TABLE OF CONTENTS

 INTRODUCTION
 CONCEPTUAL ANALYSIS
 KINDS OF CYBER CRIMES IN INDIA
 INTERNATIONAL FRAMEWORK REGARDING CYBER CRIMES
 LEGISLATIVE FRAMEWORK OF CYBER CRIMES IN INDIA
 JUDICIARY’S ROLE
 COMPARATIVE STUDY WITH OTHER COUNTRIES
 SUGGESTION
 CONCLUSION

1
 CYBERCRIMES

INTRODUCTION

With the increasing use of computers in society, cybercrime has become a major
issue. The advancement of technology has made man dependent on internet for all his needs.
Internet has given man access to everything while sitting at one place. Social networking,
online shopping, online studying, online jobs, every possible thing that Man can think of can
be done through the medium of internet. 1

The cybercrime is different from any other crime happening in the society. The reason being,
it has no geographical boundaries and the cyber criminals are unknown. It is affecting all the
stakeholders from government, business to citizens alike. In India cybercrime is increasing
with the increased use of information and communication technology (ICT). Cyber crime is
not an old sort of crime to the world. It is defined as any criminal activity which takes place
on or over the medium of computers or internet or other technology recognised by the
Information Technology Act. Not only the criminals are causing enormous losses to the
society and the government but are also able to conceal their identity to a great extent. There
are number of illegal activities which are committed over the internet by technically skilled
criminals. Taking a wider interpretation it can be said that, Cyber crime includes any illegal
activity where computer or internet is either a tool or target or both.

The term cyber crime may be judicially interpreted in some judgments passed by courts in
India, however it is not defined in any act or statute passed of growing dependence on
computers in modern life. Usage of computer and other allied technology in daily life is
growing rapidly and has become an urge which facilitates user convenience. It is a medium
which is infinite and immeasurable. Whatsoever the good internet does to us, it has its dark
sides too 2.

CONCEPTUAL ANALYSIS

Cyber crime is a general term describing the myriad of criminal activities carried out
using a computer, network, or another set of digital devices. Consider cyber crime the

1
J.W.C. Turner, Kenney’s Outlines of criminal law (19th Edition University Press, Cambridge 1966) also at
Talat Fatima, Cyber Crime (1st Edition, Eastern Book Company, Lucknow (2011) p. 64-68
2
Prof. R.K.Chaubey, “An Introduction to Cyber Crime and Cyber law”, Kamal Law House, 2012

2
umbrella over the vast range of illegal activities that cyber criminals commit. These include
hacking, phishing, identity theft, ransomware, and malware attacks, among many others.

The reach of cyber crime knows no physical boundaries. Criminals, victims, and technical
infrastructure span worldwide. With the use of technology to exploit security vulnerabilities
on both a personal and enterprise level, cyber crime takes many shapes and continuously
evolves. In turn, the ability to effectively investigate, prosecute, and prevent cybercrimes is
an ongoing fight with many dynamic challenges 3.

Cyber crime poses a serious threat to individuals, businesses, and government entities and
can result in significant financial loss, damaged reputation, and compromised records. As
technology advances and more people rely on digital devices and networks for standard
operations, the threat of cyber crime continues to increase, making it more critical than ever
to take steps to protect against it.

The Indian Legislature doesn’t provide the exact definition of Cyber crime in any statute,
even the Information Technology Act, 2000; which deals with cyber crime doesn’t defined
the term of cyber crime. However, in general the term cybercrime means any illegal activity
which is carried over or with the help of internet or computers.

Dr. Debarati Halder and Dr. K. Jaishankar define cybercrimes as: “Offences that are
committed against individuals or groups of individuals with a criminal motive to intentionally
harm the reputation of the victim or cause physical or mental harm, or loss, to the victim
directly or indirectly, using modern telecommunication networks such as Internet (Chat
rooms, emails, notice boards and groups) and mobile phones (SMS/MMS)” 4

We do not have any precise definition of cyber crime; however following is the general
definitions of term cyber crime:

The Oxford Dictionary defined the term cyber crime as “Criminal activities carried out by
means of computers or the Internet.”

“Cyber crime may be said to be those species, of which, genus is the conventional crime, and
where either the computer is an object or subject of the conduct constituting crime”.“Cyber
crime means any criminal or other offence that is facilitated by or involves the use of
electronic communications or information systems, including any device or the Internet or
any one or more of them”
3
Abraham D. Sofaer, Seymour E, The Transnational Dimension of Cyber Crime Terrorism, Hoover Institution
Press, 2001
4
http://cybercrime.planetindia.net/intro.htm (Accessed on 4th February, 2016)

3
Professor S.T. Viswanathan has given three definitions in his book The Indian Cyber Laws
with Cyber Glossary is as follows –

1. Any illegal action in which a computer is the tool or object of the crime i.e. any crime,
the means or purpose of which is to influence the function of a computer,
2. Any incident associated with computer technology in which a victim suffered or could
have suffered loss and a perpetrator, by intention, made or could have made a gain,
3. Computer abuse is considered as any illegal, unethical or unauthorized behaviour
relating to the automatic processing and transmission of data. 5

KINDS OF CYBER CRIMES IN INDIA

1. Piracy and unauthorised access – Any access made without the consent of a valid or
accountable computer, computer system, or computer network is considered an unauthorised
access. Unauthorized access to a computer system or network is referred to as "hacking."
Piracy includes all actions taken to obtain access to a computer or network. Hackers attack
the target machine using either ready-made or custom computer programmes. They enjoy the
rush that destruction offers them and desire it. By gathering credit card information, shifting
money from many bank accounts to their account, and then taking the money, some hackers
transgress their own financial interests. Governmental websites are the ones that hackers
target the most.

