The ICFAI University,

Dehradun

Report
On

CYBER LAW - A Way Ahead

Summer Internship Program

by

AKASH KUMAR SINHA

1
 1205C0009
B.B.A LLB (Hons.)

A REPORT

ON

CYBER LAW – A Way Ahead

BY

AKASH KUMAR SINHA 1205C0009

Prepared in partial fulfillment

of the
Summer Internship Program

Under

The ICFAI University, Dehradun

Faculty of Law
(1 May 2017 to 1st June 2017)
st

Distribution list:

- Prof. Mr. H M Mittal (Faculty Guide)

2
- Asst. Prof. Monika kharola (Project Guide)

ACKNOWLEDEGEMENT

I would like to express my gratitude and appreciation to Hon’ble Dean Sir, H M Mittal, my
faculty guide and my project guide whose help, suggestions and encouragement, motivated me to
complete my project and especially in writing this report.

I would like to express my sincere thanks and heart full gratitude to Hon’ble Dean Sir, H M
Mittal my faculty guide for the project for his immense support & guidance whenever needed
during the course of my training.

I would also like to extend my gratitude to Asst. Prof. Mrs. Monika Mam, my project guide for
helping me in the successful completion of the project.

Finally, yet importantly, I would like to express my heart full thanks to my beloved parents for
their blessings, my friends for their help and wishes for the successful completion of this project.

3
 Table of Contents
1.................................................................................................................................................. ABSTRACT
........................................................................................................................................................................................... 6
2......................................................................................................................................... INTRODUCTION
........................................................................................................................................................................................... 7
3........................................................................................................................... ORIGIN OF CYBER LAW
........................................................................................................................................................................................... 9
4............................................................................................................................... NEED OF CYBER LAW
........................................................................................................................................................................................ 10
4.1 Information technology law........................................................................................................................ 10
5............................................................................. UNITED NATIONS DEFINITION OF CYBER CRIME
........................................................................................................................................................................................ 11
6............................................................................................................................... CYBER LAW IN INDIA
........................................................................................................................................................................................ 12
6.1 Jurisprudence of Indian Cyber Law......................................................................................................... 12
7................................................................................................................. ADVANTAGE OF CYBER LAW
........................................................................................................................................................................................ 15
8............................................................... TWO SIDES OF INDIAN CYBER LAW OR IT ACT OF INDIA
........................................................................................................................................................................................ 16
The IT Law 2000, though appears to be self sufficient, it takes mixed stand when it comes to
many practical situations. It looses its certainty at many places like:..............................................17
9....................................................................................................................... PRACTICAL CHALLENGES
........................................................................................................................................................................................ 19
9.1 Need to enact new laws................................................................................................................................ 20
9.2 Need for new laws on.................................................................................................................................... 20
10........................................................................................................................................... CYBER SPACE
21
11.......................................................................................................................................... CYBER CRIME
22

4
11.1 Types of cyber crime................................................................................................................................... 23
12................................................................................................. PUBLISHING CYBER PORNOGRAPHY
24
13............................................................................................ LEGAL POSITION AROUND THE GLOBE
25
1. Position in U.K..................................................................................................................................................... 25
2. Position in U.S...................................................................................................................................................... 26
14.......................................................................................... INFORMATION TECHNOLOGY ACT 2000
27
Overview.................................................................................................................................................................... 27
Strength & Shortcoming....................................................................................................................................... 28
15.. .CYBER EVIDENCE COLLECTION: MAJOR CHALLENGE TO LAW ENFORCEMENT IN INDIA
29
16................................................................................................................................. CYBER LAW CASES
32
Case 1: Tessera, Inc. v. Int’l Trade Comm’n, 2010-1176 (Fed. Cir. May 23, 2011)......................32
17. SOME INDIAN CASE STUDIES.................................................................................................................... 34
Case 1. Ritu Kohli Case.......................................................................................................................................... 34
Case 2. Pune Citibank MphasiS Call Center Fraud..................................................................................... 34
Case 3. Parliament Attack Case......................................................................................................................... 35
Case 4. Andhra Pradesh Tax Case..................................................................................................................... 35
18........................................................................................................................................... CONCLUSION
36
19........................................................................................................................................... REFERENCES
37

5
 1. ABSTRACT

This report is about the cyber law. Cyber law is a new phenomenon which emerged much
after the onset of Internet. Internet grew in a completely unplanned and unregulated
manner. Even the inventors of Internet could not have really anticipated the scope and far
reaching consequences of cyberspace. The growth rate of cyberspace has been enormous.
Internet is growing rapidly and with the population of Internet doubling roughly every 100
days, Cyberspace is becoming the new preferred environment of the world. The growth of
Cyberspace has resulted in the development of a new and highly specialized branch of law
called cyber laws- laws of the internet and the World Wide Web. Cyber laws are meant to set
the definite pattern, some rules and guidelines that defined certain business activities going
on through internet legal and certain illegal and hence punishable. Cyber law is a term used
to describe the legal issues related to use of communications technology, particularly
"cyberspace", i.e. the Internet. It is less a distinct field of law in the way that property or
contract are, as it is an intersection of many legal fields, including intellectual property,
privacy, freedom of expression, and jurisdiction. In essence, cyber law is an attempt to apply
laws designed for the physical world to human activity on the Internet. Jurisdiction and
sovereignty issues of jurisdiction and sovereignty have quickly come to the force in the era
of the Internet. The Internet does not tend to make geographical and jurisdictional
boundaries clear, but Internet users remain in physical jurisdictions and are subject to laws
independent of their presence on the Internet. The primary source of cyber law in India is
the Information Technology Act, 2000 (herein after referred to Information Technology
Act) which came into force on date 17 th October 2000. The primary purpose of the
Information Technology Act is to provide legal recognition to electronic commerce and to
facilitate filing of electronic records with the Government. The Information Technology Act
also penalizes various cyber crimes and provides strict punishments. (Imprisonment terms
up to 10 years and compensation up to crores of rupees).

