Quadrant-I- Description of Module

Subject Name Law

Paper Name Substantive Criminal Law
Module Name/Title Cyber Crime
Module ID Module 28
Prerequisites A basic knowledge of criminal law
Objectives To understand the origin, character, and ambit of cyber crime, and particularly its changing
dynamics
Keywords Cyber-contraventions, DDOS, virus, hacking, source document

Quadrant-II: e- Text

28.1 Introduction

28.1.1 Background

Cyber-crime has become a popular buzz-word these days. Many reasons can be attributed to this,
including how ubiquitous computers have become in our daily lives and how much we have come
to depend on them, and the consequent fear, real or otherwise, that we have made ourselves so
much more vulnerable through this. Then the online world itself is changing rapidly, perhaps too
rapidly for most people to comprehend. Ten years ago we were reasonably well-connected online.
But life in cyberspace was very different. Email was used extensively for leisure. Social networks
still meant Hi5 or Orkut; Facebook was restricted to American schools and colleges only. Yahoo
Messenger was still a preferred mode of chatting. Making online purchases was perceived as a risky
exercise, with no guarantee of purchased goods actually making it to our homes.

Most important, back then the internet meant, overwhelmingly, computers. One simply could not
conceive of devices with touchscreens and eight-core processors, powerful enough for everyday
online tasks and much more and yet small enough to fit into one’s pocket and hence also a tempting
target for pickpockets. Yes, mobile thefts were common (I myself have had two phones stolen) but
back then it was the handset itself that was the target; data stored in it was largely unimportant.
Today data inside stolen mobiles are at least as, and some times more, lucrative targets as the
handsets themselves.

Another aspect of this issue is that information technology law is still in a still in a stage of
nascence in many parts of the world including India. Our police are ill-equipped to even understand
the nature of most cyber-crimes, let alone regulate or investigate them. Then our cyber-crime laws
often suffer a disconnect with their own purposes and intents. At times they are too lenient, at times
too strict, at times simply out of synch. While this may be a reflection of law generally in this
country, it matters much more in the cyber-environment which, as we saw, is changing at a
terrifying pace.

28.1.2 Learning Objectives

Here we shall cover the following areas: First, we shall undertake a brief overview of the nature of
and background of cyber-crime, and its various forms. Next we shall examine certain specified acts
that have not been accorded any nomenclature, but which characteristically attract civil and also, in
some circumstances, criminal liability as well. After that we shall discuss those acts that are
properly known as cyber-crimes, including but not restricted to sending offensive messages, identity
theft, impersonation, violation of privacy, and so on. Within this discourse, we shall examine the
nature and character of each offence, case law, and in some cases parallel developments in other
legal systems.

28.2 The Nature of Cyber-Crime

28.2.1 Conceptual Aspects

When dealing with cyber-crimes, arguably the first thing that occurs to us is, how different are they
from real-world crime? Should they be treated as simply ‘“traditional” crimes wrapped up in
gigabytes and modems’,1 or as altogether new and unprecedented legal wrongs? According to
Warren and Streeter, the answer lies somewhere in between. Identity theft, impersonation, and
violation of privacy, for example, are only variations of crimes that existed long before the advent
of computers.2 On the other hand, take something like the propagation of viruses, which affects
computers on such a large scale that few if any parallels exist in the realm of ‘traditional crimes’:

It is said sometimes that virus writing is a little like graffiti writing; in other words an act of
vandalism by a (usually) young man seeking attention. Yet when a kid spray-paints a wall or
a fence, he knows precisely what damage he is causing and to whom. A virus writer

1
Peter Warren, Michael Streeter, Cyber Alert: How the World is Under Attack from a New Form of Crime (Vision
2005) 9.
2
ibid.
 unleashes his little programme of misery upon the world not knowing or apparently caring
who or what he will damage, and on what scale.3

It is at least clear that, whether or not cyber-crimes are variants of traditional crimes, they feature
certain common characteristics that set them apart from the latter. The first is that they can be
perpetrated on immense scales using little by way of resources, at times as little as a computer and a
reliable internet connection. Secondly, they can be and frequently are committed with the utmost
ease across national boundaries. Apart from causing procedural problems like jurisdiction,
extradition and investigation, this also creates issues of criminal liability such as the proper law for
determining culpability, standard of proof, and similar issues.

