Professional Documents
Culture Documents
IT Act Notes
IT Act Notes
THE INFORMATION
TECHNOLOGY ACT,2000
PRESENTED BY
SRI. S.SAMBASIVA REDDY
ADDL.P.P.GR-II, ASJ COURT, HUZURABAD
1. INTRODUCTION
“The world is not run by the weapons any more, or energy or money. It is run by ones zeroes-little
bits of data. It is all electrons. There is a war. It is about who controls the information. What we see
and hear, how we work, what we think.[ sneakers MCA/ UNIVERSAL,1992 ]”
India is second largest market in world for smart phone. India is at second place regarding face book
users and thirty million twitter users. Whatsapp users are around one million. It is expected that in
next one year, mobile internet users will be three hundred twenty million and total internet users shall
be five hundred million.
The present generation cannot imagine a life without the computers. Computer, internet and
e-revolution have changed the life style of the people. Today paper based communication has been
substituted by e-communication, paper based commerce by e-commerce and paper based governance
by e-governance. Accordingly we have new terminologies like cyber world, netizens, e-transaction,
e-banking, e-return and e-contracts. But this multipurpose uses of computer increased the crime which
has been spread throughout the world.
Apart from positive side of e-revolution there is seamy side also as computer and internet in the hands
of criminals has become weapon of offence. Accordingly a new branch of jurisprudence emerged to
tackle the problems of cyber crimes in cyber space i.e. Cyber Law or Cyber Space Law or Information
Technology Law or Internet Law.
The United Nations Commission Trade Law (UNCITRAL) adopted the Model Law on Electronic
Commerce in 1996 in order to bring uniformity in the law of different countries. The General
Assembly of the United Nations by Resolution dated 30th January 1997, recommended that all the
countries should give favorable considerations to this Model Law when they enact or revise their
laws.
The Ministry of Commerce Government of India created the first draft of the legislation following
these guidelines termed as “E Commerce Act 1998”. Since later a separate ministry for Information
technology came into being ,the draft was taken over by the new ministry which redrafted the
legislation as “Information Technology Bill 1999”. This draft was placed in the Parliament in
December 1999 and was passed in May 2000. After the assent of the President on June 9, 2000, the
Act was finally notified with the effect from October 17,2000.
II. DEFINATIONS (Sec.2 of IT Act). The I. T. Act, 2000 provides for following definitions;
a. Computer: ‘Computer’ means any electronic magnetic, optical or other high-speed data
processing device or system which performs logical, arithmetic, and memory functions by
manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing,
storage, computer software, or communication facilities which are connected or related to the
computer in a computer system or computer network; So is the word ‘computer system’ which means
a device or a collection of devices with input, output and storage capabilities. Interestingly, the word
‘computer’ and ‘computer system’ have been so widely defined to mean any electronic device with
data processing capability, performing computer functions like logical, arithmetic and memory
functions with input, storage and output capabilities.
Similarly the word ‘communication devices’ inserted in the ITAA-2008 has been given an inclusive
definition, taking into its coverage cell phones, personal digital assistance or such other devices used
to transmit any text, video etc like what was later being marketed as iPad or other similar devices on
Wi-fi and cellular models.
b. Digital Signature: Digital signature was defined in the ITA -2000 as “authentication of electronic
record” as per procedure laid down in Section 3.
Section 3 of the IT Act discussed the use of asymmetric crypto system and the use of Public Key
Infrastructure and hash function etc. This was later criticized to be technology dependent ie., relying
on the specific technology of asymmetric crypto system and the hash function generating a pair of
public and private key authentication etc. Thus Section 3 which was originally “Digital Signature”
was later renamed as “Digital Signature and Electronic Signature” in ITAA - 2008 thus introducing
technological neutrality by adoption of electronic signatures as a legally valid mode of executing
signatures. This includes digital signatures as one of the modes of signatures and is far broader in
ambit covering biometrics and other new forms of creating electronic signatures not confining the
recognition to digital signature process alone.
M/s. TCS, M/s. Safescript and M/s. MTNL are some of the digital signature certifying authorities in
India, IDRBT (Institute for Development of Research in Banking Technology – the research wing of
RBI) is the Certifying Authorities (CA) for the Indian Banking and financial sector licensed by the
Controller of Certifying Authorities, Government of India.
It is relevant to understand the meaning of digital signature (or electronic signature) here. It would be
pertinent to note that electronic signature (or the earlier digital signature) as stipulated in the Act is
NOT a digitized signature or a scanned signature. In fact, in electronic signature (or digital signature)
there is no real signature by the person, in the conventional sense of the term. Electronic signature is
not the process of storing ones signature or scanning ones signature and sending it in an electronic
communication like email. It is a process of authentication of message using the procedure laid down
in Section 3 of the Act. The other forms of authentication that is simpler to use such as biometric
based retina scanning etc can be quite useful in effective implementation of the Act.
III. DIGITAL SIGNATURE & ELECTRONIC SIGNATURE (CHAPTER- II Sec.3 & 3-A)
The term „Digital Signature‟ was defined in the old I. T. Act, 2000. This term was replaced by
„Electronic Signature‟ by the amending Act of I. T. Act, 2008. Certainly the concept of Electronic
Signature is much wider than term Digital Signature. Section 3 of the Act provides for authentication
of Electronic Records by affixing his Digital Signature. It shall be effected by the use of asymmetric
crypto system and hash function which envelop and transform the initial electronic record into another
electronic record. By the Amendment Act of 2008 Section 3(A) was embedded in the Act. The newly
added provision provides for authentication of electronic record by electronic signature or electronic
authentication technique which is, considered reliable and may be specified in the second schedule.
Sub Clause (2) provides the circumstances in which the electronic signature or electronic
authentication technique shall be considered reliable.
This chapter discusses Electronic governance issues and procedures and the legal recognition to
electronic records is dealt with in detail in Section 4 followed by description of procedures on
electronic records, storage and maintenance and according recognition to the validity of contracts
formed through electronic means. Procedures relating to electronic signatures and regulatory
guidelines for certifying authorities have been laid down in the sections that follow.
V. Chapter-IV of IT Act from Sec. 11 to 13 deals with the Attribution, Acknowledgment and
dispatch of electronic records.
VI. Chapter-V of IT Act from Sec. 14 to 16 deals with Secure Electronic Records and Secure
Electronic Signatures. This chapter mainly deals with the Secure electronic record and Secure
electronic signature, Security procedures and practices.
VII. Chapter-VI of the IT Act from Sec.17 to 34 deal with Regulation of Certifying Authorities. The
regulation of Certifying Authority (CA) is a statutory function of the Controller of Certifying
Authority (CCA) and under the IT Act he has to act as administrative authority rather than quasi-
judicial body. This chapter further deals with the appointment of controller and other officers and
their functions, recognition and revocation of foreign certifying authorities, issues relating license to
issue electronic certificates and its renewal, rejection and suspension and procedure to be followed by
certifying authorities etc.,
VIII. Chapter-VII of IT Act from Sec. 35 to 39 deal with Electronic Signature Certificate,
suspension and revocation of electronic certificates etc.,
IX. Chapter-VIII of IT Act from sec. 40- 42 deals with the Subscribers. Subscriber means a person
in whose name the Electronic Signature Certificate is issued. This chapter further deals with
generating Key par, Duties of subscriber of Electronic Signature Certificate, Acceptance of Digital
Signature Certificate, Control of Private Key.
