information to take over an existing financial
account or to open a new account in someone else’s name
 Loan or lease fraud: Using someone else’s personal information to obtain a loan orlease
 Government documents or benefits fraud: Using someone else’s personal information to
obtain government benefits

15
Another type of identity fraud is criminal identity fraud, which occurs when someone cited or
arrested for a crime presents himself as someone else by using that person’s name and
identifying information.

11. What are the different examples of Identity theft?

Here are many different examples of identity theft, including the following:

a) Financial identity theft. This is the most common type of identity theft. Financial identity
theft exploits seek economic benefits by using a stolen identity.

b) Tax-related identity theft. In this type of exploit, the criminal files a false tax return with
the Internal Revenue Service (IRS) using a stolen Social Security number.

c) Medical identity theft. In this type of identity theft, the thief steals information, including
health insurance member numbers, to receive medical services. The victim's health insurance
provider may get the fraudulent bills, which will be reflected in the victim's account as
services he received.

d) Criminal identity theft. In this example, a person under arrest gives stolen identity
information to the police. Criminals sometimes back this up with a fake ID or state-issued
documents containing stolen credentials. If this type of exploit is successful, the victim is
charged instead of the thief.

e) Child identity theft. In this exploit, a child's Social Security number is misused to apply
for government benefits, opening bank accounts and other services. Children's information is
often sought after by criminals because the damage may go unnoticed for a longtime.

f) Senior identity theft. This type of exploit targets people over the age of 60. Because
senior citizens are often identity theft targets, it is especially important for this segment of the
population to stay on top of the evolving methods thieves use to steal information.

g) Identity cloning for concealment. In this type of exploit, a thief impersonates someone
else in order to hide from law enforcement or creditors. Because this type isn't explicitly
financially motivated, it's harder to track, and there often isn't a paper trail for law
enforcement to follow.

h) Synthetic identity theft. In this type of exploit, a thief partially or completely fabricates an
identity by combining different pieces of PII from different sources. For example, the thief

16
May combine one stolen Social Security number with an unrelated birth date. Usually, this
type of theft is difficult to track because the activities of the thief are recorded files that do
not belong to a real person.

12. What is Section 66F of Information Technology Act?


66-F. Punishment for cyber terrorism.—
(1) Whoever,—
(A) with intent to threaten the unity, integrity, security or sovereignty of India or to strike
terror in the people or any section of the people by—
(i) denying or cause the denial of access to any person authorized to access computer
resource; or
(ii) attempting to penetrate or access a computer resource without authorization or exceeding
authorized access; or
(iii) introducing or causing to introduce any computer contaminant,
and by means of such conduct causes or is likely to cause death or injuries to persons or
damage to or destruction of property or disrupts or knowing that it is likely to cause damage
or disruption of supplies or services essential to the life of the community or adversely affect
the critical information infrastructure specified under Section 70; or
(B) knowingly or intentionally penetrates or accesses a computer resource without
authorization or exceeding authorized access, and by means of such conduct obtains access to
information, data or computer database that is restricted for reasons of the security of the
State or foreign relations; or any restricted information, data or computer database, with
reasons to believe that such information, data or computer database so obtained may be used
to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the
security of the State, friendly relations with foreign States, public order, decency or morality,
or in relation to contempt of court, defamation or incitement to an offence, or to the
advantage of any foreign nation, group of individuals or otherwise,
commits the offence of cyber terrorism.
(2) Whoever commits or conspires to commit cyber terrorism shall be punishable with
imprisonment which may extend to imprisonment for life.]

14. What are the objectives of the Information Technology Act, 2000?

The primary objectives of the IT Act, 2000 are:

17
a. Granting legal recognition to all transactions done through electronic data exchange, other
means of electronic communication or e-commerce in place of the earlier paper-based
communication.
b. Providing legal recognition to digital signatures for the authentication of any information
or matters requiring authentication.
c. Facilitating the electronic filing of documents with different Government departments and
also agencies.
d. Facilitating the electronic storage of data
e. Providing legal sanction and also facilitating the electronic transfer of funds between
banks and financial institutions.
f. Granting legal recognition to bankers for keeping the books of accounts in an electronic
form.Further, thisisgrantedundertheEvidenceAct, 1891andtheReserveBankofIndiaAct, 1934.

15. What are the features of the Information Technology Act, 2000?

Features of the Information Technology Act, 2000 are as follows

a. Allelectroniccontractsmadethroughsecureelectronicchannelsarelegallyvalid.
b. Legal recognition for digital signatures.
c. Securitymeasuresforelectronicrecordsandalsodigitalsignaturesareinplace
d. A procedure for the appointment of adjudicating officers for holding inquiries under the
Act is finalized
e. Provision for establishing a Cyber Regulatory Appellant Tribunal under the Act. Further,
this tribunal will handle all appeals made against the order of the Controller or Adjudicating
Officer.
f. An appeal against the order of the Cyber Appellant Tribunal is possible only in the High
Court
g. Digital Signatures will use an asymmetric cryptosystem and also a hash function
h. Provision for the appointment of the Controller of Certifying Authorities (CCA) to license
and regulate the working of Certifying Authorities. The Controller to act as a repository of all
digital signatures.
i. The Act applies to offences or contraventions committed outside India

18
j. Senior police officers and other officers can enter any public place and search and arrest
without warrant
k. Provisions for the constitution of a Cyber Regulations Advisory Committee to advise the
Central Government and Controller.

16. List out few judgments which highlights the role of Judiciary in issues related to
Cyber Defamation.
In its first ever case on Cyber Defamation in SMC Pneumatics (India) Pvt. Ltd. v. Jogesh
Kwatra, wherein a disgruntled employee sent derogatory, defamatory, vulgar and abusive
emails to the company’s fellow employers and to its subsidiaries all over the world with an
intent to defame the company along with its managing director, the High Court of Delhi
granted ex-parte ad interim injunction restraining the defendant from defaming the Plaintiff in
both the physical and in the cyber space.
Further, in the case of Kalandi Charan Lenka v. State of Odisha, the Petitioner was stalked
online and a fake account was created in her name. Additionally, obscene messages were sent
to the friends by the culprit with an intention to defame the Petitioner. The High Court of
Orissa held that the said act of the accused falls under the offence of cyber defamation and
the accused is liable for his offences of defamation through the means of fake obscene images
and texts.
In another case, M/S Spentex Industries Ltd. & Anr. vs. Pulak Chowdhary, the petitioner had
filed for a compulsory and prohibitory injunction along with the recovery of Rs. 50,00,000/
as damages for loss of reputation and business due to defamatory emails sent by the
defendant to the International Finance Corporation, World Bank, President of Republic of
Uzbekistan and UZEREPORT (a news website portal and publisher of monthly news
reports).
The case was filed in the year 2006 and was concluded in 2019 wherein the Humble Delhi
District Court decreed that the Plaintiffs be awarded 1/10th of the cost (Rs. 5,00,000/-) as well
as the cost of the suit to be borne by the defendants. Further it decreed that the defendant is
restrained from making false and defamatory statements, whether written or oral.

