Download INFORMATION TECHNOLOGY AND CYBER LAWS and more Cheat Sheet Cyberlaw and Internet Law in PDF only on Docsity!
This article is co-authored by Yashraj Bais and Raghav Vaid.
Introduction
The computer-generated world of internet is known as cyberspace and the laws prevailing this area are known as Cyber laws and all the users of this space come under the ambit of these laws as it carries a kind of worldwide jurisdiction. Cyber law can also be described as that branch of law that deals with legal issues related to use of inter-networked information technology. In short, cyber law is the law governing computers and the internet.
The growth of Electronic Commerce has propelled the need for vibrant and effective regulatory mechanisms which would further strengthen the legal infrastructure, so crucial to the success of Electronic Commerce. All these governing mechanisms and legal structures come within the domain of Cyber law.
Cyber law is important because it touches almost all aspects of transactions and activities and on involving the internet, World Wide Web and cyberspace. Every action and reaction in cyberspace has some legal and cyber legal angles.
All You Need To Know About Cyber Laws In
India
Cyber Crime is not defined in Information Technology Act 2000 nor in the National Cyber Security Policy 2013 nor in any other regulation in India. In fact, it cannot be too. Crime or offence has been dealt with elaborately listing various acts and the punishments for each, under the Indian Penal Code, 1860 and quite a few other legislations too. Hence, to define cyber-crime, one can say, it is just a combination of crime and computer. To put it in simple terms ‘any offence or crime in which a computer is used is a cyber-crime’. Interestingly even a petty offence like stealing or pick pocket can be brought within the broader purview of cybercrime if the basic data or aid to such an offence is a computer or an information stored in a computer used (or misused) by the fraudster. The I.T. Act defines a computer, computer network, data, information and all other necessary ingredients that form part of a cybercrime.
In a cyber-crime, computer or the data itself the target or the object of offence or a tool in committing some other offence, providing the necessary inputs for that offence. All such acts of crime will come under the broader definition of cyber-crime.
Cyber law encompasses laws relating to:
Cyber crimes Electronic and digital signatures Intellectual property Data protection and privacy
History
The Internet is a global system of interconnected computer networks that use the standardized Internet Protocol Suite (TCP/IP). It is a network of networks that consists of millions of private and public, academic, business and government networks of local to global scope that are linked by copper wires, fiber optic cables, wireless connections and other technologies. The Internet carries a vast array of information resources and services, most notably the inter-linked hypertext documents of the World Wide Web (WWW) and the infrastructure to support electronic mail, in addition to popular services such as online chat, file transfer and file sharing, online gaming, and Voice over Internet Protocol (VoIP) person to person communication via voice and video. The origins of the Internet dates back to the 1960s when the United States funded research projects of its military agencies to build robust, fault tolerant and distributed computer networks. This research and a period of civilian funding of a new U.S. backbone by the National Science Foundation spawned worldwide participation in the development of new networking technologies and led to the commercialization of an international network in the mid-1990s, and resulted in the following popularization of countless applications in virtually every aspect of modern human life.
Click Above
Need for Cyber Law
In today’s techno-savvy environment, the world is becoming more and more digitally sophisticated and so are the crimes. Internet was initially developed as a research and information sharing tool and was in an unregulated manner. As the time passed by it became more transactional with e- business, e-commerce, e-governance and e-procurement etc. All legal issues related to internet crime are dealt with through cyber laws. As the number of internet users is on the rise, the need for cyber laws and their application has also gathered great momentum.
In today’s highly digitalized world, almost everyone is affected by cyber law. For example:
Almost all transactions in shares are in demat form. Almost all companies extensively depend upon their computer networks and keep their valuable data in electronic form. Government forms including income tax returns, company law forms etc. are now filled in electronic form. Consumers are increasingly using credit/debit cards for shopping. Most people are using email, phones and SMS messages for communication. Even in “non-cyber crime” cases, important evidence is found in computers/cell phones eg: in cases of murder, divorce, kidnapping, tax evasion, organized crime, terrorist operations, counterfeit currency etc. Cybercrime cases such as online banking frauds, online share trading fraud, source code theft, credit card fraud, tax evasion, virus attacks, cyber sabotage, phishing attacks, email hijacking, denial of service, hacking, pornography etc. are becoming common. Digital signatures and e-contracts are fast replacing conventional method of transacting business.