2. Web Hijacking - The act of taking total control of another person's website is referred to
as web hijacking. Because of this, the website owner no longer has control over his website's
content.

3. Pornography – Pornography refers to the depiction of sexual behaviours with the intent to
arouse the desire to engage in such behaviour. The term "pornography" also refers to
pornographic websites, computer-generated pornographic periodicals, and mobile phone-
delivered Internet pornography. 6

4. Child pornography – “Pedophiles attract children by distributing pornographic material

and then try to meet them to have sex or take nude photographs, including their participation

5
Stambaugh, H., et. al, Electronic Crime Needs Assessment for State and Local Law Enforcement, National
Institute of Justice Report, Washington, Dc: U.S. Department of Justice, March 2001. Available at:
https://www.ncjrs.gov/pdffiles1/nij/grants/198421.pdf (Accessed at 04th February, 2016)
6
http://internet-filter-review.toptenreviews.com/internet-pornography-statistics.html (Accessed on 6th February,
2016)

4
in sexual positions. Pedophiles sexually exploit children, using them as sexual objects or
taking their pornographic photos to sell them on the Internet”.

5. Cyberbullying - The use of Internet services by a cybercriminal to repeatedly harass or

threaten a victim is known as cyberbullying.

6. Denial of Services - This type of attack prevents the target from using or providing the
services to which he is entitled by flooding his network bandwidth or overflowing his spam
folder. This kind of attack aims to disable the network by saturating it with unneeded traffic.

7. Viral attacks - Viral programs can replicate themselves, infect other programs, and
propagate to other programs. Data on a computer is typically modified or deleted by viruses.
A Trojan horse is a program that mimics other behaviours.

8. Software piracy - Software piracy is the term used to describe the unauthorized
duplication of original software or the fabrication and distribution of goods that are meant to
pass for the genuine article. Theft of computer source code, copyright infringement,
trademark infringement, and other similar offenses are also included in this category. 7

9. Salami attacks - Financial crimes are committed using this style of assault. The goal is to
make the modifications so minor that they might not even be noticed in one instance. As an
example, imagine that a staff member installed a program on the bank's server that
automatically withdraws a tiny sum of money (say, $5 per month) from each of the client's
account. The account user won't likely be aware of this illegitimate debt, but the bank staff
will profit handsomely each month. 8

10. Phishing - In order to deceive a user into providing personal information that will be used
for identity theft, the technique of "phishing" involves sending the user an email while
making fictitious claims that the sender is a trustworthy company.

11. Sale of illegal items / illegal goods – In this type of cybercrime involves the purchase
and sale of the illicit goods such as narcotics, guns, and wild animals by posting
advertisements on websites, bulletin board and auction sites, or just by sending emails. 9

12. Online gaming - There are millions of websites that offer online gambling, all of which
are hosted on foreign servers. In truth, several of these websites are really suspected of

7
Gorman, L. and Maclean, D. Media and Society in Twentieth Century, Blackwell publishing, 2003.
8
http://cybercrime.org.za/definition (Accessed on 4th January, 2016)
9
http://www.naavi.org/pati/pati_cybercrimes_dec03.htm (Accessed on 4th January, 2016)

5
serving as fronts for money launderings. Online reports of money laundering and hawala
transactions have been made.

13. Email spoofing - Email representation describes emails that look to be sent by one source
but were actually sent by another. E-mail representation can also result in financial loss.

14. Cyber-Defamation - This happens when someone makes defamatory comments online or
sends slanderous emails to a person's friends in bulk.

15. Falsification - Invoices, postal and entry labels, brand sheets, and other documents are
faked using computers, printers, and scanners. They are produced using printers, scanners,
and computers of the highest caliber.

16. Theft of information - in electronic form, like that which is stored on hard discs or other
portable storage devices.

17. “Bombardment via email” - In this scenario, the victim's email account (in the event of
a person) or mail servers are blocked as a result of sending a high number of emails to the
victim.

18. Data distribution - Before the computer processes the raw data, this type of attack
modifies it, and then modifies it once processing is complete. 10

19. Infringement of one's right to privacy and confidentiality - A person has the right to
choose whether and how much of their personal information is shared with others. The use,
unauthorized disclosure, or dissemination of personal data constitutes a privacy violation.

20. Cyber - terrorism - The most likely targets of an attack are military installations, power
plants, centres for air traffic control, banks, and telecommunications networks. The police,
medical professionals, firefighters, and rescue services are among others. For a variety of
reasons, cyber terrorism is an appealing choice for contemporary terrorists. 11

21. Cyber stalking – It doesn’t not involve any physical contact yet stalking through the
internet has found favour among the offenders for certain advantages available like, ease of
communication access to personal information and anonymity. 12

As far as cyber stalking is concerned, the offender has the advantage that he can sit anywhere
in the world and harass the victim by posting certain derogatory comment or post comments
on common discussion boards or put the mobile number of the victim and his email address

10
http://www.oxforddictionaries.com/definition/english/cybercrime (Accessed on 4th January, 2016)
11
Dr. Sirohi M. N., Cyber Terrorism and Information Warfare, Alpha Editions, Delhi
12
http://www.sociosite.org/cyberstalking_en.php (Accessed on 10th February, 2016)

6
on certain social sites which prompt the other users to send massages or phone calls to the
victim in misconceived notion. The internet has wide reach, the way we communicate online,
the personal data of individual and other information is easily accessed by the offenders
through the internet medium, and this makes the individual vulnerable to the offence such as
cyber stalking.