SECTION C

Long Answer type questions


What are the different types of cyber crimes?

19
Here are some of the most common ways systems and networks get attacked every day.

k. Identity theft

Also known as identity fraud, this is one of the worst scenarios that can befall a victim of
cybercrime. It starts with someone stealing your identity, allowing digital criminals to use
identifiable data including your name, driver’s license, social security information and more
— To commit fraud, steal property, misappropriate goods or use services in your name.

l. Bonnets

The word “bonnet” comes from the roots “bot” and “network,” and it’s used to refer to a
large number of controlled computers (bots) linked over a network (Internet). These botnets
are used to spread malicious files and software, infects other systems, launch DDoS attacks,
steal data, and send spam campaigns and more.

m. Cyber stalking

Cyber stalking is a form of cyber bullying, where an individual tries to threaten or harass
other persons by using computer systems connected to the Internet.

Most cyber stalking cases involve using anonymous communication systems such as email,
social networks, instant messaging applications, etc.; anything relying on anonymity to
protect the cyber stalker’s true identity.

n. Social engineering

Social engineering is one of the most classic types of cyber attack that can be launched
against individuals or organizations. It involves manipulating people to get valuable
information that can later be used to illegally log into private protected systems or networks.
The primary motivation behind social engineering is often to steal money, financial data
(such as bank account or credit card information), and other sensitive information from a
company or customer.

o. Flood attacks

20
Flood attacks include DoS and DDoS attacks. They’re usually launched by botnets that can
target your domain names and IP addresses, in an effort to flood them with malicious requests
that overload the servers, leading to service failure and connectivity interruption for valid,
legitimate system users.

p. Potentially unwantedprograms

Potentially unwanted programs, also known as PUP, refers to software you never officially
requested, but has been installed nevertheless. This type of software usually arrives bundled
in other software that you actually have agreed to download. Most victims of this type of
attack can blame cracked/pirated software. Common examples of this type of cybercrime are
adware, spyware, dialers and malware.

q. Exploit kits

Exploit kits use a software toolkit to target vulnerabilities found in remote software. A
common example is the act of silently exploiting Flash or Java vulnerabilities in order to hack
a website, then redirecting traffic to malicious pages.

r. Phishingattacks

Phishing attacks are a form of social engineering used to trick users into providing their login,
password, and other sensitive/personal information.

Most phishing campaigns are performed by sending massive spam emails with links to
maliciously-hacked websites that look like real ones (such as financial institutions, banks,
online wallets, etc). Once users log into these fake websites, your login details are stored in
the attackers’ remote database. They can then use your credit card, bank account or email
services.

s. Illegalcontent

The Internet is full of illegal content: this includes all content prohibited by international laws
from around the world. Examples of illegal content include child and animal-related sexual
material, online prostitution services, selling drugs online and copyrighted materials (such as
videos, music, books, software, etc).

21
t. Onlinescams

Cyber scams, or online scams, involve fraudulent business offering fake services, goods or
rewards to unwitting victims. Examples of online scams are charity fraud, gambling fraud,
ponzi schemes, online ticket frauds, fake gift cards, automotive fraud and more.

1. What are the impacts of cyberattacks on financialinstitutions.

With the emerging trends in business most of the companies are depending on digital money,
electronic data and computer networks where all of the personal and financial information is
stored. By these trends theft tactics have also been upgraded. Cybercrime is one of the major
challenges today. Major cyberattack in the recent years not only caused financial loss but also
leaked other sensitive information.

According to Group-IB expert evaluations, almost 99% of all cybercrimes in the world now
involve money theftDigital Money “Electronic money (also e-Money or digital money) are
traditional currency in a digital format. They are issued by the government, are regulated and
legal tender in the country of issue.

Types of Attackers Attackers generally fall into three broad categories: The financially
motivated attacker who intends to compromise systems to conduct theft or fraud
electronically. The espionage motivated attacker who intends to steal information to sell
onto a third party. The politically motivated attacker who intends to compromise
information or systems to achieve a goal shared within a group.

Financial Institution Financial institutions are corporations which provide services as


intermediaries of financial markets . A financial institution is responsible for the supply of
money to the market through the transfer of funds from investors to the companies in the
form of loans, deposits, andinvestment.
Evidences conclude that cyber-attacks impact on financial institutions in the following ways:
u. DirectLoss
v. IndirectLoss

Demonstrating the possible losses as a consequence of cyber-attack on financial institution.

22
a. Cyber criminals gain remote access to the systems where they canadminister.
b. They can cause a financial loss (by making falsetransaction).
c. They can steal the confidential information and they can sale it, even they can use it for
spying orterrorism.
d. They can target customers by attacking onorganization.
e. It may result into customer frustration or customer identitytheft.
f. Organization’s public image can be destructed for insufficientinformation
g. securitycompliance.

It has been witnessed that every time cyber criminals use a tool or a tactic to break security. It
could be in form of malware, DDos attack, Phishing, drive by download or password stealing.
There is no way to escape from the fact that the most target organizations are financial
institutions because money, information and public are most associated with them. It can be
concluded that banks as a financial institution contain higher cyber risk as compare to other
institutions. Most of the time motive of cyber criminals is to gain financial advantage or to
frustrate the customers. But institutions can fight by working very actively. Organizations
must be updated with latest tools and tactics used by hacker to gain any illegal advantage. In
addition to the above, white hat hackers report the organizations from cyber threat.

2. Throw some light on cyber crimes against individuals in India and the ITAct.
Due to the Home PC the use of computers has grown widely, such computers can become
target of crime either in the physical or in the virtual manner, i.e. parts of the computer can be
stolen example the hard disk thus leading to physical break-ins. Unauthorized access to the
computer leading to confidential data loss will amount to virtual targeting of the computer,
this will amount to a crime of data theft, which is termed as hacking in the ordinary parlance.
Other forms of crimes in which the computer is the target include offences such as –
Blackmail based on the information stolen in the form of medical information, personal data
etc. this category can also include offences like the theft of Intellectual property, or important
data of corporations like the marketing information etc. Further these crimes could also be
committed with a mean intent by causing impediments in the business operation. Gaining
access to the government records and making false passports, driver’s licenses, manipulating
the tax record, land record, accessing the intelligence files etc.

