CYBER TERRORISM, CYBER PORNOGRAPHY , CYBER PIRACY ,

INTERNET SERVICE PROVIDERS, E-COMMERCE

(1) CYBER TERRORISM

Crime committed against the government and the nation as a whole by
challenging the integrity and security of the country is referred to as Cyber
Terrorism.

Meaning of the term ‘Cyber Terrorism’: Terrorism means intentionally

creating fear or horror in the minds of the public and intimidating them by
using force or weapons or other means. This is done in pursuit of some
unreasonable political, religious, or financial objectives.
Cyber Terrorism means the use of cyber space to cause harm to the
general public and disrupt the integrity and sovereignty of the target
country. Cyber space refers to the electronic medium or the interconnected
network of computers.

Definition as per Information Technology Act, 2000 (“IT Act”):

Section 66F of the IT Act defines ‘Cyber Terrorism’ as all those acts by any
person with an intent to create threat to the unity, integrity, sovereignty
and security of the nation or create terror in minds of people or section of
people by way of disrupting the authorised access to a computer resource
or getting access to a computer resource through unauthorised means or
causing damage to computer network. If these acts cause injuries to
persons, cause the death of any person, damage or destruct any property,
cause disruption of essential supplies or services, or negatively affect the
critical information structure, they become punishable in nature. It also
includes all those acts committed knowingly or intentionally in connection
to getting access to a computer resource in an unauthorized way and that
the data so obtained was restricted in the interests of the sovereignty and
integrity of the nation.

Modes of Cyber Terrorism

The terrorists commit the crime of cyber terrorism in any or all of the
following ways:
1. Hacking into the systems and databases owned by the government of
the target country and appropriating sensitive information of national
importance.
2. Destructing and destroying the entire database of the government
hosted on cyber space along with all backups by introducing a virus or
malware into the systems.
3. Temporarily causing disruptions to the network of the government of the
target nation and distracting the top officials so that they can pursue other
means of terrorism.
4. Distributed denial of service attack (“DDOS”): The terrorists through this
attack first infect the systems by introducing viruses and then take control
 over the systems. The systems are then accessed by the terrorists from any
location who manipulate the data and access the information.

Tackling Cyber Terrorism in India

Even though the acts of cyber terrorism has increased in heaps and bounds,
the Parliament of India is yet to enact any legislation which specifically
addresses the issue of cyber terrorism. However, certain existing legislations
have been amended to include it within its purview the crime of cyber
terrorism.

The Legislations Are:

IT Act: The salient provisions of the IT Act in relation to preventing cyber

terrorism are: Section 66F of the IT Act defines cyber terrorism. This Section
has been introduced by way of amendment to the Act in the year 2008. This
amendment was the outcome of the infamous 26/11 terror attack in India.
The terrorists, in this case, made use of the communication services to abet
the terrorists who carried out a series of 12 shooting attacks throughout the
city of Mumbai. This tragedy is a classic example of terrorism using the
cyber network.
This Section also prescribes the punishment for those who commit or
conspire to commit cyber terrorism. According to the Section, such people
shall be punishable with imprisonment which may extend to imprisonment
for life.
However, it is pertinent to note that the cyber space is evolving every day
and new loopholes have emerged in this definition of cyber terrorism.

Blocking access to information: Section 69A of the IT Act also empowers

the Central government or any of its authorised employees to direct any
agency of the government to block access by the public any information
from a computer resource in the interests of sovereignty and integrity of the
nation.

Indian Computer Emergency Response Team (“CERT-In”): As per

Section 70B of the IT Act, the CERT-In team is set up which provides
immediate alerts of incidents challenging cyber security and also lists out
the emergency measures for handling incidents threatening cyber security
of the Nation.

Unlawful Activities Prevention Act, 1967: This Act lays down

punishment for terrorist activities. Though cyber terrorism does not fall
under the definition of terrorism as contemplated under this Act, this Act
also prescribes punishment for recruiting persons for terrorist activities and
for organising terrorist camps. Using cyber space for the above-mentioned
activities is also an act of cyber terrorism and is hence punishable.

Cyber Security Policy, 2013: For the first time in history, in the year
2013 India introduced its national level cyber security policy. This policy lays
down the broad framework for upholding and protecting the cyber space
security. The main aim of this policy is to create a broad umbrella of cyber
security framework in the country so that the Indian cyber space is secure
and free from any kind of attacks both by terrorists and other anti-social
elements. However, there is a need to amend this policy to encompass
newer methods of ensuring the safety of the ever evolving cyber space.

Conclusion: The legal systems around the globe are, with every passing
year, trying to implement new measures to combat cyber terrorism.
However, with more innovative ways of working in the cyber space, more
loopholes are formed which will have to be filled in by the countries by
amending the procedures and the laws in force to tackle cyber terrorism.
Moreover, a unified international framework should be in place to combat
this global issue. Further, the public should be made aware of the threats
and the ways and means of dissemination and how to deal in case of
terrorist attacks.
(2) CYBER PORNOGRAPHY

Pornography: Pornography, derived from Greek roots, refers to the

depiction of sexually explicit acts in video, pictures, or movies, often
considered indecent by the public. It is a form of obscenity and does not
include live exhibitions like sex shows or striptease. Supporters argue that
pornography is an artistic display of one's body, while critics view it as
immoral and against religious sentiments. In the modern era, pornography
has been categorized into softcore and hardcore pornography, with softcore
pornography not depicting penetration, and hardcore pornography depicting
penetration. The term "pornography" has evolved to include both softcore
and hardcore forms of pornography.
Cyber Pornography: Cyber Pornography means the publishing,
distributing or designing pornography by using cyberspace. The technology
has its pros and cons and cyber pornography is the result of the
advancement of technology. With the easy availability of the Internet,
people can now view thousands of porn on their mobile or laptops, they
even have access to upload pornographic content online.

