Professional Documents
Culture Documents
In the last chapter, the reasons for the study were established and it resulted into
further narrowing down to making the research questions out of research aims
and objectives.
The present chapter deals with the scope of Section 43 of The Information
Technology Act, 2000. The present chapter provides an analysis and
establishing the nature of the Section 43 of The Information Technology Act,
2000. This chapter is the foundation of the entire research as the entire research
after this chapter the researcher has tried to study the limitations and techno-
legal challenges of Section 43 of The Information Technology Act, 2000.
2.1 Introduction
1
Resolution A/RES/51/162 of Jan. 30, 1997.
2
Resolution 2205 (XXI) of Dec. 17, 1966.
43 | P a g e
The aim of UNCITRAL is to further the progressive harmonization and
unification of the law of International Trade and in that respect to bear in mind
the interests of all people in particular to those of developing countries in the
extensive development of international trade 3 by adopting Model Law of
different genre. The Information Technology Act, 2000 is based on the
UNCITRAL Model Law on E-commerce which is to give legal recognition to
electronic records, promote e-commerce 4 and e-governance 5 , treat electronic
records at par with paper based documents and regulate cyber crimes.
The UNCITRAL Model Law provided for the foundation for most of the
information technology legislations in different countries. But the Model Law
only provides for 17 Articles to address the issues relating to electronic
commerce. It is a special set of principles to be applied by the member countries
in case of international trade with the use of information technology. The Model
Law is just a guideline for the countries to evolve a law according the standards
of technology being used in each single country.
The entire idea of providing a Model Law was only to bring e-contracts6 on one
standard footing for all the countries. Even after having different levels of
3
See, RESOLUTION, Supra Note 1
4
Henceforth for all the expressions the word „e-commerce‟ would mean electronic commerce.
5
Henceforth for all the expressions the word „e-governance‟ would mean electronic governance.
6
Henceforth for all the expressions the word „e-contract‟ would mean electronic contract.
44 | P a g e
technology in different countries, there was a need for some commonality of
principles in the area of electronic commerce which was satisfied with the
application of the UNCITRAL Model Law in the domestic sphere of the
legislations in the developing countries like India.
The Model Law was just a specimen created for the member countries who
were members of UNCITRAL and the countries were expected to draft
legislation based on the Model Law specifically for the purpose of regulating E-
commerce. This provided an opportunity for developing countries like India to
come up with the first-ever legislation in the domestic sphere on the subject
matter of information technology.
While drafting the legislation based on the UNICITRAL Model Law, the care
was taken by the legislature that, it must not only address the regulation on e-
commerce as per the expectations of the UNICITRAL Model Law but also
include the provisions relating to other facets of information technology, such as
Digital Signatures, Certifying Authorities, adjudicating authorities to address
the technical, legal and procedural issues, liability of internet service providers
(ISP), contraventions which enforce civil liability and separate provisions for
the punishment for cyber crimes.
The very nature of The Information Technology Act, 2000 is prescribing civil
law with provisions applicable to e-commerce and in turn digital signatures and
civil liability in relation to certain acts prescribed under Section 43. At the same
time, The Information Technology Act, 2000 also prescribes computer related
offences under Section 65 to 747 which make the nature of the law as a mixed
blend of civil and criminal liability in terms of misuse of computers.
7
The Information Technology Act, 2000, Chapter XI
45 | P a g e
The provision prescribing civil liability under Section 43 is a unique provision
and has been subjected to various controversies, judicial and legislative scrutiny
and amendments. There are few stringent implications which hint towards the
tough and strong regulations to combat the evil of computer related prohibited
acts under Section 43 of The Information Technology Act, 2000. But it also
carries certain inherent drawbacks and limitations of this particular provision in
terms of applicability, jurisdiction and other procedural aspects. For the purpose
of understanding the limitations of the said provision, the scope of Section 43
has to be studied minutely right from the origin of The Information Technology
Act, 2000.
46 | P a g e
2.2 Scope of Section 43 of The Information Technology Act, 2000
The Information Technology Act, 2000 was passed with the object of
incorporating the regulation on the E-commerce into our legal system on the
basis of the UNCITRAL Model Law. When Model Law was adopted, the effort
was made by the legislature to address certain other issues relating to use of
information technology. Apart from the principles relating to E-commerce
adopted from UNCTRAL Model Law, the issues relating to Digital or
Electronic Signature8 and Regulation of Certifying Authorities9 were also added
in The Information Technology Act, 2000. Apart from the techno-legal aspects
relating to the E-commerce, there was another dimension to the use of
technology taking into consideration socio-economic structure of the country.
