UNIT–I: CYBERCRIME

Topics:
 Cybercrime and information security
 Cybercriminals
 Classifications of cybercrimes
 Need for Cyberlaws in Indian context
 Legal perspectives of cybercrime
 Indian perspective of cybercrimes
 Cybercrime and the Indian ITA 2000
 Global perspective on cybercrimes
 Amendments made in Indian ITA 2000 for admissibility of e-records
 Positive aspects of ITA 2000
 Weak areas of ITA 2000
 Intellectual property in cyberspace
 Ethical dimension of cybercrimes.
 Introduction
• Internet has opened a new way of exploitation known as cybercrime.
• These activities involve the use of computers, the internet,
cyberspace and the WWW.
• Total of 3286 Indian websites were hacked in 5 months- between Jan
and June 2009.
• According to Indusface’s report, Indian enterprises and government
organisations faced over 5 billion cyberattacks in 2023
• The Indian Computer Emergency Response Team (CERT-In) reported
1.12 lakh cybersecurity incidents in the first half of 2023. This figure
shows a significant decline from the 13.91 lakh incidents in 2022 and
14.02 lakh in 2021.
• Between January 2018 and September 2023, 373 central and state
government websites were hacked, the ministry of electronics and
information technology informed the parliamentary committee on
communications and information technology.
 Definition
• A crime conducted in which a computer was directly and
significantly instrumental.
• Alternative definitions:
• Any illegal act where a special knowledge of computer technology
is essential for its perpetration(to commit), investigation or
prosecution.
• Any traditional crime that has acquired a new dimension or order
of magnitude through the aid of a computer, and abuses that have
come into being because of computers.
• Any financial dishonesty that takes place in computer environment.
• Any threats to computer itself, such as theft of hardware or
software, sabotage(damage) and demands for ransom.
• Cybercrime is any illegal behavior, directed by means of electronic
operations, that targets the security of computer systems and the
data processed by them.
 Origin
• The term cybercrime has evolved over the past few years since the adoption
of internet connection on a global scale with hundreds of millions of users.
• Two types of attacks are prevalent:
• Techno crime:
– A premeditated act against a system or systems, with the intent of copy,
steal, prevent access, corrupt or otherwise deface or damage parts of the
complete computer system.
– The 24X7 connection to the internet makes this type of cybercrime a real
possibility of engineer from anywhere in the world, leaving few, if any,
“finger prints”
• Techno-vandalism:
– These acts of “brainless” defacement of websites and/or other activities,
such as copying files and publicizing their contents publicly, are usually
opportunistic in nature.
– Tight internal security, allied to strong technical safeguards, should
prevent the vast majority of such incidents.
• Cyberterrorism refers to the use of computer technology and networks to
perpetrate acts of terrorism. It involves attacks on information systems,
networks, and computer resources to cause fear, disruption, or harm on a
large scale. Cyberterrorism can target critical infrastructure, government
systems, financial networks, and more, posing significant threats to national
security and public safety.

