The current issue and full text archive of this journal is available at

www.emeraldinsight.com/1754-243X.htm

The state of e-commerce laws in

India: a review of Information
Technology Act
Dr Sumanjeet

E-commerce
laws in
India
265

Department of Commerce, Ramjas College, University of Delhi, Delhi, India

Abstract
Purpose The purpose of this paper is to critically examine the Indian IT Act 2000 and IT
(Amendment) Act 2008 in the light of e-commerce perspective to identify the present status of
e-commerce laws in India.
Design/methodology/approach The paper presents a critical reflection on the current ecommerce laws in India. The paper is based on the Indian IT Act 2000 and IT (Amendment) Act 2008.
The paper presents critical content analysis of various provisions of IT Act in e-commerce
prespective. The paper also highlights legal issues arising from e-commerce.
Findings There are many important issues which are critical for the success of e-commerce that
have not been covered or properly addressed by IT Act. The paper reveals that the present IT Act is
weak on various fronts and in the absence of sound legal framework e-commerce cannot create a
success story in India. Indian Government must appreciate that for safe and secure business
environment on cyberspace, a sound legal framework is needed. This paper suggests that there is
strong need to introduce separate laws for e-commerce in India.
Practical implications The paper identified various loopholes/problems/weakness of existing ecommerce laws in India. These issues should be addressed by Goverment of India to protect the
interests of Indian software industries, BPO sector and other stakeholders.
Originality/value The issue identified in the paper is somewhat new, timely and interesting, taking
into consideration its importance to economic development in emerging economies such as India.
Keywords India, Legislation, Electronic commerce
Paper type Viewpoint

1. Introduction
The emergence of e-commerce as a business technology[1] has fundamentally changed
the structure (Pastor and Alessandro, 2004) and environment of business, offering
businesses and customers a powerful channel and making it possible for these two
parties to come together in more efficient ways by creating new marketplace
(Sumanjeet, 2008a, b). E-commerce provides benefits in terms of providing information,
enhancing image, improving the business processes and improving the customer
services (Khatibi et al., 2003). Further, e-commerce significantly lowers purchase
transactions cost by eliminating the middleman in the distribution channels
(Gallaugher, 2002; Anderson et al., 1997; Bakos, 1991; Christersen et al., 1998; Benjamin
and Wignad, 1995). In some categories such as information services and digital
products, providers can decrease the financial cost of distribution to zero (Zhu
et al., 2002; Poon, 2000). Low cost and ease of use (Timmers, 1999; Kuhn and Skuterud,
2000) has resulted the widespread adoption, high degree of interconnectivity between
many parties (Shapiro and Varian, 1999). E-commerce allows businesses to target very
JEL classifications K2, K4, O33
While bearing full responsibility for any mistakes, the author wishes to thank Prof. L.N.
Dahiya; for reading the earlier versions of this paper and making a number of helpful comments
and constructive criticisms. However, the author is solely responsible for all remaining errors
and inadequacy.

International Journal of Law and

Management
Vol. 52 No. 4, 2010
pp. 265-282
# Emerald Group Publishing Limited
1754-243X
DOI 10.1108/17542431011059322

IJLMA
52,4

266

Table I.
B2C e-commerce sales
in the select countries
(Asia Pacific region,
2006-2011)

specific markets. Furthermore, by using monitoring softwares and customer

relationship management techniques, e-service firms can track, analyze and cater to a
specific customer needs (Sumanjeet, 2005; Nicholas and Jerry, 2002). Companies around
the world are realizing the benefits of e-commerce and they are using e-commerce as a
part of their business strategy. As a result, e-commerce has registered a very rapid
growth across the globe (Table I).
The impact of e-commerce over the global economy is well documented. Developed
nations like USA, UK, Australia, Canada and European countries are main
beneficiaries, with countries such as India and China with their huge pools of
technologically skilled manpower, also hoping to benefit. Table I indicates that China
is also much ahead from India. However, Indian companies are also using e-commerce
technologies in much like the same manner as in the other parts of the world. But, the
growth has been confined to few major cities and some industries usually
multinationals. For developing countries such as India, e-commerce offers significant
opportunities as e-commerce diminishes cost, paper work, improve communication and
information, and may create huge new markets for indigenous products and services.
While many companies and communities in India are beginning to take advantage
of the potential of e-commerce, critical challenges remain to be overcome before its
potential can be fully realized for the benefit of all citizens (Basu and Jones, 2002). Some
of the challenges are: poor telecom infrastructure (Rastogi, 2002; CII, 2001; Verma,
2001), readiness of customers and vendors (Sumanjeet, 2008a, b), government policies,
high cost of internet usage (Sumanjeet, 2010; Dutta, 2003) and education. But there is
another factor, which is highly responsible for the poor implementation of e-commerce
in India: poor legal regime for e-commerce (Sumanjeet, 2002).
The present paper is focused on e-commerce laws in India as the main objective of
the present paper is to critically examine the Indian Information Technology Act 2000
and Information Technology (Amendment) Act 2008 to identify the present status of
e-commerce laws in India. To study the objective of paper in a systematic manner, the
present paper has been divided into four sections. Section 2 deals with the legal issues
arising from e-commerce. Section 3 makes an attempt study remarkable provisions of
IT Act 2000 and also critically examine the various provisions of IT Act 2000. In
Section 4, an attempt has been made to study to various amendments introduced in the
existing IT Act 2000. This section also examines the IT (Amendment) Act 2008 in the
light of e-commerce perspective. Section 5 present concluding remarks.

Countries

2006

2007

2008

2009

2010

2011

Australia
Chinaa
India
Japan
South Korea
Asia-Pacific

9.5
2.4
0.8
36.8
9.6
59.1

13.6
3.8
1.2
43.7
10.9
73.3

20.4
6.4
1.9
56.6
12.4
97.7

26.4
11.1
2.8
69.9
14.0
124.1

28.7
16.9
4.1
80.0
15.9
145.5

31.1
24.1
5.6
90.0
17.9
168.7

Notes: Converted at average annual exchange rates (projected for future year): total B2C sales
include all purchase made on a retail website, regardless of device used to complete the transaction
(US Billion); online travel, event tickets and digital download sales; aexcludes Hong Kong