The menace of cyber crimes was at the doorstep of every information
technology user in India around the same time when The Information
Technology Act, 2000 was passed. The legislature included separate chapters10
in The Information Technology Act, 2000 for the Penalties and Adjudication11
and offences12.
8
The Information Technology Act, 2000, Chapter II and Chapter V
9
The Information Technology Act, 2000, Chapter VI
10
The Information Technology Act, 2000, respectively Chapter IX and Chapter XI
11
In the original Act of 2000 prior to The Information Technology (Amendment) Act, 2008 (No.
10 of 2009) which came into force with effect from Oct. 27, 2009
12
The Information Technology Act, 2000, Chapter XI
47 | P a g e
The Chapter IX13 which provided for the Penalties and Adjudication included
the set of five sections from Section 43 to 47 in The Information Technology
Act, 2000. The major emphasis under this chapter was on the certain set of
prohibited acts which are not as serious as cyber crimes but are of such a nature
that might cause damages to an individual. Securing unauthorized or illegal
access, downloading, copying, extracting data or information, introducing
computer virus or computer contaminant, damage or causing damage, disruption
or causing disruption, denial of access to a person authorised, assisting someone
else to commit any contravention, theft of internet hours, destroying, deleting or
altering any information in the computer and stealing, concealing, destroying or
altering the information residing in the computer are some of the acts which are
made contraventions under Section 43 of The Information Technology Act,
2000.
Such acts were prohibited under Section 43 and the remedy provided to the
victim is in the form of compensation. Before The Information Technology
(Amendment) Act, 2008, the compensation under Section 43 was up to Rupees
Ten Lakh and later on was increased up to Rupees One Crore. After The
Information Technology (Amendment) Act, 2008, this limit as to grant of
compensation is removed 14 and now, there is no limit as to maximum
compensation that a victim can get as a remedy in the form of compensation
under Section 43.
Section 43 of The Information Technology Act, 2000 provides for certain set of
acts; if committed by any person without the permission of the owner or person
13
The Heading of Chapter IX was amended and was substituted with “Penalties, Compensation
and Adjudication”.
14
By The Information Technology (Amendment) Act, 2008 (No. 10 of 2009), Section 21 (d),
which came into force with effect from Oct. 27, 2009
48 | P a g e
in charge of a computer15, computer system16 or computer network17 commits
any of the acts provided under the sub-sections (a) to (j) of Section 43, the
person is liable to pay damages by way of compensation to person affected.
Section 43 provides for the remedy in the form of compensation to the victim.
But that is not the only remedy under The Information Technology Act, 2000
for the victim. According to Section 6618 of The Information Technology Act,
2000;
Section 66 has provided another form of remedy for the victims of the acts
committed against them under Section 43. The major difference between
Section 43 and Section 66 is that;
15
The Information Technology Act, 2000, Section 2 (i)
16
The Information Technology Act, 2000, Section 2 (l)
17
The Information Technology Act, 2000, Section 2 (j), which was substituted by The
Information Technology (Amendment) Act, 2008 (No. 10 of 2009) which came into force with
effect from Oct. 27, 2009
18
The Information Technology (Amendment) Act, 2008 (No. 10 of 2009), Section 32 which
came into force with effect from Oct. 27, 2009
49 | P a g e
person under Section 43 is without the permission of the owner or person who is
in charge of the computer, computer system, computer network.
ii) Section 43 provides for the remedy for the victim in the form of damages to be
paid to the person affected by way of compensation by the person committing
any contravention under Section 43 (a) to (j). Whereas, Section 66 provides for
the sanction on the person committing the act
iii) Under Section 43 with dishonest and fraudulent intention with the punishment
for the imprisonment which may extend to three years or with fine which may
extend to five lakh rupees.
The most important facet about these two provisions of The Information
Technology Act, 2000 is that, no single provision of The Information
Technology Act, 2000 provides for the alternative application of Section 43 and
66. That means simultaneous actions under Section 43 and 66 under The
Information Technology Act, 2000 can be initiated by the victim against the
person who commits any contravention under Section 43 of The Information
Technology Act, 2000.
