B. P.

Poddar Institute of Management and Technology (BPPIMT)

07 | September 2024

Report
on
Offences and It’s Penalty Under IT-Act
of
Cyber Security
(PEC-IT702F)

Submitted by:
Group - 12

Shuvam Pal 11500221052

Hrishikesh Kumar Chaudhary 11500221054
Ishika Rana 11500221055
Dipanjan Saha 11500221056

4th Year, 7th Semester, 2024-2025

Department of Information Technology

B. P. Poddar Institute of Management and Technology

 B. P. Poddar Institute of Management and Technology (BPPIMT)
07 | September 2024

Abstract

The rapid advancement of technology has transformed how businesses and individuals function,
but it has also introduced new security challenges. Cybersecurity offences, such as hacking, identity
theft, phishing, and data breaches, have become major global concerns. In India, the Information
Technology Act, 2000 (IT Act) offers a legal framework to address these offences, ensuring that
cybercrimes are dealt with effectively. This paper examines various cybersecurity offences and
outlines the penalties under the IT Act, highlighting its importance in combating the growing threat
of cybercrime.

Introduction
Cybersecurity, the safeguarding of internet-connected systems like hardware,
software, and data from cyberattacks, has become crucial with the rise of digital
platforms. In response to the growing threats in this domain, India enacted the
Information Technology (IT) Act of 2000. This legislation was introduced to
address the legal challenges posed by the rapid digitalization of industries and the
surge in cybercrimes. The IT Act outlines the nature and scope of various cyber
offences, such as hacking, identity theft, and data breaches, and it prescribes
penalties for those found guilty. This legal framework plays a pivotal role in
enhancing cybersecurity by setting clear guidelines for the protection of digital
systems and imposing consequences for unlawful activities in cyberspace.

Key Cyber Security Offenses under IT Act

The Information Technology Act, 2000 (IT Act) lays down a comprehensive
framework to address cybersecurity offences in India. Here's an in-depth look at key
offences and their respective penalties:

1. Hacking (Section 66)

Hacking involves unauthorized access to a computer system or network with the
intent to cause harm, such as altering or damaging data, deleting important files, or
disrupting services. The act covers any intentional breach of security protocols
aimed at maliciously accessing confidential information.
- Penalty: A person convicted under Section 66 can face imprisonment for up to 3
years, a fine up to ₹5 lakh, or both. This aims to deter individuals from tampering
with computer systems without authorization.

2. Identity Theft (Section 66C)

Identity theft occurs when someone wrongfully uses another person’s identity
information, such as passwords, digital signatures, or biometric data, to gain access
to sensitive accounts or perform illegal transactions. This offence is typically
associated with financial fraud and other related crimes.
- Penalty: The penalty includes imprisonment of up to 3 years and/or a fine up to
₹1 lakh, based on the gravity of the offence and the financial loss caused to the
victim.
 B. P. Poddar Institute of Management and Technology (BPPIMT)
07 | September 2024

3. Phishing and Cyber Fraud (Section 66D)

Phishing is a fraudulent attempt to acquire sensitive information such as usernames,
passwords, and credit card numbers by pretending to be a legitimate entity through
emails, websites, or instant messaging. Often, phishing schemes lead to financial
fraud, data breaches, or identity theft.
- Penalty: Anyone found guilty under Section 66D faces imprisonment of up to 3
years and/or a fine up to ₹1 lakh. This provision ensures that individuals engaging
in these fraudulent schemes are punished.

4. Publishing or Transmitting Obscene Content (Section 67)

This section penalizes the act of publishing or transmitting obscene material
electronically, which includes images, videos, messages, or text deemed sexually
explicit or offensive in nature.
- Penalty: For a first-time offence, individuals face imprisonment for up to 5 years
and/or a fine up to ₹10 lakh. For subsequent convictions, the penalty increases to
imprisonment of up to 7 years and/or a fine up to ₹10 lakh.

5. Cyberterrorism (Section 66F)

Cyberterrorism refers to using computer systems to attack critical information
infrastructure with the intention of threatening national security, sovereignty, or
causing public panic. This can include large-scale disruption of services or
manipulating systems that control vital infrastructure like energy grids or water
supplies.
- Penalty: Cyberterrorism is treated as a grave offence under the IT Act, with the
penalty being life imprisonment. The strictness of this punishment reflects the
potential threat such activities pose to national security.

6. Data Theft (Section 43)

Data theft involves unauthorized access, downloading, copying, or extraction of
sensitive information from a computer system or network without permission. This
offence covers instances where hackers, or even insiders, steal confidential
information or databases for personal or commercial gain.
- Penalty: The penalty under Section 43 is determined based on the extent of
damage caused and can be as high as ₹1 crore in compensation to the affected party.

7. Child Pornography (Section 67B)

This provision addresses crimes involving the viewing, publishing, or transmitting
of pornographic or sexually explicit content featuring minors. Child pornography is
considered a severe offence due to its exploitative and abusive nature.
- Penalty: First-time offenders face imprisonment of up to 5 years and a fine of up
to ₹10 lakh. For subsequent convictions, the punishment is more severe, with
imprisonment extending up to 7 years and a fine of up to ₹10 lakh.

8.Breach of Confidentiality and Privacy (Section 72):

- This section of the IT Act addresses the unlawful disclosure of information
without the consent of the person concerned. It applies to individuals who have
 B. P. Poddar Institute of Management and Technology (BPPIMT)
07 | September 2024

accessed private information during the course of their duties, such as government
officials, service providers, or any person in possession of confidential data.
- Penalty: Imprisonment for up to 2 years or a fine of up to ₹1 lakh, or both.