Thirdly, and arguably something that has not attracted the attention of jurists as much as the other
two points have, the notions of mens rea and actus reus necessarily have to be viewed differently in
the context of cyber-crime. In many cases, mens rea can be inferred from the commission of the act
itself. Even when it comes to acts like propagating viruses, or hacking into and damaging a network
or a website simply for the fun of it, the sheer magnitude of recklessness it entails is sufficient to
justify criminal liability.4 Lastly, since these offences are of comparatively recent origin, their
existence, scope, and ambit are determined mostly through statute law. Judicial precedents play a
comparatively minor role here, especially in Indian law. Beyond these four characteristics, there is
little that binds together the various acts classified as cyber-crimes.

28.2.2 Cyber-Crime in Indian Law

Cyber-crime gained recognition in India when the Information Technology Act (IT Act) 2000 came
into force. Shortly thereafter, the lacunae of the legislation, particularly in connection with penal
provisions, became painfully apparent. Consequently the Act was amended comprehensively in
2008, in which process especial attention was given to penal provisions. New provisions were
introduced dealing with issues like transmitting offensive material, child pornography, and cyber-
terrorism. Moreover, existing sections were also amended, and their character or ambit altered. For
example, Part IX, which was earlier titled ‘Penalties and Adjudication’, now became ‘Penalties,
Compensation and Adjudication’ (emphasis added).

28.3 Important Definitions

Before beginning this section, certain definitions need to be kept in mind. We shall frequently
encounter terms such as computer, computer resource, computer system and so on. Clause (i)
defines ‘Computer’ in terms of data processing devices that can perform logic, arithmetic, and
memory functions, and includes all peripherals performing input, output, processing, storage etc.
functions and connected or related to a computer in a computer system or computer network.
Similarly, cl. (j) construes ‘Computer Network’ in terms of interconnecting one or more computers
or computer systems or communication devices. ‘Computer Resource’ (cl. (k)) is a generic term
that includes within its scope computers, communications devices, computer systems, even
databases and software, among others. Lastly, cl. (l) defines ‘Computer System’. It is not a clearly
worded provision, and at first sight it does not make clear where the difference between computers
and computer systems lie. The difference is that the latter indicates a device or a collection of
devices (emphasis added) of a certain type, namely capable of being programmed, input and output
data, and so on.

28.4 ‘Cyber-Contraventions’, Computer-Related Offences

3
ibid.
4
For a clearer understanding of this, interested readers may refer to HLA Hart’s seminal article ‘Negligence, Mens
Rea, and Criminal Responsibility’ reprinted in HLA Hart, Punishment and Responsibility 2 ed (OUP 2008) 136.
Among the more curious aspects of the IT Act is Chapter IX which, as we mentioned, is entitled
‘Penalties, Compensation and Adjudication’. It stretches from S. 43 to S. 47, and covers a variety of
substantive and procedural provisions. Commentators like Sharma use the term ‘Cyber-
Contraventions’ to denote the chapter,5 but it is not a descriptor in popular circulation and, in any
case, it reveals little about what kind of contraventions the section addresses. A cursory look at the
substantive provisions included here, and particularly at the penalties and compensation amounts
specified, suggests these acts are in the nature of cyber-torts.