Technology per se is never a disputed issue but for whom and at what cost has been the issue in the ambit of governance. The cyber revolution holds the promise of quickly reaching the masses as opposed to the earlier technologies, which had a trickle-down effect. Such a promise and potential can only be realized with an appropriate legal regime based on a given socio-economic matrix.
The rising Cyber Crime
As per the cybercrime data maintained by National Crime Records Bureau (NCRB), a total of 217, 288, 420 and 966 Cyber Crime cases were registered under the Information Technology Act, 2000 during 2007, 2008, 2009 and 2010 respectively. Also, a total of 328, 176, 276 and 356 cases were registered under Cyber Crime related Sections of Indian Penal Code (IPC) during 2007, 2008, 2009 and 2010 respectively. A total of 154, 178, 288, 799 persons were arrested under Information Technology Act 2000 during 2007-2010. A total number of 429, 195, 263 and 294 persons were arrested under Cyber Crime related Sections of Indian Penal Code (IPC) during 2007-2010.
As per 2011 NCRB figures, there were 1791 cases registered under the IT Act during the year 2011 as compared to 966 cases during the previous year (2010) thereby reporting an increase of 854% in 2011 over 2010.
Of this, 19.5% cases (349 out of 1791 cases) were reported from Andhra Pradesh followed by Maharashtra (306), Kerala (227), Karnataka (151) and Rajasthan (122). And 46.1% (826 cases) of
businessmen only via online mode and after involving some innocent victim in their web, sends a proposal of marriage before them, when the proposal is accepted and a reasonable trust is established between both of them, they demands money by making fake stories and asks the victim to transfer them the money online in the account, as soon as it happens the spouse becomes the prey of the criminals.
Salami Attacks: The newly discovered cyber attack in India, which is on its peak these days, is the salami attack. For Example: A Bank Employee inserts a software in the server of the bank, to deduct a insignificant amount of Rs. 5/- from the Account of each customer and credit it into the Account of the Employee. Such small amount will never be noticed by any customer, but when it seen or analyzed from the viewpoint of thousands of customers as a whole than under such circumstances the amount goes in Crores.
Cyber Stalking: The most common cyber crime these days, stalking simply means constantly following any person, usually females and threatening or messaging them repeatedly even after their objection on the same. Cyber Stalking is punishable u/s.66-A, 67 of Information and Technology Act, 2000 and Section 354-D of IPC, 1860.
Cyber Defamation: Publication or posting any material on social media or other online platforms against a respected citizen of the Country which lowers his integrity and image in the eyes of others, without any evidence with a malafide intension is a Crime in India, which along with the I.T. Act, 2000 is also punishable under Section 499 and Section 500 of Indian Penal Code, 1860.
Banking Fraud: The Banking Fraud is on its peak these, especially in the admist of nation-wide lockdown due to Covid-19. The fraudsters impersonates as representatives of bank, and extorts the crucial and sensitive information like CVV Number, OTP, etc. from the innocent customers by fraudulently deceiving them and making false stories, resulting into credit card and banking fraud. Even some fraudsters installs the skimmer in the ATM Machines, which clones the credit or debit card of the customers, ultimately causing financial losses to them. Cyber Terrorism: This is the most grave and serious type of cyber crime prevailing in India. In this, tools are used to interrupt in National Infrastructure and Defense by shutting down the energy, transportation and communication facilities. In simple words the Government Websites are being hacked by the criminals and is mis-used in order to damage the Defense and Infrastructure of that particular nation. Ex- Online Threatening Emails to various Government Officials or Ministers, Bomb threats, etc.
Laws for Cyber Crime in India
After the adoption of Policy of LPG in 1991, the Indian has grown tremendously in the field or Import-Export and other related ancillary business activities, including the IT Sector. Owing to the need and seriousness of the Cyber Crimes, Hon’ble Parliament of India enacted Information and Technology Act, 2000 which was notified on 17 October, 2000. As from the name itself it can be widely inferred that the Act was having it’s purview and ambit only in the cases dealing with Cyber Crime and Crimes related to the Electronic Commerce.
The Information and Technology Act, 2000 explicitly provides the legal framework for the electronic governance by giving identification to the electronic records and digital signatures, it also expressly defines penalties for culprits after commitment of the cyber crime. It statutorily had also established a Cyber Appellate Tribunal to resolve the disputes especially related to Cyber Crimes and Online Frauds.