Obscenity and Pornography: Obscenity and Pornography are often used

synonymously. But it should be noted that obscenity is a wider concept
than pornography. Obscenity means anything which is immoral and against
the sentiments of people, whereas pornography refers to the act of causing
sexual excitement through films, pictures or books. Thus, pornography is
just a part of obscenity.

Legal Framework
There are various legislations to regulate Cyber pornography in India, like
the Information Technology Act, 2000, Indian Penal Code, Indecent
Representation of Women’s act and Young Person’s (Harmful Publication)
Act.
Information Technology Act, 2000: Cyber pornography is banned in
many countries but legalized in some Cyber Pornography is neither banned
nor legalised under the IT Act, 2000. The IT Act prohibits the production and
distribution of cyber pornography but does not prohibit the viewing or
downloading of pornographic content if it is not child pornography.
Section 67 of the Information Technology Act, 2000 makes the following
acts punishable with imprisonment up to 3 years and a fine up to 5 lakhs:
1. Publication– It includes uploading of pornographic content on a website,
WhatsApp group or any other digital portal where third parties can have
access to such pornographic content.
 2. Transmission– It means to send obscene material to any person
electronically.
3. Causing to be published or transmitted– It is a comprehensive
terminology which would end up making the intermediary portal liable,
using which the offender has published or transmitted such obscene
content. The Intermediary Guidelines under the Information Technology Act
put an onus on the Intermediary/Service Provider to exercise due diligence
to ensure that their portal is not being misused.
Section 67A of the Information Technology Act makes publication,
transmission and causing to be transmitted and published any material
containing sexually explicit act or conduct punishable with imprisonment up
to 5 years and a fine up to ₹10 lakhs.

Exceptions: The section 67A of the IT Act does not prohibit books,
pamphlets, magazines or pictures which are created for educational
purposes or which is kept for religious purposes. Thus, the section does not
prohibit the preserving of sculptures that are of historical importance.

Child Pornography
Section 67B of the IT Act, 2000 makes it publishing, transmitting, viewing or
downloading child pornography illegal. The fact that the internet has made
child pornography more accessible to the distributors, as well as the
collectors, cannot be denied.
According to Section 67B, any person who has not attained the age of 18
years is a child. It further states that child pornography can be committed in
the following five ways:
• By publishing or transmitting or causing to publish or transmit any material
electronically that depicts the children engaged in a sexually explicit act or
conduct.
• By depicting children in an obscene or sexually explicit manner.
• By inducing children to online relationship with one or more children for
and on a sexually explicit act, or in a manner that may offend a reasonable
adult on the computer resource.
• By facilitating child abuse online.
• By recording own abuse or that of others pertaining to sexually explicit act
with others.

Exceptions: The section does not prohibit the books, pamphlets, magazines
or pictures which are created for educational force or which is kept for
religious purposes. Thus, sexology (the scientific study of human sexuality or
sexual behaviour) is not prohibited under this section. Similarly, if a
photograph of a child is used to tell about the anatomy of a child then it
won’t constitute an offence under this section.

Indian Penal Code, 1860: Section 292 of IPC prohibits the sale of obscene
material. Section 292(1) explains the meaning of “obscenity” and Section
292(2) explains the punishment for sale, distribution, etc. of obscene
materials.
Section 292(1) states that any material will be deemed obscene if it is
lascivious or prurient or any part of
the material has the tendency to corrupt or deprave the people.

Section 292(2) states that a person who:

1. Sell, distributes, lets to hire, publicly exhibit or put into circulation any
obscene material.
2. Imports or exports obscene material or knows that such material will be
put for sale, distribution
or circulation.
3. Is involved or receives profit from any business in the course of which he
has knowledge or reason
to believe that such obscene objects are for aforesaid purposes.
4. Advertises the obscene material.
5. Offers to do or attempts to do any act which is prohibited under the
section.
On a first conviction, such a person shall be awarded either simple or
rigorous imprisonment that may extend to 2 years along with a fine that
may extend to ₹2,000. On the second conviction or person, such a person
shall be awarded simple or rigorous imprisonment that may extend to 5
years along with a fine
that may extend to ₹5,000.

Section 293 of Indian Penal Code, 1860, specifies the punishment for a
person who sells, lets to hire or distributes any obscene object to any person
who is below the age of 20 years. It states that on the first conviction a
person shall be awarded imprisonment which may extend to 3 years along
with the fine which
may extend to ₹5,000 and on subsequent conviction, with imprisonment
which may extend to 7 years along with the fine which may extend to
₹5,000.

Indecent Representation of Women’s Act, 1986

Indecent Representation of Women’s Act, 1986 seeks to prohibit the
representation of women or any part
of her body in an indecent form provided that such representation will injure
the public morality or morals.

POCSO (The Protection of Children from Sexual Offences) Act, 2012:

The POCSO Act, 2012 was specifically
enacted to prevent children from sexual offences. The act protects children
from sexual assault, sexual harassment, and pornography. The act aims to
protect the interests and well-being of the children. For the purpose of the
act, any person who has not attained the age of 18 years is a child. The Act
is gender- neutral.
The provisions relating to Cyber Pornography under the POCSO Act are
discussed below:

Section 13 of POCSO Act states that anyone who uses a child for
pornographic purposes by either representing the sexual organs of the child
or using a child in real or simulated sexual acts or representing a child
indecently or obscenely in programmes or advertisements on television or
on internet, commits the offence under this section and is liable in
accordance with Sections 14 and 15 of the POCSO Act.

