MIR-012 Regulation of Cyberspace - Shortcut - LNK

UNIT 1 DOMESTIC LAWS:
BACKGROUNDER
Structure
1.1 Introduction
1.2 Objectives
1.3 Challenges to Laws
1.4 Information Technology Act, 2000
1.4.1 A Quick Overview of the Act
1.5 Critiques of the I.T. Act
1.6 Proposed Amendments to the I.T. Act
1.7 Summary
1.8 Terminal Questions
1.9 Answers and Hints
1.10 References and Suggested Readings
1.1 INTRODUCTION
This is the first unit of the first block of Course 2. This unit discusses the main
challenges posed by information and communication technology to the law.
This unit also gives an overview of the IT Act, 2000 and discusses the
amendments suggested by the expert committee set up by the government.
The phenomenal growth of Information and Communication Technology has

in a span of a few years significantly changed our way of life. It has changed
the way of business, governance, communication, education, entertainment
almost every conceivable activity in society. Computers and internet connectivity
along with the phenomenal advance in telephony have been the foundation of
this revolution.
We are now in the age of the information society wherein it is recognised that
“information and communication are at the core of human progress. Rapid
progress of these technologies opens completely new opportunities to attain
higher levels of development.”(From the Declaration of Principles, World
Summit on the Information society, ‘Geneva 2003 and Tunis 2005). It has
been realised that this technology can in benefit millions of people and therefore
governments as well as other stake holders have a key role in promoting the
spread of the use of the technology more so with the intent to bridge the
digital divide that represents the uneven distribution of the benefits of
information technology today.
India today is emerging as a global information technology powerhouse, offering

high quality IT and IT enabled services at low cost and therefore the IT sector
is of immense importance and of great priority for the government. The sector
is witnessing rapid growth with exports to the tune of Rs. 78,230 crores in
2004-5. This growth also has a significant effect on the Indian economy. This
sector has also risen to become the biggest employment generator in the 7
Laws and Entities country, the number rising from 2.8 lakhs in 1999-2000 to 10 lakhs in 2004-05.
Governing Cyberspace
Apart from the direct impact on national income and employment, the IT
sector has contributed to the growth of several ancillary businesses such as
transportation, catering etc. The country has also witnessed a real estate boom
stemming from the boom in the IT sector.
The phenomenal connectivity of the net has logically led it to become the
most potential instrument for economic activity and governance; e-commerce
and e-governance. With the development of this new technology, and with the
realisation that such technology affects human life and relations, societal peace
and order and proprietary rights, it was felt that there was a need for laws to
regulate conduct in cyberspace accordingly. The need to regulate was also felt
because of the immense potential that the medium has to contribute towards
development, which can be achieved only through an optimum policy and
legal regime governing it. Thus the Internet which as a medium has had a
laissez faire growth with ‘netizens’ all over the globe voluntarily contributing
substantially to its expansion is now coming more and more within the ambit
of governmental regulation. Regulations relating to the Internet are being
made today by national government and also by international intergovernmental
bodies and international organizations. The whole body of laws and regulations
both national and international governing cyberspace constitutes what is known
as cyber laws. This however does not mean that the cyberspace does not
continue to be an area of expression and innovation for adventurers. Almost
on a daily basis human innovation and expression is visible on the Internet.
While going through this and subsequent 2 units, it is recommended that you
should keep a copy of the IT Act with you because on many occasions you
would find it beneficial to read the sections and subsections of the Act relevant
to the topic you are studying.
1.2 OBJECTIVES
After studying this unit you should be able to:
• discuss the challenges which the law should address to keep pace with
the new information and communication technology;
• describe the legislative measures taken by India to address the challenges;
• examine as to what extent the IT Act has been able to address the
challenges posed by the information and communication technology; and
• discuss the amendments as suggested by experts to make the more effective
Act in regulating the area.
1.3 CHALLENGES TO LAWS

The biggest challenge to the law is to keep pace with technology. While
talking about crimes relating to the Internet, most traditional crimes like fraud,
defamation committed while using the Internet etc, would be governed by the
existing technology neutral criminal laws. These are crimes with all elements
of offline crimes, the only difference being that the Internet was used as an aid
8 in their commission.
The second kind of crime is the one directed at computers, networks, data etc. Domestic Laws:
Backgrounder
These are the crimes that need to be newly defined and prohibited for the
purpose of maintenance of order. They include unauthorized disruption of
computers and networks, the heart of what most people consider cyber crime.
It occurs when an entity, without permission, interferes with the functionality
of computer software or hardware. They are more familiar as viruses, worms,
logic bombs, Trojan horses, and denial-of-service attacks. Unauthorized access
to computer programs and files and theft of identity are the other categories
of offences directed at computers.
Some of the challenges of making technology based laws are that there is a
chance of them being soon outdated. Therefore, it is desirable that laws as far
as possible must be drafted in a technology neutral way. Again it is against
equity and fairness if offline conduct is governed differently from online
conduct. This give rise to the possibility of crime shifting from one place to
the other if there is an inconsistency in laws. Consistency between the two
laws is therefore desirable. Laws must also cater to the need of prevention and
investigation of crimes. For instance, with the advent of telephones, wire
tapping laws were introduced, similar laws to deal with unlawful conduct in
the Internet would become necessary.
The first technology based law in India was the Indian Telegraph Act of 1885.
This law was framed with the advent of the telegraph and later covered yet
another advance in technology, the telephone. In the domain of technology
driven law falls the Information Technology Act, 2000.While the Information
Technology Act is the most significant Act addressing conduct in cyberspace
in India, there are a whole lot of other Acts that would apply to govern and
regulate conduct and transactions in cyberspace. Take for instance online
contracts. Apart from the relevant provisions of the IT Act like Sections 12
and 13, the Indian Contract Act, the Sale of Goods Act, 1930 etc would be
relevant to determine the legality of such contracts. Further the provisions of
the Competition Act, 2002 or in case of unfair trade practices, the Consumer
Protection Act 1986, would also be relevant.
Protection of intellectual property available on the Internet is one of the greatest

challenges of the day. Be it books, films, music, computer software, inventions,
formulas, recipes, everything is available on the net. Protection of copyrights
trademarks online would entail the invocation of the Indian Copyright Act
and, the Trade Marks Act.
As far as illegal activities on the net are concerned, apart from specific
provisions in the IT Act that penalizes them, a whole gamut of other Acts
would govern them. For instance in case of an Internet fraud, based on the
nature of the fraud perpetrated, Acts such as the Companies Act, 1956, the
Securities and Exchange Board of India Act, the Banking Regulation Act, the
Public Gambling Act, 1867 and the Indian Penal Code would also apply. For
online pornography while section 67 of the IT Act would apply, section 293-
294 of the IPC as well as the Cinematograph Act, 1952, the Indecent
Representation of women Act and the Young Persons (Harmful Publications)
Act, 1956 would apply. For matters relating to Internet sale of prohibited
9
Laws and Entities substances like arms and narcotics the Arms Act, 1959, the Explosives Act,
1884, the Narcotic Drugs and Psychotropic substances Act, 1985 would apply.
Thus it can be inferred that while the IT Act is the quintessential Act regulating
conduct on the Internet based on the facts of a case or the nature of a transaction,
several other Acts may be applicable. Therefore, cyber laws includes the whole
set of legislation that can be applied to determine conduct on the Internet.
The march of technology demands the enactment of newer legislation both to

regulate the technology and also to facilitate its growth. The next to be soon
seen in the statute book is the Act on Communication Convergence, which
since 2001 is a Bill. This Act proposes to facilitate development of a national
infrastructure for an information based society, and to enable access thereto;
to provide a choice of services to the people with a view to promoting plurality
of news, views and information; to establish a regulatory framework for carriage
and content of communications in the scenario of convergence of
telecommunications, broadcasting, data-communication, multimedia and other
related technologies and services; and to provide for the powers, procedures
and functions of a single regulatory and licensing authority and of the Appellate
Tribunal. The communications commission is the key institution in the Bill
that is responsible for all matters relating to regulation of communications.
Among its main functions are to ensure:
i) that the communication sector is developed in a competitive environment
and in consumer interest;
ii) that communication services are made available at affordable cost to all,
especially uncovered areas including the rural, remote, hilly and tribal
areas;
iii) that there is increasing access to information for greater empowerment of
citizens and towards economic development;
iv) that quality, plurality, diversity and choice of services are promoted;
v) that a modern and effective communication infrastructure is established
taking into account the convergence of information technology, media,
telecommunication and consumer electronics;
vi) that defense and security interests of the country are fully protected;
vii) that introduction of new technologies, investment in services and
infrastructure and maximization of communication facilities and services
(including telephone density) are encouraged;
viii) that equitable, non-discriminatory interconnection across various networks
is promoted;
ix) that licensing and registration criteria are transparent and made known to
the public;
x) that an open licensing policy allowing any number of new entrants is in
place; and
xi) that the principle of a level playing field for all operators, including
existing operators on the date of commencement of this Act, is promoted,
10 so as to serve consumer interest.
Please answer the following Self Assessment Question. Domestic Laws:
Backgrounder
Self Assessment Question 1 Spend 3 Min.
Discuss the reason which necessitate the regulation of cyberspace.
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
1.4 INFORMATION TECHNOLOGY ACT, 2000

The Ministry of Information Technology was formed in 1999 burdened with
the enormous duty of making India an IT super power by 2008. In less than
a year, India witnessed the enactment of its first statute relating to information
technology1 on the pattern of the Model Law on Electronic Commerce, 1996,
adopted by the United Nations Commission on International Trade Law. The
Electronic Transactions Act, 1998 of Singapore also significantly guided the
framing of the Act. The Information Technology Act, 2000 was passed by
Parliament on May 15, 2000, approved by the President on June 9, 2000 and
notified to come into force on October 17, 2000.
The Information Technology Act intends to give legal recognition to e-commerce

and e-governance and facilitate its development as an alternate to paper based
traditional methods. The Act has adopted a functional equivalents approach in
which paper based requirements such as documents, records and signatures
are replaced with their electronic counterparts. The Act seeks to protect this
advancement in technology by defining crimes, prescribing punishments, laying
down procedures for investigation and forming regulatory authorities. Many
electronic crimes have been bought within the definition of traditional crimes
too by means of amendment to the Indian Penal Code, 1860. The Evidence
Act, 1872 and the Banker’s Book Evidence Act, 1891 too have been suitably
amended in order to facilitate collection of evidence in fighting electronic
crimes.
11
Laws and Entities 1.4.1 A Quick Overview of the Act
Section 1 deals with the extent, commencement and application of the Act. It
also specifically prohibits the application in certain situations. Section 2 of the
Act deals with definitions. Digital Signature has been vastly covered under
Chapters II, VI, VII and VIII. Chapters III and IV exclusively deal with electronic
records. Chapter V introduces the concept of secure electronic records and
secure digital signatures as also the security procedure. Offences and Penalties
under the Act have been enumerated in Chapters IX and XI whereas the Cyber
Regulations Appellate Tribunal, its constitution, powers and functions have
been laid down in Chapter X. Chapter XII deals with the issue of liability of
network service providers. Finally, Chapter XIII deals with residuary matters
like police powers, removal of difficulties, power to make rules and regulations,
amendment to various enactments, etc. There are four Schedules to the Act
each dealing with amendments to the four enactments indicated above. This
is the span of the Act. In the following discussion, though relevant definitions
would be given either in the running paragraphs, or in the footnotes, still, for
quick reference, the reader is advised to refer to section 2 of the IT Act and
the Glossary given in Schedule V of the Information Technology (Certifying
Authorities) Rules. A detailed discussion of the Act is attempted in the next
two units.
Please answer the following Self Assessment Question.

Discuss the salient features of the Information Technology Act, 2000.
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
1.5 CRITIQUES OF THE I.T. ACT

The IT Act, 2000 came at a time when cyber-specific legislation was much
needed. Moreover India was one of the earliest countries to draft a legislation
of this kind. Without a doubt, the IT Act has not only helped India achieve the
12 position that it holds today in the IT sector but also helped overseas based IT
and related investors gather a favourable impression of India’s IT related legal Domestic Laws:
Backgrounder
system, and therefore make a decision to invest in India. While a lot can be
said the merits of the Act, there is room for some improvement too.
One of the main drawbacks of the Act seems to be its inadequacy in providing
sufficient data protection provisions. With the transformation of the Internet
into the main arena of conduct of economic activities, there is a danger of the
possibility of key data being the target of crooks, for snooping paparazzi, for
espionage agencies etc.
The IT Act does not offer much in terms of protection of intellectual property
on the net. In other words there are no provisions in the act to protect copyrights,
patents or trademarks. To take a more specific example, the Act has no
provisions to deal with what is known as ‘cyber squatting’ relating to domain
name disputes. Though the area is presently covered laws relating to intellectual
property like Trade Marks, it is desirable for the IT Act also to have such a
provision. For instance when a major company wishes to register a domain
name in lets say .in, and it suddenly finds someone else wholly unconnected
to the company having registered the name of the company in that category,
the company has no remedy under the IT Act though it has the trademark for
that name. Similarly, there are no provisions in the IT Act to address cyber
theft, cyber stalking, cyber defamation etc.
On privacy issues also the Act has come in for a lot of flak. It does not
prohibit behaviour like spams and unsolicited e-mails that flood one’s in-box.
Neither does it provide for instances where there is a misuse of confidential
private data collected online.
The IT Act also is silent on issues relating to cross border taxation arising out
of international trade, which in the long run is inevitable and would turn out
to be a contentious issue.
Even from the purely technological standpoint there is a criticism that the Act
binds digital signatures to the asymmetric encryption system, limiting the
scope of innovation in technology. This is a drawback given the fact that
technology is constantly changing with one system giving place to another.
A single section devoted to liability of the Network Service Provider is highly

inadequate. The issues are many more. Apart from classification of the Network
Service Providers itself, there are various instances in which the Provider can
be made liable especially under other enactments like the Copyright Act or the
Trademark Act. However, the provision in the IT Act, 2000 devoted to ISP
protection against any liability is restricted only to the Act or rules or regulations
made thereunder. The section (though it might be argued the other way round,
still) is not very clear as to whether the protection for the ISPs extends even
under the other enactments.
There has been a general criticism of the wide powers given to the police
under the Act. Fear, especially among cyber café owners, regarding misuse of
powers under the IT Act, 2000 is not misplaced. Anyone can be searched and
arrested without any warrant at any point of time in a public place. But at the
13
Laws and Entities same time, the fact that committing a computer crime over the net and the
possibility of escaping thereafter is so much more viable, that providing such
policing powers to check the menace of computer crimes is also equally
important. Again, interception of electronic messages and e-mails might be
necessary under certain situations but the authorities cannot be given a free-
hand in interception as and when they feel. Similarly, we need to enquire and
delve deeper into police powers of investigation, search and warrant under the
IT Act, 2000 and look for a more balanced solution.
Another criticism of the Act seems to be that offences can be prosecuted both
under the civil and the criminal procedure system. Some of the instances that
provide for fine would have to be taken as per provisions of the civil procedure
code which is generally perceived to be a slow process. Other offences that
involve punishments of imprisonment would be as per the provisions of the
Criminal Procedure Code.
Finally, how the Act will be interpreted by a court of law and its implementation
and flaws in the long run are yet to be tested on a case-specific factual terrain
as the number of cases that have come before the higher courts under the Act
is just a handful.
1.6 PROPOSED AMENDMENTS TO THE I.T. ACT

With an objective to review the Information Technology Act 2000, in the light
of the latest developments and to consider the feedback received for removal
of certain deficiencies, an expert committee under the Chairmanship of Shri.
Brijesh Kumar, Secretary, Department of Information Technology was set up.
The committee had during its deliberations analysed some of the relevant
experiences and international best practices. The Committees recommendations
have been with the twin objectives of using the IT as a tool for socio-economic
development and employment generation, and also to further consolidate India’s
position as a major global player in the IT sector.
As the technologies and applications in IT sector change very rapidly, some

of the provisions related parameters that may change from time to time have
been proposed to be amended to provide for the new developments to be
incorporated by changes in rules/govt notifications. This would enable law to
be amended and approved much faster and would keep our laws in line with
the changing technological environment. The Act is proposed to be made
technology neutral with minimum change in the existing IT Act 2000. One
major change proposed is the substitution of “digital signature” with “electronic
signature” through an amendment to section 4. Digital signature is thus
recognised as one of the types of electronic authentication of records and not
as the only way. This is more in the nature of an enabling provision so as to
include more forms of authentication as and when technology advances. Further
in order to allow public-private partnership in e-governance delivery of services,
certain amendments have been proposed.
A new chapter (III A) under the title “Electronic Contracts” is proposed to be

added with section 10 proposing to give validity to Electronic Contracts.
14 Another impetus to e-commerce is sought to be given through this amendment.
In view of the concerns about the operating provisions in the IT Act related Domestic Laws:
Backgrounder
to data protection and privacy, in addition to contractual agreements between
parties, the existing Sections, for instance 43, 65, 66 and 72 have been revisited
and some amendments have been proposed.
A new section is being added (Sec 67(2)) to address child pornography with
higher punishment and fine of global standards. So also now a new form of
illegal conduct called video voyeurism, which means capturing the private
area of an individual without his/her consent and then transmitting it, has been
included as punishable conduct.
With regards to the use of encryption and also with relation to interception and
monitoring and decryption of any information, provisions that have a bearing
on national security, some changes based on the recommendation of the Ministry
of Home Affairs as well as the Inter Ministerial Working Group on Cyber
Laws and Cyber Forensics has been proposed.

Critically examine the amendments suggested by the Brijesh kumar
committee.
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
1.7 SUMMARY
• With the phenomenal growth of information and communication
technology and its importance in development it was soon realised that
the field had to be regulated. Regulation of a technological advancement
bought in technology based laws, principally the IT Act.
• In this connection laws can be categorised into two classes—
15
Laws and Entities 1) Laws may be technology neutral such as laws relating to defamation,
forgery, contract company etc. Here it is immaterial whether activities
covered by these acts are performed on the Internet or not.
2) Laws relating to the activities which can be performed on the Internet
only such as hacking, denial of services, viruses etc.
• Cyber laws in the domestic field consist of the IT Act supplemented by
a wide number of other Acts.
• The Act gives legal recognition to e-commerce, e-governance, digital
signature keeping records in electronic form etc. It also defines crimes
relating to computer and Internet and makes provisions for their
investigation and makes provision for punishment.
• We have also seen that the IT Act has a lot of scope for improvement and
that an amendment is already in the cards. The expert committee set up
by the government has suggested making the Act more technology neutral.
Some of the amendments suggested by the committee are — replacement
of the word — digital signature by electronic signature, making provision
for electronic contract, child pornography, etc.
1.8 TERMINAL QUESTIONS

1) Discuss the need of special laws in the field of cyberspace? Do you think
that Indian laws sufficiently deal with every aspect of the challenges
posed by the technology in the field of cyberspace?
1.9 ANSWERS AND HINTS

1. Phenomenal growth in the use of Internet in almost every walk of life has
posed the challenge of regulating the cyberspace. Such as identity of the
person, electronic signature in the contract and other transactions on the
Internet, hacking, virus etc. therefore special legal provisions are needed
to cope with it.
Indian IT Act has tried to address these issues but more needs to be done.
Government set up a committee to suggest amendment in the act.
Committee maid valuable suggestions which should be incorporated in
any future amendment to the Act.
2) Section 1 deals with the extent, commencement and application of the
Act. It also specifically prohibits the application in certain situations.
Section 2 of the Act deals with definitions. Digital Signature has been
vastly covered under Chapters II, VI, VII and VIII. Chapters III and IV
exclusively deal with electronic records. Chapter V introduces the concept
of secure electronic records and secure digital signatures as also the security
procedure. Offences and Penalties under the Act have been enumerated
in Chapters IX and XI whereas the Cyber Regulations Appellate Tribunal,
its constitution, powers and functions have been laid down in Chapter X.
Chapter XII deals with the issue of liability of network service providers.
Finally, Chapter XIII deals with residuary matters like police powers,
removal of difficulties, power to make rules and regulations, amendment
to various enactments, etc. There are four Schedules to the Act each
16
dealing with amendments to the four enactments indicated above. This is Domestic Laws:
Backgrounder
the span of the Act. In the following discussion, though relevant definitions
would be given either in the running paragraphs, or in the footnotes, still,
for quick reference, the reader is advised to refer to section 2 of the IT
Act and the Glossary given in Schedule V of the Information Technology
(Certifying Authorities) Rules. A detailed discussion of the Act is in the
next two units.
3) With an objective to review the Information Technology Act 2000, in the
light of the latest developments and to consider the feedback received for
removal of certain deficiencies, an expert committee under the
Chairmanship of Shri. Brijesh Kumar, Secretary Department of Information
Technology was set up. The committee had during its deliberations
analysed some of the relevant experiences and international best practices.
The Committees recommendations have been with the twin objective of:
using the IT as a tool for socio-economic development and employment
generation, and also to further consolidate India’s position as a major
global player in the IT sector.
A new chapter (III A) under the title “Electronic Contracts” is proposed
to be added with section 10 proposing to give validity to Electronic
Contracts. Another impetus to e-commerce is sought to be given through
this amendment.
In view of the concerns about the operating provisions in the IT act
related to data protection and privacy, in addition to contractual agreements
between parties, the existing Sections for instance 43, 65, 66 and 72 have
been revisited and some amendments have been proposed. A new section
is being added (Sec 67(2)) to address child pornography with higher
punishment and fine of global standards. So also now a new form of
illegal conduct called video voyeurism, which is capturing the private
area of an individual without his consent and then transmitting it, has
been included as a punishable conduct.
1.10 REFERENCES AND SUGGESTED READINGS

Under the Act, the following rules, regulations and guidelines have been framed:
(a) the Information Technology (Certifying Authorities) Rules, 2000; (b) the
Cyber Regulations Appellate Tribunal (Procedure) Rules, 2000; (c) the
Information Technology (Certifying Authority) Regulations, 2001; and, (d) the
Guidelines for Submission of Application for Certifying Authority, 2001.
17
Laws and Entities
Governing Cyberspace UNIT 2 INFORMATION TECHNOLOGY
ACT – PART I
Structure
2.1 Introduction
2.2 Objectives
2.3 Statement of Objects and Reasons
2.4 Application of the Act – The Extra-Territorial Effect
2.5 Digital Signatures (Chapters II, V, VI, VII, VIII)
2.5.1 Controller of Certifying Authorities
2.5.2 Licence to Issue Digital Signature Certificates
2.6 E-governance (Chapter III)
2.6.1 Functional-Equivalent Approach
2.6.2 Legal Recognition of Electronic Records
2.6.3 Legal Recognition of Digital Signatures
2.6.4 Use of Electronic Records and Digital Signatures in Government and its
Agencies
2.6.5 Retention of Electronic Records
2.7 Summary
2.1 INTRODUCTION
In the previous unit we have tried to present a broad picture of the IT Act. In
the next two units, we shall examine the provisions of the Information
Technology Act, 2000 in detail. In this unit we shall discuss the objectives for
which this Act has been passed. This unit will also discuss the extra-territorial
application of the Act. This has become important because computer related
wrongs know no boundaries. A wrongful act committed in one country may
affect the computers and computer networks of not only the country where the
wrong has been committed but also of other countries.
The IT Act has introduced certain new concepts such as “digital signature”
“e-governance” etc. The Act gives legal recognition to the electronic records
and treat its at par with the paper based system if all the safeguards are
followed.
2.2 OBJECTIVES
• discuss the aims and objectives of the Act i.e. what does the Act try to
achieve?
18
• analyse the concept of digital signature and discuss the powers and Information Technology
Act – Part I
functions of the issuing authorities a authority to exercise control over the
issuance of digital signatures; and
• discuss the provisions relating to e-governance and legal recognition of
electronic records.
2.3 STATEMENT OF OBJECTS AND REASONS

The statement of objects and reasons of the IT Act reflects the purpose of the
enactment and what it is trying to achieve. The concern of the framers of the
IT Act was the need for information to be collected, stored and utilized in
electronic form which in turn would serve the dual purpose of facilitating e-
commerce and inducting e-governance in the system.
Another object was clearly aimed at giving effect to the United Nations General
Assembly Resolution1 whereby the Model Law on Electronic Commerce was
adopted by the United Nations Commission on International Trade Law. It
recommended the States to give a favourable consideration to the Model Law
when they enact or revise their laws, ‘in view of the need for uniformity of the
law applicable to alternatives to paper-based methods of communication and
storage of information’. Thus, the idea has been to make a shift from the
paper-based system to electronic system whereby the communication and
storage of data would be through the electronic medium rather than on paper.
The solution devised is by giving a statutory mechanism to the creation and

use of digital signatures in the country. For this purpose, the required institution
is created which would be responsible for issuance of Digital Signature
Certificates and subsequent verification so that it can be used in e-commerce
and e-governance. Certain ‘deeming’ provisions have been incorporated to
supplement the existing laws and support them for the electronic era. The Act
attempts to achieve the need of e-governance by providing for e-records. It
provides a statutory support to electronic records so that they can be used for
promotion of efficient delivery of government services.
Cyber crimes have been dealt with by providing for punishment for certain
computer-related wrongs. Finally, the Act also provides for electronic transfer
of funds. Various other Acts namely the Indian Penal Code, 1860, the Indian
Evidence Act, 1872, the Reserve Bank of India Act, 1934 and the Bankers’
Books Evidence Act, 1891 have been suitably amended to suit the electronic era.
2.4 APPLICATION OF THE ACT – THE EXTRA-

TERRITORIAL EFFECT
The application of the Act and its extra-territorial effect can be well understood
by a conjoint reading of sections 1, 75 and 81. The Act extends to the whole
of India.2 It applies also to any offence or contravention thereunder committed
outside India by any person. However, an exception to this rule has been
carved out in section 75 of the Act. Sub-section (1) of section 75 though in
wider terms has made the Act applicable also to any offence or contravention
committed outside India by any person irrespective of his nationality, this sub- 19
Laws and Entities section has been made subject to the provisions of sub-section (2) which states
that for the purposes of sub-section (1), this Act shall apply to an offence or
contravention committed outside India by any person, if the act or conduct
constituting the offence or contravention involves a computer, computer system
or computer network in India. In effect, if an act (amounting to an offence
under the Act) has been committed and where any computer, computer system
or computers which are interconnected to each other in a computer network
and which is in India is also involved (which might be either as a tool for
committing the crime or as a target to the crime), then the provisions of the
Act would apply to such an act. Section 81 provides effect to the provisions
of the Act notwithstanding anything inconsistent contained in any other law
for the time being in force. Therefore, effectively even if an offence (falling
under the Act) is committed outside India by a foreigner, yet the courts in
India would have the jurisdiction.
It is noticeable that with the IT Act, there has been a conceptual change with
regard to the applicability of a statute. Due to the borderless connectivity of
the computers through the Internet, and the ease with which one can commit
a cyber crime in India while physically located beyond the boundaries of the
country, the Parliament has made the provisions of the Act applicable
irrespective of where the accused might be physically located. In contrast, if
we see the extent of operation of the Indian Penal Code (IPC) under section
1,3 it extends only ‘to the whole of India except the State of Jammu and
Kashmir’. No further applicability clause has been provided for. Section 2 of
the IPC makes every person including a foreigner liable to punishment for
every act or omission contrary to the provisions of IPC, of which he/she shall
be guilty in India. Sections 3 and 4 of the IPC relate to the extra-territorial
operation of the Code. But these sections too are restrictive in nature and not
as broad as the combined effect of section 1(2) read with section 75 of the IT
Act.

Discuss the extra-territorial effect of the IT Act. In what respect are its
provisions are different from I.P.C.?
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
20
Information Technology
2.5 DIGITAL SIGNATURES (CHAPTERS II, V, VI, Act – Part I
VII, VIII)
Before we start discussing the topic of digital signature under the IT Act we
must bear in mind that the expert committee to review the IT Act (discussed
in the previous chapter) has proposed one major change that is the substitution
of “digital signature” with “electronic signature” through an amendment to
section 4. Digital signature is thus recognised as one of the types of electronic
signature only. Therefore, very soon all references to digital signature in the
IT Act may be substituted with electronic signature.
Any commercial transaction necessarily requires an agreement between two

parties. For having a more secure transaction, people prefer having the
agreement written and signed. With the advent of information technology and
movement of the business on the Internet, it became necessary that there
should be a secure form of entering into online contracts. In an online
environment, the same is done through digital signatures.
Affixing a digital signature implies the electronic authentication of an electronic

document. It has a two-fold purpose: (a) identification of the person who is
signing the document; (b) authentication of the contents of the document
which is being signed. In the Act, Chapters II, VI, VII and VIII are devoted
to digital signatures. In these chapters have been laid down the mechanism for
issuance, modification and revocation of digital signatures, the authorities
who would be assigned the task related to digital signatures, their powers and
functions, and the duties of the subscribers of the digital signatures.
The whole system creates a hierarchy in which at the top of is the Controller
of Certifying Authorities who has the power to appoint Certifying Authorities
and grant them the licence to issue Digital Signature Certificates. In turn, the
Certifying Authorities can issue such Certificates to the subscribers. The process
of application, renewal, suspension and revocation of licence of the Certifying
Authorities has been provided. Likewise, the power to issue, suspend and
revoke digital signature certificates is given in the hands of the Certifying
Authorities. A hierarchy of digital signature certificates too has been provided
for the purpose of verification of genuineness of digital signatures which
ultimately can be verified by the Controller of Certifying Authorities who
under the Act is the highest authority for digital signatures and related matters.
Section 2(p) of the Act defines ‘digital signature’ as ‘authentication of any

electronic record by a subscriber by means of an electronic method or procedure
in accordance with the provisions of section 3’. Chapter II of the Act has a
single section that is section 3 providing for authentication of electronic records.
Sub-section (1) of section 3 states that ‘any subscriber may authenticate an
electronic record by affixing his digital signature’. This forms the base of use
of digital signature. Section 3(1) of the Act gives a legal sanctity to the usage
of digital signatures in the country. A person can, if he/she wishes, use digital
signatures to authenticate an electronic record and such authentication is now
recognisable under the law.
21
Laws and Entities Please answer the following Self Assessment Question.
What is digital signature and what purpose is achieved by it?
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
2.5.1 Controller of Certifying Authorities

At the top of the hierarchy of authorities under the Act for the purpose of
issuance of digital signature certificates is the Controller of the Certifying
Authorities. Under Section 17(1) of the Act, the Central Government has been
empowered to appoint a Controller for the purposes of the Act.
The functions of the Controller have been enumerated under section 18 of the
Act. These functions basically relate to Certifying Authorities or Digital
Signature Certificate. It is the Controller’s duty to regulate and control almost
each and every activity of the Certifying Authorities. This is particularly
important since the primary work of the Certifying Authorities is issuance of
digital signatures and setting up infrastructure for its subsequent public
verification. The Controller also has the function of specifying the form and
content of a Digital Certificate and the key as also specifying the contents of
written, printed, or visual materials and advertisements that may be distributed
or used in respect of a Digital Signature Certificate and the public key. In case
of conflict of interests between the Certifying Authorities and the subscribers,
the Controller has been empowered to resolve the same.
Controller to act as Repository

Under section 20 of the Act, the Controller has been made the repository of
all Digital Signature Certificates issued under the Act. The responsibility of
the secrecy and security of the Certificates is on the Controller who shall
make use of appropriate hardware, software and procedures that are secure
from intrusion and misuse. The Controller is also under an obligation to
22
maintain a computerised database of all public keys in such a manner that Information Technology
Act – Part I
such database and the public keys are available to any member of the public.
Recognition of Foreign Certifying Authorities

Section 19 of the Act gives the power to the Controller to recognise any
Certifying Authority for the purposes of the Act subject to certain conditions.
Power to investigate contraventions

Section 28 empowers the Controller to take up for investigation any
contravention of the provisions of this Act, rules or regulations made thereunder.
Directions to extend facilities to decrypt information

The Controller has, under sub-section (1) of section 69, the power to direct
any agency of the Government to intercept any information transmitted through
any computer resource. However, certain conditions have been laid down,
which have to be fulfilled before such power can be exercised.
i) The Controller should be satisfied that such interception is necessary in
the interest of the sovereignty or integrity of India, the security of the
State, friendly relations with foreign States or public order or for preventing
incitement to the commission of any cognizable offence.
ii) Such reasons must be recorded in writing.
iii) The direction to the agency must be by an order.
2.5.2 Licence to Issue Digital Signature Certificates

An elaborate discussion has been made in the Act with regard to the licence
to issue Digital Signature Certificates. The provisions of the Act cover the
application for licence, grant or rejection of licence, renewal of licence,
suspension of licence, display of licence and surrender of licence. The Controller
has been made the sole authority with regard to all these activities.
2.6 E-GOVERNANCE (CHAPTER III)

Chapter III covers the area of legal recognition of certain paper-based concepts
and functions in electronic form. Sections 4 to 8 provide for legal recognition
of electronic records, digital signatures, use of electronic records and digital
signatures in Government and its agencies, retention of electronic records, and
publication of rule, regulation, etc. in Electronic Gazette. This Chapter serves
a dual purpose: (a) it introduces the principle of functional equivalence; and,
(b) it provides the foundation to one of the averred objects of the Act of
introducing e-governance by ‘facilitating electronic filing of documents with
the government agencies’.
2.6.1 Functional-Equivalent Approach

Chapter III of the Act has adopted the ‘functional-equivalent’ approach. This
approach is based on an analysis of the purposes and functions of the traditional
paper-based requirement with a view to determining how those purposes or
23
Laws and Entities functions could be fulfilled through electronic-commerce techniques. When
adopting this approach in the UNCITARL Model Law, attention was given to
the existing hierarchy of form requirements, which provides distinct level of
reliability, traceability and inalterability with respect to paper-based documents.
This approach singles out the basic functions of paper-based form requirements,
with a view to providing criteria which, once they are met by electronic
documents, enable such e-documents to enjoy the same level of legal recognition
as corresponding paper documents performing the same function enjoy. For
example, if a contract is signed and sent as an electronic document, the chances
of its reliability would be, in general situations, lesser than that of a paper-
based document due to certain doubts as to its authenticity and chances of
alteration of the contents. However, if the same electronic document is sent
after being digitally signed by using a digital signature certificate issued by a
trustworthy digital signature certificate provider, then, since it would be able
to perform the same functions of reliability, traceability and inalterability as a
paper-based document, it would receive legal sanction. What is noticeable is
that a document in electronic form can, with suitable technical guards, perform
the functions of writing much better than a paper-based document.
For the purpose of this Chapter, definition of ‘electronic form’, as provided

under section 2(r) of the Act, is very material. It means, with reference to
information, any information generated, sent, received, or stored in media,
magnetic, optical, computer memory, micro film, computer generated micro
fiche or similar device.