23
Cyber Crimes against Individuals: Against Individuals: – Harassment via e-mails a) Email
spoofing (Online a method of sending e-mail using a false name or e-mail address to make it
appear that the e-mail comes from somebody other than the true sender.) b) Cyber
pornography (exm.MMS) Cyber-stalking. Dissemination of obscene material.
Defamation. Unauthorized control/access over computer system. Indecent exposure
Email spoofing Cheating& Fraud Breach of Confidentiality
Economic crimes: This is one of the most widely committed crimes and with the society with
every passing day more and more members of the society accepting e-commerce as a means
to do commerce, crime through the virtual medium will be the one of the major dilemma
which will necessarily be required to be contained through the agency of law. Major
economic crimes under this classification are: Hacking, Virus, Cyber frauds, Software piracy
and violation of copyrights, Industrial espionages by rival corporations Forgery and
counterfeitingetc.
National Security: E–mail as it’s is popularly referred to started becoming utilized for
military applications. With the development of the World Wide Web this technology was
inducted in the public domain. This is the starting point where the virtual medium started
being utilized for criminal activities, and with the growth of terrorism, the terrorists also have
adopted this technology. T
Cyber Pornography: This form includes act of publishing and printing pornographic material
and the use of the internet to transmit such pornographic material. The Air Force Balbharti
School New Delhi case is the first case to be registered in India u/s 67 of the IT Act 2000.
Propaganda of Racial and Hate Crimes: The internet is being used as a platform by terrorist
groups for spreading their ideology instance of which are anti Jews groups, Muslim
fundamentalists and such other groups have stated using internet for propagating violence
against target groups.
Criminal Liability under Indian Criminal Law and the Information Technology Act 2000:
The Indian Criminal Law hovers around the Indian Penal Code, tough there are other statutes
which provide for criminal liability, but the Indian Penal Code is the sole authority in regards
of deciding the conditions required of fulfill criminal liability.
Following are some precautionary Measures to avoid Cyber Crimes against Individuals
Cyber Forensics can be used to detect cyber Evidence To make necessary amendments in
Indian laws to control on Cyber Crimes There is strong need to harmonize some sections of
ITact2000tocurbcybercrimesandIndividualstopreventcyberstalkingavoiddisclosing

24
Any information pertaining to one. This is as good as disclosing your identity to strangers in
public place Always avoid sending any photograph online particularly to strangers and chat
friends as there have been incidents of misuse of the photographs. Always use latest and
update antivirus software to guard against virus attacks. always keep back up volumes so
that one may not suffer data loss in case of virus contamination Never send your credit card
number to any site that is not secured, to guard against frauds. Always keep a watch on the
sites that your children are accessing to prevent any kind of harassment or depravation in
children. It is better to use a security programmed that gives control over the cookies and
send information back to the site as leaving the cookies unguarded might prove fatal. Web
site owners should watch traffic and check any irregularity on the site. Putting host based
intrusion detection devices on servers may do this. web servers running public sites must be
physically separate protected from internal corporate network
3. List out some digital payment scams and how can it be avoided?
Several payment-related scams have come to light in recent months. ET Wealth unravels the
modus operandi involved and tells you how to avoid being taken for a ride.

1. The remote access mobile application scam


Modusoperandi

Fraudsters, who had listed fake numbers online under an NGO's name, gained access to a
Mumbai resident’s debit card details by asking her to download Any desk, a remote desktop
software tool, which provides a third party a complete view of the user’s screen. She wanted
to transfer funds to the NGO to cremate her pet. Instead, her debit card details were
compromised and Rs 30,000 was withdrawn from her bank account.

Lessons to learn

Do not seek help from strangers to complete payment transactions. Do not download apps,
except official ones, recommended by seemingly-helpful people, even if they claim to be
bank staff.

2. Trap for gullible insurance seekers


Modusoperandi

25
In this, scammers prey on an individual’s inability to spot the difference between the official
and fake portals of the insurance regulator. A counterfeit portal going by the URL
www.irdaionline. org managed to sell fake policies to insurance seekers until the Irdai issued
an alert, and the URL was blocked.

3. Phishing smses promising income tax refund

Modusoperandi

A Mumbai-based private sector employee received a link, purportedly from the income tax
department, regarding a tax refund he was eligible for. Once he clicked on the link, he was
directed to a mobile application that got downloaded on his phone. Tricksters elicited his
account access details and siphoned off money.

Lessons to learn

The income tax department directly credits the refund to the bank account mentioned in your
I-T return form. Do not trust any messages, links, online forms or calls seeking additional
account/card details.

4. The KYC update hoax

Modusoperandi

An IAS officer in Udaipur lost Rs 6 lakh when she clicked on a fraudulent link asking her to
update her KYC. She was prompted to enter her account details and the OTP received,
following which she received messages from her bank notifying her of debits worth Rs 6
lakh.
Lessons to learn

Do not click on links received through Smashes. Rely on official websites or bank branches to
complete the process, if required.

26
5. Simpleton-crack

passwords Modusoperandi

Here, victims make hacking an effortless job for hackers. The United Kingdom’s National
Cyber Security Centre (NCSC) recently released a list of ‘most hacked’ passwords. Over 23
million accounts worldwide were breached as they had 123456 as their passwords.
Lessons to learn

While the data pertains to the UK, it is a pointer to the hazards of using passwords and PINs
that are easy to decode.

6. Fake UPI-based payment links

Modusoperandi

Fraudster asked the victim, a Pune-based trader, to transfer a nominal amount of Rs 10 to a


mobile number from his digital wallet. It was presented as ‘registration fee’ to initiate the
online purchase of a scooter. Subsequently, he received payment links where he had to enter
his UPI ID and OTP received and send it back to the fraudster. The information was used to
transfer Rs 1.53 lakh out of his accounts.

Lessons to learn

Transact only through the official BHIM or bank UPI apps. Do not use links sent by
unknown entities, even if they seem authentic.

7. Fraudulent NPCI/UPI/BHIM handles and portals

Modusoperandi

27
Myriad Twitter handles masquerade as @NPCI_BHIM official helpline handle have
mushroomed on the micro-blogging site. The fake accounts trick customers looking for help
to reveal their account, wallet or card details.