X. PENALTIES, COMPENSATION AND ADJUDICATION (CHAPTER-IX Sec.43 to 47)
i. Penalty and compensation for damage to computer, computer system, etc. (Sec.43)
If any person without permission of the owner or any other person who is in-charge of a computer,
computer system or computer network does any of the following acts then he shall be liable to pay
damages by way of compensation to the person so affected –
a. Accesses or secures access to such computer, computer system or computer network or computer
resource;
b. Downloads, copies or extracts any data, computer data base or information from such computer,
computer system or computer network including information or data held or stored in any removable
storage medium;
c. Introduces or causes to be introduced any computer contaminant or computer virus into any
computer, computer system or computer network;
d. Damages or causes to be damaged any computer, computer system or computer network, data,
computer database or any other programmes residing in such computer, computer system or computer
network;
e. Disrupts or causes disruption of any computer, computer system or computer network;
f. Denies or causes the denial of access to any person authorized to access any computer, computer
system or computer network by any means;
g. Provides any assistance to any person to facilitate access to a computer, computer system or
computer network in contravention of the provisions of this Act, rules or regulations made thereunder;
h. Charges the services availed of by a person to the account of another person by tampering with or
manipulating any computer, computer system or computer network;
i. Destroys, deletes or alters any information residing in a computer resource or diminishes its value or
utility or affects it injuriously by any means;
j. Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any
computer source code used for a computer resource with an intention to cause damage.
Explanations
‘Computer contaminant’ means any set of computer instructions that are designed –
a. To modify, destroy, record, transmit data or programme residing within a computer, computer
system or computer network; or
b. By any means to usurp the normal operation of the computer, computer system, or computer
network.
‘Computer virus’ means any computer instruction, information, data or programme that destroys,
damages, degrades or adversely affects the performance of a computer resource or attaches itself to
another computer resource and operates when a programme, data or instruction is executed or some
other event takes place in that computer resource.
‘Damage’ means to destroy, alter, delete, add, modify or rearrange any computer resource by any
means.
‘Computer source code’ means the listing of programmes, computer commands, design and layout
and programme analysis of computer resource in any form.
‘Reasonable security practices and procedures’ means security practices and procedures designed to
protect such information from unauthorized access, damage, use, modification, disclosure or
impairment, as may be specified in an agreement between the parties or as may be specified in any
law for the time being in force and in the absence of such agreement or any law, such reasonable
security practices and procedures as may be prescribed by the Central Government in consultation
with such professional bodies or associations as it may deem fit.
‘Sensitive personal data or information’ means such personal information as may be prescribed by the
Central Government in consultation with such professional bodies or associations as it may deem fit.
However, where the claim for injury or damage exceeds Rs. 5 crore then the jurisdiction would vest
with the competent court.
The adjudicating officer shall give the accused a reasonable opportunity for making representation in
the matter. If, after inquiry, he is satisfied that the person has committed the contravention then he
may impose such penalty or award such compensation as he thinks fit.
The person to be appointed as adjudicating officer shall possess such experience in the field of
Information Technology and legal or judicial experience as may be prescribed by the Central
Government.
Where more than one adjudicating officers are appointed, then the Central Government shall specify
the matters and places with respect to which such officers shall exercise their jurisdiction.
Every adjudicating officer shall have the powers of a civil court which are conferred on the Cyber
Appellate Tribunal u/s 58 (2) and –
a. All proceedings before it shall be deemed to be judicial proceedings within the meaning of Sections
193 and 228 of the Indian Penal Code, 1860;
b. Shall be deemed to be a civil court for the purposes of Sections 345 and 346 of the Code of
Criminal Procedure, 1973;
c. Shall be deemed to be a civil court for purposes of Order XXI of the Civil Procedure Code, 1908.
XI. Chapter X from Sec. 48 to 64 deals with Establishment of Cyber Appellate Tribunal,
Composition of Cyber Appellate Tribunal, Qualification for appointment as Chairperson and
Members of Cyber Appellate Tribunal, Term of office, conditions of service, etc., of Chairperson and
Members, Salary, allowances and other terms and conditions of service of Chairperson and Members,
Power of superintendence, direction, Distribution of business among Benches, Power of Chairperson
to transfer cases, Filling up of vacancies, Resignation and removal, Staff of the Cyber Appellate
Tribunal, Appeal to Cyber Appellate Tribunal and Limitation period for filing an appeal etc., Sec. 61
of IT Act makes it clear that No civil court shall have jurisdiction to entertain any suit or proceeding
in respect of any matter which an adjudicating officer appointed under this Act or the Cyber Appellate
Tribunal constituted under this Act is empowered by this Act to determine and no injunction shall be
granted by any court or other authority in respect of any action taken or to be taken in pursuance of
any power conferred by this Act. This Act further deals with Appeal to high court and Compounding
of contraventions.
3. Punishment for sending offensive messages through communication service, etc. (Sec.66A)
Any person who, by means of a computer resource or a communication device, sends –
a. Any information that is grossly offensive or has a menacing character; or
b. Any information which he knows to be false, but for the purpose of causing annoyance,
inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will,
persistently by making use of such computer resource or a communication device; or
c. Any electronic mail or electronic mail message for the purpose of causing annoyance or
inconvenience or to deceive or to mislead the addressee or recipient about the origin of such
messages, shall be punishable with imprisonment for a term which may extend to 3 years and with
fine.
The ‘communication device’ means cell phones, personal digital assistance or combination of both or
any other device used to communicate, send or transmit any text, video, audio or image.
10. Punishment for publishing or transmitting of material containing sexually explicit act etc. in
electronic form (Sec.67A)
Any person who, publishes or transmits or causes to be published or transmitted in the electronic form
any material which contains sexually explicit act or conduct, shall be punished on first conviction
with imprisonment of either description for a term which may extend to 5 years and with fine which
may extend to Rs. 10 lakh, and in the event of second or subsequent conviction with imprisonment of
either description for a term which may extend to 7 years and also with fine which may extend to Rs.
10 lakh.
11. Punishment for publishing or transmitting of material depicting children in sexually explicit
act etc. in electronic form (Sec.67B)
Any person who,
a. Publishes or transmits or causes to be published or transmitted material in any electronic form
which depicts children engaged in sexually explicit act or conduct; or
b. Creates text or digital images, collects, seeks, browses, downloads, advertises, promotes, exchanges
or distributes material in any electronic form depicting children in obscene or indecent or sexually
explicit manner; or
c. Cultivates, entices or induces children to online relationship with one or more children for and on
sexually explicit act or in a manner that may offend a reasonable adult on the computer resource; or
d. Facilitates abusing children online; or
e. Records in any electronic form own abuse or that of others pertaining to sexually explicit act with
children, shall be punished on first conviction with imprisonment of either description for a term
which may extend to 5 years and with fine which may extend to Rs. 10 lakh and in the event of
second or subsequent conviction with imprisonment of either description for a term which may extend
to 7 years and also with fine which may extend to Rs. 10 lakh.
However, these provisions does not extend to any book, pamphlet, paper, writing, drawing, painting
representation or figure in electronic form –
a. The publication of which is proved to be justified as being for the public good on the ground that
such book, pamphlet, paper, writing, drawing, painting representation or figure is in the interest of
science, literature, art or learning or other objects of general concern; or
b. which is kept or used for bona fide heritage or religious purposes.
14. Power to issue directions for interception or monitoring or decryption of any information
through any computer resource (Sec.69)
Where the Central Government or a State Government or any of its officers specially authorized by
the Central Government or the State Government, is satisfied that it is necessary or expedient to do so
in the interest of the sovereignty or integrity of India, defence of India, security of the State, friendly
relations with foreign States or public order or for preventing incitement to the commission of any
cognizable offence relating to above or for investigation of any offence, then it may by an order,
direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be
intercepted or monitored or decrypted any information generated, transmitted, received or stored in
any computer resource.The procedure and safeguards subject to which such interception or
monitoring or decryption may be carried out, shall be such as may be prescribed.
The subscriber or intermediary or any person in-charge of the computer resource shall, when called
upon by any agency, extend all facilities and technical assistance to –
a. Provide access to or secure access to the computer resource generating, transmitting, receiving or
storing such information; or
b. Intercept, monitor or decrypt the information; or
c. Provide information stored in the computer resource.