This report is an attempt to highlight expertise and experiments in few significant areas of
existing categories of laws to the evasion of communications and transactions in the

6
cyberspace either by way of amending the existing laws or by way of creating new
legislations.

2. INTRODUCTION

Success in any field of human activity leads to crime that needs mechanisms to control it. Legal
provisions should provide assurance to users, empowerment to law enforcement agencies and
deterrence to criminals. The law is as stringent as its enforcement. Crime is no longer limited to
space, time or a group of people. Cyber space creates moral, civil and criminal wrongs. It has now
given a new way to express criminal tendencies. Back in 1990, less than 100,000 people were able
to log on to the Internet world wide. Now around 500 million people are hooked up to surf the net
around the globe. Advent of technology not only widens scientific horizon but also poses constant
challenges for the jurisprudence, legal system and legal world as a whole. Computer, internet, and
cyber space – together known as information technology – present challenge for the law. The
courts throughout the world have been dealing with these problems or dealing with the
information technology is termed as ‘computer laws’ or ‘information technology laws or cyber
laws. A computer is a electronic machine that accepts data and instructions as input, allows it to
be stored and manipulated; and processes (computes) the data at high speed and gives
information / data as output (result). Thus computer is material medium. Internet is not a physical
or tangible entity, but rather a giant networks, which interconnects innumerable smaller groups of
linked computer networks. There is no centralized storage location. Control point, or
communications channel for the internet, and it would not be technically feasible for the single
entity to control all of the information conveyed on the internet. Thus internet is a virtual medium.
Cyber space is a virtual location. Anyone with assess to the internet may take advantage of vide
variety of communication and information retrieval methods. These methods are constantly
evolving and difficult to categorized precisely. But the presently constituted and most relevant are
electronic mail (“e-mail”), automatic mailing list services (“mail exploder”, sometimes referred to
a “listservs”), newsgroups, chat rooms and the “world wide web”. All these methods can be used
to transmit ext; most can transmit sound, picture, and moving video images. Taken together, these
tools constitute a unique medium- known to its users as ‘cyberspace’ – located in no particular
geographical location but available to anyone. Anywhere in the world, with the access to internet.

7
Computer is a material medium; internet is a virtual medium; cyberspace is a virtual location for
electronic activities. The offences are committed in cyberspace with the help of internet and
computer. Cyber laws are therefore those laws, which have been adapted or reinterpreted to
govern and apply to transactions or interactions in cyberspace. Cyber law also cover those special
enactments, which are specially design to govern or apply to cyberspace for example information
technology legislations enacted in different countries including information technology act, 2000,
enacted by government of India or uniform electronic transaction act recently approved in the US
for adoption by the various us states. Cyber Space Law Right now there is a very interesting war
being waged in the court rooms across America. It is a battle for the rights of citizens on the
Internet. The Internet is a fairly new medium gaining wide popularity in 1994. Because of it's
incredible growth in popularity in a very short amount of time it has been hard to regulate. The
first act to come out regarding the Internet and Freedom of Speech was PL 99-508 the
Electronic Communications and Privacy Act of 1986 . This act consisted of two parts, title I
and title II. Title I - Interception of Communications and Related Matters. Basically takes the
existing laws and updates them to include computers. Where before it was illegal to intercept
private telephone calls, it now says it is illegal to intercept private computer transmissions. It also
includes a provision to make it legal to intercept public radio transmissions like it is with public
radio programs. It also allows Internet Service Providers to keep a log of who called and their
activity on-line to protect themselves. Title II - Stored Wire and Electronic Communications and
Transactional Records Access. This provision adds sections to Title 18 of the United States Code
(USC). In section 2701 - Unlawful Access to Stored Communications. It makes it a federal offense
to hack into a computer system.
Crux of the issues relating to cyber law lies in the exercise and experiments and the drill to be
employed by the system of administration of justice to the issues relating to evasion of
transactions. Web communication and relationships in the cyberspace with the help of legal
concepts, legal system and existing legal framework which is applicable to the transactions.
Communications and relationships in the material world in which we live day to day.

8
 3. ORIGIN OF CYBER LAW

Science the beginning of the civilization, man has constantly adapted himself with the changing
circumstances and scenarios to usher in new eras of development and progress. Every stage of
human history has been important in its own way.
Internet has become an all pervading revolution which is having an immense impact on all aspects
of human life and existence. Internet is a new phenomenon which has set new benchmarks for the
entire mankind. Internet is a global network of computers, all speaking same language.
Internet has grown in a very rapid arbitrary and unplanned manner. Because of this unplanned
nature of internet. It was felt initially internet is a system of anarchy. However as time flew, it
began to drawn upon netizens that internet and cyberspace need to be regulated and a regulated
cyberspace would be the catalyst for the future progress of mankind. Herein lay the seeds of
origin of cyber law.
The dawning of the 21st century seems to have had a magical effect on India. The Indian
government has taken the emergence of the new millennium as a signal to proceed forward in the
direction of whole heartedly adopting technologies and giving legal recognition to the same and
regulating the same. This new chapter began with the passing of India’s first cyber law namely,
the information technology act, 2000.

9
 4. NEED OF CYBER LAW

1. Coming of internet.
2. Greater cultural, economic, political and social transformation in the history of human society.
3. Complex legal issues arising leading to the development of cyber law.
4. Different approaches for controlling, regulating and facilitating electronic communication and
commerce.
5. Cyberspace has complete disrespect for jurisdictional boundaries. A person in India could
break into a bank’s electronic vault hosted on a computer in USA and transfer millions of Rupees
to another bank in Switzerland, all within minutes. All he would need is a laptop computer and a
cell phone.
6. Cyberspace handles gigantic traffic volumes every second. Billions of emails are crisscrossing
the globe even as we read this, millions of websites are being accessed every minute and billions
of dollars are electronically transferred around the world by banks every day.
7. Cyberspace is absolutely open to participation by all.