What is the functional equivalent approach? Discuss whether the
electronically produced data with suitable technical safe-guard is as reliable,
traceable and unalterable as the data written on paper.
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
24
2.6.2 Legal Recognition of Electronic Records Information Technology
Act – Part I
Section 44 of the Act deems the fulfillment of the requirement of any information
to be in writing in typewritten or printed form, if such information fulfills two
conditions. Firstly, such information should be rendered or made available in
an electronic form (for example, in a floppy disk). Secondly, such information
is accessible as to be usable for a subsequent reference. The word ‘accessible’,
as per the UNCITRAL guide, is meant to imply that information in the form
of computer data should be readable and interpretable, and that the software
that might be necessary to render such information readable should be retained.
The word ‘usable’ is not intended to cover only human use but also computer
processing. ‘Subsequent reference’ seems to imply merely the need for future
reference. The carefully worded section does not seem to lay down any stringent
standards as to the reliability or durability of the electronic record. Rather, it
merely requires that such information if made available at a certain point of
time in electronic form should be available for usage at some future time as
well. The purpose is to basically provide a legal sanctity to production of any
information in electronic form. Whether such information provided is correct,
or authentic, or unaltered, or reliable is not within the purview of this section.
If the law provides something to be in writing, then, subject to certain
conditions, the legal requirement of writing would be fulfilled if such
information is in electronic form.
2.6.3 Legal Recognition of Digital Signatures

Section 55 proceeds on the functional-equivalent approach. It is based on the
recognition of the functions of a signature in a paper-based environment. The
following functions of a signature are considered in the UNCITRAL Guide6:
(a) identifying a person; (b) providing certainty as to the personal involvement
of that person in the act of signing; (c) associating such person with the
content of the document.7 Broadly, these being the functions of a signature,
the purpose of section 5 is to merely introduce and give legal sanctity and
acceptance to the use of digital signatures. It is not necessary as to what is the
mode of signature; it may be paper-based or electronic. However, so long as
the functions of the signature are being performed, such signature will receive
legal recognition. Section 5 of the Act states that where any law provides that
any information or any other matter shall be authenticated by affixing the
signature or any document shall be signed or bear the signature of any person,
then, notwithstanding anything contained in such law, such requirement shall
be deemed to have been satisfied, if such information or matter is authenticated
by means of digital signature affixed in such manner as may be prescribed by
the Central Government. The Explanation to the Section further clarifies the
ambit of the word ‘signature’ as to mean, ‘with its grammatical variations and
cognate expressions, with reference to a person, affixed of his hand written
signature or any mark on any document’. Section 5, like section 4, has a
limited field of operation. It is not the purpose of section 5 to ascertain
whether the digital signature affixed is as per the rules prescribed, or whether
the functions of a signature have been fulfilled. The purpose is merely to
provide legal recognition to a digital signature on par with hand-written
signature wherever the law requires the affixation of such signature.
25
Laws and Entities 2.6.4 Use of Electronic Records and Digital Signatures in
Government and its Agencies
Section 6 provides for use of electronic records and digital signatures in
government functioning. If any particular law requires filing of any form,
application or any other document with any office, authority, body or agency
owned or controlled by the appropriate Government8 in a particular manner,
or the issuance or grant of any licence, permit, sanction or approval by whatever
name called in a particular manner, or the receipt or payment of money in a
particular manner, then, under sub-section (1) of the section 6, such requirement
would be deemed to have been satisfied if such filing, issue, grant, receipt or
payment, is effected by means of an electronic form. Such electronic form
may be prescribed by the appropriate government. The appropriate government,
under sub-section (2), has been given the power to make rules to prescribe the
manner and format in which such electronic records shall be filed, created or
issued, as also the manner or method of payment of any fee or charges for
filing, creation or issuance of any electronic record.
Therefore, an application for a document say, a land record, if made in the

prescribed electronic form to the revenue and land records department, it
would be legally valid under section 6. Or, a grant of certificate of registration
as a dealer by the government under a sales tax legislation in an electronic
form is now legally recognisable.
2.6.5 Retention of Electronic Records

Various statutes provide for storage of information (for example, for tax
purposes or auditing/accounting, etc.). Such information is generally stored on
paper-based mode. However, with increase in computers for processing and
storage of information, it became imperative to provide legal sanction to storage
of information in electronic form. Modern trade works through information
technology and requires it to retain all the information, though generated, sent
or received in electronic form, in paper-based mode would be a step back.
Section 7 of the Act permits retention of information in electronic form and
gives legal recognition to retention of electronic records. Where any law
provides that documents, records of information shall be retained for any
specific period, then, that requirement shall be deemed to have been satisfied
if such documents, records or information are retained in electronic form. The
section deems the fulfillment of the legal requirement of paper-based retention
of information if the same is done in electronic form.
2.7 SUMMARY
• In this unit we have examined in detail the objects and reasons for the IT
Act, the applicability of the Act i.e. the extra territorial application of the
Act, provisions relating to digital signatures, e-commerce and e-
governance. This part of the IT Act deals with the recognition of the
electronic record and its legalisation as an alternative to paper based
records.
26
• The aim of the Act is to give legal recognition to the information collected, Information Technology
Act – Part I
stored and utilized in electronic form so as to facilitate electronic commerce
and e-governance.
• The Act gives legal recognition to digital signature and provides for the
issuance, of it. It also provides for the controlling mechanism to check
abuse of digital signature.
• The Act provides for the appointment of the controller of the certifying
authority who shall issue licences to the authorities who can issue digital
signatures. The Controller has also been granted powers to recognise
foreign certifying authorities in this respect.
• The Act adopts the functional equivalent approach i.e. if the electronic
records satisfy the same level of reliability as the paper document, it
should be given the same recognition as the paper based record.

1) What is digital signature? How is it issued? Discuss the powers and
functions of the controller of certifying authority and the certifying
authorities.
2) What is the functional equivalent approach? Discuss how it is adopted in
the Act with respect to the digital signature and electronic records. Do
you think that the electronic records satisfy the test of reliability, traceability
and inalterability in the same way as the paper based records?
3) What are the conditions of the recognition of electronic record? Do you
think that the provisions contained in the Act adequately deal with the
issue?

1) The application of the Act and its extra-territorial effect can be well
understood by a conjoint reading of sections 1, 75 and 81. The Act
extends to the whole of India. It applies also to any offence or contravention
thereunder committed outside India by any person. However, an exception
to this rule has been carved out in section 75 of the Act. Sub-section (1)
of section 75 though in wider terms has made the Act applicable also to
any offence or contravention committed outside India by any person
irrespective of his nationality, this sub-section has been made subject to
the provisions of sub-section (2) which states that for the purposes of
sub-section (1), this Act shall apply to an offence or contravention
committed outside India by any person, if the act or conduct constituting
the offence or contravention involves a computer, computer system or
computer network in India. In effect, if an act (amounting to an offence
under the Act) has been committed and where any computer, computer
system or computers which are interconnected to each other in a computer
network and which is in India is also involved (which might be either as
a tool for committing the crime or as a target to the crime), then the
provisions of the Act would apply to such an act. Section 81 provides
effect to the provisions of the Act notwithstanding anything inconsistent
27
Laws and Entities contained in any other law for the time being in force. Therefore, effectively
even if an offence (falling under the Act) is committed outside India by
a foreigner, yet the courts in India would have the jurisdiction.
It is noticeable that with the IT Act, there has been a conceptual change
with regard to the applicability of a statute. Due to the borderless
connectivity of the computers through the Internet, and the ease with
which one can commit a cyber crime in India while physically located
beyond the boundaries of the country, the Parliament has made the
provisions of the Act applicable irrespective of where the accused might
be physically located. In contrast, if we see the extent of operation of the
Indian Penal Code (IPC) under section 1, it extends only ‘to the whole
of India except the State of Jammu and Kashmir’. No further applicability
clause has been provided for. Section 2 of the IPC makes every person
including a foreigner liable to punishment for every act or omission
contrary to the provisions of IPC, of which he shall be guilty in India.
Sections 3 and 4 of the IPC relate to the extra-territorial operation of the
Code. But these sections too are restrictive in nature and not as broad as
the combined effect of section 1(2) read with section 75 of the IT Act.
2) Affixing the digital signature implies the electronic authentication of an
electronic document. It performs the same function as the signature by
hand. The Act makes provision for the appointment of a Controller of
Certifying Authorities that is empowered to grant licences to authorities
who may issue digital signatures. The Act makes elaborate provisions in
this regard.
3) Functional equivalent approach in the context of electronic signature and
records mean that they perform similar functions as the signature by hand
and paper based documents. If these are done with adequate safeguards,
they are more reliable than their traditional counterparts.

1. Resolution no. A/RES/51/162. 30 Jan.1997.
2. S. 1(2) It shall extend to the whole of India and, save as otherwise
provided in this Act, it applies also to any offence or contravention
thereunder committed outside India by any person.
3. S. 1. – This Act shall be called the Indian Penal Code, and shall extend
to the whole of India except the State of Jammu and Kashmir.
4. S. 4. Legal recognition of electronic records. Where any law provides that
information or any other matter shall be in writing or in the typewritten
or printed form, then, notwithstanding anything contained in such law,
such requirement shall be deemed to have been satisfied if such information
or matter is—
a) rendered or made available in an electronic form; and
b) accessible so as to be usable for a subsequent reference.
28
5. S. 5. Legal recognition of digital signatures. Where any law provides that Information Technology
Act – Part I
information or any other matter shall be authenticated by affixing the
signature or any document shall be signed or bear the signature of any
person (then, notwithstanding anything contained in such law, such
requirement shall be deemed to have been satisfied, if such information
or matter is authenticated by means of digital signature affixed in such
manner as may be prescribed by the Central Government.
6. Para. 53 of the Guide to Enactment of the UNCITRAL Model Law on
Electronic Commerce (1996).
7. Explanation. — For the purposes of this section, “signed”, with its
grammatical variations and cognate expressions, shall, with reference to
a person, mean affixing of his hand written signature or any mark on any
document and the expression “signature” shall be construed accordingly.
8. S. 2(e). – ‘appropriate Government’ means as respects any matter, - (I)
enumerated in List II of the Seventh Schedule to the Constitution; (ii)
relating to any law enacted under List III of the Seventh Schedule to the
Constitution, the State Government and in any other case, the Central
Government.
29
Laws and Entities
Governing Cyberspace UNIT 3 INFORMATION TECHNOLOGY
ACT – PART II
Structure
3.1 Introduction
3.2 Objectives
3.3 Adjudication (Chapter IX)
3.3.1 Adjudicating Officer
3.3.2 Cyber Regulations Appellate Tribunal
3.4 Penalties and Offences (Chapter IX & XI)
3.4.1 Penalties
3.4.2 Offences
3.4.3 Investigation
3.5 Network Service Provider Liability (Chapter XII)
3.6 Amendments to Certain Statutes
3.6.1 Amendments to the Indian Penal Code, 1860
3.6.2 Amendments to the Indian Evidence Act, 1872
3.7 Summary
3.1 INTRODUCTION
In the previous unit you have seen that various new concepts such as digital
signature, e-governance, functional equivalent approach etc. have been
introduced by the IT Act, 2000. The first unit of this block gave you some idea
as to what types of challenges are faced by the legal system due to the
advancement of information technology.
You may have understood the fact that these challenges require different types
of adjudicatory mechanism and different types of offences and penalties to be
incorporated in law because the existing law cannot deal adequately with
these issues.
In this unit we shall discuss the adjudicatory mechanism provided in the IT

Act. We shall also discuss the offences and penalties provided in the Act and
how the offences under the Act be investigated. The investigation of IT related
offences is a very complicated affair. In these types of investigations special
kind of investigation techniques are applied.
The Act also amends certain provisions of Indian Penal Code, Indian Evidence
Act etc. The objective of these amendments is to enlarge the definitions of
certain offences so as to include within them the commission of these offences
electronically and give legal recognition to evidence of electronic records.
30
While studying this unit it is recommended that apart from the copy of the IT Information Technology
Act – Part II
Act, 2000, you should also keep the copies of the IPC, 1860 and Indian
Evidence Act, 1872 with you for having a glance at the bare provisions of
these Acts to understand the true scope of this unit.
3.2 OBJECTIVES
After studying this unit, you should be able to:
• discuss the powers, functions and qualifications and what procedure is to

be followed by the adjudicating officer and C.R.A.T., and discuss the
penalties and offences in case of the contravention of the Act;
• define the term and discuss network service provider and his/her liabilities
for offences committed using his/her network. What are the circumstances
under which he/she may be exempted from such liabilities?
• describe amendments made by this Act in different statutes to give legal

recognition to the electronically kept document, enlarge the definitions of
certain offences to include within them the commitment of offences
electronically and transfer of fund electronically.
3.3 ADJUDICATION (CHAPTER IX)

The Act provides for its own adjudicating mechanism and procedure. It
appoints adjudicating officers conferring on them powers to adjudicate upon
any allegations of contravention of the provisions of the Act or rules or
regulations made thereunder. It also constitutes a Cyber Regulations Appellate
Tribunal (CRAT) for the purpose of hearing appeals arising out of decisions
of the adjudicating officer as also the Controller under various provisions of
the Act.
3.3.1 Adjudicating Officer

Section 46 of the Act provides for appointment, powers and functions of the
adjudicating officer. Under sub-section (1), the Central Government shall
appoint any officer not below the rank of a Director to the Government of
India or an equivalent officer of a State Government to be an adjudicating
officer. Such adjudicating officers should possess such experience in the field
of Information Technology and legal or judicial experience as prescribed by
the Central Government. The adjudicating officer is required to hold an inquiry
and thereafter, adjudge whether any person has committed a contravention of
any of the provisions of this Act or of any rule, regulation, direction or order
made there under. If, after providing such opportunity and on the basis of
inquiry made under sub-section (1), the adjudicating officer is satisfied that
the person has committed the contravention, then, he/she may impose such
penalty or award such compensation as he/she thinks fit in accordance with
the provisions of that section.
31
Laws and Entities 3.3.2 Cyber Regulations Appellate Tribunal
Chapter X of the Act contains provisions relating to Cyber Regulations Appellate

Tribunal (CRAT). The Central Government by notification will establish one
or more appellate tribunals to be known as Cyber Regulations Appellate
Tribunal (CRAT). The Central Government will also in such notification specify
the matters and places in relation to which the CRAT may exercise jurisdiction.
CRAT will consist of one person only (‘the Presiding Officer’) to be appointed
by the Central Government, by notification.
Presiding Officer of CRAT

For appointment as a Presiding Officer of CRAT, a person will not be qualified
unless he/she (a) is, or has been, or is qualified to be, a Judge of a High Court;
or, (b) is or has been a member of the Indian Legal Service and is holding or
has held a post in Grade I of that Service for at least three years.
Appeal to and Procedure and Powers of the CRAT

The Central Government in exercise of its rule-making power under section
87 of the Act framed the Cyber Regulations Appellate Tribunal (Procedure)
Rules, 2001 regulating the procedure to be followed in applications made to
the CRAT.
Section 57 of the Act provides for appeal to the CRAT. Sub-section (1) gives
the right to appeal to any person who is aggrieved by the order of the Controller
or an adjudicating officer under this Act to CRAT having jurisdiction in the
matter. However, this right is subject to the provisions of sub-section (2)
which prohibits any appeal against any order of an adjudicating officer made
with the consent of the parties.
The appeal shall be dealt with by it as expeditiously as possible and endeavour

shall be made by it to dispose of the appeal finally within six months from the
date of receipt of the appeal.2 As regards the procedure to be followed during
an appeal, Section 58 of the Act provides that CRAT is not bound by the
procedure laid down by the Code of Civil Procedure, 1908. However, it shall
be guided by the principles of natural justice. Sub-section (2) of section 58
provides that the CRAT has the same powers as are vested in a civil court
under the Code of Civil Procedure, 1908.
Section 61 of the Act bars the jurisdiction of all other courts to entertain any
suit or proceeding in respect of any matter which an adjudicating officer or the
CRAT is empowered under this Act to determine. The section further provides
that no injunction shall be granted by any court or other authority in respect
of any action taken or to be taken in pursuance of any power conferred under
this Act.
Section 62 of the Act provides for an appeal to the High Court against the
order of the CRAT. Such appeal can be made on any question of fact or law
arising out of the order appealed against. The scope, therefore, of interference
in the order of the CRAT by the High Court is quite wide.
32
Please answer the following Self Assessment Question. Information Technology
Act – Part II
Give a brief account of the powers and functions of the adjudicating
officer and the CRAT.
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
3.4 PENALTIES AND OFFENCES (CHAPTER IX & XI)

Penalties and offences are dealt with in different Chapters in the Act. Chapter
IX, which also harbours provisions relating to adjudication, enumerates the
various penalties and the entailing civil consequences. Chapter XI deals
exclusively with offences.
3.4.1 Penalties
Three kinds of conduct have been listed out in the Act which would give rise
to civil consequences. Firstly, any person involved in any action relating to
damage to computer, computer system, etc., under section 43 of the Act,
would be liable to damages. Second group pertains to failure to furnish
information, returns, etc. under section 44. And finally section 45 contains the
residuary clause.
Section 43 of the Act provides a list of activities which, if carried out by any
person without the permission of the owner or any other person who is in
charge of a computer, computer system or computer network, would cause
such person who is carrying out the act to be liable to pay damages by way
of compensation not exceeding one crore rupees to the person so affected.
Such activities include:
A) Accessing or securing access to a computer, computer system or computer
network. This in effect refers to unauthorized access.
33
Laws and Entities B) Downloading, copying or extracting any data, computer database or
information from such computer, computer system or computer network
including information or data held or stored in any removable storage
medium. This means data theft and would also include acts of copyright
infringement like downloading of music.
C) Introducing or causing to be introduced any computer contaminant or
computer virus into any computer, computer system or computer network.
D) Damaging or causing to be damaged any computer, computer system or
computer network, data, computer database or any other programmes
residing in such computer, computer system or computer network.
E) Disrupting or causing disruption of any computer, computer system or
computer network.
F) Denying or causing the denial of access to any person authorized to
access any computer, computer system or computer network by any means.
G) Providing any assistance to any person to facilitate access to a computer,
computer system or computer network in contravention of the provisions
of this Act, rules or regulations made there under. This is a facet of
hacking.
H) Charging the services availed of by a person to the account of another
person by tampering with or manipulation any computer, computer system
or computer network. This refers to theft of Internet hours.
Confiscation of computer, computer system, floppies, compact disks, tape
drives or any other accessories in respect of which of any provision of this
Act, rules, orders or regulations has been or is being contravened, can be
resorted to under section 76.
3.4.2 Offences
Chapter XI of the Act enumerates the various acts which constitute an offence
under the Act along with the punishment be it either imprisonment or fine or
both. Such offences:
In case of offences committed by companies, such persons who, at the time

the contravention was committed, was in charge of, and was responsible to,
the company for the conduct of business of the company as well as the company,
will be, under sub-section (1) of section 85 of the Act, guilty of the contravention
and shall be liable to be proceeded against and punished accordingly. However,
if such person proves that the contravention took place without his/her
knowledge or that he/she exercised all due diligence to prevent such
contravention, he/she shall not be liable to punishment. Sub-section (2) of
section 85 also deems a director, manager, secretary or any other officer of the
company to be guilty of contravention and liable for punishment if it is proved
that the contravention has taken place with the consent or connivance of, or
is attributable to any neglect on the part of such person. ‘Company’, for the
purpose of this section, has been explained to mean any body corporate and
includes a firm or other association of individuals. ‘Director’, in relation to a
34 firm, would mean a partner in the firm.
3.4.3 Investigation Information Technology
Act – Part II
Section 78 of the Act places the powers of investigation with a police officer
not below the rank of Deputy Superintendent of Police. This provision overrides
anything contrary in the Code of Criminal Procedure. Section 80 confers the
powers on police officers to enter and search premises.

Discuss the provisions of the IT Act 2000 relating to the penalty and
punishment.
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
3.5 NETWORK SERVICE PROVIDER LIABILITY

(CHAPTER XII)
The issue of Network Service Provider has gained importance with the increase
of offences being committed via the Internet especially in the area of copyright
infringement. They are being held up for abetting the offence by providing
infrastructural facilities which help the offender to commit the offence.
However, to provide immunity to them, section 79 of the Act provides for
certain cases where they will not be liable. In case of any allegation of liability
under the Act, rules or regulations against a Network Service Provider for any
third party information or data made available by him/her, he/she shall not be
liable if he/she proves that the offence or contravention was committed without
his/her knowledge or that he/she had exercised all due diligence to prevent the
commission of such offence or contravention. ‘Network service provider’, for
the purpose of this section, has been explained to mean an intermediary.
‘Third party information’ is given to mean any information dealt with by a
network service provider in his/her capacity as an intermediary.
35
Laws and Entities To take an example, if A is hacking B’s computer and using the network
services provided by Z, a network service provider, then, to the extent that Z
is able to prove that the offence was committed without his/her knowledge or
that he/she had exercised all due diligence to prevent the commission of such
offence, he/she will be saved from any liability by virtue of section 79 of the
Act. However, what is worth taking note of is that the burden of proof has
been shifted to the network service provider. It would not be very difficult for
someone to just pull any network service provider into litigation and then
burdening him with the task of proving due diligence and commission without
knowledge. Keeping in mind the number of litigations that might ensue due
to contraventions based on the Internet, the task for network service providers
has really been reduced and immunity provided can still be burdensome.
Alternatively, the initial burden of proving that enough communication was
given to the network service provider should lie on the complainant. Thereafter,
the onus could shift to the network service provider that there was no knowledge
or that due diligence was exercised.
3.6 AMENDMENTS TO CERTAIN STATUTES

The Act, to further the acceptance and use of documents, evidence, and transfer
of funds through electronic means, has amended the Indian Penal Code, Indian
Evidence Act, Bankers’ Books Evidence Act and Reserve Bank of India Act
vide the First, Second, Third and Fourth Schedule respectively. As the Act
proposes such heavy induction of use of electronic means for documents and
signatures, as also governance, it became necessary to also amend certain
penal statutes to bring it on par with the offences relating to or committed
with the help of such electronic means. Many of such offences have already
been enumerated in the Act itself. However, such offences relate to a new
category which has emerged with the use of computer technology like hacking,
damage to computer systems, etc. There is another set of offences which were
already on the statute books but with the use of electronic means have taken
a new dimension and their scope needs to be further widened by appropriate
amendments in such statutes. This is what the amendments made by the Act
purport to achieve.
3.6.1 Amendments to the Indian Penal Code, 1860

Certain provisions of the Indian Penal Code (IPC) have been amended by
Section 91. These provisions primarily are offences relating to document. The
aim is to also include ‘electronic record’ thereby including such offences
which till now were only paper-based but can now also be paperless. For
example, for the purpose of forgery, it is no more necessary that the document
forged has to be signed (which traditionally would require a signature of a
person on a paper-based document) but has now been extended to forgery by
affixing a digital signature as well.
Largely, the amendments to the IPC can be categorised under five headings:
a) Definition: By insertion of section 29A, the definition of ‘electronic record’
as understood by section 2(1) (t) of the Act has been introduced in
the IPC.
36
b) Offences by or relating to public servants: Section 167 deals with the Information Technology
Act – Part II
offence committed by a public servant of framing an incorrect document
with intent to cause injury. The amendment makes the public servant
liable to punishment for the offence even in case of framing, preparation
or translation of an electronic record.
c) Offences of contempt of the lawful authority of public servants: Chapter
10 of IPC deals with contempt of the lawful authority of public servants
and is meant to enforce obedience and respect to their lawful authority.
All the amendments made in this Chapter pertain to introduction of
‘electronic record’ by the side of ‘document’ and bringing on par both
paper-based and paperless offences. Sections 172,3 1734 and 1755 have
been amended to ensure that any action which was done by way of a
paper-based document would still be an offence if done by way of
electronic means.
d) Offences relating to evidence: Sections 1926 and 2047 have been amended
under the Chapter relating to offences of false evidence and offences
against public justice. After the amendments, the offence of fabricating
false evidence would also include fabricating of a false electronic record.
Likewise, any destruction of an electronic record would attract punishment
under section 204.
e) Offences in relation to document: The major portion of the amendments
made in the IPC is dedicated to the Chapter 18 that is offences relating
to documents. All such offences pertaining to and based on the document
have been given a wider scope and are applicable to electronic records as
well. Such amendments primarily relate to use of electronic record and
affixation of digital signatures for the purpose of forgery. Section 463
which makes forgery a punishable offence has been amended to include
forgery by electronic record. Making of a false document under section
464 now includes dishonestly or fraudulently affixing any digital signature
on any electronic record. ‘Affixing digital signature’ has been given the
same meaning as assigned to it in section 2(1) (d) of the Act. Sections
466, 8 468, 9 470, 10 47111 and 47412 have been amended to the same effect
that is committing forgery by electronic record and affixing digital
signature.
3.6.2 Amendments to the Indian Evidence Act, 1872

Section 92 of the Act amends certain provisions of the Evidence Act. These
amendments can be summarized under four headings:
a) Amendments permitting evidence in electronic form: The definition of

‘documentary evidence’ under section 3 of the Evidence Act has been
amended to include ‘electronic records’ as well. The definitions of
‘certifying authority’, ‘digital signature’, ‘digital signature certificate’,
‘electronic form’, ‘electronic records’, ‘information’, ‘secure electronic
record’, secure digital signature and ‘subscriber’ have been inserted and
are to have the same meaning as assigned to them in the IT Act. Section
17 of the Evidence Act dealing with the definition of admission now
37
Laws and Entities includes a statement contained in electronic form as well. Sections 3413
and 3514 have been amended to include documents maintained in electronic
form and electronic record respectively. Section 39 dealing with the
evidence to be given when statement forms part of a conversation,
document, book or series of letters or papers has been appropriately
amended to include within its gamut ‘electronic records’. Section 59
states that ‘all facts except the contents of documents may be proved by
oral evidence’. The amendment now permits proving of all facts by oral
evidence except contents of document or electronic records. Therefore,
one cannot by oral evidence prove the contents of an electronic record.
Section13115 has been amended to include any person in possession of an
electronic record. The purpose of these amendments seems to basically
inculcate the concept of evidence through electronic records. It creates a
base for the amendments mentioned herein below. This set of amendments
does not pertain to the questions of genuineness of the electronic records
being produced as evidence or issues relating to their evidentiary value.
The only object is to be able to produce evidence in electronic form in
a court.
b) Expert opinion on digital signatures: Section 47A has been inserted
whereby the opinion of the Certifying Authority which has issued the
Digital Signature Certificate is a relevant fact16 when the court has to
form an opinion as to the digital signature of any person.
c) Amendments relating to evidentiary value and evidence: Certain
amendments by way of insertions have been made by the IT Act in the
Evidence Act to introduce electronic evidence in the Indian legal system.
Such electronic evidence has been permitted by use of electronic records
before a court of law. Section 3 as noted above was amended to include
electronic records within the definition of evidence. In continuation to
this amendment, certain further amendments have been made permitting
electronic records to be evidence. As to what should be the rules to test
the acceptability and genuineness of such electronic records as evidence
has been introduced by these amendments. Section 22A relates to the
relevance of oral admissions as to the contents of an electronic record
unless the genuineness of the electronic record produced is in question.
Section 65A and 65B collectively form the base for proving the contents
of an electronic record. Sections 67A and 73A relate to proving and
verification of digital signature respectively.
d) Presumptions: Introduction of evidence through electronic records has
also led to certain additional presumptions under the Evidence Act. Section
81A provides for presumption of genuineness of Gazettes in electronic
form. Certain presumptions have been provided for under sections 85A,
85B and 85C relating to electronic agreements, electronic records and
digital signatures, and digital signature certificates. Section 85C relates to
presumption with respect to electronic messages and section 90A with
regard to presumption as to electronic records which are purported or
proved to be five years old.
38
Please answer the following Self Assessment Question. Information Technology
Act – Part II
Self Assessment Question 3 & 4 Spend 6 Min.
Discuss in brief the amendment made by the IT Act, 2000 in the IPC.
What is the objective behind these amendments?
Discuss the amendments made by the IT Act, 2000 in the Evidence Act,
1872. What is the purpose of this amendment?
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
3.7 SUMMARY
In this unit we have discussed the adjudicatory mechanisms provided in the
IT Act, 2000. We have also discussed the offences and penalties provided for
in the Act including the liability of the service providers. Finally we have also
examined the amendments made by the IT Act, 2000 in the Indian Penal
Code, 1860 and Indian Evidence Act, 1872. The purpose of these amendments
is to redefine various offences so as to include the commission of these offences
electronically and to give the electronic records the same evidentiary value as
the paper based documents.

1) Discuss the powers, functions and procedure for the adjudication of
disputes under the IT Act, 2000.
2) What amendments has been made in the Indian Penal Code, 1860 and
Indian Evidence Act, 1872 by the I.T. Act? What is the purpose of these
amendments?

1) The Act provides for the appointments of the adjudicating officers and
cyber regulation appellate tribunals to settle the disputes relating to the
offences and penalties provided in the act. 39
Laws and Entities 2) Three kinds of conduct have been listed out in the Act which would give
rise to civil consequences. Firstly, any person involved in any action
relating to damage to computer, computer system, etc., under section 43
of the Act, would be liable to damages. Second group pertains for failure
to furnishing of information, returns, etc. under section 44. And finally
section 45 contains the residuary clause.
Section 43 of the Act provides a list of activities which, if carried out by
any person without the permission of the owner or any other person who
is in charge of a computer, computer system or computer network, would
cause such person who is carrying out the act to be liable to pay damages
by way of compensation not exceeding one crore rupees to the person so
affected. Such activities include:
A) Accessing or securing access to a computer, computer system or
computer network. This in effect refers to unauthorized access.
B) Downloading, copying or extracting any data, computer database or

information from such computer, computer system or computer
network including information or data held or stored in any removable
storage medium. This means data theft and would also include acts
of copyright infringement like downloading of music.
C) Introducing or causing to be introduced any computer contaminant

or computer virus into any computer, computer system or computer
network.
D) Damaging or causing to be damaged any computer, computer system

or computer network, data, computer database or any other
programmes residing in such computer, computer system or computer
network.
E) Disrupting or causing disruption of any computer, computer system

or computer network.
F) Denying or causing the denial of access to any person authorized to

access any computer, computer system or computer network by any
means.
G) Providing any assistance to any person to facilitate access to a

computer, computer system or computer network in contravention
of the provisions of this Act, rules or regulations made there under.
This is a facet of hacking.
H) Charging the services availed of by a person to the account of another

person by tampering with or manipulation any computer, computer
system or computer network. This refers to theft of Internet hours.
Confiscation of computer, computer system, floppies, compact disks,

tape drives or any other accessories in respect of which any provision
of this Act, rules, orders or regulations has been or is being
contravened, can be resorted to under section 76.
40
Offences Information Technology
Act – Part II
both. Such offences:

the contravention was committed, was in charge of, and was responsible, to,
if such person proves that the contravention took place without his knowledge
or that he exercised all due diligence to prevent such contravention, he shall
not be liable to punishment. Sub-section (2) of section 85 also deems a director,
manager, secretary or any other office of the company to be guilty of
contravention and liable for punishment if it is proved that the contravention
has taken place with the consent or connivance of, or is attributable to any
neglect on the part of such person. ‘Company’, for the purpose of this section,
has been explained to mean any body corporate and includes a firm or other
association of individuals. ‘Director’, in relation to a firm, would mean a
partner in the firm.
3 & 4) The objective of the amendments in the various statutes by this act is
to give same status to the electronic records and signature as the paper based
documents and signature underhand.

1. Vide G.S.R. 791 (E). 17 Oct. 2000.
2. S. 57(6) of the IT Act, 2000.
3. S. 172 of the Indian Penal Code. - Absconding to avoid service to summons
or other proceedings.
4. S. 173 of the Indian Penal Code. - Preventing service of summons or
other proceeding, or preventing publication thereof.
5. S. 175 of the Indian Penal Code. - Omission to produce document to
public servant by person legally bound to product it.
6. S. 192 of the Indian Penal Code. - Fabricating false evidence.
7. S. 204 of the Indian Penal Code. - Destruction of document to prevent its
production as evidence.
8. S. 466 of the Indian Penal Code. - Forgery of record of Court or of public
register, etc.
9. S. 468 of the Indian Penal Code. - Forgery for purpose of cheating.
10. S. 470 of the Indian Penal Code. - Forged document.
11. S. 471 of the Indian Penal Code. - Using as genuine a forged document.
41
Laws and Entities 12. S. 474 of the Indian Penal Code. - Having possession of document
described in S. 466 or 467, knowing it to be forged and intending to use
it as genuine.
13. S. 34 of the Evidence Act. - Entries in books of account when relevant.
14. S. 34 of the Evidence Act. - Relevance of entry in public record, made
in performance of duty.
15. S. 131 S. 34 of the Evidence Act. - Production of documents or electronic
records which another person, having possession, could refuse to produce.
16. This has an important bearing keeping in mind S. 5 of the Evidence Act
which states that, ‘Evidence may be given in any suit or proceeding of the
existence or non-existence of every fact in issue and of such other facts
as are hereinafter declared to be relevant, and of no others.’
42
UNIT 4 INTERNATIONAL TREATIES,
CONVENTIONS AND PROTOCOLS
CONCERNING CYBERSPACE
Structure
4.1 Introduction
4.2 Objectives
4.3 United Nations Commission on International Trade Law
4.4 World Summit on Information Society
4.5 United Nations Commission on Trade and Development
4.6 Council of Europe
4.7 World Trade Organization
4.8 World Intellectual Property Organization
4.9 Summary
4.10 Terminal Question
4.1 INTRODUCTION
After discussing domestic law in the previous three units, in this unit we shall
discuss the international instruments and institutions dealing with cyber law
and cyberspace. These are also integral parts of the legal system because the
challenges posed by ICT are of universal nature, hence they cannot be addressed
by one country alone without international cooperation.
The laws of cyber laws constitute the laws and regulations administered by
national institutions together with the ones administered by international,
intergovernmental and international non governmental organizations. Several
International agencies are active in matters relating to the regulation of
cyberspace and the media through which they execute these regulations are
international legal instruments like treaties, agreements, conventions, charters,
protocols, declarations, memoranda of understanding, modus vivendi and
exchange of notes. In fact, the meaning of the terms used to describe an
international instrument is variable, changing from State to State, from region
to region and instrument to instrument. Some of the terms can easily be
interchanged: an instrument that is designated “agreement” might also be
called “treaty”. The 1969 Vienna Convention on the Law of Treaties is the
principal law governing the international law of rights and obligations that
treaties entail. In this chapter we shall discuss some of the important
international instruments that have a bearing on the global cyber law regime
and as a natural corollary we shall also examine the work of the international
organizations that are the custodians of these instruments.
43
Laws and Entities
Governing Cyberspace 4.2 OBJECTIVES
• discuss the efforts made internationally to facilitate the growth and
accessibility of Information and Communication Technology; and
• examine the role played by the international organizations and agencies
to give electronic records the same recognition as paper based documents.
4.3 UNITED NATIONS COMMISSION ON

INTERNATIONAL TRADE LAW
The most prominent among all the international organizations is the United
Nations. The United Nations Commission on International Trade Law
(UNCITRAL) is the agency charged with the responsibility of harmonization
and unification of International trade laws. Based in Vienna, UNCITRAL is
a legal body with universal membership specialising in commercial law reform
worldwide for over 40 years. UNCITRAL’s business is the modernisation and
harmonisation of rules on international business.
With the growing usage of electronic commerce and advanced communications

technology in international trade, the UNCITRAL came up with a Model Law
on Electronic Commerce in 1996. This was based on a Resolution of the
General Assembly of the United Nations of 19851 , urging governments and
international organizations to take action to ensure legal security in the context
of the widest possible use of automated data processing in international trade.
This model law was adopted by the UNCTRAL in the Commission’s twenty-
ninth session after observations of governments and other interested
organizations. One of the guiding factors during the drafting of the model law
was that the law should facilitate the use of electronic commerce that is
acceptable to states with different legal, social and economic systems so as to
significantly contribute to the development of harmonious international
economic relations. The model law was intended to assist all states in framing
appropriate legislation governing the usage of alternatives to paper-based
methods of communication and storage of information.
Following the framing of the Model Law the United Nations General Assembly
by its Resolution No. 51/62, dated 30th January 19972 , recommended that all
states should give favourable consideration to the said law when they frame
or revise their own law. The model law with its provision for equal treatment
of users of electronic communications and paper based communication soon
became the basis of several national legislations including the Information
Technology Act of 2000 of India.
Currently the UNCITRAL in 2005 came out with the United Nations
Convention on the Use of Electronic Communications in International
Contracts. This was adopted by the General Assembly on 23 November 2005;
the Convention aims to enhance legal certainty and commercial predictability
where electronic communications are used in relation to international contracts.
It addresses the determination of a party’s location in an electronic environment;
44
the time and place of dispatch and receipt of electronic communications; the International Treaties,
Conventions and Protocols
use of automated message systems for contract formation; and the criteria to Concerning Cyberspace
be used for establishing functional equivalence between electronic
communications and paper documents — including “original” paper documents
— as well as between electronic authentication methods and hand-written
signatures. This instrument is now open for countries to sign and ratify.

