CYBER LAW

NOTES FOR EXAM PURPOSES

Disclaimer: This guide is intended for understanding Cyber

law based on the MG University syllabus and is not a
comprehensive set of notes

PREPARED BY
VISVAJITH THAMPAN & AYISHA RISWANA
 MODULE 1:
ORIGIN,MEANING AND SCOPE OF CYBER LAW:
The virtual world of internet is known as cyberspace and the laws governing this area
are known as Cyber laws and all the netizens of this space come under the ambit of
these laws as it carries a kind of universal jurisdiction. Cyber law can also be
described as that branch of law that deals with legal issues related to use of inter-
networked information technology. In short, cyber law is the law governing
computers and the internet. The growth of Electronic Commerce has propelled the
need for vibrant and effective regulatory mechanisms which would further
strengthen the legal infrastructure, so crucial to the success of Electronic Commerce.
All these regulatory mechanisms and legal infrastructures come within the domain of
Cyber law. Cyber law is important because it touches almost all aspects of
transactions and activities on and involving the internet, World Wide Web and
cyberspace. Every action and reaction in cyberspace has some legal and cyber legal
perspectives.
Cyber law encompasses laws relating to –
• Cyber crimes • Electronic and digital signatures • Intellectual property • Data
protection and privacy ETC…
In India, cyber laws are contained in the Information Technology Act, 2000 ("IT Act")
which came into force on October 17, 2000. The main purpose of the Act is to
provide legal recognition to electronic commerce and to facilitate filing of electronic
records with the Government. The following Act, Rules and Regulations are covered
under cyber laws: 1. Information Technology Act, 2000 2. Information Technology
(Certifying Authorities) Rules, 2000 3. Information Technology (Security Procedure)
Rules, 2004 4. Information Technology (Certifying Authority) Regulations, 2001.
Need for/ scope of cyber law in India:
Cyber law refers to the legal framework that governs online activities, transactions,
and interactions. Here are some key reasons why cyber law is essential in India:
• Cybercrimes: The internet has opened up new avenues for criminal activities,
such as hacking, cyberbullying, online fraud, identity theft, and data breaches.
Cyber laws are necessary to define these offenses, establish penalties, and
provide law enforcement agencies with the tools to investigate and prosecute
cybercriminals.

1
 • Data Protection: With the increasing use of digital platforms and the collection
of personal data, there is a need for laws that protect the privacy and security
of individuals' information. In India, the Personal Data Protection Bill, 2019,
aims to regulate the processing of personal data and ensure data privacy.
• E-commerce and Online Contracts: E-commerce has become a significant part
of the Indian economy. Cyber laws are essential for regulating online
transactions, contracts, and disputes that may arise in the digital marketplace.
• Intellectual Property Protection: The internet is a medium through which
intellectual property, such as copyrighted material and trademarks, can be
easily infringed upon. Cyber laws provide mechanisms for protecting
intellectual property rights in the digital domain.
• Cybersecurity: Cybersecurity measures and standards are vital to protect
critical infrastructure, government systems, and private enterprises from cyber
threats. Cyber laws can mandate cybersecurity practices and establish legal
obligations for organizations to safeguard their digital assets.
• Cyberbullying and Online Harassment: The rise of social media and online
communication platforms has led to instances of cyberbullying and online
harassment. Cyber laws can address these issues and provide remedies for
victims.
• Electronic Evidence: In legal proceedings, electronic evidence plays a crucial
role. Cyber laws establish the admissibility and authenticity of electronic
records and data in court.
• International Cooperation: As cybercrimes often have an international
dimension, India needs cyber laws that align with international standards and
facilitate cooperation with other countries in investigating and prosecuting
cybercriminals.
• Consumer Protection: Online consumers need protection from fraudulent
online businesses and unfair practices. Cyber laws can establish consumer
rights and mechanisms for dispute resolution.
• National Security.
EVOLUTION OF CYBER LAW
History of cyber law in India The information Technology Act is an outcome of the
resolution dated 30th January 1997 of the General Assembly of the United Nations,
which adopted the Model Law on Electronic Commerce, adopted the Model Law on
Electronic 17 Commerce on International Trade Law.

2
 This resolution recommended, inter alia, that all states give favourable consideration
to the said Model Law while revising enacting new law, so that uniformity may be
observed in the laws, of the various cyber-nations, applicable to alternatives to paper
based methods of communication and storage of information.
The Department of Electronics (DoE) in July 1998 drafted the bill. However, it could
only be introduced in the House on December 16, 1999 (after a gap of almost one
and a half years) when the new IT Ministry was formed. It underwent substantial
alteration, with the Commerce Ministry making suggestions related to e-commerce
and matters pertaining to World Trade Organization (WTO) obligations. The Ministry
of Law and Company Affairs then vetted this joint draft. After its introduction in the
House, the bill was referred to the 42-member Parliamentary Standing Committee
following demands from the Members. The Standing Committee made several
suggestions to be incorporated into the bill. However, only those suggestions that
were approved by the Ministry of Information Technology were incorporated. One of
the suggestions that was highly debated upon was that a cyber café owner must
maintain a register to record the names and addresses of all people visiting his café
and also a list of the websites that they surfed. This suggestion was made as an
attempt to curb cyber crime and to facilitate speedy locating of a cyber criminal.
However, at the same time it was ridiculed, as it would invade upon a net surfer’s
privacy and would not be economically viable. Finally, this suggestion was dropped
by the IT Ministry in its final draft. The Union Cabinet approved the bill on May 13,
2000 and on May 17, 2000, both the houses of the Indian Parliament passed the
Information Technology Bill. The Bill received the assent of the President on 9th June
2000 and came to be known as the Information Technology Act, 2000. The Act came
into force on 17th October 2000. With the passage of time, as technology developed
further and new methods of committing crime using Internet & computers surfaced,
the need was felt to amend the IT Act, 2000 to insert new kinds of cyber offences and
plug in other loopholes that posed hurdles in the effective enforcement of the IT Act,
2000. This led to the passage of the Information Technology (Amendment) Act, 2008
which was made effective from 27 October 2009. The IT (Amendment) Act, 2008 has
brought marked changes in the IT Act, 2000 on several counts.

CLASSIFICATION OF CYBER CRIMES:

Cybercrimes can be classified into various categories based on the type of criminal

3
activity or the target of the crime. Here are some common classifications of
cybercrimes:
A) Cyberfraud:
• Phishing: Attempts to trick individuals into revealing personal or financial
information.
• Identity Theft: Unauthorized use of someone's personal information for
financial gain.
• Online Scams: Deceptive schemes to defraud individuals or organizations.

B) Cyberattacks:
• Hacking: Unauthorized access to computer systems or networks.
• Malware: Creation or distribution of malicious software (e.g., viruses,
ransomware, spyware).
• Denial-of-Service (DoS) Attacks: Overloading a system or network to disrupt its
operation.
• SQL Injection: Exploiting vulnerabilities in web applications to gain
unauthorized access to databases.

C) Cybercrimes against Individuals:

• Cyberbullying: Harassment, threats, or intimidation using digital means.
• Online Stalking: Persistent and unwanted online surveillance or harassment.
• Revenge Porn: Non-consensual sharing of explicit images or videos.

D) Financial Cybercrimes:

• Credit Card Fraud: Unauthorized use of credit or debit card information.

• Online Banking Fraud: Unauthorized access to bank accounts or financial fraud
through online banking systems.
• Cryptocurrency Scams: Deceptive schemes involving cryptocurrencies.

E) Intellectual Property Theft:

• Copyright Infringement: Unauthorized use, reproduction, or distribution of
copyrighted material.
• Trademark Infringement: Unauthorized use of trademarks for financial gain.
F) Cybercrimes against Governments and Organizations:
o Espionage: Unauthorized access to government or corporate secrets.

4
 • State-Sponsored Cyberattacks: Cyberattacks initiated or sponsored by
governments.
• Corporate Data Breaches: Unauthorized access to sensitive corporate data.
• Industrial Espionage: Theft of trade secrets and proprietary information for
competitive advantage.

G) Cybercrimes against Infrastructure:

• Critical Infrastructure Attacks: Targeting essential systems such as power grids,
transportation, or healthcare.
• Cyberterrorism: Using cyberattacks to create fear, disrupt society, or promote
a political agenda.

H) Child Exploitation and Online Crimes:

• Child Pornography: Creation, distribution, or possession of explicit materials
involving minors.
• Online Grooming: Adults befriending and manipulating minors online for illicit
purposes.

F) Social Engineering:
• Baiting and Social Engineering Attacks: Manipulating individuals into divulging
confidential information.
• Cyber Extortion:
• Ransomware: Encrypting files or systems and demanding a ransom for
decryption.
• Online Hate Crimes and Cyberbullying:
• Hate Speech: Promoting violence or hatred against individuals or groups based
on race, religion, ethnicity, etc.
• Unlawful Access and Unauthorized Data Disclosure:
• Unauthorized Access: Gaining unauthorized access to computer systems or
networks.
• Data Theft and Disclosure: Stealing and disclosing sensitive data without
consent.

Difference between Conventional Crime and Cybercrime

5
Basis Cybercrime
These crimes basically involve the use
of computers, the internet, or other
Methods used
digital devices to commit a crime.
to commit the
Examples of cybercrimes include
crime
malware attacks, identity theft, and
online fraud.
Remain undetected for a long period
Duration of
as there is no physical presence and
detection
no on-ground evidence.
Cybercrime targets online
Types of victims interconnected systems, digital assets,
targeted and sensitive personal information or
health information.
Cybercrimes are committed on a large
scale because in such a crime physical
proximity to the victim is not required.
Scale of crime
e.g.- A single computer can hack
thousands of bank websites. and loot
them at a single instance.
Victims of cybercrime experience
Types of damage to their digital reputation or
Consequences loss of sensitive personal information
that can be used for identity theft.
Spamming, Phishing, Hacking,
Examples Cyberbullying, Cyberstalking,
Malware, and many more.
CYBER SPACE:
Refer ANIL K page 85.
Cyberspace refers to the virtual computer world, and more specifically, an electronic
medium that is used to facilitate online communication. Cyberspace typically involves
6
Conventional crime
Conventional crime typically
involves physical force or the
threat of physical force to
commit the crime. Examples of
conventional crimes include
theft, assault, and burglary.
Get detected immediately
because it leaves physical
traces of the crime.
Conventional crime tends to
target individuals or physical
assets such as offices, relatives,
and homes.
on a limited scale as
conventional crime comes in
physical proximity to the
victim.
e.g.- A robber can rob one or
two banks in a single day only.
Conventional crime can have
physical, emotional, and
financial consequences for
victims.
Murder, Extortion, Bullying,
and many more.
a large computer network made up of many worldwide computer subnetworks that
employ TCP/IP protocol to aid in communication and data exchange activities.
Cyberspace allows users to share information, interact, swap ideas, play games,
engage in discussions or social forums, conduct business and create intuitive media,
among many other activities.

Fundamentals of cyber space:

1. Physical foundations: such as land and submarine cables, and satellites that pro-
vide
communication pathways, along with routers that direct information to its
destination.
2. Logical building blocks: including software such as smartphone apps, operating
systems, or web browsers, which allow the physical foundations to function and
communicate.
3. Information: that transits cyberspace, such as social media posts, texts, financial
transfers or video downloads. Before and after transit, this information is often
stored on (and modified by) computers and mobile devices, or public or private cloud
storage services.
4. People: that manipulate information, communicate, and design the physical and
logical components of cyberspace.

Collectively these tangible and intangible layers comprise cyberspace, which we are
increasingly dependent on for essential components of daily life.

The four layers of cyberspace described above (physical, logical, information, and
people)
have three primary characteristics—connectivity, speed and storage.

SOURCE CODE:

In computing, source code is any collection of code, with or without comments,

written using a human- readable programming language, usually as plain text. The
source code of a program is specially
designed to facilitate the work of computer programmers, who specify the actions to
be performed by a computer mostly by writing source code. The source code is often
transformed by an assembler or compiler into binary machine code that can be
executed by the computer. The machine code might then be stored for execution at a
later time. Alternatively, source code may be interpreted and thus
immediately executed.

7
Source code refers to the human-readable instructions or programming statements
that a programmer writes to create computer software or applications. It is the
foundation of any software project and serves as the original set of instructions that
a computer can understand and execute.

Most application software is distributed in a form that includes only executable files.
If the source code were included it would be useful to a user, programmer or a
system administrator, any of whom might wish to study or modify the program.

Definitions

The Linux Information Project defines source code as: Source code (also referred to
as source or code) is the version of software as it is originally written (i.e., typed into
a computer) by a human in plain text
(i.e., human readable alphanumeric characters).

Organization

The source code which constitutes a program is usually held in one or more text files
stored on a computer's hard disk; usually these files are carefully arranged into a
directory tree, known as a source tree. Source code can also be stored in a database
(as is common for stored procedures) or elsewhere.
The source code for a particular piece of software may be contained in a single file or
many files. Though the practice is uncommon, a program's source code can be
written in different programming languages.
For example, a program written primarily in the C programming language, might have
portions written in assembly language for optimization purposes. It is also possible
for some components of a piece of software to be written and compiled separately,
in an arbitrary programming language, and later
integrated into the software using a technique called library linking. In some
languages, such as Java,
this can be done at run time (each class is compiled into a separate file that is linked
by the interpreter at runtime).

