CHAPTER

Introduction to Information
Technology and Cyber
Laws

SYNOPSIS
Information Technology and Cyber Evolution of Cyber Law...
Space. ***°*°°°******°******°***** Early Cyber Laws: The Computer
Concept of Information Technology.. Misuse Act, 1990 of Great
Concept of Cyber Space.. Britain.International
Uniform
*ussane**************************
Standards for
The Proliferation of IT and the Need for
Regulation of Cyber Space. Cyber Law: UNCITRAL Model Law
on Electronic Commerce, 1996.. **** 7
Cyber Crimes. * * * * * * *

India's First Cyber Law: The

Cyber Laws . * * * *

9
Limitations of Traditional Law and Information Technology Act, 2000...
* 12
Need for a Separate Law for Cyber Other International Cyber Laws.
***°°*********°*°*°******°°°*°° 3
Crime..... saasamas sungsa*ancaa naer*****aaana
. .

CYBER SPACE
INFORMATION TECHNOLOGY AND

Technology
Concept of Information their hardware, software
and
to computer systems, is broadly
n e technology relating on the internet,
applications running defines
internet, and various The Oxford Dictionary
Ctworks, or TT".
Information Technology
to as
TCd and other
IT as: telecommunication
systems,

computers,
use of information.
ne study
or transmitting
retrieving
and
uevices forstoring,
 Tec
Information
Cyber Law of

Concept of Cyber Space IT-mediated

communication
and actions
are
Tne virtual space in which all of e . Cyber
yber space cannot
space cannot be
Cyber space
often referred to such as your website, hi
as
taking place is
taking of intangible objects,
information and reputation
bloy
Spatially located. It is made up intormation and reputation
personal
accounts, instantane
social networks, email
electronic village with eous
of as a global
Cyberspace can be thought 2
barriers.
c o m m u n i c a t i o n and no geographical

the Need for Regulation of Cyber Space

The Proliferation of IT and of compute
resulted in a concomitant proliferation
The proliferation of IT' has
unauthorized access to computers,
computer systems
crime and other forms of
and forms of
data. The protection of the integrity of all types
and computer data is vital to the
created computers, computer systems, and computer
lawfully
of the privacy of individuals as well as to the well-being of financial
protection and others that lawfully
institutions, business concerns, governmental agencies,
The lawS governing the
utilize those computers, computer systems, and data".
in cyber space
physical world are, however, inept at governing transactions
where the subject matter often is an intangible object such as one's email o
Facebook account or website or virtual currency or personal information. The
regulation of the cyber space, thus, requires specialised laws.

CYBER CRIMES
Cybercrime encompasses any crime involving a computer system or network
where such system or network is
) A Victim of Crime
Where the computer system or its network is the target of the
For example: theft, physical sabotage, violation of offenc
rights, destruction of information, etc. intellectual prope
(i) A Tool of Crime
Where a
computer
commit crime. Forsystem
or network
is being used nt t0
example:
as an
illegal transactions online, instrumo
frauds, etc. creant
card

