IT Act (Cyber Context)

IT ACT
(CYBER CONTEXT)
(FOR PRIVATE CIRCULATION ONLY)

2019
PROGRAMME COORDINATOR
Mr. Vishal Ranaware
COURSE DESIGN AND REVIEW COMMITTEE

Ms. Vaishali Bhagwat Prof. Dr. Shashikala Gurpur
Prof. Ujjwala Sakhalkar Prof. Medha Kolhatkar
Ms. Mukta Mane Prof. Amola Darekar
Ms. Carolin Dennis
COURSE WRITER
Ms. Vaishali Bhagwat Ms. Shivanjali Bhoite
EDITOR
Ms.
Published by Symbiosis Centre for Distance Learning (SCDL), Pune

July, 2011 (Revision 02, 2014)
Copyright © 2019 Symbiosis Open Education Society

All rights reserved. No part of this book may be reproduced, transmitted or utilised in any form or by any
means, electronic or mechanical, including photocopying, recording or by any information storage or retrieval
system without written permission from the publisher.
Acknowledgement
Every attempt has been made to trace the copyright holders of materials reproduced in this book. Should any
infringement have occurred, SCDL apologises for the same and will be pleased to make necessary corrections
in future editions of this book.
PREFACE
With the rise in the use of computer and internet technology, the business as well as our personal world
acquired a whole new dimension. Communication, calculations and transactions became possible at
a click of a button and we lost patience to tolerate even a delay of a mere few seconds. However, this
technology gave rise to a whole new breed of legal issues which could not be addressed by existing
laws. As we all know technology is always ahead of law and the same was in the case of computer
and internet technology. Admissibility of electronic records, digital evidence, digital signatures and
regulation of crimes involving computers required new rules to handle and the existing laws were
insufficient.
India in the year 2000 enacted the Information Technology Act which was based on the UNCITRAL
MODEL LAW OF E-COMMERCE to give legal recognition to electronic records, promote
e-commerce and e-governance, treat electronic records at par with paper based documents and
regulate cyber crimes.
Use of Computer and Internet technology has also raised questions about international jurisdiction
and choice of law. Intellectual Property in Cyberspace is also an area which has assumed a great
significance and importance as these intangible properties are valuable corporate assets which need
to be protected from unauthorised use and disclosure.
This book makes an effort to address all these topics in a simplified manner so as to make the readers
aware of all the existing issues and related laws, rules and regulations for better understanding and to
make your experience of using the computers and internet a safe one!
Vaishali Bhagwat
Ms. Shivanjali Bhoit
iii
ABOUT THE AUTHOR
Vaishali Bhagwat is an advocate and a graduate in Computer Science with about five years experience
in the field of software development and systems analysis while working with a leading software
development company based in Pune. She is a practising civil and a cyber lawyer with an experience
of about thirteen years. Her work includes civil and cyber crime litigation at the Trial Courts and
District Courts, Pune and High Court of Judicature at Mumbai. Presently she is handling some major
cyber crime cases in Pune.
Her work also focuses on drafting and vetting of Commercial Contracts, Service Regulations,
Employment Contracts, NDA, JV Agreements, Technology Transfer Contracts, Computer Use
Policies, Software Development Contracts, etc.
Vaishali is a visiting faculty at various leading Law Colleges in Pune including the Symbiosis Law
College. She is a regular resource person at conferences and workshops organized by Mahratta
Chamber of Commerce Industries and Agriculture (MCCIA), Institute of Advanced Legal Studies
(IALS), National Institute of Bank Management (NIBM), National Insurance Academy (NIA), State
Bank of India (SBI) and Cyber Crime Cell, Pune, CDAC, etc.
She was invited to speak at the
• Round Table Conferences organized by Sakal Papers Ltd. on IT Act 2000
• As Panel Expert in the event organized by KPMG and CSI on Computer Security
• Nasscom – Technology Law Forum, Pune on IT Act 2000
• Training Program for Judicial Officers of Pune, Kolhapur and Satara Districts on Cyber Law
• Nasscom and Pune Police Cyber Safety Week – for judicial officers
She is a member of various organizations like Rotary (Vice President 09-10), British Business Group,
Cop Tech Forum (Pune Police and NASSCOM initiative), Shelter Associates to name a few.
Swapnil Bangali was kind enough to incorporate the amendments to the IT Act, 2000 which became
effective from October 27th, 2009.
Ms. Shivanjali Bhoite has completed her B.Sc., D.B.M., LL.M., C.F. & M.J. with good marks. She is
UGC NET qualiﬁed in Law. She has participated in number of seminars and conferences.
iv
CONTENTS
Unit No. TITLE Page No.

1 Introduction to Cyber Laws 1-14
1.1 What is Cyber Law
1.2 Uncitral Model Law
1.3 Information Technology Act, 2000 Object and Applicability
Summary
Keywords
Self-Assessment Questions
Answers to Check your Progress
Suggested Reading
2 E-Commerce and E-Governance 15-32
2.1 Definition
2.2 Time and Place of Formation of Electronic Contracts
2.3 Legal Recognition to Electronic Records
2.4 Legal Recognition to Digital and Electronic Signatures
2.5 What is e-Governance
Summary
Keywords
Suggested Reading
3 Certifying Authority and Controllers 33-52
3.1 Who is a Certifying Authority and Controller
3.2 License to issue Electronic Signature Certificates (ESC)
3.3 Appointment of a Controller
3.4 Functions of a Controller
3.5 Functions of a Certifying Authority
Summary
Keywords
Suggested Reading
4 Offences under IT Act, Adjudicating Officer and Cyber Appellate 53-74
Tribunal
4.1 Contraventions under the Information Technology Act, 2000
4.2 Power to Adjudicate
4.3 Cyber Appellate Tribunal
4.4 Appeal to Cyber Appellate Tribunal
Summary
Keywords
Suggested Reading
v
5 Miscellaneous Provisions of IT Act, 2000 75-92
5.1 Powers of the Police Officer under the Act
5.2 Provisions relating to Electronic Cheques and Truncated Cheques
5.3 Controller, Deputy Controller and Assistant Controllers to be
Public Servants
5.4 Offences by Companies
5.5 Power to make Rules
5.6 Amendments to Existing Laws
Summary
Keywords
Suggested Reading
6 Introduction to Cyber Crimes 93-114
6.1 Definition
6.2 Types of Cyber Crimes
6.3 Instances of Cyber Crimes where Computer is used as a Tool
6.4 Instances of Cyber Crimes where Computer is used as a Target
6.5 E-mail related Crimes
Summary
Keywords
Suggested Reading
7 Cyber Offences 115-136
7.1 Source Code Theft or Tampering with Computer Source Documents
7.2 Computer related Offences
7.3 Publishing of Information which is Obscene in Electronic Form
7.4 Power of Controller to give Directions
7.5 Protected System
7.6 Penalty for Misrepresentation and Penalty for Breach of
Confidentiality and Privacy
7.7 Offences relating to Electronic Signature Certificates
7.8 Liability of Network Service Providers
7.9 Additional Provisions
7.10 Computer related Crimes under Indian Penal Code
Summary
Keywords
Suggested Reading
vi
8 Constitutional Rights Vs. Cyber Crime 137-152
8.1 Right to Privacy and Art. 21 of the Constitution of India
8.2 Right to Privacy and Art. 19 (1) (a) and Art. 19 (2) of the
Constitution of India
8.3 Right to Privacy and Technological Invasion
8.4 Right to Privacy and Information Technology Act 2000
Summary
Keywords
Suggested Reading
9 Intellectual Property in Cyberspace 153-168
9.1 Introduction to Intellectual Property
9.2 Copyright in Cyberspace
9.3 Trademark in Cyberspace
9.4 Patent in Cyberspace
Summary
Keywords
Suggested Reading
10 Cyber Jurisprudence 169-182
10.1 Introduction to Jurisprudence
10.2 Cyber Jurisprudence
10.3 Some Landmark Cases
Summary
Keywords
Suggested Reading
11 Cyber Laws International Perspective 183-198
11.1 What is Jurisdiction
11.2 Civil Jurisdiction
11.3 Criminal Jurisdiction
Summary
Keywords
Suggested Reading
vii
12 Case Studies 199-205
12.1 Dow Jones & Company Inc vs. Gutnick Case
12.2 Groff vs. America Online, Inc. Case
12.3 Yahoo! Inc. vs. Akash Arora Case
Summary
Keywords
References 206
viii
Introduction to Cyber Laws
UNIT
1
Structure:
1.1 What is Cyber Law
1.2 Uncitral Model Law
1.3 Information Technology Act, 2000 Object and Applicability
Summary
Keywords
Suggested Reading
Introduction to Cyber Laws 1

Notes
Objectives
----------------------
After going through this unit, you will be able to:
----------------------
• Define the scope of cyber law and identify its use and nature
----------------------
• Recognize and evaluate the necessity of Cyber Laws
---------------------- • Identify and examine the framework law on e-commerce
---------------------- • Specify the object and use of the IT Act, 2000
---------------------- • State which other related laws underwent amendments and for what
purpose
----------------------
---------------------- 1.1 WHAT IS CYBER LAW

----------------------
Uses of computers and the internet are varied and almost infinite touching
---------------------- every aspect of existence of man. Business, Communication, Research, Data
Processing, Education to name a few. With an exponential rise of use of
---------------------- computers and communication technology many people from all walks of life
are discovering this virtual community. Computers are now an integral part of
----------------------
any professional, commercial and industrial activity and it would be next to
---------------------- impossible to function without relying on them. With a rise in use of internet
and computers, there is bound to be abuse, misuse of the medium and violation
---------------------- of law. The internet though admittedly is not owned by anyone in particular, and
therefore could not be governed by one universal set of rules and regulations
----------------------
but at the same time it cannot be said that use of computers and internet is not
---------------------- subject to any laws or rules and regulations. There isn’t any one law which
regulates the use of the internet but a bundle of laws that come into the picture.
----------------------
To ensure the proper and legal use of technology, it is necessary to have
---------------------- certain rules and regulations. The development of information technology
continues to give rise to novel and complex legal problems and thus new laws
---------------------- are required to be enacted and also the existing laws need to be strengthened
to keep pace with technology. The rules and regulations that govern the
----------------------
transactions carried out with the use of computers and internet and curb cyber
---------------------- crimes is called cyber law.
---------------------- Cyber law is therefore the law relating to computers, communications and
internet. It is also referred to as ICT law or Information and Communications
---------------------- Technology Law which covers Electronic Commerce, Electronic Governance,
Intellectual Property, Cyber Crimes, Telecommunications, Data Protection and
---------------------- Privacy, etc.
---------------------- The scope and ambit is very vast and covers each and every transaction
which involves the computer or the internet.
----------------------
Let us now look at each of these topics briefly to understand the scope of
---------------------- cyber laws.
2 IT Act (Cyber Context)