Punishment under section 14 is imprisonment for a period not less than

5 years and fine and in case of second or subsequent conviction, period of
imprisonment shall not be less than 7 years and fine.

Punishment under section 15 for storing or possessing of pornographic

material involving child is fine not less than five thousand rupees and in case
of second or subsequent offence, fine shall not be less than ten thousand
rupees.

Punishment for storing or possessing pornographic material in any form

involving a child for commercial purpose shall be punished on the first
conviction with imprisonment of either description which shall not be less
than 3 years which may extend to 5 years, or with fine, or with both and in
the event of second or subsequent conviction, with imprisonment of either
description which shall not be less than 5 years which may extend to 7 years
and shall also be liable to fine.
(3) CYBER PIRACY

Definition of piracy: In medieval times, piracy was often associated with

raiding or looting, often by ship-borne looters. Today, piracy is more relevant
and commonly used, referring to theft on copyrighted and trademarked
grounds. This involves unlawfully stealing and infringing on someone else's
work, producing it as one's own. Digital piracy can be compared to physical
theft and piracy, as illegal distribution of digital files prevents the creator's
profit from the purchase, creating an economic impact similar to looting
cargo by pirates.

Types of piracy: Piracy, when elaborated in terms of software, can be

classified into 5 types, those being

Counterfeiting: It is the illegal acquisition, duplication, and distribution of any

copyrighted material, which directly imitates the copyrighted product. The
nature of the distribution of the said product may be a sale, or not. The most
common way of distributing such pirated works is through compact discs.

Internet Piracy: Internet piracy is the act of downloading a file from the
internet, or by procuring an online software through a compact disc.
Methods of conducting internet piracy are websites offering free downloads
of software, auctions selling illegally obtained software or P2P servers which
transfer programs.

End-User Piracy: This form of piracy involves the user illegally reproducing
software which he isn’t authorized to do. An example would be a user using
one license to the software and installing it on multiple systems, or
upgrading an already pirated software.

Client-Server Overuse: In a computer network, when the number of clients

exceeded the number prescribed in the server license, then it is termed as
overuse piracy.

Hard-Disk Loading: This occurs when a business sells new computers with
illegal copies of software loaded onto the hard disks to make the purchase of
the machines more attractive.
Piracy in movies: The act of illegally acquiring, copying, reproducing and
then distributing film media, without having any legal right or license to do
so, is considered movie piracy. The most common occurrence of this is the
distribution of these movies on websites. Traffic for these sites tends to
spike whenever a new blockbuster movie releases as a pirated version will
very likely be hosting these movies in a downloadable format on their
servers.

Piracy in software: Software piracy describes the act of illegally acquiring,

copying, reproducing, and distributing software without a license to do so.
Software piracy has become much more rampant in this generation of
technology, as most software has converted into a one-user license i.e. it
can only be redeemed once by one user for his use alone. Distributing this
software, such as sharing with a friend, or
via the internet, is illegal.

Online Piracy: Online piracy is still a new arena in the world of piracy as
compared to its offline older brother, and it has only grown more intricate
with advancements in technology. Any piece of digital content, be it movies,
music or games, are now accessible online through the BitTorrent client
service, which strings together several pieces of the data from a swarm of
users, then downloads and compiles them onto the user’s computer. It’s
simple, efficient, widely used, and difficult to crack down on.

Piracy in India
India is one of the few countries that has multiple dominant box office film
industries, in Bollywood, Hollywood, and Tollywood. As such, piracy is a
much more dominant force considering there is a lot more material to pirate
which the local audience would be interested in. Internet users often use
VPNs to visit torrent sites which host songs, games, movies and the like.
Local vendors at technological hubs often carry compact discs with pirated
movies and games, which are sold at cheap prices. Modding video game
hardware to play pirated discs is also a booming industry in India.

Pirating movies in India: Considering the viewership of cinema in India with

the three major cinema industries, the traffic of sites that host pirated
content is also considerably higher in the country. While the above-
mentioned torrent sites, which are the most used across the world, are
relatively popular in India, people often tend to visit piracy sites that host
Bollywood or Tollywood content exclusively. Some of these sites are –
• Filmywap
• Todaypk
• Bolly4u
• Tamilrockers

Punishment for piracy

Illegal downloading of movies: The Union of India recently issued an
amendment to the Cinematograph Act, 1952, in order to clearly define the
punishment which can be faced by pirates who, without the written
authorisation of the copyright owner, use any recording device to make or
transmit a copy of a film. It is not necessary for the film to be fully recorded,
or even distributed via the internet. If the perpetrator attempts to record the
movie while inside the theatre, he is guilty under the act.

The punishment for this is generally imprisonment, a fine, or both. This

punishment can also extend to those who download said pirated movies.

Charges for piracy: Since the crime of piracy is not limited to only the
movie industry, the punishment specified above isn’t the only one dealt to
pirates. It varies with the industry in which they are committing an act of
piracy. The most notable forms of punishment are covered in the provisions
of the Copyright Act, 1957 and Information Technology Act, 2000.

The punishments specified are as follows-

Copyright Act: If a person uses a pirated computer program, or a program

that has been manufactured or acquired through copyright infringement, on
any computer device, he shall be liable for imprisonment no less than 7
days, extending up to 3 years, and a fine no less than Rs. 50 thousand,
which may be extended up to Rs. 3 lakh.
IT Act: If a person gains access to a computer, a network of computers, or
computer systems, then proceeds to view, copy and extract the data
present on the computer, either through digital means or through a
removable storage medium(pen drive or hard disk), without prior
authorization from the owner of the computer, he is liable to pay damages
as compensation which can go up to a sum of Rs. 1 crore. Any person who
downloads said stolen data will also be liable for the same amount.