Discuss the efforts made by the UNCITRAL in the development of cyber
law? Did it influence in any manner the Indian law in this area?
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
4.4 WORLD SUMMIT ON INFORMATION

SOCIETY
Under the aegis of the United Nations, with the International Telecommunication
Union playing a key role, a World Summit on Information Society (WSIS)
was held in two phases in Geneva, from1-12 December 2003 and in Tunis,
from 16-18 November 2005. At the summit in Geneva in 2003, world leaders
realising the immense potential of information and communication technologies
in human development, declared their “common desire and commitment to
build a people-centered, inclusive and development oriented information society,
where everyone can create, access, utilize and share information and knowledge,
enabling individuals, communities and peoples to achieve their full potential
in promoting their sustainable development and improving their quality of
life, premised on purposes and principles of the Charter of the United Nations
and respecting fully and upholding the Universal Declaration of Human Rights.”
One objective of the WSIS was to address the uneven distribution of the
benefits of the information technology revolution between the developed and
developing countries and within societies, what is known as the digital divide. 45
Laws and Entities A Plan of Action was adopted in Geneva to give effect to the vision of an
inclusive information and communication society aimed at bridging the digital
divide and building digital solidarity. The targets that were laid down in the
action plan to be achieved by 2015 by all nations are listed below.
a) to connect villages with ICTs and establish community access points;
b) to connect universities, colleges, secondary schools and primary schools
with ICTs;
c) to connect scientific and research centres with ICTs;
d) to connect public libraries, cultural centres, museums, post offices and
archives with ICTs;
e) to connect health centers and hospitals with ICTs;
f) to connect all local and central government departments and establish
websites and e-mail addresses;
g) to adapt all primary and secondary school curricula to meet the challenges
of the Information Society, taking into account national circumstances;
h) to ensure that all of the world’s population have access to television and
radio services;
i) to encourage the development of content and to put in place technical
conditions in order to facilitate the presence and use of all world languages
on the Internet;
j) to ensure that more than half the world’s inhabitants have access to ICTs
within their reach.
At the summit held in 2005 in Tunisia, governments reaffirmed their dedication
to the commitments made in Geneva and decided to further build on them
focusing on financial mechanisms for bridging the digital divide and also on
areas such as internet governance as well as follow up on Geneva and Tunis
decisions. A Tunis Agenda for the Information Society was adopted along with
a Tunis Commitment that outlined the basis for the implementation and follow-
up of the Agenda. The agenda has further identified the strategy to meet the
obligations of the Geneva plan. There the agenda proposes to undertake efforts
for:
a) mainstreaming and aligning national e-strategies, across local, national,
and regional action plans, as appropriate and in accordance with local and
national development priorities, with in-built time-bound measures.
b) developing and implementing enabling policies that reflect national realities
and promote a supportive international environment, foreign direct
investment as well as the mobilisation of domestic resources, in order to
promote and foster entrepreneurship, particularly Small, Medium and Micro
Enterprises (SMMEs), taking into account the relevant market and cultural
contexts. These policies should be reflected in a transparent, equitable
regulatory framework to create a competitive environment to support
these goals and strengthen economic growth.
c) building ICT capacity for all and confidence in the use of ICTs by all –
46 including youth, older persons, women, indigenous peoples, people with
disabilities, and remote and rural communities – through the improvement International Treaties,
and delivery of relevant education and training programmes and systems Concerning Cyberspace
including lifelong and distance learning.
d) implementing effective training and education, particularly in ICT, science
and technology that motivates and promotes participation and active
involvement of girls and women in the decision-making process of building
the Information Society.
e) paying special attention to the formulation of universal design concepts
and the use of assistive technologies that promote access for all persons,
including those with disabilities.
f) promoting public policies aimed at providing affordable access at all
levels, including community-level, to hardware as well as software and
connectivity through an increasingly converging technological environment,
capacity building and local content.
g) improving access to the world’s health knowledge and telemedicine
services, in particular in areas such as global cooperation in emergency
response, access to and networking among health professionals to help
improve quality of life and environmental conditions.
h) building ICT capacities to improve access and use of postal networks and
services.
i) using ICTs to improve access to agricultural knowledge, combat poverty,
and support production of and access to locally relevant agriculture-related
content.
j) developing and implementing e-government applications based on open
standards in order to enhance the growth and interoperability of e-
government systems, at all levels, thereby furthering access to government
information and services, and contributing to building ICT networks and
developing services that are available anywhere and anytime, to anyone
and on any device.
k) supporting educational, scientific, and cultural institutions, including
libraries, archives and museums, in their role of developing, providing
equitable, open and affordable access to, and preserving diverse and varied
content, including in digital form, to support informal and formal education,
research and innovation; and in particular supporting libraries in their
public-service role of providing free and equitable access to information
and of improving ICT literacy and community connectivity, particularly
in underserved communities.
l) enhancing the capacity of communities in all regions to develop content
in local and/or indigenous languages.
m) strengthening the creation of quality e-content, on national, regional and
international levels.
n) promoting the use of traditional and new media in order to foster universal
access to information, culture and knowledge for all people, especially
vulnerable populations and populations in developing countries and using,
inter alia, radio and television as educational and learning tools.
47
Laws and Entities o) reaffirming the independence, pluralism and diversity of media, and
freedom of information including through, as appropriate, the development
of domestic legislation, we reiterate our call for the responsible use and
treatment of information by the media in accordance with the highest
ethical and professional standards. We reaffirm the necessity of reducing
international imbalances affecting the media, particularly as regards
infrastructure, technical resources and the development of human skills.
These reaffirmations are made with reference to Geneva Declaration of
Principles paragraphs 55 to 59.
p) strongly encouraging ICT enterprises and entrepreneurs to develop and
use environment-friendly production processes in order to minimize the
negative impacts of the use and manufacture of ICTs and disposal of ICT
waste on people and the environment. In this context, it is important to
give particular attention to the specific needs of the developing countries.
q) incorporating regulatory, self-regulatory, and other effective policies and
frameworks to protect children and young people from abuse and
exploitation through ICTs into national plans of action and e-strategies.
r) promoting the development of advanced research networks, at national,
regional and international levels, in order to improve collaboration in
science, technology and higher education.
s) promoting voluntary service, at the community level, to help maximize
the developmental impact of ICTs.
t) promoting the use of ICTs to enhance flexible ways of working, including
teleworking, leading to greater productivity and job creation.

Discuss the principles enunciated in the WSIS summits.
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
48
International Treaties,
4.5 UNITED NATIONS COMMISSION ON TRADE Conventions and Protocols
Concerning Cyberspace
AND DEVELOPMENT
United Nations Commission on Trade and Development (UNCTAD) is the
United Nations General Assembly’s main agency responsible for trade and
development. Since 1998 when the General Assembly gave UNCTAD a special
grant to pursue and develop electronic commerce initiatives, this agency has
been active in its advocacy of the role and importance of information and
communication technologies in development.
UNCTAD carries out policy-oriented analytical work on the information

economy and its implications for developing countries. Its analytical work is
published in the annual Information Economy Report (former E-commerce
and Development Report). It also assists governments, businesses and civil
society groups that are considering adopting free and open source software
policies.
UNCTAD has also published the Digital Divide: ICT Development Indices
2004, which benchmarks ICT diffusion for over 150 countries using indices
of connectivity and access. It also monitors trends in ICT development to raise
awareness and helps formulate policies aimed at narrowing the digital divide.
4.6 COUNCIL OF EUROPE

Council of Europe is an international organization of 46 member states in the
European region. The Council is most prominent for the European Convention
on Human Rights 1950, which serves as the basis for the European Court of
Human Rights. The Council of Europe is not to be confused with the Council
of the European Union or the European Council, as it is a separate organization
and not part of the European Union.
The Council was set up to:
• Defend human rights, parliamentary democracy and the rule of law
• Develop continent-wide agreements to standardise member countries’
social and legal practices,
The Council of Europe came out with a Convention on Cyber crime (2001)
and its additional Protocol concerning the acts of a racist and xenophobic
nature committed through computer systems (2003). The Convention aims
principally at: (1) harmonising the domestic criminal substantive law elements
of offences and connected provisions in the area of cyber-crime (2) providing
for domestic criminal procedural law powers necessary for the investigation
and prosecution of such offences as well as other offences committed by
means of a computer system or evidence in relation to which is in electronic
form and (3) setting up a fast and effective regime of international co-operation.
The Convention contains four chapters: (I) Use of terms; (II) Measures to be
taken at domestic level – substantive law and procedural law; (III) International
co-operation; (IV) Final clauses.
49
Laws and Entities Section 1 of Chapter II (substantive law issues) covers both criminalization
provisions and other connected provisions in the area of computer- or computer-
related crime: it first defines 9 offences grouped in 4 different categories, then
deals with ancillary liability and sanctions. The following offences are defined
by the Convention: illegal access, illegal interception, data interference, and
system interference, misuse of devices, computer-related forgery, computer-
related fraud, offences related to child pornography and offences related to
copyright and neighbouring rights.
Section 2 of Chapter II (procedural law issues) – the scope of which goes

beyond the offences defined in section 1 in that it applies to any offence
committed by means of a computer system or the evidence of which is in
electronic form – determines first the common conditions and safeguards,
applicable to all procedural powers in this Chapter. It then sets out the following
procedural powers: expedited preservation of stored data; expedited preservation
and partial disclosure of traffic data; production order; search and seizure of
computer data; real-time collection of traffic data; interception of content data.
Chapter II ends with the jurisdiction provisions.
Chapter III contains the provisions concerning traditional and computer crime-
related mutual assistance as well as extradition rules. It covers traditional
mutual assistance in two situations: where no legal basis (treaty, reciprocal
legislation, etc.) exists between parties – in which case its provisions apply –
and where such a basis exists – in which case the existing arrangements also
apply to assistance under this Convention. Computer- or computer-related
crime specific assistance applies to situations and covers, subject to extra-
conditions, the same range of procedural powers as defined in Chapter II. In
addition, Chapter III contains a provision on a specific type of transporter
access to stored computer data which does not require mutual assistance (with
consent or where publicly available) and provides for the setting up of a 24/7
network for ensuring speedy assistance among the Parties.
4.7 WORLD TRADE ORGANIZATION

The growing importance of electronic commerce in global trade led World
Trade Organization (WTO) members to adopt a declaration on global electronic
commerce on 20 May 1998 at their Second Ministerial Conference in Geneva,
Switzerland. The Declaration directed the WTO General Council to establish
a comprehensive work programme to examine all trade-related issues arising
from electronic commerce, and to present a progress report to the WTO’s
Third Ministerial Conference.
The 1998 declaration also included a so-called moratorium stating that
“members will continue their current practice of not imposing customs duties
on electronic transmission”.
The work programme was adopted by the WTO General Council on
25 September 1998. It continued after the Third Ministerial Conference in
Seattle in November 1999.
At the Fourth Ministerial Conference in Doha in 2001, ministers agreed to
50 continue the work programme as well as to extend the moratorium on customs
duties. They instructed the General Council, in paragraph 34 of the Doha International Treaties,
Declaration, to report on further progress to the Fifth Ministerial conference Concerning Cyberspace
at Cancún, in 2003.
Under the work programme, issues related to electronic commerce have been
examined by the Council for Trade in Services, the Council for Trade in
Goods, the Council for TRIPS and the Committee on Trade and Development.
During the course of the work programme a number of background notes on
the issues have been produced by the WTO Secretariat and many member
governments have submitted documents outlining their own thoughts.
After the Doha Ministerial Declaration, the General Council agreed to hold
“dedicated” discussions on cross-cutting issues, i.e. issues whose potential
relevance may “cut across” different agreements of the multilateral system. So
far, there have been five discussions dedicated to electronic commerce, held
under the General Council’s auspices.
The issues discussed included: classification of the content of certain electronic

transmissions; development-related issues; fiscal implications of e-commerce;
relationship (and possible substitution effects) between e-commerce and
traditional forms of commerce; imposition of customs duties on electronic
transmissions; competition; jurisdiction and applicable law/other legal issues.
Participants in the dedicated discussions hold the view that the examination
of these crosscutting issues is unfinished, and that further work to clarify these
issues is needed.

Discuss the salient features of WTO Declaration on Global Electronic
Commerce.
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
51
Laws and Entities
Governing Cyberspace 4.8 WORLD INTELLECTUAL PROPERTY
ORGANIZATION
WIPO, the Geneva based World Intellectual Property Organization has a world-
wide coverage with179 member states. The purpose of WIPO is to “to promote
the protection of intellectual property throughout the world through cooperation
among states”. (Art. 3 WIPO Convention). WIPO is the forum for international
IP policy making, development and administration of the 23 international
treaties of which it is the custodian.
Migration of intellectual property to the digital world, IP being ideally suited

to digitization, is the order of the day. IP on the net is vulnerable because
infinite number of perfect copies can be made and easily distributed through
digital networks worldwide. There is therefore understandably a need to protect
internet content including information, music, software, films, business methods,
databases, etc.
Among the IP Issues on the Internet, the problem of the abusive registration
of trademarks as domain names known in other words as cyber squatting is
one of the areas that the WIPO addresses. The WIPO works through Uniform
Domain Name Dispute Resolution Policy adopted by ICANN, and provides
the services of a Domain name registrar. It also provides for alternative dispute
resolution services through its Arbitration and Mediation center.
Significant issues in the field of copyright have been examined for a number
of years through various public and private processes, at WIPO and other
international organizations, and at national and regional levels. Significant
progress has been made, with international consensus having already emerged
on some of these issues. In 1996, two treaties were adopted by consensus by
more than 100 countries at WIPO: the WIPO Copyright Treaty (WCT) and
the WIPO Performances and Phonograms Treaty (WPPT) (commonly referred
to as the “Internet Treaties”). The treaties, each having reached their 30th
ratification or accession, both have entered into force: the WCT on March 6,
2002, and the WPPT on May 20, 2002.
The WIPO Internet Treaties are designed to update and supplement the existing
international treaties on copyright and related rights, namely, the Berne
Convention and the Rome Convention. They respond to the challenges posed
by the digital technologies and, in particular, the dissemination of protected
material over the global networks that make up the Internet. The contents of
the Internet Treaties can be divided into three parts: (1) incorporation of
certain provisions of the TRIPS Agreement not previously included explicitly
in WIPO treaties (e.g. protection of computer programs and original databases
as literary works under copyright law); (2) updates not specific to digital
technologies (e.g., the generalized right of communication to the public); and
(3) provisions that specifically address the impact of digital technologies.
Although the Internet Treaties have now entered into force, in order that they
are truly effective in the digital environment, they must become widely adopted
in countries around the world, and their provisions must be incorporated in
52 national legislation.
There have also been some regulations from other intergovernmental bodies International Treaties,
like the European Union and also by international non-governmental bodies Concerning Cyberspace
like international chambers of Commerce.
4.9 SUMMARY
Cyber laws also include all the international instruments governing cyberspace.
Therefore in this chapter we have examined some important international
treaties, bodies international instruments formulated by various international
organizations such as the United Nations Commission on International Trade
Law (UNCITRAL), the work of the World Summit on Information Society
(WSIS), the United Nations Commission on Trade and Development
(UNCTAD), Council of Europe, World Trade Organization (WTO) and the
World Intellectual Property Organization (WIPO).
The objectives of these international organizations are to give equal status to

electronic documents with the paper based documents, to connect government
departments, health centers, universities and other educational and research
organizations via Internet thus to promote e-governance, to make the computer
and internet accessible to all irrespective of the economic status etc, to encourage
the development of software in regional languages so that every section of the
society may be benefited by the information and communication technology,
to encourage the development devices and software for the persons with
disabilities so that they may also be benefited by the ICT revolution etc.
4.10 TERMINAL QUESTION

1) Discuss the steps taken by international organizations to make Information
and Communication Technology universally accessible.

1) With the growing usage of electronic commerce and advanced
communications technology in international trade, the UNCITRAL came
up with a Model Law on Electronic Commerce in 1996. This was based
on a Resolution of the General Assembly of the United Nations of 1985 ,
urging governments and international organizations to take action to ensure
legal security in the context of the widest possible use of automated data
processing in international trade. This model law was adopted by the
UNCTRAL in the Commission’s twenty-ninth session after observations
of governments and other interested organizations. One of the guiding
factors during the drafting of the model law was that the law should
facilitate the use of electronic commerce that is acceptable to states with
different legal, social and economic systems so as to significantly contribute
to the development of harmonious international economic relations. The
model law was intended to assist all sates in framing appropriate legislation
governing the usage of alternatives to paper-based methods of
communication and storage of information.
53
Laws and Entities 2) Under the aegis of the United Nations, with the International
Telecommunication Union playing a key role, a World Summit on
Information Society (WSIS) was held in two phases in Geneva, 1-12
December 2003 and in Tunis, 16-18 November 2005. In Geneva in 2003,
world leaders realising the immense potential of information and
communication technologies in human development, declared their
“common desire and commitment to build a people-centered, inclusive
and development oriented information society, where everyone can create,
access, utilize and share information and knowledge, enabling individuals,
communities and peoples to achieve their full potential in promoting their
sustainable development and improving their quality of life, premised on
purposes and principles of the Charter of the United Nations and respecting
fully and upholding the Universal Declaration of Human Rights.” Amongst
the objectives of the of the WSIS was to address the uneven distribution
of the benefits of the information technology revolution between the
developed and developing countries and within societies, what is known
as the digital divide.
A Plan of Action was adopted in Geneva to give effect to the vision of
an inclusive information and communication society aimed at bridging
the digital divide and building digital solidarity. The targets that were laid
down in the action plan to be achieved by 2015 by all nations are listed
below.
a) to connect villages with ICTs and establish community access points;
b) to connect universities, colleges, secondary schools and primary
schools with ICTs;
c) to connect scientific and research centres with ICTs;
d) to connect public libraries, cultural centres, museums, post offices
and archives with ICTs;
e) to connect health centers and hospitals with ICTs;
f) to connect all local and central government departments and establish
websites and e-mail addresses;
g) to adapt all primary and secondary school curricula to meet the
challenges of the Information Society, taking into account national
circumstances;
h) to ensure that all of the world’s population have access to television
and radio services;
i) to encourage the development of content and to put in place technical
conditions in order to facilitate the presence and use of all world
languages on the Internet;
j) to ensure that more than half the world’s inhabitants have access to
ICTs within their reach.
54
3) The growing importance of electronic commerce in global trade led World International Treaties,
Trade Organization (WTO) members to adopt a declaration on global Concerning Cyberspace
electronic commerce on 20 May 1998 at their Second Ministerial
Conference in Geneva, Switzerland. The Declaration directed the WTO
General Council to establish a comprehensive work programme to examine
all trade-related issues arising from electronic commerce, and to present
a progress report to the WTO’s Third Ministerial Conference.

1. 40/71 of 11 Dec. 1985 (A/40/17).
2. A/RES/51/162. 30 Jan.1997.
55
Laws and Entities
Governing Cyberspace UNIT 5 GUIDELINES ISSUED BY VARIOUS
MINISTRIES
Structure
5.1 Introduction
5.2 Objectives
5.3 Broadband Policy, 2004
5.4 .IN Internet Domain Name – Policy Framework
5.5 Draft Policy Guidelines on Web-site Development, Hosting and
Maintenance
5.6 New Telecom Policy 1999 (NTP 1999)
5.7 Information Technology Security Guidelines
5.8 SEBI Guidelines on Internet-based Trading and Services
5.9 Guidelines for Setting up of International Gateways for Internet
5.10 Summary
5.1 INTRODUCTION
Different ministries under the Government of India as also State Governments
have come out with guidelines and policy related to information technology.
Under the Government of India the most important guidelines pertaining to
the information and communication technologies have been issued by the
Ministry of Communications and Information Technology and under it the
Department of Information Technology and also the Department of
Telecommunications. Some other ministries have also issued guidelines for
instance relating to e-governance. Guidelines and regulations issued by
regulators like the Telecom Regulatory Authority of India also have a strong
bearing on the subject. In this unit we would go through some of the more
important guidelines and policy statements issued by the ministries, which
have a bearing on the universe of cyber laws and regulations in the Indian
context.
5.2 OBJECTIVES
• discuss the guidelines issued by the various ministries of the government

of India regarding the various aspects of ICT; and
• analyse how these guidelines have facilitated the growth and accessibility
of ICT.
56
Guidelines Issued by
5.3 BROADBAND POLICY, 2004 Various Ministries
The Ministry of Communication and Information Technology came out with

the Broadband Policy in 2004, recognising the potential of the ubiquitous
Broadband service in the growth of GDP and enhancement in quality of life
through societal applications including tele-education, tele-medicine, e-
governance, entertainment as well as employment generation by way of high
speed access to information and web-based communication.
The policy explains: it is a fact that the demand for Broadband is primarily
conditioned and driven by Internet and PC penetration. The current level of
Internet and Broadband access in the country is low as compared to many
Asian countries. Penetration of Broadband, Internet and Personal Computer in
the country was 0.02%, 0.4% and 0.8% respectively at the end of December,
2003. Currently, high speed Internet access is available at various speeds from
64 kilobits per second (kbps) onwards and presently an always-on high speed
Internet access at 128 kbps is considered as ‘Broadband’. While there are no
uniform standards for Broadband connectivity, various countries follow various
standards. The policy defines Broadband connectivity as:
“An ‘always-on’ data connection that is able to support interactive services

including Internet access and has the capability of the minimum download
speed of 256 kilo bits per second (kbps) to an individual subscriber from the
Point of Presence (POP) of the service provider intending to provide Broadband
service where multiple such individual Broadband connections are aggregated
and the subscriber is able to access these interactive services including the
Internet through this POP. The interactive services will exclude any services
for which a separate licence is specifically required, for example, real-time
voice transmission, except to the extent that it is presently permitted under ISP
licence with Internet Telephony.”
The policy estimates a growth for Broadband and Internet subscribers in the
country through various technologies is as follows:
Year Ending Internet Subscribers Broadband Subscribers
2005 6 million 3 million
Therefore in order to give effect to a rapid spread of broadband, the policy

proposes a series of measures relating to Optical Fibre Technologies, Digital
Subscriber Lines (DSL) on copper loop, Cable TV Network, Satellite Media
and several other related issues.
57
Laws and Entities Please answer the following Self Assessment Question.
Self Assessment Question 1 Spend 3 min.
Discuss the broad band Policy of the Indian Government.
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
5.4 .IN INTERNET DOMAIN NAME – POLICY

FRAMEWORK
Department of Information Technology of the Ministry of Communications
and Information Technology came up with an .IN Internet Domain Name –
Policy Framework and Implementation in October 2004. Globally, there are
approximately 60 million Internet domain names registered. Of these, about
40 million are in generic top level domain (gTLD) category, while the remaining
20 million are in country code top level domain (ccTLD) category. The
administration of gTLD rests with the Internet Corporation for Assigned Names
and Numbers (ICANN), an internationally organized non profit corporation,
with membership from different countries and experts in the field. The
responsibility for administration of ccTLD, on the other hand, has been entrusted
to the individual countries who in general follow the guidelines provided by
ICANN. In the gTLD category, .com and .net domains are the most popular,
and have registered in largest numbers. In recent times, the ccTLD domain
registrations are growing with the countries playing active role in the Internet
space.
The policy explains that the system of registration of Internet domain names
can facilitate the proliferation of Internet in a country. Many countries have
therefore adopted liberal and market friendly policies to register large number
of Internet domain names under their country code, broadly consistent with
global policy and procedures of domain registration. The policy identified that
in India; just under 7000 domains have been registered by the Registry at 2nd
58
and 3rd levels under .IN country code over the past decade or so. This number Guidelines Issued by
Various Ministries
does not truly represent the penetration of Information Technology (IT) in
India when compared with a number of companies and public institutions
engaged in IT and IT enabled services (ITeS). The slow growth of .IN domain
has been adjudged to be largely due to the absence of contemporary processes
and infrastructure, and an over cautious registration policy followed. It is
widely recognised that .IN domain name has untapped growth potential. A
proactive policy for .IN domain proliferation can establish the .IN as a globally
recognised symbol of India’s growth and developments in the area of
information technology. Therefore, the policy under the new framework for
implementation of .IN Registry focuses on creating liberal, efficient and market
friendly processes and a distributed organizational structure.
Under the policy, The National Internet Exchange of India (NIXI), a not-for-
profit company formed under section 25 of Indian Companies Act, 1956
promoted by the Department of Information Technology (DIT) in association
with the Internet Service Providers Association of India (ISPAI). It has been
entrusted with the responsibility of setting up the Registry for .IN country
code Top Level Domain name (ccTLD). For this the NIXI will create the .IN
Network Information Centre (INNIC) to operate as a Registry for .IN domain
in India.
With the implementation of the new policy by INNIC under NIXI, a 100,000
.IN domain name registrations at the end of 1st of its operation year has been
targeted, with an average annual growth of 50% over a couple of years
thereafter.
The following will be the institutional framework of the .IN Registry:
• The .IN Registry will be a Not-for-Profit organization, and will function
as an autonomous body, accountable to the government. Its responsibility
will be to maintain .IN domain to ensure its operational stability, reliability
and security.
• An executive order through a gazette notification will be issued by the
Department of Information Technology (DIT), Government of India
according a legal status to the Registry for .IN domain in India. It will
also mention the role of National Informatics Centre (NIC), ERNET and
the nominated Defense Organization as Registrars for handling .gov.in,
edu.in, .ac.in and .mil.in registrations respectively.
• The .IN Registry by itself will not carry out registrations. It will do so
through a number of Registrars to be appointed by it through an open
process of selection on the basis of transparent eligibility criteria.
• The Registrars will either be ISPs themselves who are connected to the
National Internet Exchange of India (NIXI), or use the services of such
ISP who is connected to NIXI.
The policy also includes the .In Sunrise Policy and the .IN Domain Name
Dispute Resolution Policy (INDRP). Under the sunrise policy, owners of
registered Indian trademarks or service marks who wish to protect their marks
have been given the opportunity to apply for .IN domain names before the
general public. 59
Laws and Entities
Governing Cyberspace 5.5 DRAFT POLICY GUIDELINES ON WEB-
SITE DEVELOPMENT, HOSTING AND
MAINTENANCE
The Department of Administrative Reforms and Public Grievances under the
Ministry of Personnel, Public Grievances and Pensions issued Draft Policy
guidelines on Web-site Development, Hosting and Maintenance for the guidance
of other ministries and departments of the government. The guidelines have
been laid down with the objective of inspiring and facilitating the “realisation
of an e-government, which encompasses interlaid the development and
deployment of citizen centric services through web enabled processes, electronic
workflows, enabled applications, collaborative partnerships and participation
of citizens, clients and stakeholders”.
The guidelines recognised that the Web site of a Ministry/Department or its
portal which integrates several Websites of its constituent offices and units, is
a speedy and effective means for dissemination of information, interaction
with people and for delivery of services to citizens. Also that the Portal or
Website is significant in terms of its capability and potential in serving as an
important link between the government and the citizens. It presents the face
of the organization, its mission, vision, functions, activities, performance, etc.
It provides features enabling public and stakeholders to give their views/
feedback and in realising digital democracy.
Effective operation and management of the website and associated electronic
workflows, re-engineered processes, enhance the quality of governance, help
achieve improved productivities and realise envisaged outcomes leading to a
responsive and transparent governance leveraging on knowledge, inputs,
feedback of citizens and stakeholders.
The guidelines have stated that in order to further the aims and objectives
described above, the Website will include the following main contents:-
• Mission, Vision, Objectives, Clients, Charter
• Organizational Set-up and Directory
• Functions
• Constitutional, Legal and Administrative Framework
• Ministry
• Plan, Schemes, Programmes and Projects
• Services offered
• Publications and Reports
• Feedback Mechanism
• Notice Board, what is new?
• Announcements, Press Release, Tenders, Procurement and Disposal
• FAQ and Help
60 • Archives
Guidelines Issued by
5.6 NEW TELECOM POLICY 1999 (NTP 1999) Various Ministries
After the Telecom Policy of 1994, the government came out with a New
Telecom Policy in 1999. Some of the provisions have a bearing on cyber-
space like the statement on electronic commerce. The policy says, “On-line
Electronic Commerce will be encouraged so that information can be passed
seamlessly. The requirement to develop adequate bandwidth of the order of
10 Gb on national routes and even terabytes on certain congested important
national routes will be immediately addressed to so that growth of IT as well
as electronic commerce will not be hampered.” Similarly on Internet Telephony
the policy says, “Internet telephony shall not be permitted at this stage. However,
Government will continue to monitor the technological innovations and their
impact on national development and review this issue at an appropriate time”.
The policy also elaborates on the role of a regulator. The Telecom Regulatory
Authority of India (TRAI) was formed in January 1997 with a view to provide
an effective regulatory framework and adequate safeguards to ensure fair
competition and protection of consumer interests. The Government is committed
to a strong and independent regulator with comprehensive powers and clear
authority to effectively perform its functions.
Towards this objective the following approach will be adopted:

• Section 13 of The TRAI Act gives adequate powers to TRAI to issue
directions to service providers. Further, under section 14 of the Act, the
TRAI has full adjudicatory powers to resolve disputes between service
providers. To ensure level playing fields, it will be clarified that the TRAI
has the powers to issue direction under section 13 to Government (in its
role as service provider) and further to adjudicate under section 14 of the
Act, all disputes arising between Government (in its role as service
provider) and any other service provider.
• TRAI will be assigned the arbitration function for resolution of disputes
between Government (in its role as licensor) and any licensee.
• The Government will invariably seek TRAI’s recommendations on the
number and timing of new licences before taking decision on issue of
new licences in future.
The functions of licensor and policy maker would continue to be discharged
by Government in its sovereign capacity. In respect of functions where TRAI
has been assigned a recommendatory role, it would not be statutorily mandatory
for Government to seek TRAI’s recommendations.

Discuss the main feature of the new telecom policy, 1999. How it effected
the growth of telecommunication secotr in India?
......................................................................................................................
......................................................................................................................
61
Laws and Entities ......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
......................................................................................................................
5.7 INFORMATION TECHNOLOGY SECURITY

GUIDELINES
This document from the Department of Information Technology provides
guidelines for the implementation and management of Information Technology
Security. Due to the inherent dynamism of the security requirements, this
document does not provide an exact template for the organizations to follow.
However, appropriate suitable samples of security process are provided for
guidelines. It is the responsibility of the organizations to develop internal
processes that meet the guidelines set forth in this document.
Successful implementation of a meaningful Information Security Programme

rests with the support of the management. Until and unless the senior managers
of the organization understand and concur with the objectives of the information
security programme its ultimate success would remain in question.
The Information Security Programme should be broken down into specific

stages as follows involving, adoption of a security policy, security risk analysis,
development and implementation of an information classification system,
development and implementation of the security standards manual,
implementation of the management security self-assessment process, on-going
security programme maintenance and enforcement and training.
The principal task of the security implementation is to define the responsibilities

of persons within the organization. The implementation should be based on
the general principle that the person who is generating the information is also
responsible for its security. However, in order to enable him to carry out his
responsibilities in this regard, proper tools, and environment need to be
established.
When different pieces of information at one level are integrated to form higher
value information, the responsibility for its security needs also should go up
in the hierarchy to the integrator and should require higher level of authority
62
for its access. It should be absolutely clear with respect to each information Guidelines Issued by
Various Ministries
as to who are its owner, its custodian, and its users. It is the duty of the owner
to assign the right classification to the information so that the required level
of security can be enforced. The custodian of information is responsible for
the proper implementation of security guidelines and making the information
available to the users on a need to know basis.
Information Classification is an important aspect of security and therefore,

Information assets must be classified according to their sensitivity and their
importance to the organization. Similarly physical and operational security
including site design, fire protection, environmental protection and physical
access are important.
Information Management tools relating to security would involve system

administration, sensitive information control, sensitive information security,
third party access, prevention of computer misuse, system integrity and security
measures. Security can also be enhanced through the use of security systems
or facilities such as system access control, password management, privileged
user’s management, user’s account management, data and resource protection,
sensitive systems protection, data backup and off-site retention, audit trails
and verification. The guidelines also advises on measures to handle computer
virus, relocation of hardware and software, hardware and software maintenance
and purchase and licensing of hardware and software.
Installation of Firewalls i.e. intelligent devices used to isolate organization’s

data network with the external network is also recommended.
5.8 SEBI GUIDENLINES ON INTERNET-BASED

TRADING AND SERVICES
The SEBI too through its committee on Internet Based Trading and Services
in its meeting held on 2nd August, 2000 has come out with minimum
requirements for brokers offering securities trading through wireless medium
on wireless application protocol (WAP) platform.
5.9 GUIDELINES FOR SETTING UP OF

INTERNATIONAL GATEWAYS FOR
INTERNET
The Department of Telecom came out with the guidelines for setting up of
international gateways by ISP’s. The ISP Policy of Government of India permits
the ISPs to set up International Gateway for Internet after obtaining the security
clearance, for which the interface of the ISPs shall be with the Telecom
Authority. The conditions laid down include
1) Gateways can be established only by the ISP licensees.
2) Gateway has to be within the service area of the ISP.
3) The transmission link between the ISP node/point of presence and the
Gateway, if they are not co-located, is regulated as per the ISP license
63
Laws and Entities condition 7.2 i.e. the transmission link should be from DOT, licensed
Basic Service Operators, Railways, State Electricity Board, National Power
Grid Corporation or any other operator specially authorized to lease such
links to ISP.
4) The ISP has to apply to the Telecom Authority for bandwidth (transponder
capacity in case of satellite access) giving the detailed requirement. (Both
short term and long term).
5) Gateway will be used only for carrying Internet Traffic.
6) All the conditions of the ISP licence would be applicable.
7) The ISP should provide information about all ISPs that would be connected
to the gateway. Any change should be intimated immediately to the Telecom
Authority.
8) The details of the topology should be provided including the details of
how the monitoring equipment will be fitted. Any change in the topology
should be informed to the Telecom Authority immediately.
9) International Gateways will not be permitted to be set up in security
sensitive areas.
10) The Internet nodes on places of security importance (as identified by
security agencies) would be routed through VSNL only. Interconnection
of these nodes to other nodes within the country directly is not permitted.
11) The ISP should make available all the billing details of any subscriber on
demand by Telecom Authority for upto one year.
12) The ISP should block Internet sites and individual subscribers, as identified
by Telecom Authority.
13) The Government (Licensor) reserves the right to make changes in the
security considerations.
Individuals/Groups/Organizations are permitted to use encryption upto 40 bit
key length in the RSA algorithms or its equivalent in other algorithms without
having to obtain permission. However, if encryption equipments higher than
this limit are to be deployed, individuals/groups/organizations shall do so with
the permission of the Telecom Authority and deposit the decryption key, split
into two parts, with the Telecom Authority. The guidelines also advise on
measures to handle computer virus, relocation of hardware and software,
hardware and software maintenance and purchase and licensing of hardware
and software.
5.10 SUMMARY
The guidelines issued by the various ministries also form the integral part of
the regulatory environment of the cyberspace. Thus in this unit we have
examined some of the important guidelines issued by the various ministries.
These include the Broadband Policy, 2004, .IN Internet Domain Name – Policy
Framework, Draft Policy Guidelines on Web-site Development, Hosting and
64
Maintenance, the New Telecom Policy, 1999 (NTP 1999), the Information Guidelines Issued by
Various Ministries
Technology Security Guidelines, the SEBI Guidelines on Internet-based Trading
and Services and Guidelines for Setting up International Gateways for Internet.

1) Discuss the in brief the main features of the guidelines issued by the
various ministries of the government of India and their impact on the
growth of ICT.
2) Discuss the main feature of the Broadband Policy, 2004.
3) What is the salient feature of the New Telecom Policy of 1999? How has
it helped bring about telecom revolution in the country?

1) The Ministry of Communication and Information Technology came out
with the Broadband Policy in 2004, recognising the potential of the
ubiquitous Broadband service in the growth of GDP and enhancement in
quality of life through societal applications including tele-education, tele-
medicine, e-governance, entertainment as well as employment generation
by way of high speed access to information and web-based communication.
2) After the Telecom Policy of 1994, the government came out with a New
Telecom Policy in 1999. Some of the provisions have a bearing on cyber-
space like the statement on electronic commerce. The policy says, “On-
line Electronic Commerce will be encouraged so that information can be
passed seamlessly. The requirement to develop adequate bandwidth of the
order of 10 Gb on national routes and even terabytes on certain congested
important national routes will be immediately addressed to so that growth
of IT as well as electronic commerce will not be hampered.” Similarly on
Internet Telephony the policy says, “Internet telephony shall not be
permitted at this stage. However, Government will continue to monitor
the technological innovations and their impact on national development
and review this issue at an appropriate time.” The policy also elaborates
on the role of a regulator Role of Regulator. “The Telecom Regulatory
Authority of India (TRAI) was formed in January 1997 with a view to
provide an effective regulatory framework and adequate safeguards to
ensure fair competition and protection of consumer interests. The
Government is committed to a strong and independent regulator with
comprehensive powers and clear authority to effectively perform its
functions.
65
UNIT 6 INTRODUCTION TO COMPUTER
WRONGS
Structure
6.1 Introduction
6.2 Objectives
6.3 Computer Wrongs
6.4 Classification of Computer Crimes
6.5 Commission of Multiple Computer Wrongs
6.6 Challenges to Laws
6.6.1 Technology-neutral and Technology-based Laws
6.6.2 Regulation Versus Freedom on the Internet
6.6.3 Internet Crime Different from other Technology Crimes
6.7 Information Technology Act, 2000
6.8 Offences Under the IT Act
6.9 Investigation Under the IT Act
6.10 Convention on Cyber Crime – Council of Europe
6.11 Summary
6.1 INTRODUCTION
In this unit which is the first unit of this block, attempt has been made to give
an overview of the computer wrongs. In the subsequent units we shall discuss
various classes of computer wrongs.
With new mediums of communication, business and societal activities, growth

of newer and varied kinds of crime is inevitable. Computers with the aid of
the Internet have today become the most dominant medium of communication,
information, commerce and entertainment. The Internet is at once several
shopping malls, libraries, universities, news paper, television, movie theatre,
post office, courier service and an extension of government and business. It
is like life in the real world being extended and carried on in another medium
that cuts across boundaries, space, time, nationality, citizenship, jurisdiction,
sex, sexual orientation, and age. The Internet, with all the benefits of anonymity,
reliability, and convenience has become an appropriate breeding place for
persons interested in making use of the Net for illegal purposes, either monetary
or otherwise.
5
Cyber Crimes and Torts
6.2 OBJECTIVES
• discuss the concepts of computer wrong and how the civil wrongs can
be distinguished from the computer crimes, how the computer crimes are
classified;
• distinguish between the concept of technology based and technology
neutral laws;
• examine the issues involved in the regulation of cyberspace; and
• discuss how the matter has been dealt by the I.T. Act, 2000.
6.3 COMPUTER WRONGS

Computer wrongs includes both civil wrongs and crimes. ‘Cyber crimes’ is
used in a generic sense which tends to cover all kinds of civil and criminal
wrongs related to a computer. However, the phrase ‘cyber crimes’ has two
limitations to it: (a) ‘cyber’ generally tends to convey the feeling of ‘internet’
or being ‘online’ and hence, does not cover other computer related activities;
(b) ‘crimes’ restricts the application of the phrase to criminal wrongs. It would
not include civil wrongs. Thus, it would be preferable to understand the concept
of any wrong related to computer as being a ‘computer wrong’. It would
include any tort or civil wrong done which relates to a computer as also any
criminal activity relatable to a computer. One must also keep in mind that it
is the statute on a particular subject which informs us as to: (a) whether a
particular act is a wrong; and, (b) if it is, whether such wrong is a civil wrong
or a crime. The Information Technology Act, as would be seen in the subsequent
units, divides various computer-related wrongs into computer torts and computer
crimes. Computer torts lead to penalty and compensation whereas computer
crimes lead to imprisonment, fine and confiscation.
6.4 CLASSIFICATION OF COMPUTER CRIMES

Technology-aided crimes can essentially be classified under two headings:
A) Where computer is used a tool to commit the crime: The computer is a
tool for an unlawful act where the offence reflects a modification of a
conventional crime by making use of information technology and modern
communication tools.
B) Where the computer is the target for the crime: There are certain crimes
where the computer itself is the target, that is, to say such crimes which
have evolved due to the advancement in information technology itself.
There might be instances where the computer is a tool as well as the target
of a crime. This kind of activity involves sophisticated crimes usually out of
the purview of conventional criminal law. There is a third category as well,
where computers are considered as incidental to a crime. The use of a computer
is not necessary but is used to make the offender more efficient in the
commission of the crime. This includes use of computers in bookmaking or
6 drug-dealing.
Introduction to Computer
6.5 COMMISSION OF MULTIPLE COMPUTER Wrongs
WRONGS
Another concern in computer crimes is the possibility of and ease with which
an offender can commit multiple crimes at one goes. It is very possible and
in fact, quite likely that an offender in the process of committing one computer
crime commits other crimes as well. We can take a few instances to illustrate
the point:
A) In case of data theft, one has to hack (unauthorized access) the computer
or any other electronic storage medium and only then can be commit
theft. Thus data theft includes hacking and theft.
B) To initiate a Distributed Denial-of-service, installation of virus, and Trojan
horses on the ‘slave’/compromised systems would be needed. The date
of ‘target’ computer may also be altered or destroyed in the process.
Thus, DDoS includes hacking, introduction of virus and data alteration.
C) Web defacing can be achieved by first hacking into the computer system.
The Indian statutory regulation, specifically Section 66 of the Indian Information
Technology Act, 2000, in the area of computer crimes is quite comprehensive
and concise. It is noticeable that most of the computer crimes culminate into
section 66. Subsequent units on specific computer crimes would make the
point clear.