INTERNATIONAL FRAMEWORK REGARDING CYBER CRIMES

The role of international treaties, conventions and protocols concerning the

cybercrime which is a part of the cyber space is immense as it provides for a regulatory
framework for the relevant countries who are part of the treaty or conventions. This will bind
the countries to cater with the rules and regulations of the treaties, conventions, and
protocols. The following are the some of the treaties, conventions and protocols that is
worldwide accepted by majority of the countries.

 The United Nations is the most well-known of all international organizations. The United
Nations Commission on International Trade Law (UNCITRAL) is the organisation in
charge of harmonizing and unifying international trade law. UNCITRAL, based in
Vienna, is a global legal organisation that has specialised on commercial law reform for
over 40 years. The mission of UNCITRAL is to modernize and harmonise international
business rules. In 1996, the UNCITRAL issued a Model Law on Electronic Commerce in
response to the expanding use of electronic commerce and advanced communications
technologies in international trade. This was based on a resolution passed by the United
Nations General Assembly in 19851 encouraging nations and international organizations
to take steps to safeguard legal security in the context of the widespread use of automated
data processing in international trade.
 A World Summit on the Information Society (WSIS) was conducted in two phases, one in
Geneva from December 1 to 12, 2003, and the other in Tunis from November 16 to 18,
2005, under the auspices of the United Nations, with the International Telecommunication
Union playing a prominent role. Realizing the enormous potential of information and
communication technologies in human development, world leaders declared their
"common desire and commitment to build a people-centered, inclusive, and development-
oriented information society, where everyone can create, access, utilize, and share
information and knowledge, enabling individuals, communities, and peoples to achieve
their full potential in promoting their sustainable development" at the summit in Geneva
in 2003. One of the goals of the WSIS was to alleviate the digital divide, or the unequal

7
 distribution of the advantages of the information technology revolution between
developed and poor countries and within societies.
 The United Nations Commission on Trade and Development (UNCTAD) is the primary
trade and development agency of the United Nations General Assembly. UNCTAD has
been engaged in advocating for the role and importance of information and
communication technologies in development since 1998, when the General Assembly
allocated it a special grant to pursue and promote electronic commerce initiatives.
 Around 67 countries have signed the Convention, and ten international organizations (the
Commonwealth Secretariat, European Union, INTERPOL, International
Telecommunication Union, Organization of American States, UN Office on Drugs and
Crime, and others) participate in the Cybercrime Convention Committee as members or
observers. The Signatories' implementation of the Convention is the responsibility of the
Committee. However, because India is not a signatory to the Convention on Cybercrime,
it is not compelled to change or execute its domestic laws in line with the Convention. 13
 Members of the World Trade Organization (WTO) adopted a declaration on global
electronic commerce on May 20, 1998, during their Second Ministerial Conference in
Geneva, Switzerland, due to the growing importance of internet commerce in global
trade. The WTO General Council was directed to prepare a thorough work programme to
evaluate all trade-related concerns arising from electronic commerce, and to deliver a
progress report to the WTO's Third Ministerial Conference, according to the Declaration.
 The Group of Eight (G8) was primarily focused on prosecuting high-tech criminals and
supporting technical and legislative improvements to combat worldwide computer crimes
at the Denver Summit in 1997.
 The Okinawa Charter on Global Information Society, adopted at the Okinawa Summit in
2000, adopted the concepts of international collaboration and harmonization for
cybercrime. The Group of Eight agreed on the importance and principles of privacy
protection, free flow of information, and transaction security.
 WIPO, the World Intellectual Property Organization, is situated in Geneva and has 179
member states. WIPO's mission is to "advance the protection of intellectual property
around the world through international collaboration." (WIPO Convention, Article 3)
WIPO is the custodian of 23 international treaties and serves as a platform for worldwide
IP policy development and administration. The migration of intellectual property to the
13
Ekadshi & Deepti Monga, Comparative analysis of Cyber Security laws of India, United States and United
Kingdom, 9 Int. J. Law 88, 90 (2023)

8
 digital realm is the order of the day, as IP is well suited to digitalization. Because an
infinite number of perfect copies may be generated and readily distributed across digital
networks around the world, IP on the internet is insecure. As a result, it's understandable
that online content, such as information, music, software, films, business procedures,
databases, and so on, needs to be protected.
 The United Nations Convention Against Transnational Organized Crime (UNCTOC) was
adopted by the United Nations in 2000. The Palermo Convention requires state parties to
create domestic criminal charges that target organized criminal groups, as well as new
procedures for extradition, mutual legal assistance, and law enforcement cooperation.
Even though the treaty does not specifically mention cybercrime, its provisions are
extremely pertinent.
 Article 34 of the 1989 Convention on the Rights of the Child mandates that states protect
children from all forms of sexual exploitation and abuse, including prostitution and
pornography.
 Protocol to the Convention on the Rights of the Child (Optional Protocol) (2001) – The
sale of children, child prostitution, and child pornography are all addressed in this
protocol, which is based on the CRC Convention. The production, distribution,
dissemination, sale, and possession of child pornography are all prohibited under Article
3(1)(c). The Internet is mentioned in the Preamble as a source of child pornography
distribution. Article 2(3) contains a definition of child pornography that is wide enough to
include virtual images of minors.

LEGISLATIVE FRAMEWORK OF CYBERCRIME IN INDIA

The Information Technology Act, 2000 ("IT ACT") governs cyber laws in India. The
act's principal goal is Protection of private data and personal information of persons has
become increasingly important in today's digital world as the number of IT-enabled services
grows. In a broader sense, sensitive and vital information that is critical to national security
need protection as well. The IT Act provides the infrastructure required to set up a secure
system and limit access to confidential information.

The United Nations Commission on International Trade Law (UNCITRAL) adopted the
Model Law on Electronic Signatures in 2001. The general assembly's recommendations
urged all states to integrate the Model Law on Electronic Signatures into their own state laws.
The provisions on digital signatures are incorporated into the IT Law, which is in line with
the UNICITRAL Model Law.