ii) A
Repository of Evidence Related to
the Crime
Where the computer can help
investigation and prosecution of theobtain information, which assi
erime.
1, Cvher o
 TT has made life easier. It has also made crime easier. 'IT'
obliterates the
need for actual physical contact to commit a crime. Crime may be
committed
anywhere from any place through the internet. Another problem is that of
anonymity. Cybercriminals can maintain anonymity with ease. It requires highly
sophisticated equipment and a specialised skill set to identify anonymnous cyber
criminals. Cyber criminais Tace low entry barriers due to the low cost of IT, and
the ease with which the commission of cybercrimes can be learnt. For example,
malware toolkits are now easily available.
IT has also given birth to new kinds of criminal activity. Criminals use IT' to
commit both traditional crimes (embezzlement, cheating, theft, etc.) and new age
crimes (denial of service attacks, computer hacking and data theft, etc.). The
involvement of the computer is not limited to the basic computer crimes only but
used a
it also
is widely in broadrange of other crimes such
as organised
white collar crimes, drug trafficking, frauds, forgeries, kidnappings. extortion,
crimes
gambling, software piracy etc.
Yet another problem for legislation is the moral ambiguity of some of the
crimes or bad behaviour. Many a time, the criminals (and also the victims) are
not even aware that they are committing a crime. Email spamming, identity theft
with no financial implications and cyber stalking are examples of such kind of
behaviour.
Misuse of IT' has given rise to various risks to individuals, organisations and
governments alike:
(1) Financial Risks: through credit card fraud, phishing and salami attacks.
ii) Risk to Information: through hacking.
(111) Individual Risk: through net extortion, online defamation. cyber
stalking, identity theft and cyber bullying.
Gv) IPR Violations: software piracy, cybersquatting, copynght and
trademark infringement.
etc.: through denial of service
(V) Risk to Computers/ Computer Systems,
attacks, viruses and e-mail spamming
items like drugs, online
(V1) Rise in Online Illegal Activity: sale of illegal
gambling and pornography.
terrorism, cyber warfare, cyber
) Risk to Government: through cyber
of websites.
spying and hacking government
CYBER LAws
and Need for a Separate Law for
mitations of Traditional Law
Cyber Crime
Traditional
i o n a l laws
laws pose several
constraints in dealing with eyber-crimes:
A
Issues: Cyberspace has no geographic boundaries.
) Jurisdictional
other country or it
may be commilled by a person in any
cybercrime or network located in
be committed using a computer systemn
may
 Code, 1860 provides for bos
another country. While the Indian Penal
territorial and extra-territorial jurisdiction. Its extra-territoria
Indian citizens. Th
extra-territorial
committed by
Jurisdiction is limited to offences
applicability of the penal code to cyber offen
leaves ambiguity in the in a way the
nationals overseas, but,
that may be committed by foreign
This 'transnational' element of cybercrime al
in India.
impact is felt Investigation of offences
international cooperation.
requires greater
other countries and arrest of
cybercriminals of other nationalities wi
established extradition treaties
and special permissions.
require
of Conventional Definitions: Most crimes in
(i) Inapplicability
cyberspace involve intangible objects. This creates problems wher
conventional definitions of crimes are involved. For instance, the
definition of trespass requires actual physical entry for conviction'
Constructive entry upon the property is not within the meaning of this
section. In the case of cyber trespass, or hacking, where there is n
actual entry into the physical territory where the computer is located
this definition would fail. Similarly, the offence of theft is made ou
when there exists an intent to remove from possession. Therefore, for
data to be stolen, it would have to be removed from the
the owner. If the offender were to possession o
without erasing or
simply copy data onto a pen drive
the
modifying the original data in any way, then it may
constitute theft' under the traditional definition
not
of the term.
ii) Creation of New Crimes:
crimes which are not Cyber space has given birth to several ne
website can handle
recognised by conventional laws. For example,
only
a fixed number
information) given point of time. A of viewers or requests (
at a
website from
functioning by cyber-criminal can prevent
denial of service overloading it with requests (known as
an
attack°). This
online business, but, there
kind of attack can
would be
cause huge losses
no clear remedy under ordinu
4. Section 4. Indian Penal Code, 1860.
Extension of Code to Extra-
"The Territorial Offences:
provisions
() any citizen
of this Code
apply also to any offence
(2) any person onof ndia in any
place without and committed by:
5. Section 441. Ibid. any ship or aircraft registered beyond
in India
India;
Criminal Trespass: wherever it may be."
"Whoever enters into
offence or 1o intimidate,or insuli
upon property in
the
lawfully entered into or or possession of another with intent
annoy any person intent to
o commil
niimidate, insult or
'criminal trespass.
upon such
property,
in
possession of such
6. Rash
annoy any such
person, unlawfully remains there
ere propery reby
with intent ther
Behari or withintent
1960 Chatterjee
Cal 189;
See Fagu Shaw & Ors.
v.
to commit an offence,
d 18 aid t
c o m n