• Cybernetics is the study of how systems, whether natural or artificial,

regulate and control themselves using feedback. It looks at how things like
animals, machines, and even organizations or societies manage their
processes to achieve specific goals or behaviors.
 Cybercrime and Information Security
• Lack of information security gives rise to cybercrimes.
• Cyber crime is any criminal act dealing with computers and
networks.
• Information security, sometimes shortened to InfoSec, is the
practice of preventing unauthorized access, use, disclosure,
disruption, modification, inspection, recording or destruction
of information.
• From the Indian perspective, the new version of the Act (ITA 2008)
provides a new focus on information security in India.
• Cyber security means protecting information, equipment, devices,
computer, computer resource, communication device and
information stored there in from unauthorized access, use,
disclosure, disruption, modification, or destruction.
 Who are Cybercriminals
• Type I: Cybercriminals-hungry for recognition
– Hobby hackers
– IT professionals (Social engineering is one of the biggest threat);
– Politically motivated hackers
– Terrorist organizations.
• Type II: Cybercriminals-not interested in recognition
– Psychological perverts
– Financially motivated hackers(corporate espionage);
– Stage-sponsered hacking(national espionage, sabotage);
– Organized criminals
• Type III: Cybercriminals-the insiders
– Disgruntled or former employees seeking revenge
– Competing companies using employees to gain economic
advantage through damage and/or theft.
 Classifications of Cybercrimes
• Cybercrime against individual
– Email spoofing and other online frauds, phishing, spear phishing, vishing,
smishing, spamming, cyberdefamation, cyberstalking and harasment,
computer sabotage, pornographic offenses, password sniffing.
• Cybercrime against property
– Credit card frauds, Intellectual Property(IP) crimes, Internet time theft
• Cybercrime against organization
– Unauthorized accessing of computer, password sniffing, Denail-of –
service attacks, virus attacks, E-mail bombing, salami attack, logic bomb,
trojan horse, data diddling, crimes emanating from Usenet news group,
industrial spying,computer network intrusions, software piracy.
• Cybercrime against Society
• Crimes emanating from Usenet newsgroup
• Cybercrime against Society
– Forgery
– Cyberterrorism
– Web jacking
• Someone forcefully takes control of a website.
• Crimes emanating from Usenet newsgroup
– By its nature, Usenet groups may carry very offensive,
harmful, inaccurate or otherwise inappropriate material.
• Distributed/sale of pornographic material
• Distribution/sale of pirated software packages
• Distribution of hacking software
• Sale of stolen credit card numbers
• Sale of stolen data/stolen property.
 Cybercrime against individual
• E-mail spoofing:
– A spoofed email is one that appears to originate from one source
but actually has been sent from another source.
• Phishing
– Is a type of deception designed to steal your identity.
– In phishing schemes, the phisher tries to get the user to disclose
valuable personal data-such as credit card numbers, passwords,
account data or other information.
• Spear phishing
– Is a method of sending a phishing message to a particular
organization to gain organizational information.
– Spear phishing describes any highly targeted attack.
• Vishing :
– Vishing is the criminal practice of using social engineering
over telephone system, most often using features facilitated
by VoIP, to gain access to personal and financial information
from the public for the purpose of financial reward.
– The most profitable uses of the information gained through
a Vishing attack include:
• ID theft
• Purchasing luxury goods and services
• Monitoring the victims bank accounts
• Making applications for loans and credit cards
• Smishing :
– Uses a cell phone text messages to deliver a lure message
to get the victim to reveal his/her Personal Information.
• Spamming: People who create electronic spam are called spammers.
• Spam is the abuse of electronic messaging systems.
– Example: e-mail spam, instant messaging spam, usenet newsgroup
spam, web search engine spam, spam in blogs,wiki spam, online
classified ads spam, mobile phone messaging spam, Internet forum
spam, junk fax transmissions, social networking spam, file sharing
network spam etc.
• Spamming is alteration or creation of document with the intent to deceive
an electronic catalog or filling system.
• Hacking:
– Greed
– Power
– Publicity
– Revenge
– Adventure
– Desire to access forbidden information
– Destructive mind set.
• Software piracy
• Computer network intrusions.
 Cyber crime: the legal perspectives
• Any illegal act for which knowledge of computer technology is
essential for a successful prosecution.
• Cyber crime is the outcome of globalization.
• Globalized information systems accommodate an increasing
number of transformational offenses.
• This problem can be resolved in two ways:
– Divide the information systems into segments bordered by
state boundaries.
– Incorporate the legal system into an integrated entity
destroying these state boundaries.
• In a globally connected world, information systems become the
unique empire without tangible territory.
Cybercrimes: An Indian Perspective
• India has fourth highest number of internet users
in the world.
• 700 million Internet users in India (As per recent
data)
• 37% uses cyber cafes
• 57% users are 18-35 years
• 46% were related to incidents of cyber
pornography followed by hacking.
• 60% offenders were between 18 – 30 years
 Cybercrime and Indian ITA 2000
• Cybercrime refers to illegal activities conducted through the
internet or involving computer systems. These crimes can include
hacking, identity theft, online fraud, and the distribution of
malicious software. The landscape of cybercrime is constantly
evolving, with perpetrators continuously developing new
methods to exploit technological vulnerabilities.
 Objectives of ITA 2000
1. Legal Recognition of Electronic Transactions

2. Prevention of Cybercrime

3. Regulation of Cyber Activities

 Hacking and the Indian law
Cybercrimes are punishable under two categories:
• Information Technology Act (ITA) 2000 and
• IPC (Indian Penal Code)
 Key Sections of ITA 2000 Related to Hacking
1. Section 43: Penalty and Compensation for Damage to Computer, Computer
System, etc.
2. Section 66: Computer-Related Offences
 Section 66A: Sending Offensive Messages through Communication Service

 Section 66B: Punishment for Dishonestly Receiving Stolen Computer Resource

or Communication Device
 Section 66C: Identity Theft

 Section 66D: Cheating by Personation Using Computer Resource

3. Section 67: Punishment for Publishing or Transmitting Obscene Material in

Electronic Form
4. Section 68: Power of Controller to Give Directions
5. Section 70: Protected Systems
6. Section 72: Penalty for Breach of Confidentiality and Privacy
7. Section 73: Penalty for Publishing Digital Signature Certificate False in Certain
Particulars
8. Section 74: Publication for Fraudulent Purpose
Section Crime Punishment
Sec 43 damage to computer system 1 Crore

Sec 66 hacking 2 Lacs and three years

Sec 67 Publication of absence material in 1 Lac and 5 years
electronic form
Sec 68 Not complying with directions of 2 Lacs and 3 years
controllers
Sec 70 Attempting or secure access to a 10 years
computer of another person
without his knowledge