Purposes

8
Source code is primarily used as input to the process that produces an executable
program (i.e., it is compiled or interpreted). It is also used as a method of
communicating algorithms between people (e.g., code snippets in books). Computer
programmers often find it helpful to review existing source code to learn about
programming techniques. The sharing of source code between developers is
frequently cited as a contributing factor to the maturation of their programming
skills.[8] Some people consider source code an expressive artistic medium.

The situation varies worldwide, but in the United States before 1974, software and its
source code was not copyrightable and therefore always public domain software.

In 1974, the US Commission on New Technological Uses of Copyrighted Works

(CONTU) decided that "computer programs, to the extent that they embody an
author's original creation, are proper subject matter of copyright".

ESCROW:

Escrow is a legal arrangement often used in financial transactions to protect the

interests of all parties involved. It involves the placement of assets, such as money,
securities, or documents, into the custody of a neutral third party (the escrow agent)
until certain conditions are met or a specific event occurs.There will be an escrow
agreement and conditions will be listed out in it.

With regard to cyber law there is source code/software escrow. Escrow in the
context of cyberspace refers to a digital or online version of the traditional escrow
service. It involves the secure holding of digital assets, such as cryptocurrency,
software code, domain names, or other digital goods, by a trusted neutral third party
until certain conditions are met. This concept is particularly relevant in various online
transactions and agreements.

An online escrow service provider acts as the trusted intermediary. These providers
are often specialized platforms or companies that facilitate and secure the escrow
process.

9
The parties involved in a digital transaction (e.g., buyers, sellers, or participants in a
smart contract) agree to use an online escrow service and define the terms and
conditions for the release of the digital assets. Conditions for the release of assets are
specified in a digital escrow agreement. Once all conditions are met and verified, the
escrow service provider releases the digital assets to the appropriate party or parties

In case of any dispute the intermediary has to hold it and try to find a solution.

SOFTWARE LICENSING:

What is a software license?

A software license is a document that provides legally binding guidelines for the use
and distribution of software.

Software licenses typically provide end users with the right to one or more copies of
the software without violating copyrights. The license also defines the responsibilities
of the parties entering into the license agreement and may impose restrictions on
how the software can be used.

Software licensing terms and conditions usually include fair use of the software, the
limitations of liability, warranties and disclaimers. They also specify protections if the
software or its use infringes on the intellectual property rights of others.

Software licenses typically are proprietary, free or open source. The distinguishing
feature is the terms under which users may redistribute or copy the software for
future development or use.

How do software licenses work?

A software license is a document that states the rights of the developer and user of a
piece of software. It defines how the software can be used and how it will be paid
for. The following are some examples of specifications a license might include:

• how many times the software can be downloaded;

10
 • what the software will cost; and
• what level of access users will have to the source code.
How license agreements protect developers
• They protect developers' intellectual property and trade secrets based on
copyright laws.
• They limit what other parties can do with the covered software code.
• They limit the liability of the vendor.
How license agreements protect users
• They define what users can do with software code they did not write.
• They establish how users stay in compliance with software licenses, protect
themselves from infringement claims and limit their legal liability.
• They help users maintain a positive relationship with software developers
and vendors.
• They prevent overspending on licenses by establishing clear parameters of
how many licenses an organization needs.

• Proprietary software license

• IT is a PC software that is authorized by the proprietor of the copyright under
quite certain terms. It is the most prohibitive kind of permitting understanding
wherein the first code was composed by the software engineers are not
accessible to the users.
• Along these lines they can utilize the product yet they can’t change it or
redistribute it. This product is otherwise called the closed source software and
the working of windows and Mac is a case of this software. To ensure their
protected innovation, the organizations go into this type of license.
•

• Free software license

• These have lesser limitations than the previous one. The product can be
unreservedly utilized by the clients to adjust the product, or redistribute it,
which would somehow or another be restricted by copyright law. Along these
lines, a free programming permit is gone into by the proprietors of the product

11
 when they wish to give the beneficiaries the benefit of changing or
redistributing the copyrighted work.

• Open-source software license

• It permits the client to make changes to the product and make the source code
accessible or transparent. As it permits different engineers to see the first
code, it is typically evolved as an open coordinated effort and made
unreservedly accessible.
• The permit doesn’t confine any gathering from selling or redistribution of the
product as long as the dispersion is made under indistinguishable terms from
the permission of the first programming. The General Public License or GNU is
a case of an open-source programming permit that was created because of
joint effort and exploration of open engineer networks.

Copyright Act, 1957:

Software is considered a literary work under the Copyright Act. The act grants
copyright protection to software, including source code and object code.
Software developers have the exclusive right to reproduce, distribute, and adapt
their software.
Licensing agreements are used to grant others the right to use the software while
retaining the copyright.

SHRINK WRAP CONTRACTS:

The electronic or e-contracts help in making agreements and transactions

electronically in the physical absence of the parties. It aims at making lawfully binding
contracts at a much faster rate with the use of latest technology. Shrink wrap,
clickwrap and browsewrap are common types of contracts used in electronic
commerce.

Shrink wrap contracts are boilerplate or license agreements or other terms and
conditions which are enveloped with the products. The usage of the product
estimates the acceptance of the contract by the consumer. The term ‘Shrink Wrap’
describes the shrink wrap plastic wrapping which covers software boxes or the terms
and conditions which come along with products on carriage.

PC programming companies largely relies on the utilization of “Shrink- wrap” permit

assertions in the mass business sector transmission of programming. “Shrink- wrap”
12
assertions are unsigned permit identifications which state that acknowledgment on
the client of the terms of the assertion is demonstrated by opening the Shrink- wrap
bundling or other Bundling of the product, by utilization of the product, or by some
other determined instrument.

The validity of the shrink-wrap agreement came into question in the case ProCd Inc
vs. Zeidenberg. In this case, the manufacturer has included a shrink license in its
packaged software. The customer purchased the software but didn’t follow the
license restricting its commercial usage. To enforce the license, the appellant filed for
an injunction. The court denied the injunction while stating that though the terms
and conditions are not explicitly provided, the license was to be treated as an
ordinary contract. Thus, it is enforceable.

Click- wrap agreement is mostly found as part of the installation process of software
packages. It is also called a “click-through” agreement or click-wrap license. It is a
take-it-or-leave-it contract which lacks bargaining power. If a customer likes a
product and wants to buy it or avail its service he clicks on ‘I accept’ or ‘Ok’ and if he
rejects it, then cannot buy that product or avail that service. Click-wrap agreements
can be of the following types:

1. Type and Click where the user must type “I accept” or other specified words in
an on-screen box and then click a “Submit” or similar button. This displays
acceptance of the terms of the contract. A user cannot proceed to download
or view the target information without following these steps.
2. Icon Clicking where the user must click on an “OK” or “I agree” button on a
dialog box or pop-up window. A user indicates rejection by clicking “Cancel” or
closing the window. The terms of service or license may not always appear on
the same webpage or window, but they must always be accessible before
acceptance.
A Click- wrap assertion is a kind of agreement that is broadly utilized with
programming licenses and online exchanges in which a client must consent to terms
and conditions before utilizing the item or administration.

On the screen, the user should be informed that this is an enforceable contract and a
binding on him for his action. It should be legible. In the case of Long v. Provide
Commerce, Inc. (2016) where it was about a person buying folwers and not getting in
the way he ordered. The respondent site claimed the click wrap agreement however
the court rejected it stating that it was not properly shown on the screen.

13
The odds are that you consent to Click- wrap contracts all the time. These assertions
commonly show up in an autonomous page when the client experiences an online
enrolment procedure.

Browse-wrap agreements cover the access to or use of materials available on a

website or downloadable product. Only if the person agrees to the terms and
conditions on the web page, then he can access the contents of the web page.

In most cases, the website or the Browse-wrap includes a statement that the user’s
continued use of the website or the downloaded software manifests assents to those
terms. Many times, the terms mentioned in the Browse-wrap are explicitly displayed
on the website but the existence of such browse wrap is hidden or not seen on the
page.

T he Burden of proof lies on the website owner to demonstrate that the user has
complete and actual knowledge of all the terms and conditions mentioned therein.

INTERNET PROTOCOL:

The term "Internet Protocol" refers to a set of rules and conventions that govern how data
is transmitted and received over the Internet. It is a fundamental part of the Internet's
infrastructure and is responsible for routing data packets between devices and networks to
ensure that information can be exchanged reliably and efficiently. There are 2 major
protocols : IPv4 (Internet Protocol version 4) and IPv6 (Internet Protocol version 6)

INTERNET AND ONLINE RESOURCES:

Electronic resources, or e-resources, refer to digital information and materials
accessed and utilized through various devices, such as computers, smartphones,
tablets, and e-readers. These resources include e-books, e-journals, online databases,
multimedia materials, and other forms of digital content. The increasing popularity of
electronic resources can be attributed to their accessibility, cost-effectiveness,
efficiency, and eco-friendliness. Electronic resources have revolutionized how
information is accessed and shared, impacting various domains such as education,
research, healthcare, and business.
Electronic resources can be broadly categorized into online e-resources and other
electronic resources.

14
 1. Online e-resources: Online e-resources refer to digital materials accessible
through the Internet. Users can access these resources through various
electronic devices such as computers, smartphones, and tablets. Examples of
online e-resources include e-books, e-journals, online databases, online
magazines, and newspapers. These resources are accessed through websites,
digital libraries, and online platforms, and users can search, view, and
download them.

1. Online e-resources, which may include:

• E-journal

An e-journal, or an electronic or online journal, is a publication available in an

electronic format over the Internet. E-journals can be accessed and read from
anywhere with an internet connection, using a computer, tablet, or
smartphone.E-journals can cover various topics and subjects and be published
by academic institutions, professional organizations, and commercial
publishers. They may be peer-reviewed, which means that experts evaluate
articles before being published, or they may be open access, which means that
the articles are freely available to anyone without charge.

• E-books:

An e-book, or electronic book, is a digital version of a printed book that can be

read on electronic devices such as computers, tablets, smartphones, e-readers,
and other portable devices. E-books are typically available in popular formats
such as PDF, EPUB, MOBI, and AZW, which can be downloaded from various
online retailers, digital libraries, or other sources.

Some of the drawbacks of e-books include potential eye strain from reading on
screens, compatibility issues with certain devices or software, and potential
data privacy and security issues. However, e-books are becoming increasingly
popular due to their convenience, affordability, and accessibility.

• Online academic databases:

Online academic databases are digital collections of scholarly research

materials available to students, researchers, and scholars. These databases
typically include peer-reviewed academic journals, conference proceedings,
books, dissertations, and other scholarly materials. Online academic databases
are often subscription-based and can be accessed through academic libraries
or online services.Online academic databases offer several benefits over
15
 traditional print resources. They provide immediate access to a vast array of
scholarly materials, allow for easy searching and filtering of content, and
enable users to stay up-to-date on the latest research in their field.
Additionally, online academic databases often include tools for citation
management and article tracking, making it easier for researchers to keep
track of their sources and stay organized.

• Online Magazine:

Online magazines, also known as web magazines or digital magazines, are

published exclusively online or in digital format. They may be issued by
traditional print publishers, online-only publishers, or individual creators.
Online magazines can cover various topics, including fashion, lifestyle, news,
entertainment, and more.

• Online Newspaper:An online newspaper, also known as a digital newspaper or

e-newspaper, is a digital version of a printed newspaper that can be accessed
and read online. Traditional print publishers or online-only publishers may
publish online newspapers and cover a wide range of topics, including local
and global news, business, sports, entertainment, and more.
• Web sites:

A website is a collection of web pages hosted on a web server and accessible

through the internet using a web browser. Websites can be created for a
variety of purposes, including personal blogs, online stores, news websites, and
company or organizational websites. Some common features of websites
include navigation menus, headers, footers, and content areas. Websites may
also include multimedia elements such as images, videos, and audio, as well as
interactive features like forms and social media integration.

2. Other electronic resources: Other electronic resources refer to digital materials

that are not accessible through the Internet. These resources are stored on electronic
media such as CDs, DVDs, USB drives, and hard drives and can be accessed by users
through appropriate devices. Examples of other electronic resources include
multimedia materials, digital archives, digital maps, and digital images. These
resources are usually stored in digital formats, making them easy to search, view, and
copy.

• CD.DVD ROM: CD/DVD-ROM is an optical storage media that uses laser

technology to read data stored on the disc. It is used for distributing software,
music, and movies and is a read-only media, meaning data can only be read

16
 from the disc, not written to it. It is commonly used for the physical
distribution of data.
• Diskettes: A diskette, also known as a floppy disk, is a type of magnetic storage
media used in the past for storing and transferring data between computers. It
consists of a plastic disk coated with a magnetic material. It is now largely
obsolete due to newer storage technologies offering larger capacity, faster
transfer rates, and more excellent reliability.
• Other portable computer databases.

