CHAPTER 2

SCOPE OF SECTION 43 OF THE INFORMATION TECHNOLOGY

ACT, 2000

In the last chapter, the reasons for the study were established and it resulted into
further narrowing down to making the research questions out of research aims
and objectives.

The present chapter deals with the scope of Section 43 of The Information
Technology Act, 2000. The present chapter provides an analysis and
establishing the nature of the Section 43 of The Information Technology Act,
2000. This chapter is the foundation of the entire research as the entire research
after this chapter the researcher has tried to study the limitations and techno-
legal challenges of Section 43 of The Information Technology Act, 2000.

2.1 Introduction

The Information Technology Act, 2000 in India is based on the Resolution 1

adopted by the General Assembly of United Nations on 30th January, 1997
regarding Model Law on Electronic Commerce earlier adopted by the United
Nations Commission on International Trade Law (UNCITRAL). The
UNCITRAL was created by the United Nations General Assembly by
resolution2 dated 17th December, 1966. In India, The Information Technology
Act, 2000 received the assent of the President of India on 9th June, 2000 and
later on was notified in the Official Gazette on 17th October, 2000.

1
Resolution A/RES/51/162 of Jan. 30, 1997.

2
Resolution 2205 (XXI) of Dec. 17, 1966.

43 | P a g e
The aim of UNCITRAL is to further the progressive harmonization and
unification of the law of International Trade and in that respect to bear in mind
the interests of all people in particular to those of developing countries in the
extensive development of international trade 3 by adopting Model Law of
different genre. The Information Technology Act, 2000 is based on the
UNCITRAL Model Law on E-commerce which is to give legal recognition to
electronic records, promote e-commerce 4 and e-governance 5 , treat electronic
records at par with paper based documents and regulate cyber crimes.

The major amendments were made in different enactments by the Parliament of

India because of The Information Technology Act, 2000 coming into force and
the most significant amendments were made in The Indian Penal Code, 1860,
Indian Evidence Act, 1872, Banker‟s Books Evidence Act, 1891 and Reserve
Bank of India Act, 1934.

The UNCITRAL Model Law provided for the foundation for most of the
information technology legislations in different countries. But the Model Law
only provides for 17 Articles to address the issues relating to electronic
commerce. It is a special set of principles to be applied by the member countries
in case of international trade with the use of information technology. The Model
Law is just a guideline for the countries to evolve a law according the standards
of technology being used in each single country.

The entire idea of providing a Model Law was only to bring e-contracts6 on one
standard footing for all the countries. Even after having different levels of

3
See, RESOLUTION, Supra Note 1

4
Henceforth for all the expressions the word „e-commerce‟ would mean electronic commerce.

5
Henceforth for all the expressions the word „e-governance‟ would mean electronic governance.

6
Henceforth for all the expressions the word „e-contract‟ would mean electronic contract.

44 | P a g e
technology in different countries, there was a need for some commonality of
principles in the area of electronic commerce which was satisfied with the
application of the UNCITRAL Model Law in the domestic sphere of the
legislations in the developing countries like India.

The Model Law was just a specimen created for the member countries who
were members of UNCITRAL and the countries were expected to draft
legislation based on the Model Law specifically for the purpose of regulating E-
commerce. This provided an opportunity for developing countries like India to
come up with the first-ever legislation in the domestic sphere on the subject
matter of information technology.

While drafting the legislation based on the UNICITRAL Model Law, the care
was taken by the legislature that, it must not only address the regulation on e-
commerce as per the expectations of the UNICITRAL Model Law but also
include the provisions relating to other facets of information technology, such as
Digital Signatures, Certifying Authorities, adjudicating authorities to address
the technical, legal and procedural issues, liability of internet service providers
(ISP), contraventions which enforce civil liability and separate provisions for
the punishment for cyber crimes.

The very nature of The Information Technology Act, 2000 is prescribing civil
law with provisions applicable to e-commerce and in turn digital signatures and
civil liability in relation to certain acts prescribed under Section 43. At the same
time, The Information Technology Act, 2000 also prescribes computer related
offences under Section 65 to 747 which make the nature of the law as a mixed
blend of civil and criminal liability in terms of misuse of computers.

7
The Information Technology Act, 2000, Chapter XI

45 | P a g e
The provision prescribing civil liability under Section 43 is a unique provision
and has been subjected to various controversies, judicial and legislative scrutiny
and amendments. There are few stringent implications which hint towards the
tough and strong regulations to combat the evil of computer related prohibited
acts under Section 43 of The Information Technology Act, 2000. But it also
carries certain inherent drawbacks and limitations of this particular provision in
terms of applicability, jurisdiction and other procedural aspects. For the purpose
of understanding the limitations of the said provision, the scope of Section 43
has to be studied minutely right from the origin of The Information Technology
Act, 2000.

46 | P a g e
2.2 Scope of Section 43 of The Information Technology Act, 2000

The Information Technology Act, 2000 was passed with the object of
incorporating the regulation on the E-commerce into our legal system on the
basis of the UNCITRAL Model Law. When Model Law was adopted, the effort
was made by the legislature to address certain other issues relating to use of
information technology. Apart from the principles relating to E-commerce
adopted from UNCTRAL Model Law, the issues relating to Digital or
Electronic Signature8 and Regulation of Certifying Authorities9 were also added
in The Information Technology Act, 2000. Apart from the techno-legal aspects
relating to the E-commerce, there was another dimension to the use of
technology taking into consideration socio-economic structure of the country.
The menace of cyber crimes was at the doorstep of every information
technology user in India around the same time when The Information
Technology Act, 2000 was passed. The legislature included separate chapters10
in The Information Technology Act, 2000 for the Penalties and Adjudication11
and offences12.