Section 43 is of particular interest to us. The title of the section reads ‘Penalty and Compensation
for Damage to Computer, Computer System, etc.’; like in the title of Part IX, the word
‘compensation’ was not present originally, and was added to the heading in 2008. It comprises a
total of ten specific acts the commission of which invites ‘damages by way of compensation not
exceeding one crore rupees to the person … affected’. Curiously, the section makes no mention of
penalties at all. Once again, the title to the section is misleading because it discloses little about the
nature of the acts mentioned. On examining the provision in detail, though, it becomes apparent that
it addresses mainly issues related to hacking and related activities. These include (a) accessing a
computer or computer system without authorisation; (b) downloading, copying or extracting data;
(c) infecting a computer or system with a contaminant or virus; (d) damaging a computer, system,
network, data stored within it etc.; (e) disrupting a computer, system, or network; (f) denying
access; (g) providing assistance to another to gain unauthorised access; (h) directing monetary
charges to another person’s account; (I) destroying, deleting, or altering data inside a computer
resource; and (j) stealing source code.

The term ‘access’ in cl. (a) has to be understood in the light of the definition provided in S. 2(1)(a)
as ‘gaining entry into, instructing or communicating with … a computer, computer system or
computer network’. Clause (c) uses the terms ‘contaminant’ and ‘virus’. The distinction between the
two can be appreciated by examining explanations (i) and (iii) to the section. According to the
former, contaminants characteristically modify, destroy, record, and/or transmit information, and
usurp the normal functioning of the computer, computer system, or computer network it infects.
Viruses, on the other hand, have two characteristics: one, they destroy, damage, degrade or
adversely affect the performance of a computer resource etc.; and two, they attach themselves to
another computer resource on the occurrence of some specified event like an instruction being
executed. It is interesting to note that barring this explanation, the Act does not define a virus
anywhere, particularly within S. 2. Given the importance of viruses to IT law, this treatment meted
out to virus does appear strange.

Clause (d) is understood to extend to two kinds of damage, namely physical and virtual damage.
The categories are self-explanatory: the first involves manually tampering the target computer,
system, network, or so on; the second involves performing similar acts remotely either through a
network like the internet, or perhaps through viruses or bots that transmit themselves through
portable storage media like flash drives.

Clause (f) specifically addresses DDOS (distributed denial of service) attacks, a common tactic
among malicious hackers to block access usually to e-commerce sites. This involves a group of
miscreants continually accessing the site’s services with such rapidity that the targeted server is not
able to handle the unprecedented traffic, and ultimately crashes. Clause (h) is significant because it
protects services bought and paid for by individuals. A classic example is internet time or data limits
purchased from service providers. Inexpert users tend not to take basic precautions, such as using
passwords that are difficult to guess, and making their wi-fi connection secure. As a result, it

5
Vakul Sharma, Information Technology: Law and Practice 3 ed (Universal Law Publishing 2011) 116.
becomes easy for others in the vicinity to access the services that the user had paid for.

A question arises here whether such services should be treated as movable property. We may for this
purpose draw a parallel with similar issues concerning electricity theft, which the Supreme Court
addressed in Avtar Singh v. State of Punjab.6 Here the court clarified that electricity will not amount
to movable property, and hence S. 378 of IPC 1860 (theft) shall not apply directly. However, due to
a legal fiction created by S. 39 of the Electricity Act 1910, electricity theft shall attract punishment
for theft specified in S. 379 of IPC.

It has been suggested that a similar interpretation can be resorted to through S. 43(h) of the IT Act.7
On closer inspection, though, this proves unsustainable. Section 39 of the Electricity Act explicitly
uses the word ‘theft’ (albeit in the marginal heading), whereas S. 43(h) does not do so anywhere; all
it talks about is charging to the account of one person services actually used by another person.
Surely to create the desired legal fiction some express use of the word would have been necessary?
Then again, S. 378 requires as essential elements such as taking the property out of the possession
of the victim. The Electricity Act can certainly sustain a legal fiction regarding such taking out of
possession. Section 39 begins with the words ‘Whoever dishonestly abstracts, consumes or uses . .
.’ (emphasis added). The use of the word ‘abstracts’ is surely sufficient to for this legal fiction. On
the other hand, S. 43(h) contains no such word or words. Can it still sustain a similar legal fiction?