Sec 72 For breaking confidentiality of the 1 Lac 2 years

information of computer

Sec 73 Publishing false digital signatures, 1 Lac 2 years or both

false in certain particulars

Sec 74 Publication of digital signatures 1 Lac 2 years

for fraudulent purpose
 Cybercrime Statistics (2006 - 2024)
Year Total Cybercrime Cases Registered
2006 142
2007 217
2008 356
2009 457
2010 Approximately 658
2011 Approximately 788
2012 Approximately 1114
2013 Approximately 1265
2014 Approximately 1445
2015 Approximately 1766
2016 Approximately 2032
2017 Approximately 2435
2018 Approximately 3000
2019 Approximately 4000
2020 Approximately 5000
2021 Approximately 6000
2022 Approximately 7000
2023 Approximately 8000
Data not fully available yet, but trends indicate an upward
2024
trajectory.
 A Global Perspective on Cybercrimes
• In Australia, cybercrime has a narrow statutory meaning as used in the Cyber
Crime Act 2001, which details offenses against computer data and systems.
However, a broad meaning is given to cybercrime at an international level.
• (Counsil of Europes) Cybercrime is used as an umbrella term to refer to an
array of criminal activity including offenses against computer data and
systems, computer related offenses, content offenses and copyright
offenses.
 The status on E-Mail Spam legislation by country is available at the site
– http://en.wikipedia.org/wiki/E-mail_spam_legislation_by_country (29 January 2010).
 ITU activities on countering Spam available at the link
– www.itu.int/spam (8 May 2010).
 The Spam legislation scenario mentions "none" about India as far as E-Mail
legislation in India is concerned. The legislation refers to India as a "loose"
legislation, although there is a mention in Section 67 of Indian ITA 2000.
• About 30 countries have enacted some form of anti spam legislation.
• August 4, 2006 Announcement: the US Senete ratifies CoE Convention on
Cyber crime.
• The convention targets
– hackers,
– those spreading destructive computer viruses,
• Those using the Internet for sexual exploitation of children or Distribution
of racist material and terrorists attempting to attack infrastructure
facilities or financial institutions.
• In august 18, 2006, there was a news article published “ISPs wary About
‘drastic Obligations’ on web site Blocking.
• CoE Cyber Crime Convention (1997-2001) was the first international treaty
seeking to address Internet Crimes by harmonizing national laws,
improving investigative techniques and increasing cooperation among
nations.
• More than 40 countries have ratified the convention to date.
 Why Do We Need Cyberlaws: The Indian
Context
• Cyberlaw is a framework created to give legal
recognition to all risks arising out of the usage of
computers and computer networks.
• Under the purview of cyberlaw, there are several
aspects, such as, intellectual property, data
protection and privacy, freedom of expression and
crimes committed using computers.
• The Indian parliament passed its first cyberlaw, the
ITA 2000, aimed at providing the legal infrastructure
for E-commerce in India.
• Then ITA 2000 is updated as ITA 2008.
• The reasons for enactment of cyberlaws in
India are summarized below.
– Although India possesses a very well-defined legal
system, covering all possible situations and cases
but the country lacks in many aspects when it
comes to newly developed Internet technology.
– It is essential to address this gap through a
suitable law given the increasing use of Internet
and other computer technologies in India.
• There is a need to have some legal recognition
to the Internet as it is one of the most
dominating sources of carrying out business in
today’s world.
• With the growth of the Internet, a new
concept called cyberterrorism came into
existence.
• Keeping all these factors into consideration,
Indian parliament passed the Information
Technology Bill.
 The Indian ITA 2000
Chapter Number Chapter Title Name of the Sections in the
Chapter
CHAPTER I Preliminary 1. Short title, extent, commencement and
applications
2. Definitions of key terms mentioned in the
Act

CHAPTER II Digital Signature and 3. Authentication of electronics records.

Electronic Signature
CHAPTER III Electronic Governance 4. Legal recognition of electronic records
5. Legal recognition of electronic signatures
6. Use of electronic records and digital
signatures in government and its agencies.
7. Retention of electronic records
8. Publication of rule regulation etc, in
Electronic Gazette.
9. Sections 6, 7, 8 and not to confer right to
insist documents should be accepted in an
electronic form
10. Power to make rules by Central Governemnt
in respect to digital signature
Chapter Number Chapter Title Name of the Sections in the
Chapter

CHAPTER IV Attribution, 11. Attribution of electronic records.

12. Acknowledgement of receipt
Acknowledgement and 13. Time and place of dispatch and receipt of
Dispatch of electronic electronic record.
Records

CHAPTER V Secure Electronic Records 14. Secure electronic record

15. Secure digital signature
and Secure Electronic 16. Security procedures and practices.
Signature
Chapter Number Chapter Title Name of the Sections in the
Chapter

CHAPTER VI Regulation of Certifying 17. Appointment of controller and other

officers.
Authorities 18. Functions of Controller
19. Recognition of foreign Certifying
Authorities.
20. Controller to act as repositories.
21. License to issue Digital Signature certificates
22. Application for license
23. Renewal of license
24. Procedure for grant or rejection of license
25. Suspension of license
26. Notice of suspension or revocation of
license
27. Power to delegate
28. Power to investigate contraventions
29. Access to computer and data
30. Certifying authority to follow certain
procedures
31. Certifying authority to ensure compliance of
the Act, etc.
32. Display of license
33. Surrender of license
34. disclosure.
Chapter Number Chapter Title Name of the Sections in the
Chapter
CHAPTER VII Electronic Signature 35. Certifying Authority to issue Digital
Signature Certificate.
Certificates 36. Representations upon issuance of Digital
Signature Certificate.
37. Suspension of Digital Signature Certificate
38. Revocation of Digital Signature Certificate.
39. Notice of suspension or revocation