4.1 Information technology law

1. Florida electronic security act

2. Illinois electronic commerce security act
3. Texas penal code – computer crimes statute
4. Maine criminal code – computer crimes
5. Singapore electronic transaction act
6. Malaysia computer crimes act
7. Malaysia digital signature act
8. UNCITRAL model law on electronic commerce
9. Information technology act 2000 of India

10
 5. UNITED NATIONS DEFINITION OF CYBER CRIME

Cybercrime spans not only state but national boundaries as well. Perhaps we should look to
international organizations to provide a standard definition of the crime. At the Tenth United
Nations Congress on the Prevention of Crime and Treatment of Offenders, in a workshop devoted
to the issues of crimes related to computer networks, cybercrime was broken into two categories
and defined thus:
a. Cybercrime in a narrow sense (computer crime): Any illegal behavior directed by means of
electronic operations that targets the security of computer systems and the data processed by them.
b. Cybercrime in a broader sense (computer-related crime): Any illegal behavior committed by
means of, or in relation to, a computer system or network, including such crimes as illegal
possession and offering or distributing information by means of a computer system or network.

Of course, these definitions are complicated by the fact that an act may be illegal in one
Nation but not in another.
There are more concrete examples, including
i. Unauthorized access
ii. Damage to computer data or programs
iii. Computer sabotage
iv. Unauthorized interception of communications
v. Computer espionage

11
 6. CYBER LAW IN INDIA

The primary source of cyber law in India is the Information Technology Act, 2000 (IT Act)
which came into force on 17 October 2000. The primary purpose of the Act is to provide legal
recognition to electronic commerce and to facilitate filing of electronic records with the
Government. The IT Act also penalizes various cyber crimes and provides strict punishments
(imprisonment terms upto 10 years and compensation up to Rs 1 crore).

6.1 Jurisprudence of Indian Cyber Law

The primary source of cyber law in India is the Information Technology Act, 2000 (IT Act)
which came into force on 17 October 2000. The primary purpose of the Act is to provide legal
recognition to electronic commerce and to facilitate filing of electronic records with the
Government. The IT Act also penalizes various cyber crimes and provides strict punishments
(imprisonment terms upto 10 years and compensation up to Rs 1 crore). An Executive Order dated
12 September 2002 contained instructions relating to provisions of the Act with regard to
protected systems and application for the issue of a Digital Signature Certificate. Minor errors in
the Act were rectified by the Information Technology (Removal of Difficulties) Order, 2002
which was passed on 19 September 2002. The IT Act was amended by the Negotiable Instruments
(Amendments and Miscellaneous Provisions) Act, 2002. This introduced the concept of electronic
cheques and truncated cheques. Information Technology (Use of Electronic Records and Digital
Signatures) Rules, 2004 has provided the necessary legal framework for filing of documents with
the Government as well as issue of licenses by the Government. It also provides for payment and
receipt of fees in relation to the Government bodies.
On the same day, the Information Technology (Certifying Authorities) Rules, 2000 also came into
force. These rules prescribe the eligibility, appointment and working of Certifying Authorities
(CAs). These rules also lay down the technical standards, procedures and security methods to be
used by a CA. These rules were amended in 2003, 2004 and 2006 Information Technology
(Certifying Authority) Regulations, 2001 came into force on 9 July 2001. They provide further
technical standards and procedures to be used by a CA. Two important guidelines relating to CAs
were issued. The first are the Guidelines for submission of application for license to operate as a
Certifying Authority under the IT Act. These guidelines were issued on 9 July 2001.

12
Next were the Guidelines for submission of certificates and certification revocation lists to the
Controller of Certifying Authorities for publishing in the National Repository of Digital
Certificates. These were issued on 16 December 2002.
The Cyber Regulations Appellate Tribunal (Procedure) Rules, 2000 also came into force on 17
October 2000. These rules prescribe the appointment and working of the Cyber Regulations
Appellate Tribunal (CRAT) whose primary role is to hear appeals against orders of the
Adjudicating Officers. The Cyber Regulations Appellate Tribunal (Salary, Allowances and other
terms and conditions of service of Presiding Officer) Rules, 2003 prescribe the salary, allowances
and other terms for the Presiding Officer of the CRAT. Information Technology (Other powers of
Civil Court vested in Cyber Appellate Tribunal) Rules 2003 provided some additional powers to
the CRAT.
On 17 March 2003, the Information Technology (Qualification and Experience of Adjudicating
Officers and Manner of Holding Enquiry) Rules, 2003 were passed. These rules prescribe the
qualifications required for Adjudicating Officers. Their chief responsibility under the IT Act is to
adjudicate on cases such as unauthorized access, unauthorized copying of data, spread of viruses,
denial of service attacks, disruption of computers, computer manipulation etc. These rules also
prescribe the manner and mode of inquiry and adjudication by these officers. The appointment of
adjudicating officers to decide the fate of multi-crore cyber crime cases in India was the result of
the public interest litigation filed by students of Asian School of Cyber Laws (ASCL).

The Government had not appointed the Adjudicating Officers or the Cyber Regulations Appellate
Tribunal for almost 2 years after the IT Act had come into force. This prompted ASCL students to
file a Public Interest Litigation (PIL) in the Bombay High Court asking for speedy appointment of
Adjudicating officers.