The subscriber or intermediary or any person who fails to assist such agency shall be punished with
imprisonment for a term which may extend to 7 years and shall also be liable to fine.
15. Power to issue directions for blocking for public access of any information through any
computer resource (Sec.69A)
Where the Central Government or any of its officers specially authorized by it in this behalf is
satisfied that it is necessary or expedient to do so, in the interest of sovereignty or integrity of India,
defence of India, security of the State, friendly relations with foreign States or public order or for
preventing incitement to the commission of any cognizable offence relating to above, then it may, by
order, direct any agency of the Government or intermediary to block for access by the public or cause
to be blocked for access by the public any information generated, transmitted, received, stored or
hosted in any computer resource.
The procedure and safeguards subject to which such blocking for access by the public may be carried
out shall be such as may be prescribed.
The intermediary who fails to comply with such direction shall be punished with imprisonment for a
term which may extend to 7 years and shall also be liable to fine.
16. Power to authorize to monitor and collect traffic data or information through any computer
resource for cyber security (Sec.69B)
To enhance cyber security and for identification, analysis and prevention of intrusion or spread of
computer contaminant in the country, the Central Government may by notification in the Official
Gazette, authorize any agency of the Government to monitor and collect traffic data or information
generated, transmitted, received or stored in any computer resource.
The intermediary or any person-in-charge of the computer resource, when called upon by such
agency, shall provide technical assistance and extend all facilities to such agency to enable online
access or to secure and provide online access to the computer resource generating, transmitting,
receiving or storing such traffic data or information.
The procedure and safeguard for monitoring and collecting traffic data or information, shall be such
as may be prescribed.
Any intermediary who intentionally or knowingly contravenes the above said duty shall be punished
with imprisonment for a term which may extend to 3 years and shall also be liable to fine.
17. Protected system (Sec.70)
The appropriate Government may, by notification in the Official Gazette, declare any computer
resource which directly or indirectly affects the facility of Critical Information Infrastructure, to be a
protected system.
‘Critical Information Infrastructure’ means the computer resource, the incapacitation or destruction
of which, shall have debilitating impact on national security, economy, public health or safety.
The appropriate Government may, by order in writing, authorize the persons to access such protected
systems.
Any person who secures access or attempts to secure access to a protected system in contravention of
the above provisions shall be punished with imprisonment of either description for a term which may
extend to 10 years and shall also be liable to fine.
The Central Government shall prescribe the information security practices and procedures for such
protected system.
19. Indian Computer Emergency Response Team to serve as national agency for incident
response (Sec.70B)
The Central Government shall, by notification in the Official Gazette, appoint an agency of the
Government to be called the Indian Computer Emergency Response Team.
The Central Government shall provide such agency with a Director-General and such other officers
and employees as may be prescribed.
The salary and allowances and terms and conditions of the Director-General and other officers and
employees shall be such as may be prescribed.
The Indian Computer Emergency Response Team shall serve as the national agency for performing
the following functions in the area of cyber security –
a. Collection, analysis and dissemination of information on cyber incidents;
b. Forecast and alerts of cyber security incidents;
c. Emergency measures for handling cyber security incidents;
d. Coordination of cyber incidents response activities;
e. Issuing guidelines, advisories, vulnerability notes and whitepapers relating to information security
practices, procedures, prevention, response and reporting of cyber incidents;
f. Such other functions relating to cyber security as may be prescribed.
The manner of performing functions and duties of the agency shall be such as may be prescribed. For
performing its functions, the agency may call for information and give directions to the service
providers, intermediaries, data centers, body corporate and any other person. Any service provider,
intermediaries, data centers, body corporate or person who fails to provide the information called for
or comply with the direction shall be punishable with imprisonment for a term which may extend to 1
year or with fine which may extend to Rs. 1 lakh or with both. However, no court shall take
cognizance of any offence except on a complaint made by an officer authorized in this behalf by the
agency.
23. Penalty for publishing Electronic Signature Certificate false in certain particulars (Sec.73)
No person shall publish an Electronic Signature Certificate or otherwise make it available to any other
person with the knowledge that –
a. The Certifying Authority listed in the certificate has not issued it; or
b. The subscriber listed in the certificate has not accepted it; or
c. The certificate has been revoked or suspended,
unless such publication is for the purpose of verifying a electronic signature created prior to such
suspension or revocation.
Any person who contravenes above provisions shall be punished with imprisonment for a term which
may extend to 2 years or with fine which may extend to Rs. 1 lakh or with both.
25. Act to apply for offence or contravention committed outside India (Sec.75)
The provisions of this Act shall apply also to any offence or contravention committed outside India by
any person irrespective of his nationality.
However, for such liability the act or conduct constituting the offence or contravention should involve
a computer, computer system or computer network located in India.
However, where it is established to the satisfaction of the court adjudicating the confiscation that the
person in whose possession, power or control of any such computer, computer system, floppies,
compact disks, tape drives or any other accessories relating thereto is found, is not responsible for the
contravention of the provisions of this Act, rules, orders or regulations made thereunder, then the
court may, instead of making an order for confiscation of such computer, computer system, floppies,
compact disks, tape drives or any other accessories related thereto, make such other order authorized
by this Act against the person contravening the provisions of this Act, rules, orders or regulations
made thereunder as it may think fit.
27. Compensation, penalties or confiscation not to interfere with other punishment (Sec.77)
No compensation awarded, penalty imposed or confiscation made under this Act shall prevent the
award of compensation or imposition of any other penalty or punishment under any other law for the
time being in force.
XIII. Chapter XII section 79 of IT Act deal with Intermediaries and their bein not liable in certain
cases.
iii. Application of the Act to electronic cheque and truncated cheque. (Sec.81A)
(1) The provisions of this Act, for the time being in force, shall apply to, or in relation to, electronic
cheques and the truncated cheques subject to such modifications and amendments as may be
necessary for carrying out the purposes of the Negotiable Instruments Act, 1881 (26 of 1881) by the
Central Government, in consultation with the Reserve Bank of India, by notification in the Official
Gazette.
(2) Every notification made by the Central Government under sub-section (1) shall be laid, as soon as
may be after it is made, before each House of Parliament, while it is in session, for a total period of
thirty days which may be comprised in one session or in two or more successive sessions, and if,
before the expiry of the session immediately following the session or the successive sessions
aforesaid, both Houses agree in making any modification in the notification or both Houses agree that
the notification should not be made, the notification shall thereafter have effect only in such modified
form or be of no effect, as the case may be; so, however, that any such modification or annulment
shall be without prejudice to the validity of anything previously done under that notification.
Explanation.—For the purposes of this Act, the expression “electronic cheque” and “truncated
cheque” shall have the same meaning as assigned to them in section 6 of the Negotiable Instruments
Act, 1881 (26 of 1881)]. 82
Prior to the enactment of the IT Act, 2000 even an e-mail was not accepted under the prevailing
statutes of India as an accepted legal form of communication and as evidence in a court of law. But
the IT Act, 2000 changed this scenario by legal recognition of the electronic format. Indeed, the IT
Act, 2000 is a step forward.
From the perspective of the corporate sector, companies shall be able to carry out electronic
commerce using the legal infrastructure provided by the IT Act, 2000. Till the coming into effect of
the Indian Cyber law, the growth of electronic commerce was impeded in our country basically
because there was no legal infrastructure to regulate commercial transactions online.
Corporate will now be able to use digital signatures to carry out their transactions online. These digital
signatures have been given legal validity and sanction under the IT Act, 2000.
In today’s scenario, information is stored by the companies on their respective computer system, apart
from maintaining a back up. Under the IT Act, 2000, it shall now be possible for corporate to have a
statutory remedy if any one breaks into their computer systems or networks and causes damages or
copies data. The remedy provided by the IT Act, 2000 is in the form of monetary damages, by the
way of compensation, not exceeding Rs. 1, 00, 00,000.