8
The Information Technology Act, 2000, Chapter II and Chapter V

9
The Information Technology Act, 2000, Chapter VI

10
The Information Technology Act, 2000, respectively Chapter IX and Chapter XI

11
In the original Act of 2000 prior to The Information Technology (Amendment) Act, 2008 (No.
10 of 2009) which came into force with effect from Oct. 27, 2009

12
The Information Technology Act, 2000, Chapter XI

47 | P a g e
The Chapter IX13 which provided for the Penalties and Adjudication included
the set of five sections from Section 43 to 47 in The Information Technology
Act, 2000. The major emphasis under this chapter was on the certain set of
prohibited acts which are not as serious as cyber crimes but are of such a nature
that might cause damages to an individual. Securing unauthorized or illegal
access, downloading, copying, extracting data or information, introducing
computer virus or computer contaminant, damage or causing damage, disruption
or causing disruption, denial of access to a person authorised, assisting someone
else to commit any contravention, theft of internet hours, destroying, deleting or
altering any information in the computer and stealing, concealing, destroying or
altering the information residing in the computer are some of the acts which are
made contraventions under Section 43 of The Information Technology Act,
2000.

Such acts were prohibited under Section 43 and the remedy provided to the
victim is in the form of compensation. Before The Information Technology
(Amendment) Act, 2008, the compensation under Section 43 was up to Rupees
Ten Lakh and later on was increased up to Rupees One Crore. After The
Information Technology (Amendment) Act, 2008, this limit as to grant of
compensation is removed 14 and now, there is no limit as to maximum
compensation that a victim can get as a remedy in the form of compensation
under Section 43.

Section 43 of The Information Technology Act, 2000 provides for certain set of
acts; if committed by any person without the permission of the owner or person

13
The Heading of Chapter IX was amended and was substituted with “Penalties, Compensation
and Adjudication”.

14
By The Information Technology (Amendment) Act, 2008 (No. 10 of 2009), Section 21 (d),
which came into force with effect from Oct. 27, 2009

48 | P a g e
 in charge of a computer15, computer system16 or computer network17 commits
any of the acts provided under the sub-sections (a) to (j) of Section 43, the
person is liable to pay damages by way of compensation to person affected.

Section 43 provides for the remedy in the form of compensation to the victim.
But that is not the only remedy under The Information Technology Act, 2000
for the victim. According to Section 6618 of The Information Technology Act,
2000;

“If any person, dishonestly or fraudulently, does any act referred

to in Section 43, he shall be punishable with imprisonment for a
term which may extend to three years or with fine which may
extend to five lakh rupees or with both.”

Section 66 has provided another form of remedy for the victims of the acts
committed against them under Section 43. The major difference between
Section 43 and Section 66 is that;

i) The pre-requisite of Section 66 is the existence of mensrea, which could be

reflected by the words used in Section 66, i.e., “dishonestly or fraudulently”. In
turn, this pre-requisite is not the condition for Section 43. The only pre-requisite
which applies in case of Section 43 is that whether the act committed by the

15
The Information Technology Act, 2000, Section 2 (i)

16
The Information Technology Act, 2000, Section 2 (l)

17
The Information Technology Act, 2000, Section 2 (j), which was substituted by The
Information Technology (Amendment) Act, 2008 (No. 10 of 2009) which came into force with
effect from Oct. 27, 2009

18
The Information Technology (Amendment) Act, 2008 (No. 10 of 2009), Section 32 which
came into force with effect from Oct. 27, 2009

49 | P a g e
 person under Section 43 is without the permission of the owner or person who is
in charge of the computer, computer system, computer network.

ii) Section 43 provides for the remedy for the victim in the form of damages to be
paid to the person affected by way of compensation by the person committing
any contravention under Section 43 (a) to (j). Whereas, Section 66 provides for
the sanction on the person committing the act

iii) Under Section 43 with dishonest and fraudulent intention with the punishment
for the imprisonment which may extend to three years or with fine which may
extend to five lakh rupees.

The most important facet about these two provisions of The Information
Technology Act, 2000 is that, no single provision of The Information
Technology Act, 2000 provides for the alternative application of Section 43 and
66. That means simultaneous actions under Section 43 and 66 under The
Information Technology Act, 2000 can be initiated by the victim against the
person who commits any contravention under Section 43 of The Information
Technology Act, 2000.

Another interesting aspect of these acts provided under Section 43 of The

Information Technology Act, 2000 is related to the jurisdiction of the courts.
The Adjudicating Officer has the jurisdiction to try the contraventions of the
provisions under Chapter IX of The Information Technology Act, 2000 19 .
Taking into consideration the technical aspects of the acts provided under
Section 43, the jurisdiction of civil courts is expressly barred under The
Information Technology Act, 2000. 20 A special court in the form of an
Adjudicating Officer is provided under The Information Technology Act, 2000

19
The Information Technology Act, 2000, Section 46

20
The Information Technology Act, 2000, Section 61

50 | P a g e
to try the contraventions under Chapter IX related to Penalties, Adjudication
and Compensation. Whereas, there is no special court created for the offences
prescribed under Chapter XI consisting of Section 65 to 74 related to offences.
The regular criminal courts have the jurisdiction depending upon their
respective power to adjudicate, depending upon the quantum of the punishment
which is prescribed in the Code for Criminal Procedure, 197321.

Section 43 of The Information Technology Act, 2000 has to be studied in two

different timelines, that is, prior to 2008 Amendment and post 2008
Amendment. The Information Technology (Amendment) Act, 2008 22 has
contributed many techno-legal aspects in the operation of Section 43, which
involves significant changes in the procedures and applies the strict regime of
contraventions and computer related offences.

21
(2 of 1974)

22
(No. 10 of 2009) which came into force with effect from Oct. 27, 2009

51 | P a g e
 2.3 Original provision of Section 43 of The Information Technology Act,
2000

Right from the inception of The Information Technology Act, 2000, there was a
provision under Section 43 providing for the contraventions which in term
provided for the remedy in the form of compensation to the victim. Following is
the provision which was in operation prior to The Information Technology
(Amendment) Act, 2008.