The Bombay High Court, in its order dated 9 October 2002, directed the Central Government to
announce the appointment of adjudicating officers in the public media to make people aware of
the appointments. The division bench of the Mumbai High Court consisting of Hon’ble Justice
A.P. Shah and Hon’ble Justice Ranjana Desai also ordered that the Cyber Regulations Appellate
Tribunal be constituted within a reasonable time frame. Following this the Central Government
passed an order dated 23 March 2003 appointing the “Secretary of Department of Information

13
Technology of each of the States or of Union Territories” of India as the adjudicating officer for
that State or Union Territory. The Information Technology (Security Procedure) Rules, 2004
came into force on 29 October 2004. They prescribe provisions relating to secure digital signatures
and secure electronic records. Also relevant are the Information Technology (Other Standards)
Rules, 2003. An important order relating to blocking of websites was passed on 27 February,
2003. Computer Emergency Response Team (CERT-IND) can instruct Department of
Telecommunications (DoT) to block a website. The Indian Penal Code (as amended by the IT Act)
penalizes several cyber crimes. These include forgery of electronic records, cyber frauds,
destroying electronic evidence etc. Digital evidence is to be collected and proven in court as per
the provisions of the Indian Evidence Act (as amended by the IT Act). In case of bank records, the
provisions of the Bankers’ Book Evidence Act (as amended by the IT Act) are relevant.
Investigation and adjudication of cyber crimes is done in accordance with the provisions of the
Code of Criminal Procedure and the IT Act. The Reserve Bank of India Act was also amended by
the IT Act. The Information Technology (Amendment) Act, 2008, which came into force on
27th October, 2009 has made sweeping changes to the Information Technology Act, 2000.

The following rules have also come into force on the same day:

(1) Information Technology (Procedure and Safeguards for Interception, Monitoring and
Decryption of Information) Rules, 2009

(2) Information Technology (Procedure and Safeguard for Monitoring and Collecting Traffic Data
or Information) Rules, 2009

(3) Information Technology (Procedure and Safeguards for Blocking for Access of Information by
Public) Rules, 2009

(4) The Cyber Appellate Tribunal (Salary, Allowances and Other Terms and Conditions of Service
of Chairperson and Members) Rules, 2009

(5) Cyber Appellate Tribunal (Procedure for Investigation of Misbehavior or Incapacity of

Chairperson and Members) Rules, 2009.

14
 7. ADVANTAGE OF CYBER LAW

The IT act 2000 attempts to change outdated laws and provides way to deal with cyber crimes. We
need such laws so that people can perform purchase transactions over the Net through credit cards
without fear of misuse. The act offers the much- needed legal framework so that information is not
denied legal effect, validity or enforceability, solely on the ground that it is in the form of
electronic records.
In view of the growth in transactions and communications carried out through electronic record,
the act seeks to empower government departments to accept filing, creating and retention of
official documents in the digital format. The act also proposed a legal framework of authentication
and origin of electronic records / communication through digital signature.
 From the perspective of e-commerce in India, the it act 2000 and its provisions contain
many positive aspects. Firstly the implications of these provisions for the e-business would be that
emails would now be a valid and legal form of communication in our country that can be duly
produced and approved in court of law.
 Companies shall now be able to carry out electronic commerce using the legal infrastructure
provided by the act.
 Digital signatures have been given legal validity and section in the act.
 The act now allows government to issue notification on the web thus heralding e-governess.
 The act enables the companies to file any form, application or any other document with any
office, authority, body or agency owned or controlled by the appropriate government in electronic
form by means of such electronic form as may be prescribed by a appropriate government.
 The IT act also addresses the important issues of security which are also critical to success
of electronic transactions. The act has given a legal definition to the concept of secure digital
signatures that would be required to have been passed through a system of security procedure, as
stipulated by the government at the later day.
 Under the IT act, 2000, it shall now be possible for corporates to have a statutory remedy in
case if anyone breaks into their computer system or network and causes damages or copies data.
The remedy provided by the act in the form of monetary damages, not exceeding Rs 1 crore.

15
 8. TWO SIDES OF INDIAN CYBER LAW OR IT ACT OF INDIA

Cyber laws are meant to set the definite pattern, some rules and guidelines that defined certain
business activities going on through internet legal and certain illegal and hence punishable. The IT
Act 2000, the cyber law of India, gives the legal framework so that information is not denied legal
effect, validity or enforceability, solely on the ground that it is in the form of electronic records.

One cannot regard government as complete failure in shielding numerous e-commerce activities
on the firm basis of which this industry has got to its skies, but then the law cannot be regarded as
free from ambiguities.

MMS porn case in which the CEO of bazee.com (an Ebay Company) was arrested for allegedly
selling the MMS clips involving school children on its website is the most apt example in this
reference. Other cases where the law becomes hazy in its stand includes the case where the
newspaper Mid-Daily published the pictures of the Indian actor kissing her boyfriend at the
Bombay nightspot and the arrest of Krishan Kumar for illegally using the internet account of Col.
(Retd.) J.S. Bajwa.

The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes.
Let’s have an overview of the law where it takes a firm stand and has got successful in the reason
for which it was framed.

1. The E-commerce industry carries out its business via transactions and communications done
through electronic records. It thus becomes essential that such transactions be made legal. Keeping
this point in the consideration, the IT Act 2000 empowers the government departments to accept
filing, creating and retention of official documents in the digital format. The Act also puts forward
the proposal for setting up the legal framework essential for the authentication and origin of
electronic records / communications through digital signature.

2. The Act legalizes the e-mail and gives it the status of being valid form of carrying out
communication in India . This implies that e-mails can be duly produced and approved in a court
of law, thus can be a regarded as substantial document to carry out legal proceedings.

16
3. The act also talks about digital signatures and digital records. These have been also awarded the
status of being legal and valid means that can form strong basis for launching litigation in a court
of law. It invites the corporate companies in the business of being Certifying Authorities for
issuing secure Digital Signatures Certificates.

4. The Act now allows Government to issue notification on the web thus heralding e-governance.

5. It eases the task of companies of the filing any form, application or document by laying down
the guidelines to be submitted at any appropriate office, authority, body or agency owned or
controlled by the government. This will help in saving costs, time and manpower for the
corporates.

6. The act also provides statutory remedy to the coporates in case the crime against the accused for
breaking into their computer systems or network and damaging and copying the data is proven.
The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore
($200,000).

7. Also the law sets up the Territorial Jurisdiction of the Adjudicating Officers for cyber crimes
and the Cyber Regulations Appellate Tribunal.