2. Legal issues in e-commerce

With the proliferation of e-commerce, new issues are also emerging. These issues are
more Herculean in the developing countries like India. The first issue is of privacy and
security (Light, 2001; Mitnick and William, 2002). While shopping on the internet,
most people typically do not think about what is happening in the background. Web
shopping is generally very easy. Customer click on a related site, go into that site, buy
the required merchandize by adding it to their cart, enter their credit card details and
then expect delivery within a couple of days. This entire process looks very simple but
a developer or businessmen knows exactly how many hurdles need to be jumped to
complete the order. Customers information has to pass through several hands so
security and privacy of the information are a major concern (Neuman and Genyady,
1998). The safety and security of a customers personal information lies within the
hands of the business. Second, controversial issue is consumer protection. The
consumer contracts are today (in the age of e-commerce) the meeting point of
the contrast between the traditional sufficiency of the formal equality between the
contractual parties and the necessity of a more comprehensive control over the
real contractual balance. For this reason, the electronic negotiation highlights the need
of consumer protection at the highest level. In brief, it can be recalled that the consumer
position at the conclusion of the contract needs to be strengthened against the one of
the supplier: the consumer agrees to a non-modifiable fixed contractual proposal by
the supplier and very often especially when customer is negotiating from home, at a
distance customer has no possibility to obtain the adequate information about the
goods or services for which the contract was concluded, which would normally be
necessary to create his full intention to enter into the contract (Kaur, 2005). Third, as
there is no agreement within the internet community that would allow organizations
that register domain names[2] to pre-screen the filing of potentially problematic names,
domain name disputes are arising. Domain name disputes arise largely from the
practice of cybersquatting, which involves the pre-emptive registration of trademarks
by third parties as domain names. Cybersquatters exploit the first-come, first-served
nature of the domain name registration system to register names of trademarks,
famous people or businesses with which they have no connection. Since registration of
domain names is relatively simple and inexpensive less than US$100 in most cases
cybersquatters often register hundreds of such names as domain names. Fourth, the
rise of e-commerce poses new questions for taxation policy[3] and administration.
e-commerce makes it easier for business to be conducted without creating the
permanent establishment that would otherwise subject a seller to tax on income. It
blurs the distinctions between the sale of goods, the provision of services and the
licensing of intangible assets, each of which is subject to some form of taxation. Fifth,
the emergence of e-commerce has created new financial needs that in many cases
cannot be effectively fulfilled by traditional payment systems. Purchasing online may
seem to be quick and easy, but most consumers give little thought to the process that
appears to work instantaneously. For it to work correctly, merchants must connect to a
network of banks (both acquiring and issuing banks), processors, and other financial
institutions so that payment information provided by the customer can be routed
securely and reliably. Because the financial information is very sensitive, issues of trust
and confidence are also emerging. Sixth, data theft[4] has become very sensitive issue
in the age of e-commerce. Data theft is a growing problem primarily perpetrated by
office workers with access to technology such as desktop computers and hand-held
devices capable of storing digital information such as flash drives, iPods and even

E-commerce
laws in
India
267

IJLMA
52,4

268

digital cameras. Since employees often spend a considerable amount of time

developing contacts and confidential and copyrighted information for the company
they work for they often feel they have some right to the information and are inclined
to copy and/or delete part of it when they leave the company, or misuse it while they are
still in employment. Seventh, hacking is another crtitical issue. One of the ways that
hacking the web raises security issues is that it can create dangerous software.
Hackers[5] can easily insert malware into a computer. This consists of files that can be
especially damaging to the computer. The reason for these damaging capabilities is
that a hacker can easily look through and edit files that are inside a website or the
computer of a user on a website. Hacking the web raises security issues because it not
only affects the websites involves but it can also affect the users of the sites that have
been affected.
Added to these, there are several other issues like virus[6], cyberstalking[7],
pronography which can damage the reputation and also create huge loss for the
company. As far as issue of contract is concerned, in some cases, the legal issues
governing the analysis of electronic commercial transactions are no different from
those applied in a more traditional commercial setting. In other areas, however, the law
has had to adapt to take into account the new and different realities created by
e-commerce[8].
From the above issues it is clear that there are high chances of fraud in the age of
e-commerce. Therefore, it is essential that all e-commerce parties know where they
stand vis-a vis the law of land. This has created the need for vibrant and effective
regulatory mechanism, which would strengthen the legal infrastructure that is crucial
to success of e-commerce. Many countries and societies are in the process of putting in
place e-commerce laws, a few have already laid down and India is proud to be one
among them. Indias e-commerce laws[9] are contained in the Information Technology
Act 2000 (IT Act 2000). Indian government passed[10] the Information Act 2000 to deal
with the issues of e-commerce and became the 12th nation in the world[11] to adopt
e-commerce laws during 2000. The IT Act 2000 is based on the Model Law on
E-Commerce adopted by United Nations Commission on International Trade Law
(UNCITRAL[12]). The IT Act 2000 aims to provide the legal infrastructure for
e-commerce in India.
3. Information Technology Act 2000
The IT Act 2000 attempt to change outdated laws and provide ways to deal with the
e-commerce transactions. The Act is divided into 13 chapters, has 94 Sections and has
four Schedules. The Act offers much-needed legal framework so that information is not
denied legal effect, validity or enforceability, solely on the ground that it is in the form
of electronic records[13]. The IT Act 2000 provide legal recognition for transactions
carried out by means of electronic data interchange and other means of electronic
communication, commonly referred to as electronic commerce, which involve the use
of alternatives to paper-based methods of communication and storage of information,
to facilitate electronic filing of documents with the Government agencies and further to
amend the Indian Penal Code, 1860[14], the Indian Evidence Act, 1872[15], the Bankers
Books Evidence Act, 1891[16] and the Reserve Bank of India Act, 1934[17] and for
matters connected therewith or incidental thereto. The Act specifically stipulates that
any subscriber may authenticate an electronic record (Section 4[18]) by affixing his
digital signature (Section 5[19]). It further states that any person can verify an
electronic record by use of a public key[20] of the subscriber. The Act details about