Prevention of piracy
Legal consequences are effective in deterring piracy, but prosecutions
against digital pirates are rare. Most intellectual property owners receive
cease-and-desist orders against sites hosting pirated content, which are
orders to remove download links. To prevent piracy, some effective ways
include price regulation. By offering digital goods and services at lower
prices, producers can reduce the number of users pirating their content.
While this won't completely stop piracy, it reduces the incentive for people
to use pirated content, preventing it to a large extent. Price regulation is a
loosely defined but effective way to prevent piracy.

• Barriers to Entry: This is a mode of prevention that rests more within the
jurisdiction of the government. Most governments instruct and encourage
ISPs to restrict entry into sites which host pirated content, mostly by
blocking the sites on their servers. Directly barring users from accessing
these sites helps reduce the pirate users by a large amount, as most don’t
have the technical know-how i.e. how to use VPNs which is required to
circumvent the sites being blocked.
• User Confrontation: A lot of TV and streaming services often use a
combination of both the above- listed methods, but with some real-time
interaction with the users. Pirate users often get real- time messages which
notify them that the producer is aware of them using pirated content. Game
developers often use this to troll pirate gamers in hilarious, game-breaking
ways.
• Cooperation between industries: The above-listed methods to prevent
piracy, while working great on their own, often fail and fizzle out when there
is one bad link in the chain. That one bad link can be a producer who is
lenient with his content being pirated or doesn’t know about the extent of
piracy. That is why, all of the above methods, if executed systematically and
efficiently by all relevant producers at once, can be one of the biggest
deterrents to pirates.

Rules, Acts and Laws excluding Copyright Act: Information

Technology Act

The punishment for piracy, when governed under the Information

Technology Act, is direct payment of damages, which may amount to
compensation up to Rs. 1 crore.
The determination of how much the pirate will have to compensate is
quantified through these factors
• The amount of gain or unfair advantage, wherever quantifiable, made as
the result of the default
• The amount of loss caused to any person as a result of the default
• The repetitive nature of the default.
Internet Service Providers, however, are exempted from the provisions of
this Act, if they can prove that they had no existing knowledge of the act of
piracy committed The Information Technology Act, 2000 also deals with
online distribution of illicit copies of Copyrighted content.

Under Section 66 of the Information Technology Act, a person can be

punished with imprisonment for up to 3 years with fine for up to Rs. 2 lakhs.

Recently, the makers of ‘Udta Punjab’ filed a FIR against illegal distribution
of the movie before it released,
on different Torrent websites. The police arrested a man and the Bombay
High Court punished him with imprisonment for 3 years along with Rs. 3 lakh
fine for infringement of Copyright under the Copyright Act,
1957.

To curb the problem of online piracy in India, the Indian courts have adopted
a new form of order named
 'John Doe Order'. In a john doe order, the identity of accused person is
unknown at the time of filing the petition and only a small description is
given to identify the accused. The Indian film-makers are using john
doe orders to deal with online piracy of new movies on 100s of torrent
websites before they even release.
Torrent or free movie download providing websites that are apprehended to
provide illegal access to unreleased movies are blocked in advance.

The biggest crack to online piracy in India happened in 2012 when the
Kerala Anti-Piracy Cell traced IP addresses of more than 1000 people who
were involved in illegal upload and download of the movie ‘Bachelor Party’
online. The action was taken when a complaint was filed by a movie channel
which purchased the distribution rights of the movie.

(4) INTERNET SERVICE PROVIDERS

The "carriers of the internet" i.e. companies that provide internet access and
are accordingly called internet service providers (ISPs); whose revenues are
all set to soar as more and more Indians continue to be captivated by the
charms of the internet and the myriad possibilities it offers. But to sustain
the charm, internet access needs to be quick, smooth, open and transparent
which, no doubt, is the responsibility of the ISPs and yet cannot be left
totally to their control. Most of them are, after all, private entities actuated
only by business considerations and may adopt opaque and invidious
practices as and when it suits them or simply may not be able to cater to the
needs/interests of the consumers. This necessitates that the legal and
regulatory regime in which they are functioning is enabling and dynamic
without being unnecessarily overbearing. Unfortunately, this does not seem
to be the case in India at present.

Overview of Regulatory Framework

ISPs have been specifically categorized as internet intermediaries under the
Information Technology Act, 2000 (amended in 2008 and hereinafter
referred to as the Act). Section 79 of the Act provides immunity to the ISPs
in certain cases of internet wrongs even if committed through their networks
provided they follow the due diligence guidelines, prescribed in detail in the
Information Technology (Intermediaries guidelines) Rules, 2011 and
expediently remove/disable access in case of any actual knowledge of
unlawful act or on receipt of government notification to that effect. This
immunity from liability, however, does not apply when the unlawful act
concerns copyright or patent infringement, both of which have been
specifically excluded by way of proviso to section 81 of the Act.

In view of internet being one of the prime mediums for accessing,

distributing and most importantly infringing copyrighted content, liability of
ISPs in case of copyright infringement is fixed by the Copyright Act, 1957
mostly under Section 51(a) (ii) of the Act which, inter alia, holds, any person
providing "any place" for communication of infringing work, for profit, to
the public, liable of infringement unless she can prove that she was not
aware or she had no reasonable grounds for believing such communication
to be infringing.

Why Onerous?