7. Publishing,378.2009, at Page 743. Deo Gaur: Textbook

Section
Krishna 1970 AIR
20; State of Caleutta v. Abdul Sukal1A
Theft: Indian Penal Cod
on the
ndian Paual
Chapter 1 Introduction to nformation Technology and Cyber Laws
law. Similarly, the IT Act elevates the offence of denial of access and
introducing computer viruses with the intent of striking terror in a
section of people to the status of 'cyber-terrorism and provides for
significant punishment for the same. Under section 66F of the IT Act,
the provision relating to cyber-terrorism. is worded similar to Section 3
of the Prevention of Terrorism Act, 2002".
iv) Issues with Gathering Evidence: The intangible nature of
cyberspace
and cybercrime makes traditional methods of gathering evidence
inadequate. The 'scene of crime in cyberspace is completely virtual
and so is the object of the crime (data/
information). Additionally, this
type of evidence can be modified very easily. For example, a criminal
may set up a program which erases all evidence from the computer if it
is accessed by other than himself. In this case, mere access to
someone
the computer may erase the evidence. Therefore
specific rules are
required for extraction of evidence and maintaining its' authenticity.
(v) Anonymity of Netizens: A cybercriminal can
A cybercriminal can use fake easily guard his identity.
identities or create
example. This makes gathering of evidence difficult. identity clones,
for
(vi) Monitoring of Crime: The sheer volume of
information involved and
being processed every second makes monitoring and
very difficult. Countries like United States of tracking of crime
have America,
put in place extensive internet surveillance including India,
However, such programmes canprogrammes
with this issue. to deal
invasive in the personal lives of also be extremely
the protection of individuals, raising questions regarding
privacy. For example, India's Central
System (CMS), described as the Indian version of Monitoring
a mass
electronic surveillance data America's PRISM, is
India's security mining program which will give
agencies
India's telecommunications
and income tax officials
centralized access to
record mobile, landline
network and the ability to listen in on and
and satellite calls and voice
Protocol (VolP), read over Internet
private emails, SMS and MMS, and track
geographical location of individuals, all in real time. It can the
to also be used
monitor posts shared on social media such as
and
Twitter, and to track users' search histories on Facebook, Linkedln
9.
Google, without any
Section Prevention of Terrorism Act, 2002.
3.
Punishment for Terrorist Acts:
(0) Whoever,
a)wilh intent to threaten the unity, integrity,
he
people or any section security or sovereignty of
explosive substances or of the people does any act or thing by using8 Tndia or to strike terror in
inflammable substances or bombs, dynamite or other
noxious gases or other chemicals
a or by firearms
any other substances
or other lethal
weapons or poisons or
hazardous nature or by (whether
cause, death of, or any other means biological
whatsoever, in such a manner as to or otherwise) of
injuries to any
property or disruption of any supplies person or
persons or loss of, or cause, or likely to
damage or services
essential to damage to, or
desiruction of.
India or in destruction of any property or equipment used or the life of the community or
or

or
connection with any other intended to be used causes
any of their purposes of the Government for the defense
compel the agencies, detains any person and of India, any State of
to or
Government or any other person to
threatens
do
to kill Government
injure such person
or
or
abstain from doing any act,..." in order
 Cyber L
data may he
oversight by
courts or
Parliament. The

other
intercepted
dete
a u t o m a t e d tests to detect
ubjea
otiona
and
to pattern
recognition
compassion
different forms of
o r intent, and different