8. The law has also laid guidelines for providing Internet Services on a license on a non-exclusive
basis.

The IT Law 2000, though appears to be self sufficient, it takes mixed stand
when it comes to many practical situations. It looses its certainty at many
places like:

1. The law misses out completely the issue of Intellectual Property Rights, and makes no
provisions whatsoever for copyrighting, trade marking or patenting of electronic information and
data. The law even doesn’t talk of the rights and liabilities of domain name holders, the first step
of entering into the e-commerce.
2. The law even stays silent over the regulation of electronic payments gateway and segregates the
negotiable instruments from the applicability of the IT Act, which may have major effect on the

17
growth of e-commerce in India. It leads to make the banking and financial sectors irresolute in
their stand.
3. The act empowers the Deputy Superintendent of Police to look up into the investigations and
filling of charge sheet when any case related to cyber law is called. This approach is likely to
result in misuse in the context of Corporate India as companies have public offices which would
come within the ambit of "public place" under the Act. As a result, companies will not be able to
escape potential harassment at the hands of the DSP. The Act initially was supposed to apply to
crimes committed all over the world, but nobody knows how can this be achieved in practice, how
to enforce it all over the world at the same time???

The IT Act is silent on filming anyone’s personal actions in public and then distributing it
electronically. It holds ISPs (Internet Service Providers) responsible for third party data and
information, unless contravention is committed without their knowledge or unless the ISP has
undertaken due diligence to prevent the contravention. For example, many Delhi based
newspapers advertise the massage parlors; and in few cases even show the ‘therapeutic masseurs’
hidden behind the mask, who actually are prostitutes. Delhi Police has been successful in busting
out a few such rackets but then it is not sure of the action it can take…should it arrest the owners
and editors of newspapers or wait for some new clauses in the Act to be added up?? Even the
much hyped case of the arrest of Bajaj, the CEO of Bazee.com, was a consequence of this
particular ambiguity of the law. One cannot expect an ISP to monitor what information their
subscribers are sending out, all 24 hours a day.

Cyber law is a generic term, which denotes all aspects, issues and the legal consequences on the
Internet, the World Wide Web and cyber space. India is the 12th nation in the world that has cyber
legislation apart from countries like the US, Singapore, France, Malaysia and Japan.

But can the cyber laws of the country be regarded as sufficient and secure enough to provide a
strong platform to the country’s e-commerce industry for which they were meant?? India has
failed to keep in pace with the world in this respect, and the consequence is not far enough from
our sight; most of the big customers of India’s outsourcing company have started to re-think of
carrying out their business in India .Bajaj’s case has given the strongest blow in this respect and
have broken India’s share in outsourcing market as a leader.

18
 If India doesn’t want to loose its position and wishes to stay as the world’s leader forever in
outsourcing market, it needs to take fast but intelligent steps to cover the glaring loopholes of the
Act, or else the day is not far when the scenario of India ruling the world’s outsourcing market
will stay alive in the dreams only as it will be overtaken by its competitors.

9. PRACTICAL CHALLENGES

The important issue before government and policy makers how to piggy ride advantages of new
technology and how to harass its benefits for the purpose of administration of justice.
 We must ensure that the final output of any electronic governance project must be legal in a
court of law.
 Need to comply the strict requirements of an IT Act 2000 emended Indian evidences.
 IT Act 2000 does not mention about domain names and the rights of domain names owners.
 IT Act 2000 does not mention about intellectual property right – copyrights, trade mark,
patent.
 IT act purports to be applicable to not only the whole of India but also to any offence or
contravention there under commitment outside of India by any person.
 This provisions in section1 (2) is not clearly and happily drafted.
 Not clear as to how and in what particular manner, the said act shall apply to any offence and
contravention there under committed outside of India by any person.
 Enforcement aspect of the IT act is an area of grave concerned numerous difficulties likely to
arise in the enforcement of said act.
 Internet has shrunk the size of world and slowly, national boundaries shall cease to have
much meaning in cyber space.
 IT act talks about the use of electronic records and digital signature in government agencies
yet strangely it further says in section 9 that this does not confer any right upon any person to
insist that the document in questions should be accepted in electronic form.
 Electronic payment issues not addressed.
 No mention of electronic fund transfer.
 New forms and manifestations of cyber crimes emerging everyday. Need for new legislative
mechanism to control cyber crimes.

19
 9.1 Need to enact new laws

 Concerning electronic payments.

 On electronic fund transfer.
 Internet banking laws.

9.2 Need for new laws on

 Data protection
 SPAM
 Information security
 Privacy
 Protection of Indian children online.

20
 10. CYBER SPACE

A metaphor for describing the non-physical terrain created by computer systems. Online systems,
for example, create a cyberspace within which people can communicate with one another (via e-
mail), do research, or simply window shop. Like physical space, cyberspace contains objects
(files, mail messages, graphics, etc.) and different modes of transportation and delivery. Unlike
real space, though, exploring cyberspace does not require any physical movement other than
pressing keys on a keyboard or moving a mouse. Some programs, particularly computer games,
are designed to create a special cyberspace, one that resembles physical reality in some ways but
defies it in others. In its extreme form, called virtual reality, users are presented with visual,
auditory, and even tactile feedback that makes cyberspace feel real.