9
Crimes have also made their way into the digital sphere as a result of the advancement of
information technology. Hacking, voyeurism, identity theft, and other cybercrimes and
ecommerce frauds are becoming an increasing concern around the world. The IT Act
identifies these offences and imposes appropriate penalties in order to deter them.

The Act also includes provisions that allow service providers to set up, maintain, and improve
computerised facilities while also allowing them to collect and retain adequate service costs if
the State and Central Governments give them permission.

It encompasses a wide range of topics, including data protection, data security, digital
transactions, electronic communication, freedom of expression, and online privacy, to name a
few.

The Information and Technology Act is based on the United Nations Model Law on
Electronic Commerce (UNCITRAL Model), which was recommended by the United Nations
General Assembly in a resolution dated January 30, 1997." In India, the legislation
establishes a legal foundation for e-commerce. It focuses on and addresses digital crimes,
sometimes known as cybercrime, as well as electronic trade. The legislation was passed in
order to update some outdated laws and to give cybercrime jurisdiction. These laws have
addressed issues such as electronic authentication, digital (electronic) signatures, cybercrime,
and network service provider liability. In addition, the Information Technology Amendment
Bill of 2008 amended the statute. The Indian Penal Code of 1860 and the Indian Evidence
Act of 1872 were amended by the IT Act of 2000 to take into account the fast-changing
technological landscape.

On October 17, 2000, the Cyber Law IT Act 2000 was enacted in India to address ecommerce
and cybercrime. After the Indian Constitution was drafted, cyber legislation was enacted. As a
result, it is a residuary topic managed by the Central Government that is not included in the
three lists: Union, State, and Concurrent. The following is a list of characteristics of Cyber
Law as defined by the Act:

 All electronic contracts entered into through secure electronic channels are legally
binding.
 E-records and digital signatures are protected by security mechanisms.
 The Cyber Law Act establishes a procedure for appointing an adjudicating officer to
conduct investigations.
 Digital signatures are legally recognized under the IT legislation act. The employment of
an asymmetric cryptosystem and a hash function is also required for digital signatures.

10
 Without a warrant, top police officers and other officials are able to search any public
case.
 The Act includes a provision to create a Cyber Regulation Appellate Tribunal. This
tribunal hears appeals from the Adjudicating Officer's or the Controller's final orders.
However, the only way to challenge the tribunal's decision is to go to the High Court.
 The act also establishes a Cyber Regulations Advisory Committee, which will advise the
Controller and the Central Government.
 The Cyber Law Act's nature also applies to online crimes or offenses committed outside
of India.
 There is also a provision for the Controller of Certifying Authorities to be established,
which will license and regulate the Certifying Authorities' operations. In this situation, the
Controller stores all of the digital signatures.

Areas where cyber law is not applicable;

 The Central Government has started a number of initiatives and papers.

 Financial and legal acts performed by a person who has been lawfully designated as a
Power of Attorney.
 Contract for the sale or transfer of real estate.

Some of the most important sections under Information Technology Act, 2000 are,

Section 3 - Authentication of electronic records

Section 4 - Legal recognition of electronic records

Section 5 - Legal recognition of Digital signature

Section 6 - Use of electronic records and digital signature in Government and its agencies

Section 17 - Appointment of controller of certifying authorities and other officials

Section 18 - Functions of controller of certifying authorities

Section 43 - Penalty for damages to Computer, Computer systems, unauthorized access,

download of data, infecting with virus, denial of access etc.

Section 44 - Penalty for failure to furnish information returns etc to the certifying authority

Section 48 - Establishment of Cyber appellate tribunal

Section 65 - Penalty for tampering with Computer source documents

Section 66 - Penalty for hacking of computer system

Section 66B - Penalty for receiving stolen computer or communication devices

11
Section 66C - Penalty for identity theft

Section 66D - Punishment for cheating by personation by using computer resources

Section 66E - Penalty for capture, transmit of publish images of a person without consent

Section 66F - Penalty for cyber terrorism

Section 67 - Punishment for publishing information which is obscene in electronic form

Section 67A - Penalty for publishing images containing sexual act or conduct

Section 67B - Penalty for child pornography

Section 70 - Penalty for securing access or attempting to secure access to a protected system

Section 71 - Penalty for misrepresentations 14

 The National Cyber Security Policy was announced by the Indian government on July 2,
2013. This plan takes into account the growth of cybercrime, the advancement of
information technology, and aspirations for societal reform. Its 14 objectives include
50,000 highly skilled cyber security experts being trained over the period of the next five
years, investigating and prosecuting cybercrime, enhancing the security of India's key
infrastructure, and more.
 The "Cyber Security Research and Development Center of India" (CSRDCI) is an
organisation that focuses on the technological and judicial facets of cyber security in India
and beyond.
 India's Cyber Crimes Investigation Centre - The Cyber Crime Investigation Centre of
India is part of the Techno Legal Cyber and Hi-Tech Crimes Investigation and Training
Centre (CHCIT) of India (CCICI). In India and around the world, CCICI wants to raise
knowledge of cyber legislation and cyber security. The CCICI also intends to increase
both its domestic and global investigation capacities and expertise in cybercrimes. 15
 National Intelligence Grid (NATGRID) - The National Intelligence Grid (NATGRID)
“Project is one of India's most complex intelligence gathering initiatives. When it was
first implemented, India's intelligence infrastructure was in disrepair. For India's law
enforcement and intelligence services to function properly, it is a necessary condition.