Chapter IX
Penalties and Adjudication
Section 4323: Penalty for damage to computer, computer system, etc.
If any person without permission of the owner or any other person who is in
charge of a computer, computer system or computer network,-

a) accesses or secures accesses to such computer, computer system or computer

network;
b) downloads, copies or extracts any data, computer database or information from
such computer, computer system or computer network including information or
data held or stored in any removable storage medium;
c) introduces or causes to be introduced any computer contaminant or computer
virus into any computer, computer system or computer network;
d) damages or causes to be damaged any computer, computer system or computer
network, data, computer database or any other programmes residing such
computer, computer system or computer network;
23
The provision discussed here is the original provision of Section 43 [Prior to The Information
Technology (Amendment) Act, 2008]. The researcher has added the original provision to show
the changes that have been brought into force after the Amendment in the year 2008.

52 | P a g e
e) disrupts or causes disruption of any computer, computer system or computer
network;
f) denies or causes the denial of access to any person authorised to access any
computer, computer system or computer network by any means;
g) provides any assistance to any person to facilitate access to a computer,
computer system or computer network in contravention of the provisions of this
Act, rules or regulations made there under;
h) charges the services availed of by a person to the account of another person by
tampering with or manipulating any computer, computer system or computer
network,

he shall be liable to pay damages by way of compensation not exceeding ten

lakh rupees to the person so affected24.

For the purpose of the understanding certain terms quoted in the Section, the
legislature has added the explanation to the said section. They have defined the
terms “computer contaminant”, “computer database”, “computer virus” and
“damage”.

The Information Technology (Amendment) Act, 2008 did not change the sub-
clauses (a) to (h) in Section 43. By virtue of the Amendment in the year 2008,
few more sub-sections were added under Section 4325.

When the liability arises under Section 43 of The Information Technology

Act, 2000?

24
This provision is changed to award compensation up to any extent after The Information
Technology (Amendment) Act, 2008.

25
Sub-clause (i) and (j) were added in the Section 43, which are discussed in the next sub-topic.

53 | P a g e
 Section 43, right at the outset provides for the pre-requisites to enforce the
liability under this Section. The two requirements which are discussed in the
beginning of the Section 43 are:

I. The acts committed under this Section must have been committed
without the permission of the owner or any person who is in charge of a
computer, computer system or computer network.

II. There must be some kind of damage caused to the person affected by
such acts.

The reference can also be given to Section 47 of The Information Technology

Act, 2000 which provides for the factors to be taken into account by the
Adjudicating Officer while adjudicating the quantum of compensation under
Section 43. Section 47 provides for three different factors and they are:

a) the amount of gain of unfair advantage, whenever quantifiable, made as a

result of the default
b) the amount of loss caused to any person as a result of the default
c) the repetitive nature of the default.

Section 43 requires that, the act of default must have been committed without
the permission of the person who is an owner or a person in charge of the
computer, computer system or computer network. Secondly, the act of the
defendant must have caused some damage or loss to the person so affected.

The original provision of Section 43 of The Information Technology Act, 2000

provided eight different acts under Section 43 (a) to (h). Following are the acts
which are prohibited under these sub-sections:

a) Illegal Access

54 | P a g e
Section 43 (a) provides for the very basic kind of an act which is prohibited
under The Information Technology Act, 2000. If any person accesses or secures
access to any computer, computer system, computer network or computer
resource26 without the permission of the owner or person in charge of such a
computer, computer system or computer network, he is liable under this
Section.
In general sense, word „access‟ means seeking entry into something. The
Information Technology Act, 2000 defines „access‟27 as:

“access with its grammatical variations and cognate expressions

means gaining entry into, instructing or communicating with the
logical, arithmetical or memory function resources of a computer,
computer system or computer network.”

The combined effect of Section 43 (a) and Section 2 (a) is that, if any person
gains an access into the computer, computer system or computer network
without the permission of the owner or person in charge, he is liable. The
definition of access includes access to any part of the computer. It involves the
entry into logical, arithmetic or memory function of the computer. These
sections provide a blanket protection against any illegal or unauthorised access
not only to computer, computer system or computer network but also to an
unauthorised or illegal access as to logical, arithmetic or memory function in
any resources of a computer, computer system or computer network. That
means, if a person access the program files stored in a “C Drive” of a computer
or laptop without accessing the actual data file created by the owner which is
saved in “E Drive”, still the person accessing the computer without the
permission is liable.

26
Inserted by Act 10 of 2009, Section 21 (b)

27
Section 2(a)

55 | P a g e
The essence of Section 43 (a) is gaining an entry into any part of the computer
either physically or virtually without the permission of the owner or the person
in charge of the computer, computer system or computer network. The term
„access‟ covers both physical and/or virtual access to a computer, computer
system or computer network28. The contravention under Section 43 (a) is a very
basic contravention but is the one which is the most commonly committed in
most of the cases of cyber crimes.
To put it in more accurate terms, it is the initiation of all other serious cyber
crimes or offences. The example can be cited in relation to Debit or Credit Card
thefts. When any person accesses the Debit or Credit Card of another it falls
within the meaning of illegal or unauthorised access. The theft may be proved at
the next level, but initially, the person who secures access can be charged with
unauthorised or illegal access.

b) Downloading, Copying, Extracting

Section 43 (b) is specifically meant for the protection of data, database or

information from the copyright violation and even data theft. The advancement
in the field of information technology has manifold the chances of creating
multiple copies of any material stored in any computer, computer system or
computer network. Information technology has posed many challenges to the
intellectual property rights. Downloading, copying and extracting are the
biggest challenges for all of them.

When any person accesses or opens any file or data the downloading begins.
The term downloading is not defined anywhere under The Information
Technology Act, 2000. But technically, it means the access to the content of the

28
VAKUL SHARMA, INFORMATION TECHNOLOGY LAW AND PRACTICE, 117 (3 rd Ed.,
2014)(2011)

56 | P a g e
data or information. It is the actual interface of the person to the information or
data stored in the memory of the computer, computer system or computer
network. For example, if A opens a MS word document stored in the computer
of B without his permission, he has downloaded the document without the
permission of B.