UNCITRAL:
UNCITRAL stands for the United Nations Commission on International Trade Law. It is
a subsidiary body of the United Nations General Assembly and was established in
1966. UNCITRAL's primary mandate is to promote the harmonization and
modernization of international trade law.
UNCITRAL plays a crucial role in the development of international trade law by
creating model laws, conventions, and rules that member states can adopt or use as
guidelines when drafting their own national laws. These efforts help facilitate
international trade and commerce by providing a common legal framework for
business transactions across borders.
UNCITRAL has developed the UNCITRAL Model Law on International Commercial
Arbitration, which serves as a model for countries to create or update their
arbitration laws. This promotes the use of arbitration as a method for resolving
international commercial disputes.
UNCITRAL has worked on legal frameworks for electronic commerce and electronic
signatures to promote the use of technology in international trade transactions.
UNCITRAL's work on legal frameworks for electronic commerce and electronic
signatures is aimed at creating a supportive legal environment for conducting
international trade transactions using electronic means. This effort is particularly
important in today's digital age, where businesses and individuals increasingly rely on
electronic communications and transactions to conduct cross-border trade.
UNCITRAL has developed a Model Law on Electronic Commerce, which serves as a
template for countries to adopt when creating or updating their national laws related
to electronic transactions. This model law addresses various aspects of electronic

17
commerce, including electronic contracts, electronic signatures, and the use of
electronic data interchange (EDI)
UNCITRAL also addresses consumer protection issues related to electronic
commerce, such as transparency in online transactions and dispute resolution
mechanisms for online consumers.
UNCITRAL has developed a Model Law on Electronic Signatures, which provides a
legal framework for the use and acceptance of electronic signatures in international
transactions. This model law helps countries establish a consistent and secure
approach to electronic signatures.
UNCITRAL's efforts also aim to facilitate the cross-border recognition and acceptance
of electronic signatures, ensuring that documents signed electronically in one
jurisdiction are recognized and enforceable in other jurisdictions.
The UNCITRAL model has clarified various legal issues arising out of online video
conferencing, Internet banking, stock, trading etc.
Indian I.T. Act, 2000 is enacted mainly based on the UNCITRAL model.

Other International Covenants

• UN convention on Use of Electronic Communications in International

Contracts- commonly known as ECC, 2005 was prepared by UNCITRAL
• TRIPS (Trade Related Aspects of Intellectual property Rights) and WIPO (World
Intellectual Property Organization) Aims to address Intellectual Property issues
on International level. WIPO net connects many intellectual property rights
offices throughout the world
• BUDAPEST convention, 2001, Aims to deal with copyright Infringement,
computer fraud, child pornography, hate-crimes, violation of network security,
lawful interception also aims to achieve international co- operation to
harmonize domestic laws in these matters. India has not signed it.
• G8 Action plan 1997 involving USA, UK, Russia, France, Italy, Japan, Germany
and Canada.
• International Telecommunications Union is a UN agency which aims at
standardization and development of telecommunication and cyber- security
issues.
• Geneva Action Plan

18
 • UN General Assembly Resolutions, 1990, 2000 and 2002 to deal with criminal
misuse of Information Technology.

NET NEUTRALITY:
Net neutrality is a principle that advocates for equal treatment of all data on the
internet, without discrimination or preference given to particular websites, services,
or content. It ensures that internet service providers (ISPs) treat all data, applications,
and content transmitted over their networks in an unbiased and non-discriminatory
manner.
THIS IS A VERY HEATED DEBATE IN RECENT TIMES.

Equal Access: Net neutrality ensures that all internet users have equal access to the
same content and services at the same speed. ISPs cannot block, throttle (slow
down), or prioritize certain internet traffic based on the source, destination, or
content.
No Discrimination: Net neutrality prohibits ISPs from favoring their own content or
services over those of competitors. They should not engage in discriminatory
practices that give certain websites or applications an advantage.
Transparency: ISPs are expected to be transparent about their network management
practices, ensuring that consumers are informed about any potential limitations or
restrictions on their internet service.
Consumer Choice: Net neutrality gives consumers the freedom to choose the
websites, services, and content they want to access without any interference from
their ISPs.

Criticism of Net Neutrality

• Forcing ISPs to treat all traffic equally the government will ultimately discourage
the investment in new infrastructure, and will also create a disincentive for ISPs to
innovate.
• Conservative think tanks, hardware companies, and major telecommunication
providers are popular critics of net neutrality.

19
• ISPs argue that tiered prices allow them to remain competitive and generate funds
needed for further innovation and expansion of broadband networks, as well as to
recoup the costs already invested in broadband

EVOLUTION OF IT ACT,2000;

(Refer the topic origin of cyber law)

The United Nations Commission on International Trade Law (UNCITRAL) in 1996

adopted a model law on e-commerce and digital intricacies. It also made it
compulsory for every country to have its own laws on e-commerce and cybercrimes.
In order to protect the data of citizens and the government, the Act was passed in
2000, making India the 12th country in the world to pass legislation for cyber crimes.
It is also called the IT Act and provides the legal framework to protect data related to
e-commerce and digital signatures. It was further amended in 2008 and 2018 to meet
the needs of society. The Act also defines the powers of intermediaries and their
limitations.

SALIENT FEATURES OF IT ACT,2000:

Information Technology Act, 2000 is India’s mother legislation regulating the use of
computers, computer systems and computer networks as also data and information
in the electronic format. This legislation has touched varied aspects pertaining to
electronic authentication, digital (electronic) signatures, cyber crimes and liability of
network service providers.

This Act was amended by Information Technology Amendment Bill, 2008 which was
passed in Lok Sabha on 22nd December, 2008 and in Rajya Sabha on 23rd December,
2008.

The IT Act of 2000 was developed to promote the IT industry, regulate ecommerce,
facilitate e-governance and prevent cybercrime. The Act also sought to foster
security practices within India that would serve the country in a global context. The
Amendment was created to address issues that the original bill failed to cover and to
accommodate further development of IT and related security concerns since the
original law was passed. The IT Act, 2000 consists of 90 sections spread over 13
chapters and has 2 schedules

SALIENT FEATURES:

20
Following are the features of the Act: ( Once you finish all 5 modules you can easily
add points)

• The Act is based on the Model Law on e-commerce adopted by UNCITRAL.

• It has extra-territorial jurisdiction.
• It defines various terminologies used in the Act like cyber cafes, computer
systems, digital signatures, electronic records, data, asymmetric
cryptosystems, etc under Section 2(1).
• It protects all the transactions and contracts made through electronic
means and says that all such contracts are valid. (Section 10A)
• It also gives recognition to digital signatures and provides methods of
authentication.
• It contains provisions related to the appointment of the Controller and its
powers.
• It recognises foreign certifying authorities (Section 19).
• It also provides various penalties in case a computer system is damaged by
anyone other than the owner of the system.
• The Act also provides provisions for an Appellate Tribunal to be established
under the Act. All the appeals from the decisions of the Controller or other
Adjudicating officers lie to the Appellate tribunal.
• Further, an appeal from the tribunal lies with the High Court.
• The Act describes various offences related to data and defines their
punishment.
• It provides circumstances where the intermediaries are not held liable even
if the privacy of data is breached.
• A cyber regulation advisory committee is set up under the Act to advise the
Central Government on all matters related to e-commerce or digital
signatures.

21
 MODULE 2:

JURISDICTION IN CYBER SPACE:

Jurisdiction is the authority of a court to hear a case and resolve a dispute involving
person,property and subject matter.

The rapid development of internet over the years have led to a global impact of
jurisdiction. This approach usually brings parties residing in different countries/
jurisdiction in contact with each other. This leaves a question of which court will
address the issue in case it happens.

By section 1(2) of The IT ACT,2000 the Act extends to whole of India and applies to
any offence or contravention committed outside india by any person.

By sec,75 the provisions of the Act shall also apply to any offence committed outside
India by any person irrespective of his nationality. However the Act applies if
committed outside India by any person only if the act or conduct involves a
computer, computer system or network located in India.

The Indian courts can take cognizance of offences punishable under the Act if the
device or network was located in India even if the offence was committed outside
India. The courts can even proceed against a foreigner by this condition.

Sec 46 of the Act renders power to adjudicate in case of contravention of any

provision of this act and for the purpose adjudging it provides for the appointment of
adjudicating officer who is vested with the powers of civil courts which are conferred
on the Cyber Appellate Tribunal

Sec (48) of the act provides for the Establishment of Cyber Appellate Tribunal (1) The
Central Government shall, by notification, establish one or more appellate tribunals
to be known as the Cyber Regulations Appellate Tribunal.

Sec.( 61) Civil Court not to have Jurisdiction

the Criminal Procedure Code under Section 177 to 189 deals with the jurisdiction of
Court. Section 177 lays down that the offence will be tried down by the Court within
whose local jurisdiction the offence was committed. If the offence is a continuing one
or committed in parts in different territory, as per Section 178 the Court having the
jurisdiction over any of such local area can entertain the trail. Section 179 lays down

22
the principle that the jurisdiction of Court where offence is committed or
consequence is ensued. Following it Section 182 requires that any offence of cheating
by means of telecommunication be tried into any court whose local jurisdiction such
message were sent or received. In case of the offender commits the crime beyond
local jurisdiction but resides within the local jurisdiction, then within the jurisdiction
of local court where he resides may inquire into the offence as if it is committed in
the local area. Section 188 incorporate the nationality principle of jurisdiction as it
provides that if a citizen of India outside the country commits the offence, the same
is subject to the jurisdiction of court in India. However the court can apply the
jurisdiction in the above case only if the offender is brought within the territory of
the State.

IMPORTANCE OF JURISDICTION:
1. Legal Framework for Cyberspace:
Establishing clear rules and principles of cyber jurisdiction helps create a legal
framework for the internet, ensuring that online activities are governed by
appropriate laws and regulations.
2. Protection of Cybersecurity:
Cyber jurisdiction is crucial for addressing cybercrimes, data breaches, and hacking
incidents. Jurisdictions can take legal action against cybercriminals and impose
penalties to deter such activities.
3. Intellectual Property Protection:
Effective cyber jurisdiction helps protect intellectual property rights in the digital
realm. It enables individuals and businesses to enforce copyright and trademark laws,
preventing online piracy and counterfeiting.
4. Privacy Rights:
Jurisdiction plays a vital role in safeguarding individuals' online privacy. It ensures
that data protection laws are enforced, and individuals have recourse if their privacy
is violated online.
5. International Cooperation:

23
Cyber jurisdiction encourages international collaboration and cooperation among
countries to combat cross-border cyber threats. Mutual agreements and treaties
facilitate information sharing and the pursuit of cybercriminals across borders.
6. Clarity for Businesses:
For businesses operating online, a clear and predictable legal framework is essential.
Cyber jurisdiction provides businesses with a framework to understand their legal
obligations and responsibilities when conducting e-commerce or other online
activities.
7. Resolution of Disputes:
Jurisdiction is critical for resolving disputes that arise from online transactions,
contracts, or conflicts between parties in different jurisdictions. It allows for a legal
forum to address these issues.

Statutory jurisdiction:

statutory jurisdiction refers to the legal authority granted to courts through specific
statutes or laws to handle cases related to cybercrimes, cybersecurity, data privacy,
and other digital or internet-related legal issues. Statutory jurisdiction in cyber law is
crucial for addressing the unique challenges and complexities of the digital realm.
• Information Technology Act, 2000 (IT Act): The Information Technology Act is
the primary legislation governing cyber law in India. It provides a legal
framework for electronic transactions, digital signatures, data protection, and
cybercrimes. The IT Act establishes statutory jurisdiction for various cyber
offenses and empowers certain courts to hear and decide cases related to
these offenses.
• IPC : defines various cyber crimes.
• Intellectual Property Statutes,
• Consumer Protection Act, 2019:
• Adjudicating Authorities: Under the IT Act, the Central Government designates
Adjudicating Authorities to handle cases related to violations of data
protection and privacy rules, as well as other offenses under the Act. These
authorities have jurisdiction to adjudicate cases involving penalties and
compensation.

24
 • Cybercrime Police Stations: Many states in India have established specialized
cybercrime police stations, which have jurisdiction over cybercrime
investigations within their respective states. These police stations handle cases
related to hacking, online fraud, and cyberbullying.

Subject matter jurisdiction:

Subject matter jurisdiction is a legal concept that pertains to a court's authority or
competence to hear cases of a particular type or category. It defines the scope of the
issues or subject matters that a court has the power to adjudicate. Subject matter
jurisdiction is a fundamental principle of the legal system, ensuring that cases are
heard by the appropriate court and that the court has the legal authority to render a
decision on the specific type of dispute.

TERRITORIAL AND EXTRA TERRITORIAL JURISDICTION:

Judicial,Legislative and administrative competence :

There are three prerequisites of valid jurisdictions that are needed to be followed. A
person is compelled to follow the rules and regulations of the state. The state has the
power to punish a person violating such laws.