markers, such
as hate,
are obligated law to by give
operators
in India access
dissent. Telecom enforcement agency.
networks to every legal
to their
c o n c e r n s raised by
experts is the sheer 1ac of
One of the primary icial word from
There is no offici th
from the
on the project.
bodies or agencies wil1 use thi
information
public how government this
about
government
of population will be
under surveillane
nce
information; what percentage
for a citizen whose personal detail
no legal recourse
etc. There is also
or leaked from
the central or regional database
are being misused
under which surveillance orders are
Unlike America's PRISM project
courts, CMS does not any have judicial oversight'", There
approved by on surveillance.
is thus need for extensive legislation
value of Electronic Information: The extensive use of
(vii) Evidentiary
documentation raised a new question on
IT" for communication and
was being stalked
the admissibility of electronic evidence. If a person
online, can of e-mails or screenshots of chat room messages by
copies
the stalker be admissible as evidence? The pre-amendmended Indian
Evidence Act, 1872 recognised of evidence'
only two types
documentary evidence (i.e., paper based evidence) and oral
evidence

(testimonials of witnesses).
(vii) Validity of Online Transactions: Traditional law does not deal wit
the validity of e-contracts, digital signatures, e-commerce, etc. o
example, 1S a contract entered into through e-mails legally valid? Can
be enforced in a court of law?

Thus, the need was felt to promulgate specialised 1laws to provide for the
following:2
(i) Sening clear standards of behavior for the use of computer devices.
(ii) Deterring perpetrators and
protecting citizens;
(ii) Enabling law enforcement investigations
privacy;
while protecting nav
(iv) Providing fair and effective criminal justice
(v) Requiring minimum protection standardsprocedures
in areas such as l
handling and retention; and

10. Critique of CMS

NGO working forbyonlineAnja
Dr
Kovacs,
freedom of speech
Project and related
Director issues, See india s
at Internet s t COm/nbas
System: Security can'i come at cost of privacy, Available at: htup://tec Project
436.html
ral Monitorua
w

11.
analysis/ndias-central-monitoring-system-security-cant-come-at-cost-of-privacya
Accessed on 23
Sectuon 3, IndianAugust, 2014.
12. Draft Evidence Act, 1872.
Report titled Ca
-2144
 recommended that:
This Resolution
consideration to the UNCITRAL Model Law on
"all States give favourable view of the
enact or revise their laws, in
Electronic Commerce when they alternatives to paper-based forms
uniformity of the law applicable to
needfor
and storage of information.
ofcommunication
2000
India's First Cyber Law: The Information Technology Act,
electronic transactions and its'
view of the international recognition of
In
Indian legislature felt the need for providing legal
a
use within India, the
growing It led to the enactment of
framework for e - c o m m e r c e and digital signatures.
Act, 2000 (the IT
India's first legislation: the Information Technology
cyber
Act).
Preamble to the IT Act' states as
1. Objectives of the IT Act': The
follows
transactions carried out
An Act to provide legal recognition for the
and other means of
by means of electronic data interchange "Electronic
electronicc communication, commonly referred to as

Commerce', which involves the of alternatives to paper based

use
methods of communication and storage of information, tofacilitate
Governnment agencies and
electronic filings of documents with the
to amend the Indian Penal Code,
Indian Evidence Act, 1872,
further
The Bankers' Books Evidence Act, 1891, and the Reserve Bank of
India Act, 1934 and for matters connected therewith or incidental

thereto.
WHEREAS the General Assembly of the United Nations by
resolution A/RES/51/162, dated the 30th January, 1997 has adopted
the United
the Model Law on Electronic Commerce adopted by
Nations Commission on International Trade Law:
recommends inter alia that all
AND WHEREAS the said resolution
said Model Law when
States give favourable consideration to the
view of the need for uniformity of
they enact o r revise their laws, in
the law applicable to alternatives to paper-based methods of
communication and storage of information;

(Footnote No. 20 Cont'd)