IT Act, 2000 has defined various cyber crimes which includes hacking and damage to the computer
code. Prior to the coming into effect of the Indian Cyber law, the corporate were helpless as there was
no legal redress for such issues. But the IT Act, 2000 changes the scene altogether.
B) The Information Technology (Electronic Service Delivery) Rules, 2011 These rules provide for
creation of a system of electronic delivery of services. Under the Electronic Service Delivery Rules
the government can specify certain services, such as applications, certificates, licenses etc, to be
delivered electronically.
C) The Information Technology (Intermediaries Guidelines) Rules, 2011. These rules provide the
rights and responsibilities of internet intermediaries in India. If the Internet intermediaries follow
these rules and exercise proper cyber due diligence, they are entitled to a “safe harbour protection”.
Otherwise, they are liable for various acts or omission occurring at their respective platforms once the
matter has been brought to their notice.
D) The Information Technology (Guidelines For Cyber Cafe) Rules, 2011. According to these
guidelines, cyber cafes should register themselves with an appropriate government agency, and
provide services to users only after establishing their identity. It also deals with maintenance of
records of such identity as well as log of sites visited, among others.
E) The Cyber Appellate Tribunal (Salary, Allowances And Other Terms And Conditions Of Service
Of Chairperson And Members) Rules, 2009. These rules provide for the salary, allowances and terms
of service of the Chairperson and members of the Cyber Appellate Tribunal.
H) The Information Technology (Procedure And Safeguards For Interception, Monitoring And
Decryption Of Information) Rules, 2009. These rules explain the procedure and safeguards subject to
which such interception or monitoring or decryption may be carried out.
I) The Information Technology (Procedure And Safeguard For Monitoring And Collecting Traffic
Data Or Information) Rules, 2009 It contains the procedure for aggregate monitoring of
communications and the procedural safeguards to be observed in them.
J) The Information Technology (Use Of Electronic Records And Digital Signatures) Rules, 2004.
These rules deal with the manner and format in which the electronic records should be filed, created
or issued. It also states the manner or method of payment of any fees or charges for filing or creating
any electronic record.
K) The Information Technology (Security Procedure) Rules, 2004. These rules prescribe the
provisions relating to secure digital signatures and secure electronic records.
L) The Information Technology (Other Standards) Rules, 2003. The rules deal with the standards to
be observed by the Controller to ensure that the secrecy and security of the digital signatures are
assured.
M) The Information Technology (Certifying Authority) Regulations, 2001.The regulation details the
technical standards and procedures to be used by a Certifying Authority.
N) Information Technology (Certifying Authorities) Rules, 2000. This rule deals with licensing of
Certifying authorities and the procedures that need to be complied by them. It also prescribed the
eligibility, appointment and working of Certifying Authorities.
7. CYBER CRIME
Cyber crime means any criminal activity in which a computer or network is the source, tool or target
or place of crime. The Cambridge English Dictionary defines cyber crimes as crimes committed with
the use of computers or relating to computers, especially through internet. Crimes involving use of
information or usage of electronic means in furtherance of crime are covered under the scope of cyber
crime.
It is the darker side of technology. The term „Cyber Crime’ finds no mention either in The
Information Technology Act 2000 or in any legislation of the Country. Cyber Crime is not different
than the traditional crime. The only difference is that in Cyber Crime the computer technology is
involved. This can be explained by following instance;
Traditional Theft : A thief enters in B‟s house and steals an object kept in the house. Hacking : A
Cyber Criminal sitting in his own house, through his computer hacks the computer of B and steals the
data saved in B‟s computer without physically touching the computer or entering in B‟s house.
As per government National Crime Bureau report, there were 9,600 cases reported in year 2014.
Unofficial sources indicate that it is beyond 3 lacs.
Cyber Crimes may be committed against persons, property and government. The common types of
cyber crimes may be discussed under the following heads.
1. Hacking - A hacker is an unauthorized user who attempts to or gains access to an information
system. Hacking is a crime even if there is no visible damage to the system, since it is an invasion in
to the privacy of data. There are different classes of Hackers.
a) White Hat Hackers - They believe that information sharing is good, and that it is their duty to share
their expertise by facilitating access to information. However there are some white hat hackers who
are just “joy riding" on computer systems.
b) Black Hat Hackers - They cause damage after intrusion. They may steal or modify data or insert
viruses or worms which damage the system. They are also called ‘crackers’.
c) Grey Hat Hackers - Typically ethical but occasionally violates hacker ethics Hackers will hack into
networks, stand-alone computers and software. Network hackers try to gain unauthorized access to
private computer networks just for challenge, curiosity, and distribution of information. Crackers
perform unauthorized intrusion with damage like stealing or changing of information or inserting
malware (viruses or worms)
d) Ethical Hackers- will be used to know the roots of the cyber crimes by the investigations
department authorized by government to detect and prevent the cyber crimes.
2. Cyber Stalking - This crime involves use of internet to harass someone. The behavior includes
false accusations, threats etc. Normally, majority of cyber stalkers are men and the majority of victims
are women.
3. Spamming - Spamming is sending of unsolicited bulk and commercial messages over the internet.
Although irritating to most email users, it is not illegal unless it causes damage such as overloading
network and disrupting service to subscribers or creates .negative impact on consumer attitudes
towards Internet Service Provider.
4. Cyber Pornography - Women and children are victims of sexual exploitation through internet.
Pedophiles use the internet to send photos of illegal child pornography to targeted children so as to
attract children to such funs. Later they are sexually exploited for gains.
6. Software Piracy - It is an illegal reproduction and distribution of software for business or personal
use. This is considered to be a type of infringement of copy right and a violation of a license
agreement. Since the unauthorized user is not a party to the license agreement it is difficult to find out
remedies.
7. Corporate Espionage - It means theft of trade secrets through illegal means such as wire taps or
illegal intrusions.
8. Money Laundering - It means moving of illegally acquired cash through financial and other
systems so that it appears to be legally acquired. eg. Transport cash to a country having less stringent
banking regulations and move it back by way of loans the interest of which can be deducted from his
taxes. This is possible prior to computer and internet technology, electronic transfers have made it
easier and more successful.
9. Embezzlement - Unlawful misappropriation of money, property or any other thing of value that
has been entrusted to the offender’s care, custody or control is called embezzlement. Internet facilities
are misused to commit this crime.
10. Password Sniffers - Password sniffers are programmes that monitor and record the name and
password of network users as they log in, jeopardizing security at a site. Whoever installs the sniffer
can impersonate an authorized user and log in to access on restricted documents.
11. Spoofing - It is the act of disguising one computer to electronically “look” like another compute,
in order to gain access to a system that would be normally is restricted. Spoofing was used to access
valuable information stored in a computer belonging to security expert Tsutomu Shimomura.
12. Credit Card Fraud - In U.S.A. half a billion dollars have been lost annually by consumers who
have credit cards and calling card numbers. These are stolen from on-line databases.
13. Web Jacking - The term refers to forceful taking of control of a web site by cracking the
password.
14. Cyber terrorism - The use of computer resources to intimidate or coerce government, the civilian
population or any segment thereof in furtherance of political or social objectives is called cyber
terrorism. Individuals and groups quite often try to exploit anonymous character of the internet to
threaten governments and terrorize the citizens of the country.
8. ELECTRONIC EVIDENCE
Today, virtually every crime has an electronic component in terms of computers and electronic
technology being used to facilitate the crime. Computers or cell phones used in crimes may contain a
host of evidence related to the crime, whether it is a conventional crime or a terrorist act.
The type of evidence that we are dealing with has been variously described as 'electronic evidence',
'digital evidence' or 'computer evidence'.