Electronic Commerce Notes
With the development of computer technology, people now prefer
----------------------
communicating in the electronic form as compared to paper based communication.
However, for this communication to be accepted in legal terms, it is necessary ----------------------
for it to fulfil some basic requirements or tests as to identifying the originator
and the recipient of the communication, authenticating the document created ----------------------
in the electronic form, time and place of conclusion of communication, etc.
----------------------
Thus new law/rules framed to tackle the issues that have arisen out of this new
medium of communication forms a major part of cyber law. ----------------------
e-Governance
----------------------
To facilitate exchange of information in the electronic form between
government departments inter-se and also between the government and the ----------------------
citizens, the Government of India has taken a huge initiative and the rules that
----------------------
govern this form of communication also forms an important part of Indian
Cyber Laws. ----------------------
Intellectual Property ----------------------
Intangible assets which form part of intellectual property i.e. copyright,
trademark and patents are a very integral part of the digital medium. The ease ----------------------
and convenience of use offered by the digital medium is more often misused ----------------------
for causing damage, loss and inconvenience to its owners. Thousands of lines
of source code written over several man hours form the most important and a ----------------------
crucial asset of any software development company, probably having worth
much more than the sprawling buildings that house the software company in ----------------------
a posh technology park. Protection is required to be provided against any act ----------------------
that causes unauthorized use, damage or even against any act that can lead to
misuse in the future. Databases generated by corporate entities over several ----------------------
years which are a result of compilation and collation also need protection
against any kind of misuse. Legal entities on the internet i.e. various kinds of ----------------------
websites also need protection against unauthorized copying, downloading, etc. ----------------------
and also against acts that may mislead the user and cause loss of business to the
website owners. Such and several other peculiar issues regarding intellectual ----------------------
property right infringement in cyber space have arisen over the last few years
which were required to be tackled in a different and a more unconventional ----------------------
manner. The law relating to intellectual property in cyber space is now much ----------------------
more defined.
Data Security ----------------------
Information, knowledge and data have become valuable corporate ----------------------

assets and therefore require some very strong measures to protect it against
----------------------
unauthorized use and access. Several industries offering both software and
hardware solutions have mushroomed providing data security measures. As ----------------------
India is also a very popular ‘importer’ of data where lot of big international
companies are outsourcing their work to India and sending a lot of private and ----------------------
confidential information of their customers to India, India needed a very strong
----------------------

Notes legislation ensuring that data is secure and protected against any acts of misuse
or amounting to breach of privacy and confidentiality. In addition to the data
---------------------- protection laws prevalent in the countries from which the data is imported,
Indian companies need to be compliant with the rules and regulations laid down
---------------------- under Indian Cyber Laws. Data security and legal compliances is a subject of
---------------------- international concern and form an integral part of cyber laws.
Cyber Crimes
----------------------
Any criminal act that is committed with the use of computers can be
---------------------- called as cyber crime. The definition of the word computer as per the IT Act
is - a computer means any electronic, magnetic, optical or other high speed data
----------------------
processing device or system which performs logical, arithmetic and memory
---------------------- functions by manipulations of electronic, magnetic or optical impulses,
and includes all input, output, processing, storage, computer software or
---------------------- communication facilities which are connected or related to the computer in a
computer system or computer network. This definition is wide enough to cover
----------------------
cell phones, credit cards, debit cards, etc. and thus cyber crimes also include
---------------------- crimes that involve the use or misuse of credit cards/debit cards, mobile phones,
etc.
----------------------
The new technology has given rise to new age crimes such as phishing,
---------------------- pharming, spyware and malware attacks, hacking, etc. and a new dimension
is required to be added to the existing laws in order to tackle cyber crimes.
---------------------- The ease, convenience and the speed made available by computers and internet
technology make it easy to commit a crime which can have very serious
----------------------
implications. It is infamously said that “Today to commit a bank robbery, one
---------------------- doesn’t need any sophisticated guns and expensive equipments, one only needs
a computer and an internet connection.”
----------------------
Existing laws were not enough to tackle cyber crimes and hence
---------------------- amendments were introduced so that every kind of cyber crime can be dealt
with.
----------------------
---------------------- 1.2 UNCITRAL MODEL LAW

---------------------- A revolution was occurring in the way people transacted business. Use of
computers to create, transmit and store information in the electronic form was
---------------------- gaining tremendous popularity due to the ease and convenience the medium
offered. The use of modern means of communication such as electronic mail and
----------------------
data transfer over the internet for conduct of domestic as well as international
---------------------- commercial transactions were definitely on the rise. However, growth of such
transactions was hindered as the transactions had no legal validity for want of
---------------------- appropriate legislation. Legal recognition was not given to transactions in the
electronic form due to the uniqueness of the medium. The law had a hard time
----------------------
keeping up with new technologies and for several years courts have debated
---------------------- as to that constitutes ‘writing. The unique issues in case of transactions in the
electronic form that needed to be addressed were:
----------------------

●● requirement of a writing Notes
●● requirement of a document
----------------------
●● requirement of a signature and
●● requirement of the original ----------------------
The conventional definitions of ‘writing’, ‘document’, ‘signature’ and ----------------------
‘original’ under the existing legislations were not sufficient to include the same
in the electronic form. It was thus the need of the hour to have a legislation ----------------------
which was internationally recognized to give legal recognition to electronic
commerce transactions. A decision was taken by the United Nations Commission ----------------------
on International Trade Law (UNCITRAL) to formulate model legislation on ----------------------
electronic communication as in a number of countries the existing legislation
governing electronic communication and storage of information was inadequate ----------------------
or outdated as it did not contemplate use of electronic communication.
----------------------
The purpose of UNCITRAL Model law on e-commerce is to provide
national legislation with a set of rules which are internationally acceptable that - ----------------------
●● validate and recognize contracts formed through electronic means ----------------------
●● sets default rules for contract formation
----------------------
●● defines the requirements of a valid electronic writing and an original
document ----------------------
●● provides for the acceptability of electronic signatures for legal and
----------------------
commercial purpose
●● supports the admission of digital or electronic evidence in Court. ----------------------
Thus the objectives of the Model Law were to facilitate the use of electronic ----------------------
commerce and to provide equal treatment to paper-based documentation and
electronic documents. It is intended to cover all factual situations in paperless ----------------------
transactions. The Model Law is a “Framework Law” that provides the outline
and basic structure and concepts but does not itself set forth all rules and ----------------------
regulations that may be necessary to achieve the objectives. The enacting state ----------------------
may implement the Model Law either as single statute or in several pieces of
legislation without compromising the objectives. ----------------------
The Model law adopts a “Functional equivalent approach”, i.e. it analyzes ----------------------
the purpose and functions of concepts of “writing” and “signature” and offers
an equivalent which would be applicable to electronic communication. ----------------------
For e.g. some functions served by paper based documents are the following: ----------------------
a) To provide that a document would be legible by all.
----------------------
b) To provide that documents would remain unaltered over time.
----------------------
c) To allow for the reproduction of a document so that each party could hold
a copy of the same data. ----------------------
d) To allow for the authentication of data by means of a signature, and
----------------------
e) To provide that a document would be in a form acceptable to public
authorities and court. ----------------------

Notes Some functions served by a signature are the following –
a) Identity Authentication – the signature authenticates the identity of the
----------------------
signatory.
---------------------- b) Content Authentication – the signature validates and confirms the contents
and binds the signatory with the contents.
----------------------
c) Non-Repudiation – the signature precludes the signatory from detracting.
----------------------
Thus the Model law attempts to single out these requirements/functions
---------------------- and provides for criteria to be met by electronic records to enjoy the same level
of legal recognition as corresponding paper documents and signatures.
----------------------
The United Nations Commission on International Trade Law (UNCITRAL)
---------------------- adopted the Model Law on Electronic Commerce in 1996. The General
Assembly of United Nations recommended all UN member states to give a
---------------------- favourable consideration to the said model law and India adopted the same in
---------------------- the year 2000 by enacting the Information Technology Act, 2000.
----------------------
Check your Progress 1
----------------------
Fill in the blanks.
----------------------
1. The objectives of the Model Law were to facilitate the use of electronic
---------------------- commerce and to provide_________ to paper-based documentation
---------------------- and electronic documents.
2. The Model Law is a “________” that provides the outline and basic
---------------------- structure and concepts.
---------------------- 3) The Model law adopts a “_________approach”.
----------------------
---------------------- Activity 1
----------------------
Make a list of countries that have adopted UNCITRAL model law.
----------------------
----------------------
1.3 INFORMATION TECHNOLOGY ACT, 2000 OBJECT
---------------------- AND APPLICABILITY
---------------------- Object
---------------------- New communication systems and digital technology has brought about
a revolution in the manner in which we live and transact business. Businesses
---------------------- and Consumers are increasingly using computers to create, transmit and store
information in the electronic form instead of traditional paper documents.
----------------------
Information stored in electronic form has many advantages. It is cheaper, easier
---------------------- to store, retrieve and speedier to communicate. The development and growth

of computers and internet has facilitated the growth of electronic commerce Notes
also making cross border transactions easy. Electronic commerce consists of
commercial activities conducted through an exchange of information generated, ----------------------
stored, or communicated by electronic, optical or analogous means including
EDI, e-mail, etc. It broadly connotes commercial or business activities ----------------------
conducted electronically. Although people are aware of the advantages of the ----------------------
use of computers and internet to transact business, they are hesitant to use this
technology as electronic transactions give rise to peculiar issues regarding ----------------------
admissibility of electronic records as evidence, necessity of an electronic
signature, jurisdiction and enforcement of liabilities and cannot be resolved due ----------------------
to lack of a legal framework. ----------------------
The United Nations Commission on International Trade Law
----------------------
(UNCITRAL) adopted the Model Law on Electronic Commerce in 1996. The
General Assembly of the United Nations by Resolution no. 51/162 dated 30th ----------------------
January 1997 recommended that all States should give favourable considerations
to the said Model law when they enact or revise their laws. The Model law ----------------------
provides for equal treatment of users of electronic communications and paper
----------------------
based communication.
India is a signatory to the Model Law and is under an obligation to revise ----------------------
its laws as per the said Model Law. In relation to electronic infrastructure and
----------------------
procedural norms India has followed the Singapore’s Electronic Transaction’s
Act, 1998. The Information Technology Act, 2000 is an effective combination ----------------------
of the UNCITRAL Model Law and the Singaporean Law on the point. The
combination was adopted with the intent to provide a flaw-less legislation in ----------------------
India.
----------------------
Keeping in view the urgent need to bring suitable amendments in the
existing laws to provide legal recognition for transactions carried out by means ----------------------
of electronic data interchange and other means of electronic communication,
----------------------
commonly referred to as electronic commerce, which involves the use
of alternatives to paper based methods of communication and storage of ----------------------
information, to facilitate electronic filing of documents with the government
agencies and to further amend the Indian Penal Code, The Indian Evidence Act ----------------------
1872, The Bankers Book Evidence Act 1891 and the Reserve Bank of India Act
----------------------
1934 and for matters connected therewith or incidental thereto, The Information
Technology Act 2000 was passed. ----------------------
The main object of the Information Technology Act, 2000 is to foster the ----------------------
environment in which the laws are simple and transparent and in which the
advantages of the new technology can be tapped. ----------------------
The Information Technology Act, 2000 focuses on the facilitation of : ----------------------
●● Electronic Commerce Transaction
----------------------
●● Electronic Filing
●● Maintenance of Electronic Records and ----------------------
●● Electronic Government Transactions ----------------------