21
 11. CYBER CRIME

The term ‘cyber’ derived from cybernetics, used to describe the entire range of things made
available through the use of computer.
All crimes performed or resorted to by abuse of electronic media or otherwise, with the purpose of
influencing the functioning of computer or computer system. Cyber crime is a term used to
broadly describe criminal activity in which computers or computer networks are a tool, a target, or
a place of criminal activity and include everything from electronic cracking to denial of service
attacks. It is also used to include traditional crimes in which computers or networks are used to
enable the illicit activity. Cyber Crime Computer crime mainly consists of unauthorized access to
computer systems data alteration, data Destruction, theft of intellectual properly. Cyber crime in
the context of national security may involve hacktivism, traditional espionage, or information
warfare and related activities.
Cyber crime is the latest and perhaps the most complicated problem in the cyber world. “Cyber
crime may be said to be those species, of which, genus is the conventional crime, and where either
the computer is an object or subject of the conduct constituting crime”. “Any criminal activity that
uses a computer either as an instrumentality, target or a means for perpetuating further crimes
comes within the ambit of cyber crime” A generalized definition of cyber crime may be “
unlawful acts wherein the computer is either a tool or target or both” The computer may be used
as a tool in the following kinds of activity- financial crimes, sale of illegal articles, pornography,
online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber
stalking. The computer may however be target for unlawful acts in the following cases-
unauthorized access to computer/ computer system/ computer networks, theft of information
contained in the electronic form, e-mail bombing, data didling, salami attacks, logic bombs,
Trojan attacks, internet time thefts, web jacking, theft of computer system, physically damaging
the computer system.
Cyber crime is use of computer and the internet by criminals to perpetrate fraud and other crimes
against companies and consumers. To avoid harm from these activities all users should check that
web sites they use all people to whom they e-mail sensitive information are genuine. Crime
committed using a computer and the internet to seal a person’s identity or sell contraband or stalk
victims or disrupt operations with malevolent programmes. Cyber crime is a broadly use them to

22
describe criminal activity comm8itted on computers or the internet. Some of it is punishable by
the laws of various countries, where as others have a debatable legal status. The term ‘cyber
crime’ is a misnomer. This term has nowhere been defined in any statute/act passed or enacted by
the Indian parliament. The concept of cyber crime is not radically different from the concept of
conventional crime. Both include conduct weather act or omission, which causes breach of rules
of law and counterbalanced by the sanction of the state.

11.1 Types of cyber crime

Hacking
Denial of Service
Attack
Virus Dissemination
Software Piracy
Pornography
Credit Card Fraud
Net Extortion
Phishing
Spoofing
Cyber Stalking
Cyber Defamation
Threatening
Salami Attack

23
 12. PUBLISHING CYBER PORNOGRAPHY

Summary

PUBLISHING, CAUSING TO BE PUBLISHED AND

ACTIONS COVERED TRANSMITTING CYBER PORNOGRAPHY
First offence: simple or rigorous imprisonment up to
Penalty 5 years and fine up to Rs. 1 lakh subsequent offence:
simple or rigorous imprisonment up to 10 years and
fine up to Rs. 2 lakh

Relevant authority Court of session

Appeal lies to High court

Investigation 1. Controller of certifying authorities (cca)
Authorities 2. Person authorized by cca
3. Police officer not below the rank of
deputy superintendent
Points to mention in 1. Complainant details
complaint 2. Suspect details
3. How and when the contravention was
discovered and by whom
4. Other relevant information

24
 13. LEGAL POSITION AROUND THE GLOBE

Problem of cyber crime induced many states to reconsider their own legislation. Nowadays more
than 100 countries (including 60% Interpol members) have no laws regulating fighting cyber
crimes. The problem in regulating cyber crime is that there are no uniform laws. Some countries,
such as U.K, have cyber crime laws like the COMPUTER MISUSE ACT 1990 that are well
implemented. Other territories have laws that have yet to be fully implemented, while some
countries and yet to make provisions for cyber crime within their judicial system at all.

1. Position in U.K

The computer misuse act 1990 is an act of the U.K parliament. The act’s introduction followed the
decision in R v Gold, with the bills critics charging that it was introduce hastily and was poorly
through out. Intension they said was often difficult to prove, and that the bill inadequately
differentiated “joyriding” crackers like gold and schifreen from serious computer criminals. The
act has nonetheless become a model upon which several other countries including Canada and the
republic of Ireland, have drawn inspiration when subsequently drafting their own information
security laws.

The act identifies three specific offences:

1. Unauthorized access to computer material (that is, a program or data).

2. Unauthorized access to a computer system with intent to commit or facilitate the commission of
a serious crime.

3. Unauthorized modification of computer material.

In 2004 the all party internet group published its review of the law and highlighted areas for
development. Their recommendations led to the drafting of the computer misuse act 1990
(amendment) bill. Which sought to amend the CMA to comply with the European convention on
cyber crime

25
2. Position in U.S

The computer crime is on the rise in USA, sense the introduction of computers into American
society in general. In an earlier era, the advent of the automobile opened the way for criminals to
target the automobile itself (e.g., auto theft) or use it to facilitate traditional crimes. In addition law
enforcement had to learn to seize vehicles to search them for evidence of some offense unrelated
to the vehicle itself (e.g. the box of document in the trunk). In many of them ways, computers, too,
have proven important to criminal investigations. First, a computer may be the target of the
offence. In these cases, the criminals goals are to steal information from, or cause damage to, a
computer may be a tool of the offences. This occurs when an individual uses a computer to
facilitate some traditional offense such as fraud.

26
 14. INFORMATION TECHNOLOGY ACT 2000

The 18th Day of October of this millennium, India witnessed the enactment of
Information Technology Act. An Act that is a class of legislation of its own. An
act to govern and regulate the high-tech virtual electronic world the cyber
world.

The information Technology Act is an outcome of the resolution dated 30th

January 1997 of the General Assembly of the United Nations, which adopted
the Model Law on Electronic Commerce, adopted the Model Law on Electronic
Commerce on International Trade Law. This resolution recommended, inter
alia, that all states give favorable consideration to the said Model Law while
revising enacting new law, so that uniformity may be observed in the laws, of
the various cyber-nations, applicable to alternatives to paper based methods
of communication and storage of information.

Overview

The heart and soul of any enactment is reflected rather engrafted in its
'Preamble' or introduction. The intention of the legislature, the problem at
which it aims, the rigour, which it tries to mitigate, is reflected from the
Preamble.

I personally feel that the preamble even gives a clear overview of the statute
concerned. The I.T Act aims at legalizing "electronic Commerce" and provide

27
for "electronic governance". Further this Act has also amended the provisions
of the (1)
Penal Code; Evidence Act; Banker's Book Evidence Act; The basic aim of these
amendments is to strengthen the justice delivery mechanism and give
recognition to the virtual 'e-medium'.