19
The Information Technology Act, 2000, Section 46
20
The Information Technology Act, 2000, Section 61
50 | P a g e
to try the contraventions under Chapter IX related to Penalties, Adjudication
and Compensation. Whereas, there is no special court created for the offences
prescribed under Chapter XI consisting of Section 65 to 74 related to offences.
The regular criminal courts have the jurisdiction depending upon their
respective power to adjudicate, depending upon the quantum of the punishment
which is prescribed in the Code for Criminal Procedure, 197321.
21
(2 of 1974)
22
(No. 10 of 2009) which came into force with effect from Oct. 27, 2009
51 | P a g e
2.3 Original provision of Section 43 of The Information Technology Act,
2000
Right from the inception of The Information Technology Act, 2000, there was a
provision under Section 43 providing for the contraventions which in term
provided for the remedy in the form of compensation to the victim. Following is
the provision which was in operation prior to The Information Technology
(Amendment) Act, 2008.
Chapter IX
Penalties and Adjudication
Section 4323: Penalty for damage to computer, computer system, etc.
If any person without permission of the owner or any other person who is in
charge of a computer, computer system or computer network,-
52 | P a g e
e) disrupts or causes disruption of any computer, computer system or computer
network;
f) denies or causes the denial of access to any person authorised to access any
computer, computer system or computer network by any means;
g) provides any assistance to any person to facilitate access to a computer,
computer system or computer network in contravention of the provisions of this
Act, rules or regulations made there under;
h) charges the services availed of by a person to the account of another person by
tampering with or manipulating any computer, computer system or computer
network,
For the purpose of the understanding certain terms quoted in the Section, the
legislature has added the explanation to the said section. They have defined the
terms “computer contaminant”, “computer database”, “computer virus” and
“damage”.
The Information Technology (Amendment) Act, 2008 did not change the sub-
clauses (a) to (h) in Section 43. By virtue of the Amendment in the year 2008,
few more sub-sections were added under Section 4325.
24
This provision is changed to award compensation up to any extent after The Information
Technology (Amendment) Act, 2008.
25
Sub-clause (i) and (j) were added in the Section 43, which are discussed in the next sub-topic.
53 | P a g e
Section 43, right at the outset provides for the pre-requisites to enforce the
liability under this Section. The two requirements which are discussed in the
beginning of the Section 43 are:
I. The acts committed under this Section must have been committed
without the permission of the owner or any person who is in charge of a
computer, computer system or computer network.
II. There must be some kind of damage caused to the person affected by
such acts.
Section 43 requires that, the act of default must have been committed without
the permission of the person who is an owner or a person in charge of the
computer, computer system or computer network. Secondly, the act of the
defendant must have caused some damage or loss to the person so affected.
a) Illegal Access
54 | P a g e
Section 43 (a) provides for the very basic kind of an act which is prohibited
under The Information Technology Act, 2000. If any person accesses or secures
access to any computer, computer system, computer network or computer
resource26 without the permission of the owner or person in charge of such a
computer, computer system or computer network, he is liable under this
Section.
In general sense, word „access‟ means seeking entry into something. The
Information Technology Act, 2000 defines „access‟27 as:
The combined effect of Section 43 (a) and Section 2 (a) is that, if any person
gains an access into the computer, computer system or computer network
without the permission of the owner or person in charge, he is liable. The
definition of access includes access to any part of the computer. It involves the
entry into logical, arithmetic or memory function of the computer. These
sections provide a blanket protection against any illegal or unauthorised access
not only to computer, computer system or computer network but also to an
unauthorised or illegal access as to logical, arithmetic or memory function in
any resources of a computer, computer system or computer network. That
means, if a person access the program files stored in a “C Drive” of a computer
or laptop without accessing the actual data file created by the owner which is
saved in “E Drive”, still the person accessing the computer without the
permission is liable.
26
Inserted by Act 10 of 2009, Section 21 (b)
27
Section 2(a)
55 | P a g e
The essence of Section 43 (a) is gaining an entry into any part of the computer
either physically or virtually without the permission of the owner or the person
in charge of the computer, computer system or computer network. The term
„access‟ covers both physical and/or virtual access to a computer, computer
system or computer network28. The contravention under Section 43 (a) is a very
basic contravention but is the one which is the most commonly committed in
most of the cases of cyber crimes.