CHAPTER VIII Duties of Subscribers 40. Generating key pairs

41. Acceptance of Digital Signature Certificate
42. Control of private key

CHAPTER IX Penalties, composition 43. Penalty for damage to computer, computer

system, etc.
and adjudication 44. Penalty for failure to furnish information
return, etc
45. Residuary penalty
46. Power to adjudicate
47. Factors to be taken into account by the
adjudicating officer.
Chapter Number Chapter Title Name of the Sections in the
Chapter
CHAPTER X The Cyber Regulations 48. Establishment of Cyber Appellate Tribunal
49. Composition of Cyber Appellate Tribunal
Appellate Tribunal 50. Qualifications for appointment
51. Term of office, conditions of services, etc.
52. Salary, allowances and other terms and
condition of service of presiding officer
53. Filling up of vacancies
54. Resignation and removal
55. Orders constituting Appellate Tribunal
56. Staff of the cyber Appellate tribunal
57. Appeal to cyber Appellate tribunal
58. Procedures and powers of the Cyber
Appellate tribunal
59. Right to legal representation
60. Limitation
61. Civil court not to have jurisdiction
62. Appeal to high court
63. Compounding to contraventions
64. Recovery of penalty or compensation
Chapter Number Chapter Title
CHAPTER XI Offences
66A. Punishment for offensive
messages
66B. Punishment for dishonestly
receiving stolen computers
66C. Punishment for ID theft
66D. Punishment for cheating by
personating with the use of
computers.
66E. Punishment for privacy
violation
66F. Punishment for cyber
terrorism.
Name of the Sections in the
Chapter
65. Tampering with computer source
documents.
66. Computer-related offences
67. Punishment for publishing, transmitting
obscene material in electronic from
68. Power of controller to give directions
69. Power to issue directions for inception or
monitoring or decryption of information.
70. Protected system
71. Penalty for misrepresentation
72. Penalty for breach of confidentiality and
privacy
73. Penalty for publishing Digital signature
certificate false in certain particulars.
74. Publication for fraudulent purpose
75. Act to reply for offence or contravention
committed outside India
76. Confiscation
77. Compensation, penalties or confiscation not
to interface with other punishments.
78. Power to investigate offences
Chapter Number Chapter Title Name of the Sections in the
Chapter
CHAPTER XI Intermediaries not to be liable in 79. Exception from liability of intermediary in
certain Cases certain cases.

CHAPTER XIII Miscellaneous 80. Power of police officer and other officers to
enter and search, etc
81. Act to overriding effect
82. Chairperson, Members, officers and
employees to be public servants.
83. Power to give directions
84. Protection of action taken in good faith
85. Offences by companies
86. Removal of difficulties
87. Power of central government to make rules.
88. Constitution of advisory committee
89. Power of controller to make regulations
90. Power of state government to make rules.
• Sections 65, 66, 67, 71, 72,73 and 74 in CHAPTER XI
(offences) of the Indian ITA 2000 are relevant to the
discussion of cybercrime in legal context. The relevant
portion from that is follows:
• Section 65: Tampering with computer source documents.
• Whoever knowingly or intentionally conceals, destroys or
alters or intentionally or knowingly causes another to
conceal, destroy or alter any computer source code used
for a computer, computer programme, computer system
or computer networks, when the computer source code
is required to be kept or maintained by law for the time
being in force, shall be punishable with
• 3 years imprisonment or fine-200000 or both
• Section 66: Computer-related offences
• Whoever with the intent to cause or knowing
that he is likely to cause wrongful loss or
damage to the public or any person destroys
or deletes or alters any information residing in
a computer resources or diminishes its value
or utility or affects it injuriously by any means,
commits hack.
• 3 years imprisonment or fine-500000 or both
• Section 67: punishment for publishing or
transmitting obscene material in electronic from.
• Whoever publishes or transmits or causes to be
published in the electronic form, any material
which is lascivious or appeals to the prurient
interest or if its effect is such as to tend to
deprave and corrupt person who are likely,
having regard to all relevant circumstances, to
read, see or hear the matter contained or
embodied in it, shall be punished
• 3 years imprisonment or fine-500000 or both
• Section 71: penalty for misrepresentation
• Whoever makes any misrepresentation to, or
suppresses any material fact from, the
controller or the certifying authority for
obtaining any license or digital Signature
Certificate, as the case may be, shall be
punished with imprisonment for a term which
may extend to 2 years, or with fine which may
extend to 1 lakh rupees.
• Section 72: penalty for breach of
confidentiality and privacy.
• Access to any electronic record, book, register,
correspondence, information, document or
other material without the consent of the
person concerned discloses such electronic
record, book, register, correspondence,
information, document or other material to
any other person shall be:
• 2 years imprisonment or fine-100000 or both
• Section 73: Penalty for publishing Digital Signature
Certificate false in certain particulars
• No person shall publish a Digital Signature Certificate
or otherwise make it available to any other person
with knowledge that:
– The certifying authority listed in the certificate has not
issued it or
– The subscriber listed in the certificate has not accepted it.
– The certificate has been revoked or suspended, unless
such publication is for the purpose of verifying a digital
signature created prior to such suspension or revocation.
• 2 years or 1 lakh or both.
• Section 74: publication for fraudulent purpose
• Whoever,
• Knowingly creates, publishes or otherwise
makes available a Digital Signature Certificate
for any fraudulent or unlawful purpose-
• 2 years or 1 lakh.
Summary of changes to Indian act 2000
Section No Changes Made

1 Section 1(4) list of excluded documents removed. To be notified by gazette.

2 2(d) modified, and the term "Digital Signature" replaced with "Electronic Signature" in the Act

Section 2(ha) added to define "Communication Device"

In 2(j) "Computer Systems" and "Communication Devices", "Wire" "Wireless" added

In 2(k) "Communication Device" added

2 (na) introduced to define the term "Cyber Cafe"

2(nb) introduced to define the term "Cyber Security"

2(ta) and 2(tb) introduces the term of "Electronic Signature" and "Electronic Signature Certificate"

2(ua) defines "Indian Computer Emergency Response Team"

2(v)-"Message" included in the definition of "Information"

2(w) "Intermediary" defined

Section No Changes Made

3 New Section 3A introduced to define Electronic Signature

6 New Section 6A introduced to provide for appointment of Service Providers in e-Governance

services.
New Section 6A introduced to enable delivery of services by private service providers
7 New Section 7A introduced to make audit of Electronic documents mandatory wherever the legacy
physical records were subject to audit.
10 New Section 10A specifies that contract formation is possible with offer and acceptance being in
electronic form.
15-16 Defines "Secured Electronic Signature" and redefines "Security Procedure"

20 Section deleted

22, 23 The amount of specified upper limit on the fees deleted

28,29 No change in 28. In Section 29, the powers have been restricted to contraventions under this chapter.