14
Yoshita Gandhi,” Cyber laws: Comparative study of Indian law & Foreign laws,” 1 Journal of Applicable law
& Jurisprudence
15
http://indiaforensic.com/compcrime.htm (Accessed on 8th February, 2016)

12
 The National essential Information Infrastructure security Center (NCIPC) of India
ensures the security of crucial infrastructure, such as critical ICT infrastructure. Handling
India's Cyber Security Concerns, Challenges, and Issues, etc.
 National Cyber Security Database of India (NCSDI) – This database would contribute to
the effort to combat cyberthreats and cyberattacks, such as cyberterrorism against India,
cyberwarfare against India, cyberespionage against India, and the protection of India's
critical infrastructure. etc. 16

Other legal frameworks for cyber security in India are;

1. Indian I.T. Act, 2000 Sections 65 and 66, which deal with tampering with computer
source code and computer offenses, respectively, and Section 43, which deals with
tampering with electronic documents.
2. The Indian Copyright Act, 1958 stipulates that anyone found using an illegally copied
computer program would be prosecuted. While there is no patent protection for computer
programs, copy rights do exist.
3. Indian Penal Code,1860 Sections 420 - Criminal Trust Breach, Cheating, and Falsely
Inducing Property Surrender are all punishable under Indian Penal Code Sections 420 and
406, respectively.
4. The Indian Contract Act, 1872 provides the following remedies for contract breaches:
damages and contractual specific performance.

JUDICIARY’S ROLE

1. Ranjeet D. Udeshi v. State of Maharashtra 17

In India, Miller test was not adopted by the Supreme Court, instead it has adopted the
Hicklin’s Test in this leading case. The Supreme Court has decided many issues pertaining to
the obscenity. The Apex court doesn’t consider obscenity a vague concept but a word which
is well-understood even if persons differ in their attitude to what is obscene and what is not.
The Apex court has stated that “In judging a work, stress should not be laid upon a word here
and a word there, or a passage here and a passage there. Though the work as a whole must be
considered, the obscene matter must be considered by itself and separately to find out
whether it is so gross and its obscenity so decided that it is likely to deprave and corrupt those
whose minds are open to influences of this sort. In this connection the interests of

16
http://www.manupatrafast.com/articles/PoPOpenArticle.aspx?ID=76985177-567e-48d3-aa2f
cb67be8da4a0&txtsearch=Subject:%20Miscellaneous
17
AIR 1965 SC 881

13
contemporary society and particularly the influence of the impugned book on it must not be
overlooked. Where, obscenity and art are mixed, art must so preponderate as to throw the
obscenity into a shadow or the obscenity so trivial and insignificant that it can have no effect
and may be overlooked. It is necessary that a balance should be maintained between
“freedom of speech and expression” and “public decency or morality”; but when the latter is
substantially transgressed the former must give way.”

The court however, sounded a note of caution that treating with sex and nudity in art and
literature cannot be regarded as evidence of obscenity without something more. In the words
of court “It is not necessary that the angels and saints of Michelangelo should be made to
wear breeches before they can be viewed. If the rigid test of treating with sex as the minimum
ingredient were accepted hardly any writer of fiction today would escape the fate Lawrence
had in his days. Half the book-shops would close and the other half would deal in nothing but
moral and religious books.”

2. Shreya Singhal v. Union of India 18

Two women were arrested under Section 66A of the IT Act after they posted allegedly
offensive and objectionable comments on Facebook concerning the complete shutdown of
Mumbai after the demise of a political leader. Section 66A of the IT Act provides punishment
if any person using a computer resource or communication, such information which is
offensive, false, or causes annoyance, inconvenience, danger, insult, hatred, injury, or ill will.

The women, in response to the arrest, filed a petition challenging the constitutionality of
Section 66A of the IT Act on the ground that it is violative of the freedom of speech and
expression.

The Supreme Court based its decision on three concepts namely: discussion, advocacy, and
incitement. It observed that mere discussion or even advocacy of a cause, no matter how
unpopular, is at the heart of the freedom of speech and expression. It was found that Section
66A was capable of restricting all forms of communication and it contained no distinction
between mere advocacy or discussion on a particular cause which is offensive to some and
incitement by such words leading to a causal connection to public disorder, security, health,
and so on. In response to the question of whether Section 66A attempts to protect individuals
from defamation, the Court said that Section 66A condemns offensive statements that may be
annoying to an individual but not affecting his reputation.

18
(2013) 12 SCC 73

14
However, the Court also noted that Section 66A of the IT Act is not violative of Article 14 of
the Indian Constitution because there existed an intelligible difference between information
communicated through the internet and through other forms of speech. Also, the Apex Court
did not even address the challenge of procedural unreasonableness because it is
unconstitutional on substantive grounds.

3. Shamsher Singh Verma v. State of Haryana 19

In this case, the accused preferred an appeal before the Supreme Court after the High
Court rejected the application of the accused to exhibit the Compact Disc filed in defence and
to get it proved from the Forensic Science Laboratory. The Supreme Court held that a
Compact Disc is also a document. It further observed that it is not necessary to obtain
admission or denial concerning a document under Section 294 (1) of CrPC personally from
the accused, the complainant, or the witness.

4. Syed Asifuddin and Ors. v. State of Andhra Pradesh and Anr. 20

The subscriber purchased a Reliance handset and Reliance mobile services together under
the Dhirubhai Ambani Pioneer Scheme. The subscriber was attracted by better tariff plans of
other service providers and hence, wanted to shift to other service providers. The petitioners
(staff members of TATA Indicom) hacked the Electronic Serial Number (hereinafter referred
to as “ESN”). The Mobile Identification Number (MIN) of Reliance handsets were
irreversibly integrated with ESN, the reprogramming of ESN made the device would be
validated by Petitioner’s service provider and not by Reliance Infocomm.