To put it in more accurate terms, it is the initiation of all other serious cyber
crimes or offences. The example can be cited in relation to Debit or Credit Card
thefts. When any person accesses the Debit or Credit Card of another it falls
within the meaning of illegal or unauthorised access. The theft may be proved at
the next level, but initially, the person who secures access can be charged with
unauthorised or illegal access.
When any person accesses or opens any file or data the downloading begins.
The term downloading is not defined anywhere under The Information
Technology Act, 2000. But technically, it means the access to the content of the
28
VAKUL SHARMA, INFORMATION TECHNOLOGY LAW AND PRACTICE, 117 (3 rd Ed.,
2014)(2011)
56 | P a g e
data or information. It is the actual interface of the person to the information or
data stored in the memory of the computer, computer system or computer
network. For example, if A opens a MS word document stored in the computer
of B without his permission, he has downloaded the document without the
permission of B.
The subsequent act mentioned in the section is of copying. Copying signifies the
act of duplication of data or information. It is creating another copy of a
document without hampering the original file or a document. Copying is serious
than downloading. Downloading merely is an act of procuring an access or
opening a document whereas, copying involves an act of duplication of any data
or information stored in a computer.
Next in line with seriousness is an act of extracting. It is the serious most act
than that of downloading and copying. Where copying involves only the act of
duplicating or multiplying the copies of the data or information, extracting
involves cutting the original source of the data and information and creating
another source for the same information or data. The act of extracting involves
the act which is popularly known as „cut-paste‟. In extracting, the original file is
cut and is saved somewhere else. Extracting changes the source or path of the
file. Comparing all the three acts that of downloading, copying and extracting;
the severity increases with each single act. That is to say, downloading is the
least serious act out of the three. Copying is serious than downloading and
extracting is serious most out of the three in terms of causing damage.
Extracting also involves retrieving a file from a remote computer, computer
system or computer network and then selectively extract part of the digital
content29.
29
VAKUL SHARMA, Supra note 28 at 118
57 | P a g e
The essence of the act prohibited under Section 43 (b) lies in the unauthorised
duplication of any data or information without the permission of the owner or
the person in charge of the computer, computer system or computer network.
The unauthorized duplication is definitely relates to copyright violation. Section
43 (b) can be read with the Chapter XII and XIII of The Indian Copyright Act,
1957. Section 77 of The Information Technology Act, 2000 provides that no
compensation awarded penalty imposed or confiscation made under The
Information Technology Act, 2000 shall prevent the award of compensation or
imposition of any other penalty or punishment under any other law for the time
being in force.
Computer viruses are common to the entire digital world. It causes big
hindrance in the normal functioning of the computer. It is basically a set of
instructions which creates obstacles in the normal functioning of the computer.
There are many types of commands or set of instructions which may create
obstacles in the way the computer works. It could be in the form of worms,
Trojans or logic bombs. In the recent past, technicians have also started calling
30
An online personal interview was conducted with Adv. Prashant Mali, a cyber expert from
Mumbai on 24th September, 2015.
58 | P a g e
it bugs. It became highly difficult for the legislatures around the world to
include all the types of viruses in to the prohibited acts as the time they make
one inclusion in the law; there is another type of virus in existence.
Instead of making a segregation of all the types of the viruses, the Indian
legislature has included one generic term for all of them and that is „computer
contaminant‟. Under Section 43 (c) of The Information Technology Act, 2000,
introducing or causing to introduce computer contaminant or computer virus
without the permission of the owner or person in charge of the computer,
computer system or computer network is treated as a contravention.
Section 43 also has an explanation added to it, which defines certain technical
terms used in the same provision. For example, computer contaminant,
computer database, computer virus, damage and computer source code have
been defined in the explanation to Section 43.
Computer contaminant is defined31 as, any set of computer instructions that are
designed-
59 | P a g e
The definition of „computer contaminant‟ shows the effect of the introduction of
the contaminant. It may cause destruction of data or information stored in the
computer. It may modify or alter the information in the computer in such a way
that it may be of no use to the owner of the computer. It may create such an
instruction that the computer starts sharing the data or information with the
internet connected devices, remote devices, LAN32, WAN33 connected devices
and Wi-Fi34 connected devices without any authorization of the owner of the
computer, computer system or computer network.