Lessons to learn

Look for verified-by-twitter blue ticks while interacting with National Payments Corporation
of India (NPCI), bank or payment wallet help lines.

8. Lack of awareness of UPI pay options

Modusoperandi

A Pane resident who wished to sell his air-cooler was tricked by a prospective buyer who
agreed to pay `9,000 through a UPI-based app. However, the latter sent a ‘pay’ request to the
former, who promptly authorized it without realizing that the amount would be debited from,
not credited to, his account.

Lessons to learn

Use of newer technologies calls for additional caution. Since UPI-based apps enable push
(pay/send) and pull (receive/collect) transactions, newer users could get confused.

4. Write a detailed note on digital forgery.

Forgery has been defined as the crime of falsely altering or manipulating a document with the
intension of misleading others. It may include the production of falsified documents or
counterfeited items. Today, we live in the digital era, where digital technology has become
predominant technology for creating, processing, transmitting, and storing information [1].
Digital forgery is falsely altering digital contents such as pictures, images, documents, and
music perhaps for economic gain. It may involve electronic forgery and identity theft. The
majority of digital forgery occurs because digitally altered pictures often appeal to the
viewers' eyes. And with the availability of powerful, affordable picture-processing software

28
(such as Adobe Photoshop, Adobe Premiere, Corel Draw, or GIMP), one can alter almost
anything in a photo. For example, images of children (child pornography) involved in
sexually explicit conduct can be created from innocent images, or even without the
involvement of an actual child [2]. Digital techniques are notoriously more precise than
conventional means of retouching because any area of the photo can be changed pixel by
pixel. It is hard for humans to spot images that have been doctored in some way. Thus the
common saying “seeing is believing” is no longer true in this digital age.

FUNDAMENTALS
The digital image has become one of the most important means of sending and receiving
information. It is the foremost source of evidence for any event in the court of law. It is also
used in forensics investigations, military, medical records, insurance, and other fields. There
are three types of image forgery: image retouching, splicing forgery, copy-move image
forgery.
Regardless of the camera used to take pictures, image retouching can be used to get rid of any
flaws later on. Retouching manipulates the image by changing its features without making
noticeable modifications of the content. Splicing (i.e. copy paste) is a form of photographic
tampering in which there is digital splicing of two or more images into a single composite.
Perhaps the most common type of forgeries is the copy-move (i.e. cloning) forgery. In this
forgery type, a part of the image itself is copied and pasted into another part of the same
image with the aim of concealing certain features in the original images.

FORGERY DETECTION
As digital cameras replace analog ones, the need for authenticating digital images and
detecting forgeries increases. Recent advances in technology have provided methods for
detecting unethical uses of digital forgery. These include techniques for detecting cloning,
splicing, resembling artifacts, color filter-array aberrations, and chromatic aberrations.

CHALLENGES
Technological advancement particularly in the area of digital imaging has posed substantial
challenges for the law. Digital forgery weakens the evidentiary value of images. For digital
images, security and authenticity were major issues. Computational complexity is also a
major problem due to the required image processing operations.

29
CONCLUSION
Digital forgery involves changing elements of a document or image and representing the
changes as true copies of the original. A number of image forgery detection schemes have
been developed to compensate for human visual inspection, which is subjective and
unreliable. Digital image forensics is a growing research field that supports the struggle
against digital forgery and tampering.

5. Comment on Cyber Pornography and its punishment under Indian Penal Code,
1860.
Cyber Pornography has become a global problem. The government has decided to ban 827
websites that possess pornographic content following the order of Uttarakhand High Court.
However, the people especially the youngsters, are so addicted to cyber porn that they try
different means like VPN, DNS Server Change, or downloading Opera Mini that has inbuilt
VPN activation, to view cyber porn.
Cyber Pornography means the publishing, distributing or designing pornography by using
cyberspace. The technology has its pros and cons and cyber pornography is the result of the
advancement of technology. With the easy availability of the Internet, people can now view
thousands of porn on their mobile or laptops; they even have access to upload pornographic
content online.

Indian Penal Code, 1860


Section 292 of IPC prohibits the sale of obscene material. Section 292(1) explains the
meaning of “obscenity” and Section 292(2) explains the punishment for sale, distribution, etc.
of obscene materials.
Section 292(1) states that any material will be deemed obscene if it is lascivious or prurient or
any part of the material has the tendency to corrupt or deprave the people.
Section 292(2) states that a person who:

1. Sell, distributes, lets to hire, publicly exhibit or put into circulation any obscene material.
2. Imports or exports obscene material or knows that such material will be put for sale,
distribution or circulation.
3. Is involved or receives profit from any business in the course of which he has knowledge
or reason to believe that such obscene objects are for aforesaid purposes.
4. Advertises the obscene material.

30
5. Offers to do or attempts to do any act which is prohibited under the section.
On a first conviction, such a person shall be awarded either simple or rigorous imprisonment
that may extend to 2 years along with a fine that may extend to ₹2,000. On the second
conviction or person, such a person shall be awarded simple or rigorous imprisonment that
may extend to 5 years along with a fine that may extend to ₹5,000.
Section 293 of Indian Penal Code, 1860, specifies the punishment for a person who sells, lets
to hire or distributes any obscene object to any person who is below the age of 20 years. It
states that on the first conviction a person shall be awarded imprisonment which may extend
to 3 years along with the fine which may extend to ₹5,000 and on subsequent conviction,
withimprisonmentwhichmayextendto7yearsalongwiththefinewhichmayextendto
₹5,000.
6. What is Cyber Stalking? How the cases of Cyber Stalking dealt in India?
Cyber stalking is a type of a crime. In the cyber stalking there is a involvement of two
persons- Firstly, the stalker is also known as attacker who do the crime & Secondly, the
Victim who is harassed by that stalker.
Cyber stalking is also known as cyber crime. Cyber which is related to the internet and the
stalking means to browsing anyone’s online history with the help of any social media or in
other websites to know about that particular person is term as stalking. A cyber stalker’s
totally relies upon the inconspicuousness given by the internet, which allows them to stalk
their victim without being detected. The cyber stalking is totally different from the spamming
of the messages by the spammer.

Cyber stalking is a serious crime and there are many cases against it in India.
How the Case of Cyber Stalking is dealt within the Indian Laws?
Cyber stalking
Cyber stalking is a serious crime, a type of offence committed by the person’s known as the
stalkers. There are many cases filed against those persons by the victim every year in India.
In India the cases which are filed against those stalkers are majorly reported by the females,
nearly about 60% females get victimized. The stalking is majorly spotted in the two states of
India;
Firstly, Maharashtra with 1,399 cases which had a higher number of stalking. Secondly,
Delhi with around 1130 cases is filed against the stalking.
The cyber stalking cases are dealt in India by the:

31
1. Information technology act2000.
2. The criminal law (Amendment) act2013.
1. Information Technology Act2000
If any person is publishing or sending any salacious material in the form of electronic media
is to be charged under section 67 of the Act. This does not involves the determination of the
extent of liability of ISP (internet service providers) and their directors.