This definition has three elements. First, it is intended to include all forms of evidence that is created,
manipulated or stored in a product that can, in its widest meaning, be considered a computer,
excluding for the time being the human brain.
Second, it aims to include the various forms of devices by which data can be stored or transmitted,
including analogue devices that produce an output. Ideally, this definition will include any form of
device, whether it is a computer as we presently understand the meaning of a computer; telephone
systems, wireless telecommunications systems and networks, such as the Internet; and computer
systems that are embedded into a device, such as mobile telephones, smart cards and navigation
systems.
The third element restricts the data to information that is relevant to the process by which a dispute,
whatever the nature of the disagreement, is decided by an adjudicator, whatever the form and level the
adjudication takes. This part of the definition includes one aspect of admissibility – relevance only –
but does not use 'admissibility' in itself as a defining criteria, because some evidence will be
admissible but excluded by the adjudicator within the remit of their authority, or inadmissible for
reasons that have nothing to do with the nature of the evidence – for instance because of the way it
was collected. The last criteria, however, restricts the definition of electronic evidence to those items
offered by the parties as part of the fact finding process.
Electronic documents are easy to manipulate: they can be copied, altered, up-dated, deleted (deleted
does not mean expunged) or intercepted.
i. THE COMPUTER :
The term 'computer' is often used generically to describe almost any form of processing unit.
However, not all devices are appropriately termed a computer. For the purposes of this text, a
computer can be defined in terms of a set of characteristics that illustrate how it functions. This
account is sometimes called an input-processing-output model :
(a) It receives an input of some sort, by way of a local file, mouse, keyboard or through a
communication channel (such as a network connection).
(b) It processes the information.
(c) It produces an output to a local file or a printer, for instances.
(d) It must be able to store information.
(e) It must be able to control what it does.
v. METADATA :
Metadata is, essentially, data about data. In electronic documents, metadata tends to be information
that is hidden from the replication of the text as viewed on a screen. Physical documents can be
subject to intensive scrutiny, and the data contained on the document can be analysed in great detail.
v. DELETED FILES :
File systems keep a record of where data are located on a disk. The way data are stored will differ,
depending on the operating software and the architecture of the method used to allocate blocks of
storage for files. In simple terms, the location of data on a disk is controlled by a file system.
vi. NETWORKS :
Gone are the days when most computers stood alone on a desk. The majority of computers are now
connected, or are intermittently connected, to some form of network. The trials left by the assortment
of logs and files in computers can produce digital evidence in abundance, including use of email,
connecting to the Internet and viewing websites, and the transfer of files between computers. Other
sources of digital evidence can be obtained from server.
Types of network -
(a) Internet - The Internet is a global system of interconnected computer networks that use the Internet
protocol suite (TCP/IP) to link several billion devices worldwide. It is a network of networks that
consists of millions of private, public, academic, business, and government networks of local to global
scope, linked by a broad array of electronic, wireless, and optical networking technologies. The
Internet carries an extensive range of information resources and services, such as the inter-linked
hypertext documents and applications of the World Wide Web (WWW), electronic mail, telephony,
and peer-to-peer networks for file sharing.
(b) Corporate intranets - An intranet, usually run by a large organisation, is a network that is based on
the Internet protocols. In Principle, an intranet is only available to members, employees or others with
authorisation to enter it and use the information contained on the intranet.
(c) Wireless networking - Wireless networking is also known as Wi-Fi meaning wireless fidelity.
(d) Cellular networks - The technology that enables devices to transfer data between a computer and a
cellular telephone, and between cellular telephones, is developing rapidly.
(e) Dial-up - Occasionally, computers are still connected to the Internet by means of the traditional
copper telephone line.
F. TOOLS :
A digital evidence specialist will not only, ideally, require an in-depth knowledge of the operating
system they are to investigate, but they will also need to use a number of proprietary tools in the
performance of their investigation and analysis of digital evidence. The types of took they use will
depend on the operating system (Windows, Unix, Macintosh) they are required to look at, and
whether they are investigating a network, hand held devices, embedded systems or wireless networks.
I. RECOVERING DATA :
Increasing numbers of people delete the contents of their hard drives in computers in anticipation of
legal action or after legal action has begun. There are several techniques that can be used to recover
data that has been deleted. This can be done manually or using tools, depending on the complexity of
the problem faced.
xvi. Delhi Police School and Multimedia Message Service (MMS) Clip Case,
A Delhi Public School boy allegedly filmed his girlfriend in an act of oral sex with him on his cell
phone camera which is to be called as MMS clip. This video clip was then forwarded by him to his
friends, and then his friends sent it to others. Gradually, within a minute it was available to almost all
users and even it was available for small price to the roadside vendors. The clip was copied to VCD
(Video Compact Disk) for sale and distribution. One IIT Kharagpur student named Ravi Raj put that
MMS clip of 2.37 minutes for auction on the Baazee.com which was India’s top auction website and
owned by e-Bay. The Delhi police arrested DPS student, Mr. Ravi Ray Singh and the portal’s CEO,
Mr. Avnish Bajaj. The counsel for the boy contended that the charge against his client is totally false
and it is very difficult to prove who was that particular person because there was no visual of his face
in the clip and he prayed for bail u/s 12 of the Juvenile Justice Act, 2000 though he was arrested u/s
293, 294, 201 of the IPC, 1860 and Section 67 of the IT Act, 2000. Thus, Delhi Public School scandal
was not only the issue of child pornography but also MMS clip in cyberspace. In MMS Clip of School
Girl in Orkut Case, a class XII student was arrested by the cyber crime cell of the Noida police and
the arrested student had confessed that he along with his friends created the picture of a girl,
circulated among friends and created a fake profile of that school girl in Orkut website. He was
arrested under the IPC, the Indecent Representation of Women Act and Section 67 of the IT Act,
2000. The victim girl was in clinical depression since she saw her profile in website which was posted
by her school mates.
xvii. Dr. L. Prakash Case the accused, an orthopedic surgeon along with his 3 staff was arrested for
making cyber pornographic images of his clients forcefully and putting up pornographic images of
those women patients on the internet. The Fast Track Court sentenced accused with life imprisonment
and other 3 co-accused with 7 years rigorous imprisonment. MMS Clip in Krishna Nagar, West
Bengal Case a former boyfriend aged about 22 of victim was alleged to have circulated nude pictures
of a first-year College girl from his mobile phone after he got married with another girl. The girl and
her sister had decided not to go to University even for examinations and not to face neighbors. The
entire family was in ridiculous situation that they even could not step out of house due to taunts about
those pictures. Father of alleged accused was an affluent bell metal trader. He was arrested on the as
victim’s father’s complaint though alleged accused was roaming freely. The Officer-in-Charge of
police station said that “during their affair, accused had taken video clips on his mobile phone which
he circulated among youths in the locality. He also said that the boy’s father knew and encouraged the
same that was the cause of his arrest.
xviii. Ritu Kohli case One Mrs. Ritu Kohli complained to the police against the a person who was
using her identity to chat over the Internet at the website www.mirc.com, mostly in the Delhi channel
for four consecutive days. Mrs. Kohli further complained that the person was chatting on the Net,
using her name and giving her address and was talking obscene language. The same person was also
deliberately giving her telephone number to other chatters encouraging them to call Ritu Kohli at odd
hours. Consequently, Mrs Kohli received almost 40 calls in three days mostly at odd hours from as far
away as Kuwait, Cochin, Bombay and Ahmedabad. The said calls created havoc in the personal life
and mental peace of Ritu Kohli who decided to report the matter. The IP addresses were traced and
the police investigated the entire matter and ultimately arrested Manish Kathuria on the said
complaint. Manish apparently pleaded guilty and was arrested. A case was registered under section
509, of the Indian Penal Code (IPC).