The subsequent act mentioned in the section is of copying. Copying signifies the
act of duplication of data or information. It is creating another copy of a
document without hampering the original file or a document. Copying is serious
than downloading. Downloading merely is an act of procuring an access or
opening a document whereas, copying involves an act of duplication of any data
or information stored in a computer.

Next in line with seriousness is an act of extracting. It is the serious most act
than that of downloading and copying. Where copying involves only the act of
duplicating or multiplying the copies of the data or information, extracting
involves cutting the original source of the data and information and creating
another source for the same information or data. The act of extracting involves
the act which is popularly known as „cut-paste‟. In extracting, the original file is
cut and is saved somewhere else. Extracting changes the source or path of the
file. Comparing all the three acts that of downloading, copying and extracting;
the severity increases with each single act. That is to say, downloading is the
least serious act out of the three. Copying is serious than downloading and
extracting is serious most out of the three in terms of causing damage.
Extracting also involves retrieving a file from a remote computer, computer
system or computer network and then selectively extract part of the digital
content29.

29
VAKUL SHARMA, Supra note 28 at 118

57 | P a g e
The essence of the act prohibited under Section 43 (b) lies in the unauthorised
duplication of any data or information without the permission of the owner or
the person in charge of the computer, computer system or computer network.
The unauthorized duplication is definitely relates to copyright violation. Section
43 (b) can be read with the Chapter XII and XIII of The Indian Copyright Act,
1957. Section 77 of The Information Technology Act, 2000 provides that no
compensation awarded penalty imposed or confiscation made under The
Information Technology Act, 2000 shall prevent the award of compensation or
imposition of any other penalty or punishment under any other law for the time
being in force.

As per the information technology law expert, Adv. Prashant Mali,

“I feel technological developments do not pose that much of a
challenge than the challenge of having awareness about
technology and crimes committed using technology. People aren‟t
aware about what is a cybercrime and what is not, they still feel,
every data available can be taken without permission of the owner
as they are keeping the original intact, also they are unaware that
it amounts to Data Theft under Section 43(b) of the IT Act,
2000.”30

c) Introducing any computer contaminant or computer virus

Computer viruses are common to the entire digital world. It causes big
hindrance in the normal functioning of the computer. It is basically a set of
instructions which creates obstacles in the normal functioning of the computer.
There are many types of commands or set of instructions which may create
obstacles in the way the computer works. It could be in the form of worms,
Trojans or logic bombs. In the recent past, technicians have also started calling

30
An online personal interview was conducted with Adv. Prashant Mali, a cyber expert from
Mumbai on 24th September, 2015.

58 | P a g e
 it bugs. It became highly difficult for the legislatures around the world to
include all the types of viruses in to the prohibited acts as the time they make
one inclusion in the law; there is another type of virus in existence.

Instead of making a segregation of all the types of the viruses, the Indian
legislature has included one generic term for all of them and that is „computer
contaminant‟. Under Section 43 (c) of The Information Technology Act, 2000,
introducing or causing to introduce computer contaminant or computer virus
without the permission of the owner or person in charge of the computer,
computer system or computer network is treated as a contravention.

Section 43 also has an explanation added to it, which defines certain technical
terms used in the same provision. For example, computer contaminant,
computer database, computer virus, damage and computer source code have
been defined in the explanation to Section 43.

Computer contaminant is defined31 as, any set of computer instructions that are
designed-

a) to modify, destroy, record, transmit data or programme residing within a

computer, computer system or computer network; or
b) by any means to usurp the normal operation of the computer, computer system
or computer network.

This definition of „computer contaminant‟ includes in its ambit set of computer

instructions which modify, alter or destroy data or information. A computer as
device obeys as a servant to the person who sets the programme for the
computer. It prima facie looks as if the computer as device is working in a non-
obvious way. But the way it works is controlled by the programmer by giving
certain set of instructions.
31
The Information Technology Act, 2000, Explanation (i) of Section 43

59 | P a g e
The definition of „computer contaminant‟ shows the effect of the introduction of
the contaminant. It may cause destruction of data or information stored in the
computer. It may modify or alter the information in the computer in such a way
that it may be of no use to the owner of the computer. It may create such an
instruction that the computer starts sharing the data or information with the
internet connected devices, remote devices, LAN32, WAN33 connected devices
and Wi-Fi34 connected devices without any authorization of the owner of the
computer, computer system or computer network.

Computer virus is also defined under the explanation to Section 43.

“Computer virus35 means any computer instructions, information,
data or programme that destroys, damages, degrades or adversely
affects the performance of the computer resource or attaches itself
to another computer resource and operates when a programme,
data or instruction is executed or some other event takes place in
that computer resource.”

A virus attack is the most common attack on the functioning of the computer. It
is an attack on the logical functioning of the computer. It is a set of instructions
or programme which destroys, alters or modifies the data or information

32
LAN stands for Local Area Network which is connected paths to the computer in a specified
territory.

33
WAN means Wide Area Network. In WAN, the computer is connected to the distinctly
located server.

34
Wi-Fi is the modern device which operates without any wired connection to the device. It is
wireless connection to the computer, computer system or any device.

35
The Information Technology Act, 2000, Explanation (iii) of Section 43

60 | P a g e
residing in the computer. It adversely affects the logical, arithmetic or memory
function of the computer. Virus may initiate certain instructions to the
programme files of the computer which may involve the unauthorised sharing of
the data or information to another computer or computer network. The effect of
the virus causes damage to the data or information or even to the normal
functioning of the computer.