Electronic Governance and provides inter alia amongst others that where any law
provides that information or any other matter shall be in writing or in the typewritten
or printed form, then, notwithstanding anything contained in such law, such
requirement shall be deemed to have been satisfied if such information or matter is:
rendered or made available in an electronic form; and accessible so as to be usable for a
subsequent reference.
3.1 Remarkable provisions of IT Act 2000
The Act provides for a Controller of Certifying Authorities (CCA) who shall perform
the functions of supervising the activities of certifying authorities as well as setting
standards and conditions governing the certifying authorities. The controller also
specifies the various forms and the content of digital signature certificates. The Act
acknowledges the need to recognize foreign certifying authorities (section 19) and it
further details the various provisions for granting the license to issue digital signature
certificates. As per Section 20 the Controller shall also keep a record of the public key
(the part of digital signature in public domain). The duties of subscribers are also
covered. The Act also covers penalties and adjudication for various types of offences
and mentions the power and qualifications for the adjudicating officer. A provision
foresees a Cyber-Regulations Appellate Tribunal where appeals against the orders
passed by Adjudicating Officers could be referred. The tribunal would not be bound by
the principles of the Code of Civil Procedure, but would follow the principles of natural
justice and have the same powers as a civil court. Any appeal against an order or
decision of the Cyber-Regulations Appellate Tribunal would be made to the High
Court. It covers various offences and stipulates that the investigation must be done by
a police officer only, and that officer should have the rank of deputy superintendent
of police (DSP) or higher. These offences include tampering with computer source
documents, publishing obscene information in electronic form, breach of
confidentiality and privacy, misrepresentation, publishing a digital signature
certificate that is false in certain particulars and publication for fraudulent purposes.
Hacking and penalties if found guilty have been defined in Section 66. For the first
time, punishment for hacking has been designated as a cyber crime. The Act also
provides for constituting the Cyber-Regulations Advisory Committee, which would
advise the government about any rules or other matter connected with the Act.
To make the e-commerce transactions safe and secure, the IT Act 2000 provides for
investigation, trial and punishment for certain offences (these offences are found in the
Chapter XI of the Act) like source code attacks (section 65), hacking[21] (section 66),
obscenity (section 67), failure to comply with controllers directions (section 68),
subscribers failure to controllers requirement for decryption (section 69), accessing
designated protected system (system 70), misrepresentation to CCA (section 71), breach
of privacy/confidentiality[22] (section 72), publishing false digital signature certificate
(section 73), making available digital signature for fraudulent purpose (section 74) and
section 75 of the IT Act 2000 deals with the offences or contravention committed outside
India which reads as: first, subject to the provision of sub-section (2), the provision of this
Act shall apply also to any offences or contravention committed outside Indian by any
person irrespective of his nationality; and second, for the purpose of sub-section (1) this
Act shall apply to an offence or contravention committed outside India by any person if
the act or conduct constituting the offence or contravention involves a computer,
computer system or computer networks located in India. The certifying authority can
suspend/revoke digital signature issued by it as given in Section 37 and 38. Further, the

E-commerce
laws in
India
269

IJLMA
52,4

270

Act states that the Controller can open an electronic document if in his opinion the
interests of the sovereignty and protection of the country or public interest are
jeopardized. The Controller can do this only by submitting a written statement to any
government agency, which in turn will take necessary steps to access the document. If
any person does not help him in this regard or obstructs him then that person may be
charged to a prison sentence of up to seven years (section 69).
Section 61 makes it clear that no court shall have jurisdiction to entertain any suit or
proceeding in respect of any matter which an adjudicating officer appointed under this
Act or the Cyber Appellate Tribunals constitute under this Act is empowered by or
under this Act to determine; no injunction shall be granted by any court or other
authority in respect of any action taken or to be taken in pursuance of any power
conferred by or under this Act. The judgment of the Tribunal can be challenged in the
High Court. The act has conferred power to: The CCA (Section 17-18), the Deputy and
Assistant CCA (Section 17 and 27), Licensed Certifying Authorities (Section, 31) and
Auditors (Rule 312), the Adjudicating Officer (Section 46), the Presiding Officer of the
Cyber Appellate Tribunals (Section 48-49), the Registrar of the Cyber Appellate
Tribunals (Section 56 and rule 263), Network Service Providers (Section 79) and Deputy
Superintendent of Police (Section 80). The Act shall apply to all circumstances and
types of transactions and documents other than specifically excepted in the clause 4
of Section 1 of the IT Act 2000. Nothing in this Act shall apply to:
.

a negotiable instrument as defined in the Section 13 of the Negotiable Instrument

Act, 1881;

a power-of-attorney as defined in Section 1A of the Powers-of-Attorney Act,

1882;

a trust as defined in the Section 3 of the Indian Trust Act, 1882;

a will as defined in Clause (h) of Section 2 of the Indian Succession Act, 1925
including any other testamentary disposition by whatever name called;

any contract for the sale or conveyance of immovable property or any interest in
such property; and

any such class of documents or transactions as may be notified by the Central

Government in the Official Gazette.

3.2 Analysis of IT Act 2000

When the IT Act 2000 was passed, the people called it revolutionary. But, at the
implementation front it was realized that the Act has many drawbacks. Many
important issues, which are important for e-commerce, were not covered by the Act.
Chief among them are:
.

cyber theft[23], cyber stalking, cyber harassment and cyber defamation are
presently not covered under the Act[24];

jurisdiction problems are likely to arise as the act applies to both Indians and
foreign citizens;

the Act does not make any mention of payment mechanism for Indian companies
who will have to pay foreign companies for services/goods rendered;

the law is now covered under civil procedure, making the enforcement process
slow. This deters companies from approaching the cyber crime cell;

some definitions in the Act are vague[25] and can cause problems to the plaintiff;

the Act does not lay down parameters for its implementation;

the Act is also silent about issues of protection of consumers, e-taxation and right
to information;

the construction of Section 79[26] leaves much scope harassment;

section 75 of the Act is also problematic as it applies not to the Indian citizens but
even to the foreigners who contravene the provision of the Act with reference to
India;

there is also no provision in the IT Act 2000 for blocking of websites[27]; and

domain name[28] issues are presently covered by legal norms applicable to

intellectual properties[29], including trademarks.

Abuse of chat rooms, cyber stalking, misappropriation and misuse of credit card
numbers are just a few of the many other loopholes which are still not addressed by IT
Act.
Added to these, the provision relating to powers of the DSP, to search and seizure
on the basis of reasonable doubt that an offence has been committed against this Act.
The width of the powers given leaves it opens for misuse and corruption. The section
is not only allowed for search but also provide the powers of arrest on the basis of
suspicions. Such wide powers regarding cyber crime have not been given to officers of
any other country in the world where Cyber Law is in place. The Act also makes only
limited number of offences as cognizable but the field of cyber law is facing newer
crimes and methods every day.
From the above discussion it is clear that the IT Act 2000 is not the end but only a
beginning to a plethora of legislation that still needs to be formed. It leaves various
issues untouched, some of them relating to intellectual property rights, data protection,
Consumer protection, taxation, etc. These issues are directly related with e-commerce.
No concrete regulations have also been formulated for cross border issues. As these
issues are of immense importance therefore the government decided to review the
Information Technology Act 2000. The result was the Information Technology
Amendment Bill 2006.
4. Amendment to the IT Act 2000
The Government of India proposed major amendments to IT Act 2000 in form of the
Information Technology (Amendment) Bill 2006. The Bill has since been passed in
the Parliament on December 23, 2008. The Bill has been renamed as Information
Technology (Amendment) Bill 2008[30] as it is not the 2006 Bill that has been approved
as it is but a totally different Bill has been approved by the Rajya Sabha and Lok
Sabha. The Bill as passed has many changes from the earlier draft indicated in
the previous paragraph and incorporates the recommendations made by the
Parliamentary Standing Committee. IT (amendment) Bill was signed into an Act {IT
(Amendment) Act 2008} by the President of India on February 5, 2009, through a
Gazette Notification. Government of India is now in the process of framing the rules
which are required under the amendments. On completion of this exercise, the date of
effect of the amendments would be notified.
The IT (Amendment) Act 2008 allows unrestricted monitoring of all electronic
communication, even for non-congnizable offences. The Act even went further than