The phrase "any place" has been interpreted to include web space
(Super Cassettes Industries Ltd. v. Myspace Inc. & Another) by the
judiciary making ISPs both proper and necessary parties in any copyright
infringement across internet. In fact, in one of the orders Madras High Court
(RK Productions v. BSNL) went on to suggest that without ISPs there
would be no piracy across internet. Well, true but there would be no internet
access as well. Hon'ble Court further expressed that since under IT Act, ISPs
have the power to block any website; it is for them to ensure that any illegal
or immoral content is not made available implying, a little erroneously, that
it is the power of the ISPs that makes them liable for copyright infringement.
To provide relief to the ISPs the 2012 amendments to the Copyright Act
introduced certain safe harbor provisions but to no avail. In a recent order
by Delhi High Court in Star India Pvt. Ltd v. Haneeth Ujwal, it was held
that ISPs have an obligation to ensure that no violation of third-party
intellectual property rights takes place through its networks. The Court
invoked the License Agreement between the Department of
Telecommunications and the ISP to saddle the ISP with the responsibility of
ensuring that any infringing work is not carried on its network. Interestingly
there was no mention of the recently introduced safe harbour provisions.
Indian judiciary seems to be shifting the burden of identifying
infringement on ISPs which essentially is the obligation of the copyright
owner ignoring the fact that ISPs lack both the institutional and logistical
capacity to assimilate information of infringement across millions of URLs
that can be accessed through their networks. In fact in Kamlesh Vaswani
v. Union of India, a PIL filed before Supreme Court of India in 2013,
seeking blanket ban on online pornography, ISPAI (Internet Service Provider
Association of India) made an unequivocal statement before the Apex Court
that without adequate legal support from the government or judiciary, ISPs
cannot ban websites. Though the issue did not involve copyright
infringement, however, the argument of the ISPs that "they cannot be made
liable for what people do on their networks just like telecom companies are
not liable for peoples' conversation" seems well founded and applicable
even in instances where they are not only held responsible for copyright
infringement but also obligated to identify it.

Why Inadequate?

What if ISPs actually start following the regulatory mandate and start
blocking websites according to their sweet will. Of course, website owners
can approach judiciary, argue freedom of speech and litigation can go on
happily ever after. But what if website is a small start-up, wary of being
involved in an expensive litigation? Who would then set right the excesses of
online censorship where ISPs have an unfettered discretion in deciding who
they provide access to?
Though in all the orders discussed above, judiciary has mandated ISPs to
ensure no online piracy takes place, there are simply no guidelines to
suggest which websites should be banned, should only infringing URLs
(Uniform Resource Locators) be blocked or complete websites, what about
one –off instances of infringement and do they also warrant complete ban
and in case of ban - who examines its legality and what rights are available
to website owners?

And what if these ISPs, encouraged by such unbridled power, also start
discriminating between various kinds of content, providing preferential
access to some online content providers over another as per their interests
and not consumers' choices? Considering that India does not have a law that
makes net neutrality mandatory for ISPs it indeed is a possibility. For
instance, Bharti Airtel, leading ISP in India, had in 2013 tied up with Google
to provide free data service up to 1GB for accessing Google search engine,
Gmail and other Google + services.
Considering that ISPs incur a lot of expenditure on providing an efficient
bandwidth infrastructure to websites desirous of faster access, they may
want to recover it by charging higher rates from them. But can such
discrimination between content be justified? Wouldn't it mar the openness
internet is known for. And even if allowed to an extent, it certainly needs to
be regulated. But net neutrality is yet to be addressed by Indian regulatory
framework pointing clearly to a regulatory gap.In the meanwhile, it remains
to be seen when India will do away with the ironical contrast of having an
onerous yet inadequate legislation.
(5) E-COMMERCE

E-Commerce, also known as electronic commerce or internet commerce, is

an activity of buying and selling goods or services over the internet or open
networks. So, any kind of transaction (whether money, funds, or data) is
considered as E- commerce. So, E-commerce can be defined in many ways,
some define Ecommerce as buying and selling goods and services over the
Internet, others define ECommerce as retail sales to consumers for which
the transaction takes place on open networks. The buying and selling of
products, services, and digital products through the Internet all fall under
the umbrella of e-commerce.

Organisation for Economic Cooperation and Development (OECD)

defines e-commerce as: “All forms of transactions relating to commercial
activities, including both organizations and individuals, which are based on
the processing and transmission of digitized data including text, sound, and
visual images.” According to this view, E-commerce does not necessarily
require the use of the Internet. Ecommerce includes all forms of transactions
that process and transmit digitized data which includes text, sound and
visual images.

E-commerce is the application of information technology and communication

technology to three basic activities related to commercial business; the
three basic activities are as follows:

1. Production and support- which includes assisting production,

distribution, and maintenance of goods and services.

2. Transaction preparation- which includes getting product information

into the market-place and bringing buyers and sellers into contract with
each other; and
3. Transaction completion- which includes concluding transactions,
transferring payments, and securing financial services.

Types of E-Commerce
E-commerce can be categorised into six categories:

1. Business-to-Business (B2B) – B2B e-commerce consists of all kinds of

electronic transactions, dealings and business related to the goods and
services that are conducted between two companies. This type of e-
commerce exists between the producers of a product and the conventional
wholesalers who advertise the product to consumers for purchase. So, in this
kind of e-commerce the final consumer is not involved and the online
transactions only involve the manufacturers, wholesalers, retailers etc.

2. Business-to-Consumer (B2C) – It is the most common form of e-

commerce, and it deals with electronic business relationships between
businesses and consumers. This kind of e-commerce allows consumers to
shop around for the best prices, read customer reviews and find different
products that they would not find otherwise in the retail world. This kind of
e-commerce is related to the transactions and relationships between
businesses and the end customers. Today, we find
various online shopping sites and virtual stores on the internet, that sell
thousands of products, ranging from computers, fashion items to medicines
and other necessities.

3. Consumer-to-Consumer (C2C) – This level of e-commerce consists of

all electronic transactions that take place between consumers. This consists
of electronic transactions of goods and services between two customers and
is mainly conducted through a third party that provides an online platform
for these transactions. C2C e-commerce consists of sites where old items
are bought and sold, such as OLX, Quickr etc. Generally, these payment
transactions are provided by online
platforms (such as PayTM, GooglePay etc), and are conducted through social
media networks (such as Facebook, Instagram etc) and websites.

