Cyber crime and law in India with Landmark Judgements

When Tim Berners Lee created the World Wide Web in 1955, little did he know that the
internet would become an integral part of the society 20 years down the lane. Today’s society
has become a global village, all thanks to the communication, information and connectivity
that internet provides. As seen through the course of history, technological development can
lead to both productive and detrimental use.
Crimes in the cyberspace can be defined as, criminal activity that involves computers,
network or networked device. Cybercrime involves unlawful acts where the computer is
either a tool or target or both. In India cybercrime is regulated by the Indian Penal Code,1860
and Information Technology Act, 2000.Though cybercrime is not defined under any statue, it
is generally understood to be “any offence or crime in which computer is used”. Cybercrimes
can be categorized based on two parameters, firstly based on whether the computer is used as
a target or as a weapon and secondly, cybercrimes against person, property or government.
Elaboration on the categories of cybercrimes includes the following:-
1) Based on computer being target or weapon –
(i) When computers are used as a target, then a computer is used to attack other
computers. The crimes coming under this category contains Hacking, Virus or
Worm attacks, Denial Of Service attacks (DoS)
(ii) When computers are used as weapon, they are used to commit real world
crimes which includes credit card frauds, pornography, IPR violations,
Cyberterrorism
2) Based on whether the crime is committed against person, property or government:-
(i) Cybercrimes against persons comprises of cyberstalking, impersonation, loss
of privacy, online harassment
(ii) Siphoning of funds from financial institutions, stealing data, copyright
infringement, computer vandalism come under the ambit of cybercrimes
against property
(iii) Cybercrimes against governments encompasses cyber terrorism, hacking
government websites, cyber extortion

Cyberlaws are the laws governing the cyberspace (which is the computer-generated world of
internet), computer and internet. All legal issues arising out of internet crimes are delt with
the help of cyberlaws, to prevent crimes done with the help of technology. The United
Nations Commission On International Trade Laws (UNCITRAL) adopted in 1996, a model
law regulating e-commerce and in 1997 the United States General Assembly passed a
resolution recommending all states to adopt similar laws which would give recognition to
electronic records and giving it the same treatment like that of paper communication and
records. The Information Technology Act (ITA), 2000 was enacted against this background.
It mainly delt with legal recognition of electronic document and digital signatures, offences
and contraventions along with redressal of problems by the justice delivery system. This Act
was further amended in 2008 and it took into consideration data privacy, information
security, classifying additional cybercrimes like child pornography and cyber terrorism while
defining reasonable security practices to be followed by corporates.
The ITA, 2000 also amended various pre-existing legislations like Indian Penal Code, 1860
(sections dealing with records have been amended to include the word ‘electronic’, thereby
treating the digital records on par with physical records), Indian Evidence Act, 1872
( evidence or information taken from computers along with document ascertaining that all
information is correct to the best of knowledge is expressed in the amendment), Banker’s
Books Evidence Act, 1891 and Reserve Bank of India Act, 1934.
Landmark Cases relating to Cybercrimes
State of Tamil Nadu vs. Suhas Katti (2004)
Facts – The accused was a family friend of the victim and wanted to marry her, but she
married another man. Her first marriage resulted in divorce, the accused in vain tried to
influence her again to marry him. She did not respond to his proposals and hence, the accused
tried to harass her through the internet. He opened a false e-mail account in the victim’s name
and posted obscene, defamatory and wrong information about the victim. The victim received
annoying call due to posting of the messages, these calls were made in the belief that the
victim was soliciting for sex work
Decision – Based on the evidence produced and eyewitness examined the Additional Chief
Metropolitan Magistrate, Egmore held that the accused was guilty of offences under the
Section 469 (Forgery for purpose of harming reputation), Section 509 (Word, gesture or act
intended to insult modesty of woman) of IPC and Section 67 (Punishment for publishing or
transmitting of material containing sexually explicit act etc., in electronic form) of IT Act.
This case is a landmark case in relation to cyber law, as the conviction was done within 7
months of filing the First Information Report (FIR)

Pune Citibank Mphasis Call Centre Fraud (2005)

Facts - Rs. 1.5 crore was fraudulently transferred from the Citibank accounts of 4 US
customers through the internet to few bogus accounts. The staff gained the customers trust
and extorted their PIN’s under the pretext of ensuring that they would assist customers during
challenging situations. The accused are ex-employees of Mphasis call centre
Decision – The court observed that since the employees are thoroughly frisked before being
allowed into the call centre, it was concluded that they memorized the PIN numbers. The
transfer was done with the help of SWIFT (Society for Worldwide Interbank Financial
Telecommunication) and since the crime was committed using unauthorized access to
electronic accounts of customers, it falls under the ambit of “Cyber Crime”. Due to the
unauthorized nature of transactions, the court held that Section 43(a) of IT Act was applicable
in this case. The accused were also charged under Section 66 (Computer related offences) of
Information Technology Act, 2000 along with charges under Section 420 (Cheating and
dishonestly inducing delivery of property), 465 (Punishment for forgery), 467 (Forgery of
valuable security, will, etc.) and 471 (Using as genuine a forged document or electronic
record) of Indian Penal Code, 1860.

Poona Auto Anillaries Pvt. Ltd. vs. Punjab National Bank & Ors. (2013)
Facts - The complainant Manmohan Singh Matharu, MD of Pune base firm Poona Auto
Ancillaries was defrauded to the tune of Rs. 80.10 lakh from his Punjab National Bank (PNB)
account, after he responded to a phishing email.

Decision - In this dispute PNB was ordered to pay Rs. 45 lakhs as compensation to the
complainant, as the bank was found negligent as it did not have proper security checks
against fraudulent accounts that were used defraud the complainant. Further, the complainant
was asked to share the liability, since he had opened the phishing mail. This was one of the
largest compensations awarded to a person in legal adjudication of a cybercrime dispute.

Shreya Singhal vs. Union of India (2015)

Facts – Two girls had expressed their displeasure at a bandh called in the wake of Shiv Sena
Leader Bal Thackrey’s death, on Facebook. This led to police arresting them in 2012 by
using Section 66A (Punishment for sending offensive messages through communication
service, etc.) of the IT Act. Though they were later released and the criminal case against
them dropped, this incident led to widespread protests. A petition was filed challenging the
constitutional validity of Section 66A of IT Act, on the grounds that it was violative of
freedom of speech and expression.
Decision – The Supreme Court held that Section 66A was ambiguous and violative of right to
freedom of speech and expression as it considers innocent speech to also be under its ambit.
Thus, Section 66A of IT Act was struck down while allowing relevant sections of IPC to
govern the prohibition of racist speech, any speech outraging the modesty of women or
speech aimed at promoting abusive language, criminal intimidation, racism etc.

CBI vs. Arif Azim (Sony Sambhand Case) (2013)

Facts – The website www.sonysambhand.com allowed NRI’s to buy Sony products for their
Indian friends and relatives, by paying through online mode. In 2002 some logged into the
website under the name of Barbra Campa and bought a Sony colour TV along with cordless
telephone for a person named Arif Azim. The transaction was paid through a credit card and
the items delivered to Arif Azim, later the website was informed that payment for the
transaction was unauthorized and that the card owner denied having made the payment. A
case was lodged with the CBI and later investigations revealed that Arif Azim was working
with the Noida Call Centre, while working there he got hold of the credit card detail of
Barbara Campa and misappropriated the same
Decision – The court held that IPC could be depended upon when the IT Act was not
exhaustive. The accused was found guilty, but got a lenient term of one year of probationary
period, as he was a young boy and first time offender.