• Prescriptive Jurisdiction – This type of jurisdiction enables a country to impose

laws, particularly for a person’s activity, status, circumstances, or choice. This
jurisdiction is unlimited. Hence, a country can enact any law, or legislation on
any matter, even where the person’s nationality is different, or the act
happened at a different place. However, International law prevents any state
from legislating any such law contrary to other countries interests.
• Jurisdiction to Adjudicate – Under this jurisdiction, the state has the power to
decide the matter on a person concerned in civil or criminal cases despite the
fact that the state was a party or not; a mere relationship between both is

25
 sufficient. It is not necessary that a state having the prescribed jurisdiction
must also have jurisdiction to adjudicate.
• Jurisdiction to Enforce – This jurisdiction depends on the existence of
prescriptive jurisdiction; hence if prescriptive jurisdiction is absent, then it
cannot be enforced to punish a person violating its laws and regulations;
however, this jurisdiction is not exercised in an absolute sense and a state
cannot enforce its jurisdiction on a person or the crime situated or happened
in a different country.

Principles of jurisdiction:
• Principle of Nationality: It applies where the alleged offender is a national of
the State, the laws of which have been violated by his acts. In India, according
to IPC, an Indian national is liable to prosecution in India for an offence
committed in a foreign country which is punishable under Indian law. (Sec 3)
Punishment of offences committed beyond, but which by law may be tried
within, India.—Any person liable, by any [Indian law] to be tried for an offence
committed beyond [India] shall be dealt with according to the provisions of
this Code for any act committed beyond [India] in the same manner as if such
act had been committed within [India]

• Principle of passive personality- The passive personality principle gives

jurisdiction to a State over the activities of foreigners which harms the
nationals of that foreign state. This test is detested by customary international
law too and in the Lotus case the Turkey Statute justified the jurisdiction.

• Principle of Universality. Universal Jurisdiction: Another form of assuming

jurisdiction is known as universal jurisdiction or the universal interest
jurisdiction. As the name points out, this jurisdiction is assumed by any State to
prosecute an offender for acts which are known universally by International
law to be a heinous crime, i.e. hijacking, child pornography, cyber terrorism
etc. A cyber criminal can be prosecuted by any country based on universal

• Protective Principle- As the term suggests this principle comes to play where
security of any state endangered by the act of any foreign national. According
to the principle a state has jurisdiction in respect of “certain conduct outside

26
 its territory by persons that directed against the security of the state or against
a limited class of other state interests.

Appellate Jurisdiction:
Sec (48) of the act provides for the Establishment of Cyber Appellate Tribunal (1) The
Central Government shall, by notification, establish one or more appellate tribunals
to be known as the Cyber Regulations Appellate Tribunal.

Sec. (62) of IT ACT, Appeal to High Court: Any person aggrieved by any decision or
order of Cyber Appellate Tribunal may file an appeal to the High Court within 60 days
from the date of communication of such decision or order. An appeal may be on any
question of fact or law arising out of such order. The High Court may allow it to be
filed within a further period of 60 days, if it is satisfied that sufficient cause prevented
him from filing the appeal within the prescribed period.

Concurrent jurisdiction:

Concurrent jurisdiction in cyber law refers to a situation where multiple legal

authorities or jurisdictions have the authority to prosecute and regulate activities
related to cybercrimes and cyber-related legal issues. In the context of cyber law,
jurisdiction becomes complex due to the borderless nature of the internet, where
criminal activities can originate in one country and affect individuals or entities in
multiple other countries.
Each country has its own set of laws and regulations governing cybercrimes and
online activities. When a cybercrime occurs within a particular country's territory or
affects its citizens, that country's legal system typically asserts jurisdiction over the
case.
In some cases, countries may claim extraterritorial jurisdiction, meaning they can
prosecute individuals or entities located outside their borders if the cybercrime has a
significant impact on their citizens or infrastructure. This practice can lead to conflicts
between nations.

27
To address issues of concurrent jurisdiction in cyber law, countries often enter into
international agreements and treaties to facilitate cooperation and information
sharing in cybercrime investigations. One well-known example is the Budapest
Convention on Cybercrime.

AUTHORITIES UNDER THE ACT:

1. Department of Electronics and Information Technology :

The functions of the Department of Electronics and Information Technology, Ministry

of Communications & Information Technology, Government of India are as follows –
• Policy matters relating to Information Technology, Electronics and Internet. •
Initiatives for development of Hardware / Software industry including knowledge
based enterprises, measures for promoting Information Technology exports and
competitiveness of the industry. • Promotion of Information Technology and
Information Technology enabled services and Internet. • Assistance to other
departments in the promotion of E-Governance, EInfrastructure, E-Medicine, E-
Commerce, etc. • Promotion of Information Technology education and Information
Technology-based education. • Matters relating to Cyber Laws, administration of the
Information Technology Act. 2000 (21 of 2000) and other Information Technology
related laws. • Matters relating to promotion and manufacturing of Semiconductor
Devices in the country. • Interaction in Information Technology related matters with
International agencies and bodies. • Initiative on bridging the Digital Divide, Matters
relating to Media Lab Asia• Promotion of Standardization, Testing and Quality in
Information Technology and standardization of procedure for Information
Technology application and Tasks. • Electronics Export and Computer Software
Promotion Council (ESC). • National Informatics Centre (NIC) • All matters relating to
personnel under the control of the Department.

2. CERTIFYING AUTHORITY:(ANIL K NAIR)

A Certifying Authority is a trusted body whose central responsibility is to issue,

revoke, renew and provide directories of Digital Certificates. Certifying Authority
means a person who has been granted a license to issue an Electronic Signature
Certificate under section 24. Provisions with regard to Certifying Authorities are
covered under Chapter VI i.e. Sec.17 to Sec.34 of the IT Act, 2000. It contains detailed

28
provisions relating to the appointment and powers of the Controller and Certifying
Authorities.

3. Controller of Certifying Authorities (CCA) (ANIL K NAIR)

The IT Act provides for the Controller of Certifying Authorities (CCA) to license and
regulate the working of Certifying Authorities. The Certifying Authorities (CAs) issue
digital signature certificates for electronic authentication of users. The CCA certifies
the public keys of CAs using its own private key, which enables users in the
cyberspace to verify that a given certificate is issued by a licensed CA. For this
purpose it operates, the Root Certifying Authority of India (RCAI).

The functions of the Controller are –

(a) to exercise supervision over the activities of the Certifying Authorities;

(b) certify public keys of the Certifying Authorities;
(c) lay down the standards to be maintained by the Certifying Authorities;
(d) specify the qualifications and experience which employees of the Certifying
Authorities should possess;
(e) specify the conditions subject to which the Certifying Authorities shall conduct
their business;
(f) specify the content of written, printed or visual material and advertisements that
may be distributed or used in respect of a Electronic Signature Certificate and the
Public Key;
(g) specify the form and content of a Electronic Signature Certificate and the key;
(h) specify the form and manner in which accounts shall be maintained by the
Certifying Authorities;
(i) specify the terms and conditions subject to which auditors may be appointed and
the remuneration to be paid to them;
(j) facilitate the establishment of any electronic system by a Certifying Authority
either solely or jointly with other Certifying Authorities and regulation of such
systems;
(k) specify the manner in which the Certifying Authorities shall conduct their dealings
with the subscribers;
(l) resolve any conflict of interests between the Certifying Authorities and the
subscribers;
(m)lay down the duties of the Certifying Authorities;
(n) maintain a data-base containing the disclosure record of every Certifying
Authority containing such particulars as may be specified by regulations, which shall
be accessible to the public.

29
 Controller has the power to grant recognition to foreign certifying authorities with
the previous approval of the Central Government, which will be subject to such
conditions and restrictions imposed by regulations.

4. Cyber Appellate Tribunal (ANIL K NAIR)

Cyber Appellate Tribunal has been established under the IT Act under the aegis of
Controller of Certifying Authorities (CCA). A Cyber Appellate Tribunal consists of one
Presiding Officer who is qualified to be a Judge of a High Court or is or has been a
member of the Indian Legal Service and is holding or has held a post in Grade I of that
service for at least three years supported by other official under him/her. The Cyber
Appellate Tribunal has, for the purposes of discharging its functions under the IT Act,
the same powers as are vested in a civil court under the Code of Civil Procedure,
1908. However, is not bound by the procedure laid down by the Code of Civil
Procedure, 1908 but is guided by the principles of natural justice and, subject to the
other provisions of this Act and of any rules.

The Cyber Appellate Tribunal has powers to regulate its own procedure including the
place at which it has its sittings. Every proceeding before the Cyber Appellate
Tribunal shall be deemed to be a judicial proceeding within the meaning of sections
193 and 228, and for the purposes of section 196 of the Indian Penal Code and the
Cyber Appellate Tribunal shall be deemed to be a civil court for the purposes of
section 195 and Chapter XXVI of the Code of Criminal Procedure, 1973.

The composition of the Cyber Appellate Tribunal is provided for under section 49 of
the Information Technology Act, 2000. Initially the Tribunal consisted of only one
person who was referred to as the Presiding Officer who was to be appointed by way
of notification by the Central Government. Thereafter the Act was amended in the
year 2008 by which section 49 which provides for the composition of the Cyber
Appellate Tribunal has been changed. As per the amended section the Tribunal shall
consist of a Chairperson and such number of other Members as the Central
Government may by notification in the Official Gazette appoint. The selection of the
Chairperson and Members of the Tribunal is made by the Central Government in
consultation with the Chief Justice of India. The Presiding Officer of the Tribunal is
now known as the Chairperson.

FUNCTIONS:

• Adjudication Appeals: The CAA hears and adjudicates appeals against orders
passed by Adjudicating Officers under the IT Act. These officers are responsible

30
 for determining penalties and compensation for various cybercrimes and
violations of the Act.
• The CAA has the authority to review and modify penalties imposed by
Adjudicating Officers if they are deemed excessive or unjust. This helps ensure
a fair and balanced approach to penalizing cybercrimes and violations.
• Providing Legal Remedies:
• The decisions and rulings made by the CAA can serve as legal precedents for
future cases. This helps in establishing consistency and clarity in the
interpretation and application of cyber laws in India.
• Promoting Cybersecurity
4) Indian Computer Emergency Response Team (ICERT)

The mission of ICERT is to enhance the security of India's Communications and

Information Infrastructure through proactive action and effective collaboration. Its
constituency is the Indian Cyber-community. The purpose of the ICERT is, to become
the nation's most trusted referral agency of the Indian Community for responding to
computer security incidents as and when they occur; the ICERT will also assist
members of the Indian Community in implementing proactive measures to reduce
the risks of computer security incidents. It provides technical advice to system
administrators and users to respond to computer security incidents. It also identifies
trends in intruder activity, works with other similar institutions and organisations to
resolve major security issues and disseminates information to the Indian cyber
community. It functions under the Department of Information Technology, Ministry
of Communications & Information Technology, Government of India

SOME FAMOUS CASES:

• Satish Dhawan v. S. Abdul Rahman & Others, AIR 2004 SC 3857: This case
dealt with the jurisdictional issues arising from defamatory statements made
on the Internet. In this case, the Supreme Court held that the jurisdiction to
entertain a suit for defamation arises where the defamatory publication is
read, heard, or seen.
• World Wrestling Entertainment Inc v. M/s Reshma Collection,
2014(59)PTC158(Del): This case dealt with the jurisdictional issues arising from
infringing trademarks on the Internet. In this case, the Delhi High Court held

31
 that the jurisdiction to entertain a suit for trademark infringement arises
where the infringing website is accessible.
• Yahoo! Inc & Anr. v. Akash Arora & Anr, 1999 PTC 201: This case dealt with
the jurisdictional issues arising from online content regulation. In this case, the
Delhi High Court held that Indian courts have jurisdiction to regulate the
content of websites available to Indian users.
• Jayalakshmi v. Hamsini Ammal & Ors, AIR 2007 Mad 159: This case dealt with
the jurisdictional issues arising from the online sale of infringing goods. In this
case, the Madras High Court held that the jurisdiction to entertain a suit
for copyright infringement arises where the infringing goods are sold.
• Shreya Singhal v. Union of India, (2015) 5 SCC 1: This case dealt with the
jurisdictional issues arising from regulating online speech. In the case of Shreya
Singhal v. Union of India, the Supreme Court held that Indian courts have the
jurisdiction to regulate online speech that is obscene, defamatory, or creates
public disorder.

Online Contracts/ e-contracts (ANIL K NAIR)

Online contracts, also known as electronic contracts or e-contracts, are legally

binding agreements formed and executed electronically through digital means. the
offer and acceptance, and consideration etc., are done by electronic means.These
contracts are becoming increasingly common in today's digital age, as they offer
convenience, efficiency, and flexibility for businesses and individuals to enter into
agreements without the need for physical paperwork.
The e-contract takes its legal authority from section 10A of the IT act. It says that
“Where the formation of the contract, offer and acceptance of the contract, as the
case may be, are expressed in electronic form, such contract shall not be deemed
unenforceable mere on the ground that it was created electronically.” It means the E-

32
electronic contracts, which follow the essentials of a valid contract and are made
electronically, shall be enforceable by law.
In the case of the State of Delhi vs Mohd. Afzal and others, the court held that the
electronic pieces of evidence are admissible as evidence in the court.
In the eye of the law, the E-contract is also considered as any other physical contract.
This is also governed by the Indian contract act. Therefore, the validity of an e-
contract in India will depend if it is satisfying all the essentials of a valid contract. The
essentials of E- Contracts are almost the same as the essentials of a valid contract:
Offer, acceptance,consideration, lawful object, competent parties and free consent.
These types of contracts can be used in court as evidence. In case of breach of
contract, the jurisdictional issues are major. Risk is very high.