E-commerce
laws in
India
271

IJLMA
52,4

272

FISA, 1978[31] version of USA. It is alleged that e-surveillance in India is considered

as a substitute for the computer forensics capabilties in India. The cell site data
acquistion issues have also been raised through they are ahead of their time in India.
The amendment adds several new provisions to the existing IT Act 2000 to deal with
new forms of cyber cirmes like publicising sexually explicit material in electronic form,
video voyeurism and breach of confidentiality and leakage of data by intermediary and
e-commerce fraud. The Act also gives the central government power to issue directives
for intercepting, monitoring or decryption of any information through computer.
It enables government to intercept computer communication in any investigation.
However, telephones and letters may be intrercepted only in national interest.
4.1 The Information Technology (Amendment) Act 2008
The IT (Amendment) Act 2008 adds eight offences, five of which are added to the IT
Act 2000 and three to the IPC. The new offences are as follows:
.

section 66 introduces the pre condition of dishonesty and fraud to the current
section 66;

section 66 covers sending of offensive messages;

section 66 B[32] is new section added in the IT Act 2008 and this section cover
theft of computer, laptop, mobile phone and also information. It can also be
extended to theft of digital signals of TV transmission;

section 66 C is also added to the IT Act 2008 and this section covers password
theft which was earlier being covered under the section 66 of IT Act 2000;

section 66 D is again a new section which states that phishing[33] which was
earlier being covered under section 66 of IT Act 2000, will now also cover some
kinds of e-mail related offences including harassment;

section 66E is new section to address voyeurism[34];

section 66F is also a new section to cover cyber terrorism offence; and

section 67 covers child pornography, which was earlier covered under section 66
and provides some clarifications regarding Kamasautra type of literature.

To support the development of the cyber security infrastructure, the amendment has
been made by introducing section 2(nb)[35]. The term Cyber Security incorporates
both the physical security devices as well as the information stored therein. It also
covers protection from unauthorized access, use, disclose, disruption, modification
and destruction. Section 43 A[36] has been introduced to compensate for failure to
protect the data. The newly added section 43 (j) tries to expand the cases where
compensation can be claimed to cases of a person without the permission of the owner
of a computer, computer resource. Under section 67 C[37], a further responsibility has
been cast on intermediaries. Section 72 A has been added to protect data handled
under a contractual arrangement by the companies. This is an important provision
that will pull internet service providers, and management service providers (MSPs)[38]
and others who today think shirk from the responsibility of preserving information,
which would serve as evidence in case of cyber offences. Section 78, now inspectors can
undertake investigations of cyber crime under the Act. This means that it would not
only DSPs who need to be trained in IT Act 2000 but all the inspector of the State.
Privacy issue has been address by adding section 69 A[39] and 69 B[40]. Section 69

extended the scope to issue directions for interception or monitoring or decryption of

any information through the computer resource. Under section 69 B, the government
now will have.
Powers to collect traffic data and also seek online access to information in the
hands of an intermediary. Last but not the least, the IT Act 2008 has made many
significant changes in the prevailing laws of cyber space applicable in India, one of
which is regarded as cyber cafes[41]. Section 85, the company as well as its directors or
officers in charge of the business shall be held guilty of the offence committed by the
company. Thus, the vicarious liability[42] on the companies for data protection has
been hardened. Additionally under section 84 B, abetment is punishable with the same
punishment meant for the offence and under 84 C, attempt is punishable with half the
imprisonment of the offence attempted. These are new provisions, which were not in
the earlier version. At the same time 77 A provides that offences with three years
imprisonment are compoundable and Section 77 B provides that such offences are
cognizable and bailable.
4.2 Critical assessment of IT (Amendment) Act 2008
The IT (Amendment) Act 2008 clearly reflects the dominant political culture of India,
like a lot of Act does. The amendments bill was passed in very hurry on December 22,
2008 along with eight other bills in just 17 min highlighting the lack of debate what
should have been on controversial law. By contrast, in the USA, there is huge public
outcry and media attention given to any laws that are being considered that might
infringe upon the privacy of its citizens through mass surveillance as typified by the
NSA warrant-less surveillance controversy[43].
The IT Act 2008 can be criticized at several points. First, currently, the IT Act 2000
has provided the punishment for various cyber offences ranging from three to ten years.
These are non-bailable offences where the accused is not entitled to bail as a matter of
right. But, the IT Act 2008 has reduced the quantum of punishment. For example, section
67 has reduced the quantum of punishment from existing five to three years. Similarly,
the amount of punishment for the offence of failure to comply with the directions of the
CCA is reduced from three to two years. Further, the offence of hacking as defined under
section 66 of IT Act 2000 has been completely deleted. The cutting of certain elements of
the effects of hacking under the existing section 66 and putting the same under the
section 43 make no legal or pragmatic sense. Second, some provisions in the IT Act 2008
hold the IP address owner responsible for the actions performed in that computer. Even
if someone else downloads adult content, prima facie the owner of the IP address will be
responsible. Holding a person responsible for the things, which he/she has not done,
would not justify. The amendment does not seem to be practically possible. Third, the IT
Act 2008 does not address the jurisdictional issues. At a time when the internet has made
geography history, it was expected that the new amendments would throw far more
clarity on complicated issues pertaining to jurisdiction. This is because numerous
activities on the internet take place in different jurisdictions and that there is need for
enabling the Indian authorities to assume enabling jurisdiction over data and
information impacting India, in a more comprehensive way than in manner as sketchily
provided under the current law. Fourth, the IT Act 2008 does not really bring about much
of a change with respect to encryption, except for expanding the scope of the
governments power to order decryption. While earlier, under section 69, the Controller
had powers to order decryption for certain purposes and order subscribers to aid in
doing so (with a sentence of up to seven years upon non-compliance), now the