What are computer wrongs? How they are classified into civil wrongs
and crimes?
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
7
6.6 CHALLENGES TO LAWS
India is today re-discovering itself – technologically. Being a developing country,
it realises that the Internet and the use of computers are powerful tools for its
economic development. Economic development presupposes existence of an
appropriate regulatory regime. The biggest challenge to the law is to keep
pace with technology.
6.6.1 Technology-neutral and Technology-based Laws

So far as law with respect to computer crimes is concerned, we have to have
in place two sets of well-developed law: (1) technology-neutral criminal law;
(2) technology-based laws. While talking about crimes relating to the Internet,
most traditional crimes like fraud, defamation when committed using the
Internet, would be governed by the existing technology neutral criminal laws.
These are crimes with all elements of offline crimes, the only difference being
that the Internet was used as aid in their commission. The other type of crime,
and more disturbing requiring legal innovations, is the one directed at
computers, networks, data etc. They include unauthorized disruption of
computers and networks.
One of the challenges of making technology-based laws is that there is a

chance of such laws being soon outdated. Again, it is against equity and
fairness if offline conduct is governed differently from online conduct. This
gives rise to the possibility of crime shifting from one medium to the other
if there is an inconsistency in laws. Consistency between the two sets of law
is, therefore, desirable. Laws must also cater to the need of prevention and
investigation of crimes. For instance, with the advent of telephones, wire-
tapping laws were introduced; similar laws to deal with unlawful conduct in
the Internet would become necessary.
Clearly, with the development of new technology and with the realisation that
such technology affects human life and relations and the peace, order and
proprietary rights in society, laws must be framed to regulate conduct
accordingly. Let’s take for instance theft of passwords. Passwords are a
combination of alphabets and numbers and are central to the operation of
computers. These are nothing but keys to gain entry into computer systems.
Stealing a password or unauthorized access using someone else’s password
must be recognised as merely the first step to committing a crime. Similarly,
networks need to be recognised as highways for movement of information and
communication and not for cranks to dig holes or put up impediments. One
can enter into a private computer network only when one is authorized to
enter much the same way as to enter into a private physical space. Web pages
as private property can be considered as displays in shops. One can watch but
cannot break the glass of the shop. Similarly, one can browse, but not tamper
with or destroy.
8
Please answer the following Self Assessment Question. Introduction to Computer
Wrongs
What is technology based law and technology neutral law?
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
6.6.2 Regulation Versus Freedom on the Internet

Talking of laws to control criminal behaviour on the Net brings one to the
debate of regulation versus freedom on the Net. There are some who argue
that the Net should not be regulated by governments.1 They argue that, the
Net grew because of its free environment, inviting people to contribute. Freedom
and space for adventure, a new and different and an almost unrestricted and
seemingly anonymous travelling experience has made the Net such an exciting
media. Self governance is what they advocate for the Net. But this has several
problems like, some groups taking law into their own hands. As Laurence
Lessig, in The Spam Wars2 says, “Vigilantes and network service providers
(unaccountable groups) deciding fundamental policy questions about how the
network will work – each group from its own perspective.” This led to the
argument that cyberspace transactions are no different from “real space”
transnational transactions3 that require government regulations in the ordinary
way. The debate in the world between regulation and freedom on the Net has
now more or less been settled in favour of the need for regulation. More and
more governments have begun taking steps to regulate the Net.
6.6.3 Internet Crime Different from other Technology Crimes

It is important to note the difference between crime on the Internet and a
crime with another modern technology. While crimes are rarely directed against
9
Cyber Crimes and Torts a telephone as an instrument, computers often become the victims of attack.
Nature of crime on the computer is challenging and requires new definitions
and understanding and a restatement of accepted norms of criminal conduct
and punishment because of several reasons. Computers, apart from being
comparatively more expensive, are also the repository of immense amount of
data. This data can sometime contain valuable scientific inputs, purely personal
matter, study works, e-mails, and official work. Tampering with this data or
stealing it is much more harmful than stealing the computer. This requires
recognition of data as a special form of property, as a privacy right.
6.7 INFORMATION TECHNOLOGY ACT, 2000

The Information Technology Act intends to give legal recognition to e-commerce
and e-governance and facilitate its development as an alternate to paper based
traditional methods. The Act seeks to protect a common man from the ill
effects of the advancement in technology by defining crimes, prescribing
punishments, laying down procedures for investigation and appointing
regulatory authorities. Many electronic crimes have been bought within the
definition of traditional crimes too by means of amendment to the Indian
Penal Code, 1860. The Evidence Act, 1872 and the Banker’s Book Evidence
Act, 1891 too have been suitably amended in order to facilitate collection of
evidence in fighting electronic crimes.
In the following units, common computer crimes have been discussed. Wherever
possible, not only the meaning and scope of the crime but also its coverage
under the Indian Information Technology Act, 2000, the Indian Penal code and
other minor criminal Acts have been discussed. The computer crimes can be
classified into the following categories:
A) Conventional crimes through computer: cyber defamation, digital forgery,

cyber pornography, cyber stalking/harassment, Internet fraud, financial
crimes, online gambling, and sale of illegal articles.
B) Crimes committed on a computer network: hacking/unauthorized access,

denial of service.
C) Crimes relating to data alteration/destruction: virus/worms/Trojan horses/

logic bomb, theft of Internet hours, data diddling, salami attacks,
steganography
6.8 OFFENCES UNDER THE IT ACT

both. Such offences (including offences under other sections) can be better
understood in the form of a table:
10
Section Offence Punishment
33(2) Failure of any Certifying Authority to surrender Person in whose favour the licence is
a licence under Section 33(1) after such licence issued shall be punished with
has been suspended or revoked [Section 25(1)]. imprisonment which may extend upto
six months or a fine which may extend
upto Rs.10,000 or both.
65 (Tampering) Knowingly or intentionally concealing, Punishable with imprisonment upto

destroying or altering or intentionally or three years, or with fine which may
knowingly causing another to conceal, destroy, extend up to Rs. 2,00,000/-, or with
or alter any computer source code use for a both.
computer, computer program, computer system
or computer network, when the computer
source code is required to be kept or maintained
by law for the time being in force.
66 (Hacking) Destroying or deleting or altering any Punishable with imprisonment up to

information residing in a computer resource or three years, or with fine which may
diminishing its value or utility or affecting it extend up to Rs. 2,00,000/-, or with
injuriously be any means with the intent to both.
cause or knowing that he is likely to cause
wrongful loss or damages to the public or any
person.
67 Publishing or transmitting or causing to be First conviction: punishable with

published in the electronic form, any material imprisonment of either description of
which is lascivious or appeals to the prurient a term which may extend to five years
interest or if its effect is such as to tend to and with fine which may extend to
deprave and corrupt persons who are likely, Rs. 1,00,000/-.
having regard to all relevant circumstances, or
read, see or hear the matter contained or Second or subsequent conviction:
embodies in it that is hacking as defined under imprisonment of either description of
Section 67(1) a term which may extend to ten years
and with fine which may extend to
Rs. 2,00,000/-.
68(2) Failure to comply with the order of Controller Punishable with imprisonment for a
under section 68(1) which empowers the term not exceeding three years or to a
Controller to direct, by order, a Certifying fine not exceeding Rs. 2,00,000/- or
Authority or any employee of such Authority to both.
to take such measures or cease carrying on
such activities as specified in the order if those
are necessary to ensure compliance with the
provisions of this Act, rule or any regulations
made thereunder.
69(3) Failure to assist an agency [referred in section Punishable with imprisonment for a
69(2)] which is required to intercept any term which may extend to seven years.
information as required by an order of the
Controller [under section 69(1)]
70(3) Securing access or attempting to secure access Punishable with imprisonment of

to a protected system [as declared by the either description for a term which
11
appropriate Government vide a notification may extend to ten years and shall also be
under section 70(1)] in contravention of the liable to fine.
provisions of this section [that is such person
is not authorized by the appropriate
Government under section 70(2) to access
the protected system].
71 Making any misrepresentation to, or Punishable with imprisonment for a term

suppressing any material fact from, the which may extend to two years, or with
Controller or the Certifying Authority for fine which may extend to Rs. 1,00,000/-,
obtaining any licence or Digital Signature or with both.
Certificate.
72 Securing access to any electronic record, Punishable with imprisonment for a term
book, register, correspondence, information, which may extend to two years, or with
document or other material by any person in fine which may extend to one Rs.
pursuance of any of the powers conferred 1,00,000/- or with both.
under this Act, rules or regulations made
thereunder without the consent of the person
concerned and thereafter, disclosing such
electronic record, etc. to any other person.
73 Publishing a Digital Signature Certificate or Punishable with imprisonment for a term

otherwise making it available to any other which may extend to two years, or with
person with the knowledge that- (a) the fine which may extend to one lakh rupees,
Certifying Authority listed in the certificate or with both.
has not issued it; or, (b) the subscriber listed
in the certificate has not accepted it; or, (c)
the certificate has been revoked or
suspended, unless such publication is for the
purpose of verifying a digital signature
created prior to such suspension or
revocation.
74 Knowingly creating, publishing or otherwise Punishable with imprisonment for a term

making available a Digital Signature which may extend to two years, or with
Certificate for any fraudulent or unlawful fine which may extend to one lakh rupees,
purpose. or with both.

the contravention was committed, was in charge of, and was responsible, to,
if such person proves that the contravention took place without his knowledge
or that he exercised all due diligence to prevent such contravention, he shall
not be liable to punishment. Sub-section (2) of section 85 also deems a director,
manager, secretary or any other office of the company to be guilty of
contravention and liable for punishment if it is proved that the contravention
has taken place with the consent or connivance of, or is attributable to any
neglect on the part of such person. ‘Company’, for the purpose of this section,
has been explained to mean any body corporate and includes a firm or other
association of individuals. ‘Director’, in relation to a firm, would mean a
12 partner in the firm.
Section 74 prohibits immunity against any punishment under any other law to Introduction to Computer
Wrongs
which a person might be liable to in spite of any penalty imposed or confiscation
made under the IT Act.
6.9 INVESTIGATION UNDER THE IT ACT

The procedure for investigation for compute crimes is no different from the
investigation for conventional crimes and Code of Criminal Procedure, subject
to the provisions of the IT Act, would apply.
Investigation, for the purposes of the Code of Criminal Procedure, 1973, has
been held by the Supreme Court [State of Maharashtra v. Rajendra, (1997) 3
Crimes 285] to consist generally of the following steps:
1) Proceeding to the spot
2) Ascertaining all the facts and circumstances of the case
3) Discovery and arrest of the suspected offender
4) Collection of evidence relating to the commission of the offence which
may consist of,
a) the examination of various persons (including, the accused) and the
reduction of their statement into writing, if the officer thinks fit,
b) the search of places and seizure of things considered necessary for
the investigation and to be produced at the trial, and
5) Formation of the opinion as to whether on the materials collected, there
is a case to place the accused before a Magistrate for trial and if so,
taking the necessary steps for the same by filing a charge-sheet under
section 173.
Section 78 of the IT Act places the powers of investigation to a police officer
not below the rank of Deputy Superintendent of Police. This provision overrides
anything contrary in the Code of Criminal Procedure.
Section 80 enumerates the powers of police officers to enter and search
premises. Sub-section (1) of section 80 provides that any police officer, not
below the rank of a Deputy Superintendent of Police, or any other officer of
the Central Government or a State Government authorized by the Central
Government in this behalf may enter any public place and arrest without
warrant any person found therein who is reasonably suspected of having
committed or of committing or of being about to commit any offence under
the Act. For the purposes of sub-section (1), the expression ‘public place’ has
been explained to include any conveyance, any hotel, any shop or any other
place intended for use by, or accessible by the public.
Where any person is arrested under sub-section (1), then sub-section (2) requires
that such person should, without unnecessary delay, is taken or sent before a
magistrate having jurisdiction in the case or before the officer-in-charge of a
police station. The provisions of the Code of Criminal Procedure are to apply
in relation to any entry, search or arrest made under section 80, subject of
course to the provisions of the section itself.
13
6.10 CONVENTION ON CYBERCRIME –
COUNCIL OF EUROPE5
The Convention on Cyber Crimes is the first international treaty on crimes
committed via the Internet and other computer networks, dealing particularly
with infringements of copyright, computer-related fraud, child pornography
and violations of network security. It also contains a series of powers and
procedures such as the search of computer networks and interception. The
possibility of computer networks and electronic information being used for
committing criminal offences and that evidence relating to such offences may
be stored and transferred by these networks, was the underlying concern during
the preparation of the Convention. The Convention was deemed necessary to
deter action directed against the confidentiality, integrity and availability of
computer systems, networks and computer data as well as the misuse of such
systems, networks and data by providing for the criminalization of such conduct,
as described in the Convention, and the adoption of powers sufficient for
effectively combating such criminal offences, by facilitating their detection,
investigation and prosecution at both the domestic and international levels and
by providing arrangements for fast and reliable international co-operation. Its
main objective, set out in the preamble, is to pursue a common criminal policy
aimed at the protection of society against cyber crime, especially by adopting
appropriate legislation and fostering international co-operation.
The Convention is the product of four years of work by Council of Europe

experts, but also by the United States, Canada, Japan and other countries
which are not members of the Organization. It has been supplemented by an
Additional Protocol making any publication of racist and xenophobic
propaganda via computer networks a criminal offence.
References to the Convention would be made in subsequence units dealing

with specific cyber/computer crimes alongside the Indian Information
Technology Act.
6.11 SUMMARY
Computer wrongs include both civil wrongs and crimes. The Information
Technology Act, 2000 covers both– civil wrongs and crimes. For the purposes
of committing a crime, a computer can be used both as a tool as well as a
target. Sometimes, it is used to make the offender more efficient in the
commission of the crime. It is very possible and in fact, quite likely that an
offender in the process of committing one computer crime commits other
crimes as well. One of the challenges of making technology-based laws is that
there is a chance of such laws being outdated soon. The debate in the world
between regulation and freedom on the Net has now more or less been settled
in favour of the need for regulation. Governments have begun taking steps to
regulate the Net.
Chapter XI of the Information Technology Act enumerates the various acts

which constitute an offence under the Act along with the punishment of either
14 imprisonment or fine or both. The procedure for investigation for computer
crimes is no different than the investigation for conventional crimes and Code Introduction to Computer
Wrongs
of Criminal Procedure, subject to the provisions of the IT Act, would apply.
The Convention on Cyber crime is the first international treaty on crimes

committed via the Internet and other computer networks, dealing particularly
with infringements of copyright, computer-related fraud, child pornography
and violations of network security. It also contains a series of powers and
procedures such as the search of computer networks and interception.

1) What are computer wrongs? Discuss the concepts of technology based
and technology neutral wrongs.
2) Discuss the arguments in favour and against of the regulation of

cyberspace. What are your views on this issue?
3) Discuss the challenges faced by the investigating agencies in investigating

computer crime?

1) Computer wrongs includes both civil wrongs and crimes. ‘Cyber crimes’
is used in a generic sense which tends to cover all kinds of civil and
criminal wrongs related to a computer. However, the phrase ‘cyber crimes’
has two limitations to it: (a) ‘cyber’ generally tends to convey the feeling
of ‘internet’ or being ‘online’ and hence, does not cover other computer
related activities; (b) ‘crimes’ restricts the application of the phrase to
criminal wrongs. It would not include civil wrongs. Thus, it would be
preferable to understand the concept of any wrong related to computer
as being a ‘computer wrong’. It would include any tort or civil wrong
done which relates to a computer as also any criminal activity relatable
to a computer. One must also keep in mind that it is the statute on a
particular subject which informs us as to: (a) whether a particular act is
a wrong; and, (b) if it is, whether such wrong is a civil wrong or a crime.
The Information Technology Act, as would be seen in the subsequent
units, divides various computer-related wrongs into computer torts and
computer crimes. Computer torts lead to penalty and compensation
whereas computer crimes lead to imprisonment, fine and confiscation.
2) Technology based laws are those in which computer is the means or the
target of the crime such as hacking etc. While technology neutral laws
are ordinary laws and it is immaterial whether computer is used or not
such as defamation etc.
1. See, for example, David R. Johnson & David Post. “Law and Borders—
The Rise of Law in Cyberspace”. Stan L Rev 48 (1996): 1367,1372-75.

15
2. Lawrence Lessig. “The Spam Wars”. Opinion. 31 Dec.1998. 9 Feb. 05
<http://www.lessig.org/content/standard/0,1902,3006,00.html>.
3. Jack L. Goldsmith. “Against Cyber Anarchy”. U Chi L Rev 65 (1998):
1199-1250.
4. S. 77. Penalties or confiscation not to interfere with other punishments.

No penalty imposed or confiscation made under this Act shall prevent
the imposition of any other punishment to which the person affected
thereby is liable under any other law for the time being in force.
5. Budapest. 23.XI.2001. Council of Europe. 8 Feb.06 < http://conventions.
coe.int/Treaty/en/Treaties/html/185.htm>.
16
UNIT 7 CONVENTIONAL CRIMES
THROUGH COMPUTER
Structure
7.1 Introduction
7.2 Objectives
7.3 Cyber Defamation
7.3.1 Quantitative Impact of Cyber Defamation
7.3.2 Qualitative Impact of Cyber Defamation
7.3.3 Corporate Cyber Smear
7.3.4 Indian law
7.4 Digital Forgery
7.4.1 Indian Law
7.4.2 Convention on Cyber Crime – Council of Europe
7.5 Cyber Pornography
7.5.1 Increase in Cyber Pornography
7.5.2 Child Pornography
7.5.3 Indian Law
7.5.4 Cyber Crime Convention
7.6 Cyber Stalking/Harassment
7.6.1 Preferred Mode of Harassment
7.6.2 Indian Law
7.7 Online Gambling
7.7.1 Indian Law
7.8 Online Sale of Illegal Articles
7.8.1 Indian Law
7.9 Summary
7.1 INTRODUCTION
In the previous unit we have tried to give the general introduction of the
computer wrongs. In this unit we shall discuss the offences which are known
as the technologically neutral offences. These offences do not depend on
computer for their commission although their quantitative and qualitative impact
changes when committed on the cyberspace.
Many of the wrongful acts enlisted as an offence under the Indian Penal Code,
1860 are capable of being committed with the use or aid of or through computers
and technology. The technology acts only as a new medium to commit such
17
Cyber Crimes and Torts crimes. With the ease of use and anonymity available on the Internet, many
of the crimes like defamation, forgery, pornography, etc. are being committed
online.
While studying this unit you should keep the copy of the IPC for the quick
references of the definitions of the offences discussed in this unit.
7.2 OBJECTIVES
• discuss the offences defined under Indian Penal Code which are capable
of being committed on the internet;
• examine the new dimensions that have been added to these offences by
the use of information and communication technology (ICT); and
• analyse whether the provisions of Indian Penal Code dealing with these
offences are capable enough to address the challenges posed by the
information and communication technology with regard to these offences.
7.3 CYBER DEFAMATION

Every individual has a private right to protect his reputation. Every individual
has a right to its own personal space and he would not want others to interfere
in that ‘space’. However, a public right to freedom of speech and expression
guaranteed under Article 19(1)(a) of the Constitution of India makes
enforcement of our private right a challenge. A delicate balance has to be
maintained. The law of defamation has been designed to protect the reputation
of an injured person and provide such balance between private and public
rights by giving him the right to sue for damages. Defamation comprises of
both libel (defamation by means of writing) and slander (defamation by
speaking).
In the good old days, slander was more popular and possible. After the
popularity of the printing press, one witnessed the increase in libel. With the
advent of information technology and the Internet, libel has become much
more common and of course, easier. In this context, arises cyber defamation.
In simple words, it implies defamation by anything which can be read, seen
or heard with the help of computers/technology. Since the Internet has been
described as having some or all of the characteristics of a newspaper, a television
station, a magazine, a telephone system, an electronic library and a publishing
house, there are certain noticeable differences between online and offline attempt
of defamation which makes the online defamation more vigorous and effective.
In SMC Pneumatics Ltd. v Jogesh Kwatra,1 defamatory e-mails were allegedly

sent to the top management of SMC Numatics by the defendant, who has
since been restrained by the Delhi High Court from sending any form of
communication to the plaintiff. The High Court granted an ex-parte injunction
restraining the defendant from defaming the plaintiffs by sending derogatory,
defamatory, abusive and obscene e-mails either to the plaintiffs or their
subsidiaries. [Avinash Bajaj v State (NCT) of Delhi. Bail Appl. no. 2284 of
18 2004 decided on 21 Dec. 2004 [116 (2005) DLT 427].
7.3.1 Quantitative Impact of Cyber Defamation Conventional Crimes
Through Computer
Quantitatively, a comment defaming a person can be sent to a large number

of persons through e-mail by a click of the mouse. Much easier would be to
publish it on a discussion board known to be visited by thousands of persons
every day. On the number game, it is still more convenient to make available
the defamatory sentence to millions of people by merely publishing it on the
website. The number of people a comment defaming a person might reach is
gigantic and hence would effect the reputation of the defamed person much
more than would an ordinary publication. Of course, there is a rider to it. In
as much as there is a possibility of a large number of people reading the
defamatory sentence on a website, unless such website is known, it might not
even reach a single person at all. Thus, a defamatory sentence published on
a newspaper website would have a bigger impact than being published on a
website hardly known to the world at large.
7.3.2 Qualitative Impact of Cyber Defamation

Qualitatively, the impact of an online comment defaming a person would
again depend upon the fact as to where it has been published. Putting a
defaming message in specific a newsgroups (for example, a lawyer’s group in
case one wants to defame a lawyer) would necessarily have a more effective
negative impact on the reputation of the person being defamed rather putting
the same on a ladies’ kitty party group.
7.3.3 Corporate Cyber Smear

Harmful and defamatory online message has been termed as Corporate cyber
smear. It is a false and disparaging rumour about a company, its management
or its stock that is posted on the Internet. This kind of criminal activity has
been a concern especially in stock market and financial sectors where knowledge
and information are the key factors for businessmen. Persons indulging in
corporate cyber smear include disgruntled employees or insiders, ex-employees,
envious ex-colleagues, impostors, competitors, creditors, and even those seeking
a forum when they are denied employment or former shareholders.
False and defamatory statements made against Amazon Natural Treasures,

Inc. led to a stock price decline from an April 1997, 52-week high of $3.56
per share to approximately 12 cents per share. The low stock price led to a de-
listing from the OTCBB to the pink sheets. It transpired that the statements
were made by the owner of Demonte & Associates, a New York public relations
firm, who claimed that a collection agency was suing Amazon for about
$7,000.
7.3.4 Indian Law

Cyber defamation is covered under section 499 of Indian Penal Code (IPC)
read with section 4 of the IT Act. Section 499 of the IPC inter alia reads as
under:
19
Cyber Crimes and Torts 499. Defamation.Whoever, by words either spoken or intended to be read, or
by signs or by visible representations, makes or publishes any imputation
concerning any person intending to harm, or knowing or having reason to
believe that such imputation will harm, the reputation of such person, is said,
except in the cases hereinafter expected, to defame that person.
Explanation 1 — It may amount to defamation to impute anything to a deceased

person, if the imputation would harm the reputation of that person if
living, and is intended to be hurtful to the feelings of his family or other near
relatives.
Explanation 2 — It may amount to defamation to make an imputation

concerning a company or an association or collection of persons as such.
Explanation 3 — An imputation in the form of an alternative or expressed

ironically, may amount to defamation.
Explanation 4 — No imputation is said to harm a person’s reputation, unless

that imputation directly or indirectly, in the estimation of others, lowers the
moral or intellectual character of that person, or lowers the character of that
person in respect of his caste or of his calling, or lowers the credit of that
person, or causes it to be believed that the body of that person is in a loathsome
state, or in a state generally considered as disgraceful.
A bare perusal of the section above makes it clear that no specific mention has
been made with regard to any electronic publication. Section 4 of the IT Act,
however, gives legal recognition to electronic records. It reads as under:
4) Legal recognition of electronic records.

Where any law provides that information or any other matter shall be in
writing or in the typewritten or printed form, then, notwithstanding anything
contained in such law, such requirement shall be deemed to have been satisfied
if such information or matter is–
Keeping in mind the legal fiction being created by section 4 of the IT Act, if
any defamatory information is posted on the Internet either through e-mails or
chat rooms or chat boards, such posting would be covered under the section
499 requirement of ‘publication’ and would amount to cyber defamation. That
is the legal position of cyber defamation in India.

What is defamation? Discuss its quantitative and qualitative impact when
it is committed on the cyberspace.
........................................................................................................................
........................................................................................................................
20
........................................................................................................................ Conventional Crimes
Through Computer
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
7.4 DIGITAL FORGERY

Forgery is creation of a document which one knows is not genuine and yet
projects the same as if it is genuine. In common parlance, it is used more in
terms of affixing somebody else’s signature on a document. Digital forgery
implies making use of digital technology to forge a document. Desktop
publishing systems, colour laser and ink-jet printers, colour copiers, and image
scanners enable crooks to make fakes, with relative ease, of cheques, currency,
passports, visas, birth certificates, ID cards, etc.
7.4.1 Indian Law

Section 91 of the IT Act (read with the Second Schedule) amended
the provisions of the IPC in relation to ‘forgery’ to include ‘electronic
records’ as well. Section 29A has been inserted in the Indian Penal Code to
provide for a definition of ‘electronic record’. The words ‘electronic record’
will have the same meaning which is assigned to it in section 2(1)(t)2 of the
IT Act.
Section 464 of the IPC was amended by section 91 of the IT Act to include
a false electronic record. Under section 464, a person is said to make a false
electronic record:
1) Who dishonestly or fraudulently makes or transmits any electronic record
or part of any electronic record, or, affixes any digital signature on any
electronic record, or, makes any mark denoting the authenticity of the
digital signature, with the intention of causing it to be believed that such
electronic record or part of electronic record or digital signature was
made, executed, transmitted or affixed by or by the authority of a person
by whom or by whose authority he knows that it was not made, executed
or affixed; or 21
Cyber Crimes and Torts 2) Who, without lawful authority, dishonestly or fraudulently, by cancellation
or otherwise, alters an electronic record in any material part thereof, after
it has been made, executed or affixed with digital signature either by
himself or by any other person, whether such person be living or dead
at the time of such alteration; or
3) Who dishonestly or fraudulently causes any person to sign, execute or

alter an electronic record or to affix his digital signature on any electronic
record knowing that such person by reason of unsoundness of mind or
intoxication cannot, or that by reason of deception practised upon him,
he does not know the contents of the electronic record or the nature of
the alteration.
Explanation 3 to section 464 has also been inserted which, for the purpose of
this section, provides for the expression ‘affixing digital signature’ to have the
same meaning as assigned to it in section 2(1)(d)3 of the IT Act.
Section 463 of the IPC, after amendment, defines forgery, in relation to

electronic records, as making of any false electronic record or part thereof
with intent to cause damage or injury to the public or to any person, or to
support any claim or title, or to cause any person to part with property, or to
enter into any express or implied contract, or with intent to commit fraud or
that fraud may be committed. Section 466 (forgery of record of Court or of
Public register, etc.), section 468 (forgery for purpose of cheating), section
469 (forger for purpose of harming reputation), section 470 (forged document
or electronic record), section 471 (using as genuine a forged document), section
474 (having possession of document described in section 466 or 467, knowing
it to be forged and intending to use it as genuine) and section 476 (counterfeiting
device or mark used for authenticating documents other than those described
in section 467, or possessing counterfeit marked material) have also been
suitably amended to include ‘electronic records’. It may, however, be noticed
that section 467 which pertains to forgery of valuable security, will, etc., has
not been amended for the reason that section 1(4) bars the applicability of IT
Act to certain documents including will, trust, power-of-attorney, contract for
sale or conveyance of immovable property, etc. Therefore, digital forgery and
offences related to it are now covered under the IPC pursuant to the amendments
made by the IT Act.

The Convention on Cyber crime, Article 7 requires the member-States to
make laws to establish as criminal offences, when committed intentionally
and without right, the input, alteration, deletion, or suppression of computer
data, resulting in inauthentic data with the intent that it be considered or acted
upon for legal purposes as if it were authentic, regardless whether or not the
data is directly readable and intelligible.
22
Please answer the following Self Assessment Question. Conventional Crimes
Through Computer
What is digital forgery? How the technology has made its detection
sometimes very difficult?
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
7.5 CYBER PORNOGRAPHY

Pornography literally means, “Writings, pictures or films designed to be sexually
exciting”. Developing, distributing and propagating the same over the Internet
is termed as cyber pornography. This would include pornographic Web sites,
pornographic magazines produced using computers to publish and print the
material and the Internet to download and transmit pornographic pictures,
photos, writings, etc. In recent times, there have been innumerable instances
of promotion of pornography through the use of computers. Information
technology has made it much easier to create and distribute pornographic
materials through the Internet; such materials can be transmitted all over the
world in a matter of seconds. The geographical restrictions, which hitherto
prevented, to a certain extent, foreign publications to enter into local territories,
have disappeared.
7.5.1 Increase in Cyber Pornography

Two primary reasons why cyber pornography has, in recent years, gathered
much attention of both the offender and user, are: (a) Easy accessibility; (b)
Anonymity.
Individuals can easily view thousands of pornographic images day and night
within the privacy of the four walls of their homes. The Internet has decreased
the hurdle of shame that comes with purchasing pornographic materials in a
shop or the embarrassment of being caught with physical hard copies of porno
23
Cyber Crimes and Torts materials. The consumer of such publications is more comfortable in opening
a website and viewing/watching. With availability of broadband connections
and high downloading speeds, the demand, though privately, seems to have
risen.
On the other hand, anonymity has encouraged the offender to come out with
more explicit and real material with higher degrees of inducement. Anybody
can upload information onto a website from anywhere with the entire world
as its market/consumer. It is extremely difficult to pinpoint persons responsible
for such activities. It is also important to note that in countries where certain
degree of pornographic material is permitted to be published and distributed,
offenders quite often publish their information online from such countries
though knowing well that the online market extends well beyond the
geographical boundaries.
7.5.2 Child Pornography

What has, however, been most disturbing is the increase in child pornography.
Child pornography is different from other pornography, and consequently
receives more stringent legal treatment. It is distinguished as an issue of child
abuse — in its production and/or in the way it is used by pedophiles to desensitise
their victims. The growth of the Internet has provided child pornographers with
a distribution vehicle which is perceived to be relatively anonymous.
In February 2006, Mark S. Proctor was sentenced by U.S. District Court Judge
to a total of 151 months’ imprisonment after pleading guilty to possession and
distribution of child pornography. Proctor’s arrest was part of “Operation Clean-
Sweep”. an undercover operation initiated by the Miami Electronic Crimes
Task Force. A Secret Service agent met Proctor in a ‘Preteen’ Internet chat
room on ‘Yahoo’. Proctor, who believed the undercover agent was the parent
of a pre-teen girl, engaged the agent in sexually explicit chats about minors
and sent the undercover agent images of child pornography. A search warrant
of his residence and seizure of his computers revealed additional images of
child pornography. Proctor pled guilty.4
7.5.3 Indian Law

The issue of cyber pornography has been dealt with in section 67 of the IT Act
where publishing of information which is obscene in electronic form has been
made an offence. Section 67 reads as under:
67. Publishing of information which is obscene in electronic form.

Whoever publishes or transmits or causes to be published in the electronic
form, any material which is lascivious or appeals to the prurient interest or if
its effect is such as to tend to deprave and corrupt persons who are likely,
having regard to all relevant circumstances, to read, see or hear the matter
contained or embodied in it, shall be punished on first conviction with
imprisonment of either description for a term which may extend to five years
and with fine which may extend to one lakh rupees and in the event of a
second or subsequent conviction with imprisonment of either description for
a term which may extend to ten years and also with fine which may extend
24 to two lakh rupees.
The section provides that any material which is published, or transmitted or Conventional Crimes
Through Computer
caused to be published in the electronic form shall be an offence in the
following situations:
a) The material so published or transmitted is lascivious;
b) The material appeals to the prurient interest;
c) If the effect of the material is such as to tend to deprave and corrupt
persons who are likely, having regard to all relevant circumstances, to
read, see or hear the matter contained or embodied in it.
In case one is found committing an offence under section 67, he shall be
punished on first conviction with imprisonment of either description for a
term which may extend to five years and with fine which may extend to one
lakh rupees and in the event of a second or subsequent conviction with
imprisonment of either description for a term which may extend to ten years
and also with fine which may extend to two lakh rupees. It is worth noticing
that the obscenity test in section 67 is the same as that in section 292 of the
IPC which deals with sale of obscene books, etc.
Other enactments having a bearing on the issue of cyber pornography are

Indecent Representation of Women’s Act, 1986 and Young Persons (Harmful
Publication) Act, 1950. Persons dealing in cyber pornography that is accessible
to persons under the age of twenty years are also liable to be prosecuted under
section 293 of the IPC.
7.5.4 Cyber Crime Convention

The Convention on Cyber Crime has, under Article 9, dealt with child
pornography and corresponds to an international trend that seeks to ban child
pornography. It defines ‘child pornography’ as inclusive of such pornographic
material that visually depicts:
a) a minor engaged in sexually explicit conduct;
b) a person appearing to be a minor engaged in sexually explicit conduct;
c) realistic images representing a minor engaged in sexually explicit conduct.
The article requires the member countries to adopt laws which establish as
criminal offences under its domestic law, when committed intentionally and
without right, the following conduct:
1) Producing child pornography for the purpose of its distribution through
a computer system;
2) Offering or making available child pornography through a computer
system;
3) Distributing or transmitting child pornography through a computer system;
4) Procuring child pornography through a computer system for oneself or
for another person;
5) Possessing child pornography in a computer system or on a computer-
data storage medium.
25
Cyber Crimes and Torts It is worth noticing that ‘online pornography’ by itself has not been brought
within the four corners of the Convention. It is only the child pornography
which has been condemned in the Convention.

How the term pornography has been defined in Indian law?
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
7.6 CYBER STALKING / HARASSMENT

To stalk is to follow quietly and secretly. Cyber stalking is an electronic
extension of stalking. The electronic medium is used to pursue, harass or
contact another in an unsolicited fashion. The term is used to refer to the use
of the Internet, e-mail, or other electronic communication devices to stalk
another person. Stalking generally involves harassing or threatening behaviour
that an individual engages in repeatedly, such as following a person, appearing
at a person’s home or place of business, making harassing phone calls, leaving
written messages or objects, or vandalizing a person’s property.
7.6.1 Preferred Mode of Harassment

Five reasons why cyber stalking today is a preferred mode of harassment are:
a) Ease of communication
b) Access to personal information: With a bit hacking expertise, one might
easily be able to access personal information of a person which would
help in further harassment.
26
c) Anonymity: The cyber stalker can easily use an identity mask thereby Conventional Crimes
Through Computer
safeguarding his real identity.
d) Geographical location: In online cyber stalking the cyber stalker can be

geographically located anywhere.
e) Ease of indirect harassment: The cyber stalker does not directly harass
his victim. Rather, he would post such comments on a common discussion
board that would prompt the other users to send messages to the victim
under a misconceived notion.
In the first successful prosecution under California’s new cyber stalking law,
prosecutors in the Los Angeles District Attorney’s Office obtained a guilty
plea from a 50-year-old former security guard who used the Internet to solicit
the rape of a woman who rejected his romantic advances. The defendant
terrorized his 28-year-old victim by impersonating her in various Internet chat
rooms and online bulletin boards, where he posted, along with her telephone
number and address, messages that she fantasized of being raped. On at least
six occasions, sometimes in the middle of the night, men knocked on the
woman’s door saying they wanted to rape her. The former security guard
pleaded guilty in April 1999.5
Similar problem arose in State of Tamil Nadu v Suhar Katti,6 where a family
friend who wanted to marry a widow, on her refusal, started posting online
messages in her name as if she is soliciting. These messages resulted in
annoying phone calls. On a police complaint made in February 2004,
the accused was traced, put to trial and was ultimately found guilty of
offences under sections 469, 509 of the Indian Penal Code and section 67 of
the IT Act.
7.6.2 Indian Law

Chapter 22 of the Indian Penal Code deals with criminal intimidation, insult
and annoyance. Section 503 provides that whoever threatens another with any
injury to his person, reputation or property, or to the person or reputation of
anyone in whom that person is interested, with intent to cause alarm to that
person, or to cause that person to do any act which he is not legally bound to
do, or to omit to do any act which that person is legally entitled to do, as the
means of avoiding the execution of such threat, such person commits criminal
intimidation. Cyber stalking in effect is committing criminal intimidation with
the help of computers. The offender might be causing alarm by sending
messages via the Internet to the victim threatening injury to him, his property
or reputation. The computer is merely used as a tool for committing the
offence or rather improving upon the act of committing the offence and to be
able to more effectively threaten his victim. The anonymity over the Internet
gives the offender a suitable shield to commit the offence without being easily
detected. However, the end-result being the same, cyber stalking is merely
criminal intimidation under section 503 of the IPC.
27
Cyber Crimes and Torts Please answer the following Self Assessment Question.