The types of e contracts are Shrink ,click and browse wrap contracts.(discussed in
detail earlier)

E-Commerce:
Electronic commerce, commonly known as e-commerce or e-comm, is the buying
and selling of products or services over electronic systems such as the Internet and
other computer networks. Electronic commerce draws on such technologies as
electronic funds transfer, supply chain management, Internet marketing, online
transaction processing, electronic data interchange (EDI), inventory management
systems, and automated data collection systems. Modern electronic commerce
typically uses the World Wide Web (www) at least at one point in the transaction's
life-cycle, although it may encompass a wider range of technologies such as e-mail,
mobile devices and telephones as well. Contemporary electronic commerce involves
everything from ordering "digital" content for immediate online consumption, to
ordering conventional goods and services, to "meta" services to facilitate other types
of electronic commerce. On the institutional level, big corporations and financial
institutions use the internet to exchange financial data to facilitate domestic and
international business. Data integrity and security are very hot and pressing issues for
electronic commerce. E-commerce can be divided into:

33
Business to Business (B2B0 ,Business to Consumer,Consumer to Consumer
(C2C),Consumer to Business (C2B).Business to Administration (B2A) and Consumer to
Administration (C2A)

E-commerce in India

India has an internet user base of over 100 million users. The penetration of
ecommerce is low compared to markets like the United States and the United
Kingdom but is growing at a much faster rate with a large number of new entrants.
The industry consensus is that growth is at an inflection point with key drivers being:

• Increasing broadband Internet and 4Gpenetration.

• Rising standards of living and a burgeoning, upwardly mobile middle class with high
disposable incomes.

• Availability of much wider product range compared to what is available at brick and
mortar retailers.

• Busy lifestyles, urban traffic congestion and lack of time for offline shopping.

• Lower prices compared to brick and mortar retail driven by disintermediation and
reduced inventory and real estate costs.

• Increased usage of online classified sites, with more consumers buying and selling
second-hand goods.

• Evolution of the online marketplace model with sites like ebay, Infibeam, and
Tradus.

The India retail market is estimated at $470 Bn in 2011 and is expected to grow to
$675 Bn by 2016 and $850 Bn by 2020, – estimated CAGR of 7%. According to
Forrester, the e-commerce market in India is set to grow the fastest within the Asia-
Pacific Region at a CAGR of over 57% between 2012- 16. India e-tailing market in
2011 was about $600 Mn and expected to touch $9 Bn by 2016 and $70 Bn by 2020 –
estimated CAGR of 61%. The Online Travel Industry is the biggest segment in
eCommerce and is booming largely due to the Internet-savvy urban population.

34
IT ACT 2000, grant legal recognition to E-commerce which is the transactions carried
out by electronic data interchange and other means of electronic means of
communication.

Some of the aspects of Indian e-commerce that are unique to India (and potentially
to other developing countries) are:

• Cash on Delivery as a preferred payment method. India has a vibrant cash economy
as a result of which 80% of Indian e-commerce tends to be Cash on Delivery (COD).

• Direct Imports constitute a large component of online sales. Demand for

international consumer products is growing much faster than in-country supply from
authorized distributors and e-commerce offerings.

E-commerce websites are Internet intermediaries within the meaning of IT Act,

2000. "Intermediary" with respect to any particular electronic records, means any
person who on behalf of another person receives, stores or transmits that record or
provides any service with respect to that record and includes telecom service
providers, network service providers, internet service providers, web hosting service
providers, search engines, online payment sites, online-auction sites, online market
places and cyber cafes. The IT (Intermediaries Guidelines) Rules of 2011 regulate the
functioning of e-commerce websites. Cyber law due diligence is the main aspect that
all e-commerce site owners should comply with.

the security of the end-users has always been a matter of grave concern globally
since the internet has netted two ends of the globe now it is easier for a
person(hacker) to sit in his remote physical location and cause the data or financial
breach of the Victims.

Global e-commerce is like an ever-expanding universe of sellers and buyers and

products, it becomes difficult to keep a tap at the copyright violation in such a huge
number to deal with.

the Internet is open to the globe and hence the jurisdiction of the cases has been
given to all the courts.

E- Governance: (ANIL K NAIR)

35
Jurisdictional review:
A jurisdictional review is a process by which a governing body or legal authority
assesses and determines its legal authority and boundaries in a particular matter or
case. This process is often used in legal and governmental contexts to clarify which
jurisdiction or governing body has the authority to make decisions or take action in a
specific situation
This is a particularly complex and evolving area of law due to the borderless nature of
the internet and the global reach of online activities. Jurisdictional reviews in cyber
law are crucial to address issues such as cybercrimes, data breaches, online
defamation, intellectual property violations, and more.
One of the primary challenges in cyber law is determining which country's laws apply
to a particular online activity. This is often based on factors like the location of the
perpetrator, the location of the victim, the location of the server hosting the data, or
where the harm occurred. Jurisdictional reviews help determine which country has
the legal authority to investigate and prosecute cybercrimes or regulate online
activities.
Jurisdictional reviews are essential in cybercrime cases to determine which law
enforcement agency, whether domestic or international, is responsible for
investigating and prosecuting offenses like hacking, online fraud, or cyberterrorism.

36
 MODULE 3

➢ Digital/ electronic signature : Anil K Nair

➢ Standards: Anil K Nair
➢ Certifying authorities : Anil K Nair
➢ Submission: Anil K Nair
➢ Fee:

Cross certification
Cross certification is a process by which two or more certification authorities (CAs)
establish a trust relationship with each other. This allows entities in one CA's
jurisdiction to trust entities in another CA's jurisdiction. Cross certification is
important in the cyber law context because it helps to facilitate electronic
transactions and communications between entities in different jurisdictions. It also
helps to reduce the risk of fraud and impersonation. The Indian cyber law does not
specifically mention cross certification. However, the Information Technology Act,
2000 (IT Act) does provide for the establishment of a trust framework for electronic
transactions. This trust framework includes the use of digital signatures, which are
issued by CAs.
Benefits of cross certification :
• It can help to facilitate electronic transactions and communications between
entities in India and entities in other countries.
• It can help to reduce the risk of fraud and impersonation.
• It can help to promote the growth of the digital economy in India.
Challenges of cross certification :
➢ The lack of a central authority to coordinate the cross-certification process.
➢ The lack of awareness of cross certification among CAs and businesses in India.
➢ The cost of cross certification.

37
 Validity - Suspension - Renewal - Issue and Refusal – Revocation -
Recognition of Electronic Document - Access to Confidential
Information : (Anil K Nair)

Evidentiary value of electronic document

The Indian Evidence Act Section 65 specifies the admissibility of secondary evidence
in particular cases. Section 65B specifies the procedure of proving the contents of
electronic records which have been laid down under Section 65B. Admissibility of
electronic records mentioned as per Section 65B of Indian Evidence Act specifies that
the printed any information of electronic records on a paper, or created a copy of
that record on any optical or magnetic media shall also be deemed to be secondary
evidence document if it satisfies the conditions mentioned under section 65B and
original source of that information i.e. electronic device shall also be admissible
without any further proof in any proceeding of the court of law.
Essentially elements of the electronic evidence as per the Indian Evidence Act are as
follows:
Such produced information of electronic records should be produced by the person
having legally authorized to have control over that electronic device.
That storage of information must take place during the day to day general course of
the act of that person.
That stored information has been stored on that electronic device during the day to
day general course of action of that person.
While storing or copying of that material information, the said electronic device must
be in a functioning state, to avoid any possible negative impact on its operation or
distort the accuracy & authenticity of its material contents.
Any kind of storage or copying or making counterpart of the information required for
the production in the court of law as electronic evidence should be free from any
kind of distortion or manual edit or manipulation, it must be the authentic and
trustworthy information, which may get admitted as evidence in the court of law.

38
Information Technology Act, 2008 defines electronic records; it covers a wide range
of formats in which data can be produced. DVD, CD, pen drives, telephonic
recordings, hard drives, e-mails, pictures, video recordings, sound recordings, etc. are
a few of them. Each of the above electronic records formats deals with a variety of
different conditions relating to their evidentiary value and admissibility in a court of
law.
Above electronic records are admissible as primary as well as secondary evidence.
The value evidence depends on how and in what manner the electronic records have
been submitted to the court i.e. if these electronic records are submitted as it is then
those have more value without any doubt but if you want to submit their copied
version on other similar or different device then you have to comply with the
conditions precedent under Sec. 65b of the Indian Evidence Act and get the
certificate for its admission in the court.
Leading case laws
Arjun Pandit Rao v. Kailash Kushanrao (July 2020): Apex court, in a recent judgment,
ruled that u/s 65B Indian Evidence Act’s compliance is essential to admit the
electronic record as evidence. The certificate submitted under this provision
constitutes particulars of that electronic records and identity inclusive of authorized
signature of a person having official responsibility in relation to the management and
operation of the relevant device.
Anvar P.V. v. P.K. Basheer And Others (2014): The Apex Court has given a landmark
judgment in this case. It had ruled and helped to resolve the conflicts judgements of
various High Courts on the manner of the admissibility of the Electronic (record)
evidence. The Supreme Court ruled that secondary data in CD/DVD/Pen Drive are
admissible only with certificate U/s 65B (4) of the Indian Evidence Act. Oral evidence
cannot prove the electronic evidence, certificate U/s 65B is essential to prove that.
Also, the opinion of the expert U/s 45A Indian Evidence Act is not an escaping gate to
bypass the procedure of u/s 65b.
Producing the original or its copy or counterpart attached with certificate u/s 65B are
the only optional to prove the electronic evidence as primary or secondary evidence
respectively.

39
Amendments in other legislations ( Further reference recommended)
Indian Penal Code
Section 29A of the Indian Penal Code (IPC) was introduced by the Information
Technology (Amendment) Act, 2008. This section deals with the legal definition of
electronic records and their admissibility as evidence in courts. Section 29A of IPC
provides that electronic records can be admitted as evidence in a court of law. The
admissibility of electronic records is subject to certain conditions, such as the
reliability of the electronic record, the manner in which it was generated, and the
accuracy of its contents.

Evidence Act
Information Technology Act, 2008 defines electronic records; it covers a wide range
of formats in which data can be produced. DVD, CD, pen drives, telephonic
recordings, hard drives, e-mails, pictures, video recordings, sound recordings, etc. are
a few of them. Each of the above electronic records formats deals with a variety of
different conditions relating to their evidentiary value and admissibility in a court of
law.
Above electronic records are admissible as primary as well as secondary evidence.
The value evidence depends on how and in what manner the electronic records have
been submitted to the court i.e. if these electronic records are submitted as it is then
those have more value without any doubt but if you want to submit their copied
version on other similar or different device then you have to comply with the
conditions precedent under Sec. 65b of the Indian Evidence Act and get the
certificate for its admission in the court.
The Indian Evidence Act has been amended by virtue of Section 92 of Information
Technology Act, 2000 (Before amendment). Section 3 of the Act was amended and
the phrase “All documents produced for the inspection of the Court” were
substituted by “All documents including electronic records produced for the
inspection of the Court”. Regarding the documentary evidence, in Section 59, for the
words “Content of documents” the words “Content of documents or electronic
records” have been substituted and Section 65A & 65B were inserted to incorporate
the admissibility of electronic evidence. (Discussed above already) (More detailed
reference recommended)

40
Bankers Book
The Bankers' Book Evidence Bill 2021 was passed defining the digitally recorded
documents as such evidence under the proposed law. The Bankers’ Book Evidence
Bill, 2021’ defines the digitally recorded documents as such evidence. It has taken
into account the preservation of information by banks digitally. This means the
digitally-recorded information would be considered as prima facie evidence. The
Bankers’ Book Evidence Act, 2021 states some offences, punishments and trial to
prevent unauthorised information. The amended law fills a long-standing gap to
incorporate digitally recorded documents within the ambit of evidence in relation to
banking records. It also aims to bring about greater transparency in the banking
system by making more information public by laying down procedures for disclosure
and appointment of authorities empowered to disclose information; the amended
law also introduces more stringent measures regarding punishing and dealing with
information leaks and breaches of privacy. The amended law takes the banking
system into the modern era by bringing in the concept of digitization and providing
evidentiary value to digital records on par with other banking records.

RBI Act

41
 MODULE 4

Cybercrimes and cyber security

The Internet has become a basic fact of everyday life for millions of people
worldwide, from e-mail to online shopping. Ever faster and more accessible
connections available on a wider range of platforms, such as mobile phones or
person to person portable devices, have spurred new e-commerce opportunities.
Online shopping and banking are increasingly widespread and over the next 10 years,
the Net is expected to become as common as gas or electricity.
The invention of the computers has opened new avenues for the fraudsters. It is an
evil having its origin in the growing dependence on computers in modern life. Fraud
is the intentional deception of a person or group for the purpose of stealing property
or money. Internet fraud includes any scheme using Web sites, chat rooms, and
email to offer nonexistent goods and services to consumers or to communicate false
information to consumers. Customers then pay for the fraudulent goods over the
Internet with their credit cards.
Internet fraud involves a wide variety of schemes limited only by the imagination and
creativity of a seller intent on deceiving a buyer. A few general characteristics one
can find in all cyber scams. Most scams are done by e-mail. They entice users to give
them critical information like usernames, passwords, credit card information, or
other types of account information. Cyber fraud has the potential of hindering the
economic and social development of any nation. This is because among other dire
consequences, foreign investment is seriously discouraged. Cyber fraud can also
destroy our good and morally sound culture. This is because the youth will no longer
work but resort to that means to earn their living.
DEFINITION:

Cybercrime is a type of crime involving a computer or a computer network. The

computer may have been used in committing the crime, or it may be the target.
Cybercrime may harm someone's security or finances.
Any offenses committed against individuals or groups of individuals to harm the
reputation or cause physical or mental trauma through electronic means can be
defined as Cybercrime.