E-commerce
laws in
India
273

IJLMA
52,4

274

government may even call upon intermediaries to help it with decryption (Section.69 (3)).
Additionally, section 118 of the Indian Penal Code has been amended to recognize the use
of encryption[44] as a possible means of concealment of a design to commit [an] offence
punishable with death or imprisonment for life. Fifth, cheating by personation is not
defined, and it is not clear whether it refers to cheating as referred to under the Indian
Penal Code as conducted by communication devices, or whether it is creating a new
category of offence. In the latter case, it is not at all clear whether a restricted meaning
will be given to those words by the court such that only cases of phishing are penalized,
or whether other forms of anonymous communications or other kinds of disputes in
virtual worlds (like Second Life) will be brought under the meaning of personation and
cheating. Sixth, another problem is that the word transmit has only been defined for
section 66E. The phrase causes to be transmitted is used in sections 67, 67A and 67B.
That phrase, on the face of it, would include the recipient who initiates a transmission
along with the person from whose server the data is sent. While in India, traditionally the
person charged with obscenity is the person who produces and distributes the obscene
material, and not the consumer of such material. This new amendment might prove to be
a change in that position. Seventh, it is heartening to see that the section on child
pornography (section 67B) has been drafted with some degree of care. It talks only of
sexualized representations of actual children, and does not include fantasy play-acting
by adults, etc. From a plain reading of the section, it is unclear whether drawings
depicting children will also be deemed an offence under the section. Unfortunately, the
section covers everyone who performs the conducts outlined in the section, including
minors. A slight awkwardness is created by the age of children being defined in the
explanation to section 67B as older than the age of sexual consent. So a person who is
capable of having sex legally may not record such activity (even for private purposes)
until he or she turns 18.
It is also very strange about the IT Act 2008 that browsing or downloading
pornography on the internet even accidentally/unknowingly/unintentionally may send
anyone behind the bars for five years with a fine that may go up to Rs 10 lakhs, and the
term raised to seven years on second conviction. One of the most alarming aspects of
the Act is that it fails to put in place a safeguard mechanism that can prevent the state
from misusing this Act. Because the Act states that safeguards would be stipulated at a
later date, it would clamp down on civil liberties right away. The Act only says that
safeguards will be stipulated at a later date, which is clearly insufficient. Last but not
the least, IT Act 2008 is silent on the important issues like e-taxation, e-payment and
consumer protection.
5. Concluding remarks
Legal framework is necessary for the growth and development of new technologies like
e-commerce. As e-commerce has raised several legal issues, it has become important for
every nation to have e-commerce laws. In India, Information Technology Act deals with
the various issues related to e-commerce. In fact, the Act was passed to regulate the
activities related to e-commerce, e-governance and cyber offences. The Act has been
amended in 2008. When the Indian government thought of amending the IT Act 2000, ecommerce players and Indian IT industries including BPO thought that they would get a
improved version of IT Act 2008 that would address the problems of data theft, consumer
protection, security and privacy, spam, e-taxation and e-payment mechanisms, etc. A
Law that would prevent abuse by the Police as well as the executive. A Law that
addresses the issues arising out of Cyber Terrorism, Cyber Squatting, etc if they had

been omitted to be included earlier. But, the government has come with a legislation that
would reduced the punishment in most cases, reduces the power of police, providing
compounding at executive level even for criminal offences without consent of the victim,
makes it difficult to apply penal provisions, provides immunity from vicarious liabilities
for intermediaries against any law in the country. Further, according to amended Act
majority of the cyber crimes shall be bailable. Thus, the expectations of the nation for
effectively tackling cyber crime and stringently punishing cyber criminals have all been
let down by the extremely liberal amendments, given their soft corner and indulgence for
cyber criminals. It is also clear that the Act is much to regulate the cyber offences and egovernance activities not e-commerce activities as various issues related to e-commerce
has not been touched in the IT (Amendment) Act 2008. The Act does not create rebuttal
presumptions of confidentiality of trade secrets and information. In the absence of strong
protection of data theft and privacy nothing is left for Indian outsourcing industry.
Absence of an effective remedy for corporations is likely to further erode the confidence
of the Indian industries in the new e-commerce legal regime.
Weak and outdate regulations and weak enforcement mechanisms for protecting
networked information create an inhospitable environment in which to conduct ecommerce within a country and across the national boundaries. Inadequate legal
protection of digital information can create barriers to its exchange and stunt the
growth of e-commerce. As business expands globally, the need for strong and
consistent means to protect networked information will grow. E-commerce cannot be
implemented successfully within the present mental set up of government of India.
Indian government must appreciate that for safe and secure business environment on
the cyberspace, a sound legal framework is needed. The present IT Act is weak on
various fronts and in the absence of sound legal framework e-commerce cannot create a
success story in India. Therefore, there is strong need to introduce separate law for
e-commerce in India as the existing laws are incapable to deal with the various issues
and emerging problems in the age of e-commerce.
Notes
1. Electronic commerce (popularly know as e-commerce) is a subset of e-business, is the
purchasing, selling, and exchanging of goods and services over computer networks (such
as the internet) through which transactions or terms of sale are performed electronically.
Contrary to popular belief, e-commerce is not just on the web. In fact, e-commerce was
alive and well in business-to-business transactions before the web back in the 1970s via
EDI (electronic data interchange) through VANs (value-added networks). E-commerce
can be broken into four main categories: B2B, B2C, C2B and C2C.
2. India TV has won an internet domain case against a US-based firm with the Delhi
High Court restraining the latter from using a web address to broadcast Indian TV
programmes in its original form. In its petition, India TV had alleged that the internet
domain, indiatvlive.com, used by the US-based India Broadcast Live, was similar to its
trademark and that the plaintiffs had no legitimate right over the domain name. In an
interim order delivered by Justice S.K. Kaul in January, the US-based firm was
restrained from using any domain name containing the words India TV as also barred
from transferring the rights to any other entity. Now, in the final order this month, even
though the court has permitted the defendants to use the domain name, it has
nevertheless required a disclaimer to be placed prominently next to the logo of
Indiatvlive.com. The court said the disclaimer should read: The website has no
connection, affiliation or association whatsoever with India TV, the Indian Hindi news
and current affairs television channel. However, the defendants shifted to another