For the preclusion of cyber stalking the protection of the data is very important, which gets
leaked easily by the hackers. According to the amended IT act, section 43 A is added for the
inclusion of a Body corporate”, the allowing of the compensation in the case of a firm or a
company which causes any wrongful losses or gain to any person by the way of transmitting
any sensitive information and the maintenance of such type of security, then such body
corporate shall be liable to pay damages by way of compensation.
The Information Technology Act, 2000 also comes into picture when the cyber stalker posts
or sends any obscene content to the victim. Section 67 of the Information Technology Act
states that when any obscene material is published, transmitted or caused to be published in
any electronic form, then it is a crime of obscenity, punishable with imprisonment for up to 5
years with fine of up to Rs. 1 lakh. A second or subsequent conviction is punishable by
imprisonment for up to 10 years with a fine of up to Rs. 2lakh.
Section 500 of the Indian Penal Code that deals with defamation, can be applied in case of
cyber stalking in India if the stalker forges the victim’s personal information to post an
obscene message or comment on any electronic media. Section 500 criminalizes publishing
any false statement against a person or harming the person's reputation and provides
punishment for any such act with imprisonment up to 2 years, fine or both.

The first ever complaint against cyber stalking in India was filed by Ritu Kohli in 2003,
whose name and contact information was posted by her husband’s friend on a chatting site,
without her permission. She filed a complaint with the cyber cell in India under Section 509
of the Indian Penal Code for outraging her modesty.
The crime of cyber stalking in India is prominently increasing, with new cases of internet
stalking every day. With ease in accessing personal information of a person online,
cybercriminals are easily able to stalk and harass a person.
2. The criminal law (Amendment) Act,2013
The act includes Stalking” as an offence under Section 35D of the IPC (Indian penal code).

32
This act states that, any man who-
I. contacts and follows a woman or attempts to contacts such woman to proselytize personal
communication repeatedly despite of being clear indication of disinterest by such woman or;
II. Observe the use of a woman over the internet, instant messages, e-mail or any other form
of electronic communication is the offence of stalking”. Racism is also a factor in cyber
stalking.

7. Give a brief highlight of ‘Shreya Singhal v/s Union of India’.


The Supreme Court of India invalidated Section 66A of the Information Technology Act of
2000 in its entirety. The Court held that the prohibition against the dissemination of
information by means of a computer resource or a communication device intended to cause
annoyance; inconvenience or insult did not fall within any reasonable exceptions to the
exercise of the right to freedom of expression.
Facts
Police arrested two women for posting allegedly offensive and objectionable comments on
Face book about the propriety of shutting down the city of Mumbai after the death of a
political leader. The police made the arrests under Section 66A of the Information
Technology Act of 2000 (ITA), which punishes any person who sends through a computer
resource or communication device any information that is grossly offensive, or with the
knowledge of its falsity, the information is transmitted for the purpose of causing annoyance,
inconvenience, danger, insult, injury, hatred, or ill will.
Although the police later released the women and dismissed their prosecution, the incident
invoked substantial media attention and criticism. The women then filed a petition,
challenging the constitutional validity of Section 66A on the ground that it violates the right
to freedom of expression.
The Supreme Court of India initially issued an interim measure in Singhal v. Union of India,
(2013) 12 S.C.C. 73, prohibiting any arrest pursuant to Section 66A unless such arrest is
approved by senior police officers. In the case in hand, the Court addressed the
constitutionality of the provision.
Decision Overview
Justices Chelameswar and Nariman delivered the opinion of the Supreme Court of India.
The main issue was whether Section 66A of ITA violated the right to freedom of expression
guaranteed under Article 19(1) (a) of the Constitution of India. As an exception to the right,
Article 19(2) permits the government to impose “reasonable restrictions . . . in the interests of

33
the sovereignty and integrity of India, the security of the State, friendly relations with foreign
States, public order, decency or morality or in relation to contempt of court, defamation or
incitement to an offense.”
The Petitioners argued that Section 66A was unconstitutional because its intended protection
against annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation,
or ill-will falls outside the purview of Article 19(2). They also argued that the law was
unconstitutionally vague as it fails to specifically define its prohibitions. In addition, they
contended that the law has a “chilling effect” on the right to freedom of expression. [Para. 5]
The government, on the other hand, argued that the legislature is in the best position to fulfill
the needs of people and courts may interfere with legislative process only when “a statute is
clearly volatile of the rights conferred on the citizen under Part-III of the Constitution.”
[Para. 6] The government contended that mere presence of abuse of a provision may not be a
ground to declare the provision as unconstitutional. Also, the government was of the opinion
that loose language of the law could not be a ground for invalidity because the law is
concerned with novel methods of disturbing people’s rights through internet. According to
the government, vagueness cannot not a ground to declare a statute unconstitutional “if the
statute is otherwise legislatively competent and non-arbitrary.” [para.6]
The Court first discussed three fundamental concepts in understanding the freedom of
expression: discussion, advocacy, and incitement. According to the Court, “[m]ere discussion
or even advocacy of a particular cause howsoever unpopular is at the heart” of the right.
[Para. 13] And, the law may curtail the freedom only when a discussion or advocacy amounts
to incitement. [para.13]
As applied to the case in hand, the Court found that Section 66A is capable of limiting all
forms of internet communications as it makes no distinction “between mere discussion or
advocacy of a particular point of view, which may be annoying or inconvenient or grossly
offensive to some and incitement by which such words lead to an imminent causal connection
with public disorder, security of State etc.” [Para. 20]
The Court further held that the law fails to establish a clear proximate relation to the
protection of public order. According to the Court, the commission of an offense under
Section 66A is complete by sending a message for the purpose of causing annoyance or
insult. As a result, the law does not make distinction between mass dissemination and
dissemination to only one person without requiring the message to have a clear tendency of
disrupting public order.