30 Consequential Changes with introduction of Electronic Signatures

35 Sub section (4) modified

36 Additional points to be added in the certificate indicated

Section No Changes Made

40 No change in 40. New Section 40A introduced to cover Electronic signature

Two new contraventions added -contraventions corresponding to Sections 65 and 66 added for civil
liability.
compensation limit removed.
43
New Section 43 A included for "Data Protection" need.-specifies liability for a body corporate
handling sensitive data, introduces concept of "reasonable security practices" and sensitive personal
data. No limit for compensation
The powers of the judge limited for claims upto RS 5 crores. Civil Court's authority introduced for
46
claims beyond Rs 5 crores
48 Changes name of Cyber Regulations Appellate Tribunal to Cyber Appellate Tribunal.
Cyber Appellate Tribunal (CAT) is made a multi member entity. Provision for benches introduced, non
49
judicial members can be members of the Tribunal.
50 Specifies qualifications for appointment of Chairperson and Members of the CAT.
Specifies terms and other conditions of appointment of Chairman and Members of CAT
51,52 New Sections 52 A, B C and D introduced defining powers of the Chairperson of CAT for conduct of
business.
Amended to accommodate jurisdiction of Civil Courts for disputes involving claims of over RS 5
61
crores.
Section No Changes Made

The clause has been re written with significant changes. Applies to all contraventions listed in Section
66
43. Fine increased to Rs 5 lakhs
New Sections added under 66A, 66B,66 C,66D, 66E and 66 F to cover new offences.

66A: Sending offensive Messages

66B: Receiving a Stolen Computer Resource

66C: Identity Theft

66D: Cheating by personation

66E: Violation of Privacy

66F: Cyber Terrorism

Fine increased to Rs 5 lakhs for first instance and Rs 10 lakhs for subsequent instance. Imprisonment
67
reduced to three years for first instance and 5 years for subsequent instance.
New Section 67A introduced to cover material containing "Sexually Explicit Act" Increased
imprisonment and fine compared to Sec 67.
New Section 67B introduced to cover Child Pornography with stringent punishment. Imprisonment 5
or 7 years and fine RS 5 or 10 lakhs for first and subsequent instances respectively. Also covers
"grooming" and self abuse
67C: This is a new section introduced requiring Intermediaries to preserve and retain certain records
for a stated period.
Section No Changes Made

Refers to the powers of the Controller to direct Certifying Authorities for compliance. No significant
68
change. Penal powers to be applicable only on intentional violation
Scope extended from decryption to interception, monitoring also. Control will be on a designated
69
officer and not the Controller.
69A: New Section introduced to enable blocking of websites.

69B: New section that provides powers for monitoring and collecting traffic data etc.
Critical Infrastructure System defined and section restricted to only such systems. Security practices
70
to be notified.
70A: New Section added to define National Nodal Agency for Critical Information Infrastructure
protection.
70B Indian Computer Emergency Response Team to be the nodal agency for incident response.

72 72 A: New Section introduced for Data Protection purpose

77 77A; New Section introduced to provide for Compounding of offences with punishment upto 3 years.
77B: New Section introduced to consider all offences with 3 years imprisonment under the Act as
"Cognizable" and bailable.
Section No Changes Made

78 Power to investigate any cognizable offence vested with Inspectors instead of DSPs
Modified to slightly shift the onus of proving liability on the prosecution. Otherwise no significant
79
change.
79 A: New Section introduced to provide for the Government to designate any government body as
an Examiner of Electronic Evidence
80 The powers earlier available to DSP is now made available to Inspectors

81 Amended to keep the primacy of Copyright and Patent acts above ITA 2000

84 84 A: New Section introduced to enable the Government to prescribe encryption methods

84 B: New Section introduced to make "abetment" punishable as the offence itself

84 C: New Section introduced to make an "attempt to commit an offence" punishable with half of the
punishment meant for the offence.
91-94 Omitted
Admissibility of Electronic Records: Amendments made
in the Indian ITA 2000.