Discusses the new dimensions added by the cyberspace to the concept of
stalking and harassment.
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
7.7 ONLINE GAMBLING

Gambling is in many countries illegal. Computer is a medium for the purposes
of online gambling. The act of gambling is categorised as an offence in some
countries and has a legal sanctity in others. The main concern with online
gambling is that most virtual casinos are based offshore making them difficult
to regulate. This means that people offer gambling services on the Internet
from countries where gambling is permitted where players, from such countries
where gambling is illegal, play and bet. It is in this situation that the Internet
helps the gamblers to evade the law. Anyone with access to a personal computer
and an Internet connection can purchase lottery tickets or visit gambling sites
anywhere in the world. The world of online gambling, due to its anonymity,
unfortunately has many other hazards like danger of illegal use of credit card
or illegal access to bank account.
In an interesting case, the managers and owners of six Internet sports betting
companies that operated offshore and allowed bettors in the United States to
gamble on football, basketball and other sports were charged with illegally
using the wires and telephone to transmit bets. The 14 individuals accused of
running the illegal betting operations were set up offshore in Caribbean or
Central American locations where sports betting is legal. Though the owners
contended that they are beyond the law because they are located in countries
where gambling is legal, the prosecution was of the view that so long as
money is wired or telephone calls are made from the United States, it doesn’t
28 matter where the company is set up.7
7.7.1 Indian Law Conventional Crimes
Through Computer
The Public Gambling Act, 1867 prohibits gambling. Section 3 of the Act
imposes a fine on the person opening a common gaming-house for others.
However, it is also worth noting that the Act presumes a physical place where
gambling will take place. The interpretation clause of the Act defined ‘common
gaming-house’ as any house, walled enclosure, room or place in which card,
dice, tables or other instruments of gaming are kept or used for the profit or
gain of the person owning, occupying, using or keeping such place.
Relevant provisions of the IPC dealing with cheating, criminal misappropriation

or criminal breach of trust could be applied in cases of online gambling.
However, there is no direct law on this point.
7.8 ONLINE SALE OF ILLEGAL ARTICLES

There are certain articles like drugs, guns, pirated software or music that
might not be permitted to be sold under the law of a particular country.
However, those who would want to sell such articles find Internet a safe zone
to open up online shops. There are specific concerns with regard to increase
in online sale of drugs. A simple Internet search will turn up dozens of Web
sites that let anyone order drug-of-choice for home-delivery.
The sale of illegal articles on the Internet is also one of those computer crimes
where the computer is merely a tool to commit the crime. The traditional
crime is already not permissible under various statutes. However, it is being
committed by using computer and through the Internet where one gets a better
and bigger market along with the benefit of anonymity.
In December 2004, the CEO of Bazee.com was arrested in connection with

sale of a CD with objectionable material on the website. The CD was also
being sold in the markets in Delhi. The Mumbai city police and the Delhi
Police got into action. The CEO was later released on bail by the Delhi High
Court.8 This opened up the question as to what kind of distinction do we draw
between Internet Service Provider and Content Provider. The burden rests on
the accused that he was the Service Provider and not the Content Provider.
7.8.1 Indian Law

Under the Indian law, many articles are prohibited for sale. For instance, with
regard to sale of arms and ammunition, section 7 of the Arms Act, 1959
specifically prohibits sale of any prohibited arms or prohibited ammunition by
any person. Section 9B of the Indian Explosive Act, 1884 makes sale of any
explosive an offence if it is done in contravention of the rules. Likewise,
section 8 of the Narcotic Drugs and Psychotropic Substances Act, 1985 prohibits
sale or purchase of any narcotic drug or psychotropic substance. As regards
drugs, sections 18, 27, 27A, 28B and 33I of the Drugs and Cosmetics Act,
1940 prohibit sale of certain drugs or cosmetics. Similarly the sale of banned
animal products would be covered under the Wild Life (Protection) Act, 1972.
Dealing illegally in antiques is covered by the Antiques and Art Treasures
Act, 1972. 29
Cyber Crimes and Torts Therefore, as far as the issue of legality of sale of any article on the Internet
is concerned, it would be governed by a specific statute. Merely because it is
being sold through the Internet would not change the character of sale and
would still be within the ambit of the prohibitory provision of the enactment.
7.9 SUMMARY
This unit discusses the crimes enumerated in the IPC which can be committed
with the aid of the Information Communication Technology (ICT) with more
ease and some times with more impunity.
Defamation law – aims at protecting the reputation of the injured person and
giving him the right to sue if his reputation is damaged. If a defamatory
statement is published on the website, it may have more quantitive and
qualitative impact as compared to the publication in a newspaper etc. for
instance e-mailing a defamatory statement to a large number of persons or
posting it on a discussion board or newsgroups of a profession e.g. lawyers
etc. may prove to be very injurious.
Similarly, corporate cyber smearing i.e. injurious or defamatory statement

about a company or its officials may be more harmful than the other medium
of publication.
Forgery – forgery is a creation of a document which the person knows to be

not genuine and yet he projects it to be genuine. With the use of the desk top
publishing system, laser and ink-jet printers, colour copier, image scanner etc
forged documents such as birth certificates, passports etc can be made and it
is more difficult to test the genuineness of such documents.
Pornography – means writings, pictures and films which are sexually exciting.
Pornographic material on the Internet can be accessed by any one any where
in the world in privacy and without feeling shame irrespective of whether the
law of such country permits it or not.
The most disturbing aspect is the increase in the child pornography.
Cyber stalking/harassment – stalking means to follow quietly and secretly. It

refers to the use of Internet, e-mail and other communication devices harass
or intimidate etc. with a bit expertise in hacking, a person may have access
to the personal information stored in the computer and use in stalking and
while doing it, he may conceal his identity also.
Gambling – online gambling websites can be operated from the country where
it is not illegal. In such types of virtual casinos, it is not necessary to be
present in the country from where the site is being operated. A person can be
engaged in gambling while sitting in his home even if it is illegal in his
country.
Online illegal sale of articles – such as drugs, arms, pirated copies of software’s
etc. Internet provides a bigger market and privacy to the seller. Through online
shopping, these goods can be sold even if their sale is prohibited by law.
30
Conventional Crimes
7.10 TERMINAL QUESTIONS Through Computer
1) Discuss how the information and communication technology have added

new dimensions to many of the technology neutral offences as defined in
the Indian Penal Code of 1860.

1) Every individual has a private right to protect his reputation. Every
individual has a right to its own personal space and he would not want
others to interfere in that ‘space’. However, a public right to freedom of
speech and expression guaranteed under Article 19(1)(a) of the
Constitution of India makes enforcement of our private right a challenge.
A delicate balance has to be maintained. The law of defamation has been
designed to protect the reputation of an injured person and provide such
balance between private and public rights by giving him the right to sue
for damages. Defamation comprises of both libel (defamation by means
of writing) and slander (defamation by speaking).
Quantitative impact of Cyber Defamation
Quantitatively, a comment defaming a person can be sent to a large
number of persons through e-mail by a click of the mouse. Much easier
would be to publish it on a discussion board known to be visited by
thousands of persons every day.
Qualitative impact of Cyber Defamation
Qualitatively, the impact of an online comment defaming a person would
again depend upon the fact as to where it has been published. Putting a
defaming message in specific a newsgroups (for example, a lawyer’s
group in case one wants to defame a lawyer) would necessarily have a
more effective negative impact on the reputation of the person being
defamed rather putting the same on a ladies’ kitty party group.
2) Forgery is creation of a document which one knows is not genuine and
yet projects the same as if it is genuine. In common parlance, it is used
more in terms of affixing somebody else’s signature on a document.
Digital forgery implies making use of digital technology to forge a
document. Desktop publishing systems, colour laser and ink-jet printers,
colour copiers, and image scanners enable crooks to make fakes, with
relative ease, of cheques, currency, passports, visas, birth certificates, ID
cards, etc.
3) Pornography literally means, “Writings, pictures or films designed to be
sexually exciting”. Developing, distributing and propagating the same
over the Internet is termed as cyber pornography. This would include
pornographic Web sites, pornographic magazines produced using
computers to publish and print the material and the Internet to download
and transmit pornographic pictures, photos, writings, etc. In recent times,
there have been innumerable instances of promotion of pornography
through the use of computers. Information technology has made it much
easier to create and distribute pornographic materials through the Internet;
31
Cyber Crimes and Torts such materials can be transmitted all over the world in a matter of seconds.
The geographical restrictions, which hitherto prevented, to a certain extent,
foreign publications to enter into local territories, have disappeared.
4) To stalk is to follow quietly and secretly. Cyber stalking is an electronic
extension of stalking. The electronic medium is used to pursue, harass or
contact another in an unsolicited fashion. The term is used to refer to the
use of the Internet, e-mail, or other electronic communication devices to
stalk another person. .
Preferred mode of harassment
Five reasons why cyber stalking today is a preferred mode of harassment
are:
a) Ease of communication
b) Access to personal information: With a bit hacking expertise, one

might easily be able to access personal information of a person
which would help in further harassment.
c) Anonymity: The cyber stalker can easily use an identity mask thereby
safeguarding his real identity.
d) Geographical location: In online cyber stalking the cyber stalker can

be geographically located anywhere.
e) Ease of indirect harassment: The cyber stalker does not directly

harass his victim. Rather, he would post such comments on a common
discussion board that would prompt the other users to send messages
to the victim under a misconceived notion.
Internet knows no boundaries. Communication has begun faster and easier. It

has become easy to conceal his identity and commit offences. Internet gives
access to a large number of persons irrespective of geographical boundaries
through e-mail, newsgroups, online shopping etc.
Study the offences discussed in the unit and see how ICT has provided the
technology which can be used in the commission of these offences.

1. Sharon Walsh. Washington Post Staff Writer. “14 Charged in Internet
Betting. The Washington Post”. <http://www.washingtonpost.com/wp-srv/
national/longterm/intgambling/stories/charged.htm.>.
2. Judgment delivered by Ld. Additional Chief Metropolitan Magistrate.
Egmore on 05.11.2004.
32
Conventional Crimes
3. <http://www.usdoj.gov/criminal/cybercrime/cyberstalking.htm>. Through Computer
4. 6 No. 6 Cyber Crime Law Reporter 6 <http://www.usdoj.gov/usao/fls/
060210-03.html>.
5. S. 2(1)(t).- ‘electronic record’ means, data, record or data generated,

image or sound stored, received or sent in an electronic form or micro
film or computer generated micro fiche.
6. S. 2(1)(d).- ‘affixing digital signature’, with its grammatical variations

and cognate expressions means adoption of any methodology or procedure
by a person for the purpose of authenticating an electronic record by
means of digital signature.
7. <http://www.legalservicesindia.com/articles/defcy.htm>.
8. Suit no. 1279 of 2001, Delhi High Court.
33
UNIT 8 CRIMES AND TORTS
COMMITTED ON A COMPUTER
NETWORK AND RELATING TO
ELECTRONIC MAIL
Structure
8.1 Introductions
8.2 Objectives
8.3 Hacking/Unauthorized Access
8.3.1 Hacker Ethics
8.3.2 Indian Law
8.3.3 Cyber Crime Convention of the Council of Europe
8.4 Denial of Service
8.4.1 Distributed Denial of Service
8.4.2 Indian Law
8.4.3 Convention on Cyber Crime of the Council of Europe
8.5 Crimes Relating to Electronic Mail: E-mail Spamming/E-mail Bombing
8.5.1 Problem for ISPs
8.5.2 ‘False’ Spam Messages
8.5.3 Indian Law
8.6 Crimes Relating to Electronic Mail: E-mail Spoofing
8.6.1 Indian Law
8.7 Summary
8.1 INTRODUCTION
In the previous unit we have discussed that the information and communication
technology has added new dimentions to traditional crimes. Computer and
cyberspace has given rise to many of the wrongs which were hitherto unknown
to the mankind. These crimes are of very complicated nature and highly
sophisticated technology is applied in committing these crimes. This unit
discusses some of them. In this unit we shall also discuss how these offences
have been dealt with in the Indian law and Cyber Crime Convention of the
Council of Europe.
It is recomended that you should read chapter IX and XI of the IT Act, 2000
which defines these offences. Sub-section 3 of the Unit 3 of the Block 1 may
34 be referred to in this connection.
Crimes and Torts
8.2 OBJECTIVES Committed on a Computer
Network and Relating to
After studying this unit, you should be able to: Electronic Mail
• analyse the concept of hacking and what is Indian law on the issue?;
• discuss various forms of denyal of service and legal provisions dealing
with the issue; and
• discuss how the unsolicited e-mail spanning and e-spoofing has caused
problems to the user and service providers and is Indian law sufficient
to deal with this menace?
8.3 HACKING/UNAUTHORIZED ACCESS

Trespassing is a word known to us. Simply put, it means entering upon or into
a property owned by someone else without his or her permission. In the offline
world, ‘entering’ would imply physical entry into the property. Trespassing has
both civil and criminal consequences.
Trespassing has a digital counterpart which is referred to as hacking. Hacking

means unauthorized access to a computer system. The computer serves as a
tool to commit the crime as also necessarily is the target of such crimes. It is
one of the most popular and fastest growing computer crimes and has been
escalated with the aid of the Internet.
8.3.1 Hacker Ethics

Hacking has generally been understood as interacting with a computer in a
playful and exploratory rather than goal-directed way. The word ‘hack’ at the
Massachusetts Institute of Technology (MIT) usually refers to a clever, benign,
and “ethical” prank or practical joke, which is both challenging for the
perpetrators and amusing to the MIT community (and sometimes even the rest
of the world!). Those who hack also concern themselves with hack ethic
(belief that system-cracking for fun and exploration is ethically OK as long as
the cracker commits no theft, vandalism or breach of confidentiality). At the
basic level, hackers are considered to be learners and explorers who want to
help rather than cause damage, and who often have very high standards. Many
call those who break into (crack) computer systems, “crackers”. A “hacker” is
someone who does some sort of interesting and creative work at a high intensity
level. This applies to anything from writing computer programs to pulling a
clever prank that amuses and delights everyone. According to the “hacker
ethic”, a hack must:
• be safe;
• not damage anything;
• not damage anyone, either physically, mentally or emotionally;
• be funny, at least to most of the people who experience it.
However, trouble arises when these hackers go overboard and start prying into
protected system and data for personal gain or mischief. There have been
attempts to hack into remote computer systems for multiple purposes like data 35
Cyber Crimes and Torts theft, fraud, destruction of data, causing damage to computer systems, etc. It
should be noted that hacking per se might not be injurious unless the hacker
does something beyond the act of hacking like even reading through data/
information stored on the hacked computer. For instance, hacking to Internet
and telephone service providers’ computer systems and stealing personal
information and making bomb threats.
In March 2005, one Mr. Lyttle, who is known as one of the members of the
self-titled hacking group called ‘The Deceptive Duo’, pleaded guilty and
admitted that he unlawfully accessed computer systems of various American
federal agencies in April 2002, including the Department of Defense’s Defense
Logistic Information Service (DLIS), the Office of Health Affairs (OHA), and
NASA’s Ames Research Center (ARC). In particular, Mr. Lyttle admitted that
he gained unauthorized accessed to DLIS computers in Battle Creek, Michigan,
for the purpose of obtaining files that he later used to deface an OHA website
hosted on computers in San Antonio, Texas.1
In April 2005, a person by name Mr. Heckenkamp was sentenced to

imprisonment for gaining unauthorized access to eBay computers during
February and March 1999. Using this unauthorized access, Mr. Heckenkamp
defaced an eBay Web page using the name “MagicFX”. He also installed
“trojan” computer programs – or programs containing malicious code masked
inside apparently harmless programs – on the eBay computers that secretly
captured usernames and passwords that Mr. Heckenkamp later used to gain
unauthorized access into other eBay computers. He also gained unauthorized
access to Qualcomm computers in San Diego in late 1999 and installed multiple
“trojans” programs which captured usernames and passwords used to gain
unauthorized access into more Qualcomm computers.2
8.3.2 Indian Law

Under the Indian law, however, ‘hacking’ has been given a wider dimension
then mere ‘illegal access’ as contemplated under the Cyber Crime Convention.
Hacking simpliciter entails civil consequences whereas hacking along with
commission of other act like downloading information or lodging a virus
results in criminal charges.
The definition provided under the Indian law surpasses the generally accepted
meaning of hacking. Section 66(1) of the IT Act requires hacking to mean:
“(1) Whoever with the intent to cause or knowing that he is likely to cause
wrongful loss or damage to the public or any person destroys or deletes or
alters any information residing in a computer resource or diminishes its value
or utility or affects it injuriously by any means, commits hack.”
A plain reading makes it amply clear that the pre-requisite for ‘hacking’ is not
plain unauthorized access to a computer, whether intentional or not, but further
requires: (a) destruction or deletion or alteration of any information residing
in a computer resource; (b) such activity has lead to the diminishing of the
value or utility of the information or affects it injuriously by any means; and,
(c) such activity was done to cause or knowing that it is likely to cause
36
wrongful loss or damage to the public or any person. We will revert to further Crimes and Torts
Committed on a Computer
discussion on this a bit later in this unit. Network and Relating to
Electronic Mail
The Indian law provides for damages in case mere hacking or unauthorized
access into a computer system. A person might just gain access, without
authorization, into a computer system and do nothing else. The IT Act provides
for payment of compensation in case of such illegal intrusion. Section 43 (a)
provides that:
“If any person without permission of the owner or any other person who is in
charge of a computer, computer system or computer network, —
a) accesses or secures access to such computer, computer system or computer
network;
he shall be liable to pay damages by way of compensation not exceeding one
crore rupees to the person so affected.”
Thus, any access to a computer without the permission of the owner or any
other person who is in-charge would entail civil consequences. There is no
requirement of any actual damage, either data or information damage or
computer damage, for liability under section 43(a). Mere unauthorized access
is enough.
Hacking coupled with some other act would lead to criminal charges. If an act
done comes within the definition of hacking provided in Section 66(1)
reproduced above, it would be punishable in accordance with sub-section (2)
of Section 66:
“Whoever commits hacking shall be punished with imprisonment up to three

years, or with fine which may extend upto two lakh rupees, or with both.”
A reading of sub-section (1) makes it clear that the emphasis for committing
‘hacking’ under the IT Act is on the effect i.e. on the information residing in
the computer and any subsequent wrongful loss due to access rather than mere
access to a computer itself. For instance, if somebody needs to steal credit
card numbers and passwords from a computer system, he has to necessarily
access the computer and then download the information. Such access might
be authorized or unauthorized. The emphasis of ‘hacking’, under Section 66,
is not on the nature of access but rather on the act done subsequent to such
access. Generally, ‘hacking’ concerns access to a computer. Further acts are
categorised under different cyber crimes. However, as we move ahead and
deal with different kinds of cyber crimes, it would be clear that most, if not
all, of the cyber crimes emanate from section 66(1). The Indian law, for the
purposes of cyber crimes, is almost condensed into section 66.
Special provisions have been framed under the IT Act for protection of
‘protected systems’. Section 70 deals with declaration of a system to be a
protected system, persons authorized to access such system and further provides
for punishment in case unauthorized access into protected system. It reads
thus:
37
Cyber Crimes and Torts “70. Protected system.
1) The appropriate Government may, by notification in the Official Gazette,
declare that any computer, computer system or computer network to be
a protected system.
2) The appropriate Government may, by order in writing, authorize the
persons who are authorized to access protected systems notified under
sub-section (1).
3) Any person who secures access or attempts to secure access to a protected
system in contravention of the provisions of this section shall be punished
with imprisonment of either description for a term which may extend to
ten years and shall also be liable to fine.”
The appropriate Government has been defined under clause (3) of sub-section
(1) of Section 2 as:
“appropriate Government” means as respects any matter,—
i) enumerated in List II of the Seventh Schedule to the Constitution;
ii) relating to any State law enacted under List III of the Seventh Schedule
to the Constitution, the State Government and in any other case, the
Central Government;
Instances of a ‘protected system’ could be computer systems belonging to the
defence, income tax department computer systems, atomic and nuclear energy
systems, computer systems of educational institutions of national importance
like the Super Computer Centre at the Indian Institute of Sciences, Bangalore.
It is noticeable that where the maximum punishment for hacking under section
66 is three years imprisonment, the same can go upto ten years in case of
access or attempt to access to a protected system under section 70.

Under the Convention for Cyber crime by the Council of Europe, hacking has
been termed as ‘illegal access’ in Article 2. It refers to access to the whole or
any part of a computer system without right. Such access should be committed
intentionally and might be committed by infringing security measures, with
the intent of obtaining computer data or other dishonest intent, or in relation
to a computer system that is connected to another computer system. The scope
of ‘illegal access’ under the Convention is somewhat broader than mere
‘hacking’. It would also include ‘cracking’ and any other access made without
authorization, by whatever name it might be called. The requirements are two
fold: (a) access without right; (b) intentional access.

What is hacking and when it is punishable under Indian law?
........................................................................................................................
........................................................................................................................
38
........................................................................................................................ Crimes and Torts
........................................................................................................................ Network and Relating to
Electronic Mail
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
8.4 DENIAL OF SERVICE

A ‘denial-of-service’ attack is characterised by an explicit attempt by attackers
to prevent legitimate users of a service from using that service. As the name
suggests, the purpose is to deny someone from using a service.
Examples include:
• Attempts to ‘flood’ a network, thereby preventing legitimate network
traffic;
• Attempts to disrupt connections between two machines, thereby preventing
access to a service;
• Attempts to prevent a particular individual from accessing a service;
• Attempts to disrupt service to a specific system or person.
Denial-of-service attacks can essentially disable one’s computer or one’s
network. Depending on the nature of the enterprise, this can effectively disable
an organization. The term can be applied to any situation where an attacker
attempts to prevent the use or delivery of a valued resource to its intended
audience or customer. It can be implemented via multiple methods, physically
and digitally.
For example, an attacker can deny access to telephone systems by physically

cutting the telephone lines. Another way could be by calling a person
continuously so that any other trying to contact the ‘attacked person’ finds
such person’s phone line busy all the time.
In the online world, denial-of-service would include blocking the computer

systems of, for example, a bank. It can have devastating effects where a
bank’s website is blocked so that its customers are unable to avail the online
services, unable to open their accounts or transact online.
39
Cyber Crimes and Torts In what was described as the most devastating assault on the World Wide Web
in the history of the Internet, a teenager by name ‘Mafiaboy’ was, on 07.02.2000,
able to deny legitimate users the services of Yahoo.com by propelling an
encyclopaedia’s worth of electronic information every second. By using various
university computers as ‘zombies’, he was able to attack the Web site from
various virtual locations. On second day, Buy.com, eBay.com, CNN.com and
Amazon.com could not be reached by the online customers. On the third day,
stock traders of E*TRADE Financial were stymied when its Internet servers
were felled by a barrage of data. This particular DDoS led to a loss of millions
in revenue because shoppers were blocked from each company’s Internet home
page. After a thorough investigation, Mafiaboy, a 15-year old boy, was traced
in Montreal, Canada.
8.4.1 Distributed Denial of Service

Where denial-of-service is referred to a single computer disabling another
computer or network, a distributed denial-of-service is one where a number of
compromised systems attack a single target. The attacker identifies a ‘master’
system and ‘slave’ systems (which might be thousands depending upon the
availability), and with the use of viruses and Trojan horse programs, controls
such systems and initiates a sustained attack on the target system. The purpose
is to flood the target system with incoming messages coming from all the
compromised systems thereby forcing it to shut down, and denying service to
the system to legitimate users. With enough such slave systems, the services
of even the largest and most well-connected websites can be denied.
In December 2005, one Mr. Clark admitted to have accumulated approximately

20,000 ‘bots’ by using a worm program that took advantage of a computer
vulnerability in the Windows Operating System – the ‘Remote Procedure Call
for Distributed Component Object Model’, or RPC-DCOM vulnerability. The
‘bots’ were then directed to a password-protected Internet Relay Chat (IRC)
server, where they connected, logged in, and waited for instructions. When
instructed to do so by Mr. Clark, the ‘bots’ launched DDoS attacks at computers
or computer networks connected to the Internet. Mr. Clark personally
commanded the ‘bots’ to launch DDoS attacks on the name server for eBay.com.
As a result of these commands, Mr. Clark intentionally impaired the infected
computers and eBay.com.3
8.4.2 Indian law

Section 43(f) of the IT Act specifically provides for penalty in case anyone is
found guilty of causing denial of access. It reads as under:
“If any person without permission of the owner or any other person who is in
charge of a computer, computer system or computer network, —
(b) denies or causes the denial of access to any person authorized to access
any computer, computer system or computer network by any means;
he shall be liable to pay damages by way of compensation not exceeding one

crore rupees to the person so affected.”
40
8.4.3 Convention on Cyber Crime of the Council of Europe Crimes and Torts
Network and Relating to
The Convention on Cyber crime covers denial-of-service under Article 5. It Electronic Mail
states that:
“Article 5 – System interference: Each Party shall adopt such legislative and
other measures as may be necessary to establish as criminal offences under its
domestic law, when committed intentionally, the serious hindering without
right of the functioning of a computer system by inputting, transmitting,
damaging, deleting, deteriorating, altering or suppressing computer data.”
The attacker interferes with the system while it, without right, transmits and/
or inputs data which seriously hinders the functioning of a computer system.
The Convention requires every member-country to make domestic laws which
establishes such acts as criminal offences.

What are the ways by which the legitimate users are denied access to the
network?
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
8.5 CRIMES RELATING TO ELECTRONIC MAIL:

E-MAIL SPAMMING/E-MAIL BOMBING
Spam refers to sending of unsolicited messages in bulk. Technically, it overflows
the limited-sized memory by excessively large input data. In relation to e-mail
accounts, it means bombing an e-mail account with a large number of messages
maybe the same or different messages. The contents of the message are not
41
Cyber Crimes and Torts relevant. Neither does it refer to ‘abuse’ messages or ‘advertisements’. It
necessarily is measured by the number of messages which are sent across as
to have the tendency of blocking the e-mail account. Instead of sending huge
volumes of data at one go (as in denial-of-service), the general practice seems
to be of sending a few messages everyday, regularly and constantly. The
economic costs are generally unrecoverable in terms of user’s time, attention
and effort to go through each and every message and disposing them. The
MSN Hotmail and Yahoo accounts presently are the most sought for places for
sending regular spam e-mails.
Interestingly, there is a company by name SPAM selling primarily food products.

On their website, www.spam.com, there is an interesting history on ‘spam’.
As the story goes, in Monty Python skit, a group of Vikings sang a chorus of
“spam, spam, spam...” in an increasing crescendo, drowning out other
conversation. Hence, the analogy applied because all unsolicited mails are
drowning out normal communication on the Internet.
In March 2006, one Clason from New Hampshire (USA) with two more
associates pleaded guilty of transmission of spam e-mails containing graphic
pornographic images. They conspired to engage in the business of sending
spam e-mails for their own personal gain. America Online, Inc. received more
than 600,000 complaints between Jan. 30, 2004 and June 9, 2004 from its
users regarding spam e-mails that had allegedly been sent by the defendants’
spamming operation. The e-mails sent by the accused advertised pornographic
Internet Web sites in order to earn commissions for directing Internet traffic
to these Web sites.4
In EarthLink Inc. v. Smith,5 the court awarded an Atlanta-based Internet service

provider EarthLink Inc. $24.8 million against the defendant, a junk e-mailer
based in Johnson City, Tenn, for bombarding its network with more than one
billion e-mails over a 12-month period. It was found that the defendant was
engaged in a massive scheme of illegal acts, including spamming. He would
pose as someone with a legitimate need for passwords and credit card numbers,
including the ISP of the victim, or a retail merchant trying to complete a sale,
to obtain them. He would then use the accounts of EarthLink customers to
send out more fraudulent e-mails, or open accounts and sell them to other
spammers for the same purpose, opening over 1,000 accounts in all.
8.5.1 Problem for ISPs

For Internet service providers (ISP), spam e-mails present a big threat because
of its enormity and anonymity. A spammer can very well send hundreds of
messages to a particular ISP server thereby blocking the genuine messages to
reach the ISP at all. The disgruntled consumers would prefer shifting over to
another ISP service. In terms of infrastructure, these spam mails also put an
enormous pressure on the computer systems and networks.
8.5.2 ‘False’ Spam Messages

It is also noticed that most of the ‘spam’ messages clogging online mailboxes
42
probably are ‘false’ in some way. The US Federal Trade Commission is of the
view that spam e-mails involving investment and business opportunities are Crimes and Torts
especially dubious, with an estimated 96 per cent containing information that Network and Relating to
probably is false or misleading. In a study of random sample of 1,000 unsolicited Electronic Mail
e-mails taken from a pool of more than 11 million pieces of spam collected,
the agency looked for deceptive claims in a message’s text or the ‘from’ or
‘subject’ lines. Twenty percent of the spam studied involved business
opportunities such as work-at-home and franchise offers. Offers for pornography
or dating services accounted for another 18 per cent. Spam involving pitches
for credit cards, mortgages and insurance was the third largest category at 17
per cent.
8.5.3 Indian Law

The issue of spamming has not been directly dealt with in any Indian statute.
However, the law of nuisance under tort law can be employed, for the present,
for bringing the spammer to books. Under the law of torts, nuisance is supposed
to have been caused by an act or omission, whereby a person is unlawfully
annoyed, prejudiced or disturbed in the enjoyment of property. The feature
that gives it unity is the interest invaded. The emphasis is more on the harm
to the plaintiff rather than the conduct of the defendant.
Spam is an unsolicited message requiring one’s time and effort to get rid off.
A regular supply of such spam messages would naturally result in considerable
annoyance. It would also directly hamper the interest of the user in his electronic
mailbox where he does not expect any interference and encroachment. The
result, apart from loss of Internet working hours and thwarting one’s regular
e-mail stream, could be one of mental agony and distress.
In case an Internet service provider is receiving a voluminous, regular supply

of spam messages that is disrupting its entire network and consuming its disk
space, section 43(e) of the IT Act can be a good refuge. Section 43(e) requires
that a person should have disrupted or caused the disruption of any computer,
computer system or computer network. A constant barraging of unwanted
messages causing non-delivery of genuine messages to and from its users
would be enough for an ISP for claiming disruption of a computer network.
However, since there are related concerns of availability of ‘opt-in’ and ‘opt-
out’ options with spam messages, it is desirable that a law directly relates to
spamming and its punishment be introduced.

Since the unsolicited bulk emails have the capability of interference with
regular flow of data also hamper the regular working of a system, they can be
categories under Articles 4 and 5 of the Convention. Article 4 requires every
member-State to adopt such laws so as to make every act of damaging, deletion,
deterioration, alteration or suppression of computer data without right an
offence. Similarly, Article 5 of the Convention requires the member-States to
take legislative steps to declare such act as an offence which, when intentionally
committed, seriously hinders without right the functioning of a system by
inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing
computer data.
43
What is e-mail spanning or bombing? Discuss how it affects the user of
e-mail service as well as the service provider.
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
8.6 CRIMES RELATING TO ELECTRONIC MAIL:

E-MAIL SPOOFING
E-mail spoofing is electronic disguising. A spoofed e-mail is one that appears
to originate from one source but actually has been sent from another source.
It is the process of electronically covering one’s electronic communication in
the name of another. It is the practice of disguising an e-mail to make the e-
mail appear to come from an address from which it actually did not originate.
It involves placing in the “From” or “Reply-to” lines, or in other portions of
e-mail messages, an e-mail address other than the actual sender’s address,
without the consent or authorization of the user of the e-mail address whose
address is spoofed.
E-mail spoofing may occur in different forms, but all have a similar result: a
user receives e-mail that appears to have originated from an ostensible source.
It is often an attempt to trick the user into making a damaging statement or
releasing sensitive information (such as passwords). The purpose is make one
reveal such information which otherwise would not be revealed by the person
himself or by an organization constrained by privacy laws. Examples of spoofed
e-mail that could compromise one’s information:
• E-mail claiming to be from a system administrator requesting users to
change their passwords to a specified string and threatening to suspend
44 their account if they do not do this;
• E-mail claiming to be from a person in authority requesting users to send Crimes and Torts
them a copy of a password file or other sensitive information; Network and Relating to
• E-mail from your credit card company asking again for your personal Electronic Mail
details, credit card number and password to access online account, etc.
In Federal Trade Commission v. Brian D. Westby [2004 WL 1175047 (N.D.I11.),
Case No.03 C 2540, judgment on 4 Mar. 2004.] et al, the US District Court of
Illinois found the defendants guilty of spoofing and passed an order of injunction
restraining and enjoining them from the practice of spoofing in connection with
the advertising, promotion, offering or sale of goods in commerce. Since May
2002, the defendant has been engaged in the activity of sending unsolicited bulk
commercial emails with e-mail addresses of un-related third parties as the “reply-
to” or “from” address. As a result, third parties whose e-mail addresses or domain
names were spoofed suffered injury to their reputations by having themselves
wrongfully affiliated with the sending of bulk unsolicited e-mail.
8.6.1 Indian Law

E-mail spoofing is a variation of digital forgery where one attempts to
impersonate another person by sending a false electronic record which though
purported to be have been made and/or signed by the latter person, but in fact
is not. This kind of computer crime is also covered by the provisions under
the IPC relating to forgery under Chapter XVIII of the Indian Penal Code.
Particularly, Section 463 dealing with forgery needs proper interpretation.
Section 463 reads as under:
“463. Forgery.-Whoever makes any false documents or part of a document

with intent to cause damage or injury, to the public or to any person, or to
support any claim or title, or to cause any person to part with property, or to
enter into any express or implied contract, or with intent to commit fraud or
that fraud may be committed, commits forgery.”
Since the primary objective of e-mail spoofing is to induce the receiver of

e-mail to part with certain information by making a false document purportedly
sent by a person from whom it is not actually sent, it would be covered within
the offence of forgery. However, it is desirable that a law directly relating to
e-mail spoofing and punishment thereof be framed.

Under the Convention on Cyber crime, Article 7 requires the member-States
to make laws to establish as criminal offences, when committed intentionally
and without right, the input, alteration, deletion, or suppression of computer
data, resulting in inauthentic data with the intent that it be considered or acted
upon for legal purposes as if it were authentic, regardless whether or not the
data is directly readable and intelligible. The scope of this Article is wide and
would also include e-mail spoofing since it involves input of data (an e-mail
address in the ‘From’ column of an e-mail) resulting in inauthentic data
(a false ‘From’ e-mail address) for the purpose of being acted upon and divulge
information which otherwise the receiver of the e-mail would not.
45
What is e-mail spoofing.
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
8.7 SUMMARY
Computer and cyberspace has given rise to many of the wrongs which were
hitherto unknown to the mankind. These crimes are of very complicated nature
and highly sophisticated technology is applied in committing these crimes.
Indian IT Act has made adequate provisions for punishing these crimes. Some
of the examples of this crimes are –
Hacking/Unauthorized Access
• Hacker Ethics
• Indian Law
• Cyber Crime Convention
Denial of Service
• Distributed Denial of Service
• Crimes relating to Electronic Mail: E-mail Spamming/E-mail Bombing
• Problem for ISPs
• ‘False’ spam messages
• Indian Law
46
Crimes relating to Electronic Mail Crimes and Torts
• E-mail Spoofing Network and Relating to
Electronic Mail
• Indian Law

1) Discuss in brief the various forms of computer and cyberspace related
crimes. Does the Indian law adequately deal with them?

1) Trespassing is a word known to us. Simply put, it means entering upon
or into a property owned by someone else without his or her permission.
In the offline world, ‘entering’ would imply physical entry into the
property. Trespassing has both civil and criminal consequences.
Trespassing has a digital counterpart which is referred to as hacking.
Hacking means unauthorized access to a computer system. The computer
serves as a tool to commit the crime as also necessarily is the target of
such crimes. It is one of the most popular and fastest growing computer
crimes and has been escalated with the aid of the Internet.
2) A ‘denial-of-service’ attack is characterised by an explicit attempt by

attackers to prevent legitimate users of a service from using that service.
As the name suggests, the purpose is to deny someone from using a
service
Denial-of-service attacks can essentially disable one’s computer or one’s

network. Depending on the nature of the enterprise, this can effectively
disable an organization. The term can be applied to any situation where
an attacker attempts to prevent the use or delivery of a valued resource
to its intended audience or customer. It can be implemented via multiple
methods, physically and digitally.
3) Spam refers to sending of unsolicited messages in bulk. Technically, it

overflows the limited-sized memory by excessively large input data. In
relation to e-mail accounts, it means bombing an e-mail account with a
large number of messages maybe the same or different messages. The
contents of the message are not relevant. Neither does it refer to ‘abuse’
messages or ‘advertisements’. It necessarily is measured by the number
of messages which are sent across as to have the tendency of blocking
the e-mail account. Instead of sending huge volumes of data at one go
(as in denial-of-service), the general practice seems to be of sending a
few messages everyday, regularly and constantly. The economic costs are
generally unrecoverable in terms of user’s time, attention and effort to go
through each and every message and disposing them. The MSN Hotmail
and Yahoo accounts presently are the most sought for places for sending
regular spam e-mails.
47
Cyber Crimes and Torts 4) E-mail spoofing is electronic disguising. A spoofed e-mail is one that
appears to originate from one source but actually has been sent from
another source. It is the process of electronically covering one’s electronic
communication in the name of another. It is the practice of disguising an
e-mail to make the e-mail appear to come from an address from which
it actually did not originate. It involves placing in the “From” or “Reply-
to” lines, or in other portions of e-mail messages, an e-mail address other
than the actual sender’s address, without the consent or authorization of
the user of the e-mail address whose address is spoofed.