42
At the Tenth United Nations Congress on the Prevention of Crime and Treatment of
Offenders, in a workshop devoted to the issues of crimes related to computer
networks, cybercrime was broken into two categories and defined thus:
a. Cybercrime in a narrow sense (computer crime): Any illegal behavior directed by
means of electronic operations that targets the security of computer systems and the
data processed by them.
b. Cybercrime in a broader sense (computer-related crime): Any illegal behavior
committed by means of, or in relation to, a computer system or network, including
such crimes as illegal possession [and] offering or distributing information by means
of a computer system or network.

Reasons for cybercrime

Cybercriminals always opt for an easy way to make big money. They target rich
people or rich organizations like banks, casinos, and financial firms where a huge
amount of money flows daily and hack sensitive information. Catching such criminals
is difficult. Hence, that increases the number of cybercrimes across the globe.
Computers are vulnerable, so laws are required to protect and safeguard them
against cyber criminals. We could list the following reasons for the vulnerability of
computers:

➢ Easy to access – The problem behind safeguarding a computer system from

unauthorized access is that there are many possibilities of breach due to the
complex technology. Hackers can steal access codes, retina images, advanced
voice recorders, etc. that can fool biometric systems easily and bypass firewalls
can be utilized to get past many security systems.
➢ Capacity to store data in comparatively small space – The computer has the
unique characteristic of storing data in a very small space. This makes it a lot
easier for people to steal data from any other storage and use it for their own
profit.
➢ Complex – The computers run on operating systems and these operating
systems are programmed with millions of codes. The human mind is imperfect,
so it can do mistakes at any stage. Cybercriminals take advantage of these
gaps.

43
 ➢ Negligence – Negligence is one of the characteristics of human conduct. So,
there may be a possibility that in protecting the computer system we may
make any negligence that provides cyber-criminal access and control over the
computer system.
➢ Loss of evidence – The data related to the crime can be easily destroyed. So,
Loss of evidence has become a very common & obvious problem that paralyzes
the system behind the investigation of cybercrime.

cyber criminals-
Cybercriminals are individuals or teams of people who use technology to commit
malicious activities on digital systems or networks with the intention of stealing
sensitive company information or personal data, and generating profit.
Cybercriminals are known to access the cybercriminal underground markets found in
the deep web to trade malicious goods and services, such as hacking tools and stolen
data. Cybercriminal underground markets are known to specialize in certain products
or services
Who commits cyber crimes?
i. Insiders - Disgruntled employees and ex-employees, spouses, lovers
ii. Hackers - Crack into networks with malicious intent
iii. Virus Writers - Pose serious threats to networks and systems worldwide
iv. Foreign Intelligence - Use cyber tools as part of their Services for espionage
activities and can pose the biggest threat to the security of another country
v. Terrorists - Use to formulate plans, to raise funds, propaganda

Types of Cyber Criminals:

1. Hackers: The term hacker may refer to anyone with technical skills, however, it
typically refers to an individual who uses his or her skills to achieve unauthorized
access to systems or networks so as to commit crimes. The intent of the burglary
determines the classification of those attackers as white, grey, or black hats. White
hat attackers burgled networks or PC systems to get weaknesses so as to boost the
protection of those systems. The owners of the system offer permission to perform

44
the burglary, and they receive the results of the take a look at. On the opposite hand,
black hat attackers make the most of any vulnerability for embezzled personal,
monetary or political gain. Grey hat attackers are somewhere between white and
black hat attackers. Grey hat attackers could notice a vulnerability and report it to
the owners of the system if that action coincides with their agenda.

• (a). White Hat Hackers – These hackers utilize their programming aptitudes for
a good and lawful reason. These hackers may perform network penetration
tests in an attempt to compromise networks to discover network
vulnerabilities. Security vulnerabilities are then reported to developers to fix
them and these hackers can also work together as a blue team. They always
use the limited amount of resources which are ethical and provided by the
company, they basically perform pentesting only to check the security of the
company from external sources.
• (b). Gray Hat Hackers – These hackers carry out violations and do seemingly
deceptive things however not for individual addition or to cause harm. These
hackers may disclose a vulnerability to the affected organization after having
compromised their network and they may exploit it .
• (c). Black Hat Hackers – These hackers are unethical criminals who violate
network security for personal gain. They misuse vulnerabilities to bargain PC
frameworks. theses hackers always exploit the information or any data they
got from the unethical pentesting of the network.

2. Organized Hackers: These criminals embody organizations of cyber criminals,

hacktivists, terrorists, and state-sponsored hackers. Cyber criminals are typically
teams of skilled criminals targeted on control, power, and wealth. These criminals are
extremely subtle and organized, and should even give crime as a service. These
attackers are usually profoundly prepared and well-funded.

3. Internet stalkers: Internet stalkers are people who maliciously monitor the web
activity of their victims to acquire personal data. This type of cyber crime is
conducted through the use of social networking platforms and malware, that are able
to track an individual’s PC activity with little or no detection.

4. Disgruntled Employees: Disgruntled employees become hackers with a particular

motive and also commit cyber crimes. It is hard to believe that dissatisfied employees
can become such malicious hackers. In the previous time, they had the only option of
going on strike against employers. But with the advancement of technology there is
increased in work on computers and the automation of processes, it is simple for
disgruntled employees to do more damage to their employers and organization by

45
 committing cyber crimes. The attacks by such employees brings the entire system
down.

social problems and preventions-

Cybercrimes pose numerous social problems that can have far-reaching

consequences for individuals, businesses, and society as a whole.
1. Privacy Violations
2. Financial loss
3. Emotional/psychological impacts
4. Reputation damage
5. Cyber bullying
6. Child exploitation
7. National security issues etc….

Prevention of Cyber Crime

Preventing cybercrimes requires a multi-faceted approach that combines technical

measures, security best practices, and user education. Here are some key steps and
strategies for preventing cybercrimes:
➢ Keep Software and Systems Updated: Regularly update your operating system,
software, and antivirus programs. Cybercriminals often target vulnerabilities in
outdated software.
➢ Use Strong Passwords: Create complex passwords that include a combination
of upper and lower case letters, numbers, and special characters. Use a unique
password for each online account, and consider using a reputable password
manager to keep track of them.
➢ Enable Two-Factor Authentication (2FA): Whenever possible, enable 2FA on
your online accounts. This adds an extra layer of security by requiring you to
provide a second form of verification in addition to your password.

46
➢ Beware of Phishing: Be cautious about clicking on links or downloading
attachments in unsolicited emails or messages. Phishing attacks often trick
users into revealing sensitive information or downloading malware.
➢ Install and Maintain Antivirus Software: Use reputable antivirus and anti-
malware software to detect and remove malicious programs from your
devices.
➢ Firewall Protection: Enable a firewall on your network and devices to filter
incoming and outgoing network traffic. This can help block malicious traffic.
➢ Regular Backups: Regularly back up your important data to an external source
or cloud storage. This can protect your data in case of ransomware attacks or
hardware failures.
➢ Secure Wi-Fi Networks: Use strong passwords for your Wi-Fi networks and
change them periodically. Avoid using default router login credentials, and
consider using network encryption (WPA2 or WPA3) for added security.
➢ Limit Sharing of Personal Information: Be cautious about sharing personal
information on social media and other websites. Cybercriminals can use this
information for identity theft or targeted attacks.
➢ Educate Yourself and Others: Stay informed about the latest cyber threats and
scams. Educate yourself and your family members or colleagues about safe
online practices and how to recognize potential threats.
➢ Secure Mobile Devices: Apply the same security practices to your smartphones
and tablets, including using strong passwords, enabling device encryption, and
keeping apps and operating systems up to date.
➢ Use Secure Connections: Avoid using public Wi-Fi for sensitive transactions or
accessing personal accounts. If you must use public Wi-Fi, consider using a
virtual private network (VPN) to encrypt your internet traffic.
➢ Monitor Financial and Account Statements: Regularly review your bank and
credit card statements for any unauthorized transactions or suspicious activity.
Report any discrepancies immediately.
➢ Report Cybercrimes: If you become a victim of cybercrime or identify a cyber
threat, report it to the appropriate authorities and organizations, such as local
law enforcement, the FBI's Internet Crime Complaint Center (IC3), or your
company's IT department.

47
(Norton cybercrime report)-
They typically releases annual reports and studies related to cybersecurity and
cybercrime trends. These reports often provide insights into the latest threats,
statistics on cyberattacks, and recommendations for protecting against cyber threats.
An examination of the impact of cybercrime, consumers' online behaviors and their
online security, privacy and identity concerns. (Read annual reports for datas)

CELLPHONE SECURITY:

Cellphone security refers to the measures and practices designed to protect the data,
privacy, and functionality of mobile phones or smartphones. With the increasing
reliance on mobile devices for various personal and business activities, ensuring their
security has become crucial.
There are plenty of ways to protect your cellphone starting from locking the device to
anti-virus programmes.( Go through the measures )

The government is mulling a new framework to develop adequate security standards

for mobile phone users, with sources saying the initiative follows concerns over
misuse of data and spying by pre-installed apps. The Ministry of Electronics and IT
(Meity) in a tweet on Tuesday said security of mobile phones is important and the
government is in consultation with stakeholders to develop adequate security
standards.
Banning of several apps and games in the recent past can point out the Govt. intent
to control and regulate cyber security.

IMPACT OF CYBER CRIME:

( same as the earlier topic social problems of cyber crime.)

Various types of Cyber crimes:

48
1.Ransome ware- Ransomware is a type of malicious software (malware) designed
to encrypt a victim's files or lock them out of their computer system, and then
demand a ransom from the victim in exchange for the decryption key or to regain
access to their system.
The victim's computer is infected with ransomware typically through malicious email
attachments, infected software downloads, or by exploiting vulnerabilities in the
computer's operating system or software.
Once the ransomware infects the victim's computer, it begins encrypting files on the
system. This means that the victim can no longer access their files, and these files
appear scrambled and unreadable without the decryption key.
After encrypting the files, the ransomware displays a ransom note on the victim's
screen. This note usually demands a payment in cryptocurrency (such as Bitcoin) in
exchange for the decryption key.
Victims are often given a deadline to pay the ransom, and the instructions may
include details on how to acquire cryptocurrency and where to send it. The attackers
promise to provide the decryption key once the ransom is paid.

2.Unauthorised access-
This activity is commonly referred to as hacking. The Indian law has, however, given a
different connotation to the term hacking, so we will not use the term “unauthorized
access” interchangeably with the term “hacking”. However, as per Indian law,
unauthorized access does occur, if hacking has taken place. involves gaining access to
a computer system, network, or data without permission or legal authorization.
Unauthorized access can have various motives, including data theft, sabotage,
espionage, or simply malicious intent.
The consequences of this includes: Data theft, data manipulation,privacy violation,
financial loss etc…
Users can take several prevention measures such as firewalls, passwords etc….

3.Theft of information contained in electronic form

This includes information stored in computer hard disks, removable storage media
etc.

49
4.email bombing
Email bombing refers to sending a large number of emails to the victim resulting in
the victim’s email account (in case of an individual) or mail servers (in case of a
company or an email service provider) crashing. In one case, a foreigner who had
been residing in Simla, India for almost thirty years wanted to avail of a scheme
introduced by the Simla Housing Board to buy land at lower rates. When he made an
application it was rejected on the grounds that the scheme was available only for
citizens of India. He decided to take his revenge. Consequently he sent thousands of
mails to the Simla Housing Board and repeatedly kept sending e-mails till their
servers crashed.
Depending on the severity of the attack and the target's email infrastructure, email
bombing can lead to system crashes, data loss, and financial losses for businesses.

5.Salami attacks
These attacks are used for the commission of financial crimes. The key here is to
make the alteration so insignificant that in a single case it would go completely
unnoticed. E.g. a bank employee inserts a program, into the bank’s servers, that
deducts a small amount of money (say Rs. 5 a month) from the account of every
customer. No account holder will probably notice this unauthorized debit, but the
bank employee will make a sizeable amount of money every month.
Monitoring ,regular auditing, security awareness, security softwares , multi factor
authentication etc.. are ways to mitigate this.
6.Virus/ worm attacks
Viruses are programs that attach themselves to a computer or a file and then
circulate themselves to other files and to other computers on a network. They usually
affect the data on a computer, either by altering or deleting it. Worms, unlike viruses
do not need the host to attach themselves to. They merely make functional copies of
themselves and do this repeatedly till they eat up all the available space on a
computer’s memory.