34
As to whether Section 66A was a valid attempt to protect individuals from defamatory
statements through online communications, the Court noted that the main ingredient of
defamation is “injury to reputation.” It held that the law does not concern this objective
because it also condemns offensive statements that may annoy or be inconvenient to an
individual without affecting his reputation. [para. 43]
The Court also held that the government failed to show that the law intends to prevent
communications that incite the commission of an offense because “the mere causing of
annoyance, inconvenience, danger etc., or being grossly offensive or having a menacing
character are not offences under the Penal Code at all.” [para. 44]
As to petitioners’ challenge of vagueness, the Court followed the U.S. judicial precedent,
which holds that “where no reasonable standards are laid down to define guilt in a Section
which creates an offense, and where no clear guidance is given to either law abiding citizens
or to authorities and courts, a Section which creates an offense and which is vague must be
struck down as being arbitrary and unreasonable.” [para. 52] The Court found that Section
66A leaves many terms open-ended and undefined, therefore making the statute void for
vagueness.

The Court declined to address the Petitioners’ challenge of procedural unreasonableness since
the law was already declared unconstitutional on substantive grounds. It also found Section
118(d) of the Kerala Police Act to be unconstitutional as applied to Section 66A.
Based on the forgoing reasons, the Court invalidated Section 66A of ITA in its entirety as it
violated the right to freedom of expression guaranteed under Article 19(1)(a) of the
Constitution of India.
8. List out the liabilities in case of CyberDefamation.
In India, a person can be made liable for defamation both under civil and criminal law.

1. Indian PenalCode
Section 499 of Indian Penal Code says that “Whoever by words either spoken or intended to
be read or by signs and visual representations makes or publishes any imputation concerning
any person intending to harm or knowing or having reason to believe that such imputation
will harm the reputation of such person is said, except in the cases hereinafter excepted to
defame thatperson.”
Section 500 of IPC provides for punishment wherein “any person held liable under section
499 will be punishable with imprisonment of two years or fine or both.”

35
Section 469 deals with forgery. If anyone creates a false document or fake account by which
it harms the reputation of a person. The punishment of this offence can extend up to 3 years
and fine.
Section 503 of IPC deals with the offence of criminal intimidation by use of electronic means
to damage one’s reputation in society.

2. Information Technology Act,2000


Section 66A, Information Technology Act, 2000 – This law has been struck down by
Supreme Court in the year 2015. The section defined punishment for sending ‘offensive’
messages through a computer, mobile or tablet. Since the government did not clarify the word
‘offensive’. The government started using it as a tool to repress freedom of speech. In 2015,
the whole section was quashed by the Supreme Court.
If a person has been defamed in cyberspace, he can make a complaint to the cyber
crime investigation cell. It is a unit of the Crime Investigation Department.

Problems and issues in Cyber Defamation


Our tremendously increasing dependency on the Internet for the use of social networking
sites has created several legal issues in the country. In the context of defamation, the biggest
issue can be figuring out the person who has intended to harm our reputation or the third
party who has read the defamatory statement as to when it comes to web pages such as blogs
or other media sites including newspapers or magazines. This is because bloggers may be
transparent or may choose to keep their names or identities nameless to protect themselves.
Thus this may be very hard to determine the person who has published the statement if it
appears on someone’s blog. It gets even more challenging to determine the readers who leave
comments on blogs or online news articles as most sites do not require people to use their real
names or provide any necessary information including name, location or e-mail address. Even
if they do, people could give false information. Thus it becomes difficult to track these
people. Once a defamatory statement is published on sites such as Face book, it quickly gets
circulated and also read by a large number of people causing damage to a person against
whom the statement is made.

9. What are the legal measures to Combat Cyber Terrorism in India?

36
Cyber terrorism can be international, domestic, state or political, but the core act involving a
combination of the terrorist act and computer always remains the same. However, lack of
universally unanimous definition makes the situation strenuous. India has always been tough
towards the terrorism; hence in the case of cyber terrorism also our nation has equipped its
Information Technology Act, 2000 with stringent law as provided under Section 66F.
Like terrorism, cyber terrorism also cannot be the job of any one person or two; hence, it
comes under the category of organized crime. The cyber terrorist uses the technology to
topple down the computer structure in the country. The amalgamation of Sections 66-F, 70,
70-A and 70-B makes it possible for the government to maintain cyber security in the
country.

The amended IT Act makes a concerted effort to curb the vulnerability of cyber terrorism. At
different places where the persons responsible for taking measures to achieve cyber security
fail, the Act makes it a punishable offence.10 The IT (Amendment) Act, 2008 not only
defines the term cyber terrorism but it has many sections in par material.

The IT (Amendment) Act, 2008 (10 of 2009) has made a leap forward in extending the
criminal provisions to several crimes including cyber terrorism. A notable point in this regard
is that the IT (Amendment) Act, 2008 provides for life imprisonment for the first time for a
cybercrime. This punishment being understood as a serious punishment has got a place in the
technological provisions which only show that at last lawmakers have started realizing the
grim consequences of a cybercrime and have provided for life term. An important analysis of
Section 66-B is that in clause (2), the punishment is only imprisonment and has no option for
fine. This once again is pointer to the fact that cyber terrorism is treated as the most heinous
crime under the IT Act, 2000.

It is salutary step by the Indian government that to introduce Section 66F to combat the
menace of cyber terrorism. Section 66-F has introduced a new species of cybercrime in the
statute, saying that anyone who intentionally in order to threaten the unity of the country
strikes terror using the electronic means, commits cyber terrorism. The section says that by
using the electronic medium, the terrorist alters the commands in the computer, computer
resource and thereby, disturbs the entire electronic setup in the country as a result of which
havoc is caused on a large scale.

37
By incorporating sections 66F, 70, 70A and 70B, the lawmakers have filled-in the most
crucial missing links in the legal apparatus.

The definition of cyber terrorism and its punishment is a statutory step to control the menace
of unprecedented growth of cyber terrorism in India. Although it has been abruptly
incorporated taking the spirit of foreign nation, in Indian settings it requires more attention on
the following heads. There are certain vague terms used in Section 66F as defamation,
contempt of court etc. which needs to be either clarified or omitted from the provision,
because there should be no ambiguity in any legislation.

Cyber terrorism is a reality, and so is cyber security. Therefore, provisions for cyber security
must be incorporated in IT Act so that the law relating to critical information infrastructure,
cyber terrorism and cybercrimes could be supplemented. Besides these the recommendations
made by the Mali math Committee Report29 must be appreciated so as to prevent the cyber
offences.