Discuss about how the three acts namely,

• The Indian Evidence Act 1872,
• The Bankers Books Evidence Act 1891
• The Reserve Bank of India Act 1934 have been
amended.
• The second schedule of the Indian ITA 2000:
Amendment to the Indian Evidence Act.
• 1. In section 3,—
– (a)in the definition of "Evidence", for the words "all
documents produced for the inspection of the Court", the
words "all documents including electronic records produced
for the inspection of the Court" shall be substituted;
– (b)after the definition of "India", the following shall be
inserted, namely:— 'the expressions "Certifying Authority",
"digital signature", "Digital Signature Certificate",
"electronic form", "electronic records", "information",
"secure electronic record", "secure digital signature" and
"subscriber" shall have the meanings respectively assigned
to them in the Information Technology Act, 2000.'.
• 2. In section 17, for the words "oral or
documentary,", the words "oral or
documentary or contained in electronic form"
shall be substituted.
• 3. After section 22, the following section shall
be inserted, namely: —
– When oral admission as to contents of electronic
records are relevant.
– "22A. Oral admissions as to the contents of
electronic records are not relevant, unless the
genuineness of the electronic record produced is
in question.".
• 4.In section 34, for the words "Entries in the books of account", the
words "Entries in the books of account, including those maintained in
an electronic form" shall be substituted.
• 5.In section 35, for the word "record", in both the places where it
occurs, the words "record or an electronic record" shall be substituted.
• 6.For section 39, the following section shall be substituted, namely: —
• What evidence to be given when statement forms part of a
conversation, document, electronic record, book or series of letters
or papers.
• "39. When any statement of which evidence is given, forms part of a
longer statement, or of a conversation or pan of an isolated document,
or is contained in a document which forms part of a book, or is
contained in part of electronic record or of a connected series of
letters or papers, evidence shall be given of so much and no more of
the statement, conversation, document, electronic record, book or
series of letters or papers as the Court considers necessary in that
particular case to the full understanding of the nature and effect of the
statement, and of the circumstances under which it was made.".
• 7. After section 47, the following section shall be inserted,
namely: —
– Opinion as to digital signature where relevant.
– "47A. When the Court has to form an opinion as to the digital
signature of any person, the opinion of the Certifying Authority
which has issued the Digital Signature Certificate is a relevant
fact.".
• 8. In section 59, for the words "contents of documents" the
words "contents of documents or electronic records" shall
be substituted.
• 9. After section 65, the following sections shall be inserted,
namely: —
– Special provisions as to evidence relating to electronic record.
– '65A. The contents of electronic records may be proved in
accordance with the provisions of section 65B.
• Admissibility of Electronic Records
• 65B.
• (1) Notwithstanding anything contained in this
Act, any information contained in an electronic
record which is printed on a paper, stored,
recorded or copied in optical or magnetic media
produced by a computer (hereinafter referred
to as the computer output) shall be deemed to
be also a document, if the conditions
mentioned in this section are satisfied in
relation to the information and computer.
• (2)The conditions referred to in sub-section (1) in respect of a
computer output shall be the following, namely: —
– (a)the computer output containing the information was produced by
the computer during the period over which the computer was used
regularly to store or process information for the purposes of any
activities regularly carried on over that period by the person having
lawful control over the use of the computer;
– (b)during the said period, information of the kind contained in the
electronic record or of the kind from which the information so
contained is derived was regularly fed into the computer in the ordinary
course of the said activities;
– (c)throughout the material part of the said period, the computer was
operating properly or, if not, then in respect of any period in which it
was not operating properly or was out of operation during that part of
the period, was not such as to affect the electronic record or the
accuracy of its contents; and
– (d)the information contained in the electronic record reproduces or is
derived from such information fed into the computer in the ordinary
course of the said activities.
• (3)Where over any period, the function of storing or
processing information for the purposes of any activities
regularly carried on over that period as mentioned in clause
(a) of sub-section (2) was regularly performed by computers,
whether—
– (a)by a combination of computers operating over that period; or
– (b)by different computers operating in succession over that period;
or
– c)by different combinations of computers operating in succession
over that period; or
– (d)in any other manner involving the successive operation over
that period, in whatever order, of one or more computers and one
or more combinations of computers, all the computers used for
that purpose during that period shall be treated for the purposes
of this section as constituting a single computer; and references in
this section to a computer shall be construed accordingly.
• (4)In any proceedings where it is desired to give a statement
in evidence by virtue of this section, a certificate doing any of
the following things, that is to say, —
– (a) identifying the electronic record containing the statement and
describing the manner in which it was produced;
– (b) giving such particulars of any device involved in the production
of that electronic record as may be appropriate for the purpose of
showing that the electronic record was produced by a computer;
– (c) dealing with any of the matters to which the conditions
mentioned in subsection (2) relate, and purporting to be signed by
a person occupying a responsible official position in relation to the
operation of the relevant device or the management of the
relevant activities (whichever is appropriate) shall be evidence of
any matter stated in the certificate; and for the purposes of this
sub-section it shall be sufficient for a matter to be stated to the
best of the knowledge and belief of the person stating it.
• (5)For the purposes of this section, —
– (a)information shall be taken to be supplied to a computer if it is
supplied thereto in any appropriate form and whether it is so
supplied directly or (with or without human intervention) by means
of any appropriate equipment;
– (b)whether in the course of activities carried on by any official,
information is supplied with a view to its being stored or processed