This question actually leads to our next point within the discussion on S. 43, namely why are we
discussing these so-called ‘contraventions’ when our mandate concerns cyber-crimes? Admittedly,
S. 43 does not contemplate anything beyond monetary compensation, for which it sets an upper
limit of Rupees one crore. It does not even impose penalties, contrary to what the provision’s title
suggests. The interesting thing is, even prior to the 2008 Amendment, when the title of the Section
read simply ‘Penalty for Damage to Computer, Computer System, etc.’ and did not contain the word
‘compensation’, the provision still contemplated ‘damages by way of compensation not exceeding
one crore Rupees’.

To understand the penal implications of S. 43, we need to look at S. 66, titled ‘Computer Related
Offences’. This imposes on any dishonest or fraudulent commission of an act specified in S. 43
imprisonment of up to three years, and a fine of Rupees five lakh or both. The provision in its
present form dates back to the 2008 Amendment. Prior to the latter, it was entitled ‘Hacking with
Computer System’ and imposed penalty for intentionally or knowingly destroying, deleting or
altering information within a computer resource etc. It would seem, therefore, that subsequent to the
Amendment, the Act no longer features a provision explicitly dedicated to hacking, and now any
such act can be made punishable only if it falls under one or the other clauses of S. 43 read with S.
66. Indeed, a word search reveals that the very term ‘hacking’ is no longer found in the text of the
Act.

Before we move on to the next topic, it may be noted that Part IX contemplates ‘contraventions’
beyond S. 43. These include failure to protect data (S. 43A) and failure to furnish information,
return etc. (S. 44). But S. 66 references only S. 43 and not these, which means that they fall outside
the purview of cyber-crimes, and hence our discussion as well.

28.5 Tampering with Source Documents

Section 65 falls within Part XI of the Act, entitled ‘Offences’. Prior to the 2008 Amendment, the
Part was compact in size, and contained a limited number of provisions. After the Amendment, the
number of provisions has gone up considerably, which may be classified into different categories

6
AIR 1965 SC 666.
7
Sharma (n 5) 122-23.
according to their context. Section 65, however, sits ill at ease within this framework of categories,
and so is best treated separately.

The provision comprises the following elements: (a) intention or knowledge; (b) concealment,
destroying or altering (or causing another to do the same); (c) any computer source code; and (d)
when the computer source code is legally required to be kept or maintained. Contraventions attract a
maximum punishment of three years’ imprisonment and/or fine of up to Rupees two lakhs. No
illustrations have been provided, but the explanation to the provision defines source code as ‘the
listing of programmes, Computer Commands, Design and layout and programme analysis of
computer resource in any form.’

This unusually broad conception of source code was adopted in Syed Asifuddin v. State of Andhra
Pradesh,8 where some Tata Indicom employees were arrested for obtaining CDMA cellphone
handsets meant to run exclusively on the Reliance network, and then tampering with them so that
they were now ‘unlocked’ and could now run on other networks including Tata Indicom. The issue
was whether the ten-digit Mobile Identification Number derived from the cellphone number give to
a subscriber; and especially the 32-bit Electronic Serial Number (ESN) assigned or ‘programmed’
into each handset and the five-digit Systems Identification Code (SID) assigned to each telecom
carrier by the Government of India, amounted to ‘source code’ within the meaning of S. 65. The
court decided that source codes are type of programmes,9 and then concluded that since ESN is a
permanent part of a phone and MIN and SID are ‘programmed’ into the phone at the time of
purchased, all three satisfy the definition of ‘source code’, and thus tampering with them to unlock
the phones amounted to an offence under S. 65. It is respectfully submitted that the court did not
fully appreciate what constitutes a program, and particularly how a program, which is necessarily a
general set of instructions, differs from data which is specific to particular situations.

28.6 Offences Introduced by the 2008 Amendment

The 2008 Amendment inserted into the Act a series of offences, found in Ss. 66A to 66F. They
relate to a diverse range of issues including offensive messages, dishonestly receiving stolen
computer resources, identity theft, etc.