1. <http://www.usdoj.gov/criminal/cybercrime/lyttlePlea.htm>.
2. <http://www.usdoj.gov/usao/can/press/html/2005_04_25_
heckenkamp.html>.
3. <http://www.usdoj.gov/usao/can/press/html/2005_12_28_
Clarkbotplea.htm>.
4. 6 No. 7 Cyber crime L. Rep. 4 Mar. 2006 <http://www.usdoj.gov/opa/
pr/2006/March/06_crm_123.html>.
5. 2 No. 15 Cyber crime L. Rep. 4; N.D. Ga., No. 1:01-CV-2099. 7 Sep.2002.
48
UNIT 9 CRIMES RELATING TO DATA
ALTERATION/DESTRUCTION
Structure
9.1 Introduction
9.2 Objectives
9.3 Internet Fraud and Financial Crimes
9.3.1 Auction and Retail Schemes Online
9.3.2 Business Opportunity/Work-at-home Schemes Online
9.3.3 Identity Theft and Fraud
9.3.4 Credit Card Fraud
9.3.5 Online Investment Schemes
9.3.5.1 Issuance of False Stocks
9.3.5.2 Market Manipulation Schemes
9.3.5.3 Pyramid or Ponzi Schemes
9.3.6 Fraudulent Financial Solicitation
9.3.7 Phishing
9.3.7.1 Indian Law
9.4 Virus, Worms, Trojan Horses and Logic Bombs
9.4.1 Virus & Worms
9.4.2 Trojan Horses
9.4.3 Logic Bombs
9.4.4 Back Door
9.4.5 Indian Law
9.5 Theft of Internet Hours
9.5.1 Indian Law
9.6 Salami Attacks
9.6.1 Indian Law
9.7 Data Diddling
9.7.1 Indian Law
9.8 Steganography
9.9 Summary
9.1 INTRODUCTION
Like the previous unit, this unit also discusses the the crimes which are
committed on the cyberspace. These crimes are commonly called as the crimes
relating to the data alteration and destruction.
49
Cyber Crimes and Torts Crimes relating to data alteration and data destruction are increasing day-by-
day. As the use of computer and Internet is increasing, more and more people
are finding it benificial in their day-to-day life many of the transactions of
various types are being conducted on the Internet. This has provided opportunity
to unscruplous people who are indulging in all sorts of activities to defraud
and cheat innocent people using Internet.
This unit tries to discuss some of the comman types of such crimes on the
Internet and laws to prevent such crimes.
9.2 OBJECTIVES
• discuss what internet fraud is and what its various forms are;
• analyse and distinguish amongst the various types of viruses, worms,
trojan horses, and logic bombs etc and discuss how they are harmful to
the computer and computer-networks; and
• analyse other forms of Internet fraud such as theft of Internet hours,
salami attacks, data diddling, steganography etc.
9.3 INTERNET FRAUD AND FINANCIAL CRIMES

The term ‘Internet fraud’ refers generally to any type of fraud scheme that uses
one or more components of the Internet – such as chat rooms, e-mail, message
boards, or Web sites – to present fraudulent solicitations to prospective victims,
to conduct fraudulent transactions, or to transmit the proceeds of fraud to
financial institutions or others connected with the scheme. With anonymity
and speed, Internet is a haven for fraudsters. There are various fraudulent
schemes envisaged over the Internet from which the criminals benefit
financially. Some of them are as follows:
9.3.1 Auction and Retail Schemes Online

According to the 2005 statistics of Internet Fraud Watch (www.fraud.org),
72% of the complaints made on Internet fraud relates to schemes appearing
on online auction and retail sites. These schemes typically purport to offer
high-value items – ranging from Cartier watches to computers to collectibles
such as Beanie Babies – that are likely to attract many consumers. These
schemes induce their victims to send money for the promised items, but then
deliver nothing or only an item far less valuable than what was promised (e.g.,
counterfeit or altered goods).
9.3.2 Business Opportunity/Work-at-home Schemes Online

Fraudulent schemes often use the Internet to advertise purported business
opportunities that will allow individuals to earn thousands of dollars a month
in “work-at-home” ventures. These schemes typically require the individuals
to pay anywhere from $35 to several hundred dollars, but fail to deliver the
materials or information that would be needed to make the work-at-home
opportunity a potentially viable business.
50
9.3.3 Identity Theft and Fraud Crimes Relating to Data
Alteration/Destruction
Identity theft and identity fraud are terms used to refer to all types of crime
in which someone wrongfully obtains and uses another person’s personal data
in some way that involves fraud or deception, typically for economic gain.
Unlike one’s fingerprints, which are unique to oneself and cannot be given to
someone else for their use, one’s personal data like bank account number or
credit card number, telephone calling card number, and other valuable
identifying data can be used, if they fall into the wrong hands, to personally
profit at other’s expense.
9.3.4 Credit Card Fraud

Credit card fraud, as the name suggests, involves misusing someone else’s
credit cards for one’s own benefit. This risk of credit card fraud has increased
manifold especially after the advent of e-commerce. People purchase products
online through their credit cards. The Web sites offering products for purchase
require the credit card details of the online buyer so that the price can be
credited to the card. In the process, the details of the credit cards are stored
on the server of the online retailer. If one is able to access the servers containing
the credit cards details of the online consumer, it is easy to collect those
details and then use for one’s own benefit in online transactions. One can also
sell the credit card information to someone else. For instance, the one-stop
online marketplace, “Shadowcrew.com” website, was taken down in October
2004 by the U.S. Secret Service, closing an illicit business that trafficked in
at least 1.5 million stolen credit and bank card numbers that resulted in losses
in excess of $4 million.
The California Department of Corporations (Internet Compliance and Enforcement),

a regulator of securities trading, won an August 2000 settlement ordering
Victor Idrovo to post a retraction (under the new alias of Retraction) of earlier
posts to the Yahoo message board. Under the original alias, “frankgmancuso”,
Idrovo attempted to manipulate the price of Metro-Goldwyn-Mayer, Inc.,
(MGM) stock when he posed as an insider/former executive of MGM. He was
also fined $4,500.1
9.3.5 Online Investment Schemes

9.3.5.1 Issuance of False Stocks
This in another variation of online investment schemes where the person,
either authorizedly or unauthorized, gains access to the computer systems of
a company and is able to issue stocks to themselves or any other person. For
instance, two employees of Cisco Systems, Inc. a US company, illegally issued
almost $8 million in Cisco stock to themselves. The total value of the Cisco
stock that they took (at the time that they transferred the stock) was
approximately $7,868,637. Both were sentenced to 34 months each in federal
prison, restitution of $7,868,637 and a three year’s period of supervised release.
9.3.5.2 Market Manipulation Schemes

Enforcement actions by the US Securities and Exchange Commission and
criminal prosecutions indicate that the basic method for criminals to manipulate 51
Cyber Crimes and Torts securities markets for their personal profit is the so-called “pump-and-dump”
schemes. In this scheme, they typically disseminate false and fraudulent
information in an effort to cause dramatic price increases in thinly traded
stocks or stocks of shell companies (the ‘pump’), then immediately sell off
their holdings of those stocks (the ‘dump’) to realise substantial profits before
the stock price falls back to its usual low level. Any other buyers of the stock
who are unaware of the falsity of the information become victims of the
scheme once the price falls.
9.3.5.3 Pyramid or Ponzi Schemes

Pyramid or Ponzi Schemes and chain letters are well suited to the Internet
because they entice investors with the promise of quick profits using a home
computer. Investors make money by recruiting new investors. The programme
soon runs out of new investors and most of the players lose their money they
invested. Chain letter schemes ask participants to send money to the name at
the top of a list with the promise that they will eventually receive thousands
of dollars when their name comes to the top.
9.3.6 Fraudulent Financial Solicitation

Due to its ease and anonymity, there have been instances of people soliciting
money online for charitable purposes. One might seek financial contribution
via credit card online to certain public purpose funds or schemes for the
benefit of certain classes or down-trodden people of society. Many a time,
fiscal statutes2 provide for income tax exemption for such contributions and
online promises are made to provide a tax exemption certificate in case such
contributions are made. The website may even provide for a printout of a fake
certificate.
On January 30, 2006, Gary S. Kraser pleaded guilty in the United States
District Court for the Southern District of Florida to online fraud in connection
with his fraudulent solicitation of charitable donations supposedly intended
for Hurricane Katrina relief. According to the indictment, the defendant falsely
claimed in conversations on the Internet, and ultimately via the website
www.AirKatrina.com, that he was piloting flights to Louisiana to provide
medical supplies to the areas affected by Hurricane Katrina and to evacuate
children and others in critical medical condition. He further claimed that he
had organized a group of Florida pilots to assist him in his supposed relief
efforts. In just two days, the defendant received almost $40,000 in donations
from 48 different victims from around the world.
9.3.7 Phishing
Phishing is the act of sending an e-mail to a user falsely claiming to be an
established legitimate enterprise in an attempt to scam the user into surrendering
private information that will be used for identity theft. The e-mail directs the
user to visit a Web site where they are asked to update personal information,
such as passwords and credit card, social security, and bank account numbers,
that the legitimate organization already has. The Web site, however, is bogus
and set up only to steal the user’s information.
52
The Delhi High Court in the case of NASSCOM v. Ajay Sood 3 elaborated Crimes Relating to Data
upon the concept of ‘phishing’. The defendants were operating a placement
agency involved in head-hunting and recruitment. In order to obtain personal
data, which they could use for purposes of head-hunting, the defendants
composed and sent e-mails to third parties in the name of NASSCOM. The
plaintiff had filed the suit inter alia praying for a decree of permanent injunction
restraining the defendants from circulating fraudulent e-mails purportedly
originating from the plaintiff. The court declared ‘phishing’ on the Internet to
be a form of Internet fraud and hence, an illegal act. The court stated, by way
of an example, that typical phishing scams involve persons who pretend to
represent online banks and siphon cash from e-banking accounts after conning
consumers into handing over confidential banking details. This case had a
unique bend since it was filed not by the one who was cheated but by the
organization, who was being wrongly represented that is NASSCOM. In this
regard, the court was of the view that even though there is no specific legislation
in India to penalize phishing, it is illegal being “a misrepresentation made in
the course of trade leading to confusion as to the source and origin of the e-
mail causing immense harm not only to the consumer but even the person
whose name, identity or password is misused”. The court held the act of
phishing as passing off and tarnishing the plaintiff’s image, thereby bringing
it within the realm of trademark law.
In February 2006, the Federal Bureau of Investigation, USA, become aware

of a spam e-mail which claimed that the recipient is eligible to receive a tax
refund for $571.94. The e-mail claimed to be from tax-returns@irs.gov with
the subject line of “IRS [119(2005)DLT596. 2005(30)PTC437(Del). judgment
delivered on 23 Mar. 2005] Tax Refund”. A link was provided in the e-mail
to access a form required to be completed in order to receive the refund. The
link appeared to connect to the true IRS website. However, the recipient was
redirected to http://www.porterfam.org/2005/, where personal data, including
credit card information, was captured4.
9.3.7.1 Indian Law
The IT Act deals with the crimes relating to Internet fraud and online investment
fraud in sections 43(d), 65 and 66.
“43. If any person without permission of the owner or any other person who
is in charge of a computer, computer system or computer network, —
(a) damages or causes to be damaged any computer, computer system or

computer network, data, computer data base or any other programmes residing
in such computer, computer system or computer network; he shall be liable to
pay damages by way of compensation not exceeding one crore rupees to the
person so affected.”
“65. Tampering with computer source documents.

Whoever knowingly or intentionally conceals, destroys or alters or intentionally
or knowingly causes another to conceal, destroy or alter any computer source
code used for a computer, computer program computer system or computer
network, when the computer source code is required to be kept or maintained 53
Cyber Crimes and Torts by law for the time being in force, shall be punishable with imprisonment up
to three years, or with fine which may extend up to two lakh rupees, or with
both.
Explanation.—for the purposes of this section, “computer source code” means
the listing of programs, computer commands, design and layout and program
analysis of computer resource in any form.”
“66. Hacking with computer system.
1) Whoever with the intent to cause or knowing that he is likely to cause
wrongful loss or damage to the public or any person destroys or deletes
or alters any information residing in a computer resource or diminishes
its value or utility or affects it injuriously by any means, commits hack:
2) Whoever commits hacking shall be punished with imprisonment up to
three years, or with fine which may extend upto two lakh rupees, or with
both.”
Section 43(d) penalizes a person who damages or causes damage to data.
‘Damage’, under clause (IV) of the Explanation, means to destroy, alter, add,
modify or rearrange any computer resource by any means. Therefore,
unauthorized alteration of data would come within the ambit of section 43(d)
which is sufficient to cover computer crimes like issuance of false stocks or
market manipulation schemes since they essentially involve alteration and/or
addition of data.
Section 65 makes tampering with computer source code an offence. ‘Computer
source code’ has been defined as the listing of programs, computer commands,
design and layout and program analysis of computer resource in any form.
Internet fraud would also come within the scope of section 66 of the IT Act
dealing with wrongful loss or damage to the public or any person due to
destruction or alteration of any data residing in a computer resource or due to
diminishing its value or utility or affecting it injuriously by any means.
Under the Indian Penal Code, Internet fraud would be covered by sections 415
to 420 which relates to ‘cheating’. One is said to ‘cheat’ when he, fraudulently
or dishonestly, induces another person to deliver any property to him by
deceiving such person and which act causes damages or harm to the person
deceived in body, mind, reputation or property. If on the Internet, one is, by
any of the numerous fraud schemes enumerated above, able to deceive a
person so as to induce him to deliver any sum of money, it would be a case
of ‘cheating’. Section 416 deals with ‘cheating by personation’ that is inter
alia cheating by pretending to be some other person. This covers ‘phishing’ as
well. For example, in the NASSCOM case above, the defendant could well be
held up for an offence committed under section 416 for pretending that he is
representing NASSCOM while communicating with third parties.
9.3.8 Convention on Cyber – Crime Council of Europe

Article 8 of the Convention on Cyber Crime covers Internet fraud and requires
the member-states to suitably alter their legislations so as to make the following
an offence in their countries:
54
“Each Party shall adopt such legislative and other measures as may be necessary Crimes Relating to Data
to establish as criminal offences under its domestic law, when committed
intentionally and without right, the causing of a loss of property to another
person by:
a) any input, alteration, deletion or suppression of computer data,
b) any interference with the functioning of a computer system,
With fraudulent or dishonest intent of procuring, without right, an economic
benefit for oneself or for another person.”

Discuss the various forms of Internet fraud. What are the legal provisions
dealing with them?
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
9.4 VIRUS, WORMS, TROJAN HORSES AND

LOGIC BOMBS
This set of attacks onto the computer/computer data is by way of transmitting
programs designed to destroy, alter, damage, or even send across data residing
in the computer. The transfer of data through floppy was considered to be of
potential danger in transmitting such programs. With the growth of the Internet,
the threat has multiplied many-fold. Quite easily can one knowingly/
unknowingly transfer such programs via e-mail? There have been innumerable
instances in the last few years where such programs have been sent across e-
mails through an innocent looking attachment. There are primarily four kinds
of such programs available: virus, worms, Trojan horses and logic bombs.
55
Cyber Crimes and Torts 9.4.1 Virus & Worms
A virus is a program that searches out other programs and ‘infects’ them by
embedding a copy of itself in them. When these programs are executed, the
embedded virus is executed too, thus propagating the ‘infection’. This normally
happens invisibly to the user. However, unlike a worm, a virus cannot infect
other computers without assistance. The virus may do nothing but propagate
itself and then allow the program to run normally. Usually, however, after
propagating silently for a while, it starts doing things like writing messages on
the terminal or playing strange tricks with the display. Certain viruses, written
by particularly perversely minded crackers, do irreversible damage, like deleting
all the user’s files. On the other hand, a worm is a program that propagates
itself over a network, reproducing itself as it goes. Therefore, worm, unlike a
virus, does not require a medium to propagate itself and infect others.
One Smith was involved in unleashing the “Melissa” computer virus in 1999,
causing millions of dollars in damage and infecting untold numbers of
computers and computer networks. He posted an infected document on the
Internet newsgroup “Alt.Sex”. The posting contained a message enticing readers
to download and open the document with the hope of finding passcodes to
adult-content websites. Opening and downloading the message caused the
Melissa virus to infect victim computers. The virus altered Microsoft word
processing programs such that any document created using the programs would
then be infected with the Melissa virus. The virus also lowered macro security
settings in the word processing programs. The virus then proliferated via the
Microsoft Outlook program, causing computers to send electronic e-mail to
the first 50 addresses in the computer user’s address book. Because each
infected computer could infect 50 additional computers, which in turn could
infect another 50 computers, the virus proliferated rapidly and exponentially,
resulting in substantial interruption or impairment of public communications
or services. According to reports from business and government following the
spread of the virus, its rapid distribution disrupted computer networks by
overloading e-mail servers, resulting in the shutdown of networks and significant
costs to repair or cleanse computer systems. Smith was eventually sentenced
to prison after pleading guilty.5
9.4.2 Trojan Horses

Trojan horse is a malicious, security-breaking program that is disguised as
something benign, such as a directory lister, archiver, game, or a program to
find and destroy viruses. It portrays itself as something other than what it is
at the point of execution. The malicious functionality of a Trojan horse may
be anything undesirable for a computer user, including data destruction or
compromising a system by providing a means for another computer to gain
access, thus bypassing normal access controls.
A special case of Trojan Horses is the mockingbird — software that intercepts

communications (especially login transactions) between users and hosts and
provides system-like responses to the users while saving their responses
(especially account IDs and passwords).
56
9.4.3 Logic Bombs Crimes Relating to Data
A logic bomb is a code surreptitiously inserted into an application or operating
system that causes it to perform some destructive or security-compromising
activity whenever specified conditions are met. In an instance of logic bomb,
a computer systems administrator for UBS PaineWebber was charged with
using a ‘logic bomb’ to cause more than $3 million in damage to the company’s
computer network. It was alleged that from November 2001 to February 2002,
the accused constructed the logic bomb computer program. On March 4, as
planned, his program activated and began deleting files on over 1,000 of
PaineWebber’s computers [U.S. v Smith]6.
9.4.4 Back Door

Another way to enter into a computer is by creating a back door. It is a hole
in the system’s security deliberately left in place by designers or maintainers.
The motivation for such holes is not always sinister; some operating systems,
for example, come out of the box with privileged accounts intended for use
by field service technicians or the vendor’s maintenance programmers.
Historically, back doors have often lurked in systems longer than anyone
expected or planned, and a few have become widely known.
9.4.5 Indian Law

Section 43(c) of the IT Act covers the area of introduction of viruses, etc. The
relevant portion reads as under:
(c) introduces or causes to be introduced any computer contaminant or computer

virus into any computer, computer system or computer network;
He shall be liable to pay damages by way of compensation not exceeding one

core rupees to the person so affected.
Explanation.—For the purposes of this section,—
(i)“computer contaminant” means any set of computer instructions that are

designed—
a) to modify, destroy, record, transmit data or program residing within a
computer, computer system or computer network; or
b) by any means to usurp the normal operation of the computer, computer
system, or computer network;
iii) “computer virus” means any computer instruction, information, data or
program that destroys, damages, degrades or adversely affects the
performance of a computer resource or attaches itself to another computer
resource and operates when a program, data or instruction is executed or
some other event takes place in that computer resource;”
57
Cyber Crimes and Torts The law pertaining to viruses, worms, Trojan horses and logic bombs have all
been culminated into the above provision. The explanations to the words
‘computer contaminant’ and ‘computer virus’ are wide enough to cover all the
above.
In cases where the purpose of introduction of virus, worms, etc. in a computer

is to destroy or alter or delete the information residing in such computer
system, the offender would also be liable for criminal charges under section
66 of the IT Act, 2000.

Both Articles 4 and 5 of the Convention can be employed, depending upon the
extent of damage caused due to introduction of virus, worms, etc. in a given
computer system. Article 4 covers such offences which, committed intentionally,
damages, deletes, deteriorates, alters or suppresses computer data without
right. On the other hand, Article 5 deals with system interference that is
hindrance to the functioning of the computer system itself, when committed
intentionally by inputting, transmitting, damaging, deleting, deteriorating,
altering or suppressing computer data. Since viruses, worms, etc. are basically
computer programs designed to alter information/data/programs on a computer
so as to cause calculated damage, introduction of such destructive programs
amounts to data and system interference envisaged within Articles 4 and 5 of
the Convention.

What do you understand by the terms—virus, worm, Trojan horse and
logic bombs? What are the legal provisions for punishing people engaged
in harming the computers through them?
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
58
Crimes Relating to Data
9.5 THEFT OF INTERNET HOURS Alteration/Destruction
Theft of Internet hours refers to using up or utilizing of somebody else’s

Internet services. In many cases, when a person takes up the services of any
Internet service provider, he utilizes the services in terms of number of hours
consumed and makes the payment on a per hour basis. However, in case a
third person is able to identify the username and password of the Internet
service user, he can easily consume those Internet hours.
9.5.1 Indian Law

Section 43(h) of the IT Act addresses the issue of theft of Internet hours.
(h) charges the services availed of by a person to the account of another

person by tampering with or manipulating any computer, computer system, or
computer network, he shall be liable to pay damages by way of compensation
not exceeding one core rupees to the person so affected.
9.6 SALAMI ATTACKS

This attack is used for the commission of financial crimes. The key here is to
make the alteration so insignificant that in a single case it would go completely
unnoticed, e.g. a bank employee inserts a program into the bank’s servers, that
deducts a small amount of money (say 10p. a month) from the account of
every customer. No single account holder will probably notice this unauthorized
debit, but the bank employee will make a sizable amount of money every
month. The classic story about a salami attack is the old “collect-the-round
off” trick. In this scam, a programmer modifies arithmetic routines, such as
interest computations. Typically, the calculations are carried out to several
decimal places beyond the customary two or three kept for financial records.
For example, when currency is in rupees, the round off goes up to the nearest
paisa about half the time and down the rest of the time. If a programmer
arranges to collect these fractions of paisa in a separate account, a sizable fund
can grow with no warning to the financial institution.
9.6.1 Indian Law

‘Salami Attacks’ would be covered by section 477A of the IPC relating to
falsification of accounts and section 66 of the IT Act.
Section 477A of the IPC makes it an offence for any clerk, officer or servant
to wilfully and with an intend to defraud, to destroy, alter, mutilate or falsify
any electronic record or making or abetting the making of any false entry in
any such electronic record. Therefore, making alterations in and additions of
any electronic entry in the bank’s computers would bring the offender within
the ambit of section 477A of the IPC.
59
Cyber Crimes and Torts This is also covered by section 66 of the IT Act whereunder any destruction
or deletion or alteration of any information residing in computer resource or
diminishing its value or utility or affecting it injuriously so as to cause wrongful
loss or damage to the public or any person would be an offence.
9.7 DATA DIDDLING

This computer crime relates to operation security and is minimized through
strengthening of internal security controls. This kind of an attack involves
altering the raw data just before it is processed by a computer and then changing
it back after the processing is completed. This is a simple and common computer
related crime which involves changing data prior to or during input to a
computer. Data can be changed by anyone involved in the process of creating,
recording, encoding, examining, checking, converting, or transporting computer
data.7
9.7.1 Indian Law

Alteration of data residing in computer resource or diminishing its value or
utility or affecting it injuriously so as to cause wrongful loss or damage to the
public or any person would be an offence under section 66 of the IT Act. Such
kind of computer crime would also be covered by section 43(d) of the IT Act.
9.8 STEGANOGRAPHY
Steganography is the process of hiding one message or file inside another
message or file. According to Dictionary.com, steganography (also known as
‘steg’ or ‘stego’) is “the art of writing in cipher, or in characters, which are
not intelligible except to persons who have the key”. It has been used in
ancient times as well.8 In computer terms, steganography has evolved into the
practice of hiding a message within a larger one in such a way that others
cannot discern the presence or contents of the hidden message. In contemporary
terms, steganography has evolved into a digital strategy of hiding a file.9 For
instance, steganographers can hide an image inside another image, an audio
file, or a video file, or they can hide an audio or video file inside another
media file or even inside a large graphic file. Steganography differs from
cryptography in that while cryptography works to mask the content of a message,
steganography works to mask the very existence of the message.10
Following steps are generally followed to achieve the desired result:

a) Locating a data/video/audio file which requires being hidden and
transmitted.
b) Locating a carrier file which will carry the data/video/audio file.
c) Using appropriate steganography software which will permit embedding
of the data/video/audio file into the carrier file and at the receiver’s end,
permit extraction thereof. A few softwares even permit password
protection.
d) E-mailing the carrier file to the receiver.
60
e) Decryption of the message by the receiver. Crimes Relating to Data
There have been reports of Osama bin Laden and others hiding maps and
photographs of terrorist targets and posting instructions for terrorist activities
on sports chat rooms, pornographic bulletin boards and other Web sites.11
Though steganography can be used for quite a many legitimate purposes like
watermarking images for copyright protection or secure confidentiality of
information, it is used equally or rather more for illegitimate goals. It requires
mention that mere use of steganography is not illegal in itself. It is a
misconception that steganography is a computer crime. At the most, it can be
a tool for committing another crime but cannot be a crime in itself. For
example, one might send a military secret message hidden in a picture file,
and then such act would be an offence under the Official Secrets Act. However,
it is to be noted that it was not the use of steganography but rather sending
of the military secret that is punishable. Likewise, if one is distributing
pornographic pictures by hiding it in another picture with the help of
steganography, such distribution would be punishable under section 67 of the
IT Act. Therefore, mere use of steganography is not an offence. It merely
assists a person in commission of some other offence.

What is steganography? When it becomes punishable?
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
9.9 SUMMARY
With the increase in the use of computers and Internet, the crimes relating to
data alteration and destruction are increasing. These crimes have manifested
61
Cyber Crimes and Torts in various forms in which either a person has to loose money etc or data stored
on the computer is damaged or destroyed. Law has tried to keep pace with it
and has made many of such acts punishable.

1) Discuss various forms of financial crimes. What is their effect on the
individuals and the companies?
2) Discuss the concepts of virus, worm, Trojan horse, and logic bombs.
What is the distinction amongst them?

1) The term ‘Internet fraud’ refers generally to any type of fraud scheme
that uses one or more components of the Internet – such as chat rooms,
e-mail, message boards, or Web sites – to present fraudulent solicitations
to prospective victims, to conduct fraudulent transactions, or to transmit
the proceeds of fraud to financial institutions or others connected with
the scheme. With anonymity and speed, Internet is a haven for fraudsters.
There are various fraudulent schemes envisaged over the Internet from
which the criminals benefit financially.
2) A virus is a program that searches out other programs and ‘infects’ them
by embedding a copy of itself in them. When these programs are executed,
the embedded virus is executed too, thus propagating the ‘infection’.
This normally happens invisibly to the user. However, unlike a worm, a
virus cannot infect other computers without assistance. The virus may do
nothing but propagate itself and then allow the program to run normally.
Trojan horse is a malicious, security-breaking program that is disguised
as something benign, such as a directory lister, archiver, game, or a
program to find and destroy viruses. It portrays itself as something other
than what it is at the point of execution. The malicious functionality of
a Trojan horse may be anything undesirable for a computer user, including
data destruction or compromising a system by providing a means for
another computer to gain access, thus bypassing normal access controls.
A logic bomb is a code surreptitiously inserted into an application or
operating system that causes it to perform some destructive or security-
compromising activity whenever specified conditions are met. In an
instance of logic bomb, a computer systems administrator for UBS
PaineWebber was charged with using a ‘logic bomb’ to cause more than
$3 million in damage to the company’s computer network. It was alleged
that from November 2001 to February 2002, the accused constructed the
logic bomb computer program. On March 4, as planned, his program
activated and began deleting files on over 1,000 of PaineWebber’s
computers.
Steganography is the process of hiding one message or file inside another
message or file. According to Dictionary.com, steganography (also known
as ‘steg’ or ‘stego’) is “the art of writing in cipher, or in characters,
which are not intelligible except to persons who have the key”.
62
Crimes Relating to Data
9.12 REFERENCES AND SUGGESTED READINGS Alteration/Destruction
1. <http://security.iia.net.au/downloads/doznalrt-ftc.pdf>.
2. <http://www.corp.ca.gov/pressrel/nr0011.htm>.
3. For instance, contributions made to funds listed under Section 80G of
the Income Tax Act, 1961 are, to some extent, exempted from income
tax.
4. Internal Revenue Service. the income tax wing of the US government.
5. No. 3 Cyber crime L. Rep. 7
6. May 2. 2002 < http://www.cybercrime.gov/melissaSent.htm>.
7. < http://www.usdoj.gov/criminal/cybercrime/duronioIndict.htm>.
8. Computer Crime Prevention, Royal Canadian Mounted Police <http://
www.rcmp.ca/scams/ccprev_e.htm>.
9. For example, in ancient Rome and Greece, text was traditionally written
on wax that was poured on top of stone tablets. If the sender of the
information wanted to obscure the message – for purposes of military
intelligence, for instance – they would use steganography: the wax would
be scraped off and the message would be inscribed or written directly on
the tablet, wax would then be poured on top of the message, thereby
obscuring not just its meaning but its very existence. See, Kristy Westphal,
“Stenography Revealed”, Computer Crime Research Center <http://
www.crime-research.org/eng/library/Steganography.html>.
10. Ibid.
11. Jack Karp. A Novice Tries Steganography. Computer Crime Research
Center <http://www.crime-research.org/eng/library/Jack2.htm>.
63
UNIT 10 ISSUES OF JURISDICTION AND
APPLICABLE LAW IN
CYBERSPACE
Structure
10.1 Introduction
10.2 Objectives
10.3 Jurisdiction in Cyberspace
10.3.1 Theories of Jurisdiction in Criminal Cases
10.3.2 General Jurisdiction in Computer Crimes
10.3.3 Application of ‘Effects’ Doctrine in Computer Crimes
10.4 Applicable Law in Computer Crimes
10.5 Summary
10.1 INTRODUCTION
In the previous block we have discussed the various types of cyber wrongs. In
the first unit of this block we shall discuss the jurisdictional issues involved in
adjudging these wrongs i.e. which court or courts can take cognizance of these
offences.
This unit deals with jurisdiction and applicable law with respect to computer
crimes and offenders. The issue of jurisdiction of courts in crimes is perplexing
in the cyberspace world and computer crimes era. It is easier to sit in New Zealand
and hack a computer in Chandigarh and steal digital information than it would
be for a thief to physically steal something from the neighbourhood. The digital
world makes national and international borders a relic. Courts exercising
jurisdiction on the basis of such national and international borders are left aghast
by the speed and ease with which a cyber-criminal moves from one jurisdiction
to another with the use of a mouse. The issue arising out of such activities, at the
foremost, contains that of the jurisdiction of a court. Which court shall have the
jurisdiction to entertain the matter? And then, which law shall be applicable in
such cases?
In an online environment, the offender and the victim might reside in different
geographical locations governed by different procedural and substantive laws –
probably, in different countries. For instance, a person might open an online
gambling website while in Las Vegas. The website is open for all to see and use.
It might be legal in Las Vegas. But, when people access and make use of this
website in, say, Qatar, Australia and Indonesia, the question as to permissibility
of offering to gamble might crop up.
5
Dispute Resolutions in
Cyberspace 10.2 OBJECTIVES
• explain the term jurisdiction and discuss the importance of it in cyberspace;
• discuss various theories relating the criminal jurisdiction quoting relevant
provisions of Indian laws and court decisions; and
• analyse the importance of the effect doctrine in the light of the extra territorial
nature of the cyber crimes; and
• examine the issue of applicable law with special reference to India by citing
relevant sections of the IT Act 2000.
10.3 JURISDICTION IN CYBERSPACE

‘Jurisdiction’, as applied to a particular claim or controversy, is the power to
hear and determine that controversy. The term imports authority to expound or
apply the laws, and excludes the idea of power to make the laws. It refers to the
right to adjudicate on a given point; the local extent within which the court can
and does exercise the right when ascertained. The law relating to crimes would
generally require that the courts within a state would have jurisdiction to try and
adjudicate upon all such offences committed by a person within the territorial
boundaries of such a court. However, the exceptions have been created where
even though, technically and strictly, the offender might not have committed the
crime on the soil of the country, yet the courts would exercise jurisdiction over
such an offender.
To fully appreciate and comprehend this issue, we first need to understand the
jurisdiction issues arising in an offline environment in India in criminal cases
and the body of law applicable to ascertain jurisdiction. Then we proceed to
apply the same rules in a cyberspace environment and assess the difficulties.
10.3.1 Theories of Jurisdiction in Criminal Cases

We have to bear in mind that a State, while framing laws, exercises its legislative
power to (a) regulate; (b) adjudicate upon; and, (c) enforce measures, against
criminal actions. Law of regulation of criminal actions encompasses declaring
certain acts or omissions to be a crime and provides for punishment thereof.
Law of adjudication provides for establishment of courts and defining their
jurisdiction. Enforcement measures ensure that the orders of the court are carried
out and persons found guilty are appropriately punished.
There are six generally accepted bases of jurisdiction or theories under which a
state may claim to have jurisdiction to prescribe a rule of law over an activity.1
Subjective territoriality is by far the most important of the six. The substantial
part of criminal legislation across the globe is based on the theory that if an
activity takes place within the territory of the particular country, then the said
country has the jurisdiction to regulate and punish for such activity. For instance,
section 2 of the Indian Penal Code provides for punishment of offences committed
within India.
6
Objective territoriality is invoked where the action takes place outside the Issues of Jurisdiction and
Applicable Law in
territory of the forum state, but the primary effect of that activity is within the Cyberspace
forum state. Commonly known as the ‘effects’ doctrine is the situation , where
the action takes place outside the territory of a country, but the primary effect of
that activity is within the said country, it assumed jurisdiction. For instance, a
person from Pakistan shoots across the border and an Indian is injured in the
process. Though the action was initiated in Pakistan, the effect was in India.
Section 179 of the Code of Criminal Procedure endorses the effects doctrine.
Nationality is the basis for jurisdiction where the forum state asserts the right to
prescribe a law for an action based on the nationality of the actor. For instance,
section 4 of the Indian Penal Code stipulates that the provisions of the Code
would also apply to any offence committed by any citizen of India in any place
without and beyond India.
Passive nationality is a theory of jurisdiction based on the nationality of the

victim. Passive and “active” nationality are often invoked together to establish
jurisdiction because a state has more interest in prosecuting an offense when
both the offender and the victim are nationals of that state.
The Protective principle expresses the desire of a sovereign to punish actions

committed in other places solely because it feels threatened by those actions.
This principle is invoked where the “victim” would be the government or
sovereign itself. This principle is not preferred for the obvious reason that it can
easily offend the sovereignty of another nation.
Lastly, nations also exercise a Universal jurisdiction with respect to certain

offences. Sea piracy has been, for long, a part of this jurisdiction. Any nation
could have captured and punished pirates. This form of jurisdiction has been
expanded lately to include slavery, genocide, and hijacking (air piracy). For
instance, Article 105 of the United Nations Convention on the Law of the Sea
stipulates that on the high seas, or in any other place outside the jurisdiction of
any State, every State may seize a pirate ship or aircraft, or a ship or aircraft
taken by piracy and under the control of pirates, and arrest the persons and seize
the property on board. It further provides that the courts of the state which carried
out the seizure may decide upon the penalties to be imposed, and may also
determine the action to be taken with regard to the ships, aircraft or property,
subject to the rights of third parties acting in good faith.
With the advent of Internet and increase in cyber crime, especially, cross-border
illegal activities, it is a matter of much concern to the courts whether they have
the jurisdiction to put the offenders under trial and if found guilty, eventually
punish them.
10.3.2 General Jurisdiction in Computer Crimes

The law of jurisdiction with respect to crimes relating to computers is the same
as that relating to traditional crimes. The theory of subjective territoriality would
apply. In India, Chapter XII of the Code of Criminal Procedure, 1973 relates to
jurisdiction of courts with regard to criminal matters. The foremost and most
commonly applied theory of territoriality is embodied in section 177 of the Code
in the following words: 7
Dispute Resolutions in 177. Ordinary place of inquiry and trial.- Every offence shall ordinarily be
Cyberspace
inquired into and tried by a Court within whose local jurisdiction it was
committed.
Thus, any computer crime committed, say, in Indore, would be tried by the
criminal courts in Indore itself. However, computer crime, by its very nature, is
capable of being committed at more than one place at the same time. For instance,
a person sitting in Mumbai can hack into a computer at the IISc at Bangalore
through a proxy server located at Kanpur. In such situations, the offence can be
inquired into and tried by a court having jurisdiction over any of such areas
where the crime has been committed. Section 178 of the Code provides for this
kind of a situation:
178. Place of inquiry or trial.- a) When it is uncertain in which of several local

areas an offence was committed, or
b) Where an offence is committed partly in one local area and partly in another,
or
c) Where an offence is a continuing one, and continues to be committed in
more local areas than one, or
d) Where it consists of several acts done in different local areas, it may be
inquired into or tried by a Court having jurisdiction over any of such local
areas.
Thus, based upon the subjective territoriality theory and the above provisions of
our criminal procedural law, the requirement that our courts should have
jurisdiction to book persons found guilty of committing crimes relating to
computers within the territory of India is well taken care of. However, issues
arise when someone is sitting across the border and initiates a digital action
which has a direct adverse consequence within the territory of a state. The ‘effects’
doctrine (objective territoriality theory) assumes significance when offenders
involved in cross-border crimes are required to be put on trial.
10.3.3 Application of ‘Effects’ Doctrine in Computer Crimes

Also known as the ‘consequence’ or ‘terminatory’2 theory, the principle is that
where an act is done abroad and the criminal effect is produced here, the crime
is taken to be committed here. Both English and American courts have exercised
this kind of extra-territorial jurisdiction. For instance, in Simpson v. State, [92
Ga.41.17S.E.984(1893)],the victim was in a small boat near the Georgia side of
the wide Savannath River. Simpson, the defendant, stood on the opposite South
Carolina Bank and fired several shoots at the vessel. The bullets missed the boat
but struck the water nearby. The Supreme Court of Georgia held that jurisdiction
attached with these circumstances and that Simpson could properly be prosecuted
in Georgia even though the defendant was clearly in another state at the time of
shooting. The location of the victim and the place where the bullets landed
established the basis for the decision. In R. v. Oliphant, [(1905) 2K.B.67] in
which a man in Paris by false returns caused incorrect figures to be entered in
the account books of his firm in London, it was held that the office of false
accounting was committed by him in London.
8
If the principle of jurisdiction by ‘effects’ theory can be accepted in relation to Issues of Jurisdiction and
Applicable Law in
crimes like cross-border killing or conspiracy or false representation, then, with Cyberspace
the Internet giving a much wider and global scope of committing crimes (the
consequences of which can be almost anywhere in the world), providing for a
global jurisdiction to tackle with the crime can well be justified.
Under the Indian criminal law, section 179 of the Code of Criminal Procedure,
1973 embodies the effects doctrine, which reads as under:
“179. Offence triable, where act is done or consequence ensues: When an act is
an offence by reason of anything which has been done and of a consequence
which has ensued, the offence may be inquired into or tried by a court within
whose local jurisdiction such thing has been done or such consequence has
ensued.”
The Supreme Court in State of Madhya Pradesh v. Suresh Kaushal, [(2001) 4

SCAPE 233], has held that:
“The above section contemplates two Courts having jurisdiction and the trial is
permitted to take place in any one of those two Courts. One is the Court within
whose local jurisdiction the act has been done and the other is the Court within
whose local jurisdiction the consequence has ensued.”
For instance, it is well settled that where a sub-standard article is sold and an
offence is committed, the place where the same is marketed will equally have
jurisdiction to try an offence against the manufacturers as well as the distributors
[State of Punjab v Nohar Chand, (1984) 3 SCC 512; State of Rajasthan v Rajesh
Medical Agencies. 1987 SCC Supp 242].
Section 179 contemplates cases where the act done and its consequence happen
to be in two different jurisdictions and provides that in such cases, the offence
constituted by the act and the consequence may be inquired into or tried in either
of the two jurisdictions. In an Indian case of this nature, ‘A’ at Karachi was
making representations to the complainant at Bombay, through letters, telegrams
and telephone talks, sometimes directly to ‘B’ and sometimes through a
commission agent. ‘B’ parted with money in good faith of these representations,
which were false. The Supreme Court held that the representations were made
to ‘B’ at Bombay notwithstanding that ‘A’ was making the representations from
Karachi. Hence the entire offence took place at Bombay and not merely one
ingredient of it, (which was consequence of the false representations), namely,
the parting with the money by ‘B’. The Apex Court held that the offence would
be triable both at the place from where the false representations were made as
well as where the parting of property took place [Mobarak Ali Ahmed v State of
Bombay. AIR 1957 SC 857].
Section 179 giving statutory recognition to the ‘effects’ doctrine is squarely

applicable in computer crime cases. There would be many situations where we
would find that though the initiator of an illegal action is somewhere outside the
territory of India, the effect of his digital wrong-doing has caused damage to
persons within India. Such persons, by operation of section 179, are liable to be
tried in India. The Indian courts would have jurisdiction to try such cyber
criminals. 9
Dispute Resolutions in The concept of ‘effects’ doctrine has been recognised not just by India but by
Cyberspace
other countries3 as well. Its application in computer crimes has to be adopted as
of necessity due to the peculiarity of the Internet, which permits initiation of the
crime from any part of the world with its consequences or terminating effect in
any other part of the world without any barriers.