E-commerce
laws in
India
275

IJLMA
52,4

276

domain name indiabroadcastlive.com and the court has taken cognisance of the same.
The court observed that when the impugned domain name is typed, a redirection notice
says the website is not operational due to interim orders passed and visitors are
automatically redirected to indiabroadcastlive.com. Thus, the respondents have
rectified the position, Justice Kaul said in his order and added: In view of the
aforesaid, I do not deem it appropriate to proceed further with the petition and the
petition stands cancelled. The court also disallowed the defendants from proceeding
against India TV with a suit filed in the district courts in Arizona.
3. Briefly, the following issues arise for consideration:
.
Traditional source concepts were based on a strong connection between economic
activity and a specific location. Traditional residency concepts were based on
parameters such as personal and economic relations, physical presence and place of
effective control. These concepts were used as effective tools in allocating taxing
rights between various countries. As technological changes weaken the physical
nexus of business with a specific geographical point, what are the implications for
this concept? With whom lies the jurisdiction to tax?
.
A related issue is the constitution of a permanent establishment (PE). Are the
traditional principles of PE valid in the determination of the jurisdiction to tax? Can a
server or a server space constitute a PE for tax purposes?
.
How can income from transfer of technology over the internet be characterized? Does
it constitute business profits or royalties? Is there is an erosion of source taxation?
.
How can new technologies be used to improve the administration of taxes by
checking problems of tax evasion, identifications and audit trails of the transactions
and providing better services to taxpayers?
.
What would be the transfer pricing issues arising out of EC transactions?
.
What are the issues arising in relation to value added tax?
4. The Cyber Crime Investigation Cell (CCIC) of the Mumbai Police is currently conducting
investigations in a case of possible corporate data theft, in which a former employee of
a leading IT company illegally logged into the firms data network and stole sensitive
information by sending data files to his personal e-mail address. The company, which
provides market research, data collection, analytics and online marketing services to
global clients, has approached the police with a complaint that the suspected data thief is
about to join a rival company in Chennai, armed with sensitive information belonging to
his former employers.
5. Indian hackers always thought they were too sophisticated to fall into the hands of the
rough cops in this country, whom various human rights groups routinely accuse of
brutality. But that feeling evaporated after one of the four people arrested recently in
connection with a hacking incident accused Mumbai police of breaking his hand
during interrogation.
6. India ranked first for viruses and worms and second for Trojans and back doors,
which likely contributed to its high ranking in the Symantec metric that assesses the
countries or regions in which the most malicious activity takes place or originates.
China ranked first for aggregate malicious activity within the APJ region in 2008, as it
did in 2007. India increased its proportion of activity in almost every category, though
its rankings remained mostly constant. A factor that explains the prominence of India
in this metric is that internet cafes are still the most popular venue for its citizens to
access the internet, with 37 percent of the population using this method to go online.
7. The Delhi Police has recently registered Indias First Case of Cyberstalking. One Mrs.
Ritu Kohli complained to the police against the person who was using her identity to
chat over the internet at the website www.mirc.com, mostly in the Delhi channel for
four consecutive days. Mrs Kohli further complained that the person was chatting on

8.

9.
10.

11.

12.

13.

14.

15.

the net, using her name and giving her address and was talking obscene language. The
same person was also deliberately giving her telephone number to other chatters
encouraging them to call Ritu Kohli at odd hours. Consequently, Mrs Kohli received
almost 40 calls in three days mostly at odd hours from as far away as Kuwait, Cochin,
Bombay and Ahmedabad. The said calls created havoc in the personal life and mental
peace of Ritu Kohli who decided to report the matter.
In a case, the Minnesota Attorney General brought suit under the state consumer
protection statute alleging that the defendant, a Nevada resident, was liable for deceptive
trade practices, false advertising and consumer fraud on the internet by advertising that
gambling on the internet is legal even though the specific on-line gambling service
associated with the defendant was not yet operational. While the decision is limited to
the defendants unsuccessful argument that, as a Nevada resident, he was not subject to
personal jurisdiction by the Minnesota courts, it illustrates the extent to which consumer
protection laws are being used by the states to prosecute fraud even prospective fraud
on the internet. On October 31, 1998 the Minnesota Supreme Court agreed to review the
case. Minnesota vs Granite Gate Resorts, Inc., 569 N.W.2d 715(Mn. App. Ct. 1997).
E-commerce laws apply not only to websites, which are used for buying and selling
goods and services, but also to variety of information society services.
The Ministry of Commerce Government of India created the first draft of the legislation
following the UNO termed as E-Commerce Act, 1998. After the formation of a
separate ministry of Information Technology, the draft was taken over by the new
ministry which re-drafted the legislation as Information Technology Bill 1999. The
draft was placed in the Parliament in December 1999. The Act came into effect
following the clearance of the Information Technology Bill in May 2000 by both house
of the Parliament. The bill received the assent of the President of India in August 2000.
A lot of countries and organizations hurried to put into place a specific set of rules to
govern the e-commerce transactions, like the UN (United Nations), WTO (World Trade
Organisation) and the European Union, and individual countries. France issued its ecommerce law in 2000, the US issued its e-commerce law in 2001, Italy enacted its very
abbreviated and general e-commerce law in 1999 and Luxemburg in 2000. In the Arab
world, there are some countries which issued e-commerce laws in the past few years such
as Tunisia, which was the first Arab country to issue an e-commerce law in 2000, and
Jordan issued e-commerce law in 2001 and the Emirate of Dubai issued its code in 2002.
The purpose of the Model Law is to offer national legislators a set of internationally
acceptable rules to provide increased certainty as to the legal effect or validity of
electronic messages, and to create a more secure legal environment for e-commerce.
The Model Law also provides principles for parties engaged in e-commerce to follow in
drafting contracts.
Electronic records are defined in the ITAct U/s 2(1)(t) as electronic record means date,
record or data generated, image or sound stored, received or sent in an electronic form
or microfilm or computer generated microfiche.
The Act makes numerous amendments to the Indian Panel Code. By the virtue of
section 91 of the IT Act, the amendments to the IPC, as described in the first schedule
of the IT Act, take effect. Most of these amendments are in the nature of recognizing the
validity of electronic documents and electronic signatures. The Act amends existing
IPC offences such that these offices will also be punishable if committed with regard to
the electronic counterparts.
The key provision that are showed t be made in Indian Evidence Act relate to widening
of the scope of term document to include electronic records. Most important, section
65 B recognizes admissibility of computer outputs in media, paper, and optical or
magnetic form. There are detailed provisions related to admissibility of computer
output as evidence. New Section 73 (A) prescribes procedures for verification of digital

E-commerce
laws in
India
277

IJLMA
52,4
16.
17.

278

18.

19.

20.

21.

22.