1. ADMISSIBILITY OF ELECTRONIC-EVIDENCE
i. State v. Mohd. Afzal (2003) SCCONLINE DEL 935; 2003 (0) Supreme(Del) 1027;
The Division Bench of Delhi High Court held that in The last few years of the 20th Century saw rapid
strides in the field of information and technology. The expanding horizon of science and technology
threw new challenges for the ones who had to deal with proof of facts in disputes where advanced
techniques in technology was used and brought in aid. Storage, processing and transmission of data on
magnetic and silicon medium became cost effective and easy to handle. Conventional means of
records and data processing became out dated. Law had to respond and gallop with the technical
advancement. He who sleeps when the sun rises, misses the beauty of the dawn. Law did not sleep
when the dawn of Information and Technology broke on the horizon. World over, statutes were
enacted. Rules relating to admissibility of electronic evidence and its proof were incorporated.”
New Sections 65A and 65B are introduced to the Evidence Act under the Second Schedule to the IT
Act. Section 5 of the Evidence Act provides that evidence can be given regarding only facts that are at
issue or of relevance. Section 136 empowers a judge to decide on the admissibility of the evidence.
New provision Section 65A provides that the contents of electronic records may be proved in
accordance with the provisions of Section 65B. Section 65B provides that notwithstanding anything
contained in the Evidence Act, any information contained in an electronic record (ie, the contents of a
document or communication printed on paper that has been stored, recorded and copied in optical or
magnetic media produced by a computer (‘computer output’)), is deemed to be a document and is
admissible in evidence without further proof of the original’s production, provided that the conditions
set out in Section 65B(2) to (5) are satisfied.
iii. Ajmal Kasab case, (2012) 9 SCC 1; As we saw in the Ajmal Kasab case, terrorists these days
plan all their activities either face-to-face, or through software. Being able to produce transcripts of
internet transactions helped the prosecution case a great deal in proving the guilt of the accused.
iv. State (NCT of Delhi) v. Navjot Sandhu @ Afsan Guru AIR 2005 SC 3820
The links between the slain terrorists and the masterminds of the attack were established only through
phone call transcripts obtained from the mobile service providers.
vii. Abdul Rahaman Kunji vs. The State of West Bengal MANU/WB/0828/ 2014 The Hon’ble
High Court of Calcutta while deciding the admissibility of email held that an email downloaded and
printed from the email account of the person can be proved by virtue of Section 65B r/w Section 88A
of Evidence Act. The testimony of the witness to carry out such procedure to download and print the
same is sufficient to prove the electronic communication.
viii. Jagdeo Singh vs. The State and Ors. MANU/DE/0376/2015 In the recent judgment pronounced
by Hon’ble High Court of Delhi, while dealing with the admissibility of intercepted telephone call in a
CD and CDR which were without a certificate u/s 65B Evidence Act, the court observed that the
secondary electronic evidence without certificate u/s 65B Evidence Act is inadmissible and cannot be
looked into by the court for any purpose whatsoever.
ix. Sanjaysinh Ramrao Chavan vs. Dattatray Gulabrao Phalke MANU/SC/0040/ 2015 Relying
upon the judgment of Anvar P.V., while considering the admissibility of transcription of recorded
conversation in a case where the recording has been translated, the Supreme Court held that as the
voice recorder had itself not subjected to analysis, there is no point in placing reliance on the
translated version. Without source, there is no authenticity for the translation. Source and authenticity
are the two key factors for electronic evidence.
x. Som Prakash vs.State Of Delhi AIR 1974 SC 989 1974 Cri. LJ 784
In this case Supreme Court has rightly observed that “in our technological age nothing more primitive
can be conceived of than denying discoveries and nothing cruder can retard forensic efficiency than
swearing by traditional oral evidence only thereby discouraging the liberal use of scientific aids to
prove guilt.” Statutory changes are needed to develop more fully a problem solving approach to
criminal trials and to deal with heavy workload on the investigators and judges.
xi. SIL Import, USA vs. Exim Aides Exporters, Bangalore (1999) 4 SCC 567. In yet another
decision in which use of available technology has been given a real boost, the Supreme Court held
that “Technological advancement like fascimile, Internet, e-mail, etc. were in swift progress even
before the Bill for the Amendment Act was discussed by Parliament. So when Parliament
contemplated notice in writing to be given we cannot overlook the fact that Parliament was aware of
modern devices and equipment already in vogue.”
2. ADMISSIBILITY OF ELECTRONICALLY RECORDED CONVERSATION
ii. Twentieth Century Fox Film Corporation vs. NRI Film Production Associates (P) Ltd37.
Certain condition for video-recording of evidence has been laid down:
a) Before a witness is examined in terms of the Audio-Video Link, witness is to file an affidavit or an
undertaking duly verified before a notary or a judge that the person who is shown as the witness is the
same person as who is going to depose on the screen. A copy is to be made available to the other side.
b) The person who examines the witness on the screen is also supposed to file an affidavit/
undertaking before examining the witness with a copy to the other side with regard to identification.
c) The witness has to be examined during working hours of Indian Courts. Oath is to be administered
through the media. d) The witness should not plead any inconvenience on account of time difference
between India and USA.
e) Before examination of the witness, a set of plaint, written statement and other documents must be
sent to the witness so that the witness has acquaintance with the documents and an acknowledgement
is to be filed before the Court in this regard.
f) The learned judge is to record such remarks as is material regarding the demur of the witness while
on the screen.
g) The learned judge must note the objections raised during recording of witness and to decide the
same at the time of arguments.
h) After recording the evidence, the same is to be sent to the witness and his signature is to be
obtained in the presence of a Notary Public and thereafter it forms part of the record of the suit
proceedings.
i) The visual is to be recorded and the record would be at both ends. The witness also is to be alone at
the time of visual conference and notary is to certificate to this effect.
j) The learned judge may also impose such other conditions as are necessary in a given set of facts.
k) The expenses and the arrangements are to be borne by the applicant who wants this facility.
iii. Grid Corpn. Of Orissa Ltd. vs. AES Corpn. 2002 AIR (SC) 3435
In this the Supreme Court has ruled in favour of technology and it held that “When an effective
consultation can be achieved by resort to electronic media and remote conferencing it is not necessary
that the two persons required to act in consultation with each other must necessarily sit together at one
place unless it is the requirement of law or of the ruling contract between the parties.” In this case the
contention was that the two arbitrators appointed by the parties should have met in person to appoint
the third arbitrator.
iv. Dasam Vijay Rama Rao Vs. M. Sai Sri (2015) 0 Supreme (AP) 263
Examination of witnesses through internet- in order to curb unnecessary delay in proceedings for the
presence of a person abroad. Latest technology lik e skype can be used to examine a person.
i. In Jagjit Singh v State of Haryana (2006) 11 SCC 590, the speaker of the Legislative Assembly
of the State of Haryana disqualified a member for defection. When hearing the matter, the Supreme
Court considered the appreciation of digital evidence in the form of interview transcripts from the Zee
News television channel, the Aaj Tak television channel and the Haryana News of Punjab Today
television channel. The Supreme Court of India indicated the extent of the relevance of the digital
materials in Paragraph 25 of his ruling:
“The original CDs received from Zee Telefilms, the true translation into English of the transcript of
the interview conducted by the said channel and the original letter issued by Zee Telefilms and
handed over to Ashwani Kumar on his request was filed on June 23 2004. The original CDs received
from Haryana News channel along with the English translation as above and the original proceedings
of the Congress legislative party in respect of proceedings dated June 16 2004 at 11.30am in the
Committee room of Haryana Vidhan Sabha containing the signatures of three out of four independent
members were also filed.” In Paragraphs 26 and 27 the court went on to indicate that an opportunity
had been given to the parties to review the materials, which was declined. The court determined that
the electronic evidence placed on record was admissible and upheld the reliance placed by the speaker
on the recorded interview when reaching the conclusion that the voices recorded on the CD were
those of the persons taking action. The Supreme Court found no infirmity in the speaker’s reliance on
the digital evidence and the conclusions reached.
ii. Ankur Chawla vs. CBI MANU/DE/2923/ 2014 The Hon’ble High Court of Delhi, while deciding
the charges against accused in a corruption case observed that since audio and video CDs in question
are clearly inadmissible in evidence, therefore trial court has erroneously relied upon them to
conclude that a strong suspicion arises regarding petitioners criminally conspiring with co-accused to
commit the offence in question. Thus, there is no material on the basis of which, it can be reasonably
said that there is strong suspicion of the complicity of the petitioners in commission of the offence in
question.