8
2005 Cri LJ 4314 (AP).
9
ibid [13].
Section 66A dealt with sending offensive messages. It came in for harsh criticism because of the
very wide wording used in it. Ultimately the Supreme Court in Shreya Singhal v. Union of India10
struck down the provision as unconstitutional. It listed three different kinds of acts to be undertaken
through a computer resource or communication device, namely sending grossly offensive or
menacing information; knowingly sending false information for causing annoyance, inconvenience,
danger etc.; and sending e-mails for annoyance or inconvenience or to deceive the addressee about
their origin. It is manifest that the terms used here were certainly very wide, and in fact undefined.
For example, no definition was provided for what constituted ‘grossly offensive’. Courts were also
unsure how to address the issue. In Shaju Sebastian v. State of Kerala,11 the Kerala High Court held
that it could not be said prima facie that captions added to newspaper articles were inoffensive in
character.

Worse, some courts tended to interpret S. 66A in wide terms. In Jeevan v. State of Maharashtra,12 a
mobile repair shop owner had copied some obscene clips from the handset of the customer, but had
not circulated them. The sessions judge had dismissed his revision application against the order of
the magistrate, by saying that since the accused ran a mobile phone shop, ‘there is every possibility
that he might have circulated that clip among his customers via Blue-tooth.’13 The High Court
passed sharp remarks against this and pointed out that in the absence of any evidence that the
accused had circulated the clip, or even a specific charge to the effect, a prosecution under S. 66A
could not be sustained. On the other hand, the Delhi High Court in Karan Girotra v. State,14 held a
charge of recording a nude video clip of a woman and then blackmailing her by threatening to
circulate it constituted per se adequate grounds for denial of anticipatory bail.

Section 66B deals with dishonestly receiving stolen computer resources or communication devices.

Section 66C addresses the issue of identity theft, that is, fraudulently or dishonestly making use of
‘the electronic signature, password or any other unique identification feature of any other person’.
Section 66D concerns cheating by impersonation through any communication device or computer
resource. Case law on these provisions, such as State v. Rajesh Gosain15 (Delhi High Court) and
Samdeep Varghese v. State of Kerala16 (Kerala High Court) tend to centre around procedural aspects
like bail applications and quashing of proceedings rather than substantive issues.

Section 66E pertains to violation of privacy. This entails (a) intentionally or knowingly (b)
capturing, publishing or transmitting (c) the image of a private area of any person (d) without his or
her consent, and (e) under circumstances violating the privacy of that person. Explanation (b) states
that capture amounts to videotaping, photographing, filming or recording by any means. More
interestingly, explanation (e) defines privacy as circumstances in which a person can have a
reasonable expectation that

(i) he or she could disrobe in privacy, without being concerned that an image of his
private area was being captured; or
(ii) any part of his or her private area would not be visible to the public, regardless of
whether that person is in a public or private place.

Once again, little exists by way of case law. In Sunny Dhiman v. State of Punjab,17 prosecution

10
2015 (4) SCALE 1.
11
2014 (2) KLT 18.
12
2014 All MR (Cri) 841.
13
ibid. [11].
14
2012 (2) JCC 1314.
15
2014 (2) JCC 1383.
16
2010 (2) KLJ 458.
17
Manupatra citation MANU/PH/3305/2011 (Punjab & Haryana).
under the provision was allowed to be quashed even though the offence is not compoundable,
keeping in mind that a compromise had been reached between the parties, and also the future life of
Respondent 3, an unmarried girl.

Section 66F deals with cyber-terrorism. This contemplates two kinds of acts, namely (a) intending
to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any
section of the people (i) through DDOS attacks, (ii) by hacking into a computer resource, (iii) by
introducing a contaminant into a resource, and through such an act cause death, destruction of
property, disruption of essential supplies etc. and (b) hacking into a computer resource to uncover
crucial state secrets. Clause (2) punishes such acts with imprisonment which may stretch to life
imprisonment also. So far no cases on this provision could be located.