4. Consumer-to-Business (C2B) – In C2B e-commerce, a consumer or an

individual makes their goods or services available online for companies to
purchase, so, in this kind of e-commerce a complete reversal of the selling
and buying process takes place. For example, a graphic designer making a
company site or logo or a photographer taking photos for an e-commerce
website. This is very relevant for crowd-sourcing projects.

5. Business-to-Administration (B2A) – This e-commerce consists of

electronic transactions that takes place companies and bodies of public
administration such as government. Therefore, the B2A model is sometimes
also referred to as B2G Business-to-Government). Many processes are
becoming optimized through digitalization because of that many
administrations and governing bodies are implementing third-party
technologies to assist in the process. This involves many services in various
areas such as social security, fiscal measures, employment and legal
documents.

6. Consumer-to-Administration (C2A) – This e-commerce consists of

electronic transactions that take place between people and bodies of public
administration. This relationship allows access for consumers to receive
information, make payments, and establish direct communication between
the government or administrations and the consumers. Many common C2A
transactions may include paying taxes, fines, or paying tuition to a
University. The main objective of both the B2A and C2A types of e
Commerce is to increase flexibility, efficiency, and transparency in public
administration.

Existing Legislation

In India, the Information Technology Act 2000 governs the basic applicability
of e-commerce. It is based upon UNCITRAL Model but is not a
comprehensive legislation to deal with e-commerce related activities in
India. Further, e-commerce laws and regulations in India are also
supplemented by different laws of India as applicable to the field of e-
commerce. For instance, e-commerce relating to pharmaceuticals,
healthcare, traveling, etc. are governed by different laws though the
information technology act, 2000 prescribes some common requirements for
all these fields. The competition commission of India (CCI) regulates anti
competition and anti-trade practices in ecommerce fields in India. Some
stakeholders have decided to approach courts and CCI against ecommerce
websites to file complaint about unfair trade practices and predatory pricing
by such ecommerce websites.

The Draft E-Commerce Policy, 2018

The e-commerce policy in India has been delayed for three years, causing
agitation among investors, vendors, and retailers. The draft E-Commerce
Policy, 2018 is a positive development in the sector, based on suggestions
from industrial players and various bodies. The government is interested in
consulting with other players to create a policy that meets market needs
and adapts to India's vibrant economy. However, the draft policy has its own
set of benefits and banes. It states that deep discounting has negatively
affected offline sales and unregulated discounts must be ended. It also
restricts direct or indirect influence on the price or sale of products and
services of online retailers to group companies investing in them, potentially
leading to a complete restriction on e-tailers from giving deep discounts.
Business decisions should not be micromanaged in this way.

Consumer Protection
India's e-commerce market has reached USD 20 billion, significantly
impacting various industries, including travel, telecommunication, and online
trading. The government has promoted e-commerce, focusing on e-
consumer activities and service delivery. However, legal control still needs
to catch up with supply. The Consumer Protection Act 1986 governs
consumer-provider relations, excluding free services and triggering liability
for deficiency in services, defects in goods, or unfair trade practices. The act
ensures consumer confidence in law and liability arises when there is a
defect in goods or unfair trade practices. The act also covers the distribution
of goods, although no specific act regulates online transactions. The
Consumer Protection Act is designed to maintain consumer confidence in
law and excludes free services.
. Some of the various protections under the consumer protection act on e-
commerce can be listed below
• Removal of defects.
• Replacement of goods.
• Return of price in case of discrepancy.
• Discontinue any form of restrictive trade practice.

General principles that have been recommended and accepted

universally, so as to protect the consumers
in e-commerce:

Consumers who participate in e-commerce should be provided with

transparent and effective consumer protection that is affordable for which
government and stakeholders might work together.
• Businesses should in no circumstance engage in making representation or
practice anything that’s misleading or works to the right of the consumers.
• Businesses should never conceal any term or condition that might affect
the consumer’s decision regarding the transaction
• If a contract’s term stipulates the monetary damage to be furnished in the
case of consumer’s violation of the contract, it should be ensured that such
compensation is in proportion to the damage caused.
• Businesses should not restrict a consumer’s ability to make negative
reviews, dispute charges or file complaints with government and other
agencies.
• Advertising and marketing should be clearly identifiable as such
• Advertised price must not hide the total cost of a good or a service
• The payment made for the confirmation of a transaction must be clearly
stated and not be ambiguous under any circumstances. Transactions in e-
commerce can only process with the informed consent of the consumers.
• Businesses should enable the consumers to maintain a record of such
transaction for future use as evidence or other things, as the case maybe
• Businesses must manage the digital security risk and implement security
measures for reducing or mitigating adverse effects relating to e-commerce.

The Consumer Protection Bill, 2015

 The Consumer Protection Bill, 2015, was introduced in the Lok Sabha to
replace the 1986 Consumer Protection Act and incorporate e-commerce. The
bill aims to modernize consumer protection laws due to market changes and
India's growth in the e-commerce sector, which has crossed 15 billion
dollars. It includes stringent penalties for e-retailer offenses and is seen as
an emergency due to technology advancements. The bill addresses the
shortcomings of the existing legal framework, which does not include free
services, causing unprotected online transactions. Both new and old
entrepreneurs must understand the bill's precision and focus on consumer
protection for the internet age in India.