Strength & Shortcoming

Nothing is perfect in this world. Not even the persons who legislate. Therefore
it would not at all be feasible to expect that the laws enacted will be
absolutely perfect, without any lacunas.

I feel that the I.T. Act is a piece of legislation of its time. The Act has brought
radical change in the position of the virtual electronic medium. Let's evaluate
the strength and shortcoming of the information technology under the
following categories: 

1.Digital Signature
2. E-Governance
3. Justice Delivery System 
4. Offences & Penalties
 5. Amendments in the various Acts. 

28
15. CYBER EVIDENCE COLLECTION: MAJOR CHALLENGE TO LAW

ENFORCEMENT IN INDIA

It is more than ten years since law was passed in India to recognize electronic documents as
admissible evidence in a Court of law. The necessary amendments were made to the Indian
Evidence Act 1872 by the Information Technology Act 2000 (ITA-2000).

In the case of electronic documents produced as "Primary Evidence", the document itself must be
produced to the Court. However, such electronic document obviously has to be carried on a media
and can be read only with the assistance of an appropriate Computer with appropriate operating
software and application software.

In many cases even in non-electronic documents, a document may be in a language other than the
language of the Court in which case it needs to be translated and submitted for the understanding
of the Court by an "Expert". Normally the person making submission of the document also
submits the translation from one of the "Experts". If the counter party does not accept the
"Expert's opinion", the court may have to listen to another "Expert" and his interpretation and
come to its own conclusion of what is the correct interpretation of a document.

In the case of the Electronic documents, under the same analogy, "Presentation" of document is
the responsibility of the prosecution or the person making use of the document in support of his
contention before the Court. Based on his "Reading" of the documents, he submits his case. This
may however be disputed by the counter party. In such a case, it becomes necessary for the Court
to "Get the document Read by an expert" to its satisfaction. It is necessary to have some clarity on
the legal aspects of such documents presented to the Court because most of the court battles are
expected to revolve around "Proper Reading" of the documents and "Possible manipulation of the
documents".

29
In making presentation of an "Electronic Document", the presentor may submit a readable form of
the document in the form of a "Print Out". Question arises in such a case whether the print out is a
"Primary Evidence" or a "Secondary Evidence".

According to Indian Evidence Act, section 65 refers to "Cases in which secondary evidence
relating to documents may be given". However, the modifications made to this section by ITA-
2000 have added Sections 65 A and Section 65 B.

Though these sections have been numbered as A and B of 65, these are not to be treated as sub
sections of Section 65. As per schedule II to ITA-2000, serial number 9, it appears that 65A and
65B are to be treated as independent sections.

According to Section 65 A therefore, "Contents of electronic records may be proved in accordance

with the provisions of Section 65B".

Whether by design or otherwise, Section 65B clearly states that " Not withstanding anything
contained in this (Ed: Indian Evidence Act) Act, any information contained in an electronic record
which is printed on a paper, stored, recorded or copied in optical or magnetic media produced by a
computer (herein after called the Computer Output) shall be deemed to be also a document...."

However, for the "Computer Output" to be considered as admissible evidence, the conditions
mentioned in the Section 65 B (2) needs to be satisfied.

Section 65B(2) contains a series of certifications which is to be provided by the person who is
having lawful control over the use of the Computer generating the said computer output and is not
easy to be fulfilled without extreme care.

It is in this context that the responsibility of the Law Enforcement Authorities in India becomes
onerous while collecting the evidence.

In a typical incident when a Cyber Crime is reported, the Police will have to quickly examine a
large number of Computers and storage media and gather leads from which further investigations
have to be made. Any delay may result in the evidence getting obliterated in the ordinary course of
usage of the suspect hard disk or the media.

30
Any such investigation has to cover the following main aspects of Cyber Forensics, namely,

1. Collection of suspect evidence

2. Recovery of erased/hidden/encrypted data 

3. Analysis of suspect evidence

 If the process of such collection, recovery and analysis is not undertaken properly, the evidence
may be rejected in the Court of law as not satisfying the conditions of Section 65B of the Indian
Evidence Act.

In the evolution of the Indian challenge to Cyber Crimes, it may be said that during the last three
years, Police in different parts of the Country have been exposed to the reality of Cyber Crimes
and more and more cases are being registered for investigation. However, if the Law enforcement
does not focus on the technical aspects of evidence collection and management, they will soon
find that they will be unable to prove any electronic document in a Court of Law.

The undersigned who has been working with a missionary zeal for dissemination of knowledge on
Cyber Crime Risks and Cyber Law Compliance in India, has already provided a mechanism for
archiving Cyber evidence of certain kind such as web pages and e-mails.

Now he has embarked on the next step of assisting the Law Enforcement in India with suitable
Computer hardware and software that would enhance the quality of "Cyber Evidence" that can be
produced to a court of law in case of any Cyber Crime.

These Cyber Forensic gadgets are not only products that are required by the Law Enforcement
authorities, but also the IT Auditors in the Corporate world. Hence this information is likely to be
of interest to both the Law Enforcement Authorities as well as the Information System Auditors.

31
 16. CYBER LAW CASES

Case 1: Tessera, Inc. v. Int’l Trade Comm’n, 2010-1176 (Fed. Cir. May 23,
2011)

The Federal Circuit upheld a decision of the ITC regarding patent exhaustion Tessera, Inc. v.
International trade commission. The patent holder permitted its licensees to sell the patented
invention and received royalty payments later. When some licensees failed to pay, the patent
holder argued that its authorized sales had been transformed into unauthorized sales and thus that
the licensees’ customers were infringing the patent. The Federal Circuit rightly disagreed,

These agreements expressly authorize licensees to sell the licensed products and to pay up at the
end of the reporting period. Thus, in these agreements, Tessera authorizes its licensees to sell the
licensed products on credit and pay later. That some licensees subsequently renege or fall behind
on their royalty payments does not convert a once authorized sale into a non-authorized sale. Any
subsequent non-payment of royalty obligations arising under the TCC Licenses would give rise to
a dispute with Tessera’s licensees, not with its licensees’ customers.