for the purposes of those activities by a computer operated
otherwise than in the course of those activities, that information, if
duly supplied to that computer, shall be taken to be supplied to it in
the course of those activities;
– (c)a computer output shall be taken to have been produced by a
computer whether it was produced by it directly or (with or without
human intervention) by means of any appropriate equipment.
• Explanation.—For the purposes of this section any reference to
information being derived from other information shall be a
reference to its being derived there from by calculation,
comparison or any other process.
• 10. After section 67, the following section shall be inserted, namely: —
Proof as to digital signature.
– "67A. Except in the case of a secure digital signature, if the digital signature of
any subscriber is alleged to have been affixed to an electronic record the fact
that such digital signature is the digital signature of the subscriber must be
proved.".
• 11. After section 73, the following section shall be inserted, namely: —
Proof as to verification of digital signature.
– '73A. In order to ascertain whether a digital signature is that of the person by
whom it purports to have been affixed, the Court may direct—
– (a)that person or the Controller or the Certifying Authority to produce the
Digital Signature Certificate;
– (b)any other person to apply the public key listed in the Digital Signature
Certificate and verify the digital signature purported to have been affixed by
that person.
• Explanation.—For the purposes of this section, "Controller" means the
Controller appointed under sub-section (1) of section 17 of the
Information Technology Act, 2000'.
• 12. Presumption as to Gazettes in electronic forms.
• After section 81, the following section shall be inserted, namely:
—
• "81 A. The Court shall presume the genuineness of every
electronic record purporting to be the Official Gazette, or
purporting to be electronic record directed by any law to be
kept by any person, if such electronic record is kept substantially
in the form required by law and is produced from proper
custody.".
• 13. Presumption as to electronic agreements.
• After section 85, the following sections shall be inserted,
namely: —
– "85A. The Court shall presume that every electronic record purporting
to be an agreement containing the digital signatures of the parties was
so concluded by affixing the digital signature of the parties.
• 14.Presumption as to electronic records and digital
signatures.
• 85B. (1) In any proceedings involving a secure electronic
record, the Court shall presume unless contrary is proved,
that the secure electronic record has not been altered since
the specific point of time to which the secure status relates.
• (2)In any proceedings, involving secure digital signature,
the Court shall presume unless the contrary is proved that
—
– (a) the secure digital signature is affixed by subscriber with the
intention of signing or approving the electronic record;
– (b) except in the case of a secure electronic record or a secure
digital signature, nothing in this section shall create any
presumption relating to authenticity and integrity of the
electronic record or any digital signature.
• 15.Presumption as to Digital Signature Certificates.
• 85C. The Court shall presume, unless contrary is proved, that the
information listed in a Digital Signature Certificate is correct, except for
information specified as subscriber information which has not been
verified, if the certificate was accepted by the subscriber.".
• 16. Presumption as to electronic messages.
• After section 88, the following section shall be inserted, namely: — '88A.
The Court may presume that an electronic message forwarded by the
originator through an electronic mail server to the addressee to whom
the message purports to be addressed corresponds with the message as
fed into his computer for transmission; but the Court shall not make any
presumption as to the person by whom such message was sent.
• Explanation.—For the purposes of this section, the expressions
"addressee" and "originator" shall have the same meanings respectively
assigned to them in clauses (b) and (za) of sub-section (1) of section 2 of
the Information Technology Act, 2000.'.
• 15. Presumption as to electronic records five years old.
• After section 90, the following section shall be inserted, namely:
—
• "90A. Where any electronic record, purporting or proved to be
five years old, is produced from any custody which the Court in
the particular case considers proper, the Court may presume that
the digital signature which purports to be the digital signature of
any particular person was so affixed by him or any person
authorized by him in this behalf.
• Explanation.—Electronic records are said to be in proper custody
if they are in the place in which, and under the care of the person
with whom, they naturally be; but no custody is improper if it is
proved to have had a legitimate origin, or the circumstances of
the particular case are such as to render such an origin probable.
• This Explanation applies also to section 81A.".
• 16. For section 131, the following section shall
be substituted, namely: —
• Production of documents or electronic records
which another person, having possession,
could refuse to produce.
• "131. No one shall be compelled to produce
documents in his possession or electronic
records under his control, which any other
person would be entitled to refuse to produce if
they were in his possession or control, unless
such last-mentioned person consents to their
production.".
 AMENDMENTS TO THE BANKERS' BOOKS
EVIDENCE ACT ' 891
• 1. In section 2—
• (a) for clause (3), the following clause shall be
substituted, namely:— '(3) "bankers' books"
include ledgers, day-books, cash-books,
account-books and all other books used in the
ordinary business of a bank whether kept in
the written form or as printouts of data stored
in a floppy, disc, tape or any other form of
electro-magnetic data storage device;
• (b) for clause (8), the following clause shall be substituted, namely:
— '(8) "certified copy" means when the books of a bank,—
• (a)are maintained in written form, a copy of any entry in such books
together with a certificate written; the foot of such copy that it is a true
copy of such entry, that such entry is contained in one of the ordinary books
of the bank and was made in the usual and ordinary course of business and
that such book is still in the custody of the bank, and where the copy was
obtained by a mechanical or other process which in itself ensured the
accuracy of the copy, a further certificate to that effect, but where the book
from which such copy was prepared has been destroyed in the usual course
of the bank's business after the date on which the copy had been so
prepared, a further certificate to that effect, each such certificate being
dated and subscribed by the principal accountant or manager of the bank