7.Logicbombs
These are event dependent programs. This implies that these programs are created
to do something only when a certain event (known as a trigger event) occurs. E.g.
50
even some viruses may be termed logic bombs because they lie dormant all through
the year and become active only on a particular date (like the Chernobyl virus).
When triggered, logic bombs execute a malicious action, which could range from
data deletion or corruption to unauthorized access, system disruption, or other
harmful activities. Logic bombs are often used for malicious purposes, such as
revenge, sabotage, or financial gain, by individuals with insider access to the targeted
system or network.
8.Web jacking
This occurs when someone forcefully takes control of a website (by cracking the
password and later changing it). The actual owner of the website does not have any
more control over what appears on that website.
9.Cyber bullying
Cyberbullying refers to the act of using digital communication tools, such as social
media, text messages, or email, to harass, threaten, or intimidate someone. It can
take various forms, including:
➢ Harassment: Repeatedly sending offensive, hurtful, or threatening messages to
the victim.
➢ Impersonation: Creating fake profiles or accounts to impersonate the victim
and post harmful content.
➢ Doxing: Sharing a person's private or personal information, such as their
address or phone number, online without their consent.
➢ Flaming: Engaging in online arguments or debates with the sole purpose of
insulting or provoking someone.
➢ Exclusion: Deliberately excluding someone from online groups or
conversations, often as a form of social isolation.
➢ Outing: Revealing someone's secrets, embarrassing information, or personal
photos without their permission.
➢ Trolling: Posting inflammatory or offensive comments online to provoke
reactions and disrupt discussions.
Cyberbullying can have severe consequences for the victims, including emotional
distress, anxiety, depression, and even self-harm or suicidal thoughts. It can occur
among people of all ages, but it is particularly prevalent among adolescents and
teenagers.

51
10.Sexual Soliciting
Sexual solicitation refers to the act of requesting, offering, or attempting to engage in
sexual activities or favors in exchange for something, such as money, goods, services,
or any other form of compensation. It is often considered illegal and unethical in
many jurisdictions, as it can involve coercion, exploitation, and various forms of
harm. Laws regarding sexual solicitation vary from place to place, but in many cases,
it is a crime that can result in criminal charges and penalties.

INFORMATION TECHNOLOGY ACT,2000

Information Technology Act, 2000 is India’s mother legislation regulating the use of
computers, computer systems and computer networks as also data and information
in the electronic format. This legislation has touched varied aspects pertaining to
electronic authentication, digital (electronic) signatures, cyber crimes and liability of
network service providers

This Act was amended by Information Technology Amendment Bill, 2008 which was
passed in Lok Sabha on 22nd December, 2008 and in Rajya Sabha on 23rd December,
2008. The IT Act of 2000 was developed to promote the IT industry, regulate
ecommerce, facilitate e-governance and prevent cybercrime. The Act also sought to
foster security practices within India that would serve the country in a global context.
The Amendment was created to address issues that the original bill failed to cover
and to accommodate further development of IT and related security concerns since
the original law was passed.
The IT Act, 2000 consists of 90 sections spread over 13 chapters and has 2 schedules.
The Act came into existence as a part of the model law on e-commerce by the
UNCITRAL.

OBJECTS :

The following the main objects of the Information Technology Act, 2000

(a) To respond and give effect to the United Nations call to all states to give
favourable consideration to Model Law when they enact or revise their laws so as to
facilitate harmonization of the laws governing alternatives to paper based methods
of communication and storage of information

52
(b) To provide legal recognition to the transactions carried out by means of electronic
data interchange and other means of electronic communication, commonly called as
'electronic commerce" which involve the use of alternatives to paper based methods
of communication and storage of information

(c) To facilitate electronic filing of documents with the Government agencies so as to

promote efficient delivery of Government services by means of reliable electronic
records. The Act aims to facilitate the "Electronic Governance" or "e-governance"

(d) The Information Technoloty Act, 2000 has affected amendment to the Indian
Penal Code, 1860, the Indian Evidence Act, 1872, the Banker's Books Evidence Act,
1891 and the Reserve Bank of India Act. 1994 in order to give legal recognition for
transactions cited out by means of electronic data interchange and other means of
electronic communication.

The Information Technology Act provides for legal recognition of electronic records
and digital signatures, authentication and retention of electronic records.

The IT Act accords legal recognition to records, files or documents that are retained
in an electronic form it enables public institutions and government departments to
issue electronic licences and permits and thus paves the way for electronic
governance.

The Act establishes the legal framework that will provide for the setting up of a public
key infrastructure. The liability of the service providers for third party content has
been clarified. The provisions for the appointment powers and functions of the
Controller of certifying Authorities and the duties of the subscriber have been
provided. The Act prescribes punishment for offences like tampering with computer
source document, hacking and publication of obscene information etc…

The Act also contains provision or the establishment of special tribunal - Cyber
Regulations Appellate Tribunal.

PENALTIES AND OFFENCES : ( ANIL K NAIR PAGE 62-64 , 72-85 & 87-94)

ADJUDICATION OFFICER: ( ANIL K NAIR

CYBER APPELLATE TRIBUNAL: ( ANIL K NAIR

53
INTERNATIONAL REGULATIONS ON CYBER CRIMES:

The role of international treaties, conventions and protocols concerning the

cybercrime which is a part of the cyber space is immense as it provides for a
regulatory framework for the relevant countries who are part of the treaty or
conventions. This will bind the countries to cater with the rules and regulations of the
treaties, conventions, and protocols.

1. The United Nations Commission on International Trade Law (UNCITRAL) is the

organisation in charge of harmonizing and unifying international trade law.
UNCITRAL, based in Vienna, is a global legal organisation that has specialised on
commercial law reform for over 40 years. The mission of UNCITRAL is to modernize
and harmonise international business rules. In 1996, the UNCITRAL issued a Model
Law on Electronic Commerce in response to the expanding use of electronic
commerce and advanced communications technologies in international trade. This
was based on a resolution passed by the United Nations General Assembly in 19851
encouraging nations and international organizations to take steps to safeguard legal
security in the context of the widespread use of automated data processing in
international trade.

2. A World Summit on the Information Society. Realizing the enormous potential of

information and communication technologies in human development, world leaders
declared their "common desire and commitment to build a people-centered,
inclusive, and development-oriented information society, where everyone can
create, access, utilize, and share information and knowledge, enabling individuals,
communities, and peoples to achieve their full potential in promoting their
sustainable development".

3. The United Nations Commission on Trade and Development (UNCTAD) is the

primary trade and development agency of the United Nations General Assembly.
UNCTAD has been engaged in advocating for the role and importance of information
and communication technologies in development since 1998, when the General
Assembly allocated it a special grant to pursue and promote electronic commerce
initiatives.

4. The European Convention on Cybercrime, held in Budapest on November 23,

2001, took the most major approach to cybercrime and international cyber law. It is
one of the most important international conventions addressing cybercrime and
electronic evidence.

54
5. Members of the World Trade Organization (WTO) adopted a declaration on global
electronic commerce on May 20, 1998. They played a significant role.

6. WIPO, the World Intellectual Property Organization, is situated in Geneva and has
179 member states. WIPO's mission is to "advance the protection of intellectual
property around the world through international collaboration." Protection IPR in
cyber space was a initiative of WIPO.

7. The United Nations Convention Against Transnational Organized Crime (UNCTOC)

was adopted by the United Nations in 2000. The Palermo Convention requires state
parties to create domestic criminal charges that target organized criminal groups, as
well as new procedures for extradition, mutual legal assistance, and law enforcement
cooperation. Even though the treaty does not specifically mention cybercrime, its
provisions are extremely pertinent.

8. Protocol to the Convention on the Rights of the Child (Optional Protocol) (2001) –
The sale of children, child prostitution, and child pornography are all addressed in
this protocol, which is based on the CRC Convention.

FUTURE TRENDS: ( Read about it more on internet)

55
 MODULE 5:

INTELLECTUAL PROPERTY ASPECTS IN CYBER LAW:

IPR can be defined as – “Intellectual property rights are the legal rights that cover the
privileges given to individuals who are the owners and inventors of a work and have
created something with their intellectual creativity.

With the technological advancements and innovations in cyber world the global
markets have benefitted the copyright or patent owners. However, every good
innovation has its own pitfalls as violation of IPR has become one of the major
concerns because of the growth of cyber technology. The IPR and Cyber law go hand
in hand and cannot be kept in different compartments and the online content needs
to be protected.

infringement of IPR- copyright, trademark, trade secrets of businesses etc… are

becoming a common happening in cyber world.

There are various laws nationally and internally to safeguard intellectual property
against cyber-threats, but it becomes the moral duty of the owner of IPRs to take all
the required protective measures to negate and reduce illegitimate virtual attacks.

For the protection, the IPRs in Indian soil, various constitutional, administrative, and
judicial rules have been defined whether it is copyright, patent, trademark, or other
IPRs..The Patents Act, 1999, The Copyright Act, 1999, The Copyright (Amendment)
Act, 1999 any many more Acts have been passed in India.

INTERNATIONAL LAWS FOR PROTECTION OF IP IN CYBER WORLD:

There have been various international conventions treaties and

agreements for protection of intellectual property in cyberspace.

The BERNE convention, The Rome Convention are all the earliest
approaches. These emphasised the need for IPR protection in the Intl.
sphere. Agreement on the Trade-Related Aspects of Intellectual Property
Rights (1994),(TRIPS) had been the most important one among the lot.
Over the years several other conventions too have taken place giving more
emphasis to IPR in the cyber world.

56
CHALLENGES FACED IN PROTECTION OF IPR IN CYBER LAW:
1.Copyright Infringement:

The infringement of these copyrights includes the usage without the permission of
the owner, making and distributing copies of software and unauthorized sale of the
same, and illegitimate copying from websites or blogs.

2. Linking
It allows the user of the website to go to another website on the Internet without
leaving that website that he is uses. It is done by clicking on a word or image in one
web page. Linking damages the rights or interests of the owner of the webpage.
Linked sites can lose their income as revenues are often equal to the number of
persons who visit their page
It may create the impression that the two linked sites endorse the same and are
linked to each other.
In Shetland Times, Ltd. v. Jonathan Wills and Another[7], it was held to be an act of
copyright infringement under British law .
a legal issue emerges whereby it is not clear as to the exact stage when the
reproduction of the copyrighted work is being committed

3. in-linking links.

On a browser visited by a user accessing the link is created with map to

navigate and fetch images from various sources, these images are copied
by final user who is clueless that he is retrieving those from different
websites. Like deep linking, the problem of tracing the infringement
remains the same as it is difficult to track the exact phase of reproduction
of the copyrighted images. The in-line link creator is guilty of copyright
infringement though not directly distributing it but giving way to facilitate
making of unauthorized copies of the original website content thereby
falling under the purview of Section 14 Copyright Act, 1957.

4.Framing

57
Framing is another challenge and becomes a legal issue and debate subject over the
interpretation of derivation and adaptation under Section 14 Copyrights Act, 1957.
The framer only provides users the modus operandi to access copyrighted content
which is retrieved from a website to browser the user is accessing so they cannot be
held responsible for copying, communicating, or distributing the copyrighted
content. The question arises whether getting the copyrighted content from a website
and combining with some more to create one’s own will amount to adaptation or
interpretation under law or not.

5. Software piracy

Software piracy refers to making unauthorized copies of computer software which

are protected under the Copyright Act, 1957.

Piracy can be of following types:

• Soft lifting – this means that sharing a program with an unauthorized person
without a licence agreement to use it.
• Software Counterfeiting – Counterfeiting means producing fake copies of a
software, imitating the original and is priced less than the original software.
This involves providing the box, CDs, and manuals, all tailored to look as close
to original as possible.
• Renting – it involves someone renting a copy of software for temporary use,
without the permission of the copyright holder which violates the license
agreement of software.

‘Software Piracy’ is the unauthorized/illegal copying, distribution or use of a

software. It may include use of a software unauthorizedly without obtaining a proper
licence from the software company or simultaneous use of single user licence or
loading software on more machines, than authorized under the licence terms.
According to the Business Software Alliance (BSA), about 36% of all software in
current use is stolen globally.

In India, provisions as to Software Piracy are covered under Indian Copyright Act
1957, which were inserted by the Amendment Act of 1994. It now includes definition
of a ‘Computer Program’ and defines an infringing copy as which is used without the
license and/or permission granted by the owner of copyright. And further provides
penal provision under Section 63B of the Act, which is titled as: “Knowing use of
infringing copy of computer programme to be an offence”

58
Further provisions of Copyright Act empower a Police Officer, on a police complaint
being made, not below the rank of Sub Inspector to seize without warrant infringing
copies as well as the material that is being used for the purpose of making such
copies.

Alternatively as a civil action, if the Software Company has enough evidence it can
proceed directly to a civil court either for an injunction against the use of infringing
material or for the appointment of a local commissioner under Civil Procedure Code,
who along with Copyright owner can enter the premises of the copyright violator and
seize the infringing material, with an objective to preserve & produce the same
before the court at a later stage.

In Adobe Systems Inc. vs Sachin Naik (2013), Honorable Delhi High Court ordered for
damages of Rs 2 Lakh against use of 33 pirated version of Adobe softwares by a
company.