Notes ●● Prevention by possible misuse arising out of electronic transactions
●● Creation of civil rights and liabilities via contraventions under the provisions
---------------------- of the Information Technology Act, 2000
---------------------- The aim of the Act has been successfully achieved by validating and authorising
the use of:
----------------------
●● Electronic Data interchange (EDI)
---------------------- ●● Electronic Records and
---------------------- ●● Electronic Signatures
In the initial stages the Information Technology Act, 2000 was providing
----------------------
for EDI, Electronic records and Digital signatures. But now with the
---------------------- advancement in the technology the modern means of Electronic Signatures has
also been authorised and incorporated with the Amendment in the Information
---------------------- Technology Act in 2008.
---------------------- The Information Technology Act, 2000 also deals with subsidiary issues
in the electronic environment such as privacy and other contraventions relating
---------------------- to electronic transactions. The Information Technology Act also deals with
---------------------- offences where information technology is either tool to commit the crime or it
is a target of a crime.
---------------------- The Information Technology Act, 2000 does not only provide the substantive
---------------------- rights and liabilities but it also provides for procedural guidelines to set up various
authorities to help and regulate an information technology regime in the country.
----------------------
The Act adopts a ‘functional equivalent’ approach whereby all characteristics
---------------------- of paper based documents have an electronic counterpart such as “writing”,
“signature” and “document”.
----------------------
The Act inter-alia deals with the following issues –
---------------------- 1. Secure electronic transactions to enable parties to enter into electronic
contracts
----------------------
2. Attribution of electronic messages i.e. once the electronic message leaves
---------------------- the information system of the Originator, it is attributed to him
---------------------- 3. Legal status to electronic record and electronic signatures
---------------------- 4. ‘Contraventions’ such as hacking, spreading of viruses, etc.
5. Offences such as tampering with source code documents, cyber pornography
----------------------
6. Right of Government bodies to decrypt information
----------------------
7. Privacy and confidentiality of information submitted to statutory authorities
---------------------- 8. Facilitates e-filing and maintenance of records in the electronic form in
---------------------- government bodies
9. Establishment of new regulatory authorities such as Controller of
---------------------- Certifying Authorities and Cyber Appellate Tribunal (CAT) instead of
---------------------- Cyber Regulatory Appellate Tribunal (CRAT) in the former Information

Technology Act, 2000. The newly Amended Information Technology Notes
Act, 2000 also seeks to set up a Cyber Regulations Advisory Committee
(CRAC) for effective regulatory infrastructure for the information ----------------------
technology regime in India.
----------------------
10. The Information Technology Act, 2000 also provides for the rights and
liabilities of the service providers. The Act provides that intermediaries ----------------------
shall not be liable for any third party information, data or communication
----------------------
link or hoisted by intermediary except in case of conspiracy or abetment
or aid or inducement in commission of unlawful act. Intermediary is also ----------------------
liable if he has the actual knowledge of the fact that any information or
data communication link is being used to commit the unlawful act if he ----------------------
fails to expeditiously remove or disable access to that material without
----------------------
vitiating the evidence in any manner.
Applicability ----------------------
It shall extend to the whole of India and, save as otherwise provided in ----------------------
this Act, it applies also to any offence or contravention thereunder committed
outside by any person. ----------------------
The nationality of the accused is irrelevant as regards the applicability of ----------------------
the Act. Provided that the act or conduct constituting the offence or contravention
involves a computer, computer system or computer network located in India. ----------------------
That means, if a foreign national has committed any act form his country which ----------------------
has affected the computer, computer system or computer network located in
India then that foreign national is liable under the Information Technology Act, ----------------------
2000 in India. This application of law beyond the territory of India is called as
extra-territorial application of law and such a law which applies in the foreign ----------------------
territory is known as “Long Arm Statute”. In short, The Information Technology ----------------------
Act, 2000 is a “Long Arm Statute”, as it reaches to the person liable under the
Act beyond the territory of India. ----------------------
It is therefore evident that the Act has extra-territorial application. ----------------------
Exclusions
----------------------
There are certain functional areas where the Information Technology Act,
2000 is not applicable. Sec. 1(4) of the Act provides that Nothing in this Act ----------------------
shall apply to documents or transactions specified in the First Schedule. The
----------------------
power to make changes in the First Schedule of the Information Technology
Act, 2000 is conferred on the Central Government. Central Government can ----------------------
make changes in the functional areas where the Information Technology Act,
2000 is not applicable. Depending upon the availability of resources the Central ----------------------
Government can make the notification in the official gazette and include or
----------------------
delete the areas where the Information Technology Act, 2000 is not applicable.
Nothing in this Act shall apply to – ----------------------
●● A Negotiable Instrument (other than a cheque) as defined in S13 of the ----------------------
Negotiable Instruments Act, 1881.
----------------------

Notes ●● A Power of Attorney as defined in Section 1-A of the Power of Attorneys
Act, 1882.
---------------------- ●● A Trust as defined under S 3 of the Indian Trusts Act, 1882.
---------------------- ●● A Will as defined under S 2(h) of the Indian Succession Act.
---------------------- ●● Any Contract for the sale or conveyance of immovable property or any
interest in such property.
---------------------- ●● Any such class of documents or transactions as may be notified by the
Central Government in the Official Gazette.
----------------------
---------------------- Check your Progress 2

----------------------
State True or False.
----------------------
1. The Model law provides for unequal treatment to users of electronic
---------------------- and paper based communication.
---------------------- 2. IT Act 2000 focuses on maintenance of electronic records.

3. Cyber Regulations Advisory Committee (CRAC) was set up under IT
----------------------
Act 2000.
---------------------- 4. IT Act, 2000 is also applicable to negotiable instruments defined in
section 13 of the Negotiable Instruments Act, 1881.
----------------------
----------------------
Activity 2
----------------------
---------------------- Observe the functioning of the Cyber Appellate Tribunal (CAT) and
report the type of cases.
----------------------
---------------------- Summary
---------------------- ●● he Information Technology Act, 2000 facilitates e-commerce, legal
T
recognition to electronic transactions, digital and electronic signatures.
----------------------
Information Technology Act, 2000 also deals with wrongs which are
---------------------- treated as contraventions and offences as well. The contraventions are
civil wrongs and remedy for which is compensation for the victim.
---------------------- Contraventions are less serious than offences. Offences are criminal
wrongs for which the remedy lies in the form of punitive action like
----------------------
imprisonment and fine. Because of the coming in to force of Information
---------------------- Technology Act, 2000 many changes, amendments were necessary in
the existing laws. Along with this new legislation, existing legislations
---------------------- such as Indian Penal Code, The Indian Evidence Act 1872, The Bankers
Book Evidence Act 1891, The Reserve Bank of India Act 1934 and the
----------------------
Negotiable Instruments Act 1881 also underwent some amendments to
---------------------- give full effect to the aforesaid objects. Due the amendments carried out

in the Indian Penal Code and The Evidence Act, the electronic record Notes
is now treated at par with a paper based document and is therefore
admissible in evidence as ‘documentary evidence’ and crimes relating to ----------------------
documents such as forging a document are also applicable to electronic
records such as forging an electronic record. The Reserve Bank of India ----------------------
Act was amended to give recognition to electronic fund transfer between ----------------------
banks and financial institutions while The Negotiable Instruments Act
was amended to give legal recognition to electronic payments. ----------------------
●● echnology is always ahead of the law. Law must keep pace with the
T ----------------------
advancement in the technology. Legislature has tried its best to make
a new law or amend the existing law to keep pace with technology to ----------------------
curb any harm against the society. The Amendment in 2008 has changed
the face of The Information Technology Act, 2000 totally. Previously, ----------------------
there were certain specific offences which were not considered in the ----------------------
application of the law. But now with the Amendment Act of 2008, the
issues like identity theft, breach of privacy have been addressed. ----------------------
●● ven though, in the initial stages The Information Technology Act, 2000
E ----------------------
was not sufficient enough to deal with every single aspect of the cyber
crimes and contraventions the Amendment in the said Act in 2008 is almost ----------------------
as good as making it a stringent and strict law. After the Amendment of
2008, the Information Technology Act also makes acts such as spamming, ----------------------
blogging, cyber stalking, phishing, identity theft as punishable. ----------------------
Keywords ----------------------
●● Authentication: A process by which the identity of a person is confirmed ----------------------

or to prove the integrity of a specific information. ----------------------
●● Computer: As per Section 2(i) of the IT Act - “computer” means any
electronic, magnetic, optical or other high speed data processing device ----------------------
or system which performs logical, arithmetic and memory functions by ----------------------
manipulations of electronic, magnetic or optical impulses, and includes all
input, output, processing, storage, computer software or communication ----------------------
facilities which are connected or related to the computer in a computer
system or computer network. ----------------------
●● A computer is basically an electronic device which can accept and store ----------------------
input data, process this data, and produce output results by interpreting and
executing programmed instructions. The basic function of the computer ----------------------
is “data processing”. This includes capturing the input data, manipulating ----------------------
the data, and managing the output results.
●● The main components on a computer system are: Input Unit, Output Unit, ----------------------
Storage Unit and Processing Unit.
----------------------
●● Computer Network: A computer network is a network of geographically
distributed multiple computers connected in a manner to enable ----------------------
meaningful transmission and exchange of information amongst them.
----------------------