The Cyber Crime Convention of the Council of Europe prescribes for the issue
of jurisdiction in Article 22. It requires that every member-nation should adopt
legislative measures to establish jurisdiction over any offence established under
the Convention, when the offence is committed in its territory. The nations have
further option to establishing jurisdiction in case the offence has been committed
on board a ship flying the flag of that Party; or on board an aircraft registered
under the laws of that Party; or, by one of its nationals, if the offence is punishable
under criminal law where it was committed or if the offence is committed outside
the territorial jurisdiction of any state. It should be noted that the above Convention
applies the theory of subjective territoriality and Nationality theory but avoids
the ‘effects’ doctrine.

What do you understand by the term ‘jurisdiction’?
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
10.4 APPLICABLE LAW IN COMPUTER CRIMES

Once a court has assumed jurisdiction, the next question is: what body of
substantive law should be used to resolve the problem? It is the substantive
criminal law of a country which declares whether a particular activity is a crime
or not. Every country has its own set of criminal laws. What is a crime in one
country might be an innocent act in another. Online activities create a vast scope
for confusion. It might even act as a haven. An offender can skillfully carve out
a niche for himself in the cyber world where he/she is not answerable for his/her
criminal activities because of his/her physical presence in a country whose cyber
criminal laws are not matured enough to pin him/her down.
In India, the Information Technology Act delves deep into the issue of applicable
law in computer crimes. It clarifies that any act which is committed either within
or without India would be illegal if it is an offence under the Act.
10
To begin with, sub-section (2) of Section 1 of the Act states that: Issues of Jurisdiction and
Applicable Law in
Cyberspace
It shall extend to the whole of India and, save as otherwise provided in this Act,
it applies also to any offence or contravention thereunder committed outside
India by any person.
Further, section 75 of the Act reads as under:
75. Act to apply for offence or contravention committed outside India.

1) Subject to the provisions of sub-section (2), the provisions of this Act shall
apply also to any offence or contravention committed outside India by any
person irrespective of his nationality.
2) For the purposes of sub-section (1), this Act shall apply to an offence or
contravention committed outside India by any person if the act or conduct
constituting the offence or contravention involved a computer 4 , computer
system5 or computer network6 located in India.
The above two provisions make it clear that the offence, though committed outside
India, is punishable in India. Thus, a Nepalese, sitting in Canada initiates a
Distributed Denial of Service involving computer networks in India to obstruct
Yahoo e-mail services, such a person, if put to trial in India, can be found
punishable under the IT Act. The above provisions have been drafted in broad
terms.
Certain provisions of Indian Penal Code also suggest applicability of its

provisions to illegal actions committed outside India, though subject to certain
conditions.
Section 2 of the Indian Penal Code deals with punishment of offence committed
within India. This poses no problem. If an illegal act concerning computers is
committed within India, it is the provisions of the Code which would apply to
such acts.
Section 3 of the Indian Penal Code reads as under:

Punishment of offences committed beyond but which by law may be tried within
India. Any person liable, by any Indian law, to be tried for an offence, committed
beyond India shall be dealt with according to the provisions of this Code for any
act committed beyond India in the same manner as if such act had been committed
within India.
This section will apply in a situation where the accused, at the time of committing
the offence that he/she is charged with, is amenable to Indian courts. Section 3
of the IPC has a broad ambit and it extends to any person not necessarily a
citizen of India but governed by Indian law for acts committed beyond India.
Section 4 of the Indian Penal Code, on the other hand, applies the Nationality
doctrine. It deals with acts and omissions of Indian citizens abroad. It further
regulates the action of any person irrespective of his/her nationality, if such
person happens to be on a ship or aircraft registered in India. The section reads
as under:
11
Dispute Resolutions in Extension of Code to extra-territorial offences.- The provisions of this Code
Cyberspace
apply also to any offence committed by – (1) any citizen of India in any place
without and beyond India; (2) any person on any ship or aircraft registered in
India wherever it may be.
Explanation – In this section the word “offence” includes every act committed
outside India, which if committed in India would be punishable under this
Code.
Thus, the provisions of the Code would apply if an Indian citizen anywhere
outside India commits any computer crime punishable under the Indian Penal
Code, like digital forgery or cyberstalking.
It is worth noting that the ‘applicability’ provisions of the Information Technology

Act and the Indian Penal Code are slightly on different notes. The IT Act is
broader and covers all such persons whose action or omission might be an offence
under the Act. This is irrespective of their nationality or their geographical
presence. On the other hand, sections 2 and 3 of the Indian Penal Code are not as
vast in their applicability. Section 3 restricts itself to only such persons who are
liable to be tried within India by virtue of any Indian law. Section 4 of the Code
applies only to citizens of India and any person who commits an offence while
on any ship or aircraft registered in India.
So far as computer crimes are concerned, the Indian law seems to be in shape.
However, issues like extradition of computer criminals and international co-
operation also need to be addressed with equal vigour for quicker booking of the
guilty.
You may now like to attempt a Self Assessment Question.

Discuss the provisions of Indian laws which deal with the issue of the
applicability of law.
.........................................................................................................................
.........................................................................................................................
.........................................................................................................................
.........................................................................................................................
.........................................................................................................................
.........................................................................................................................
.........................................................................................................................
.........................................................................................................................
.........................................................................................................................
.........................................................................................................................
.........................................................................................................................
12
Issues of Jurisdiction and
10.5 SUMMARY Applicable Law in
Cyberspace
The Indian Penal Code, the Code of Criminal Procedure and the Information
Technology Act cover issues pertaining to jurisdiction of computer crimes and
also the law applicable in such cases. Section 179 of the Code of Criminal
Procedure gives jurisdiction to the courts in India to deal with any computer
crime which leaves its impact or effect within the territorial boundaries of India.
The IT Act and the Indian Penal Code are the laws applicable for such crimes
and the Courts have to employ them to ascertain whether a particular action or
omission is a crime and if the accused is found guilty, to award punishment as
provided under the said laws.

1) What do you understand by the term jurisdiction? Discuss its significance
of it vis-à-vis the cyberspace.
2) Discuss the importance of effects doctrine in cyber crime.
3) Examine the issue of applicable law in cyber crime. How is the issue dealt
with by the Indian IT Act?

1) The issue of jurisdiction of courts in crimes is perplexing in the cyber world
and computer crimes era. The digital world makes national and international
borders a relic and exercising jurisdiction on the basis of such national and
international ‘Jurisdiction’, as applied to a particular claim or controversy,
is the power to hear and determine that controversy. The term imports
authority to expound or apply the laws, and excludes the idea of power to
make the laws. It refers to the right to adjudicate on a given point; the local
extent within which the Court can and does exercise the right when
ascertained. The law relating to crimes would generally require that the
courts within a state would have jurisdiction to try and adjudicate upon all
such offences committed by a person within the territorial boundaries of
such court. However, the exceptions have been created where even though
the technically and strictly, the offender might not have committed the crime
on the soil of the country, yet the courts would exercise jurisdiction over
such an offender.
2) The principle is that when an act is done abroad and the criminal effect is
produced here, the crime is taken to be committed here. Section 179 of the
Code of Criminal Procedure, 1973 embodies the effects doctrine. The
Supreme Court in State of Madhya Pradesh v. Suresh Kaushal, has held
that:
“The above section contemplates two Courts having jurisdiction and the
trial is permitted to take place in any one of those two Courts. One is the
Court within whose local jurisdiction the act has been done and the other is
the Court within whose local jurisdiction the consequence has ensued.”
13
Dispute Resolutions in Once a court has assumed jurisdiction, the next question is: what body of
Cyberspace
substantive law should be used to resolve the problem? It is the substantive
criminal law of a country which declares whether a particular activity is a crime
or not. Every country has its own set of criminal laws. What is a crime in one
country might be an innocent act in another. Online activities create a vast scope
for confusion. It might even act as a haven. An offender can skillfully carve out
a niche for himself in the cyber world where he is not answerable for his criminal
activities because of his physical presence in a country whose cyber criminal
laws are not matured enough to pin him down.
To begin with, sub-section (2) of Section 1 of the Act states that:
It shall extend to the whole of India and, save as otherwise provided in this Act,
it applies also to any offence or contravention thereunder committed outside
India by any person.
Further, section 75 of the Act reads as under:
75. Act to apply for offence or contravention committed outside India.- (1)
Subject to the provisions of sub-section (2), the provisions of this Act shall apply
also to any offence or contravention committed outside India by any person
irrespective of his nationality.
(2) For the purposes of sub-section (1), this Act shall apply to an offence or
contravention committed outside India by any person if the act or conduct
constituting the offence or contravention involved a computer , computer system
or computer network located in India.
Section 2 of the Indian Penal Code deals with punishment of offence committed
within India. This poses no problem. If an illegal act concerning computers is
committed within India, it is the provisions of the Code which would apply to
such acts.
Section 3 of the Indian Penal Code reads as under:

Punishment of offences committed beyond but which by law may be tried within
India. Any person liable, by any Indian law, to be tried for an offence, committed
beyond India shall be dealt with according to the provisions of this Code for any
act committed beyond India in the same manner as if such act had been committed
within India.
This section will apply in a situation where the accused, at the time of committing
the offence that he/she is charged with, is amenable to Indian courts. Section 3
of the IPC has a broad ambit and it extends to any person not necessarily a
14 citizen of India but governed by Indian law for acts committed beyond India.
Section 4 of the Indian Penal Code, on the other hand, applies the Nationality Issues of Jurisdiction and
Applicable Law in
doctrine. It deals with acts and omissions of Indian citizens abroad. It Cyberspace
further regulates the action of any person irrespective of his/her nationality, if
such person happens to be on a ship or aircraft registered in India. The section
reads as under:
Extension of Code to extra-territorial offences.- The provisions of this Code

apply also to any offence committed by – (1) any citizen of India in any place
without and beyond India; (2) any person on any ship or aircraft registered in
India wherever it may be.

1. Darrel Menthe. “Jurisdiction In Cyberspace: A Theory of International
Spaces 4”
Mich.Telecomm.Tech.L.Rev.69 (1998). <http://www.mttlr.org/volfour/
menthe.html>.
2. For example, a wounding inflicted in Scotland is triable in England if a
person standing on the Scottish Bank of the Tweed fires at and wounds a
person in England. This is the ‘terminatory theory’ of the criminal act; the
elements of the rime being spilt between two countries, it is regarded as
being committed where the proscribed result takes place. Even if the
attacker misses, he can be tried in England for the attempt.
3. For instance, Section 4 of the Swedish Penal Code states that a crime is
deemed to have been committed where the criminal act was perpetrated
and also where the crime was completed or, in the case of an attempt,
where the intended crime would have been completed.
4. S.2(i) – ‘computer’ means any electronic, magnetic, optical or other high-
speed data processing device or system which performs logical, arithmetic
and memory functions by manipulations of electronic, magnetic or optical
impulses, and includes all input, output, processing, storage, computer
software or communication facilities which are connected or related to the
computer in a computer system or computer network.
5. S.2(j) – ‘computer network’ means the interconnection of one or more
computers through – (i) the use of satellite, microwave, terrestrial line or
other communication media; and (ii) terminals or a complex consisting of
two or more interconnected computers whether or not the interconnection
is continuously maintained.
6. S.2(l) – ‘computer system’ means a device or collection of devices, including
input or output support devices and excluding calculators which are not
programmable and capable of being used in conjunction with external files
which contain computer programs, electronic instructions, input data and
output data that performs logic, arithmetic, data storage and retrieval,
communication control and other functions.
15
Cyberspace UNIT 11 ENFORCEMENT ISSUES IN
CYBERSPACE
Structure
11.1 Introduction
11.2 Objectives
11.3 Prevention
11.3.1 Deterrence as a Means of Prevention
11.3.2 Technology as Aid to Prevention
11.3.3 User Awareness
11.3.4 The IT Act and Prevention of Offences
11.4 Detection of Crime
11.5 Use of Cyber Forensics
11.6 On-going Efforts in India
11.7 Summary
11.1 INTRODUCTION
In the previous unit we have discussed the jurisdictional issues involved in
computer wrongs. The next step in logical order is to discuss the issue of
enforcement i.e. how the law should be applied. This area includes various matters
such as prevention, investigation, computer forensics etc. This unit discusses
some of these issues.
Computer crimes generally and crimes committed through the Internet in

particular are extremely challenging because of their sophistication and variance
from crime in the ordinary sense. Crimes on the Internet are characterised by
high technological innovation, anonymity, distance from the scene of crime,
extent of its reach and most important, the unusual profile of the criminal, many
times a juvenile. The challenge posed to law enforcement with the advent of
Internet is two fold; (a) new crimes and new kinds of delinquent behaviour using
the Internet and computers, for example, hacking, spamming, logic bombs, etc.;
(b) new methods of committing traditional crimes, for instance, commission of
a bank fraud using the net or defamation through e-mail.
There is significant difference between crime on the Internet and a crime with
another modern technology like the telephone. While crimes are rarely directed
against a telephone as an instrument, computers often become the victims of
attack.1 Nature of crime on the computer is challenging and requires new
definitions and understanding and a restatement of accepted norms of criminal
conduct and punishment because of several reasons. Computers, apart from being
costly equipment are also the repository of immense amount of data. This data
can sometimes contain valuable scientific inputs, purely personal matter, study
16
works, e-mails, and official work. Tampering with this data or stealing it is much Enforcement Issues in
Cyberspace
more harmful than stealing the computer. This requires the recognition of data
as a special form of property and data as a privacy right.
Clearly, with the development of new technology, and with the realisation that
such technology affects human life and relations and the peace and order and
proprietary rights in society, laws must be framed to regulate conduct accordingly.
Let’s take for instance theft of passwords. Passwords are central to the operation
of computers. These are nothing but keys to gain entry into computer systems
and nothing but a combination of alphabets and numbers. Stealing a password
or unauthorized access using someone else’s password must be recognised as
the beginning of crime. Similarly, networks need to be recognised as highways
for movement of information and communication and not the sites for cranks to
dig holes or put up impediments. Networks, as private roads, can be entered into
only by authorization. Web pages, as private property akin to display in shops,
can be browsed, but not tampered with or destroyed. Law enforcement can be
divided into two parts: (a) prevention and (b) detection.
Cyber-terrorism is the use of computers and information technology, particularly

the Internet, to cause harm or severe disruption with the aim of advancing the
attacker’s own political or religious goals. As the Internet becomes more pervasive
in all areas of human endeavour, individuals or groups can use the anonymity
afforded by cyberspace to threaten citizens, specific groups (i.e. members of an
ethnic group or belief), communities and entire countries.2 It is not naïve to
think that terrorist groups could cause serious damage through the use of this
method of terrorism. For instance, terrorists could from a remote location hack
into the systems of let’s say an airlines, and manipulate it in such a way that
systems collapse. This could lead to severe damages and loss of life too. Of
course most systems in senistive agencies would be highly secure, but even the
most secure systems have chances of being sabotaged. In terms of the damage
that cyber terrorism can cause, this is a very big challege to contemporary law
enforcement.
11.2 OBJECTIVES
• analyse the sophisticated nature of the computer related crimes;
• discuss how the prevention techniques in computer related crimes are
different from that of traditional crimes;
• examine to the extent to which technology can be helpful in prevention of
such crimes and the role that the public awareness about such crimes can
play in this direction; and
• analyse the concept of computer forensics i.e. have an idea as to how the
detection of cyber crimes involves different kind of technique.
11.3 PREVENTION
As far as the law enforcement agencies are concerned, prevention of crime is
more important and one of priority than the detection of one after it has occurred. 17
Dispute Resolutions in In the physical world, the police prevents crime through techniques like patrolling,
Cyberspace
rushing on emergency calls, presence at important functions, fairs, festivals,
rallies, guarding of vital installations and providing security to VIP’s. Collections
of intelligence on suspects, surveillance, warning minor offenders are also
important aspects of crime prevention. The question is, are these techniques
used by police in the real world for the prevention of crime desirable or practical
in the wired world. Are they sufficient or should new and innovative methods of
prevention be used? Another concern facing us is that, many of the social norms
and ethics, which act as a deterrent to the commission of crime in the real world,
are either non-existent or undeveloped for conduct over the Net.
If Internet is accepted as a medium of communication and publication and

exchange of ideas, the caution here must be that any form of preventive measures
should be minimal and least obtrusive. Otherwise, preventive methods may run
into difficulties of “prior-censoring”, “violation of privacy,” which would never
be acceptable in a democratic country. Prevention of crime online definitely
needs a different approach than in the real world, some of which are discussed
below.
11.3.1 Deterrence as a Means of Prevention

Neal Katiyal3 in his article argues that increasing the costs of commission of
cyber crimes is an important method of prevention. He argues that cyber crime
when compared to real world crimes is cost effective and less risky which makes
it more attractive to commit. Such crimes are also difficult to detect because the
number of parties involved in its commission are, in most cases, the criminal
and his/her computer; the element of conspiracy is noticeably lacking making
detection difficult and costly. These are adequate reasons to increase the risks of
commission of such crimes and to make their commission more costly. If similar
acts are committed online and offline, Katiyal argues that online crimes must
bear more punishment and more fines. His argument for increase in costs is also
based on the ground that most criminals on the Net are youngsters who are
always short of cash. He also argues that sites that cater to illegal materials, for
example, those which supply hacking tools, must compulsorily be made pay
sites. He bases this argument on the ground that, in the past if a site like Napster
that offered freely copyright protected music for download, were a pay site, the
number of people downloading music from it would have been much lesser than
what it was.
11.3.2 Technology as Aid to Prevention

High technology crime must be prevented using high technology. Rather than
relying on social pressure or legal sanctions, Lessig explains how physical and
electronic barriers can prevent harmful acts.4 In real space, installing lights on
street corners can prevent muggings and other forms of street crime, and placing
concrete barricades near inner-city highway ramps can prevent suburbanites from
quickly driving in and out to purchase drugs. In cyberspace, Internet browsers
can be configured to prevent repeated password entry attempts for sensitive Web
sites or could be coded to prevent certain forms of encryption. Larry Lessig
contends that cyberspace can be regulated through law and programming code.
18
This form of regulation using the architecture appears to be an effective and Enforcement Issues in
Cyberspace
unobtrusive form of regulation. A good example of the beneficial uses of
technology is the use of filters by parents to protect their minor children from
online pornography. Of course, a closer scrutiny also raises the issue of undue
power in the hands of Internet service providers or governments to lay down
ground rules of conduct. While technological inputs like virus detectors or filters
to keep away certain kinds of pornography is helpful, this is conferring power
on some agency to examine contents over the Internet, inviting dangers of
censorship.
Encryption is another way by which crime can be prevented. Encryption is a

system or technique that renders a message unintelligible to anyone other than
the intended recipient of the message. Encryption while being a boon to prevent
crime has also the demerit of being used by criminals, terrorists, narcotic
smugglers, and child pornographers to conceal their crime. Encryption was a
major controversy during the early days of telegraph too.5
11.3.3 User Awareness

Since computers which are the subjects of crime are in the possession of victims,
making them aware of security measures is one of the best means of preventing
crime on the Internet. The following quote attributed to James Barksdale, CEO
of Netscape underlines the necessity to build awareness, “in the mind of those
with large financial stakes in the development of electronic commerce and money,
security is to the Internet what safety is to the airlines”. The greatest security
threat to computer systems is from insiders. Studies reveal that over 70% of all
computer theft is committed from within organizations. Keeping a check on
one’s own employees is a means to prevent such offences. But the problem here
is that some of the means of monitoring like keystroke monitoring, checking
logs of usage, etc. may be in conflict with privacy rights.
Some of the ways in which security can be protected are – access control through
use of secure passwords, cryptographic tools making communications secure,
shielding of emissions, firewall technology to screen traffic.6 Organizations stand
to gain a lot by training their employees in safe practices and threats to security.
11.3.4 The IT Act and Prevention of Offences

The IT Act has also conferred power on the police to prevent the commission of
offences under the Act. Section 80 (1) states, “Notwithstanding anything contained
in the Code of Criminal Procedure, 1973, any police officer, not below the rank
of a Deputy Superintendent of Police, or any other officer of the Central
Government or a State Government authorized by the Central Government in
this behalf may enter any public place and search and arrest without warrant any
person found therein who is reasonably suspected or having committed or of
committing or of being about to commit any offence under this Act”.
Explanation to the section says that for the purposes of this sub-section, the
expression “public place” includes any public conveyance, any hotel, any shop
or any other place intended for use by, or accessible to the public”. Therefore, a
police officer can enter a cyber café on his/her regular rounds just to check if
19
Dispute Resolutions in offences under the Act are being committed. Apart from this some state
Cyberspace
governments7 have also initiated moves to regulate the operation of cyber cafés
including their registration and maintenance of records regarding accessing of
computers at such places.
Sub-section (1) of section 80 provides that any police officer, not below the rank
of a Deputy Superintendent of Police, or any other officer of the Central
Government or a state government authorized by the Central Government in
this behalf may enter any public place and arrest without warrant any person
found therein who is reasonably suspected of having committed or of committing
or of being about to commit any offence under the Act. For the purposes of sub-
section (1), the expression ‘public place’ has been explained to include any
conveyance, any hotel, any shop or any other place intended for use by, or
accessible by the public.
Powers under sub-section (1) of section 80 have been considered as very wide
powers. However, the reason for giving such wide powers might have been the
concern over the convenience with which one can commit acts from a public
place amounting to an offence under the Act and escape at the minimum possible
time as also the possibility of wiping away of evidence. In this process, what has
been overlooked is the fact of undue harassment of the owners of such places
like cyber cafés and also possible misuse of such powers. The provisions of the
Code of Criminal Procedure are to apply in relation to any entry, search or arrest
made under section 80, subject of course to the provisions of the section itself.

a) Discuss various means by which cyber crimes can be prevented? How
far can technology be used for this purpose?
...............................................................................................................
...............................................................................................................
...............................................................................................................
...............................................................................................................
...............................................................................................................
...............................................................................................................
b) Discuss the provisions of the IT Act relating to the prevention of cyber
crimes.
...............................................................................................................
...............................................................................................................
...............................................................................................................
...............................................................................................................
...............................................................................................................
20
Enforcement Issues in
11.4 DETECTION OF CRIME Cyberspace
Investigation, for the purposes of the Code of Criminal Procedure, 1973, has
been held by the Supreme Court [State of Maharashtra v. Rajendra, (1997) 3
Crimes 285] to consist generally of the following steps:
1) proceeding to the spot
2) ascertaining all the facts and circumstances of the case
3) discovery and arrest of the suspected offender
4) collection of evidence relating to the commission of the offence which
may consist of,
a) the examination of various persons (including, the accused) and the
reduction of their statement into writing, if the officer thinks fit,
b) the search of places and seizure of things considered necessary for the
investigation and to be produced at the trial, and
5) formation of the opinion as to whether on the materials collected, there is a
case to place the accused before a magistrate for trial and if so, taking the
necessary steps for the same by filing a charge-sheet under section 173.
Investigation of crimes on the Internet is still in its infancy. Investigators are
literally writing the book on investigative techniques with each new case.8
Detection of crime on the Net can be only as good as the investigators. The
specialised nature of computer crime requires a specialised response. It requires
cops especially suited and trained to deal with it.9 Often detection of cyber
crime is a team effort by police along with technical assistance.
Difficulty in detection of computer crimes arises mostly because of availability

of various crime-concealment techniques in cyberspace: passwords, digital
compression, steganography, remote storage (at remote ISP hosts), audit disabling
(disabling log of activities), etc. Concealing crimes through anonymity using
anonymous re-mailer service, sending anonymous e-mails or anonymous digital
cash helps in money laundering, computer penetrating and lopping (breaking
into another computer and using that as a launching pad to cover tracks).10
Detection of computer crimes requires Internet research skills, necessary court

orders including search warrants of premises and electronic surveillance.
Traditional tools of investigation like questioning suspects, witnesses, collecting
fingerprints, laying traps, etc. are also used. Computer logs, IP number of
attackers, the route taken by him/her, monitoring of public sites, chat sites, bulletin
boards, securing ISP’s help in reading e-mails, analysing evidence from a hacker’s
computer all offer clues in investigation of computer related crimes. Investigators
in such investigation face a large number of obstacles mainly because they are
dealing with smart young geniuses. For instance, a hacker might hide or ‘spoof’
his/her Internet Protocol (IP) address, or, bounce a communication through many
intermediate computers. Some victims don’t keep logs or don’t discover hacking
until it is too late. Computer hackers may alter the logs upon gaining unauthorized
access to a computer. Again some Internet service providers don’t keep records.
One of the most challenging aspects of investigation is the question of jurisdiction.
21
Dispute Resolutions in Often leads go through foreign countries as the hackers operate from one country,
Cyberspace
use the ISP of another country and target systems of yet another country. Securing
cooperation in investigation from other countries and securing extradition are
major problems in investigation.

1) Discuss the problem of detection of cyber crimes. How far is it different
from that of other crimes?
...............................................................................................................
...............................................................................................................
...............................................................................................................
...............................................................................................................
...............................................................................................................
...............................................................................................................
...............................................................................................................
...............................................................................................................
...............................................................................................................
...............................................................................................................
...............................................................................................................
...............................................................................................................
11.5 USE OF CYBER FORENSICS

Use of Cyber Forensics is a very important ingredient in the investigation of
cyber crimes. Cyber forensics is the discovery, analysis, and reconstruction of
evidence extracted from any element of computer systems, computer networks,
computer media, and computer peripherals that allow investigators to solve a
crime. Two distinct components exist in the emerging field of cyber forensics.
The first, computer forensics, deals with gathering evidence from computer media
seized at the crime scene. Principal concerns with computer forensics involve
imaging storage media, recovering deleted files, searching slack and free space,
and preserving the collected information for litigation purposes. For this purpose
several computer forensic tools are available to investigators. The second
component, network forensics, is a more technically challenging aspect of cyber
forensics. It gathers digital evidence that is distributed across large-scale, complex
networks. Often this evidence is transient in nature and is not preserved within
permanent storage media. Network forensics deals primarily with in-depth
analysis of computer network intrusion evidence, while current commercial
intrusion analysis tools are inadequate to deal with today’s networked, distributed
environments.11
22
Please answer the following Self Assessment Question. Enforcement Issues in
Cyberspace
What is computer forensics?
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
.......................................................................................................................
11.6 ON-GOING EFFORTS IN INDIA

In India, the government has conducted several awareness and training
programmes on cyber crimes for law enforcement agencies including those on
the use of cyber Forensics Software packages and the associated procedures
with it to collect digital evidence from the scene of crime. Special training
programmes have also been conducted for the judiciary to train them on the
techno-legal aspects of cyber crimes and on the analysis of digital evidence
presented before them.
Countering cyber crimes is a coordinated effort on the part of several agencies in

the Ministry of Home Affairs and in the Ministry of Communications and
Information Technology. The law enforcement agencies such as the Central
Bureau of Investigation, The Intelligence Bureau, state police organizations and
other specialised organizations such as the National Police Academy and the
Indian Computer Emergency Response Team (CERT-In) are the prominent ones
who tackle cyber crimes. CERT-In is involved in developing appropriate security
guidelines and other best practices to advise the systems administrators of
computer systems and networks all over the country to implement them so as to
avoid the systems from being attacked by hackers and other criminals. In
the event of systems being attacked, CERT-In helps the victim organizations
recover their systems from the computer security incidents so as to make them
operational at the earliest. Both the CBI and many state police organizations are
today geared to tackle cyber crime through specialised cyber crime cells that
they have set up.
23
Dispute Resolutions in Table 1 and 2 show the extent of registration of cyber crimes in India. Cases
Cyberspace
falling under the definition of cyber crimes could be registered either under the
IT Act or under the IPC or by using provisions of both the statutes. The two
tables below show registration of cases under both these statutes. The figures
clearly show that registration is still very low. However it must not be forgotten
that of the estimated number of occurrences of cyber offences only a fraction get
reported. This is because many corporates do not wish to publicise offences that
have taken place against their companies.
Table 1: Cyber Crimes/Cases Registered and Persons Arrested under IT Act during 2003 & 2004
Sl. Crime Head Cases Registered % Persons Arrested %
No. Variation Variation
in 2004 in 2004
2003 2004 over 2003 2003 2004 over 2003
1) Tampering computer source department 8 2 –75.00 6 0 –100.00
2) Hacking Computer Systems
i) Loss/damage to computer resource/utility 13 14 7.7 11 31 181.82
ii) Hacking 8 12 50.0 7 1 –85.71
3) Obscence publication/transmission in 20 34 70.00 17 21 23.53
electronic form
4) Failure
i) Of compliance/orders of certifying 0 0 – 0 0 –
Authority
ii) To assist to decoy or the information in 6 0 –100.00 12 0 –100.00
interception by Govt. Agency
5) Un-authorized access/attempt to access of 1 0 –100.00 0 0 –
protected Computer system
6) Obtaining Licence or Digital Signature by 0 0 – 0 0 –
misrepresentation/supression of fact
7) Publishing false digital Signature certificate 0 0 – 0 0 –
8) Fraud Digital/Signature 1 0 –100.00 2 0 –100.00
9) Breach of confidentiality/privacy 3 6 100.00 0 7 –
10) Other 0 0 – 0 0 –
11) Total 60 68 13.33 55 60 9.09
Table 2: Cyber Crimes/Cases Registered and Persons Arrested under IPC during 2004
Sl. Crime Head Cases Registered % Persons Arrested %
No. Variation Variation
in 2004 in 2004
2003 2004 over 2003 2003 2004 over 2003
1) Public Servant Offences by/Against 0 0 – 0 0 –
2) False electronic evidence 0 0 – 0 0 –
3) Destruction of electronic evidence 0 0 – 0 0 –
4) Forgery 89 77 –13.48 102 81 –20.59
5) Criminal Breach of Trust/Fraud 269 173 –35.68 255 181 –29.02
6) Counterfeiting
i) Property/mark 4 12 200.00 10 8 –
ii) Tampering 8 7 –12.50 33 16 –51.52
iii) Currency/Staps 41 10 –75.61 75 43 –42.67
24
Total 411 279 –32.11 475 329 –30.74
11.7 SUMMARY Cyberspace
In this unit we have discussed the law enforcement issues of cyberspace.

Investigation of cyber crimes involves a combination of traditional investigative
techniques and the use of modern technology and cyber forensics. Constant
training and technological upgrading is required on the part of the law enforcement
machinery to keep the cyber criminals who are mostly deviant geniuses in check.
Awareness amongst the users of cyberspace can also play an important role in
this connection. Though in India not very many cases under cyber crimes have
been reported, in the near future, with the immense penetration of the use of the
internet, such cases are bound to increase.

1) Discuss the various types of cyber crimes.
2) Discuss the ways of prevention of cyber crimes. What role can technology
and user awareness play in this respect?
3) Discuss the issues involved in the investigation of cyber crime.