A virus attack is the most common attack on the functioning of the computer. It
is an attack on the logical functioning of the computer. It is a set of instructions
or programme which destroys, alters or modifies the data or information
32
LAN stands for Local Area Network which is connected paths to the computer in a specified
territory.
33
WAN means Wide Area Network. In WAN, the computer is connected to the distinctly
located server.
34
Wi-Fi is the modern device which operates without any wired connection to the device. It is
wireless connection to the computer, computer system or any device.
35
The Information Technology Act, 2000, Explanation (iii) of Section 43
60 | P a g e
residing in the computer. It adversely affects the logical, arithmetic or memory
function of the computer. Virus may initiate certain instructions to the
programme files of the computer which may involve the unauthorised sharing of
the data or information to another computer or computer network. The effect of
the virus causes damage to the data or information or even to the normal
functioning of the computer.
The Information Technology Act, 2000 under Section 43 (d) provides the most
generic provision which can be imposed in the cases of the damage caused to
the computer, computer system or computer network as well as the data,
database, any programme or information in the computer.
The Explanation (iv)36 defines the word „damage‟ as means to destroy, alter,
delete, add, modify or rearrange any computer resource by any means. It
includes damage to both hardware and/or software either done physically or
through virtual medium37.
36
The Information Technology Act, 2000, Section 43
37
VAKUL SHARMA, Supra note 28 at 120
61 | P a g e
Any virtual or physical damage caused to the computer or any data or
information residing in the computer is covered under the same provision. The
contravention covered under Section 43 (d) is loosely drafted to make it
applicable in any given situation where the computer is targeted by any means.
Any damage caused to the hardware or software is also covered under the same
provision.
This provision can be read together with any other provision of The Information
Technology Act, 2000 where there is any penalty imposed for any kind of
damage caused to the computer, computer system or computer network.
One more important facet of the provision under Section 43 (d) is that, it does
not only provides for contravention in case of successful damage caused to the
computer, computer system, computer network, data, database or programme
residing in such a computer, but also an attempt to cause damage is provided as
a contravention.
e) Disruption
The provision under Section 43 (e) is again a very generic provision like that of
the earlier provision under Section 43 (d). Disruption is any act which creates
any small kind of hurdle in the normal operations of the computer, computer
system or computer network. It may involve any amount of an act which causes
any hindrance in the usage of the computer, computer system or computer
network.
Sometimes the acts are committed which may cause disruption to the hardware,
for example, causing physical damage to the device or even the LAN or any
wired device. The purpose of the provision under Section 43 (e) is to provide
62 | P a g e
protection against those acts which may not necessary sound to be very serious
crimes or offences against the computer, computer system or computer network
but it is to provide protection against the damage caused to the computer,
computer system or computer system in physical form. These are the acts which
sometimes are comparatively less serious acts but do cause hindrance in the
normal functioning of the computer.
Like, the earlier provision relating to damage, even under Section 43 (e) any
attempt to disrupt the computer, computer system or computer network can also
be a contravention. Disruption may lead to malfunctioning of a computer,
computer, computer system or computer network, thereby affecting its expected
normal (programmed)/standard performance38.
f) Denial of access:
The denial of access can be physical access to the device, where the deliberate
attempt is made on the part of the accused to conceal the device physically or
causing damage to the device in such a way that, the person is not in position to
access the computer, computer system or computer network. The virtual denial
of an access is also covered under the same provision. When any person who is
authorized to have an access to the computer, computer system or computer
network is not allowed to have an access to same, that can also attract the
38
Id.
63 | P a g e
provision under Section 43 (f). The denial of access to the computer, computer
system or computer network can be committed by changing the password of the
computer without the permission of the authorized owner or person in charge or
even putting the passwords to the computer itself or any computer resource
without the permission of the person authorized.
The denials of access attacks on the website are also common these days. These
attacks are also committed by the terrorist organizations. The websites and
servers of the government establishments are the frequent victims of the denial
of access attacks. The person who is legally authorized to have an access is
denied the access to the computer, computer system or computer network or
even the computer resource by either changing and putting the passwords on the
existing files in the computer or it is the physical intervention to detach the
authorized user of the computer, computer system or computer network to deny
the access to the same. Like Section 43 (d) and (e) attempt to deny access is also
a contravention under Section 43 (f) of The Information Technology Act, 2000.