Notes Sharing of information, sharing of resources and sharing of processing
load are some of the major objectives of a computer network. As per
---------------------- section 2(j) of the Information Technology Act 2000, a computer network
means the interconnection of one or more computers through the use of
---------------------- satellite, microwave, terrestrial line or other communication media; and
---------------------- terminals or a complex consisting of two or more or more interconnected
computers whether or not the interconnection is continuously maintained.
---------------------- ●● Data: As per sec 2(o) of the Information Technology Act 2000 - Data means
---------------------- representation of information, knowledge, facts, concepts or instructions
which are being processed or have been prepared or have been prepared in
---------------------- a formalized manner, and is intended to be processed, is being processed
or has been processed in a computer system or a computer network, and
---------------------- may be in any form (including computer printouts, magnetic or optical
---------------------- storage media, punched cards, punched tapes) or stored internally in the
memory of the computer.
---------------------- ●● Electronic Record: As per sec 2(t) of the Information Technology Act
---------------------- 2000, Electronic Record means data, record or data generated, image
or sound stored, received or sent in an electronic form or micro film or
---------------------- computer generated micro fiche.
---------------------- ●● Information: As per sec 2(v) of the Information Technology Act 2000,
information includes data, message, text, images, sound, voice, codes,
---------------------- computer programmers, software and databases or micro film or computer
generated micro fiche.
----------------------
●● E-mail: It means messages sent, received or forwarded in a digital form
---------------------- via a computer based communication mechanism.
●● LAN: A Local Area network which is geographically a small network of
----------------------
computers and supporting components.
----------------------
----------------------
---------------------- 1. Why is The Model Law of e-commerce called the framework law?
2. What are the primary objects of the IT Act, 2000?
---------------------- 3. Electronic record does not satisfy the conventional definition of ‘writing’
---------------------- and ‘original’. Elaborate with illustrations.
4. An electronic file stored in the floppy disk is not an original document
---------------------- under conventional legislation. True or False? Support your answer with
explanation.
----------------------
5. IT Act, 2000 was enacted to give legal recognition to e-commerce
---------------------- transactions. Discuss.
---------------------- 6. Explain in detail the nature and scope of cyber law.
7. Define computer and computer network.
---------------------- 8. Name two countries other than India that have an e-commerce legislation
---------------------- based on the UNCITRAL Model law.

Answers to Check your Progress Notes
Check your Progress 1 ----------------------

Fill in the blanks. ----------------------
1. The objectives of the Model Law were to facilitate the use of electronic ----------------------
commerce and to provide equal treatment to paper-based documentation
and electronic documents. ----------------------
2. The Model Law is a “Framework Law” that provides the outline and basic ----------------------
structure and concepts.
----------------------
3. The Model law adopts a “functional equivalent approach”,
----------------------
State True or False. ----------------------
1. False
----------------------
2. True
----------------------
3. False
4. False ----------------------
----------------------
Suggested Reading ----------------------
1. Singh, Yatindra. Cyber Laws. ----------------------

2. Narayanan, Ajit and Bennum (ed.). Law, Computer Science and Artificial ----------------------
Intelligence.
----------------------
3. Brennan, Linda and Victoria Johnson. Social, ethical and policy implication
of Information Technology. ----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------

Notes
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------

E-Commerce and E-Governance
UNIT
2
Structure:
2.1 Definition
2.2 Time and Place of Formation of Electronic Contracts
2.3 Legal Recognition to Electronic Records
2.4 Legal Recognition to Digital and Electronic Signatures
2.5 What is e-Governance
Summary
Keywords
Suggested Reading
E-Commerce and E-Governance 15

Notes
Objectives
----------------------
----------------------
• Explain the scope and applicable laws for e-commerce and e-governance
---------------------- transactions
---------------------- • Define EDI e-commerce online contracts and e-governance
• Specify the various types of electronic contracts and their peculiarities
----------------------
• Recognize and evaluate the necessity of provisions relating to
---------------------- ecommerce in IT Act, 2000
---------------------- • Examine and analyze the law on e-commerce
---------------------- • Describe the working and use of digital signatures.
----------------------
2.1 DEFINITION
----------------------
The term ‘Electronic Commerce’ is generally used in relation with internet
----------------------
based commercial activities or commercial communications. For e.g. – Websites
---------------------- on which one can book movie tickets or do railway or airline reservation,
buy clothes, laptops, cell phones, etc. from auction sites and so on. However,
---------------------- the term is not limited to that but also includes electronic communication or
exchange of electronic data between commercial entities. The commercial data
----------------------
that is exchanged can be data relating to business such as stocks, financial data,
---------------------- customer information, etc. Such communications known as Electronic Data
Interchange or EDI has been in practice for more than 30 years.
----------------------
Electronic commerce eliminates or reduces paper work and is a fast,
---------------------- inexpensive and safe method to communicate and conclude transactions.
Electronic commerce is now a very popular and a convenient method
----------------------
of transacting business. It is popular is Business to Business commercial
---------------------- transactions (B2B Commerce) and also Business to Consumer commercial
transactions (B2C Commerce).
----------------------
Electronic Data Interchange (EDI)
---------------------- Definition
---------------------- For a successful and effective business, quick, easy and cost effective
method of exchange of information both within and outside the organization
---------------------- is very important and crucial. This information or documents can be Purchase
---------------------- Orders, Spreadsheets and other office documents, Engineering Drawings,
etc; that might be exchanged between business partners. This exchange is
---------------------- cumbersome if it is on paper. If this exchange is done electronically, this process
is called EDI or Electronic Data Interchange.
----------------------
Electronic communication between commercial entities over closed
---------------------- network is known as ‘EDI’ or Electronic Data Interchange. The parties agree on

a standard document format and the data is transferred between the entities only Notes
in that format. Basic idea behind standardization is to make implementation of
EDI easy and effective. ----------------------
Benefits of EDI include reduced paperwork, fewer errors, faster response ----------------------
and faster decision making.
----------------------
Some Industry use of EDI
1. Automobile manufacturers use EDI to transmit large complex engineering ----------------------
drawings.
----------------------
2. Multinational firms use EDI to communicate between locations.
----------------------
3. When EDI is used to transmit financial information and payment is in
electronic form, it is also known as EFT or Electronic Fund Transfer. ----------------------
EDI Standards ----------------------
Widespread implementation of EDI can be done only when a widely
----------------------
acceptable data and communications format is developed. Such formats are
called standards. A number of bodies exist to develop standard formats for EDI ----------------------
1. The Electronic Data Interchange Association (EDIA) is one such non-
----------------------
profit organization which has developed UCS - Uniform Commercial
Standard widely used in grocery and retail trade. ----------------------
2. ANSI X 12 has published standard for commercial documents such as ----------------------
invoice, purchaser orders, order acceptance, etc.
3. EDIFACT (EDI for Administration, Commerce and Trade) developed a ----------------------
common data dictionary and syntax rules which are building blocks that ----------------------
can be used by various standards.
e-Commerce ----------------------
Definition ----------------------
As opposed to EDI which is Electronic Data exchange or interchange ----------------------
over closed networks like file the virtual private networks (VPNs), people
increasingly are using the internet which is an open network for commercial ----------------------
transactions. Commercial transactions over the internet can be broadly
----------------------
classified as business to business (B2B) or business to consumer (B2C). Such
commercial transactions over the internet can be in respect of tangible products ----------------------
to be delivered offline, such as books, DVDs etc. or intangibles such as data or
information which can be delivered online or offline. Thus electronic commerce ----------------------
is a very wide term which includes in its scope all commercial transactions done
----------------------
wholly or partially over closed or open electronic networks.
However, a new medium always comes with some new challenges and ----------------------
the existing legislations were not enough to give legal validity for EDI and
----------------------
other e-commerce transactions. One of the objects of the IT Act 2000 was
to give legal recognition for transactions carried out by means of electronic ----------------------
communication which involve the use of alternatives to paper based methods of
communication and storage of information. ----------------------

Notes 2.2 TIME AND PLACE OF FORMATION OF ELECTRONIC
----------------------
CONTRACTS
---------------------- In order to understand law relating to electronic commerce transactions,

we first need to know the various types of electronic contracts that exist due to
---------------------- this new mode of communication i.e. the internet. Though electronic contracts
or online contracts are still contracts and thus all rules of the contract law will
---------------------- apply; with the electronic means of communication new challenges have arisen
---------------------- which need to be handled in a different manner.
The basic principles of contract formation are the same online as offline.
----------------------
A valid contract requires the following essential elements:
---------------------- a. The parties must be legally capable of entering into a contract.
---------------------- b. There must be an offer by one of the parties.
---------------------- c. The acceptance of the offer must be communicated by the other party.
d. Conditions such as payment of money must flow between the parties and
----------------------
e. The parties must intend to be legally bound.
----------------------
The parties must also be aware of the terms of the contract they are
---------------------- entering into. Further a contract is formed when and where acceptance takes
place.
----------------------
Thus even when offer and acceptance is communicated electronically, it
---------------------- will amount to a valid contract without a need to amend the existing Contract
Act.
----------------------
The Act recognizes three parties in connection with an electronic record.
---------------------- The Originator is the person who sends, generates, stores or transmits the
---------------------- electronic message or causes it to be sent, generated or stored or transmitted to
any other person.
---------------------- The Addressee is the person who is intended to by the originator to receive
---------------------- the electronic message.
The “intermediary”, with respect to any particular electronic records,
---------------------- means any person who on behalf of another person receives, stores or transmits
---------------------- that record or provides any service with respect to that record and includes
telecom service providers, network service providers, internet service providers,
---------------------- web hosting service providers, search engines, online payment sites, online-
auction sites, online-market places and cyber cafes.
----------------------
In a contract, the time of contract formation or the time at which the
---------------------- offer is accepted is important as it decides the priority of claims. The place of
contract is equally important i.e. the place where acceptance takes place as it
----------------------
decides the law applicable and jurisdiction of courts in case of disputes.
---------------------- In a contract formed online, the mode of formation of the contract i.e. the
method of communicating the offer and the acceptance is different from the
----------------------
offline contract and therefore this aspect needs to be addressed a little differently.
The rules regarding formation of contact can be broadly grouped into two Notes
categories:
----------------------
a. Mailbox rule or postal rule which is applicable when the means of
communication is non-instantaneous like post which state the contract is ----------------------
concluded or comes into effect when the acceptance is ‘posted’.
----------------------
b. Receipt rule which is applicable when communications are instantaneous
like telephone, telex or fax. It lays down that a contract is complete when ----------------------
the acceptance is received by the offeror.
----------------------
In the electronic context, two situations need to be considered:
1. E-mail Contracts ----------------------
2. Click Wrap Contracts ----------------------