signatures. New sections 85 (A) and 85 (B) create presumption as regards electronic
contracts, electronic records and digital signatures, digital signatures certificates and
electronic messages.
The Bankers Book Evidence Act has been amended in the manner specified in the
third schedule of the Act (Section 93).
The Reserve Bank of India Act has been amended in the manner specified in the fourth
schedule of the Act (Section 94).
Section 4 of the Act states that when under any particular law, if any information is to
be provided in writing or typewritten or printed form, then notwithstanding that law,
the same information can be provided in electronic form, which can also be accessed
for any future reference. This non-obstante provision will make it possible to enter into
legally binding contracts on-line.
Section 5 provides that when any information or other matter needs to be authenticated
by the signature of a person, the same can be authenticated by means of the digital
signature affixed in a manner prescribed by the Central Government. Under Section 10,
the Central Government has powers to make rules prescribing the type of digital
signature, the manner in which it shall be affixed, the procedure to identify the person
affixing the signature, the maintenance of integrity, security and confidentiality of
electronic records or payments and rules regarding any other appropriate matters.
The digital signature with the subscriber has two parts. The first part is the private
key and the latter is the public key. A person can certify a document only by using
a combination of the two parts. Any other person can view the document using the
public key by any attempt to alter will result in it being rendered useless.
The definition the provided in IT Act 2000 for the Section 66 offence, which is called
hacking, is unique since it is distinct from definitions used in other International laws
for defining an offence of somewhat similar nature. It also recognizes diminishing of
value and injurious effect of the information residing inside a computer. Of course
it also mentions the more obvious destruction, deletion and alteration. Whoever
with the intent to cause or knowing that he is likely to cause wrongful loss or damage to
the public or any person, destroys or deletes or alters any information residing in a
computer resource or diminishes its value or utility or affects it injuriously by any means,
commits hacking. Whoever commits hacking shall be punished with imprisonment up to
three years, or with fine, which may extend up to two lakh rupees, or with both.
Save as otherwise provided in this Act or any other law for the time being in force, any
person who, in pursuance of any of the powers conferred under this Act, rules or
regulations made there under, has secured access to any electronic record, book, register,
correspondence, information, document or other material without the consent of the
person concerned discloses such electronic record, book, register, correspondence,
information, document or other material to any other person shall be punished with
imprisonment for a term which may extend to two years, or with fine which may extend
to one lakh rupees, or with both. The aforesaid section has a limited application only. It
confines itself to the acts and omissions of those persons, who have been conferred
powers under this Act, Rules or Regulation made there under Section 72 of the Act
relates to any person who in pursuance of any of the powers conferred by the Act or its
allied rules and regulations has secured access to any: first, electronic record; second,
book; third, register; fourth, correspondence; fifth, information; sixth, document; or
seventh, other material. If such person discloses such electronic record, book, register,
correspondence, information, document or other material to any other person, he will be
punished with imprisonment for a term, which may extend to two years, or with fine,
which may extend to two years, or with fine, which may extend to one lakh rupees, or
with both.

23. In 2002, a person was convicted for a credit card fraud. It was the nations first cyber
conviction through the CBI (Central Bureau of Investigation), though the Act was not
invoked, and the man was convicted under section 418, 419 and 420 of IPC.
24. In a recent case of a video of a Noida girl doing striptease that has been making rounds on
the internet. The video was distributed widely through the net apparently after her
estranged boyfriend released it. Both are B-school students and now the police has
registered a case under section 506 and 507 (threat to murder) of the IPC since the victims
family has not complained about the MMS scandal. Why was the case not registered
under the IT Act? The police version is that no complaint was made about the MMS,
another fact is that the police felt that the provisions of the Act are not strong enough.
25. For example the Act is unclear as to the qualifications of an adjudicating officer and the
manner in which he shall adjudicate. Moreover, though the statute is supposedly a
long arm statute, it does not indicate the powers of the adjudicating officers when a
person commits a cyber crime or violates any provisions of the law from outside India.
Several practical difficulties may also arise in importing the cyber criminal to India.
The Act does not lay down any provisions whereby extradition treaties can be formed
with countries where the cyber criminal is located. Therefore, the extra-territorial scope
of the Act may be difficult to achieve. Furthermore, the powers to impose a penalty for
a computer crime upto Rs 1 crore offers a large discretion to adjudicating officers and
may turn out to be harmful.
26. Network service provider not to be liable in the certain cases: For the removal of
doubts, it is hereby declared that no person providing any service as a (NSP) shall be
liable under this Act, rules or regulations made there under for any third party
information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he had exercised all due
diligence to prevent the commission of such offence or contravention.
27. Section 69 of the Act empowers the Controller of Certifying Authority to order the
interception of electronic information transmitted through any computer system in
India. This explains the legal position of e-surveillance and website blocking powers of
India as per the provisions of IT Act 2000. A logical question that arises is what will
happen if the State exceeds it powers of blocking of web sites or e-surveillance.
28. A domain name is an identification label to define a realm of administrative autonomy,
authority, or control in the internet, based on the domain name system (DNS). Domain
names are used in various networking contexts and application-specific naming and
addressing purposes. A prominent example are the top-level internet domains (TLDs)
com, net and org. Below these top-level domains in the DNS hierarchy are the secondlevel and third-level domain names that are open for reservation and registration by endusers that wish to connect local area networks to the internet, run web sites, or create
other publicly accessible internet resources. The registration of these domain names is
usually administered by the domain name registrar, who sell their services to the public.
29. Regulation of intellectual property rights, particularly copyright on the internet is an
ever-growing problem. The Act does not discuss the implications of any copyright
violations over the net. It has no provisions to penalize copyright infringers, commonly
known as pirates, for their activities over the net. Internet piracy is a major problem
has not been tackled by this Act. No amendments have been proposed to the Copyright
Act of India.
30. In the Indian context till a Bill is finally notified by the Executive, it remains a Bill only.
Thus, till the government of India notifies it, the old Information Technology Act 2000
would govern the Indian cyber law.
31. The Foreign Intelligence Surveillance Act (FISA) was first enacted in 1978 (Public Law
95-511) and later amended by the Patriot Act. It is at the center of the controversy
concerning domestic spying by the NSA. It was passed after revelations of massive

E-commerce
laws in
India
279

IJLMA
52,4
32.

280

33.

34.

35.

36.

37.

38.

39.
40.
41.

42.

domestic spying abuses by the FBI, CIA and NSA were documented in reports issued
by the Church Committee in the 1970s. In 1972, the United States Supreme Court had
reviewed some of those abuses and declared that warrantless wiretaps of domestic
groups for national security reasons were a violation of the Fourth Amendment. United
States vs United States District Court (Keith), 407 US 297 (1972).
Under this section, receiving a stolen computer, or a mobile or even a CD, or an e-mail
containing stolen information may be punishable with three years of imprisonment.
Phishing means sending an e-mail that falsely claims to be a particular enterprise and
asking for sensitive financial information. Phishing, thus, is an attempt to scam the user into
surrendering private information that will then be used by the scammer for his own benefit.
Phishing uses spoofed e-mails and fraudulent web sites that look very similar to the real
ones, thus fooling the recipients into giving out their personal data. Most phishing attacks
ask for credit card numbers, account usernames and passwords. According to statistics
phishers are able to convince up to five percent of the recipients who respond to them.
Voyeurism is a psychosexual disorder in which a person derives sexual pleasure and
gratification from looking at the naked bodies and genital organs or observing the sexual
acts of others. The voyeur is usually hidden from view of others. Voyeurism is a form of
paraphilia. A variant form of voyeurism involves listening to erotic conversations. This is
commonly referred to as telephone sex, although it is usually considered voyeurism
primarily in the instance of listening to unsuspecting persons.
Cyber security means protecting information, equipment, devices, computer, computer
resources, communication from unauthorized access, use, disclosure, disruption,
modification and destruction.
Important to note that the limit for compensation which was Rs 1 crore under section
43 of IT Act 2000 has been removed. In other words, now there is no upper limit for
damages that can be claimed.
Intermediary shall preserve and retain such information as may be specified for such
duration and in such manner and format as the Central Govt. prescribed. Further, any
intermediary who intentionally or knowingly contravenes the provision of sub section
(1) shall be punished with an imprisonment for a term, which may extend to three
years and shall also be liable to fine.
MSPs operate wireless networks on behalf of their clients usually large organizations
that outsource key helpdesk or network operations functions to the MSP. The MSPs
employees may work in a centralized Network Operations Center or onsite at the
clients premises. In either case, the MSP needs a comprehensive, scalable and flexible
management solution that can be used across multiple customer engagements.
Power to issue directions for blocking for public access of any information through any
computer resource.
Power to authorize to monitor and collect traffic data or information through any
computer resource for cyber security.
According to Section 2 (na) of IT Act 2008, cyber cafe means any facility from where
access to the internet is offered by any person in the ordinary course of business to the
members of public.
Vicarious liability is a form of strict, secondary liability that arises under the common
law doctrine respondeat superior the responsibility of the superior for the acts of
their subordinate, or, in a broader sense, the responsibility of any third party that had
the right, ability or duty to control the activities of a violator. It can be distinguished
from contributory liability, another form of secondary liability, which is rooted in the
tort theory of enterprise liability.