6. ADMISSIBILITY OF INFORMATION RECORDED IN THE HARD DISC
In Dharambir vs. Central Bureau of Investigation 2008 SCC OnLine Del 336 : (2008) 102 DRJ
299 : (2008) 148 DLT 289 : ILR (2008) 2 Del 842,
The court arrived at the conclusion that when Section 65-B talks of an electronic record produced by a
computer referred to as the computer output, it would also include a hard disc in which information
was stored or was earlier stored or continues to be stored. It distinguished as there being two levels of
an electronic record. One is the hard disc which once used itself becomes an electronic record in
relation to the information regarding the changes the hard disc has been subject to and which
information is retrievable from the hard disc by using a software program. The other level of
electronic record is the active accessible information recorded in the hard disc in the form of a text
file, or sound file or a video file etc. Such information that is accessible can be converted or copied as
such to another magnetic or electronic device like a CD, pen drive etc. Even a blank hard disc which
contains no information but was once used for recording information can also be copied by producing
a cloned had or a mirror image.
ii. K. Ramajayam @ Appu v. The Inspector of Police, Maduravoyal Police Station, Chennai.
2016 0 CrLJ 1542;
Held : It is axiomatic that CCTV footage does not suffer such ills and human fragilities, and they are
indubitably superior to human testimony of facts.
iii. Kishan Tripathi @ Kishan Painter v. The State 2016 0 Supreme(Del) 780;
The Delhi High Court has discussed the law relating to admissibility of CCTV footage and
appreciation of the same. The CCTV footage is captured by the cameras and can be stored in the
computer where files are created with serial numbers, date, time and identification marks. These
identification marks/details are self generated and recorded, as a result of pre-existing software
commands. The capture of visual images on the hard disc is automatic in the sense that the video
images get stored and recorded suo-moto when the CCTV camera is on and is properly connected
with the hard disc installed in the computer. There is no need that someone must watch the CCTV
footage when it is being stored and recorded. The recording is a result of commands or instructions,
which had already been given and programmed. The original hard disc, therefore, could be the
primary and the direct evidence. Such primary or direct evidence would enjoy a unique position for
anyone who watches the said evidence would be directly viewing the primary evidence. Section 60 of
the Evidence Act states that oral evidence must be direct, i.e., with reference to the fact which can be
seen, it must be the evidence of the witness, who had seen it, with reference to the fact, which could
be heard, it must be evidence of the witness, who had heard it and if it relates to the fact, which could
be perceived by any other sense or any other manner, then it must be the evidence of the witness, who
says who had perceived it by that sense or by that manner. Read in this light, when we see the CCTV
footage, we are in the same position as that of a witness, who had seen the occurrence, though crime
had not occurred at that time when the recording was played, but earlier. When a judge watches the
CCTV footage with his own eyes as a judge gives you an insight into the real world in the past. When
the court itself watch the CCTV footage, it travels back in time to the time when the occurrence took
place and thereby has seen the occurrence in the same position as that of a witness, who would have
seen the occurrence, if he was present. There cannot be a more direct evidence. This video recording
which captures the occurrence, would be per se and mostly discerningly reliable and compellingly
conclusive evidence, unless its authenticity and genuineness is in question. Per force, we must rule out
any possibility of manipulation, fabrication or tampering. The hard-disk CCTV footage must pass the
integrity test. It is a twofold test, system integrity and record integrity. It is with this over cautious and
pensive approach, that we have to precede our consideration to CCTV footage. The Court should
accept the genuineness and authenticity of
the CCTV footage played before it, for good and sound reasons. System integrity test should be
satisfied by ocular testimonies and other independent witnesses. System while recording CCTV
footage works contemporaneously and stores data.
iv. Tomaso Bruno & another Vs State of UP 2015 1 Supreme 278; 2015 0 Supreme(SC) 48;
Supreme court held that omission to produce CC TV footage which the best evidence raises a serious
doubt about the prosecution case.
iv. R.K Anand v. Registrar, Delhi High Court 2009 (10) SCALE 164.
In the interesting case of R.K Anand v. Registrar, Delhi High Court, the original electronic materials
upon which the sting operation by a journalist was based was held not needed to have been taken in
the Court custody. In that case in a sting operation a particular conversation between two persons was
recorded. Based upon the electronic tape recorded conversation played before the Court, contempt
notices came to be issued for subverting and interfering with the course of justice in a criminal trial. In
that case the copies of the original sting recordings were called for and seen by the Court. The original
microchips and the magnetic tapes were allowed to be retained in the custody of the journalist of the
TV channel. Upon the case that was an incorrect and fatal procedure, the Supreme Court considered
the rationale behind it thus: “If the recordings on the microchips were fake from the start or if the
microchips were morphed before notice was issued to the TV channel, those would come to the Court
in that condition and in that case the question whether the microchips were genuine or fake/morphed
would be another issue. But once the High Court obtained their copies there was no possibility of any
tampering with the microchips from that stage. Moreover, the High Court might have felt that the TV
channel with its well equipped studio/laboratory would be a much better place for the handling and
conservation of such electronic articles than the High Court Registry.” Consequently, holding that all
tape recorded conversation must be sealed without considering its intrinsic source or its custody with
a party would be an exercise devoid of application of mind.
10. EVIDENCE FROM CELL PHONES, SIM CARD, CALL DATA RECORD ETC.,
As per definition of term Computers, as provided by Sec. 2(i) of the I.T. Act, mobile phones are
encompassed in the definition of a Computer. Mobile phones are been used for exchange of
information. As per Sec. 2(r) of the I. T. Act, "electronic form", with reference to information, means
any information generated, sent, received or stored in media, magnetic, optical, computer memory,
micro film, computer generated micro fiche or similar device. Thus any information shared on the
mobile phone though it may be talks, text or entry of information they are encompassed in the
purview of the I. T. Act.
i. Mohd. Arif v. State (NCT of Delhi) (2011) 13 SCC 621: (2012) 2 SCC (Cri) 766.
The Apex Court discussed the functioning of SIM card and mobile handset in order to explain how
details of calls made/received on mobile number and approximate location of a mobile user can be
ascertained on the basis of data available in computer of telecom service provider. It can be used in
determination of movement/location of a person on the basis of mobile phone possessed by him based
on the call detail records (CDR). An active mobile phone has two components i.e. the mobile
instrument and the SIM card. Every mobile instrument has a unique identification number, namely,
instrument manufactured equipment identity (for short “IMEI number”). Such SIM card could be
provided by the service providers either with cash card or post-paid card to the subscriber and once
this SIM card is activated the number is generated which is commonly known as mobile number. The
mobile service is operated through a main server computer called mobile switching centre which
handles and records each and every movement of an active mobile phone like day and time of the call,
duration of the call, calling and the called number, location of the subscriber during active call and the
unique IMEI number of the instrument used by the subscriber during an active call. This mobile
switching centre manages all this through various sub-systems or sub-stations and finally with the
help of telephone towers. These towers are actually base trans-receiver stations also known as BTS.
Such BTS covers a set of cells each of them identified by a unique cell ID. A mobile continuously
selects a cell and exchanges data and signaling traffic with the corresponding BTC. Therefore,
through a cell ID the location of the active mobile instrument can be approximated.
ii. Prashant Bharti v. State (NCT of Delhi) (2013) 9 SCC 293; (2013) 3 SCC (Cri) 920.