1. E-mail Contracts: The nature of e-mail technology means that there is ----------------------
inevitably some delay between the sending of the e-mail and its arrival
at the recipients’ mail server. Further it is received by the recipient only ----------------------
when he/she decides to check their e-mail. Thus in communication via
e-mail, the ISP is the independent third party hosting the recipient’s ----------------------
mailbox. Whereas in an offline communication, postal authority is the ----------------------
independent third party. Thus safely a parallel can be drawn in these two
methods of communications and it can be inferred that communication by ----------------------
e-mail falls under the category of non-instantaneous communication and
therefore the postal rule applies. ----------------------
Section 13 of The IT Act, 2000 defines the time of dispatch of an ----------------------

electronic record or message as the time when the data message enters an
----------------------
information system (either designated or not) outside the control of the
Originator, which may either be information system of an intermediary ----------------------
or an information system of an Addressee. That means when the e-mail
is sent by the Originator and it is out of his control, i.e. it enters an ----------------------
information system the dispatch is complete.
----------------------
Thus in case of e-mail communications by applicability of the postal rule
as laid down in section 13, time of acceptance is the time the electronic ----------------------
message was sent by the acceptor to its ISP and received by the ISP’s
----------------------
network because that is the time the acceptance enters a computer resource
outside its control. ----------------------
An alternative as provided in IT Act 2000 is to allow the contracting ----------------------
parties to agree in advance when and where the communication will take
legal effect. ----------------------
2. Click Wrap Contracts: This is a form of an online contract where the ----------------------
user or the customer via a website clicks or selects a button or an option
lock to place an order. Generally, these buttons on the website are named ----------------------
as “I agree” “I Accept” or “Confirm”. Such contracts are called click
wrap contracts. This is an automatic process controlled by the website ----------------------
----------------------

Notes software. Hence the contract is formed or concluded the moment button
or option is chosen or selected or ‘clicked on’ by the user. This mode of
---------------------- communication can be compared to communications over the telephone
or face to face communication which is instantaneous. In such cases, the
----------------------
receipt rule shall apply to conclude the contract. As there is a direct online
---------------------- communication link between the contracting parties, for e.g. via websites,
time of the contract i.e. when the user clicks on the button and the same is
---------------------- recorded by the website.
---------------------- Section 13 (2) of the IT Act 2000 embodies the receipt rule applicable to
instantaneous communications as discussed above. Sec 13 (2) inter-alia
----------------------
provides that -
---------------------- 1. The time of receipt of an electronic record is the time when record
---------------------- enters the designated computer resource (if the addressee has a
designated computer resource);
----------------------
2. If the electronic record is sent to a computer resource of the addressee
---------------------- that is not the designated computer resource, receipt occurs at the
time when electronic record is retrieved by the addressee;
----------------------
3. If the addressee has not designated computer resource along with
---------------------- specified timings, if any, receipt occurs when the electronic record
enters the computer resource of the addressee.
----------------------
In case reported in 2008 (3) Mhlj 407 Quadricon Pvt. Ltd. Vs Shri Bajrang
---------------------- Alloys Ltd., it has been held that Contract Act S7 and S 2(h) – Binding contract –
---------------------- Communication by fax – contract would be completed only when the acceptance
is received by the offeror. The said case referred to the decision reported in AIR
---------------------- 1966 SC 543 between Bhagwandas vs. Girdharlal and Co. The supreme court
held: “The contract becomes complete as soon as the acceptance is made by the
----------------------
acceptor and unless otherwise agreed expressly or by necessary implication by
---------------------- the adoption of a special method of intimation, when the acceptance of offer
is intimated to the offeror.” The Supreme Court further held: “Acceptance
---------------------- and intimation of acceptance of offer are, therefore, both necessary to result
---------------------- in a binding contract.” The Supreme Court however held that on this rule is
engrafted an exception based on grounds of convenience. Where the parties are
---------------------- not in the presence of each other, and the offeror has not prescribed a mode of
communication of acceptance, insistence upon communication of acceptance
----------------------
of the offer by the offeree would be found to be inconvenient, when the contract
---------------------- is made by letters sent by post. Thus when by agreement, course of conduct,
or usage of trade, acceptance by post or telegram is authorized, the bargain is
---------------------- struck and the contract is complete when the acceptance is put into a course of
---------------------- transmission by the offeree by posting a letter or dispatching a telegram. The
Supreme Court however held that in case of contracts made by conversation
---------------------- on telephone, the ordinary view applied. In England, the Court of Appeal has
decided in Entores Ltd. vs. Miles Far East Corporation, (19550 2 QB 327) that
----------------------

“* * * where a contract is made by instantaneous communication, e.g. by the Notes
telephone, the contract is complete only when the acceptance is received by the
offeror, since generally an acceptance must be notified to the offeror to make a ----------------------
binding contract.”
----------------------
In Entores Ltd. case, the Plaintiff made an offer from London by Telex to
the agents in Holland of the Defendant Corporation, whose headquarters were ----------------------
in New York, for the purchase of certain goods, and the offer was accepted by ----------------------
a communication received on the Plaintiff’s Telex machine in London. On all
allegations that breach of contract was committed by the Defendant Corporation, ----------------------
the Plaintiff sought leave to serve notice of a writ on the Defendant Corporation in
----------------------
New York claiming damages for breach of contract. The Defendant Corporation
contended that the contract was made in Holland. Denning, L.J., who delivered ----------------------
the principal judgment of the Court observed at p. 332:
----------------------
“When a contract is made by post, it is clear law throughout the common
law countries that the acceptance is complete as soon as the letter is put into ----------------------
the post box, and that is the place where the contract is made. But there is no
----------------------
clear rule about contracts made by telephone or by Telex. Communications by
these means are virtually instantaneous and stand on a different footing”, and ----------------------
after examining the negotiations made in a contract arrived at by telephonic
conversation, in different stages, Denning, L.J. observed that in the case of ----------------------
a telephonic conversation, the contract is only complete when the answer ----------------------
accepting the offer was made and that the same rule applies in the case of a
contract by communication by Telex. He recorded his conclusion as follows: ----------------------
“that the rule about instantaneous communications between the parties is
----------------------
different from the rule about the post. The contract is only complete when the
acceptance is received by the offeror; and the contract is made at the place ----------------------
where the acceptance is received.”
----------------------
Place of Contract and Jurisdiction of Court
----------------------
Under the traditional rules of contract in real world, the place where
a contract is concluded is the place where the letter of acceptance is posted ----------------------
(where the postal rule is applicable) and in the case of instantaneous contracts
it is where the offeror receives the acceptance. ----------------------
In case of electronic communications or a website where it can be ----------------------

accessed from anywhere in the world, the question arises as to which law and
----------------------
which jurisdiction becomes applicable. The place of contract is thus a very
vital ingredient of any contract. The IT Act, 2000 proposes that the place of ----------------------
the dispatch and the place of receipt is the place where the originator and the
acceptor have their respective places of business. This means that irrespective ----------------------
of the place from where the electronic record is sent or received, the place of ----------------------
contract would be either a place where business of the offeror or the acceptor is
depending on the type of e-contract. ----------------------
----------------------

Notes
----------------------
---------------------- State True or False.

1. Legal capacity of the parties is not an essential element for entering
----------------------
into an e-contract.
---------------------- 2. Legal consideration is an essential element of a valid e-contract.
---------------------- 3. Originator is the person who accepts the offer via electronic message.
---------------------- 4. Place of contract is not essential to decide the jurisdiction of courts.
----------------------
---------------------- Activity 1
----------------------
Analyze the case of Quadricon Pvt. Ltd. Vs Shri Bajrang Alloys Ltd and
---------------------- make a comparative study of the UK and Indian contract law.
----------------------
2.3 LEGAL RECOGNITION TO ELECTRONIC RECORDS
----------------------
Certain types of contracts require particular formalities to be observed
---------------------- if they are to be enforceable. The most common of these is that the contract
---------------------- must be made in writing and that it must be signed. E.g. a) Loan Agreement, b)
Contract of guarantee, etc.
----------------------
The question then arises whether a document in the electronic form or
---------------------- the electronic record complies with this formality of writing and what is the
electronic equivalent of a signature.
----------------------
Electronic record is defined u/s 2(t) of the IT Act, 2000 as “data, record or
---------------------- data generated image or sound stored, received or sent in an electronic form or
micro film or computer guaranteed micro fiche.”
----------------------
Electronic form with reference to information means any information
---------------------- generated, sent, recovered or stored in media, magnetic, optical, computer
memory, micro film, computer generated micro fiche or similar device as per
---------------------- S2(r) of the IT Act, 2000.
---------------------- One of the objects of the IT Act, 2000 was to enable the conclusion
of contracts and the creation of rights and obligations through the electronic
---------------------- medium. In order to achieve this, it was necessary to bring the electronic record
---------------------- at par with paper based documents and also identify an electronic method of
authenticating or signing the electronic record.
---------------------- The IT Act 2000 has conferred legal recognition to e-commerce by
---------------------- including Section 4 and Section 6 in the Said Act.
Section 6 provides for use of electronic records, digital as well as electronic
---------------------- signatures in Government and its agencies thus ushering in the era of e-governance.

Sec. 2(1)(ta) of The Information Technology Act, 2000 provides that Electronic Notes
Signature means authentication of any electronic record by a subscriber by means
of the electronic technique and includes the digital signature. ----------------------
----------------------
----------------------
Multiple Choice Single Response. ----------------------
1. Electronic record is defined under section ______ of the IT Act 2000. ----------------------
i. 2(a)
----------------------
ii. 2(f)
----------------------
iii. 2(t)
2. Electronic form with reference to information means any information ----------------------
generated, sent, recovered or stored in media, magnetic, optical,
----------------------
computer memory, microfilm, computer generated microfiche or
similar device as per Section _____ of the IT Act, 2000. ----------------------
i. 2 (e) ----------------------
ii. 2 (r)
----------------------
iii. 2 (g)
----------------------
----------------------
2.4 LEGAL RECOGNITION TO DIGITAL AND
ELECTRONIC SIGNATURES ----------------------
S3 and S5 of the IT Act, 2000 has given legal recognition to digital ----------------------
or electronic signatures as a legally acceptable method of authentication of
----------------------
‘signing’ electronic records. Wherever law requires any document to be signed,
this formality stands complied with if a digital signature is affixed to a document ----------------------
in the electronic form. Digital or electronic signatures are therefore treated at
par with the requirement of ‘signature’ on a paper based document. This digital ----------------------
or electronic signature performs the three vital functions of a handwritten ----------------------
signature i.e. it provides evidence of three themes:
----------------------
a. Identity of the signatory,
b. Intention to sign, and ----------------------
c. Intention to adopt the content of the document. ----------------------

What is Electronic Signature? ----------------------
As per Section 2(1)(ta) Electronic Signature means authentication of
----------------------
any electronic record by a subscriber by means of the electronic technique and
includes digital signature. ----------------------
----------------------