The Information Technology Act, 2000 under Section 43 (c) makes an

introduction of the computer virus or computer contaminant without the
permission of the owner or person in charge of the computer a contravention.
Sometimes for the purpose of creating anti-virus software, the companies need
to introduce the contaminants and virus for the purpose of research and
development. The most essential ingredient of the provision is introduction of
the virus or contaminant without the permission.

d) Damage or causing damage

The Information Technology Act, 2000 under Section 43 (d) provides the most
generic provision which can be imposed in the cases of the damage caused to
the computer, computer system or computer network as well as the data,
database, any programme or information in the computer.

The Explanation (iv)36 defines the word „damage‟ as means to destroy, alter,
delete, add, modify or rearrange any computer resource by any means. It
includes damage to both hardware and/or software either done physically or
through virtual medium37.

36
The Information Technology Act, 2000, Section 43

37
VAKUL SHARMA, Supra note 28 at 120

61 | P a g e
Any virtual or physical damage caused to the computer or any data or
information residing in the computer is covered under the same provision. The
contravention covered under Section 43 (d) is loosely drafted to make it
applicable in any given situation where the computer is targeted by any means.
Any damage caused to the hardware or software is also covered under the same
provision.

This provision can be read together with any other provision of The Information
Technology Act, 2000 where there is any penalty imposed for any kind of
damage caused to the computer, computer system or computer network.

One more important facet of the provision under Section 43 (d) is that, it does
not only provides for contravention in case of successful damage caused to the
computer, computer system, computer network, data, database or programme
residing in such a computer, but also an attempt to cause damage is provided as
a contravention.

e) Disruption

The provision under Section 43 (e) is again a very generic provision like that of
the earlier provision under Section 43 (d). Disruption is any act which creates
any small kind of hurdle in the normal operations of the computer, computer
system or computer network. It may involve any amount of an act which causes
any hindrance in the usage of the computer, computer system or computer
network.

Sometimes the acts are committed which may cause disruption to the hardware,
for example, causing physical damage to the device or even the LAN or any
wired device. The purpose of the provision under Section 43 (e) is to provide

62 | P a g e
protection against those acts which may not necessary sound to be very serious
crimes or offences against the computer, computer system or computer network
but it is to provide protection against the damage caused to the computer,
computer system or computer system in physical form. These are the acts which
sometimes are comparatively less serious acts but do cause hindrance in the
normal functioning of the computer.

Like, the earlier provision relating to damage, even under Section 43 (e) any
attempt to disrupt the computer, computer system or computer network can also
be a contravention. Disruption may lead to malfunctioning of a computer,
computer, computer system or computer network, thereby affecting its expected
normal (programmed)/standard performance38.

f) Denial of access:

The denial of access is one more type of an attack on the computers as a

property. In this, the act of denial can be committed in physical as well as
virtual manner. If the lawful owner or the person who is authorized to access the
computer, computer system or computer network is not allowed to access the
same in any manner, the provision under Section 43 (e) can be invoked.

The denial of access can be physical access to the device, where the deliberate
attempt is made on the part of the accused to conceal the device physically or
causing damage to the device in such a way that, the person is not in position to
access the computer, computer system or computer network. The virtual denial
of an access is also covered under the same provision. When any person who is
authorized to have an access to the computer, computer system or computer
network is not allowed to have an access to same, that can also attract the

38
Id.

63 | P a g e
provision under Section 43 (f). The denial of access to the computer, computer
system or computer network can be committed by changing the password of the
computer without the permission of the authorized owner or person in charge or
even putting the passwords to the computer itself or any computer resource
without the permission of the person authorized.

The denials of access attacks on the website are also common these days. These
attacks are also committed by the terrorist organizations. The websites and
servers of the government establishments are the frequent victims of the denial
of access attacks. The person who is legally authorized to have an access is
denied the access to the computer, computer system or computer network or
even the computer resource by either changing and putting the passwords on the
existing files in the computer or it is the physical intervention to detach the
authorized user of the computer, computer system or computer network to deny
the access to the same. Like Section 43 (d) and (e) attempt to deny access is also
a contravention under Section 43 (f) of The Information Technology Act, 2000.

g) Providing assistance to commit any contravention:

The Information Technology Act, 2000 does not only provide for the
contraventions under Section 43 but also provides for the liability in case the
assistance is provided in committing any contravention. The provision under
Section 43 (g) gives a wide area of application as assistance in case of any
contravention of the provisions of The Information Technology Act, 2000 or
Rules or Regulations made under The Information Technology Act, 2000 is also
provided.

The provision shows the intent of the legislature to provide for liability on the
person who is assisting any other person in committing contravention of any of

64 | P a g e
 the provisions under The Information Technology Act, 2000, Rules and
Regulations made there under.

h) Theft of Internet Hours:

The purpose of Section 43 (h) is to safeguard the rights of an account holder of

an Internet Service Provider (ISP) or e-commerce sites by another person. The
idea is to prevent theft, misappropriation, misrepresentation, fraud or forgery of
access code/user id/ password, etc. by a person to the account of another person
by tampering with or manipulating any computer, computer system, or
computer network39.

Sub-clause (h) of the Section 43 of The Information Technology Act, 2000

provides for one more technical contravention popularly known as „theft of
internet hours‟. But the words, „theft of internet hours‟ are nowhere used in The
Information Technology Act, 2000.

As per Section 43 (h) of The Information Technology Act, 2000 if any person
without the permission of the owner or person in charge of the computer,
computer system or computer network charges the services availed of by a
person to the account of another person by tampering with or manipulating any
computer, computer system or computer network is liable to pay damages in the
form of compensation to the victim.

There are three major components for the said contravention under Section 43
(h), which are as follows:

I. Without the permission of the owner of the computer, computer system or

computer network

39
VAKUL SHARMA, Supra note 28 at 122

65 | P a g e
 II. Charging the services availed to another account of another person
III. By tampering or manipulating with the computer, computer system or computer
network

The first and the foremost requirement of Section 43 of The Information

Technology Act, 2000 is that the act under Section 43 must have been
committed without the permission of the person who is the owner or person in
charge of the computer, computer system or computer network. Secondly, the
contravention involves charging for the services to another person. This
involves the contravention where one person has utilized any specific service
but the other has been charged for the same even without the usage of the
service by the person who is charged with it. This is common in the field of any
service contract, where the subject matter involves some technical object, for
example, electricity or telephones. Thirdly, the act is committed by tampering or
manipulating the computer, computer system or network.