(a)there exists a reljable assurance
as
to the integrity of the nformation from the time
when it was first generated in iis final form, as a data message or otherwise; and
(b) where it is required that information be presented, that informaion is capable of beine
it is to be presented
displayed to the person to whom
(2) Paragraph (1) applies whether the requirement therein is in the form of an obligation or
whether the law simply provides consequences for the nformation not being presented or
retained in its original form.
(3) For the purposes of subparagraph (a) of paragraph (1):
(a) the criteria for assessing the iniegrity shall be whether the information has remained
complete and unalered, apar1 Jrom the addition of any endorsemeni and any changes
which arises in the normal course of communication, storage and display; and
(b) the standurd of reliability required shal be assessed in the lighi of the purpose for
which the informaion was generated and in the lighi ofall the relevan1 circumstances.
(4) The provisions of this article do not apply to the following: (.)"
 Cyber Le
10
to give effect to the said
WHEREAS it is considered necessary
AND Government services
and to promote efficient delivery of
resolution Parliament
reliable electronic records,
BE it enacted by
by means of
in the Fifty-first
Year of the Republic of India asfollows-"
of this Act, as laid down in its Preamble
Preamble are the
The main objectives
following:
the U.N. General Assembly's Resolution on the Model
i) To give effect to
Law.
(ii) To provide legal recognition to e-commerce- transactions carried out hy
means of electronic communication.
(i) To facilitate electronic filings of documents with government agencies
(iv) To amend the Indian Penal Code, Indian Evidence Act, 1872, The
Bankers' Books Evidence Act, 1891, and the Reserve Bank of
India
Act. 1934.
2. Scope of the TT Act: The
scope of the IT Act' is as follows:
) To permit authentication of
electronic records by digital
signatures
(i) To recognise filing of forms, issue of licenses,
etc.
through electronic means by the receipt of payment
(1) To lay down government*.
rules in relation to electronic
dispatch, etc.". records -

receipt, time of
(iv) To provide for a
issue of
Controller of
Certifying Authorities
digital signature certificates". in relation to
(v) To define offences
and
(vi) To establish a Cyber prescribes penalties
(vii) To lay down Appellate Tribunal,
(Vil) To liability of intermediaries
prescribe extra territorial
The
provisions of this Act are not jurisdiction for cyber offences.
28
G) A
negotiable applicable to the following
i) instrument,
A power-of-attorney, instruments
i) Atrust,
(iv) A will,
(v) including any other
Any contract for the
interest in such testamentary
sale or disposition,
21. property, and conveyance of
immovable
Chapter 1l, IT Act, rty r any
22.
23. Chapter 1ll. Ibid. 2000. prope
24. Chapter
25. Chapter VIIN. andIbid.
26. Chapter IX and VII. Ibid.
27. Chapter X. Ibid. XI. Ibid.
28. Chapter
Section XIl. Ibid
29.
Section 75. Ibid.
14). Ibid
Chapter
(vi) Any such class of documents or transactions as may be notified by the
Central Government in the Official Gazette.
3. Legislations Amended by the IT Act': In order to fully achieve the
objectives of the IT Act', corresponding changes were required in
other laws. For instance, the Model Law requires that there should be
no discrimination between electronic
records and normal documents.
to be amended to
This means that the law of evidence would have
evidence. Therefore, the IT
recognise electronic records as admissible
Act made amendments to the following Acts:

(i) Indian Penal Code 1860

was inserted
The definition of the term 'electronic record'
to include
References to the term document' were amended
references to 'electronic records". The extra-territorial jurisdiction
of the IPC was expanded to include all offences targeting computer
resources in India. Lastly, sections in relation to a false document
record"*.
were amended to include references to a false electronic
(iü) Indian Evidence Act, 1872
to include electronic
The definition of 'evidence' was amended
records. Some important sections that were inserted are on

verification of
admissibility of electronic records, proofand evidence".
as to electronic
digital signatures and presumptions
ii) Banker's Book Evidence Act, 1891
books"*and 'certified copies were
The definitions of 'bankers
electronic devices and printouts
amended to include data stored in
certifications to accompany such
of such data. A section on
printouts was also inserted".
Reserve Bank of India Act, 1934
(iv) to include
The powers to make regulations were amended 41
electronic means "
regulations on fund transfer through
The
issued under the IT Act':
4. Various Rules and Notifications issues rules and
Electronics and Information Technology
Department of of the important
notifications on various issues
from time to time. Some
rules are:

Section 29A. Indian Penal Code, 1860.