Notes What is a Digital Signature
Digital signature is the method of authentication of the electronic record
----------------------
by the use of asymmetric crypto system and hash function which envelops and
---------------------- transforms the initial electronic record into another electronic record.
What is Cryptography?
----------------------
Cryptography is the science of using mathematics to encrypt and decrypt
---------------------- data. Cryptography enables you to store sensitive information or transmit it
across insecure networks, so it cannot be read by anyone except the intended
----------------------
recipient.
---------------------- Cryptographic algorithm or cipher is a mathematical function used in
---------------------- the encryption and decryption process. The mathematical function works in
combination with a key to encrypt the plain text into cipher text. The security
---------------------- of the encrypted text is based on the strength of a cryptographic algorithm and
secrecy of the key.
----------------------
What is Encryption?
---------------------- Encryption is based on the science of cryptography. The process of
---------------------- encoding data to prevent unauthorized access. The use of coded messages
(sometimes called cipher text) dates back to the Roman Empire and simple
---------------------- substitution ciphers used by Julius Caesar.
---------------------- Modern cryptography, however, uses computers to turn plain text into
encrypted data, or cipher text. Most modern computer encryption systems fail
---------------------- into two categories - symmetric key encryption and public key encryption.
---------------------- Symmetric Cryptography or Symmetric Key Encryption
Each computer has the same secret code (or private key) that can be used
----------------------
to encrypt and decrypt data that is sent between them. This requires installation
---------------------- of a private key on both computers. Unfortunately, it also means that if the
private key is intercepted or disclosed, anyone can decipher the data.
----------------------
Asymmetric Cryptography or Public Key Encryption
---------------------- This type of encryption uses a combination of a private key and a public
---------------------- key. The private key is known only to your computer. The public key is given
out to other computers with which your computer wishes to communicate.
---------------------- Importantly, these two keys are mathematically related, so that the private key
can unlock data that has been encrypted using the public key, and the public key
---------------------- can unlock certain aspects of data encrypted by the corresponding private key.
---------------------- Definition of a key - A key is a value that works with a cryptographic
algorithm to produce a specific cipher text. Keys are basically really big numbers
----------------------
measured in bits. The bigger the key, the more secure the cipher text. The public
---------------------- and the private keys are mathematically related. However, it is very difficult to
derive the private key if one is given the public key though not impossible.
----------------------
As per Sec 2(x) of the Information Technology Act, a key pair in an
---------------------- asymmetric cryptosystem means a private key and its mathematically related

public key, which are so related that the public key can verify a digital signature Notes
created by the private key.
----------------------
Hash Function
A one way hash function takes variable length input and produces a fixed ----------------------
length output. The hash function ensures that if the information is changed in
----------------------
any way, even by just one bit, an entirely different output value is produced. A
peculiarity of a one-way hash function is that it is computationally infeasible ----------------------
to find two input messages that will yield the same hash output and that it is
computationally infeasible to reconstruct the original message from its hash ----------------------
output.
----------------------
Digital Signature Creation
----------------------
Steps:
1. The signer first creates the message that he wants to sign. Then he uses a ----------------------
hash function to compute the hash result or the message digest. ----------------------
2. Then he uses his private key to encrypt the hash result or message digest
which results in the digital signature. ----------------------
3. Then the signer sends the original message along with the digitally signed ----------------------
message to the receiver.
----------------------
(Note that this Digital Signature will be different for each message.)
----------------------
Digital Signature Verification
Steps - On receiving the message ----------------------
1. The receiver uses the sender’s public keys to decrypt the signature ----------------------
changing it back to the hash result or message digest.
----------------------
2. The receiver computes the hash result from the original message using the
same hash function as used by the sender. ----------------------
3. Then he compares the message digest computed by him to the decrypted ----------------------
hash.
----------------------
If it is the same, it means that the identity of the sender is authenticated
and also that the message was unaltered in transit. ----------------------
Section 3 of the Information Technology Act, 2000 provides for ----------------------
authentication of electronic records by affixing a digital signature and the
authentication shall be effected by the use of an asymmetric crypto system and ----------------------
hash function which envelops and transforms the initial electronic record into
another electronic record. ----------------------
The three major objectives of a signature are - ----------------------

a. Identity Authentication - Two parties entering into a communication or ----------------------
a contract must identify each other. The signature binds the identity of the
signer to his signature. ----------------------
----------------------

Notes b. Content Authentication - Similarly, the signer also binds himself to the
contents on which he has placed his signature.
----------------------
c. Non Repudiation - And lastly by placing a signature a person cannot
---------------------- repudiate or revoke his act of signing, which means the act of identifying
himself and of authenticating the contents.
----------------------
These objectives are achieved by the digital signature which uses the public
---------------------- key encryption system along with hash function for attaining the aforesaid three
objectives. In addition to the three objectives, the digital signature also assures
---------------------- data integrity.
----------------------
----------------------
---------------------- Fill in the blanks.

---------------------- 1. Digital or electronic signatures are treated at par with the requirement
of ‘____’ on a paper-based document.
----------------------
2. Digital signature is the method of ______of the electronic record by
---------------------- the use of asymmetric crypto system and ______, which envelops and
transforms the initial electronic record into another electronic record.
----------------------
3. Most modern computer encryption systems fail into two categories -
---------------------- ______ key encryption and _____ key encryption.
----------------------
---------------------- 2.5 WHAT IS E-GOVERNANCE

---------------------- Governance refers to the exercise of political, economic and
administrative authority in the management of a country’s affairs, including
---------------------- citizen’s articulation of their legal rights and obligations. E-governance may be
---------------------- understood as the performance of this governance via the electronic medium in
order to facilitate an efficient, speedy and transparent process of disseminating
---------------------- information to the public and other agencies and for performing government
administration activities. E-governance is generally considered as a wider
---------------------- concept than e-government, since it can bring about a change in the way how
---------------------- citizen relates to governments and to each other. E-governance can bring forth
new concepts, both in terms of citizen needs and responsibilities. Its objectives
---------------------- are to engage, enable and empower the citizen.
---------------------- The purpose of implementing e-governance is to enhance good governance.

Good governance is generally characterized by participation, transparency
---------------------- and accountability. The recent advances in communication technologies and
the internet provides opportunities to transform the relationship between
---------------------- government and citizens in a new way, thus contributing to the achievement
---------------------- of good governance goals. The use of information technology can increase
the broad involvement of citizens in the process of governance at all levels
---------------------- by providing the possibility of online discussion groups and by enhancing the

rapid development and effectiveness of pressure group. E-governance will Notes
also enable the government to provide better services in terms of time, making
governance more efficient and more effective. ----------------------
E-governance will also help in cutting costs by replacing excess manpower, ----------------------
among other things. Because of growing awareness, people’s expectations
have also increased and comparisons with private sectors and developed ----------------------
countries are inevitable. The government must therefore be seen performing
----------------------
and IT is certainly among the better tools for this purpose. Only this can lead to
competitiveness to innovation and that is essential for reforms. E-governance ----------------------
has two dimensions. The first is the application of information technology for
the improvement of administrative application of governance to the emerging ----------------------
cyber society.
----------------------
The short role of ‘e’ is very small or like a catalyst in e-governance policy
and governance has a prime importance. ----------------------
The essence of e-governance is the communication between the ----------------------
‘governing’ and the ‘governed’ and the test of ‘good governance’ is a society.
----------------------
The system of e-governance is supported by five major pillars, they are:
1. Computers ----------------------
2. Connectivity ----------------------
3. Content ----------------------
4. Consumers
----------------------
5. Confidence building
----------------------
However, we need to overcome the resistance to e-governance, such as
cultural resistance, which are - ----------------------
1. The government culture of secrecy, which is deep rooted in the government ----------------------
body.
----------------------
2. Corruption.
3. The strictly observed hierarchy in organization as the younger and junior ----------------------
staff has better knowledge of technology.
----------------------
4. Lack of imagination.
----------------------
e-Governance in Maharashtra
With the commissioning of its dedicated communications network that ----------------------
covers the entire state, Maharashtra has taken one more step in the direction of ----------------------
total e-governance. The network has enabled government departments to use
e-mail and is estimated to save around Rs. 150 crore over the next five years ----------------------
against its instalment cost of Rs. 27 crore.
----------------------
In the aftermath of a natural calamity, for example, floods and earthquakes,
the first hurdle faced by the government is lack of information as the tools of ----------------------
communications like telephone lines get affected. This delays the organization
of rescue and relief work. So online connectivity achieved by Maharashtra ----------------------

Notes through its state-of-the-art dedicated communications network would effectively
overcome this problem.
----------------------
Besides, it will now be possible for government departments to remain in
---------------------- contact electronically, reducing the dependence on personnel movement and
storing documents for a long time.
----------------------
Maharashtra is one of the most progressive states in India, in terms of
---------------------- commercialization of the economy. The state is famous for Industrial sector and
Mumbai, its capital is known as the financial capital of India. Maharashtra is also
---------------------- famous for its rich cultural heritage. NIC in Maharashtra was established at New
Administrative Building, Mumbai in June 1988 as part of nationwide computer
----------------------
and communication network, NICNET. Memorandum of Understanding was
---------------------- signed with Government of Maharashtra in June 1988 to provide computer and
communication services to State Government. Ever since, NIC has been in the
---------------------- forefront of e-governance initiatives in central and state government departments
in Maharashtra up to the district and tehsil level. NIC district centres are located
----------------------
in 35 districts of Maharashtra in the Collector’s office. NIC works as Total
---------------------- Solution Provider for IT projects to the department of the State Government in
close co-ordination with state IT department for providing overall internet and
---------------------- communication services through NICNET.
---------------------- Some examples of implementation of Internet and Communications
Technology in Government Departments.
----------------------
●● Chief Minister’s Office (CMIS)
---------------------- CM Information System consists of file information system, registry
information system, VIP letter information and CM relief fund monitoring
----------------------
system.
---------------------- ●● Food and Civil Supplies
---------------------- MAHAFOOD: Web based food grains allotment and lifting information
system for the department of civil supplies and its 35 district offices.
----------------------
RISFAD: A client server based reconciliation information system for the
---------------------- office of financial advisor of food and civil supplies department.
---------------------- ●● General Administration

IASPIS: A web based application for establishment and personnel matters
---------------------- for the IAS cadre officers of Maharashtra implemented in Secretarial
---------------------- LAN. IAS civil list is prepared using this package.
HAS: Web based House Allotment System for allotment of Govt. quarters
---------------------- to Maharashtra Government employees.
---------------------- ●● Law and Judiciary
---------------------- CCAS: A client server system for cases automation system for the office
of chief presenting officer at Maharashtra State Tribunal.
----------------------
ACES: Web based application for Adjourned Cases Enquiry for the office
---------------------- of chief presenting officer at Maharashtra State Tribunal.