The internet service providers are also foxed sometimes where the user enters
into the system or servers and uses the services provided by the internet service
provider and then manipulates the records or entries in the system in such a way
that the person manipulating the entries shall be not charged but some other
person who has actually not used the services is charged for the usage of
another person. If such an act is committed by any person in case of the internet
services and the other person is charged for the usage of the internet hours by
way of tampering or manipulating the computer, computer system or computer
network, it may be called as theft of the internet hours. The Information
Technology does not create any nomenclature such as „theft of internet hour‟
per se, but there is a legal fiction which is created due to the application of the
similar provisions which are related to different subject matters.

One may raise a question as to the nomenclature of the said contravention as it

involves the word „theft‟. Theft has been provided separately as an offence

66 | P a g e
against property in The Indian Penal Code, 186040. Section 378 of The Indian
Penal Code, 1860 provides for certain ingredients which are essentials for the
offence of Theft. Section 378 of The Indian Penal Code provides that, whoever,
intending to take dishonestly any moveable property out of the possession of the
any person without that person‟s consent, moves that property in order to such
taking, is said to commit theft.

To constitute the offence of theft it is necessary that the offence must be

committed against the moveable property only. The question what comes over
here is that, whether we can decide the nature of the internet hours to determine
the offence of theft. In Avtar Singh v. State of Punjab41 , it was held by the
Supreme Court that:

“Though electricity is not moveable property within the meaning

of Section 378, IPC and as such its dishonest abstraction cannot be
regarded as theft under Section 378, yet by a legal fiction created
by Section 39 of The Indian Electricity Act, 1910, such act should
be deemed to be an offence of theft and punished under Section
379, IPC, read with Section 39 of The Electricity Act, 1910.”

The same logical analysis can be applied to the theft of internet hours and the
person who charges the accounts on the services for another for the use of
internet under the provision of Section 43 (h) of The Information Technology
Act, 2000 can be subjected to the liability under Section 379 of The Indian
Penal Code, 1860.

40
The Indian Penal Code, 1860, Section 378 provides for the Offence of Theft. The punishment
for the same has been provided in The Indian Penal Code, 1860 (Act XLV of 1860) Section 379.

41
AIR 1965 SC 666

67 | P a g e
In the recent times, the provision under Section 43 (h) is becoming useful
weapon for the prosecution in cases where Debit or Credit Cards are stolen and
the amount is debited on to the account of the owner of the card.

The original provisions under Section 43 of The Information Technology Act,

2000 contained only the sub-clause (a) to (h). The remedy granted in case of
such contraventions was also limited to Rupees Ten Lakh initially and later on it
was exceeded up to Rupees One Crore.

68 | P a g e
2.4 Amendments made in Section 43 of The Information Technology
Act, 2000

The law without amendment slowly but surely becomes a law in abundance. To
live up with the expectation of being an instrument of social change, the law has
to be amended catering to the needs of the society. The Information Technology
Act, 2000 was also amended frequently taking into account the needs of the
society in India and the kind of technological changes which were brought in to
force in a very short span of time in India. Following are some of the
amendments which were brought into force for the effective implementation of
Section 43 of The Information Technology Act, 200042:

I. Addition of the word ‘computer resource’ in Section 43 (a):

Section 43 (a) initially only had the provision relating to unauthorized or illegal
access to computer, computer system or computer network. The words
„Computer resource‟ were added in to Section 43 (a) by virtue of The
Information Technology (Amendment) Act, 2008.

This was an attempt to make wide application to the said provision under the
Act. Earlier, the illegal access or unauthorized access could be committed only
against the computer as a target or against the computer system which may
42
There are many important changes which were brought in the Act by way of The Information
Technology (Amendment) Act, 2008. But the researcher will be researching only on to the
provision of Section 43 of The Information Technology Act, 2000. There were only three major
changes brought in through The Information Technology (Amendment) Act, 2008 in Section 43.
Those are only discussed for the purpose of this sub-chapter.

69 | P a g e
involve the entire set up or computer network, which may be the network
connections or anything which is connected with the computer. With the
addition of the words, „computer resource‟, the data and data base or
information residing within the computer also came within the purview of the
application of Section 43 (a). This amendment in the said Section signifies one
more change in the approach that the illegal or unauthorized access is not only
sought in the device but also in the data or data base or information residing in
the computer.

This was the significant change in the approach to bring in more stringency in
the implementation of Section 43 of The Information Technology Act, 2000.

II. Introduction of Section 43 (i) and (j):

The major contribution of The Information Technology (Amendment) Act,

2008 was the introduction of two more contraventions under Section 43 in the
form of sub-clause (i) and (j). The requirements as to commission of an act
without the permission of the owner or person in charge of computer, computer
system or computer network are also applicable to Section 43 (i) and (j). Both
Section 43 (i) and (j) form part of the same provision and the requirements as to
commission of an act are also similar to the other acts. In short, these two
provisions have been extended the application of Section 43.

(i) Destroying, deleting or altering information residing in the computer

resource:
Section 43 (i) of The Information Technology Act, 2000 provides that if any
person without the permission of the owner or person who is in charge of the
computer, computer system or computer network, destroys, deletes or alters any
information residing in a computer resource or diminishes its value or utility or

70 | P a g e
affects it injuriously by any means, is liable to pay compensation to the person
so affected.

The same words as incorporated in Section 43 (i) were also available in Section
66 of The Information Technology Act, 2000 prior to The Information
Technology (Amendment) Act, 2008 came into force. Before the Amendment
of 2008, Section 66 used to bare the same wording for defining the offence of
Hacking under The Information Technology Act, 2000. Now that same
provision as to „Offence of Hacking‟ has been diluted and new comprehensive
provision has been added under Section 66 and Section 66 A to F of The
Information Technology Act, 2000.