Section 13 (1) (a) of the Indian Copyright Act, 1957 (4) offer security to all types of
unique works. The PC program is remembered as unique artwork of the Act and
accordingly, its encroachment will draw in genuine corrective and civil actions. The
1994 amendment likewise added arrangements for severe discipline for the
demonstration of encroachment of protected software programs.

Section 51 (a) (ii) of the Indian Copyright Act, 1957 (5) states that when an individual
allows any spot to be utilized for communication of the protected software or other
work to the general population for creating benefit this will add up to the
encroachment of copyright. T

1. TRADEMARK INFRINGEMENT & CYBER SQUATTING:

Trademark means a unique identifier mark which can be represented by a graph and
main idea is to differentiate the goods or services of one person from those of others
and may include shape of goods, their packaging and combination of colours.

Cybersquatting is a cybercrime which involves imitation of a domain name in such a

manner that the resultant domain name can dupe the users of the famous one with

59
an intention to make profit out of that. This is executed by registering, selling, or
trafficking of a famous domain name to encash a popular domain name’s goodwill.

When two or more people claim over the right to register the same domain name
then the domain name dispute arises when a trademark already registered is
registered by another individual or organization who is not the owner of trademark
that is registered.

Meta tagging is a technique to increase the number of users accessing a site by

including a word in the keyword section so that the search engine picks up the word
and direct the users to the site despite the site having nothing to do with that word.
This may result in trademark infringement when a website contains meta tags of
other websites thereby affecting their business.

Oppedahl & Larson v. Advanced Concepts, the law firm of Oppedahl & Larson,
owner of the domain name , filed a trademark infringement action against three
companies and the corresponding ISPs after discovering that the companies inserted
the words Oppedahl and Larson in the keywords field of their web pages in order to
draw traffic to their sites.
Administrative Procedure is only available for disputes related to abusive registration
of a domain name.There are certain conditions which need to be fulfilled for a
domain name to be abusive:

1. The domain name can be said to be abusive if it gives the impression to the
users of being same as another popular trademark which is a registered one
and users mistakenly access the fake one made with mal intention of gaining
profit by diverting users of popular trademark domain.
2. The registrant has no legal rights or interests in the domain name.
3. The registered domain name is being used in bad faith.

A domain name dispute arises when more than one individual believe that they have
the right to register a specific domain name. It arises when a registered trademark is
registered by another individual or organization who is not the owner of trademark
that is registered. All domain name registrars must follow the ICANN's policy .
Cybersquatting is a type of domain name dispute.
Yahoo! Inc v. Akash Arora & Anr , the defendants were using yahooindia.com for
providing internet services.
The petitioner was the owner of the trademark Yahoo! and had registered its domain

60
name with different countries like yahoo.in for India. Hence, the domain name
yahooindia.com could be mistaken as an extension of Yahoo!. The Court treated the
matter as passing off and granted an injunction restraining the defendant from using
the domain name yahooindia.com.
Uniform Domain-Name Dispute-Resolution Policy (UDRP):
While not an Indian law, the UDRP provides a framework for resolving domain name
disputes in India through arbitration and has been adopted by domain registrars.

The Trade Marks Act covers the registration and protection of trademarks, including
those used in online branding and domain names.
Section 29 of the Act deals with the infringement of trademark rights.

WIPO:
The World Intellectual Property Organisation or WIPO is a UN specialized agency
created in 1967 to promote intellectual property (IP) protection and encourage
creative activity all over the world. WIPO is basically a global forum for IP policy,
services, information and cooperation.

With 192 members, WIPO’s motto is to encourage creative activity, to promote the
protection of intellectual property throughout the world.

Functions:
It was established with the intent to perform the following functions:

• To assist the development of campaigns that improve IP Protection all over the
globe and keep the national legislations in harmony.
• Signing international agreements related to Intellectual Property Rights (IPR)
protection.
• To implement administrative functions discussed by the Berne and Paris
Unions.
• To render legal and technical assistance in the field of IP.
• To conduct research and publish its results as well as to collect and circulate
information.

61
 • To ensure the work of services that facilitate the International Intellectual
Property Protection.
• To implement other appropriate and necessary actions.

WIPO has been involved in the development of international treaties and agreements
related to intellectual property rights in the digital age. One notable example is the
WIPO Copyright Treaty (WCT) and the WIPO Performances and Phonograms Treaty
(WPPT), both of which address the protection of copyright and related rights in the
digital environment.

WIPO provides technical assistance and capacity-building programs to member

states, helping them develop and strengthen their legal frameworks related to
intellectual property in the digital realm. This includes assisting countries in
implementing and enforcing cyber-related IP laws.

WIPO offers dispute resolution services for domain name disputes through the WIPO
Arbitration and Mediation Center. This service helps resolve conflicts related to
domain names, trademarks, and online brand protection.

WIPO assists member states in adopting and implementing modern legal frameworks
that address cybercrime, cybersecurity, and the protection of intellectual property
online.

RECTIFICATION:
Rectification in the context of the World Intellectual Property Organization (WIPO)
refers to the process by which errors or mistakes in intellectual property documents
can be corrected. Rectification allows the parties involved to fix these errors to
ensure that the intellectual property rights are accurately recorded and protected.
: Rectification can address various types of errors, including typographical errors,
errors in the applicant's or holder's name or address, errors in the goods or services
covered by a trademark registration, and other factual inaccuracies in intellectual
property documents.
To initiate the rectification process, the party seeking the correction must typically
submit a formal request to WIPO, specifying the nature of the error and providing
supporting documentation or evidence. This request is usually submitted through the
relevant WIPO office or system, depending on the type of intellectual property
involved.
62
WIPO will review the request for rectification to determine its validity and whether
the requested correction aligns with WIPO's policies and procedures. If the request is
approved, WIPO will make the necessary corrections to the intellectual property
records. : WIPO may charge fees for the rectification process, and these fees can vary
depending on the type and complexity of the correction needed.

GLOBAL INNOVATIVE INDEX:

The Global Innovation Index, which is published annually, has been a leading
reference for measuring an economy’s innovation performance. It is published by
INSEAD, Cornell University, and the World Intellectual Property Organization (WIPO),
along with other institutions.

A large number of countries use the GII to assess and improve their innovation
ecosystems and use the GII as a reference in economic plans and/or policies.
The GII has also been recognized by the UN Economic and Social Council in its 2019
resolution on Science, Technology and Innovation for Development as an
authoritative benchmark for measuring innovation in relation to the Sustainable
Development Goals.
Parameters for computing the index include 'institutions', 'human capital and
research', 'infrastructure', 'market sophistication', 'business sophistication',
'knowledge and technology outputs' and 'create outputs'.
India has taken up structural reforms to strengthen its Intellectual property rights
(IPR) regime including modernization of IP offices, reducing legal compliances and
facilitating IP filing for start-ups, women entrepreneurs, the small industries and
others.Domestic filing of Patents registered a 46% growth in the last 5 years.
The Global Innovation Index and intellectual property are interconnected in several
ways:
IP Protection as an Indicator: The GII includes indicators related to intellectual
property protection in its assessment of countries' innovation capabilities. Strong IP
protection is often seen as a crucial factor in fostering innovation because it
encourages inventors and creators to invest in R&D, knowing that their intellectual
property rights will be safeguarded.

63
IP-Driven Innovation: Many countries that perform well in the GII have robust IP
systems that encourage innovation. They provide inventors and businesses with the
legal framework necessary to protect their inventions and creations, which, in turn,
stimulates further innovation.
IP-Related Metrics: The GII uses metrics related to IP, such as the number of patent
applications and the strength of IP laws, to evaluate a country's innovation
ecosystem.

ECMS
Electronic Content Management System: ECMS often stands for Electronic Content
Management System, which is software or a set of tools used to create, store,
organize, and manage digital documents and content within an organization. ECMS
systems help with document storage, retrieval, version control, and collaboration.

DATA BASE PROTECTION:

Database is a structured collection of data which can be used to access, manage,
control and modify easily. The protection of database is important because there
would be infringement of the data when there is a cyber-attack on it.

There are private and public databases. Private database contains confidential
information like individual facts, statistics, or items of information which are mostly
numeric. While the public databases can be accessed by all.

Global conventions like WIPO Copyright Treaty adopted at Geneva, BERNA, seek to
protect the data globally, promote originality and prevent the data breach.

Berne Convention: It’s an international agreement with the 179 contracting party
countries, regarding the protection of Literary and Artistic works in 1886. Databases
were not mentioned directly in the article but they were included, in the ‘literary and
artistic work’.

TRIPS: Trade Related Aspects of Intellectual property rights is multilateral agreement

accepted by many nations which were in Berne Convention. It is also said that it

64
agrees with the Berne’s Art 2 (5) and it’s just an advancement made by labelling it as
‘Intellectual creation’ which is protected under the linguistic and artistic works.

Copyright Treaty: This treaty was signed in 1996, Geneva and came into effect in
2002. It was a WIPO Treaty concerning the issue of the protection of database in
digital environment where, Article 5 of the treaty protects the compilation of data
(databases) that incorporate copyrightable authorship.

DATABASE PROTECTION LAWS IN INDIA

1. Contracts Act 1872:

When the parties enter a contract, business entities require protection under the
common law and the contract law. When Indian companies act as data exporters and
the other nation company act as data exporters, these contracts would be binding
and under the national legislation. There are clauses in case of breach of contract and
remedies are to be availed through alternate dispute resolution, by arbitration,
conciliation and mediation.

1. Database protection under copyrights, 1957:

The databases are protected under the copyrights where the infringement may be
punishable both in civil and a criminal way. Following the Berne convention and the
TRIPS agreement, ‘Computer database’ is treated as a ‘literary work’. A “computer
database” is included in the definition of “literary work” under Section 2(o) of
the Copyright Act.
The factor that India still follows ‘sweat of the brow’ doctrine which gives copyrights
for the time, energy and money invested upon the work and the originality of it.
Nevertheless, the copyright requires minimum amount of creativity (i.e., Modicum of
creativity).

1. Information Technology Act, 2000:

On 17th May 2000, Both the Houses approved the IT bill and on June 9th 2000 the
Act was passed. The database protection was mentioned in Section 43, which
protects the database from the infringement and also the compensation to be paid
not exceeding 1 crore if a person without the consent of the owner downloads,
copies, extracts the data from a computer. The section defines ‘database’ as
representation of information, knowledge, fact-based works, concepts or instructions
prepared in a formalized manner. Section 72 of this act protects the data of the party
involved in a contract in case of breach. According to the section, the data breacher

65
will be liable and must pay compensation not exceeding 5lacs or imprisonment of
3years or both.

1. Information Technology (Reasonable Security Practices and procedures

and sensitive personal data or information) Rules, 2011:
The Section 43A states the protection of sensitive personal data or information. If a
body of corporate contains the sensitive data of the people, it needs to take safety
precautions and procedures to safe guard it. In case of breach, the body has to pay
compensation for the people whose data is leaked.
The following will be categorized under Sensitive Personal Data:
• Passwords
• Psychological, Physiological, Physical health conditions
• Financial information like bank account number, credit card, debit card
etc.
• Sexual orientation
• Biometric Information
• Medical records and history
Rule 3 of the 2011 Rules has two more entries, which are as follows:
• any detail relating to the above clauses as provided to body corporate
for providing service
• any of the information received under above clauses by body corporate
for processing, stored or processed under lawful contract or otherwise.
1. Personal Data Protection Bill:
In July 2017, the Supreme Court of India said that privacy was a fundamental right
under Article 21- Right to life and personal liberty and the breaching of personal
information led to violation of fundamental right. A committee of experts headed by
Justice B.N. Srikrishna was formed to observe the problems related to the Data
protection in India. A bill was drafted in 2018 and presented before the Parliament in
2019. But it is still in the observatory stage by the Joint Parliamentary Committee and
yet to become an Act.
The present bill supports the IT Act 2000 and IT 2011 Rules and makes the data
protection rules more stringent. No company prior the consent of the customer must
not be allowed to share his/her data to the third party. The IT rules are applicable
only to the Companies but not the Government.
The government can access the data of an individual in case of the clear, specific and
lawful purpose. The personal data can be procured if it is required by the state to
grant something, for the legal proceedings and to respond to medical emergency. If

66
there’s an infringement of personal data, an individual can approach the Data
Protection Authority which the Bill sets up. If the individuals aren’t okay with the data
fiduciaries, they can file the case to the Tribunal which directs it to the Supreme
Court of India.

1. Aadhar Data Breach Case:

In 2018, the Aadhar Card data breach happened and more than 1.1 billion Aadhar
card holders’ personal data was breached from UADAI where the biometric and
demographic data was also collected. The Tribune newspaper reported that 10,000
Ex- employees of Ministry of Electronics and Information Technology had access to
the database and even the LPG had access to the private information of the Aadhar
Holders. The WEF Global Risk Report deemed it to be the one of the world’s largest
cases.
1. Air India Data breach case:
On May 21, 2021 there was a database breach case of Air India where more than 4.5
million customers’ passport, visa, credit card and personal information was
compromised.

SUI GENERIS EXTRACTION RIGHT:

CYBER FORENSIC TOOLS:

67
68