NIS: A client server based system developed for Notary for issue and Notes
renewal of licenses.
KIS: This software is used to generate daily board to deliver information ----------------------
of case listed for various courtrooms in the office of Motor Accident
----------------------
Claims Tribunal, Mumbai.
●● Finance ----------------------
Budget: Preparation of State budget and hosting on website (http:// ----------------------
finance.mah.nic.in).
TIS: Treasury Information System is implemented in all treasury offices ----------------------
in the state:
----------------------
●● Employment
Web based registration is being implemented in the employment offices ----------------------
across the state.
----------------------
●● Rural Development
Rural soft: Web based information system for monitoring schemes run ----------------------
by DRDA in Maharashtra. ----------------------
The Information Technology Act, 2000 with its objective to facilitate
electronic filing of documents with the government agencies has enacted several ----------------------
provisions to facilitate and give legal recognition to e-governance. ----------------------
By the virtue of the Act, where the law requires any information to be in
writing or printed, such requirement of writing or printing will be satisfied if the ----------------------
information is made available in the electronic form and is accessible at a later
----------------------
stage in such form.
Where any law provides for the filing of forms, applications or other ----------------------
documents with the body of the government or the issue or grant of any license,
----------------------
sanction or approval or the receipt of payment of money in a particular manner,
any such requirement shall be satisfied if effected by means of such electronic ----------------------
form as may be prescribed by the government.
----------------------
Also, when it is provided by law that any documents, records or information
are to be retained for a specific period, then, that requirement shall be deemed ----------------------
to have been satisfied if they are retained in the electronic form, subject to the
requirements that a) the information remains accessible so as to be usable for ----------------------
a subsequent reference; b) the electronic record is retained in the format in
----------------------
which it was originally generated, sent or received or in a format which can be
demonstrated to represent accurately the information originally generated, sent ----------------------
or received; c) the details which will facilitate the identification of the origin,
destination, date and time of dispatch or receipt of such electronic record are ----------------------
available in the electronic record.
----------------------
Further, the law also provides for the Electronic Gazette which is
equivalent to the already existing Official Gazette. ----------------------
However, the Act does not confer any right on anybody to insist that the ----------------------
government should accept, issue, create, retain and preserve any document in
the electronic form or effect any monetary transaction in the electronic form. ----------------------

Notes
----------------------

1. The short role of ‘__’ is very small or like a catalyst in e-governance
----------------------
policy and governance has a prime importance.
---------------------- 2. The system of e-governance is supported by _______ major pillars.
---------------------- 3. _______ is web-based food grains allotment and lifting information
system for the department of civil supplies and its 35 district offices.
----------------------
4. _______ is the software used to generate daily board to deliver
---------------------- information of case listed for various courtrooms in the office of
Motor Accident Claims Tribunal, Mumbai.
----------------------
----------------------
Activity 2
----------------------
---------------------- Make a survey of development in rural areas of Maharashtra due to

e-governance.
----------------------
---------------------- Summary
---------------------- ●● With the enactment of the IT Act, 2000 some of the fundamental issues
that had arisen because of the wide use of electronic communications
----------------------
commercially and otherwise are solved. As per the IT Act, 2000 an
---------------------- electronic record is treated at par with a written document while digital
signatures are the legally acceptable equivalents of a physical signature.
----------------------
●● The underlying principles of contract formation have not changed. The
---------------------- only change that has taken place is the medium of communication. The
electronic medium of communication thus needed a different treatment
---------------------- than the ordinary mode of communication to identify the time and place of
contract. These two ingredients are crucial in a contract formation as they
----------------------
define reciprocating rights and liabilities. Further, the place of contract
---------------------- is equally important as it decides the applicable law and jurisdiction of
courts. To tackle these issues, rules relating to time and place of formation
---------------------- of electronic contracts were inserted in the IT Act, 2000. The Contract
Act did not require any amendment as the basic contracting principles
----------------------
remained unchanged.
---------------------- ●● A new era of e-governance has been ushered in due to the IT Act, 2000
that will ensure transparency, accountability and speedier processing
----------------------
not only between intra governmental departments but also in respect of
---------------------- transaction of the public with the government.
----------------------

Keywords Notes
----------------------
●● Asymmetric Crypto System: A system of a secure key pair consisting of a
private key for creating a digital signature and a public key to verify a digital ----------------------
signature.
●● Authentication: A process used to confirm the identity of a person or ----------------------
to prove the integrity of specific information. Message authentication ----------------------
involves determining its source and verifying that it has not been modified
in transit. ----------------------
●● Cryptographic Algorithm: A clearly specified mathematical process for ----------------------
computation.
●● Encryption: The process of transforming plain text data into an ----------------------
unintelligible form (cipher text). ----------------------
●● Key Pair: In an Asymmetric Crypto System, a private key and its
mathematically related public key, are so related that the public key can ----------------------
verify the digital signature created by the private key. ----------------------
●● Private Key: Means the key of the key pair used to create a digital
signature. ----------------------
●● Public Key: Means the key of the key pair used to verify a digital ----------------------
signature.
----------------------
Self-Assessment Questions ----------------------
1. Explain in detail the system and functioning of EDI. ----------------------
2. Describe in detail the EDI standards. ----------------------
3. What is e-commerce? Was the Contract Act without any amendments
----------------------
sufficient to address all issues arising out of e-commerce transactions?
4. Provisions of the IT Act, 2000 addresses which issues relating to ----------------------
e-commerce?
----------------------
5. Explain in detail what is a Digital Signature and its working with illustrations.
----------------------
6. What is e-governance. What are the e-governance initiatives taken by the
Government of India? ----------------------
7. www.ebay.com is a popular e-commerce site? Explain its functioning in ----------------------
detail with the terms and conditions.
----------------------
----------------------
----------------------
1. False
2. True ----------------------

Notes 3. False
4. False
----------------------
---------------------- Multiple Choice Single Response.
---------------------- 1. Electronic record is defined under section ______ of the IT Act 2000.
---------------------- (iii) 2(t)
2. Electronic form with reference to information means any information
----------------------
generated, sent, recovered or stored in media, magnetic, optical, computer
---------------------- memory, microfilm, computer generated microfiche or similar device as
per Section _____ of the IT Act, 2000.
----------------------
(ii) 2 (r)
----------------------

1. Digital or electronic signatures are treated at par with the requirement of
----------------------
‘signature’ on a paper-based document.
---------------------- 2. Digital signature is the method of authentication of the electronic record
by the use of asymmetric crypto system and hash function, which envelops
----------------------
and transforms the initial electronic record into another electronic record.
---------------------- 3. Most modern computer encryption systems fail into two categories –
---------------------- symmetric key encryption and public key encryption.
----------------------
----------------------
Fill in the blanks.
---------------------- 1. The short role of ‘e’ is very small or like a catalyst in e-governance policy
and governance has a prime importance.
----------------------
2. The system of e-governance is supported by five major pillars.
----------------------
3. MAHAFOOD is Web based food grains allotment and lifting information
---------------------- system for the department of civil supplies and its 35 district offices.
---------------------- 4. KIS is the software used to generate daily board to deliver information of
case listed for various courtrooms in the office of Motor Accident Claims
---------------------- Tribunal, Mumbai.
----------------------
Suggested Reading
----------------------
1. Nandan, Kamath. Law relating to Computer, Internet and E-Commerce.
----------------------
2. Ahmed, S.S. A Guide to Information Technology: Cyber Law and
---------------------- E-Commerce.

Certifying Authority and Controllers
UNIT
3
Structure:
3.1 Who is a Certifying Authority and Controller
3.2 License to issue Electronic Signature Certificates (ESC)
3.3 Appointment of a Controller
3.4 Functions of a Controller
3.5 Functions of a Certifying Authority
Summary
Keywords
Suggested Reading
Certifying Authority and Controllers 33

Notes
Objectives
----------------------
----------------------
• Describe the scope and ambit of powers of certifying authorities and
---------------------- controllers
---------------------- • Recognize and evaluate the necessity of the authorities
• Specify the role of certifying authorities
----------------------
• Examine the role of controllers
----------------------
----------------------
3.1 WHO IS A CERTIFYING AUTHORITY AND CONTROLLER
----------------------
Due to the enabling provisions of the IT Act 2000, the electronic signature
---------------------- is given legal recognition and is now the electronic equivalent of the physical
signature. Thus an electronic record which bears the electronic signatures of
---------------------- the signatory or the subscriber can now be treated at par with a paper based
---------------------- document bearing the physical signature of the signatory and is therefore legally
acceptable.
---------------------- However, for a person to rely on an electronic record which is electronically
---------------------- signed, the person should be sure that the electronic signature is that of the
subscriber only and of nobody else. Thus a need was felt to have a trusted third
---------------------- party who could independently certify that the electronic signature is that of the
signatory or the subscriber and of nobody else.
----------------------
Such authorities were established as per the provisions of the IT Act,
---------------------- 2000 who could issue the aforesaid certifications. These independent, unbiased,
reliable entities formed under this Act are called Certifying Authorities and the
----------------------
certificate issued by them is called the Electronic Signature Certificate.
---------------------- Certifying Authority thus means a person who has been granted a license
by the Controller to issue Electronic Signature Certificate under section (u/s 24)
----------------------
of the IT Act, 2000.
---------------------- A Electronic Signature Certificate is a Public Key Certificate issued
by the Certifying Authority in the name of the subscriber. This means that it
----------------------
certifies that a electronic signature belongs to the specific signer or subscriber.
---------------------- The Electronic Signature Certificate confirms the identity of the subscriber and
also the subscriber’s Public Key.
----------------------
In addition to this function of certifying the identity of the subscriber so
---------------------- that any person can rely on it, Certifying Authority also dispenses the Public
Keys of the subscribers or makes them accessible to the public.
----------------------
In order to carry out these functions, the Certifying Authority has to
---------------------- receive a license from higher authorities established under the Act known as
Root Certifying Authority or Controller. This establishes a hierarchical system
---------------------- known as the Public Key Infrastructure or (PKI).