The act of the person connoted under Section 43 (i) shall destroy, delete or alter
the information in such a way that it may cause the diminution of value of the
information residing in such computer resource and it must cause some loss to
the person who is the owner of the computer, computer system or computer
network.

(j) Stealing, concealing or destroying computer source code:

Section 43 (j) was added into the list of contraventions provided under Section
43 of The Information Technology Act, 2000 by an amendment in the year
2008. Section 43 (j) provides that, if any person without the permission of the
owner or person who is in charge of computer, computer system or computer
network, steals, conceals, destroys or alters or causes any person to steal,
destroy or alter any computer source code used for a computer resource with an
intention to cause damage, he shall be liable to pay compensation to person so
affected.
This provision safeguards the person who is owner or person who is in charge
of the computer, computer system or computer network from any act of

71 | P a g e
stealing, concealing, destroying or altering or causing any other person to do the
same, from the loss or damage caused to the computer programme, software or
any piracy or copyright violation in the computer software. The provision under
Section 43 (j) provides the protection for the most important technical attribute
of any functioning of a computer or computer software and that is, computer
source code.

According to Adv. Karnika Seth, a noted information technology expert and

founder partner of Seth Associates:

“Section 43 takes into account civil wrongs but in 2009 new

amendment was made which covers (J) wherein mens rea is
required –steal, conceal of any computer source code. This is not
appropriate to use in civil wrongs and must be amended or
clarified to cover civil wrongs.”43

Computer Source Code has been defined under the same provision under
Explanation (v)44. Explanation (v) defines „Computer Source Code‟ means the
listing of programmes, computer commands, design and layout and programme
analysis of computer resource in any form.

If the computer source code is destroyed, altered, tampered or manipulated, with

their computer, it will not be able to function properly. There will be a technical
challenge as to the running of the computer altogether. It is the basic listing of
the programmes which provides for the user of the computer to function on it. If

43
An online personal interview with Adv. Karnika Seth, Founder partner of Seth Associate and a
cyber expert
44
The Information Technology Act, 2000, Explanation (v), Section 43. The said explanation was
added in the Act by The Information Technology (Amendment) Act, 2008 (Act 10 of 2009,
which came in to effect from Oct. 27, 2009)

72 | P a g e
the computer source code itself is damaged, the computer turns into a useless
box. For example, the normal functions such as copy, edit, and paste are
removed or altered by tampering with the computer resource code, which is
listing of the programme, the computer will not remain to be the computer, and
it will be just a junk box which is not able to understand the commands given by
the user.

III. Amount of Penalty or damages:

The most significant effect of The Information Technology (Amendment) Act,

2000 was on the amount of compensation or penalty to be awarded in case of
contraventions or acts committed under Section 43 (a) to (j). When The
Information Technology Act, 2000 came into force on 17th October, 2000, the
compensation or penalty to be granted under Section 43 of The Information
Technology Act, 2000 was subjected to a cap up to Rupees Ten Lakh. Later, it
was enhanced up to Rupees One Crore in the Amendment in the year 2004. The
Information Technology (Amendment) Act, 2008 removed the cap over the
penalty or compensation to be awarded in case of any contravention under
Section 43 (a) to (j). That means the victim can ask for any amount of
compensation depending on the amount of loss caused to him. This Amendment
in respect of compensation or penalty was a welcome change as the loss caused
to the computer, computer system or computer network may run in crores of
rupees.

73 | P a g e
2.5 Adjudication of Contraventions

I. Power to adjudicate:

Chapter IX of The Information Technology Act, 2000 provides for the

contraventions or acts which are prohibited in Section 43 and the adjudication
of such acts or contraventions is provided under the same chapter under Section
46.

Section 46 (1) provides that for the purpose of adjudging under Chapter IX, any
contravention under this Act, Rules and Regulations there under, the Central
Government shall appoint an Adjudicating Officer. Section 46 (3) provides that,
the officer to be appointed as an Adjudicating Officer shall not be below the
rank of a Director to the Government of India or an equivalent officer of a State
Government to hold the inquiry under Chapter IX in case of any contravention
of any provision of the Act, Rules, Regulation under it. Such an inquiry shall be
conducted by an Adjudicating Officer in the manner which is provided by the
Central Government through the notification in the Official Gazette 45. In Indian
National Congress (I) v. Institute of Social Welfare46, the Supreme Court held
that:

45
Such Notification in the Official Gazette was notified by the Government of India, vide GSR
220(E), dated Mar. 17, 2003.The qualification, experience and the manner of holding inquiry is
provided under The Information Technology Rules, 2003.

46
(2002) 5 SCC 685

74 | P a g e
 “… where law requires that an authority before arriving at a
decision must make an enquiry, such a requirement of law makes
the authority a quasi-judicial authority.”

From the above decision and the provisions under Rule 4 of The Information
Technology Rules, 2003, it can be construed that the Adjudicating Officer is a
quasi-judicial authority. The wording from the provision under Section 46, “for
the purpose of this Chapter” makes it clear that the Adjudicating Officer has the
power to adjudicate the contraventions under Section 43, 43 A, 44 and 45 of the
Act. It is significant to note that, in the light of the provisions under Section 46,
the Adjudicating Officer is the first and exclusive court in adjudication in cases
of matters under Section 43. Civil Court‟s jurisdiction is expressly barred under
The Information Technology Act, 200047.

II. Limitation on Adjudicating Officer:

Even though the Adjudicating Officer is appointed under the provisions of The
Information Technology Act, 2000 having exclusive power to adjudge the
contraventions under Chapter IX of The Information Technology Act, 2000 and
the jurisdiction of the civil court is barred in such cases, there is a limitation on
the pecuniary jurisdiction of the Adjudicating Officer due to the newly inserted
provision of Section 46 (1A)48.