175. Ibia.
3 ections 167, 172, 173 and 466, 468, 469, 471, 474, 476 and
477A. lbid.
04, 463, 464,
33 uons 192, Indian
Section 3(e). Evidence Act, 1872.
34. Section 65B. Ibid.
35. Section 67A. Ilbid.
36. Section 73A. Ibid.
Sections 81A. 85A, 85B, 85C, 88, 90. Ibid.
1891.
SSection 3(3). Bankers' Books Evidence Act,
39. Section 3(8). Ilbid.
40. Section ?A Ihid
 Tech
Information
12 Cyber Law of
Rules, 2011
Service Delivery) the delivery of
(i) IT
(Electronic systems, i.e.,
nuk:
public
e-governance
forms and application
Rules regarding
form of filing receipt
of ons,
services in the certiticate, sanction or
license, permit,
of any electronic meano
issue or grant of money by
receipt or payment
approval and the Practices and
Procedures and Sensiti

1T (Reasonable
Securily
(ii) 20111
Data or Information) Rules,
Personal sensitive personal data
responsibility for
Rules regarding corporate of
collection of information, disclosure
such as privacy policies,
information, etc.
2011
(ii) IT (lntermediaries Guidelines) Rules,
Rules regarding due diligence to be observed by intermediaries in
the discharge of their duties.
(iv) IT (Guidelines for Cyber Cafe) Rules, 2011
Rules regarding registration of cyber cafes, identification and log
requirements for cyber café users, inspection of cyber cafes, etc.
(v) IT (The Indian Computer
Emergency Response Team and
Manner of Performing Functions and
Duties) Rules, 2013
Rules with respect to the
functioning of the Computer Emergency
Response Team, such as- coordinating
action
emergencies, providing incident during cyber security
publishing alerts response services to users,
offering informationconcerningg
to help
vulnerabilities and threats, and
and
Other International improve cyber security.
1.
Cyber Laws
UNCITRAL Model Law on
signatures were increasingly Electronic Signatures (2001):
Electronic
signatures. This law sets out being used as a substitute for hand
down the same
fundamental international standards for writte
discrimination, principles as the their use. It 1ays
technological
key provisions are: Model Law,
neutrality and functional namely, no
) Criteria
establishing equivalence. 1
i)
written signatures
Equal treatment of
equivalence between electronic
ii) and hand
Duties and methods of
liabilities of the creating electronic
cerification service provider
(GV)
Recognition of foreign signatory , the signatures
relying
43
2.
United
Nations certificates and party and the
anu

42. Article
Communieations in Convention
International on electronic
the signatures
Use of
47

43. 6.
UNCITRAL Model Law
Article 3. Ibid. Contracts (New of Electroni
Ee his
44. Aricle 8. Ibid. on York, 200> This
45. Article Electronic
46. Article 11. Ibid.
9. Signatures.
47.
Article 12.Ibid.
Ibid.
Chapter 1 ntroduction to Information Technology and Cyber Laws 13

convention was made to remove the obstacles faced due to the use of
electronic communications in international trade. It makes electronic
communications and contracts concluded thereby equivalent in their
legality and enforceability to paper based communications. Its' key
provisions are:
48
(i) Place of business and related presumptions"".
ii) Recognition of legality of electronic communications"
49
and
electronic contracts
(ii) Criteria establishing equivalence between electronic
communications/ contracts and paper- based communications/
contracts.
(iv) Time and place of dispatch and
communications.
receipt of electronic
(v) Effect of error in electronic
communications".

*,
Articles 1 and 6, United Nations
International Contracts. Convention on the Use of
49. Article 8. Electronic Communications in
50. Article Ibid.
12.
51. Article 9. Ibid.
Ibid.
S2. Article 10.
S3. Article 14 Ibid.
hid