Tessera’s argument that the sale is initially unauthorized until it receives the royalty payment is
hollow and unpersuasive. The parties do not dispute that the TCC Licenses permit a licensee to
sell licensed products before that licensee pays royalties to Tessera. But according to Tessera, that
licensee’s sale, permitted under the TCC License, would later become unauthorized if that licensee
somehow defaulted on a subsequently due royalty payment. That absurd result would cast a cloud
of uncertainty over every sale, and every product in the possession of a customer of the licensee,
and would be wholly inconsistent with the fundamental purpose of patent exhaustion—to prohibit
postsale restrictions on the use of a patented article. In bloomer v. McQuewan, 55 U.S. (14 How.)
539, 549 (1852) (stating “when the machine passes to the hands of the purchaser, it is no longer
within the limits of the monopoly”).

32
It is this same absurd result and the same cloud of uncertainty that results after every sale of a
copy of software in light of the Ninth Circuit’s worst copyright opinion in decades: Vernor v.
Autodesk, 621 F.3d 1102 (9th Cir. 2010). By permitting postsale restrictions on the use of
software the Ninth Circuit has adopted a view of the Copyright Act wholly inconsistent with the
fundamental purpose of copyright exhaustion–i.e., the first sale doctrine.

Vernor’s counsel has recently filed an excellent brief petitioning for a writ of certiorari, and one
can only hope that the Supreme Court will choose to straighten this out so that we can get opinions
in the copyright context as cognizant of the harms of ignoring exhaustion principles as this opinion
is in the patent context.

33
 17. SOME INDIAN CASE STUDIES

Case 1. Ritu Kohli Case

Ritu Kohli Case, being India's first case of cyber stalking, was indeed an important revelation into
the mind of the Indian cyber stalker. A young Indian girl being cyber stalked by a former
colleague of her husband, Ritu Kohli's case took the imagination of India by storm. The case
which got cracked however predated the passing of the Indian Cyberlaw and hence it was just
registered as minor offences under the Indian Penal Code.

Case 2. Pune Citibank MphasiS Call Center Fraud

US $ 3,50,000 from accounts of four US customers were dishonestly transferred to bogus

accounts. This will give a lot of ammunition to those lobbying against outsourcing in US. Such
cases happen all over the world but when it happens in India it is a serious matter and we can not
ignore it. It is a case of sourcing engineering. Some employees gained the confidence of the
customer and obtained their PIN numbers to commit fraud. They got these under the guise of
helping the customers out of difficult situations. Highest security prevails in the call centers in
India as they know that they will lose their business. There was not as much of breach of security
but of sourcing engineering. The call center employees are checked when they go in and out so
they can not copy down numbers and therefore they could not have noted these down. They must
have remembered these numbers, gone out immediately to a cyber café and accessed the
Citibank accounts of the customers. All accounts were opened in Pune and the customers
complained that the money from their accounts was transferred to Pune accounts and that’s how
the criminals were traced. Police has been able to prove the honesty of the call center and has
frozen the accounts where the money was transferred.
There is need for a strict background check of the call center executives. However, best of
background checks can not eliminate the bad elements from coming in and breaching security.

34
We must still ensure such checks when a person is hired. There is need for a national ID and a
national data base where a name can be referred to. In this case preliminary investigations do not
reveal that the criminals had any crime history. Customer education is very important so
customers do not get taken for a ride. Most banks are guilt of not doing this.

Case 3. Parliament Attack Case

Bureau of Police Research and Development at Hyderabad had handled some of the top cyber
cases, including analysing and retrieving information from the laptop recovered from terrorist,
who attacked Parliament. The laptop which was seized from the two terrorists, who were gunned
down when Parliament was under siege on December 13 2001, was sent to Computer Forensics
Division of BPRD after computer experts at Delhi failed to trace much out of its contents. The
laptop contained several evidences that confirmed of the two terrorists’ motives, namely the
sticker of the Ministry of Home that they had made on the laptop and pasted on their ambassador
car to gain entry into Parliament House and the fake ID card that one of the two terrorists was
carrying with a Government of India emblem and seal. The emblems (of the three lions) were
carefully scanned and the seal was also craftly made along with residential address of Jammu and
Kashmir. But careful detection proved that it was all forged and made on the laptop.

Case 4. Andhra Pradesh Tax Case

Dubious tactics of a prominent businessman from Andhra Pradesh was exposed after officials of
the department got hold of computers used by the accused person. The owner of a plastics firm
was arrested and Rs 22 crore cash was recovered from his house by sleuths of the Vigilance
Department. They sought an explanation from him regarding the unaccounted cash within 10
days. The accused person submitted 6,000 vouchers to prove the legitimacy of trade and thought
his offence would go undetected but after careful scrutiny of vouchers and contents of his
computers it revealed that all of them were made after the raids were conducted. It later revealed
that the accused was running five businesses under the guise of one company and used fake and
computerized vouchers to show sales records and save tax.

35
 18. CONCLUSION

As we move forward into the 21 st century, technological innovations have paved the way for us to
experience new and wonderful conveniences in the how we are educated, the way we shop, how
we are entertained and the matter in which we do business. Business that have grown to rely upon
computerization to collect and assemble sensitive information on their critical resources.
Capacity of human mind is immeasurable. It is not possible to eliminate cyber crime from the
cyber crime from the cyber space. It is not possible to eliminate cyber crime from the cyber space.
It is quite possible to check them. History is the witness that no legislation has succeeded in totally
eliminate crime from the globe. The only possible step is to make laws and try to prevent them.

36
 19. REFERENCES

http://cyber.law.harvard.edu
http://grep.law.harvard.edu
http://www.cyberlawconsulting.com
http://cyberlawcases.com
http://www.cyberlawindia.com
http://wwwcyberlawindia.net
Articles written by Pavan Duggal and Dr. Pratibha Rasal
Books- justice Yatindra Singh, Dr. R.K Chaubey
Articles- Harpreet Kaur, Gujarat Law Herald

37