Section 46 (1A) of The Information Technology Act, 2000 provides that, the
Adjudicating Officer appointed under Section 46 (1) shall exercise jurisdiction

47
The Information Technology Act, 2000, Section 61 bars the jurisdiction of the civil court in
cases of contraventions.

48
Inserted by Act 10 of 2009, Section 23(b), with effect from Oct. 27, 2009

75 | P a g e
to adjudicate matters in which the claim of for inquiry or damage does not
exceed Rupees Five Crore. In addition, the proviso to Section 46 (1A) lays
down that, if the claim for inquiry or damage exceeds Rupees Five Crore the
jurisdiction shall vest with the competent court.

This acts as a limitation on the pecuniary jurisdiction of the Adjudicating

Officer. Even thought the competent court is defined under this Act, it could be
presumed to be the court with the pecuniary jurisdiction of Rupees Five Crore
as per the procedural law for the time being in force, which could be The Code
of Civil Procedure, 190849 or as may be provided by the Central Government.

Section 61 of The Information Act, 2000 expressly bars the jurisdiction of the
civil courts in the matters related to Section 43 encompassing contraventions
from clause (a) to (j). The jurisdiction of such matters under Section 43 (a) to (j)
is exclusively conferred up on the Adjudicating Officer under Section 46 of The
Information Technology Act, 2000.

Still, there are few judgments from different High Courts which sometimes
create an ambiguity in the jurisdiction of civil court. For instance, in Shashank
Shekhar Mishra v. Ajay Gupta50, Delhi High Court held that;

“Though Section 43 of the Information Technology Act, 2000

provides for payment of damages by way of compensation in case
of theft of a computer source Code used for a computer resource
with an intention to cause damage, for accessing or securing
access to a computer or computer resource as well as destroying,
deleting or altering any information stored in a computer resource,

49
(5 of 1908)

50
184 (2011) DLT 675

76 | P a g e
 it does not provide for payment of damages for theft of data other
than the computer source Code used for a computer resource.
Hence, the jurisdiction of a Civil Court is not excluded under
Section 61 of the Act.”

In Mr. Abhinav Gupta v. JCB India Ltd. and others51, Delhi High Court
held that;
Issue: The important issue in the present case was that of power of
adjudication of Adjudicating Officer under Section 46 of The Information
Technology Act, 2000 and also the conflict of jurisdiction between
Adjudicating officer and civil court.

Reasoning: Under Section 46 (1A) of The Information Technology Act,

2000, the pecuniary jurisdiction of Adjudicating Officer is restricted up to
Rupees Five Crores. Any matter under Section 43 with the compensation
demanded by the victim if, it is beyond Rupees Five Crores, the
jurisdiction of the Adjudicating Officer is restricted and the competent
civil court is given the jurisdiction. But, under Section 61 of The
Information Technology Act, 2000 the jurisdiction of the civil court is
expressly barred. This creates a conflict between two sections, that is,
Section 46 and Section 61, one granting the jurisdiction and the other
revoking the jurisdiction of the Civil Court.

Analysis: In any legislation, the jurisdiction of the courts is a clear

mandate. It is very final and conclusive provision in the law. Conflict in
jurisdiction is the last thing which anyone can anticipate in any law. It is
the biggest challenge and limitation under The Information Technology
Act, 2000.

51
210 (119) DRJ 397

77 | P a g e
Conclusion: The major limitation of The Information Technology Act,
2000 is because of the conflict between Section 46 and Section 61. One
grants the jurisdiction and the other revoking the jurisdiction of the civil
court. The conflict arose so many questions and confusion for the litigants,
lawyers as well as judges. The need is to clarify the issue relating to
jurisdiction and there shall be an amendment made in the law to remove
the ambiguity and confusion in those two provisions. That is the reason,
the court had explained the very nature of the provision and jurisdiction of
the Adjudicating Officer and civil courts.

“Section 43 enacts the penalty which can be recovered as

compensation for the damage caused by anyone to a computer
resource, etc, exhaustively defined by that provision.
Section 46 deals with the powers, functions and qualifications of
an adjudicating officer. Section 61 excludes jurisdiction of the civil
court; Section 66 defines hacking. Taken together, these outline a
species of unlawful behavior which can be swiftly adjudicated and
dealt with. Section 43 also sets an outer limit for the amount of
compensation which an adjudicating officer can award.”

78 | P a g e
2.6 Summary:

The Information Technology Act, 2000 is an outcome of the initiative which

Indian Parliament took to create the regulatory framework on the basis of the
UNCITRAL Model Law on E-Commerce which was adopted by resolution by
the General Assembly of the United Nations. Instead of simply laying down the
same principles created by the UNICITRAL on E-Commerce, the developing
countries like India used it as an opportunity to legislate on the varied subject
matter of the information technology.

Apart from the provisions relating to the e-commerce, the socio-economic and
legal requirements and conditions were also looked into by the legislature. They
included a Chapter IX in The Information Technology Act, 2000 prohibiting
certain acts as contraventions and provided for the remedy to the victim in the
form of compensation. These acts were provided under Section 43. Some
addition was done through some amendments in the legislation which facilitated
the stringent law.

A separate quasi judicial authority was also provided for in the form of
Adjudicating Officer. Section 46 and the rules under The Information
Technology Act, 2000 provides for the qualification, experience and pecuniary
jurisdiction for Adjudicating Officer.

The scope of the acts mentioned under Section 43 (a) to (j) is wide but there
certain limitations within it, which could be avoided with some modifications in
the legislations.

79 | P a g e
In the present chapter, the researcher has discussed the nature and scope of
Section 43 of The Information Technology Act, 2000. In the next chapter, the
research will deal with the techno-legal challenges for the implementation of the
Section 43. The next chapter will deal with certain technological advancements
which have posed many challenges to the existing legal framework under
Section 43 of The Information Technology Act, 2000.

80 | P a g e