10. What are the offences under IT Act, 2000.

The increased rate of technology in computers has led to the enactment of Information
Technology Act 2000. The converting of the paperwork into electronic records, the storage of
the electronic data, has tremendously changed the scenario of the country.[xiii]

Offenses: Cyber offenses are the unlawful acts which are carried in a very sophisticated
manner in which either the computer is the tool or target or both. Cybercrime usually
includes:

(a) Unauthorized access of the computers (b) Data diddling (c) Virus/worms attack (d) Theft
of computer system (e) Hacking (f) Denial of attacks (g) Logic bombs (h) Trojan attacks (i)
Internet time theft (j) Web jacking (k) Email bombing (l) Salami attacks (m) Physically
damaging computer system.

The offenses included in the IT Act 2000 are as follows:

1. Tampering with the computer source documents.


2. Hacking with computer system.

38
3. Publishing of information which is obscene in electronic form.
4. Power of Controller to give directions
5. Directions of Controller to a subscriber to extend facilities to decrypt information
6. Protected system
7. Penalty for misrepresentation
8. Penalty for breach of confidentiality and privacy
9. Penalty for publishing Digital Signature Certificate false in certain particulars
10. Publication for fraudulent purpose
11. Act to apply for offense or contravention committed outside India
12. Confiscation
13. Penalties or confiscation not to interfere with other punishments.
14. Power to investigate offenses.
Sections from the Act -Explanation

Tampering with computer source documents:


Section 65 of this Act provides that Whoever knowingly or intentionally conceals, destroys or
alters or intentionally or knowingly causes another to conceal, destroy or alter any computer
source code used for a computer, computer Programmed, computer system or computer
network, when the computer source code is required to be kept or maintained by law for the
being time in force, shall be punishable with imprisonment up to three year, or with fine
which may extend up to two lakh rupees, or with both.

Parliament Attack Case:

Facts: In this case, several terrorists attacked Parliament House on 13 December 2001. In this
Case, the Digital evidence played an important role during their prosecution. The accused
argued that computers and evidence can easily be tampered and hence, should not be relied.
In Parliament case, several smart device storage disks and devices, a Laptop was recovered
from the truck intercepted at Srinagar pursuant to information given by two suspects. The
laptop included the evidence of fake identity cards, video files containing clips of the political
leaders with the background of Parliament in the background shot from T.V news channels.
In this case design of Ministry of Home Affairs car sticker, there was game “wolf pack” with
user name of ‘Ashiq’, there was the name in one of the fake identity cards used by the
terrorist. No back up was taken. Therefore, it was challenged in the Court.

39
Held: Challenges to the accuracy of computer evidence should be established by the
challenger. Mere theoretical and generic doubts cannot be cast on the evidence.

2. Hacking with the computer system:

Section 66 provides that- (1) Whoever with the intent to cause or knowing that he is likely to
cause wrongful loss or damage to the public or any person destroys or deletes or alters any
information residing in a computer resource or diminishes its value or utility or affects it
injuriously by any means, commits hacking.

(2) Whoever commits hacking shall be punished with imprisonment up to three years, or with
fine which may extend up to two lakh rupees, or with both.

Explanation: The section tells about the hacking activity.

Punishment: Imprisoned up to three years and fine which may extend up to two lakh rupees
or with both.

Cases Reported In India:

Official website of Maharashtra government hacked. The official website of the government
of Maharashtra was hacked by Hackers Cool Al- Jazeera, and claimed them they were from
Saudi Arabia.

3. Publishing of obscene information in electronic form:

Section 67 of this Act provides that Whoever publishes or transmits or causes to be published
in the electronic form, any material which is lascivious or appeals to the prurient interest or if
its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all
relevant circumstance, to read see or hear the matter contained or embodied in it, shall be
punished on first conviction with imprisonment of either description for a term which may
extend to five years and with fine which may extend to one lakh rupees and in the event of a
second or subsequent conviction with imprisonment of either description for a term which
may extend to ten years and also with fine which may extend to two lakh rupees.

11. Write a note on Confiscation under IT Act, 2000.

Section 76 provides that-

40
Any computer, computer system, floppies, compact disks, tape drives or any other
accessories related thereto, in respect of which any provisions of this Act, rules, orders or
regulations made there under has been or is being contravened, shall be liable to confiscation.
:

Provided that where it is established to the satisfaction of the court adjudicating the
confiscation that the person in whose possession, power or control of any such computer,
computer system, floppies, compact disks, tape drives or any other accessories relating
thereto is found is not responsible for the contravention of the provisions of this Act, rules
orders or regulations made there under, the court may, instead of making an order for
confiscation of such computer, computer system, floppies, compact disks, tape drives or any
other accessories related thereto, make such other order authorized by this Act against the
person contravening of the provisions of this Act, rules, orders or regulations made there
under as it may think fit.

Explanation: The aforesaid section highlights that all devices whether computer, computer
system, floppies, compact disks, tape drives or any other storage, communication, input or
output device which helped in the contravention of any provision of this Act, rules, orders, or
regulations made under there under liable to be confiscated.

Penalties or confiscation not to interfere with other punishments:

Section 77 provides that –

No penalty imposed or confiscation made under this Act shall prevent the imposition of any
other punishment to which the person affected thereby is liable under any other law for the
time being in force.

Explanation: The aforesaid section lays down a mandatory condition, which states the
Penalties or confiscation not to interfere with other punishments to which the person affected
thereby is liable under any other law for the time being in force.

Power to investigate offenses:

Section 78 provides that –

41
Notwithstanding anything contained in the Code of Criminal Procedure, 1973, a police
officer not below the rank of Deputy Superintendent of Police shall investigate any offense
under this Act.

Conclusion

However, the rapid evolution of the Internet has also raised numerous legal issues and
questions. As the scenario continues to be still not clear, countries throughout the world are
resorting to different approaches towards controlling, regulating and facilitating electronic
communication and commerce.

12. What are the penalties for publishing Digital Signature Certificate false in certain
particulars?

Section 73 provides that –

(1) No person shall publish a Digital Signature Certificate or otherwise make it available to
any other person with the knowledge that-

a. The Certifying Authority listed in the certificate has not issued it; or
b. The subscriber listed in the certificate has not accepted it; or
c. The certificate has been revoked or suspended unless such publication is for the purpose
of verifying a digital signature created prior to such suspension or revocation.

(2) Any person who contravenes the provisions of sub-section (1) shall be punished with
imprisonment for a term which may extend to two years, or with fine which may extend to
one lakh rupees, or with both.

Explanation:

The Certifying Authority listed in the certificate has not issued it or, the subscriber listed in
the certificate has not accepted it or the certificate has been revoked or suspended.

The Certifying authority may also suspend the Digital Signature Certificate if it is of the
opinion that the digital signature certificate should be suspended in public interest.