43. The NSA warrantless surveillance controversy concerns surveillance of persons within
the United States incident to the collection of foreign intelligence by the USA National
Security Agency (NSA) allegedly as part of the war on terror. Under this program,
referred to by the Bush administration as the terrorist surveillance program, the NSA is
authorized by executive order to monitor, without warrants, phone calls, e-mails, internet
activity, and text messaging, and other communication involving any party believed by
the NSA to be outside the USA, even if the other end of the communication lies within
the USA. The exact scope of the program is not known, but the NSA is or was provided
total, unsupervised access to all fiber-optic communications going between some of the
nations major telecommunication companies major interconnect locations, including
phone conversations, email, web browsing and corporate private network traffic.
44. The translation of data into a secret code. Encryption is the most effective way to
achieve data security. To read an encrypted file, you must have access to a secret key
or password that enables you to decrypt it. Unencrypted data are called plain text;
encrypted data are referred to as cipher text. There are two main types of encryption:
asymmetric encryption (also called public-key encryption) and symmetric encryption.
References
Anderson, E., Day, G.S. and Rangan, V.K. (1997), Strategic channel design, Sloan Management
Review, Vol. 38 No. 4, pp. 59-69.
Bakos, J.Y. (1991), A strategic analysis of electronic marketplaces, MIS Quarterly, Vol. 15 No. 3,
pp. 295-310.
Basu, S. and Jones, R. (2002), Legal issues affecting e-commerce: a review of Indian Information
Technology Act, 2000, paper presented at the 17th BILETA Annual Conference, 5-6 April,
Free University, Amsterdam.
Benjamin, R. and Wigand, R. (1995), Electronic markets and virtual value chains on the
information superhighway, Sloan Management Review, Vol. 36 No. 2, pp. 62-72.
Christersen, C.M., Suarez, F.F. and Utterback, J.M. (1998), Strategies for survival in fast-changing
industries, Management Science, Vol. 44 No. 12, pp. S207-20.
CII (2001), E-commerce in India: how to make it happen?, Report of the CII National Committee
on e-commerce 2000-2001, Confederation of Indian Industry.
Dutta, S. (2003), Impact of information communication technology on society, Yojana, Vol. 47
No. 2, p. 24.
Gallaugher, J. (2002), E-commerce and the undulating distribution channel, Communications of
the Association for Computing Machinery, Vol. 45 No. 7, pp. 89-95.
Kaur, K. (2005), Consumer protection in e-commerce in Malaysia: an overview, UNEAC Asia
Papers, No. 10.
Khatibi, A., Thyagarajan, V. and Seetharaman (2003), E-commerce in Malaysia: perceived
benefits and barriers, Vikalpa, Vol. 28 No. 3, pp. 77-81.
Kuhn, P. and Skuterud, M. (2000), Internet and traditional job search methods, 1994-1999, paper
presented to the IRPP and CERF Conference on Creating Canadas Advantages in an
Information Age, May.
Light, D.A. (2001), Sure, you can trust us, MIT Sloan Management Review, Vol. 43 No. 1, p. 17.
Mitnick, K.D. and William, L.S. (2002), The Art of Deception: Controlling the Human Element of
Security, John Wiley and Sons, New York, NY.
Neuman, B.C. and Genyady, M. (1998), Internet payment services, in McKnight, L.W. and
Bailey, J.P. (Eds), Internet Economics, MIT Press, Cambridge, MA, pp. 401-16.
Nicholas, R. and Jerry, F. (2002), Electronic customer relationship management: an assessment of
research, International Journal of Electronic Commerce, Vol. 6 No. 3, pp. 59-111.

E-commerce
laws in
India
281

IJLMA
52,4

282

Pastor, R.S. and Alessandro, V. (2004), Evolution and Structure of the Internet: A Statistical
Physics Approach, Cambridge University Press, Cambridge.
Poon, S. (2000), Business environment and internet commerce benefits: a small business
perspective, Journal of Information System, Vol. 9, pp. 7-81.
Rastogi, R. (2002), Country Report on E-Commerce Initiatives, available at: www.unescap.org/tid/
publication/part_three2261_ind.pdf (accessed 4 June 2008).
Shapiro, C. and Varian, H. (1999), Information Rules: A Strategic Guide to the Networked
Economy, Harvard Business School Press, Boston, MA.
Sumanjeet (2002), Cyber laws in need of upgrade, Indian Business Law Journal, Vol. 1 No. 2,
pp. 27-9.
Sumanjeet (2005), E-CRM building the loyal customers in the age of electronic commerce,
Pakistan Management Review, Vol. XLII No. 3, pp. 45-54.
Sumanjeet (2008a), Electronic commerce in India: the evolution of revolution, E-Business, July.
Sumanjeet (2008b), Impact of e-commerce on economic models: little to lose; more to gain,
International Journal of Trade and Global Markets, Vol. 1 No. 3, pp. 319-37.
Sumanjeet (2010), Digital divide in India: measurement, determinants and policy for addressing
the challenges of digital divide, International Journal of Innovation and Digital Economy
(accepted for publication, forthcoming issue).
Timmers, P. (1999), Electronic Commerce: Strategy and Models for Business-to-Business Trading,
John Wiley, Chichester.
Verma, Y. (2001), Broadband: the brakes are on, Dataquest (India), 15 May.
Zhu, K., Kenneth, L.K. and Xu, S. (2002), A cross-country study of electronic business adoption
using the technology-organization-environment framework, paper presented at the ICIS
Conference, Barcelona, 15-18 December.
Corresponding author
Dr Sumanjeet can be contacted at: sumanjeetsingh@gmail.com

To purchase reprints of this article please e-mail: reprints@emeraldinsight.com

Or visit our web site for further details: www.emeraldinsight.com/reprints

Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.