9.Intermediaries' Liability (Section 79):

- This section provides immunity to intermediaries (such as internet service
providers, social media platforms, or web hosting services) from liability for third-
party content transmitted or stored by them. However, this immunity applies only if
they do not initiate or modify the content and comply with due diligence practices.
- Exceptions: Intermediaries may be held liable if they fail to take down illegal
content after receiving a court order or government directive.

The IT Act's provisions serve as a crucial mechanism to address various

cybersecurity offences. By defining specific penalties, the act aims to prevent
misuse of digital technologies and ensure that India’s cyberspace remains secure.
Each offence covered under the IT Act is designed to deter malicious actions and
provide legal recourse for victims of cybercrimes. With the growing threat
landscape, these legal provisions play a vital role in maintaining trust and security
in the digital environment.

Enforcement Mechanisms
The IT Act establishes enforcement mechanisms to combat cybersecurity offences
through designated agencies and law enforcement bodies. The Indian Computer
Emergency Response Team (CERT-IN) plays a crucial role in monitoring,
detecting, and responding to cybersecurity threats and incidents across the country.
It acts as the national nodal agency for handling cybersecurity incidents, issuing
guidelines, and coordinating responses. Additionally, cybercrime cells within state
police departments are responsible for investigating cyber offences, gathering
digital evidence, and prosecuting offenders under the IT Act. These mechanisms
ensure that cybercrimes are addressed promptly, maintaining the security and
integrity of India's digital infrastructure.

Limitations of the IT Act

Here are the limitations of the IT Act in more detail:

1. Penalties may not be proportionate to large-scale cybercrimes:

- The fines and imprisonment terms set by the IT Act may be too lenient when
compared to the damage caused by large-scale cybercrimes, such as data breaches
affecting millions of users, or significant financial losses from hacking or cyber
fraud. As a result, the punishment may not act as a sufficient deterrent for
cybercriminals, especially in cases of high-profile cybercrimes involving sensitive
data or critical infrastructure.
 B. P. Poddar Institute of Management and Technology (BPPIMT)
07 | September 2024

2. Challenges in cross-border enforcement:

- Cybercrimes often involve perpetrators located in different countries, using
global networks to execute attacks. The IT Act's jurisdiction is limited to India,
making it difficult to pursue and prosecute cybercriminals operating from other
countries. This requires strong international cooperation, mutual legal assistance
treaties (MLATs), and alignment of cybersecurity laws across borders. Without
these, tracking, arresting, and convicting cybercriminals in cross-border cases
remains a significant hurdle.

3. Need for constant updates due to technological advancements:

- The IT Act was created at a time when many modern cyber threats, such as
ransomware, phishing scams, or sophisticated hacking techniques, were not as
prevalent. As technology continues to evolve rapidly, new vulnerabilities and attack
methods emerge, which are not always addressed by the current provisions of the IT
Act. This creates gaps in the legal framework, necessitating regular amendments
and updates to the law to ensure it remains effective in addressing new and complex
cyber threats.

Recent Amendments and Updates

1. Strengthened Data Protection: Recent amendments have introduced enhanced
privacy safeguards and mandated more robust data security measures to protect
citizens' digital rights more effectively.

2. Expanded Cybercrime Definitions: The Act now includes broader definitions

of cybercrimes, encompassing newer offenses such as cyberbullying and
sophisticated fraud schemes, to keep pace with evolving digital threats.

3. Improved Grievance Redressal: Updates have streamlined the complaint

process and empowered Adjudicating Officers and Cyber Appellate Tribunals to
ensure quicker and more effective resolution of grievances.

4. Increased Penalties and Enforcement: The amendments have introduced more

severe punishments, including longer prison terms and higher fines, to deter
cybercriminal activities and enhance compliance with the IT Act.

5. Liability for Intermediaries: New provisions have established safer harbor rules
and stringent due diligence requirements for online platforms and service providers,
aiming to prevent misuse of their services and hold them accountable for illegal
activities.
 B. P. Poddar Institute of Management and Technology (BPPIMT)
07 | September 2024

Conclusion
In conclusion, the recent amendments to the IT Act represent a significant step
forward in enhancing cybersecurity and data protection in the digital age. By
strengthening data protection measures, broadening the scope of cybercrime
definitions, and improving grievance redressal mechanisms, these updates address
emerging challenges and provide more comprehensive protection for individuals
and organizations. Increased penalties and enforcement provisions serve as a
deterrent to cybercriminals, while stricter liability for intermediaries ensures greater
accountability for online platforms. Collectively, these changes aim to create a more
secure and resilient digital environment, reflecting the evolving nature of cyber
threats and the need for robust legal frameworks to safeguard digital interactions.

References

[1] https://cleartax.in/s/it-act-2000
[2] https://epgp.inflibnet.ac.in/epgpdata/uploads/epgp_content/S001608/P001742/M0221
25/ET/1504245749E-Text-ITAct-JaishankarDivya.pdf
[3] https://archive.pib.gov.in/release02/lyr2002/rfeb2002/01022002/r010220022.html
[4] https://www.tutorialspoint.com/information_security_cyber_law/offences_and_penaltie
s.htm
[5] https://testbook.com/ugc-net-commerce/cyber-crimes-penalties
[6] https://www.geeksforgeeks.org/information-technology-act-2000-india/
[7] https://www.lawctopus.com/academike/offences-act-2000/
[8] https://blog.ipleaders.in/information-technology-act-2000/