Questions before the Court is whether a telephone handset is a “Computer” under Section
2(1)(i) of the IT Act? and whether manipulation of ESN programmed into a mobile handset
amounts to an alteration of source code under Section 65 of the IT Act?

Section 2(1)(i) of the IT Act provides that a “computer” means any electronic, magnetic,
optical, or other high-speed data processing device or system which performs logical,
arithmetic, and memory functions by manipulations of electronic, magnetic, or optical
impulses, and includes all input, output, processing, storage, computer software or
communication facilities which are connected or related to the computer in a computer
system or computer network. Hence, a telephone handset is covered under the ambit of
“computer” as defined under Section 2(1)(i) of the IT Act.

19
2015 SCC OnLine SC 1242
20
2005 CriLJ 4314

15
Alteration of ESN makes exclusively used handsets usable by other service providers like
TATA Indicomm. Therefore, alteration of ESN is an offence under Section 65 of the IT Act
because every service provider has to maintain its own SID code and give its customers a
specific number to each instrument used to avail the services provided. Therefore, the offence
registered against the petitioners cannot be quashed with regard to Section 65 of the IT Act.

5. Shankar v. State Representative 21

The petitioner approached the Court under Section 482, CrPC to quash the charge sheet
filed against him. The petitioner secured unauthorized access to the protected system of the
Legal Advisor of Directorate of Vigilance and Anti-Corruption (DVAC) and was charged
under Sections 66, 70, and 72 of the IT Act. The Court observed that the charge sheet filed
against the petitioner cannot be quashed with respect to the law concerning non-granting of
sanction of prosecution under Section 72 of the IT Act.

6. Christian Louboutin SAS v. Nakul Bajaj & Ors. 22

The Complainant, a luxury shoe manufacturer filed a suit seeking an injunction against an
e-commerce portal www.darveys.com for indulging in a Trademark violation with the seller
of spurious goods.

The question before the Court was whether the defendant’s use of the plaintiff’s mark, logos,
and image are protected under Section 79 of the IT Act. The Court observed that the
defendant is more than an intermediary on the ground that the website has full control over
the products being sold via its platform. It first identifies and then promotes third parties to
sell their products. The Court further said that active participation by an e-commerce platform
would exempt it from the rights provided to intermediaries under Section 79 of the IT Act.

7. Avnish Bajaj v. State (NCT) of Delhi 23

Avnish Bajaj, the CEO of Bazee.com was arrested under Section 67 of the IT Act for the
broadcasting of cyber pornography. Someone else had sold copies of a CD containing
pornographic material through the bazee.com website.

The Court noted that Mr. Bajaj was nowhere involved in the broadcasting of pornographic
material. Also, the pornographic material could not be viewed on the Bazee.com website. But
Bazee.com receives a commission from the sales and earns revenue for advertisements
carried on via its web pages.
21
Crl. O.P. No. 6628 of 2010
22
(2018) 253 DLT 728
23
(2008) 150 DLT 769

16
The Court further observed that the evidence collected indicates that the offence of cyber
pornography cannot be attributed to Bazee.com but to some other person. The Court granted
bail to Mr. Bajaj subject to the furnishing of 2 sureties Rs. 1 lakh each. However, the burden
lies on the accused that he was merely the service provider and does not provide content.

8. State of Tamil Nadu v. Suhas Katti 24

The instant case is a landmark case in the Cyber Law regime for its efficient handling
made the conviction possible within 7 months from the date of filing the FIR.

The accused was a family friend of the victim and wanted to marry her but she married
another man which resulted in a Divorce. After her divorce, the accused persuaded her again
and on her reluctance to marrying him, he took the course of harassment through the Internet.
The accused opened a false e-mail account in the name of the victim and posted defamatory,
obscene, and annoying information about the victim.

A charge-sheet was filed against the accused person under Section 67 of the IT Act and
Section 469 and 509 of the Indian Penal Code, 1860.

The Additional Chief Metropolitan Magistrate, Egmore convicted the accused person under
Section 469 and 509 of the Indian Penal Code, 1860 and Section 67 of the IT Act. The
accused was subjected to the Rigorous Imprisonment of 2 years along with a fine of Rs. 500
under Section 469 of the IPC, Simple Imprisonment of 1 year along with a fine of Rs. 500
under Section 509 of the IPC, and Rigorous Imprisonment of 2 years along with a fine of Rs.
4,000 under Section 67 of the IT Act.

9. CBI v. Arif Azim (Sony Sambandh case) 25

A website called www.sony-sambandh.com enabled NRIs to send Sony products to their

Indian friends and relatives after online payment for the same.

In May 2002, someone logged into the website under the name of Barbara Campa and
ordered a Sony Colour TV set along with a cordless telephone for one Arif Azim in Noida.
She paid through her credit card and the said order was delivered to Arif Azim. However, the
credit card agency informed the company that it was an unauthorized payment as the real
owner denied any such purchase.

A complaint was therefore lodged with CBI and further, a case under Sections 418, 419, and
420 of the Indian Penal Code, 1860 was registered. The investigations concluded that Arif

24
CC No. 4680 of 2004
25
(2008) 150 DLT 769

17
Azim while working at a call center in Noida, got access to the credit card details of Barbara
Campa which he misused.

The Court convicted Arif Azim but being a young boy and a first-time convict, the Court’s
approach was lenient towards him. The Court released the convicted person on probation for
1 year. This was one among the landmark cases of Cyber Law because it displayed that the
Indian Penal Code, 1860 can be an effective legislation to rely on when the IT Act is not
exhaustive.