The Information Technology Act, 2000 does not only provide for the
contraventions under Section 43 but also provides for the liability in case the
assistance is provided in committing any contravention. The provision under
Section 43 (g) gives a wide area of application as assistance in case of any
contravention of the provisions of The Information Technology Act, 2000 or
Rules or Regulations made under The Information Technology Act, 2000 is also
provided.
The provision shows the intent of the legislature to provide for liability on the
person who is assisting any other person in committing contravention of any of
64 | P a g e
the provisions under The Information Technology Act, 2000, Rules and
Regulations made there under.
As per Section 43 (h) of The Information Technology Act, 2000 if any person
without the permission of the owner or person in charge of the computer,
computer system or computer network charges the services availed of by a
person to the account of another person by tampering with or manipulating any
computer, computer system or computer network is liable to pay damages in the
form of compensation to the victim.
There are three major components for the said contravention under Section 43
(h), which are as follows:
39
VAKUL SHARMA, Supra note 28 at 122
65 | P a g e
II. Charging the services availed to another account of another person
III. By tampering or manipulating with the computer, computer system or computer
network
The internet service providers are also foxed sometimes where the user enters
into the system or servers and uses the services provided by the internet service
provider and then manipulates the records or entries in the system in such a way
that the person manipulating the entries shall be not charged but some other
person who has actually not used the services is charged for the usage of
another person. If such an act is committed by any person in case of the internet
services and the other person is charged for the usage of the internet hours by
way of tampering or manipulating the computer, computer system or computer
network, it may be called as theft of the internet hours. The Information
Technology does not create any nomenclature such as „theft of internet hour‟
per se, but there is a legal fiction which is created due to the application of the
similar provisions which are related to different subject matters.
66 | P a g e
against property in The Indian Penal Code, 186040. Section 378 of The Indian
Penal Code, 1860 provides for certain ingredients which are essentials for the
offence of Theft. Section 378 of The Indian Penal Code provides that, whoever,
intending to take dishonestly any moveable property out of the possession of the
any person without that person‟s consent, moves that property in order to such
taking, is said to commit theft.
The same logical analysis can be applied to the theft of internet hours and the
person who charges the accounts on the services for another for the use of
internet under the provision of Section 43 (h) of The Information Technology
Act, 2000 can be subjected to the liability under Section 379 of The Indian
Penal Code, 1860.
40
The Indian Penal Code, 1860, Section 378 provides for the Offence of Theft. The punishment
for the same has been provided in The Indian Penal Code, 1860 (Act XLV of 1860) Section 379.
41
AIR 1965 SC 666
67 | P a g e
In the recent times, the provision under Section 43 (h) is becoming useful
weapon for the prosecution in cases where Debit or Credit Cards are stolen and
the amount is debited on to the account of the owner of the card.
68 | P a g e
2.4 Amendments made in Section 43 of The Information Technology
Act, 2000
The law without amendment slowly but surely becomes a law in abundance. To
live up with the expectation of being an instrument of social change, the law has
to be amended catering to the needs of the society. The Information Technology
Act, 2000 was also amended frequently taking into account the needs of the
society in India and the kind of technological changes which were brought in to
force in a very short span of time in India. Following are some of the
amendments which were brought into force for the effective implementation of
Section 43 of The Information Technology Act, 200042:
Section 43 (a) initially only had the provision relating to unauthorized or illegal
access to computer, computer system or computer network. The words
„Computer resource‟ were added in to Section 43 (a) by virtue of The
Information Technology (Amendment) Act, 2008.
This was an attempt to make wide application to the said provision under the
Act. Earlier, the illegal access or unauthorized access could be committed only
against the computer as a target or against the computer system which may
42
There are many important changes which were brought in the Act by way of The Information
Technology (Amendment) Act, 2008. But the researcher will be researching only on to the
provision of Section 43 of The Information Technology Act, 2000. There were only three major
changes brought in through The Information Technology (Amendment) Act, 2008 in Section 43.
Those are only discussed for the purpose of this sub-chapter.