42
A digital signature may not be revoked unless the subscriber has been given opportunity of
being heard in the matter. On revocation, the Certifying Authority needs to communicate the
same with the subscriber. Such publication is not an offense it is the purpose of verifying a
digital signature created prior to such suspension or revocation.

Punishment:

Imprisonment of a term of which may extend to two Years or fine may extend to 1 lakh
rupees or with both.

CASE LAWS:

Bennett Coleman & Co. v. Union of India

In this case, the publication has been stated that ‘publication means dissemination and
circulation’. In the context of the digital medium, the term publication includes and
transmission of information or data in electronic form.
13. List out offences under IT Act with relevant sections.

Offences under Information Technology Act, 2000 are listed below:


Section 65: Any person tamper, conceal, destroy, or alter any computer source document
intentionally, then he shall be liable to pay penalty up to Rs.2,00,000/-, or Imprisonment up
to 3 years, or both.
Section 66: Any person dishonestly, or fraudulently does any act as referred in Section 43,
then he shall be liable to pay penalty up to Rs.5,00,000/-, or Imprisonment up to 3 years, or
both.
Section 66B: Any person dishonestly, or fraudulently receives or retains any stolen computer
resource or communication device, then he shall be liable to pay penalty up to Rs.1, 00,000/-,
or Imprisonment up to 3 years, or both.
Section 66C: Any person dishonestly, or fraudulently make use of Electronic Signature,
Password or any other Unique Identification Feature of any other person, then he shall be
liable to pay penalty up to Rs.1,00,000/-, or Imprisonment up to 3 years, or both.
Section 66D: Any person dishonestly, or fraudulently by means of any communication device
or computer resource cheats by personating, then he shall be liable to pay penalty up
to Rs.1,00,000/-, or Imprisonment up to 3 years, or both.

43
Section 66E: Any person intentionally captures, publishes, or transmits image of private area
of any person without consent, then he shall be liable to pay penalty up to Rs.2,00,000/-, or
Imprisonment up to 3 years, or both.
Section 66F: Any person does any act electronically, or with use of computer with intent to
threaten unity, integrity, security, or sovereignty of India, then he shall punishable
with Imprisonment for Life.
Section 67: Any person publishes, or transmits in electronic form any material which appeals
to prurient interest, or if its effect is such as to tend to deprave and corrupt persons who are
likely to read, see, or hear matter contained in it, then he shall be liable to pay penalty up
to Rs.5,00,000/-, or Imprisonment up to 3 years, or both, And in the event of second or
subsequent conviction, he shall be liable to pay penalty up to Rs.10,00,000/-, or
Imprisonment up to 5 years, or both.
Section 67A: Any person publishes, or transmits in electronic form any material which
contains sexually explicit act, or conduct, then he shall be liable to pay penalty up
to Rs.10,00,000/-, or Imprisonment up to 5 years, or both, And in the event of second or
subsequent conviction, he shall be liable to pay penalty up to Rs.10,00,000/-, or
Imprisonment up to 7 years, or both.
Section 68: The Controller may, by order, direct a Certifying Authority or any employee of
such Authority to take such measures or cease carrying on such activities as specified in the
order if those are necessary to ensure compliance with the provisions of this Act, rules or any
regulations made there under and if any person who intentionally or knowingly fails to
comply with the order, then he shall be liable to pay penalty up to Rs.1,00,000/-, or
Imprisonment up to 2 years, or both.
Section 69: Where the Central Government or a State Government or any of its officers
specially authorized by the Central Government or the State Government, as the case may be,
in this behalf may, if satisfied that it is necessary or expedient so to do, in the interest of the
sovereignty or integrity of India, defense of India, security of the State, friendly relations with
foreign States or public order or for preventing incitement to the commission of any
cognizable offence relating to above or for investigation of any offence, it may with reasons
to be recorded in writing, by order, direct any agency of the appropriate Government to
intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any
information generated, transmitted, received or stored in any computer resource, Any person
who fails to comply with the order, then he shall be liable to Imprisonment of 7 years, along
with the fine (amount of fine is not specified in the Act).

44
Section 70: The appropriate Government may, by notification in the Official Gazette, declare
any computer resource which directly or indirectly affects the facility of Critical Information
Infrastructure, to be a protected system, Any person who fails to comply with the notification,
then he shall be liable to Imprisonment of 10 years, along with the fine (amount of fine is not
specified in the act).
Section 71: Whoever makes any misrepresentation to, or suppresses any material fact from
the Controller or the Certifying Authority for obtaining any License or Electronic Signature
Certificate, as the case may be, then he shall be liable to pay penalty up to Rs.1,00,000/-, or
Imprisonment up to 2 years, or both.
Section 72: If any person who has secured access to any electronic record, book, register,
correspondence, information, document or other material without the consent of the person
concerned discloses such electronic record, book, register, correspondence, information,
document or other material to any other person, then he shall be liable to pay penalty up to
Rs.1, 00,000/-, or Imprisonment up to 2 years, or both.
Section 72A: If any person who has secured access to any material containing personal
information about another person, with the intent to cause or knowing that he is likely to
cause wrongful loss or wrongful gain discloses, without the consent of the person concerned,
or in breach of a lawful contract, then he shall be liable to pay penalty up to Rs.5, 00,000/-, or
Imprisonment up to 3 years, or both.
Section 73: If any person publishes an Electronic Signature Certificate, or makes it available
to any other person with the knowledge that
 Certifying Authority has not issued it, or
 Subscriber has not accepted it, or
 Certificate has been revoked or suspended
Then he shall be liable to pay penalty up to Rs.1, 00,000/-, or Imprisonment up to 2 years, or
both.
Section 74: If any person knowingly creates, publishes, or otherwise makes available
Electronic Signature Certificate for any fraudulent or unlawful purpose, then he shall be
liable to pay penalty up to Rs.1,00,000/-, or Imprisonment up to 2 years, or both.
Section 75: If any person have committed an offence, or contravention committed outside
India, and if the act or conduct constituting the offence or contravention involves a computer,
computer system or computer network located in India, then the provisions of this Act shall
apply also to any offence or contravention committed outside India by any
person irrespective of his nationality.

45
Section 76: Any computer, computer system, floppies, compact disks, tape drives, or any
other accessories related thereto, in respect of which any provision of this Act, rules, orders,
or regulations made there under has been, or is being contravened, shall be liable to
confiscation. However, if it is proved that such resources were not used in committing fraud
then only person in default will be arrested.

46

You might also like