10. SMC Pneumatics (India) Pvt. Ltd. vs. Jogesh Kwatra 26

In this case, Defendant Jogesh Kwatra was an employee of the plaintiff’s company. He
started sending derogatory, defamatory, vulgar, abusive, and filthy emails to his employers
and to different subsidiaries of the said company all over the world to defame the company
and its Managing Director Mr. R K Malhotra. In the investigations, it was found that the
email originated from a Cyber Cafe in New Delhi. The Cybercafé attendant identified the
defendant during the enquiry. On 11 May 2011, Defendant was terminated of the services by
the plaintiff.

The plaintiffs are not entitled to relief of perpetual injunction as prayed because the court did
not qualify as certified evidence under section 65B of the Indian Evidence Act. Due to the
absence of direct evidence that it was the defendant who was sending these emails, the court
was not in a position to accept even the strongest evidence. The court also restrained the
defendant from publishing, transmitting any information in the Cyberspace which is
derogatory or abusive of the plaintiffs.

COMPARATIVE STUDY WITH OTHER COUNTRIES

1. UNITED STATES OF AMERICA

The United States of America has enacted various federal and state laws in order to tackle
cybercrime laws in the nation as USA is one of the top 10 nation to face immense number of
cyberattack daily. There is no specific or uniform law to deal with cybercrimes in USA as
state is having the authority to make better laws as compared to federal laws. In USA, Wire
Fraud Statute were considered as the first law to prosecute computer criminals. The
Counterfeit Access Device and Computer Fraud and Abuse Act 1984 (hereinafter referred as
CFAA) is a federal framework which is introduced to tackle computer abuse. It criminalizes
various computer-related activities such as accessing without permission a computer system

26
Crl. Appeal. No. 33474 of 2016

18
belonging to a bank or the federal government, or using that access to improperly obtains
anything of value. The Act came into force on Oct 12, 1984 and provides federal prosecutors
with a specific crime tilted “fraud and related activity in connection with computers” to
prosecute computer criminal activity. In addition to that, USA is having the Computer
Security Act.

In 1987, the US Congress led by Jack Brooks enacted the Act reaffirming NIST (National
Institute of Standards and Technology), a division of department of commerce, was
responsible for security of unclassified, non-military government computer system. The main
27
motive was to maintain proper security standards. The Department of Homeland Security
protects the nation by identifying key components of homeland security such are
Counterterrorism, Immigration, Border Security and Human Trafficking, Cyber security,
Disaster Preparedness, Response and Recovery through the Homeland Security Act. The
Cyber Security Research and Development Act helps to authorize funding for computer and
network security research and development and research fellowship programs and for other
purpose. The Act was enacted with a main objective to establish an agency to regulate
cybercrimes and to provide a safer infrastructure in the states of America.

The e-Government Act was enacted on 17th December 2002. The intention behind of this Act
is to smoothen and promote the government electronic services and helps the citizens of the
America for easy access of electronic services. The statutes include within FISMA and
CIPSEA. And lastly, the federal law Cyber Security Information Sharing Act (CISA) was
enacted in the America to improve the cyber security by providing platform regarding cyber
security threats. Cybersecurity Information Sharing Act is proposed legislation that will allow
Unites States government agencies and non-government entities to share information with
each other as they investigate cyberattacks.

2. EUROPEAN UNION

The European Union has various regulations and directives governing cybercrime to
curb cybercrime and harmonize law across the member state. Directive on Security of
Network and Information Systems (NIS Directive) was adopted in 2016; the NIS Directive
establishes measures to improve the cybersecurity resilience of critical infrastructure and
essential services. It mandates EU member states to identify critical infrastructure operators
and requires them to implement appropriate security measures, report significant incidents,

27
CCDCOE,https://ccdcoe.org/library/publications/si-vis-cyber-pacem-para-sanctiones-the-eu-cyber-diplomacy-
toolbox-in-action/#footnote_0_4337

19
and collaborate on a cross-border level. The NIS Directive was the first ever EU-wide
cybersecurity across the European Union and increase the cooperation between the EU
member countries. Another main regulation for cybercrime is General Data Protection
Regulation (GDPR). It was implemented in 2018; it is a comprehensive data protection
regulation that includes provisions related to cybersecurity. It imposes obligations on
organizations to ensure the security and confidentiality of personal data.

GDPR requires prompt notification of data breaches and grants individual greater control
over their personal information. It aims to encourage controllers and processors to follow the
protocols, implement data privacy measures and also ensure that data is collected with
consent before publicly available. Moreover, Cybersecurity Act was enforced in 2019, it
establishes the European Union Agency for Cybersecurity (ENISA) as a permanent agency.
ENISA is tasked with enhancing the overall level of cybersecurity in the EU, providing
expert advice, and promoting cooperation between member states. It will be in charge of
informing the public the scheme of certificate and issued certificate through dedicated
website. European Cybercrime Centre (EC3) operating under Europol, it plays a crucial role
in combating cybercrime. It facilitates information sharing, coordination of cross-border
investigations, and supports member states in addressing cyber threats.

The main motive is to strengthen the law enforcement response to cybercrime in the EU and
thus to protect European citizen, business and the government from any kind of online
crimes. EU Cyber Diplomacy Toolbox was adopted in 2017, it outlines the EU's diplomatic
response to malicious cyber activities. It includes a range of measures and tools to promote
responsible behaviour in cyberspace and to deter and respond to cyber threats. The tool
focused to provide instruments to stabilise and secure cyberspace of European Union.