Apart from it some of the statutory provisions of Indian Penal Code, 1860 especially in the crime of Fraud, Criminal Intimidation, Cheating, Breach of Trust, Abetment of Suicide via Blackmailing,
etc. may be charged on accused having regard to the circumstances, and discretionary powers of the Court, however it must be noted that a person cannot be punished twice for the same offence, as it will violates his Fundamental Right ensured under Article 20 (2) of the Indian Constitution i.e. Double Jeopardy.
Remedies in India
Everyone today must be aware about some very basic provisions of the two Acts which are hereby used as a tool by the Courts for providing remedy to the victims of Cyber Crime. They are as follows:
Information and Technology Act, 2000
Section 65: Tampering with the Computer Source Documents- If a person knowingly or intentionally conceals, destroys or mis-uses any computer source code or software, then he will be punished with an imprisonment which may extend up to three years or fine up to Rs. 20,000/-.
Section 66: Hacking the Computer System- If any individual knowingly with a criminal mind accesses any computer resource in an un-authorized way which causes wrongful injuries to that person or public at large then such offender is likely to be punished with an imprisonment which may extend up to three years or fine up to Rs. 50,000/-.
Section 66-A: Sending of Offensive Messages- The provision was inserted via an Amendment in the IT Act in year 2008 which prevents the user of the computer or electronic device to send any kind of offensive messages, false messages which may likely to cause annoyance or inconvenience to the public at large. The accused is punishable with an imprisonment which may extend up to three years or fine.
Section 66-B: Receiving stolen computer or electronic device- If an individual receives a computer device or any electronic device which he knows to stolen or having a defective title, shall be punished with an imprisonment which may extend up to three years or fine up to Rs. 100000/-.
Section 66-C: Fraudulently using password of any another person: A person fraudulently using the electronic password, or Digital Signature which may be delegated to him for it’s lawful use in the capacity of servant or agent, is punishable with an imprisonment which may extend up to three years or fine up to Rs. 1 Lack.
Section 66-E: Publishing private images of other persons without consent- If any person captures or obtains the private images of any another person and publishes it on any social platform via an electronic medium without the consent of that person, is punishable with an imprisonment which may extend up to three years or a fine of Rs. 2 Lacks.
Section 66-F: Cyber Terrorism- If any individual who is denied to access any particular website of any Ministry or Government Department does so in an un-authorized way which may threaten or can cause detriment to the sovereignty or integrity of India, is punishable with imprisonment which may extend up to life.
Section 67: Publishing information which is obscene via electronic form- If any individual publishes or transmits any message or image which in itself is objectionable in nature, which may lower the image of the alleged person in the eyes of others, is a crime punishable with an imprisonment which may extend up to five years or fine up to Rs. 1 Lack.
The intermediary should observe the following due diligence while discharging his duties:
The intermediary should publish the rules and regulations, privacy policy and user agreement for access or usage of the intermediary’s computer resource by any person. Such rules and guidelines, terms and conditions or user agreement shall inform the users of computer resource not to host, display, upload, amend, publish, transmit, update or share any information. The intermediary should not knowingly host or publish any information or should not initiate the transmission, select the receiver of transmission, and select or modify the information contained in the transmission. The intermediary, on whose computer system information is stored or hosted or published, upon obtaining knowledge by itself or been brought to actual knowledge by an affected person in writing or through email signed with electronic signature about any such data should act within thirty six hours and where applicable, work with user or owner of such information to disable such information. Further the intermediary should preserve such information and associated records for at least ninety days for investigation purposes. The Intermediary should inform its users that in case of non-compliance with rules and guidelines, user agreement and privacy policy for access or usage of intermediary computer resource, the Intermediary has the right to immediately dismiss the access or usage lights of the users to the computer resource of Intermediary and remove non- compliant information. The intermediary should strictly follow the provisions of the Act or any other laws for the time being in force. When required by lawful order, the intermediary should provide information or any such assistance to Government Agencies who are lawfully authorized for exploratory, shielding, cyber security activity. The intermediary should take all rational measures to secure its computer resource and information contained therein.