with his name and official title; and
• (b)consist of printouts of data stored in a floppy, disc, tape or any other
electro-magnetic data storage device, a printout of such entry or a copy of
such printout together with such statements certified in accordance with
the provisions of section 2A.'.
• 2. After section 2, the following section shall be inserted, namely: —
• Conditions in the printout.
• "2A. A printout of entry or a copy of printout referred to in sub-section (8) of section 2
shall be accompanied by the following, namely: —
• (a) a certificate to the effect that it is a printout of such entry or a copy of such
printout by the principal accountant or branch manager; and
• (b) a certificate by a person in-charge of computer system containing a brief
description of the computer system and the particulars of—
– (A) the safeguards adopted by the system to ensure that data is entered or any other
operation performed only by authorised persons;
– (B) the safeguards adopted to prevent and detect unauthorised change of data;
– (C) the safeguards available to retrieve data that is lost due to systemic failure or any
other reasons;
– (D) the manner in which data is transferred from the system to removable media like
floppies, discs, tapes or other electro-magnetic data storage devices;
– (E) the mode of verification in order to ensure that data has been accurately
transferred to such removable media;
– (F} the mode of identification of such data storage devices;
– (G) the arrangements for the storage and custody of such storage devices;
– (H) the safeguards to prevent and detect any tampering with the system; and
– (I)any other factor which will vouch for the integrity and accuracy of the system.
• (c) a further certificate from the person in-
charge of the computer system to the effect
that to the best of his knowledge and belief,
such computer system operated properly at
the material time, he was provided with all
the relevant data and the printout in question
represents correctly, or is appropriately
derived from, the relevant data."
The fourth schedule of the Indian Act
2000:Amendment to the reserve Bank of India
Act
• In the Reserve Bank of IndiaAct, 1934, in section 58,
in sub-section (2), after clause (p), the following
clause shall be inserted, namely:—
– “ the regulation of fund transfer through electronic
means between the banks or between the banks and
other financial institutions referred to in clause (c) of
section 45-1, including the laying down of the conditions
subject to which banks and other financial institutions
shall participate in such fund transfers, the manner of
such fund transfers and the rights and obligations of the
participants in such fund transfers;"
 Positive Aspects of the ITA 2000
• Prior to the enactment of the IT Act, 2000 even an email was not
accepted under the prevailing statutes of India as an accepted
legal form of communication and as evidence in a court of law.
But the IT Act, 2000 changed this scenario by legal recognition of
the electronic format. Indeed, the IT Act, 2000 is a step forward.
• From the perspective of the corporate sector, companies shall
be able to carry out electronic commerce using the legal
infrastructure provided by the IT Act, 2000. Till the coming into
effect of the Indian cyber law, the growth of electronic
commerce was impeded in our country basically because there
was no legal infrastructure to regulate commercial transactions
online.
• Corporate will now be able to use digital signatures to carry out
their transactions online. These digital signatures have been given
legal validity and sanction under the ITA 2000.
• In today’s scenario, information is stored by the companies on their
respective computer system, apart from maintaining a back-up.
Under the IT Act, 2000, it shall now be possible for corporate to
have a statutory remedy if anyone breaks into their computer
systems or networks and causes damages or copies data. The
remedy provided by the IT Act, 2000 is in the form of monetary
damages, by the way of compensation, not exceeding Rs
1,00,00,000.
• The IT Act, 2000 has defined various cyber crimes which includes
hacking and damage to the computer code. Prior to the coming
into effect of the Indian cyber law, the corporate were helpless as
there was no legal redress for such issues. But the IT Act, 2000
changed the scene altogether.
• Negative aspects of the IT Act, 2000
• The IT Act, 2000 is likely to cause a conflict of jurisdiction.
• Electronic commerce is based on the system of domain
names.
– The IT Act, 2000 does not even touch the issues relating to
domain names.
– Even domain names have not been defined and the rights and
liabilities of domain name owners do not find any mention in the
law.
• The IT Act, 2000 does not deal with any issues concerning
the protection of intellectual property rights in the context
of the online environment.
– very important issues concerning online copyrights, trade marks
and patents have been left untouched by the law, thereby leaving
many loopholes.
• The IT Act, 2000 does not cover various kinds
of cyber crimes and internet-related crimes.
These include:
– (a) Theft of internet hours
– (b) Cyber theft
– (c) Cyber stalking
– (d) Cyber harassment
– (e) Cyber defamation
– (f) Cyber fraud
– (g) Misuse of credit card numbers
– (h) Chat room abuse
• The IT Act, 2000 has not tackled several issues
pertaining to e-commerce sphere like privacy
and content regulation to name a few.
• IT Act does not touch upon antitrust Issues.
• The IT act stays silent over the regulation of
electronic payments gateway
– This may have major effect on the growth of E-
Commerce in India.
• The most serious concern about the Indian
Cyberlaw relates to its implementation.
• Challenges:
– Most Indians not to report cyber crimes to the law
enforcement agencies because they fear it might invite a lot
of harassment.
– Their awareness on cybercrime is relatively on the lower
side.
– Law enforcement agencies in India neither well equipped
nor knowledgeable enough about cybercrime.
– Not all cities have cybercrime cells.
– Lack of dedicated cybercrimes courts in the country where
expertise in cybercrime can be utilized.
– Current law enforcement machinery is not yet well equipped
to deal with Cyberlaw offenses and contraventions.
– Crying need for cyber–savvy judges.
• How to overcome:
– A sound Cyberlaw training to the judges and lawyers will go a
long way in effective enforcement of cyber laws.
– Uniform guidelines on cyber forensics tools and strategies
should be circulated among investigating officers of cybercrime
in the country.
– Need expedite cybercrime trials.
– People need to be encouraged to report the matter to the law
enforcement agencies with full confidence and trust and
without the fear of being harassed.
– The law enforcement agencies dealing with cyber crime need to
come up with an extremely tech-savvy and friendly image.
– Require apt laws and a proactive approach of the law
enforcement agencies to effectively deal with the menace of
cybercrime.