Comparison of Cyber Crime Laws: India, USA, and EU

India's legal framework for addressing cybercrime primarily revolves around the
Information Technology Act, 2000 (amended in 2008). The act criminalizes unauthorized
access, hacking, and the transmission of obscene or offensive content online. The
establishment of the Indian Computer Emergency Response Team (CERT-In) further
strengthens the country's cybersecurity infrastructure. India also recognizes the importance of
international cooperation and has signed agreements with various countries to facilitate the
28
exchange of information in cybercrime investigations. When it comes to the United States,
cybercrime laws are diverse and often overlap between federal and state jurisdictions. The
28
An Overview of Cyber Laws vs. Cyber Crimes: Indian Perspective, available at: http://www.mondaq.com

20
Computer Fraud and Abuse Act (CFAA) is a key piece of legislation that criminalizes
unauthorized access, hacking, and related activities. 29

Additionally, the USA PATRIOT Act and the Cybersecurity Information Sharing Act (CISA)
provide tools for intelligence agencies and private entities to share information on
cybersecurity threats. The Federal Trade Commission (FTC) plays a role in enforcing
consumer protection in the digital space. The European Union has a comprehensive approach
to cybercrime, with directives and regulations that aim to enhance cybersecurity across
member states. The Directive on Security of Network and Information Systems (NIS
Directive) focuses on critical infrastructure, mandating measures to ensure cybersecurity
resilience. The General Data Protection Regulation (GDPR) is a landmark regulation
protecting individuals' data and imposing strict penalties for data breaches. Europol and the
European Cybercrime Centre (EC3) facilitate cross-border collaboration, while the
Cybersecurity Act establishes the European Union Agency for Cybersecurity (ENISA).

SUGGESTION

It is commonly acknowledged that a global agreement with universal application is

necessary to combat transnational cybercrime. It is not surprising that ensuring that there is a
plan in place for preventing and responding to information technology security incidents is
key to successfully managing one when the time comes. In the same manner that criminals
utilise social media to commit crimes, technological innovations can be used to manage,
dissuade, protect, and prosecute illegal activity. On the one hand, offenders can use social
media sites to search for potential victims; on the other hand, law enforcement agencies can
utilise similar media to push charges against perpetrators.

Furthermore, in order to combat cybercrimes effectively, it is pivotal that the existing laws
must be updated regularly. Cybercrime laws must be more detailed and unambiguous in order
to avoid doubts about their applicability when dealing with court proceedings and criminal
verdicts specifically for these offences. In addition, the continuous work of international
organizations and agencies, which increases the efficiency of cooperation between countries
the social awareness for the protection and prevention of cybercrime, through various
different initiatives is crucial. States must have the political will and the right management on
which depends the proper provision of cyber security. In turn, proper management
necessitates the redistribution of duties and the improvement of coordinating systems. When
a country is in a permanent state of conflict and the potential of a catastrophic cyber- attack is
29
https://kdpelmjpfafjppnhbloffcjpeomlnpah/https://www.ijnrd.org/papers/IJNRD2403210.pdf

21
considerable, its resources should be mobilized to refine and strengthen the existing
organizational framework.

CONCLUSION

The future of the Internet is still up for grabs between criminals and normal users.
Fears of a cyber apocalypse still abound, while the potential extent of damage that can be
caused by wide scale fraud is nearly unbounded. These anxieties should be rationally
tempered with the knowledge that the problems are being addressed, although perhaps not
fast enough. The usefulness of the Internet has proved itself in numerous and myriad ways
that will hopefully be enough to ensure it does not become a wasteland of criminal activity
and a bastion for the malicious. The government still has an important role to play, but most
of the prevention needs to be done by commercial entities producing software and those with
the ability to stop fraud. Relying on consumer education programs will only affect a
percentage of possible victims. The others need to be automatically protected through
measures that do not stress and require considerable participation. Security needs to be easy
and effective if it is doing work. Whether cybercrime is still a pertinent issue ten years from
now is unknowable in a sense, but if the Internet will continue to grow, it must be solved so
that the realities of cybercrime will be proportional to real-world crimes, if not better.

REFERENCES
1. PROF. N. V. PARANJAPE (2023) CRIMINOLOGY AND PENOLOGY
(INCLUDING VICTIMOLOGY), 19TH EDITION BY CENTRAL LAW
PUBLICATIONS
22
2. J. P. S. SIROHI., SUNIL SIROHI (2023) CRIMINOLOGY & PENOLOGY, 8 TH
EDITION BY ALLAHABAD LAW AGENCY PUBLICATIONS
3. DR. S. S. SRIVATSAVA (2021) CRIMINOLOGY, PENOLOGY AND
VICTIMOLOGY, 6TH EDITION BY CENTRAL LAW AGENCY PUBLICATIONS
4. PRABHASH DALEI AND TANNYA BRAHME, CYBER CRIME AND CYBER
LAW IN INDIA: AN ANALYSIS, IJHAS Vol.2 No.4, 106 (2013)
5. YOSHITA GANDHI, “CYBER LAWS: COMPARATIVE STUDY OF INDIAN
LAW & FOREIGN LAWS,” JOURNAL OF APPLICABLE LAW &
JURISPRUDENCE
6. ANIMESH SARMAH, ROSHMI SARMAH, AMLAN JYOTHI BARUAH, A BRIEF
STUDY OF CYBER CRIME AND CYBER LAWS IN INDIA, IRJET 1633 (2017)
7. EKADSHI & DEEPTI MONGA, COMPARATIVE ANALYSIS OF CYBER
SECURITY LAWS OF INDIA, UNITED STATES AND UNITED KINGDOM, 9
INT. J. LAW 88, 90 (2023)
8. https://www.europol.europa.eu/about-europol/european-cybercrime-centre-ec3
9. https://wizardingcodes.medium.com/cyber-laws-in-different-countries-
505524434229
10. https://cybercrime.gov.in/webform/crimecatdes.aspx
11. https://www.indiancybersquad.org/cyber-crime-types

23