69 | P a g e
involve the entire set up or computer network, which may be the network
connections or anything which is connected with the computer. With the
addition of the words, „computer resource‟, the data and data base or
information residing within the computer also came within the purview of the
application of Section 43 (a). This amendment in the said Section signifies one
more change in the approach that the illegal or unauthorized access is not only
sought in the device but also in the data or data base or information residing in
the computer.
This was the significant change in the approach to bring in more stringency in
the implementation of Section 43 of The Information Technology Act, 2000.
70 | P a g e
affects it injuriously by any means, is liable to pay compensation to the person
so affected.
The same words as incorporated in Section 43 (i) were also available in Section
66 of The Information Technology Act, 2000 prior to The Information
Technology (Amendment) Act, 2008 came into force. Before the Amendment
of 2008, Section 66 used to bare the same wording for defining the offence of
Hacking under The Information Technology Act, 2000. Now that same
provision as to „Offence of Hacking‟ has been diluted and new comprehensive
provision has been added under Section 66 and Section 66 A to F of The
Information Technology Act, 2000.
The act of the person connoted under Section 43 (i) shall destroy, delete or alter
the information in such a way that it may cause the diminution of value of the
information residing in such computer resource and it must cause some loss to
the person who is the owner of the computer, computer system or computer
network.
Section 43 (j) was added into the list of contraventions provided under Section
43 of The Information Technology Act, 2000 by an amendment in the year
2008. Section 43 (j) provides that, if any person without the permission of the
owner or person who is in charge of computer, computer system or computer
network, steals, conceals, destroys or alters or causes any person to steal,
destroy or alter any computer source code used for a computer resource with an
intention to cause damage, he shall be liable to pay compensation to person so
affected.
This provision safeguards the person who is owner or person who is in charge
of the computer, computer system or computer network from any act of
71 | P a g e
stealing, concealing, destroying or altering or causing any other person to do the
same, from the loss or damage caused to the computer programme, software or
any piracy or copyright violation in the computer software. The provision under
Section 43 (j) provides the protection for the most important technical attribute
of any functioning of a computer or computer software and that is, computer
source code.
Computer Source Code has been defined under the same provision under
Explanation (v)44. Explanation (v) defines „Computer Source Code‟ means the
listing of programmes, computer commands, design and layout and programme
analysis of computer resource in any form.
43
An online personal interview with Adv. Karnika Seth, Founder partner of Seth Associate and a
cyber expert
44
The Information Technology Act, 2000, Explanation (v), Section 43. The said explanation was
added in the Act by The Information Technology (Amendment) Act, 2008 (Act 10 of 2009,
which came in to effect from Oct. 27, 2009)
72 | P a g e
the computer source code itself is damaged, the computer turns into a useless
box. For example, the normal functions such as copy, edit, and paste are
removed or altered by tampering with the computer resource code, which is
listing of the programme, the computer will not remain to be the computer, and
it will be just a junk box which is not able to understand the commands given by
the user.
73 | P a g e
2.5 Adjudication of Contraventions
I. Power to adjudicate:
Section 46 (1) provides that for the purpose of adjudging under Chapter IX, any
contravention under this Act, Rules and Regulations there under, the Central
Government shall appoint an Adjudicating Officer. Section 46 (3) provides that,
the officer to be appointed as an Adjudicating Officer shall not be below the
rank of a Director to the Government of India or an equivalent officer of a State
Government to hold the inquiry under Chapter IX in case of any contravention
of any provision of the Act, Rules, Regulation under it. Such an inquiry shall be
conducted by an Adjudicating Officer in the manner which is provided by the
Central Government through the notification in the Official Gazette 45. In Indian
National Congress (I) v. Institute of Social Welfare46, the Supreme Court held
that:
45
Such Notification in the Official Gazette was notified by the Government of India, vide GSR
220(E), dated Mar. 17, 2003.The qualification, experience and the manner of holding inquiry is
provided under The Information Technology Rules, 2003.
46
(2002) 5 SCC 685
74 | P a g e
“… where law requires that an authority before arriving at a
decision must make an enquiry, such a requirement of law makes
the authority a quasi-judicial authority.”