Indian Penal Code, 1860
Section 354-D: Voyeurism- If a man watches a women engaging in a private act, were a reasonable assumption of privacy is expected by the women, captures her image and publishes it via an online medium shall be punished with imprisonment for minimum one year, which may however be extended to three years for the first conviction, in the second conviction it shall be minimum three years, which may extend to seven years and fine.
Section 354-D: Stalking- If a man constantly follows any women and tries to contact her or begin a personal interaction with her, despite of showing an utter dis-interest by the women to do so, or if a man monitors the women on internet or email and keeps a watch on her online activities without any justification or reasonable cause, causing annoyance to that women shall be punished with an imprisonment which may extend to three years for the first conviction, and for the second conviction it may extend to five years and fine.
Section 383: Punishment of Extortion- Whosoever intentionally and illegally puts a person in fear to deliver any property or valuables to him, otherwise he will defame that person by posting some defamatory statement or Article against the said person shall be punished with imprisonment which may extend to three years, or fine, or both.
Section 379: Punishment of Theft- Whosoever dishonestly take away the goods or any electronic record illegally from the possession of its rightful owner without his express consent shall be punished with imprisonment which may extend to three years or with fine or both.
Section 406: Punishment of Criminal Breach of Trust- Whosoever mis-appropriates any movable property like computer device or any electronic device which was entrusted to him for a lawful purpose, causing wrongful damages to its owner shall be punished with imprisonment which may extend to three years or with fine or both.
Section 417: Punishment of Cheating- Whosoever impersonates some other person which he is not or knowingly substitutes such person, and causes wrongful losses to the innocent victim shall be punished with imprisonment which may extend to one year, or fine or both.
Section 471: Using as genuine a forged document or electronic record- Whosoever fraudulently or dishonestly uses as genuine any document or electronic record which he knows to be forged shall be punished with an imprisonment which may extend to two years or fine, or with both.
Section 500: Punishment of Defamation- Whosoever knowingly publishes without any justification or reasonable cause any statement, image or document on social platforms, believing and knowing it to be false against any person, firm, company were such imputation will definitely lower the image and intellect of him in front of the general public, shall be punished with simple imprisonment which may extend to two years or fine or with both. Section 506: Punishment of Criminal Intimidation- Where a persons threatens other person to harm his reputation, life or property via an electronic means which induces that person to commit an illegal act or prevent him doing an act which is legally obligatory on him shall be punished with imprisonment which may extend to two years, or fine or both.
Applicability of IT Act and IPC both in Cybercrime
Now, the greatest ambiguity ever relating to the applicability of both Information and Technology Act, 2000 and Indian Penal Code, 1860 simultaneously in the Cyber Crimes is prevalent these days also in front of Hon’ble Judiciary. I just want my able readers to wonder for a minute that is applying provisions of both the acts on the culprit of the Cyber Crime, as some on the provisions of IT Act are considerably lenient as compared to the harsh provisions of Indian Penal Code, is justifiable?
The ambiguity was resolved by Hon’ble High Court of Bombay on 6 Nov, 2018 which explicitly delivered it’s Judgement, in the case of Data Theft been lodged by a Kolhapur based Company that develops software for the hospital management against its employees alleging data theft resulting into wrongful looses to the Company. The provisions of IPC for the crime of cheating, breach of trust and theft were invoked, even when it was in purview and were also tried under Section 43 and Section 66 of the IT Act. The High Court highly relied on the decision of Hon’ble Supreme Court of India in the famous case of Sharat Babu Digumar v. NCT of Delhi, and said that “Prosecuting the petitioners under the both IPC and IT Act would be a brazen violation of protection against the double jeopardy, and we are also having a special law in the form of IT Act for specifically curbing and preventing the cyber crimes, in such circumstances prosecution under both the laws for the same offence is un-constitutional.”
Even on 24 March, 2015 the Hon’ble Supreme Court of India, gave a verdict striking-off Section 66-A of the Information and Technology Act, 2000 as un-constitutional in its entirety. It was done due to its massive misuse by the Investigating Authorities against the innocent individuals.
Recently Hon’ble High Court of Bombay also ruled that the Admins of the Whatsapp Groups cannot be held liable for posting any fake or obscene messages by the members in the group under Section 66-A of the IT Act, 2000 as they cannot be punished for the offence which they haven’t committed, however giving instant reaction or removing the member immediately from the Group,