1a) Computer crimes generally, and crimes committed through the Internet in
particular, are extremely challenging because of their sophistication and
variance from crime in the ordinary sense. Prevention of crime online
definitely needs a different approach than in the real world, some of which
are discussed below.
1) Deterrence as a means of prevention
Neal Katiyal [Neal Kumar Katiyal, “Criminal Law in Cyberspace”, 149 U. Pa. L. Rev.
1003, 1009 (April 2001)]. in his article argues that increasing the costs of
commission of cyber crimes is an important method of prevention. He argues
that cyber crime when compared to real world crimes is cost effective and less
risky which makes it more attractive to commit. Such crimes are also difficult to
detect because the number of parties involved in its commission are, in most
cases, the criminal and his/her computer; the element of conspiracy is noticeably
lacking making detection difficult and costly. These are Ade encryption. Larry
Lessig contends that cyberspace can be regulated through law and programming
code.
This form of regulation using the architecture appears to be an effective and

unobtrusive form of regulation. A good example of the beneficial uses of
technology is the use of filters by parents to protect their minor children from
online pornography. Of course, a closer scrutiny also raises the issue of undue
power in the hands of Internet service providers or governments to lay down
ground rules of conduct.
Encryption is another way by which crime can be prevented. Encryption is a

system or technique that renders a message unintelligible by anyone other than
intended recipient of the message. Encryption while being a boon to prevent
25
Dispute Resolutions in crime has also the demerit of being used by criminals, terrorists, narcotic
Cyberspace
smugglers, and child pornographers to conceal their crime.
Since computers which are the subjects of crime are in the possession of victims,
making them aware of security measures is one of the best means of preventing
crime on the Internet. The greatest security threat to computer systems is from
insiders. Studies reveal that over 70% of all computer theft is committed from
within organizations. Keeping a check on one’s own employees is a means to
prevent such offences. But the problem here is that some of the means of
monitoring like keystroke monitoring checking logs of usage, etc. may be in
conflict with privacy rights.
b) The IT Act and Prevention of offences
The IT Act has conferred power on the police to prevent the commission of
offences under the Act. Section 80 (1) states, “Notwithstanding anything
contained in the Code of Criminal Procedure, 1973, any police officer, not
below the rank of a Deputy Superintendent of Police, or any other officer
of the Central Government or a State Government authorized by the Central
Government in this behalf may enter any public place and search and arrest
without warrant any person found therein who is reasonably suspected or
having committed or of committing or of being about to commit any offence
under this Act. “Explanation to the section says that for the purposes of
this sub-section, the expression “public place” includes any public
conveyance, any hotel, any shop or any other place intended for use by, or
accessible to the public”. Therefore, a police officer can enter a cyber café
on his/her regular rounds just to check if offences under the Act are being
committed. Apart from this some state governments have also initiated
moves to regulate the operation of cyber cafés including their registration
and maintenance of records regarding accessing of computers at such places.
Sub-section (1) of section 80 provides that any police officer, not below
the rank of a Deputy Superintendent of Police, or any other officer of the
Central Government or a state government authorized by the Central
Government in this behalf may enter any public place and arrest without
warrant any person found therein who is reasonably suspected of having
committed or of committing or of being about to commit any offence under
the Act. For the purposes of sub-section (1), the expression ‘public place’
has been explained to include any conveyance, any hotel, any shop or any
other place intended for use by, or accessible by the public.
2) Problem in detection of computer crimes arises mostly because of
availability of various crime-concealment techniques in cyberspace:
passwords, digital compression, steganography, remote storage (at remote
ISP hosts), audit disabling (disabling log of activities), etc. Concealing
crimes through anonymity using anonymous re-mailer service, sending
anonymous e-mails or anonymous digital cash helps in money laundering,
computer penetrating and lopping (breaking into another computer and
using that as a launching pad to cover tracks). Detection of computer crimes
requires Internet research skills, necessary court orders including search
warrants of premises and electronic surveillance. Use of Cyber Forensics
is a very important ingredient in the investigation of cyber crimes. Cyber
26
forensics is the discovery, analysis, and reconstruction of evidence extracted Enforcement Issues in
Cyberspace
from any element of computer systems, computer networks, computer
media, and computer peripherals that allow investigators to solve the crime.
3) Use of Cyber Forensics is a very important ingredient in the investigation
of cyber crimes. Cyber forensics is the discovery, analysis, and
reconstruction of evidence extracted from any element of computer systems,
computer networks, computer media, and computer peripherals that allow
investigators to solve a crime. Two distinct components exist in the emerging
field of cyber forensics. The first, computer forensics, deals with gathering
evidence from computer media seized at the crime scene. Principal concerns
with computer forensics involve imaging storage media, recovering deleted
files, searching slack and free space, and preserving the collected
information for litigation purposes. For this purpose several computer
forensic tools are available to investigators. The second component, network
forensics, is a more technically challenging aspect of cyber forensics. It
gathers digital evidence that is distributed across large-scale, complex
networks. Often this evidence is transient in nature and is not preserved
within permanent storage media. Network forensics deals primarily with
in-depth analysis of computer network intrusion evidence, while current
commercial intrusion analysis tools are inadequate to deal with today’s
networked, distributed environments.

1. E.g., virus attacks, hacking, denial of service, clogging of networks etc.
2. <http://en.wikipedia.org/wiki/Cyber-terrorism>.
3. Neal Kumar Datival. “Criminal Law in Cyberspace”. U. Pa. L. Rev. 149
April. 2001:1003-1009.
4. Lawrence Lesser. “Code and Other Laws of Cyberspace”. (1999): 53-60
quoted in ibid.
5. See generally. Tom Standage. the Victorian Internet (1998): 100-107.
6. A hardware and/or software system that protects an internal system or
network from the outside world or protects one part of the network from
another.
7. See for instance the Karnataka Act dealing with the registration of cyber
cafés.
8. William R. Spernow. “Cyber crooks on the Net: Why Traditional Law
Enforcement will be Unable to Cope with Threats to the Electronic
Commerce System”. Cyber crime and Security. (1998): 1.6-8 27

Dispute Resolutions in 9. Skills required being a Cyber Cop: The actual data that may make or break
Cyberspace
a case can never be touched. The electrical field that is used to shift the
polarity of a group of molecules that becomes one of the bits in the data on
the hard drive that belongs to your suspect can never be seen. A TCP/IP
packet colliding with another packet on the Internet can never be heard. In
essence, the primary physical skills that make a great street cop lend little
to the skills to be a Cyber Cop. The only skill that is transferable is the
power of observation, and that skill, along with an insatiable curiosity about
how things work, are the foundational skills required to be a Cyber Cop.
William R. Spernow. “Cyber crooks on the Net”. Cyber crime & Security,
(1998): 1.6-7.
10. Dorothy E. Denning, Wiliam E. Baugh Jr., “Hiding Crimes in Cyberspace”,
Cyber crime and Security, 1.14-14, 1.14-19 (1998).
11. National Crime Record Bureau. “Crime in India 2004”. Ministry of Home
Affairs Publication <http://www.afrlhorizons.com/Briefs/June01/
IF0016.html>.
28
UNIT 12 ONLINE DISPUTE RESOLUTION
Structure
12.1 Introduction
12.2 Objectives
12.3 Alternative Dispute Resolution
12.4 Information Technology
12.5 Online Dispute Resolution
12.6 Functioning of the Online Dispute Resolution (ODR) System
12.7 Kinds of Disputes Handled in an ODR Environment
12.8 Communication Modes in ODR
12.8.1 E-mail
12.8.2 Discussion Boards
12.8.3 Instant Messaging
12.8.4 Audio Conferencing
12.8.5 Video Conferencing
12.9 Kinds of ODR
12.9.1 Blind Bidding or Blind Negotiation
12.9.2 Online Negotiation
12.9.3 Online Negotiation-cum-Mediation
12.9.4 Document/E-mail Arbitration for Disputes Arising from E-commerce
Transactions
12.9.5 Online Arbitration Through Video-conferencing.
12.9.6 Peer Jury and Panel Jury
12.10 Generating E-confidence – Disclosure-based Approach
12.11 Legal Concerns
12.12 Summary
12.1 INTRODUCTION
Due to various reasons such as huge backlog, paucity of courts, highly technical
nature of the procedures of courts etc. the need for an alternative dispute resolution
mechanism is felt by society. The new concept of online dispute resolution [ODR]
is gaining ground. This unit attempts to give some idea about these new methods
of alternative dispute resolution [ADR].
Interest Based and Right Based Solutions

Disputes are conflicts or clash of interests which are wrapped in a cocoon of
legal rights and duties. Many a time, we tend to impress the need of enforcing
the cocoon that is the right and obviate the protection of what lays inside it that
is our interest. Lately, there has been an increased awareness of protecting the
interest rather than emphasizing the legal right. There has been an increase in
29
Dispute Resolutions in inter-dependency between various business entities which necessitates continued
Cyberspace
business relationships for smooth flow of work. However, in case of a dispute,
any approach to the courts causes such severance which both parties wish to
avoid. At the same time there is a need to iron out differences. This dual
requirement above all led some to look for greener pastures for resolving disputes
and these found solace in certain interest-based solutions collectively known as
alternative dispute resolution (ADR). Of course, there were other concerns like
time lag before the courts, the opportunity costs, and similar problems which
prompted the business world to adopt ADR.
12.2 OBJECTIVES
• analyse the concept of alternative dispute resolution and its advantages;
• discuss the concept of online dispute resolution including its various
connotations, how it works and what types of disputes are commonly settled
by this system.
12.3 ALTERNATIVE DISPUTE RESOLUTION

The use of ADR found favour in furtherance of business interests rather than
enforcing legal rights stricto sensu. As the concept of ADR gained acceptability
at the international level, rules were framed to make it more convenient for the
parties to avail the facilities on an international level and be able to enforce the
results in their respective jurisdictions. The 1958 New York Convention on
enforceability of Foreign award, UNCITRAL Model Law, 1985 and then rules
of various international arbitral institutions like ICC Rules of Arbitration and
Conciliation, 1998 pushed the concept of ADR further making it a more positive
and realistic approach to dispute settlement. In India, the 1940 Arbitration Act
was replaced by the Arbitration and Conciliation Act, 1996 which was based on
the UNCITRAL Model.
12.4 INFORMATION TECHNOLOGY

As the name suggests, information technology gained importance due to lack of
information and subsequent crisis as a result of Industrial Revolution.1 The advent
of computers helped in assimilating raw data and information which could then
be processed into meaningful reports. It was this need of the hour that prompted
improvement in technology and more and more use of computers. Now, the
Internet has taken up the vital role of a free information dissemination mechanism.
It has acted as a communication tool and also a medium of commerce and trade.
There are two important changes which result from the above change of medium.
Firstly, there has been a universal acceptance of the use of computers and Internet.
Increasingly, people are getting ‘online’ and more numbers are making use of
information technology in a variety of arenas including research, fun,
entertainment, communication, trade and commerce. Secondly and more
importantly, the commercial world has accepted computer technology not only
for the purpose of collection, assimilation and processing of data and information
30
(which initially was the idea to control the Industrial Revolution) but rather for Online Dispute Resolution
making as a tool for furthering their own business interests.
These changes also signify the possibility of rise in clash of interests of the
parties that is rise in disputes. As more and more people tend to get online, and
the commercial world increasingly begins to prefer internet. As its medium reach
to the consumers and sell its products and more consumers became willing to
purchase goods and services on the net, there is a likelihood of certain disputes
which inevitably arise in such commercial transactions from time to time.
Therefore, with the coming and use of information technology, another area of
dispute has sprung up which needs to be looked into and tackled. These kinds of
disputes have their own variety of legal hurdles like the issue of jurisdiction or
the question of the law applicable to the dispute due to the cross-border nature
of the Internet.
12.5 ONLINE DISPUTE RESOLUTION

The terminology ‘online dispute resolution’ (ODR) can, on a prima facie
screening, have two connotations. Firstly, it can be viewed as resolution of online
disputes. That would mean resolution of online disputes. Solution and its
advantages.
It would include the solving of (by any means, either online mechanism or offline
method including court adjudication) disputes which essentially arise from an
online transaction, for example, defect in a computer software purchased and
downloaded online. Secondly, ODR can be looked into from the perspective of
method of solving of a dispute (be the dispute offline or online). This means that
newer ways of solving a dispute are being developed by making use of the online
environment which can be applied to solve any kind of disputes. ODR in this
context would include online negotiation, online mediation, online arbitration,
online neutral evaluation, online peer jury, etc. We are concerned with the method-
based approach.
Another concept to be borne in mind is the ‘online environment’. In the context

of ODR, the ‘online environment’ has a wide connotation in terms of ‘a setup
making use of technology and communication facilities’. It would include use
of telephone, fax, or e-mail facilities or any other mode available on the Internet
or any other information and communication technology which can be beneficially
used to solve disputes.

What do you understand by online dispute resolution?
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
31
Dispute Resolutions in ........................................................................................................................
Cyberspace
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
12.6 FUNCTIONING OF THE ONLINE DISPUTE

RESOLUTION (ODR) SYSTEM
An Online ADR service center functions somewhat like an offline arbitral
institution. One can approach these institutions either ad hoc or on an agreement
basis. Companies generally have a pre-arrangement for settlement of disputes,
be it business to business (B2B) or business to consumer (B2C), under the aegis
of such online arbitral institutions. Agreements are made out between the
institution and the company as regards the method of initiating the process into
action, kind of settlement to be pursued, the fee structure, goodwill and good
faith of the parties, rights and responsibilities of the parties and the arbitral
institution, the procedures to be followed, law applicable, confidentiality, security,
etc. When a dispute arises, either the company or the consumer (who is
preinformed as to the existence of such an arbitral institution to which the
company is associated) approaches the institution. The other party is then
contacted and depending upon the service provided or agreed for, negotiation,
mediation, arbitration, conciliation, evaluation or any other service is pursued.
This is a bird’s eye view of the whole arrangement.
Making use of online arbitration services ad hoc is the same as approaching an

arbitral institution after the dispute arises or inserting an arbitration clause of a
specific online arbitration institution in the contract. Once the dispute arises,
any of the parties can initiate the process of arbitration by intimating the online
arbitration center via electronic communication about the dispute. The arbitral
process is then taken over by the arbitral institution. It contacts the other party,
appoints arbitrators and then proceeds with the arbitration process. Everything
however is done through the wires, electronic communications, teletalking, video-
conferencing, etc.
32
Please answer the following Self Assessment Question. Enforcement Issues in
Cyberspace
Discuss how the online dispute resolution system works.
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
12.7 KINDS OF DISPUTES HANDLED IN AN ODR

ENVIRONMENT
ODR implies a change of medium to solve disputes. It is a catalyst to help people
solve their disputes. ODR is apt for solving of both online and offline disputes.
For example, if there arises a contractual dispute between two businessmen and
they agree to have an online mediation, they can approach an ODR institution,
submit their dispute, have an online mediator appointed, and proceed with the
mediation process online. In case a settlement is reached at, it can be reduced to
writing, signed and ultimately, can be enforced as a decree of court under the
provisions of the Indian Arbitration and Conciliation Act, 1996.
Similarly, if a company offers ODR services for its products, a consumer can
very well lodge a complaint on the company’s website and the dispute resolution
process can be initiated. For example, a classic case of solving complaints is the
online services of Supreme Court Cases2 (SCC). In case any subscriber fails to
receive a particular volume/part/issue of SCC, he can go to the website of SCC
and fill up the complaint form. SCC, after checking its records and verification,
gets back to the subscriber through e-mail with any further clarification it requires
on the matter and suggesting solutions like sending another copy of the missing
volume/part/issue and hence, solving the problem. This is a small yet feasible
and working model of ODR where a subscriber instead of approaching the
company through letters or personally can immediately log on to the website of
33
Dispute Resolutions in the company, lodges its complaint through a standard online complaint form
Cyberspace
and through mutual negotiations, the problem is solved.
Another side of the coin is solving of online disputes online. Many a time, in
case of a dispute which has arisen due to online transactions, consumers prefer
that the dispute is solved there and then through online services instead of
approaching the company through the process of writing letters, phone, etc. Any
reliable ODR institution would be great assistance to solve such online disputes.
In such a situation, ODR is helpful especially if the company has its own in-
house ODR service for online transactions to enable the customer to quickly
have an online talk with the company representative and amicably resolve the
dispute. In case of any differences, the company gives the customer an option to
approach an independent and impartial ODR institution through which the
problem can be solved.

What kinds of disputes are handled by the ODR system?
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
12.8 COMMUNICATION MODES IN ODR

One of the advantages of online environment over offline environment is the
availability of various communication modes to a user. It becomes important to
select the appropriate mode to conduct the ODR process since different kinds of
disputes require different types of modes.
34
12.8.1 E-mail Enforcement Issues in
Cyberspace
It is one of the most common and easiest ways of communicating today. It permits
the sender to not only send messages but also attachments like text files, graphic
files, audio/video files, etc. E-mail is useful for filing of pleadings, documentary
evidence, communication between the ODR institution and parties on
administrative issues, etc. This mode is also helpful when, in case of mediation
or negotiation, the parties are unable to instantly take decisions.
12.8.2 Discussion Boards

These boards are used when there are many persons wanting to give their views
on a certain issue or issues. It might get a bit confusing to ascertain as to who is
answering who’s query or is dealing with which issue if all merely follows the
e-mail system. Discussion boards are a collection of messages from different
people at the same place so that one can at a single glance view the entire
discussion. We also use thread-discussion board by which, on each issue, all
comments and replies come under one heading to give a clear picture as to what
the parties think about that particular issue. This kind of communication mode
would be useful in a commercial dispute where various issues are involved.
12.8.3 Instant Messaging

As the name suggests, it instantly sends the message to the recipient. In this
mode, the persons who are sending messages are all online and connected to
each other through a common Instant Messaging system like MSN Hotmail or
Yahoo or Rediff. They can open a common window on which they can have a
discussion and can even open up separate individual windows to talk to one or
more persons privately. Messages are sent and received immediately. This mode
is suited to ODR systems like online mediation where the mediator and both the
parties can have a joint discussion.
12.8.4 Audio Conferencing

The purpose of audio-talk is to enable the users communicate in real-time.
As one speaks, the other person can hear. With the help of advanced
telephonic technology available, we can have audio conferencing with more
than two persons talking and listening at the same time, or a group of individuals
on either side having a discussion. It is useful in negotiations, mediations and
arbitrations.
12.8.5 Video Conferencing

Video conferencing is the best mode for ODR. Combining the advantages of
audio and visual facilities, it is the only one which goes somewhere near the F2F
environment. This is not to suggest that an online environment attempts to
replicate the F2F environment. This mode enables the players of the system to
see and listen to others at the same time and also respond. This mode is particularly
useful in case of oral arguments.
35
Cyberspace Self Assessment Question 4 Spend 3 Min.
Discuss various modes of communication in ODR system.
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
........................................................................................................................
12.9 KINDS OF ODR

12.9.1 Blind Bidding or Blind Negotiation
‘Blind bidding’ or ‘blind negotiation’ is one of the most prevalent dispute
resolution services currently available online. The common characteristic of these
processes is the parties’ submission of monetary offers and demands which are
not disclosed to their negotiating counterpart, but are compared by computer in
‘rounds’. If the offer and demand match, fall within a defined range (e.g., within
5% of each other) or overlap, the case is settled for the average of the offer and
demand, the matching amount, or the demand in the event of an overlap. If the
claim is settled, the participants are immediately notified while online or by e-
mail. An example is cybersettle.com.
12.9.2 Online Negotiation

The ODR service provider to help the parties reach an amicable settlement creates
a conducive online environment. This environment is created by making use of
technology which guides the negotiation process as and when required.
Previously known as One Accord, SmartSettle aims to accelerate the negotiation

process for any type of cases and allows parties to participate in appropriate
combination of face-to-face meetings, conference calls and online exchanges in
36
order to quickly find a fair and efficient resolution. The parties are provided Enforcement Issues in
Cyberspace
with congenial atmosphere to be able to negotiate. The website generates
suggestions to help the parties quickly reach a tentative solution. SmartSettle
works by contacting all parties and help them in engaging a single/multiple
facilitator. Problems are identified, interests explored and issued identified. A
framework for agreement is built up. After this, the parties privately identify
their best and worst options to define a bargaining range for each issue. Parties
then assign private estimates of the relative importance of each issue. The issues
and expectations constitute the parties’ optimum level of satisfaction. Next step
is to encourage parties to create initial proposals with optimistic values that
allow for concessions. Parties may offer visible concessions and/or request
suggestions from SmartSettle. Any party may register a confidential acceptance
of any suggestion made by SmartSettle. When both parties accept the same
package, a tentative agreement is reached. When parties are ready to sign, the
Framework for Agreement is filled in and the best solution found.
12.9.3 Online Negotiation-cum-Mediation

This kind of ODR involves the dual process of negotiation and mediation
consecutively. The parties can initiate the ODR process by opting for online
negotiation and make an attempt to negotiate their differences and reach at a
settlement. In case they are unable to do it themselves, a mediator is appointed
which conducts an online mediation and helps the parties reach a settlement.
For example, SquareTrade.com provides individual and B2B buyers and sellers
an online negotiation-cum-mediation environment. The complainant files a case
with SquareTrade by completing an online form that helps identify the situation
and possible resolutions. The other party is notified by e-mail and responds to
the case. Communication from both parties is posted on a private Case Page.
Then Direct Negotiation begins. During Direct Negotiation, the parties
communicate with each other in a confidential, impartial forum. If the case is
not resolved, SquareTrade assigns a mediator from the SquareTrade Network
who helps the parties reach a mutually acceptable settlement.3
12.9.4 Document/E-mail Arbitration for Disputes Arising from

E-commerce Transactions
As the name suggests, the whole process of arbitration is carried on through
document/e-mail. Right from filing of arbitration agreement to filing of disputes
with documentary evidence, written submissions, written hearing and closing
statements are all done through e-mail. Interaction between the arbitrators and
the parties are done through e-mail. In case the arbitrator wants to ask questions
or parties want to make a submission or reply to other’s submissions, e-mail is
the mode used.
12.9.5 Online Arbitration Through Video-conferencing

Online arbitration with the help of video-conferencing is considered the closest
to F2F arbitration. It involves the use of video-conferencing to conduct the
arbitration process. The CAN-WINTM Internet conferencing system4 allows
registered participants to log into an electronic conference room from anywhere
37
Dispute Resolutions in in the world using standard browser software. A list identifying all parties present
Cyberspace
appears on each participant’s screen, and clicking on a participant’s name opens
a window to compose e-mail to that individual. There is also an area on each
participant’s screen to type messages to all participants. When sent, these
messages immediately appear on the screens of all parties, identified with the
sender’s name and time. Participants on one side of a dispute who are in different
locations may also caucus privately with each other and/or with the mediator
during an online session. Two electronic conference rooms allow break-out
sessions, during which the neutral may communicate with both rooms but parties
in one room may not communicate with parties in the other.
12.9.6 Peer Jury & Panel Jury

ODR institutions also offer online ‘Peer Jury’ and ‘Panel Jury’ processes to help
in the evaluation and resolution of disputes. In Peer Jury online trials, volunteer
jurors select the cases they would like to decide, review the parties’ claims, pose
questions and ultimately give their verdicts. The parties receive a summary
including the number of votes cast, the median award and a compilation of juror
comments. In Panel Jury trials, the parties choose specific jurors. Parties can
decide whether the verdict of the jury will be binding on them or not.
www.iCourthouse.com is the Internet’s courthouse. It is an online courthouse

where you can present your disputes for trial before a jury of your peers. The
idea is to agree before hand to submit the dispute to iCourthouse where the jury
will give its verdict. Filing a regular case at iCourthouse is free. One can present
his/her claim and the other side can present his/her defense. Then, the dispute is
judged by a Peer Jury, that is any person who wishes to act as a juror on the
Internet. There can be any number of jurors. The dispute can also be put forth
before a Panel Jury which is selected by the parties themselves. They are given
access to the plaintiff’s and defendant’s opening statement, evidence and closing
statement. Thereafter, the juror is required to give his/her verdict. One can look
at the verdict delivered by the other jurors. The parties can agree whether to
count a majority, two thirds, or what proportion of the verdicts will constitute a
decision. The trial book shows all the verdicts entered so far, juror comments,
and a median verdict. Results are enforceable by agreement5 between the parties.
For privacy protection, iCourthouse’s User Agreement and Rules prohibit the
use of proper names, or identifying information such as addresses. The terms
such as ‘Plaintiff’ or ‘Defendant’ or ‘Buyer’ or ‘Seller’ are used to designate the
parties.
12.10 GENERATING E-CONFIDENCE –

DISCLOSURE-BASED APPROACH
One the greatest concerns for an ODR institution are whether its services will be
accepted at large by the online public. After all, if one is agreeing to arbitrate
through an ODR institution, the very thought that the online arbitrator’s decision
would be binding on the person and can be enforced as a decree of the court, is
in itself very scary. The parties would never ‘see’ the arbitrator and there is
always an apprehension of partiality and bias. It is, therefore, a must that the
ODR institution is able to generate e-trust and e-confidence among the users of
38
the online system. Towards this effort, the American Bar Association Task Force Enforcement Issues in
Cyberspace
on E-commerce and ADR proposed Guidelines for Recommended Best Practices
by ODR Service Providers to assist consumers make an ‘informed and intelligent
decision’.7
1) Transparency and adequate means of providing information and disclosure.
2) Minimum Basic Disclosures like contact and organizational information,
terms and conditions and disclaimers for the service, explanation of services/
ADR processes provided any pre-requisites for use of service like
geographical location or membership, etc.
3) Use of Technology and the Online Environment for Dispute Resolution.
4) Costs and Funding: Disclosures as to the up front costs for the process and
what portion of the cost each party will bear is necessary.
5) Impartiality
6) Confidentiality, Privacy and Information Security
7) Qualifications and Responsibilities of Neutrals
8) Accountability for ODR Providers and Neutrals
9) Enforcement: ODR institution should disclose the steps they take to ensure
quick and complete enforcement of the awards rendered.
10) Jurisdiction and Choice of Law
11) ODR Providers should disclose the jurisdiction where complaints against
the ODR Provider can be brought, and any relevant jurisdictional limitations.
12.11 LEGAL CONCERNS

There might be certain legal concerns regarding implementation of ODR in India.
After all, if, through an ODR institution based at Delhi, arbitration is conducted
where the arbitrator is in Mumbai and one party is in Chennai and the other in
Bangalore, certain legal questions do arise for consideration. For this purpose,
we need to read the Indian Arbitration and Conciliation Act, 1996 (Arbitration
Act) with the Information and Technology Act, 2000 (IT Act). Let us take a few
issues to demonstrate the point.
1) Arbitration agreement shall be in writing: Section 7(3) of the Arbitration
Act provides that the arbitration agreement shall be in writing. However, if
the parties agree online to refer the matter to an online arbitration through
an ODR service provider, the question arises as to whether such an online
agreement will be valid in law. Presuming that both parties admit that such
an online agreement was made, it will have the sanction of law due to
operation of section 47 of the IT Act. By reading section 4 of the IT Act
into section 7(3) of the Arbitration Act, such an online agreement will be a
valid one in the eyes of law. The same goes for written submissions, if any,
made by the parties online.
2) Award to be in ‘writing’ and ‘signed’: Section 31(1) of the Arbitration Act
requires the arbitral award to be in writing and signed by the members of
the arbitral tribunal. In such case, would an e-award have the same legal
39
Dispute Resolutions in sanctity as the offline award. As far as the ‘writing’ requirement is concerned,
Cyberspace
that is answered by section 4 of the IT Act. As regards the ‘signature’
requirement, section 58 of the IT Act provides that digital signature would
have the same legal effect as a paper signature.
3) Enforceability of the e-award: Another concern relating to the use of ODR
is the enforceability of the online award rendered. Which court should the
party approach to enforce the award? Will it be the court of the place where
the arbitration agreement was signed? Or will it be the court of the place
where the arbitrators were sitting? Or will it be the court of the place where
the award was rendered? Or where the ODR institution is physically
established? Or where the parties are established? The answer lies in the
Arbitration Act itself. Section 36 states that the award will be enforced
under the Code of Civil Procedure, 1908 as if it were a decree of the court.
As per Section 2(e) of the Act, ‘Court’ means the principal Civil Court of
original jurisdiction in a district, and includes the High Court in exercise
of its ordinary civil jurisdiction, having jurisdiction to decide the questions
forming the subject-matter of the arbitration if the same had been the subject-
matter of a suit. Therefore, the court in which the award will be enforced is
dependent on the subject-matter of the arbitration and not on the place
where the arbitrator sits or renders the award or where the parties are
established.
12.12 SUMMARY
Lately, there has been an increased awareness of protecting the Interest rather
than emphasizing the legal right. The use of ADR found favour in furtherance of
business interests rather than enforcing legal rights stricto sensu. ODR includes
online negotiation, online mediation, online arbitration, online neutral evaluation,
online peer jury, etc. In the context of ODR, the ‘online environment’ has a wide
connotation in terms of ‘a setup making use of technology and communication
facilities’. An Online ADR service center functions somewhat like an offline
arbitral institution. Making use of online arbitration services ad hoc is the same
as approaching an arbitral institution after the dispute arises or inserting an
arbitration clause of a specific online arbitration institution in the contract. One
of the advantages of online environment over F2F environment is the availability
of various communication modes to a user. Communication modes in ODR
include e-mail, discussion boards, instant messaging, audio conferencing and
video conferencing. The different kinds of ODR are blind bidding or blind
negotiation, online negotiation, online negotiation-cum-mediation, document/
e-mail arbitration, online arbitration through video-conferencing and peer jury
and panel jury. It is most important that the ODR institution is able to generate e-
trust and e-confidence among the users of the online system. Legal concerns
relating to ODR in India are well taken care of by a conjoint reading of the
Arbitration and Conciliation Act, 1996 and the Information Technology Act,
2000.

1. What is ODR and how does it function?
40
2) What types of disputes are commonly settled by in ODR environment? Enforcement Issues in
Cyberspace
What are the means of communication generally adopted in ODR in settling
disputes?
3) Discuss various types of ODR. What are the legal concerns involved in
ODR system? Does Indian law sufficiently address the issue?

1) ‘Online dispute resolution’ (ODR) can, on a prima facie screening, have
two connotations. Firstly, it can be viewed as resolution of online disputes.
That would mean resolution l. of online disputes. Solution and its
advantages.
a) It would include the solving of (by any means, either online mechanism
or offline method including court adjudication) disputes which
essentially arise from an online transaction, for example, defect in a
computer software purchased and downloaded online. Secondly, ODR
can be looked into from the perspective of method of solving of a
dispute (be the dispute offline or online). This means that newer ways
of solving a dispute are being developed by making use of the online
environment which can be applied to solve any kind of disputes.
b) ADR service centers functions somewhat like an offline institution.
One can approach these institutions either ad hoc or on an agreement
basis. Companies generally have a pre-arrangement for settlement of
disputes, be it business to business (B2B) or business to consumer
(B2C), under the aegis of such online arbitral institutions. Agreements
are made out between the institution and the company as regards the
method of initiating the process into action, kind of settlement to be
pursued, the fee structure, goodwill and good faith of the parties, rights
and responsibilities of the parties and the arbitral institution, the
procedures to be followed, law applicable, confidentiality, security,
etc. ODR implies a change of medium to solve disputes. It is a catalyst
to help people solve their disputes ODR is apt for solving of both
online and offline disputes.
Some of the communication means used in ODR are—
1) E-mail
2) Discussion Boards
3) Instant Messaging
4) Audio Conferencing
5) Video Conferencing
Some of the kinds of ODR are—
1) Blind Bidding or Blind Negotiation
2) Online Negotiation.
3) Online Negotiation-cum-Mediation.
41
Dispute Resolutions in 4) Document/E-mail Arbitration for disputes arising from E-commerce
Cyberspace
transactions.
5) Online arbitration through video-conferencing.
6) Peer Jury and Panel Jury
There might be certain legal concerns regarding implementation of ODR
in India. After all, if, through an ODR institution based at Delhi, arbitration
is conducted where the arbitrator is in Mumbai and one party is in Chennai
and the other in Bangalore, certain legal questions do arise for consideration.
For this purpose, we need to read the Indian Arbitration and Conciliation
Act, 1996 (Arbitration Act) with the Information and Technology Act, 2000
(IT Act).
The above mentioned Act have adequately dealt with the issue.
2) An Online ADR service center functions somewhat like an offline arbitral
institution. One can approach these institutions either ad hoc or on an
agreement basis. Companies generally have a pre-arrangement for
settlement of disputes, be it business to business (B2B) or business to
consumer (B2C), under the aegis of such online arbitral institutions.
Agreements are made out between the institution and the company as regards
the method of initiating the process into action, kind of settlement to be
pursued, the fee structure, goodwill and good faith of the parties, rights
and responsibilities of the parties and the arbitral institution, the procedures
to be followed, law applicable, confidentiality, security, etc. When a dispute
arises, either the company or the consumer (who is pre informed as to the
existence of such an arbitral institution to which the company is associated)
approaches the institution. The other party is then contacted and depending
upon the service provided or agreed for, negotiation, mediation, arbitration,
conciliation, evaluation or any other service is pursued. This is a bird’s eye
view of the whole arrangement.
3) ODR implies a change of medium to solve disputes. It is a catalyst to help
people solve their disputes. ODR is apt for solving of both online and offline
disputes.
For example, if there arises a contractual dispute between two businessmen
and they agree to have an online mediation, they can approach an ODR
institution, submit their dispute, have an online mediator appointed, and
proceed with the mediation process online. In case a settlement is reached
at, it can be reduced to writing, signed and ultimately, can be enforced as a
decree of court under the provisions of the Indian Arbitration and
Conciliation Act, 1996.
4) One of the advantages of online environment over offline environment is
the availability of various communication modes to a user. It becomes
important to select the appropriate mode to conduct the ODR process since
different kinds of disputes require different types of modes. E-mail
Discussion Boards Instant Messaging Audio conferencing Video
conferencing.
42
12.15 REFERENCES AND SUGGESTED READINGS Cyberspace
1. James R. Beniger. The Control Revolution: Technological and Economic
Origins of the Information Society. Harvard University Press. 1997: 1-27.
2. <http:\\www.ebc-india.com>.
3. <http://www.squaretrade.com/spl/jsp/eln/el.jsp?stmp=elance>.
4. <http://resolutionforum.org/services.html>.
5. http://www.i-courthouse.com/main.taf?area1_id=about&area2_id=faqs –>.
“In the event that a dispute arises out of this transaction, the parties agree
to submit that dispute for binding resolution through iCourthouse. In the
event that a party shall refuse to submit the dispute to iCourthouse, or files
an action in any other court without first offering dispute resolution through
iCourthouse, that party shall lose any right to attorney’s fees it might
otherwise be entitled to. The parties further agree that any verdict of
iCourthouse may be reduced to a judgement in any court having jurisdiction
over the parties, at the option of any party, without further adjudication.”
6. For example, one can use the following language to make your decision
enforceable: “We, the parties to case number – agree that the verdict
rendered by the jury in the iCourthouse case will be binding on us, and
will be enforceable as a judgment in a court of appropriate jurisdiction.”
April 2002.
7. Where any law provides that information or any other matter shall be in
writing or in the typewritten or printed form, then, notwithstanding anything
contained in such law, such requirement shall be deemed to have been
satisfied if such information or matter is-
8. Where any law provides that information or any other matter shall be
authenticated by affixing the signature or any document shall be signed or
bear the signature of any person (then, notwithstanding anything contained
in such law, such requirement shall be deemed to have been satisfied, if
such information or matter is authenticated by means of digital signature
affixed in such manner as may be prescribed by the Central Government.
Explanation.– For the purposes of this section, “signed”, with its
grammatical variations and cognate expressions, shall, with reference to a
person, mean affixing of his hand written signature or any mark on any
document and the expression “signature” shall be construed accordingly.
43

MIR-012 Regulation of Cyberspace - Shortcut - LNK

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MIR-012 Regulation of Cyberspace - Shortcut - LNK

Uploaded by

Copyright:

Available Formats

UNIT 1 DOMESTIC LAWS:

The phenomenal growth of Information and Communication Technology has

India today is emerging as a global information technology powerhouse, offering

1.3 CHALLENGES TO LAWS

Protection of intellectual property available on the Internet is one of the greatest

The march of technology demands the enactment of newer legislation both to

1.4 INFORMATION TECHNOLOGY ACT, 2000

The Information Technology Act intends to give legal recognition to e-commerce

Self Assessment Question 2 Spend 3 Min.

1.5 CRITIQUES OF THE I.T. ACT

A single section devoted to liability of the Network Service Provider is highly

1.6 PROPOSED AMENDMENTS TO THE I.T. ACT

As the technologies and applications in IT sector change very rapidly, some

A new chapter (III A) under the title “Electronic Contracts” is proposed to be

Self Assessment Question 3 Spend 3 Min.

1.8 TERMINAL QUESTIONS

1.9 ANSWERS AND HINTS

1.10 REFERENCES AND SUGGESTED READINGS

2.3 STATEMENT OF OBJECTS AND REASONS

The solution devised is by giving a statutory mechanism to the creation and

2.4 APPLICATION OF THE ACT – THE EXTRA-

Self Assessment Question 1 Spend 3 Min.

Any commercial transaction necessarily requires an agreement between two

Affixing a digital signature implies the electronic authentication of an electronic

Section 2(p) of the Act defines ‘digital signature’ as ‘authentication of any

2.5.1 Controller of Certifying Authorities

Controller to act as Repository

Recognition of Foreign Certifying Authorities

Power to investigate contraventions

Directions to extend facilities to decrypt information

2.5.2 Licence to Issue Digital Signature Certificates

2.6 E-GOVERNANCE (CHAPTER III)

2.6.1 Functional-Equivalent Approach

For the purpose of this Chapter, definition of ‘electronic form’, as provided

Self Assessment Question 3 Spend 3 Min.

2.6.3 Legal Recognition of Digital Signatures

Therefore, an application for a document say, a land record, if made in the

2.6.5 Retention of Electronic Records

2.8 TERMINAL QUESTIONS

2.9 ANSWERS AND HINTS

2.10 REFERENCES AND SUGGESTED READINGS

In this unit we shall discuss the adjudicatory mechanism provided in the IT

• discuss the powers, functions and qualifications and what procedure is to

• describe amendments made by this Act in different statutes to give legal

3.3 ADJUDICATION (CHAPTER IX)

3.3.1 Adjudicating Officer

Chapter X of the Act contains provisions relating to Cyber Regulations Appellate

Presiding Officer of CRAT

Appeal to and Procedure and Powers of the CRAT

The appeal shall be dealt with by it as expeditiously as possible and endeavour

3.4 PENALTIES AND OFFENCES (CHAPTER IX & XI)

In case of offences committed by companies, such persons who, at the time

Self Assessment Question 2 Spend 3 Min.

3.5 NETWORK SERVICE PROVIDER LIABILITY

3.6 AMENDMENTS TO CERTAIN STATUTES

3.6.1 Amendments to the Indian Penal Code, 1860

3.6.2 Amendments to the Indian Evidence Act, 1872

a) Amendments permitting evidence in electronic form: The definition of

3.8 TERMINAL QUESTIONS

3.9 ANSWERS AND HINTS

B) Downloading, copying or extracting any data, computer database or

C) Introducing or causing to be introduced any computer contaminant

D) Damaging or causing to be damaged any computer, computer system