28.7 Obscenity under the IT Act

Sections 67 to 67B deal with obscenity in cyberspace. Section 67 is simple, and imposes
punishment for publication or transmission of material that is (a) lascivious; or (b) or appeals to the
prurient interest; or (c) tends to deprave or corrupt people likely to read, see or hear it. First
convictions entail imprisonment of up to three years and a fine of up to Rupees five lakhs. For
subsequent convictions, the maximum penalties are raised to five years’ imprisonment and Rupees
ten Lakhs respectively.

Section 67 does make exceptions for artistic, literary and religious works. For some reason this is
not effected directly but by extending to this provision the applicability of the proviso to S 67A.
Even more strangely, the proviso to S 67B, which is identically worded to that of S 67 A (save that
cl (ii) protects on grounds of heritage as well as religious purposes) explicitly extends to both S 67
and S 77A as well.

The content of the definition must be examined in the light of how Indian law treats obscenity as
such. Till recently the test laid down by the Supreme Court in Ranjit Udeshi v. State of
Maharashtra18 comprised the law of the land. This holds that courts have to examine if the material
considered amounts to a depraving or corrupting influence on those into whose hands the work is
likely to fall. This is itself largely derivative of the test devised back in the 19th century in R. v.
Hicklin.19 In recent times, obscenity tests have become more sophisticated. The US Supreme Court
decision Miller v. California20 advocates a three-pronged approach:

 Whether ‘the average person, applying contemporary community standards’, would find that
the work, taken as a whole, appeals to the prurient interest;
 Whether the work depicts or describes, in a patently offensive way, sexual conduct
specifically defined by applicable state law; and
 Whether the work, taken as a whole, lacks serious literary, artistic, political, or scientific
value.

In 2014 the Supreme Court in Aveek Sarkar v. State of West Bengal21 (wich did not involve
cyberspace-related issues) endorsed the community standards test without explicitly mentioning
Miller.

Among Indian legal developments in obscenity over cyberspace, the (in) famous Bazee case22

18
AIR 1965 SC 881.
19
(1868) 3 QB 360.
20
413 US 15 (1973).
21
(2014) 4 SCC 257.
22
Avnish Bajaj v. State 150 (2008) Delhi Law Times 769 (Delhi HC).
remains a matter of concern. This concerns a video clip, depicting two school students engaged in
certain explicit acts, which had gone viral on the net some years ago. An enterprising engineering
student began to sell CDs of this clip over the e-commerce site bazee.com (subsequently bought out
by eBay). Although the site itself had not committed any wrongdoing, and had put in place all
reasonable filters to block the sale of obscene content (which the seller had managed to
circumvent), the Delhi High Court still convicted the CEO of Bazee under this provision.

Section 67A is a more specific provision, which applies to publishing or transmitting in electronic
form material which contains sexually explicit ‘act or conduct’ [sic]. Its fundamental difference
with S 67 is that its actus reus pertains to sexually explicit rather than obscene material. The term
‘sexually explicit’, which is used in S 67B also, has not been defined anywhere in the Act. But
given the very fact that the term has been used, presumably in contradistinction to ‘obscene’ used in
S 67, suggest a distinction between the two. In all likelihood the purpose of this stratagem is to
avoid, presumably in favour of a more objective construction, the subjectivity latent in the
recipients’ or communities’ standards tests that govern obscenity.

It is also a more stringent provision. First offences carry prison terms of up to five years and fines of
up to Rupees ten lakhs. Subsequent offences may attract prison terms of up to seven years.
Exceptions protect material in the interests of science, art, learning etc., or for bonafide religious
purposes. Also, by virtue of S 77B, Ss 67A and 67B are both rendered cognisable and non-bailable,
whereas S 67 is neither.

The question arises here whether possession or viewing porn amounts to a crime. Viewing porn is at
this point certainly not a crime. At this time a PIL before the Supreme Court on this issue is still
being heard, and no decision has been reached yet.23 In the course of the hearings the government
has represented before the Court that a complete ban on online porn is legally and technically
infeasible.24 Regarding possession, Sharma claims in regard to S. 67A that ‘[P]ublication or
transmission in the [sic] electronic form includes dissemination, storage and transmission of
information or data in electronic form.’25 (emphasis added) The statement is curious, and all the
more so because the Act does not appear to sustain this view. Both S 67 and S 67A talk only about
publishing, transmitting, or causing to be published in the electronic form.