Conclusion: Technology is leaping with unmatched speed, today. As

Charles Clark once remarked, ‘the answer to the machine is in the machine.’
Though trade has too lived up to this and thus started off with the idea of e-
commerce, however, the review of existing legal framework shows that it
has failed to address the e-commerce needs. The consumer protection Act
does not include any service that is free of charge in its ambit. Thus, an
online transaction that does not charge the consumers clearly remains
unprotected by the consumer protection act. Thus, discrepancies and
loopholes pose a huge hurdle in protecting the consumers who participate in
e-commerce. Here in India, the journey has commenced undoubtedly, but it
is indeed a long way to go.

(6) HACKING

Hacking is a part of programmer subculture. According to Cambridge

dictionary, hacking means ‘the activity of illegally using a computer to
access information stored on another computer or to spread a virus’.
Bloombecker (1984) defined hacker as ‘a person who enjoys learning the
details of computer systems and how to stretch their capabilities’ and ‘one
who program enthusiastically’. This could become a problem for the person
at the receiving
end. This illegal act of using computer involves unauthorized breach of
computer security mechanisms. The cyber criminal has technical knowledge
of computer and networking system, the kind of people who trespass in
secured system or network are called as hackers.
Any computer connected to internet is vulnerable to hacking, no matter
what country they are in.
There are majorly four types of hackers based on their motives which are
illustrated as under:
1. White Hats: Hack into a system with consent and full knowledge of system
administrator. This is done to locate loopholes in system/network to patch up
the vulnerable areas.
2. Black Hats: Hack the system for personal gains, for fun or with mal-
intentions towards the target. They are also called as crackers.
3. Grey Hats: Hack the system without the consent and full knowledge of
system administrator but later reveals the areas to the administrator that
needs fixing. Their main aim is not to achieve any personal gain.
4. Hactivists: Hacks websites and posts political, religious or social messages
over website’s homepage screen. Their main aim is to voice ideas and
opinions about an issue, event or an ideology.

The types of hacking are:

1. Computer Hacking
Computer hacking involves cracking user password and gaining access to
information stored in hard disk. Usually, a computer hacker boots the
system in safe mode to run a program that controls user password. Once the
password is reset, after the restart, the hacker gets access to the computer.

2. Email Hacking
Email hacking is about obtaining login password. To do this, the hacker may
use keylogging software. Keylogger software is a spy program that records
keystrokes without the knowledge of computer user. Once installed,
keylogger cannot be detected by user as it works in stealth mode as well.
Other way used by email hacker is phishing. The hacker creates fake email
login pages (copy of genuine website) in which victim enters her/his email
ID and password which is accessible to the email hacker.

3. Ethical Hacking
Ethical hacking is done by an individual or an organization to examine the
ways to strengthen the cyber security wall of a company or a network. An
ethical hacker acts as a supervisor who tries to infiltrate in computer
network with the knowledge of administer and suggest areas that needs
technical repairing work to minimize the vulnerability factor. The ethical
hacker acts in a manner keeping potential attacks in mind, that way ethical
hackers
keeps cyber security measures a step ahead of cyber criminals. Ethical
hacker needs to stick by certain principles that involve seeking permission
from administrator, protect the right to privacy of people involved and never
use information for exploiting at later stage and assist software developer in
building more secured system.

4. Network Hacking
Networks and their connections are important for internet to run well. In
order to damage networking system, network hackers manipulate
connections through malicious program attacks. Network hacking is done
through malicious scripts or software specifically designed to manipulate
networking connections. The techniques of network hacking involves
creating worms, unleashing denial of service attacks or breaching a network
via unauthorized remote access. There are certain Root Kit programs as well
whose function is to detach control of operating system from legitimate
programs/software/operators/administrators. The hole created by
detachment is used by the hacker to infiltrate and perform malicious
activities with the target system.

5. Password Hacking
A password is important entity to secure sensitive information. Password is
there for online banking accounts, email accounts, computer system, ATMs,
computer applications, networks and more. In order to hack into user’s
system, the hacker cracks the password. To do this, the hacker either access
the password (by having the knowledge of computer user’s personal
information) or the hacker could use advanced computing resources to crack
passwords.

PREVENTIVE MEASURES
To protect the system from hacker’s attack it is essential to take some
preventive measures which are enumerated as under:
1. Updating system: The operating system of the computer or the
applications in the mobile regularly sends update notifications. These
updates shall be installed as and when they are available. An updated
operating system is more secured and ready to avert hacker attacks.

2. Passwords: Passwords shall not be shared with others. This involves not
sharing with friends, family or colleagues, system administrators at work.
The password set for a device (May it be a desktop computer, laptop, tablet,
mobile or notebook) shall be kept secured, preventing it from getting in to
wrong hands.

3. Changing Passwords regularly: The password needs to be changed on

regular basis. It is also suggested to use combinations of alphabets-
numerical-special characters to increase the security strength of it. To avoid
any sort of inconvenience, one may remember or store latest password at
safe place.

4. Safe sites: The hackers target system by duping computer users through
fake websites or luring users to install malicious codes hidden in any form of
utility or entertainment file.It is very important that users shall visit only safe
websites. The sites with padlock icon at the start of URL are safe sites and
shall be used to browse the internet or download software from it.

5. Interact with official websites only: There is a high probability that the
website visited by internet user may not be a genuine website. If not being
careful about it, the user may end up entering his/her personal details, User
ID-password or online bank details which will go in hands of a cyber criminal,
leading to huge losses to the victim. It is important to identify the fake
websites or websites with malicious codes embedded in them

6. Logging out properly: It is a common habit of many computer users to

cancel the browser without logging out which could be dangerous if
accessed by other person who readily access user’s account without even
 cracking the password. This practice is more vulnerable when done in cyber
café or in a system of an office. The computer user shall always log out
properly from all websites and manually remove the user ID and password
credentials from the setting menu of the browser.