The complainant/prosecutrix in her first complaint dated 16-2-2007 had alleged that the appellant-
accused had called her on her phone at 8.45 p.m. and asked her to meet him at Lodhi Colony, New
Delhi. When she reached there, he drove her around in his car. He also offered her a cold drink
(Pepsi) containing a poisonous/intoxicating substance. Having consumed the cold drink, she is stated
to have felt inebriated, whereupon, he took advantage of her and started misbehaving with her, and
also touched her breasts. Insofar as the instant aspect of the matter is concerned, the presence of the
complainant/prosecutrix, as well as the appellant-accused, at the alleged place of occurrence (Lodhi
Colony, New Delhi), on the night of 15-2-2007 after 8.45 p.m., has been established to be false on the
basis of mobile phone call details of the parties concerned. The proof of the aforesaid factual matter
must be considered to be conclusive for all intents and purposes, specially, in view of the observations
made by the Supreme Court in Gajraj v. State (NCT of Delhi) [(2011) 10 SCC 675; (2012) 1 SCC
(Cri) 73] wherein it was held as under: (SCC p. 681, para 19) ..We are satisfied, that the process, by
which the appellant-accused came to be identified during the course of investigation, was legitimate
and unassailable.
iii. Societe Des Products Nestle S.A. v. Essar Industries, 2006 SCC OnLine Del 1675: (2006) 33
PTC 469.
The IMEI number of the handset, from which the appellant-accused was making calls by using a
mobile phone (SIM) registered in his name, being evidence of a conclusive nature, cannot be
overlooked on the basis of such like minor discrepancies. In fact even a serious discrepancy in oral
evidence would have had to yield to the aforesaid [authentic digital evidence which is a by-product of
machine operated electronic record having no manual interference.
ii. The Apex Court in Modi Entertainment Network and anr v. W.S.G. Cricket Pvt. Ltd.
AIR 2003 SC 1177
Held that It is a common ground that the courts in India have power to issue anti-suit injunction to a
party over whom it has personal jurisdiction, in an appropriate case. This is because courts of equity
exercise jurisdiction in persona. However, having regard to the rule of comity, this power will be
exercised sparingly because such an injunction though directed against a person, in effect causes
interference in the exercise of jurisdiction by another court.
iii. The Supreme Court in Kusum Ingots & Alloys Limited v. Union of India and Anr (2004) 6
SCC 254. To advance the proposition that even if a small part of the cause of action arises within the
territorial jurisdiction of the High Court, the same by itself may not be considered to be a
determinative factor compelling the High Court to decide the matter on merits. In appropriate cases,
the Court may refuse to exercise its discretionary jurisdiction by invoking the doctrine of forum
convenience. The tests usually applied by American Courts for the exercise of personal jurisdiction
over non-resident defendants are (a) existence of sufficient minimum contacts with the forum state (b)
claim asserted must arise out of the contact (c) exercise of jurisdiction must be reasonable and (d)
effect test.
v. National Association of Software and Service Companies vs. Ajay Sood & Others
119 (2005) DLT 596, 2005 (30) PTC 437 Del
the defendants were operating a placement agency involved in `head-hunting' and recruitment. In
order to obtain personal data which they could use for head-hunting, the defendants composed and
sent emails to third parties in NASSCOM's name. Court granted Injunction and Rs. 16 lakhs as
damages.
vii. Syed Asifuddin & Ors V State of Andhra Pradesh & another 2005 CrLJ4314 (AP)
-Employees of a Appellant mobile services company lured the customers of the above company to
alter / tamper with the special (locking) computer program / technology so that the hand-set can be
used with the competing mobile services. Held: such tampering is an offence u/s 65 of IT Act as well
as Copyright infringement u/s 63 of Copyrights Act.
Viii. Casio India Co. Limited v. Ashita Tele Systems Pvt. Limited 2003 (27) P.T.C. 265 (Del.)
(India), overruled by Banyan Tree Holding (P) Limited v. A. Murali Krishna Reddy, CS(OS)
894/2008 (High Court of Delhi, 23rd November 2009) (India). was a passing off action where the
defendant was carrying on business from Bombay. The defendant had managed to get a registration of
domain name www.casioindia.com and defendant no. 2 was the Registrar with whom the domain
name had been registered. The plaintiff, on the other hand, claimed to be a 100% subsidiary of Casio
Computer Ltd., Japan (Casio Japan), which was the registered owner of the trade mark ‘Casio’ in
India used for a large number of electronic and other products. He had registered a large number of
domain names in India like ‘CasioIndiaCompany.com’, ‘CasioIndia.org’, ‘CasioIndia.net’, etc.
Defendant No. 1 had obtained the above domain names during the time when it held a distributorship
agreement with the plaintiff. It was held by the learned single Judge after referring to the decisions in
Rediff Communication Ltd66. v. Cyber Booth and Dow Jones & Co. Inc. v. Gutnick67 that “once
access to the impugned domain name website could be had from anywhere else, the jurisdiction in
such matters cannot be confined to the territorial limits of the residence of the defendant.” According
to the learned single Judge, since a mere likelihood of deception, whereby an average person is likely
to be deceived or confused was sufficient to entertain an action for passing off, it was not at all
required to be proved that “any actual deception took place at Delhi. Accordingly, the fact that the
website of Defendant No. 1 can be accessed from Delhi is sufficient to invoke the territorial
jurisdiction of this Court.”
The acceptance was received by PRTA at Chandauli / Varanasi. The contract became complete by
receipt of such acceptance. Both these places are within the territorial jurisdiction of the High Court of
Allahabad. Therefore, a part of the cause of action has arisen in U.P. and the court has territorial
jurisdiction.
12. REVIEW
New multimedia technology and internet have become part our daily life in contemporary society and
have made life easier, quicker and cheaper. Computers are not only useful for communication and
information processing but also useful for typing, editing, drawing, copying, printing, musical
purposes, microwave, door keys, remote car driving, to use as remote control, in the form of wireless,
mobile phone and so on with ever increasing utility around human society. Such tremendous utility of
Information and Communication Technology (ICT) encouraged the terrorists and other deviants in
society to use it sometimes as their tool and sometimes as targets to fulfill their ends.
Cyber terrorism is a kind of cyber threat using new technology. It is national as well as international
challenge. Warfare is one way of cyber terrorism by which one nation attacks other nations through
information way (I-way). That may be called as net war. International terrorists attack using websites
and controlling network i.e., A1-Qaida’a websites http://www.mojahedoon.net which has link with
Osama Bin Laden, attack on Indian Parliament on 13th December, 2001 by making false gate pass
from internet, 11th September, 2001 attack on WTO and Pentagon controlling network of airway,
16th December, 2005 e-mail threat to attack Indian Parliament and US consulate are examples of
cyber terrorism in India. Internet becomes a way to engage in War. That is why cyber war or net war
may be called War in the Information Way or I-Way.
For prevention and control of cyber crime the national internet security standards must be strong and
of world standard. Especially the Government agencies must choose LAN (Local Area Network) for
internal communications and they must adopt their own secret and confidential fiber method about
their activities to fight against virus, worm, denial of service attack, attack hacking in net ways which
are possible tools and modes of cyber terrorism. Other most important techniques required preventing
and control attack by terrorists in cyberspace is regular updating of antivirus software, changing
passwords and updating of operating system.
Very important need of the day is awareness, information technology education and training among
people who use net and government agencies and even who use non-governmental computer system.
The IT Act, 2000 indirectly prohibits cyber terrorism. But in this regard we need specific and clear
law with specific definition of cyber terrorism, legal provisions with specific punishments keeping
International and jurisdictional aspects in mind in the era of Global communication convergence and
mobile technology.