Can storing be read into publishing or transmitting then? It is true that the definition of ‘originator’
in S 2(1)(za) does contemplate storage along with sending, generation and transmission; however its
ambit is expressly restricted to messages only. ‘Intermediary’ in S 2(1)(w) also contemplates
storage, but the wording of the provision clearly suggests it is not to be read into receiving or
transmitting record, but stands as a separate act in its own right. More to the point, explanations (a)
and (d) to S 66E (which may be considered in pari materia with Ss 67 and 67A) define
transmission and publication respectively in a manner that precludes mere storage. We may
conclude that, contrary to what Sharma states, mere possession or storage of pornographic material
does not as yet constitute a crime. Subject to one exception which we examine directly below,
namely child pornography.

Jurisprudentially, a fundamental difference underlies the treatment of child pornography and other
forms of pornography. Possession of the latter is not often punished. On the other hand, the mere
possession of child porn is treated as a punishable offence in some jurisdictions such as USA26 and

23
Kamlesh Vaswani v. Union of India Writ Petition (Civil) No. 177/2013.
24
Utkarsh Anand, ‘Can’t ban pornography on Internet: Govt to SC’, Indian Express, 29 April 2014
<http://indianexpress.com/article/india/politics/cant-ban-pornography-on-internet-govt-to-sc/>.
25
Sharma (n 5) 202.
26
18 USC § 2252A(a)(5).
Canada.27 International law28 obligates India to criminalise only possession of child porn for the
purposes of production, distribution, sale etc. Other distinctive features of child porn law is that in
most cases, not only creation, publication, transmission, sale and so on, but also acts like enticing or
inducing children to commit explicit acts, facilitating child abuses etc. are punishable offences.
Indian law is singular in that it restricts itself to pornography in electronic form only. Section 67B
punishes acts such as (a) publication, transmission etc.; (b) creating text or digital images, or
collecting, seeking, browsing, exchanging etc. such material; (c) cultivating, enticing or inducing
children through online relationships to commit sexually explicit acts; (d) facilitating child abuse
online; and (e) electronically recording sexually explicit acts involving children. Interestingly, the
Section does not render punishable either mere possession per se or the act of viewing such
material, but cl (b) does make mention of acts like collecting, seeking (through a search engine?),
browsing, and downloading such material.

A discussion of obscenity under the IT Act cannot be complete without at least a brief look at the
liability of intermediaries. Section 67C requires intermediaries (such as, for example, ISPs) to retain
certain material as per the specifications of the government; individuals intentionally or knowingly
failing to do so may be imprisoned for up to three years and also be subject to fine.

28.8 Conclusion

In this module we undertook a broad overview of the notion of cyber crime. We saw that it
comprises a vast area. Many acts deemed to be cyber crimes bear little connection with each other.
Some are variants of crimes recognised in the offline world, others have no equivalent in the latter.
However, several characteristics are common to at least most among them. These include
perpetration on an immense scale through minimal resources; commission across national
boundaries; easily determinable mens rea; and lastly, reliance on statute law.

The crimes themselves can be classified into four broad categories: acts related to unauthorised
access or hacking (S.66), tampering with source documents (S. 65), obscenity (Ss. 67 – 67B); and
new offences introduced by the 2009 Amendment (Ss. 66A – 66F).

It is clear that the law relating to these offences are in a state of nascence, which is only underscored
by the dearth of case law. As time passes, their character, scope, and ambit will surely attain greater
levels of maturity.

27
Criminal Code 1985. S 163.1(4).
28
Optional Protocol on the Sale of Children, Child Prostitution and Child Pornography (2002) of the Convention on
the Rights of the Child, Art 3 (India is also a signatory to this).