7. Installing Antivirus program: The computer user shall install an updated

antivirus program. The antivirus program shall be used to scan the system
on regular basis and also be updated as and when updates are available.
Antivirus program also ensures that the system gets connected only to
trusted and safe systems. Below are few examples of popular and free
antivirus programs that could be installed to secure the system.

Punishment :
Under the Information and Technology Act,
According to Section 66, the punishment is imprisonment up to 3 years, or a
fine which may extend up to 2 lakh rupees, or both. According to Section 43,
liability is to pay damages by way of compensation to the person affected by
the stealing of the data. Section 668 entails punishment for receiving stolen
computer resources or information. The punishment includes imprisonment
for one year or a fine of rupees one lakh or both. The maximum punishment
for theft under Section 378 of the IPC is imprisonment of up to 3 (three)
years or a fine or both.

(7) E-CONTRACT

Section 2(h), of the Indian Contract Act, 1872, tells us that the term
'contract' is an agreement that is enforceable under the law. Interestingly, in
the case of an E-Contract, the essence of Section 2(h) is still sustained by
only tweaking the mode in which the Contract comes into existence.

An E-Contract is a legally binding agreement that is drafted, negotiated, and

executed digitally, unlike traditional paper-based contracts. Despite the
absence of a physical meeting, parties communicate through the internet or
telephonic media. E-Contracts are a step ahead of traditional pen-paper
contracts, as they are created through electronic and digital mediums,
ensuring a meeting of minds and enforceable under the law.

legal validity of an e-contract

Traditional Contractual Obligations are being replaced by Electronic
Contracts due to their convenience and Indian Judicature recognition.
Understanding the legal recognition of an E-Contract under Indian Law is
crucial, as it relates to Section 10 of the Indian Contract Act, 1872 and
Section 10-A of the Information Technology Act, 2000. This shift is largely
due to the ease of transactions.

Section 10 of the Indian Contract Act, 1872 provides the crucial pre-
requisites for a Contract to be legally valid. It is mandatory that a Contract
satisfies the essentials specified in Section 10 of the Contracts Act, i.e.,

1. Offer
2. Acceptance to Offer
3. Consensus ad Idem
4. Lawful Consideration

"Section 10-A of the Information Technology Act, 2000: Validity of

contracts formed through electronic means. The Indian Contract Act
and Section 10(A) of the Information Technology Act both establish that if a
contract is expressed in electronic form or through an electronic record, it is
not unenforceable solely because it was used for that purpose. This is
because an E-Contract, meeting all the essential conditions under Section 10
of the Indian Contract Act, cannot be denied its legal authenticity only for
the fact that it was digitally conceived and executed. Therefore, E-Contracts
are enforceable by law and considered valid contracts. It is crucial to
determine the legal validity of an E-Contract to seek legal recourse in case
of any breach.

Kinds of e-contracts : E-contracts are specific to the nature of the

business. There are various types of E-Contracts executed depending on the
structure of the business. The amalgamation of the conventional contracts
with the proficiency of technology constitutes an E-Contract. Below are a few
of the most common types of E-Contracts:

1. Shrink Wrap Agreements

2. Clickwrap Agreements
3. Browse Wrap Agreements
4 Scroll Wrap Agreements
5. Sign-In Wrap Agreements
6. Shrink Wrap Agreements

Shrink Wrap agreements are the End User License Agreements (EULA) or
Terms and Conditions, which are packaged with the products. The technique
of enclosing the product in a plastic wrap is called Shrink Wrap which
declares that the customer purchasing it is bound by the EULA.

Usage of the product is deemed acceptance by the user. Interestingly, the

acceptance is by default once the product is purchased along with the
packaging being ripped and utilized. An example of Shrink Wrap Agreements
is Software Drives.
Clickwrap Agreements : Clickwrap agreements are a form of agreement
used for software licensing, websites, and ather electronic media. When the
user logs in to a website the terms and conditions or the privacy policies of
the website are to be accepted by the user as legal consent. Though the
user is intimated in this method about the existence of certain terms and
conditions and is required to accept the same, there is no power of
negotiation.

The user clicks "I Agree to be bound by the legal obligations, Some
prominent examples of Click Wrap agreements are Amazon, Flipkart, and
Make My Tnp.

Browse Wrap Agreements : Browse Wrap Agreements are online contract or

license agreements commonly used in website notices or mobile
applications. The terms and conditions are provided in a 'Hyperlink' in some
part of the website which is not beforehand intimated to the user.

There is no procedure to assent or reject the Terms and Conditions. At the

onset, when the user is aware of such terms they can scroll down and
double click on the terms and conditions to have a complete view of the
same.

Scroll Wrap Agreements : The Scroll Wrap Agreements require the user to
scroll down the License Agreements, implying that it has been read by the
user by scrolling down through the terms and conditions before they can
give their assent or rejection.

Sign-In Wrap Agreements : The Sign-In Wrap agreement is a kind of E-

Contract in which once the end-user has signed into an online service or
signs in to use a product the acceptance is acquired.

Stamping of e- contract

The Indian Stamp Act, 1899, imposes stamp duty on all documents with
rights or liabilities, excluding certain types like bills of exchange, letters of
credit, cheques, promissory notes, bills of lading, insurance policies, and
transfers of share. The term 'document' also includes electronic records as
defined in the Information Technology Act, 2000. In India, electronic
documents are stamped through print-on-stamping, franking, or E-Stamping,
which requires a stamp duty certificate.

Conclusion : As the world is steadily moving toward complete digitalization

and the idea of remote operations in all fields is quickly gaining momentum
it can be safe to say that E-Contracts is the next potent revolution that in its
stride is ready to completely take over the business field globally and as a
result gradually fade away the usage of traditional contracts in all spheres.