From the above decision and the provisions under Rule 4 of The Information
Technology Rules, 2003, it can be construed that the Adjudicating Officer is a
quasi-judicial authority. The wording from the provision under Section 46, “for
the purpose of this Chapter” makes it clear that the Adjudicating Officer has the
power to adjudicate the contraventions under Section 43, 43 A, 44 and 45 of the
Act. It is significant to note that, in the light of the provisions under Section 46,
the Adjudicating Officer is the first and exclusive court in adjudication in cases
of matters under Section 43. Civil Court‟s jurisdiction is expressly barred under
The Information Technology Act, 200047.
Even though the Adjudicating Officer is appointed under the provisions of The
Information Technology Act, 2000 having exclusive power to adjudge the
contraventions under Chapter IX of The Information Technology Act, 2000 and
the jurisdiction of the civil court is barred in such cases, there is a limitation on
the pecuniary jurisdiction of the Adjudicating Officer due to the newly inserted
provision of Section 46 (1A)48.
Section 46 (1A) of The Information Technology Act, 2000 provides that, the
Adjudicating Officer appointed under Section 46 (1) shall exercise jurisdiction
47
The Information Technology Act, 2000, Section 61 bars the jurisdiction of the civil court in
cases of contraventions.
48
Inserted by Act 10 of 2009, Section 23(b), with effect from Oct. 27, 2009
75 | P a g e
to adjudicate matters in which the claim of for inquiry or damage does not
exceed Rupees Five Crore. In addition, the proviso to Section 46 (1A) lays
down that, if the claim for inquiry or damage exceeds Rupees Five Crore the
jurisdiction shall vest with the competent court.
Section 61 of The Information Act, 2000 expressly bars the jurisdiction of the
civil courts in the matters related to Section 43 encompassing contraventions
from clause (a) to (j). The jurisdiction of such matters under Section 43 (a) to (j)
is exclusively conferred up on the Adjudicating Officer under Section 46 of The
Information Technology Act, 2000.
Still, there are few judgments from different High Courts which sometimes
create an ambiguity in the jurisdiction of civil court. For instance, in Shashank
Shekhar Mishra v. Ajay Gupta50, Delhi High Court held that;
49
(5 of 1908)
50
184 (2011) DLT 675
76 | P a g e
it does not provide for payment of damages for theft of data other
than the computer source Code used for a computer resource.
Hence, the jurisdiction of a Civil Court is not excluded under
Section 61 of the Act.”
In Mr. Abhinav Gupta v. JCB India Ltd. and others51, Delhi High Court
held that;
Issue: The important issue in the present case was that of power of
adjudication of Adjudicating Officer under Section 46 of The Information
Technology Act, 2000 and also the conflict of jurisdiction between
Adjudicating officer and civil court.
51
210 (119) DRJ 397
77 | P a g e
Conclusion: The major limitation of The Information Technology Act,
2000 is because of the conflict between Section 46 and Section 61. One
grants the jurisdiction and the other revoking the jurisdiction of the civil
court. The conflict arose so many questions and confusion for the litigants,
lawyers as well as judges. The need is to clarify the issue relating to
jurisdiction and there shall be an amendment made in the law to remove
the ambiguity and confusion in those two provisions. That is the reason,
the court had explained the very nature of the provision and jurisdiction of
the Adjudicating Officer and civil courts.
78 | P a g e
2.6 Summary:
Apart from the provisions relating to the e-commerce, the socio-economic and
legal requirements and conditions were also looked into by the legislature. They
included a Chapter IX in The Information Technology Act, 2000 prohibiting
certain acts as contraventions and provided for the remedy to the victim in the
form of compensation. These acts were provided under Section 43. Some
addition was done through some amendments in the legislation which facilitated
the stringent law.
A separate quasi judicial authority was also provided for in the form of
Adjudicating Officer. Section 46 and the rules under The Information
Technology Act, 2000 provides for the qualification, experience and pecuniary
jurisdiction for Adjudicating Officer.
The scope of the acts mentioned under Section 43 (a) to (j) is wide but there
certain limitations within it, which could be avoided with some modifications in
the legislations.
79 | P a g e
In the present chapter, the researcher has discussed the nature and scope of
Section 43 of The Information Technology Act, 2000. In the next chapter, the
research will deal with the techno-legal challenges for the implementation of the
Section 43. The next chapter will deal with certain technological advancements
which have posed many challenges to the existing legal framework under
Section 43 of The Information Technology Act, 2000.
80 | P a g e