The hierarchical system is illustrated as below: Notes
(This system establishes a binding relationship between all its members or
----------------------
constituents and the relying third party.)
----------------------
----------------------
----------------------
Controller
----------------------
C.A. ----------------------
----------------------
Subscriber ----------------------
----------------------
Certifying Authority ----------------------
----------------------
----------------------
(Issues Electronic Signature Certificate (ESC), Identifies and authenticates the Subscriber
----------------------
----------------------
Establishes a relationship of trust ----------------------
Subscriber Relying party
----------------------
Thus, the Certifying Authority who is approved by the Controller or who has a
valid license from the Controller performs the following functions - ----------------------
a. Issues an ESC to the subscriber. ----------------------
b. Identifies and authenticates the subscriber for the third party. ----------------------
c. Establishes a relationship of trust between the subscriber and the third
party. ----------------------
----------------------
3.2 LICENSE TO ISSUE ELECTRONIC SIGNATURE
CERTIFICATES (ESC) ----------------------
Any person i.e. a legal entity may make an application to the Controller for ----------------------
a license to issue ESC. The Central Government has the power to prescribe the
----------------------
requirements the Applicant has to fulfil in respect of qualifications, expertise,
manpower, financial resource and other infrastructure facilities. ----------------------
As per rule 8(1) of the Information Technology (certifying authorities) ----------------------
Rules 2000, the following persons may apply for grant of a license to issue
ESC. ----------------------

Notes a. Any person who is Indian citizen and having a capital of Rs. 5 crores or
more in his business or profession.
----------------------
b. A company having paid up capital of more than Rs. 5 crores and net worth
---------------------- more than 50 crores.
The rule further states that any company or firm having an aggregate
----------------------
shareholding of NRIs, foreign institutional investors or foreign companies
---------------------- exceeding 49% of the total paid-up capital shall not be eligible to apply for a
license.
----------------------
As per rule 8 (2) of the Information Technology (certifying authorities)
---------------------- Rules 2000, the applicants require to furnish a performance bond or a bank
guarantee to the Controller for an amount not less than Rs. 5 crores and for a
---------------------- validity period of six years as a pre-requisite for obtaining a license to issue
ESCs.
----------------------
A license granted to the Certifying Authority under this section shall be
---------------------- valid for a period of five years from the date of issue and shall not be transferable
---------------------- and heritable and can be subject to further terms and conditions which will be
specified by regulations.
---------------------- Application for License
---------------------- The Act lays down a few compliances required to be made by the
Applicants for obtaining as License. Every application made as per the rules
---------------------- mentioned hereinabove by any person to the Controller for issue of license to
---------------------- issue ESCs shall be accompanied by the following documents:
a. Certification Practice Statement (CPS)
----------------------
b. Statement including the procedure with respect to identification of the
---------------------- Applicant
---------------------- c. Payment of a non-refundable fee of Rs. 25,000/-
---------------------- d. Any other document as prescribed by the Central Government

A Certification Practice Statement means a statement issued by a Certifying
---------------------- Authority to the Controller which specifies in detail the practices and procedures
---------------------- followed by the Certifying Authority in issuing Electronic Signature Certificate.
Grant of the License
----------------------
The Controller has the authority or power to grant the license or reject the
---------------------- application after scrutiny of the documents accompanying the application and
considering such other factors as found proper and fit by the Controller. The
----------------------
license shall be valid for a period of five years from the date of its issue and it
---------------------- is not transferable as per the Information Technology (Certifying Authorities)
Rules, 2000.
----------------------
The Controller may refuse to grant a license to the applicant if -
---------------------- a) Applicant has not provided all relevant information relating to its business,
---------------------- or

b) Is in the process of being wound up, or Notes
c) A Receiver has been appointed by court in respect of the applicant, or
----------------------
d) The Applicant has been convicted in or outside India.
----------------------
However, the Applicant is given a reasonable opportunity of presenting
his case before his application is rejected. ----------------------
In addition to its powers of granting a license to a Certifying Authority, ----------------------
The Controller can suspend or revoke the license granted to the Certifying
Authority under certain circumstances. ----------------------
Suspension and Revocation of License ----------------------
If it comes to the knowledge of the Controller that the Certifying Authority ----------------------
has not properly complied with the conditions laid down in the Act for Issuance
of License or that the Certifying Authority has intentionally suppressed a ----------------------
material fact or indulged in a malafide act, then, the Controller may revoke the
----------------------
License of a Certifying Authority.
However, the revocation of a license can be ordered by the Controller ----------------------
only after conducting a proper inquiry.
----------------------
The Certifying Authority is given a reasonable opportunity to show cause
against the proposed action of revocation of license by the Controller in the ----------------------
inquiry conducted by the Controller. After conclusion of the inquiry, if the ----------------------
Controller is satisfied that the Certifying Authority has indulged in any of the
following acts, the Controller may revoke the license - ----------------------
1. Certifying Authority has made a statement in, or in relation to, the ----------------------
application for the issue or renewal of the license, which is incorrect or
false in material particulars; ----------------------
2. Certifying Authority has failed to comply with the terms and conditions ----------------------
subject to which the license was granted;
----------------------
3. Certifying Authority has failed to maintain the standards as may be
prescribed by the Central Government from time to time; ----------------------
4. Contravened any provisions of this Act, rule, regulation or order made ----------------------
thereunder.
----------------------
During the conduct of the inquiry against the Certifying Authority, if
the Controller has a reasonable cause to believe that there is any ground for ----------------------
revoking a license, the Controller may order the suspension of such license
pending the completion of any inquiry ordered by him. ----------------------
The license shall not be suspended for a period exceeding ten days unless ----------------------
the Certifying Authority has been given a reasonable opportunity of showing
----------------------
cause against the proposed suspension.
The Certifying Authority whose license has been suspended has no ----------------------
authority to issue any Electronic Signature Certificate during such suspension. ----------------------

Notes Notice of Suspension or Revocation of License
With a view to maintain the trust of a Certifying Authority, it is necessary
----------------------
to publish information relating to such Certifying Authorities whose licenses
---------------------- have either been suspended or revoked so that people relying on this trusted
third party are well protected. It is also necessary to ensure that information
---------------------- relating to suspension and revocation of licenses is widely circulated and made
easily available to the public to ensure the trustworthiness of the Certifying
----------------------
Authorities.
---------------------- Therefore the Act lays down that where the license of the Certifying
Authority is suspended or revoked, the Controller shall publish notice of such
----------------------
suspension or revocation, as the case may be, in the database maintained by him
---------------------- which is also called a repository. Where one or more repositories are specified,
the Controller shall publish notices of such suspension or revocation, as the
---------------------- case may be, in all such repositories. The database containing the notice of such
suspension or revocation, as the case may be, shall be made available through
----------------------
a website which shall be accessible round the clock. The Controller may also
---------------------- publicize the contents of the database in such electronic or other media, as he
may consider appropriate.
----------------------
Application for Renewal of License
---------------------- The Act also lays down a few compliances required to be made by the
---------------------- applicants for renewal of the license. The application for renewal of license is
to be made in a form prescribed under the Act and is to be accompanied by non-
---------------------- refundable fees of Rs. 5,000/-.
---------------------- The Certifying Authority has to submit its application for renewal of its
license not less than 45 days before the date of expiry of the period of validity
---------------------- of license as per rules.
----------------------
----------------------
----------------------
1. The Controller has the authority or power to grant the license or reject
---------------------- the application.
---------------------- 2. The license shall be valid for a period of ten years from the date of its
issue.
----------------------
3. The license is transferable as per the Information Technology
---------------------- (Certifying Authorities) Rules, 2000.
----------------------
3.3 APPOINTMENT OF A CONTROLLER
----------------------
---------------------- The highest authority established under the Act known as Root Certifying
Authority is the Controller. The Controller is at the top of the hierarchical
---------------------- system known as the Public Key Infrastructure or (PKI) exercising control over

the Certifying Authorities established under the Act. Notes
The Central Government by notification in the official gazette appoints
----------------------
Controller of Certifying Authorities for the purpose of this Act. The Office of
the Controller has its own seal. ----------------------
The Central Government by notification may also appoint a number
----------------------
of Deputy Controllers and Assistant Controllers as found necessary. Deputy
Controllers and Assistant Controllers shall perform the functions assigned to ----------------------
them under the control and supervision of the Controller.
----------------------
The Controller discharges its functions under the general control and
supervision of the Central Government. ----------------------
The Controller may in writing delegate its powers to other authorities ----------------------
established under the Act viz the Deputy Controller, Assistant Controller or any
officer to exercise any of the powers of the Controller under this unit. ----------------------
----------------------
----------------------
Fill in the blanks.
----------------------
1. __________ has the power to appoint controller.
----------------------
2. The Controller discharges its functions under the general control and
supervision of the ________. ----------------------
----------------------
3.4 FUNCTIONS OF A CONTROLLER ----------------------
The Controller is the highest controlling authority appointed under the Act ----------------------
whose primary function is to regulate and supervise the Certifying Authorities
appointed under the Act. ----------------------
The main functions of the Controller are as follows: ----------------------
1. Supervise the activities of the Certifying Authorities.
----------------------
2. Certify Public keys of the Certifying Authorities.
----------------------
3. Lay down standards to be followed and maintained by Certifying Authorities.
4. Specify the qualifications and experience which the employees of the ----------------------
Certifying Authorities must possess. ----------------------
5. Specify the conditions under which the Certifying Authorities must
----------------------
conduct their business.
6. Specify the contents of written, printed, or visual materials and ----------------------
advertisements that may be distributed or used in respect of Electronic
----------------------
Signature Certificates and the Public Key.
7. Specify the form and contents of Electronic Signature Certificates and ----------------------
public key.
----------------------

Notes 8. Specify the form and manner in which accounts are to be maintained by
Certifying Authorities.
----------------------
9. Specify the terms and conditions in respect of appointment of auditors
---------------------- and their remuneration.
10. Facilitate the establishment of any electronic system by any Certifying
----------------------
Authority solely or jointly.
---------------------- 11. Specify the manner of operation of Certifying Authorities with the
subscribers.
----------------------
12. Resolve any conflict of interest between Certifying Authorities or between
---------------------- Certifying Authorities and Subscribers.
---------------------- 13. Laying down duties of Certifying Authorities.
---------------------- 14. Maintaining a database containing the disclosure record of every
Certifying Authority.
----------------------
In addition to the aforesaid functions, the Controller has the following
---------------------- powers -
1. The Controller has the power to recognize any foreign Certifying
----------------------
Authority as a Certifying Authority for the purpose of this Act subject to
---------------------- obtaining a prior approval from the Central Government.
---------------------- 2. The Controller shall be a repository of all the Electronic Signature

Certificates issued under the Act and shall maintain a computerized
---------------------- database of all public keys in such manner that they are available to the
Public. Thus the Controller is also known as the Root Certifying Authority
---------------------- or RCA. Rule 22 of the Information Technology Act 2000 specifies the
---------------------- details of the database to be maintained by the Controller. The following
details are to be included
---------------------- a. The name of the person/names of the Directors, nature of business,
---------------------- Income-Tax Permanent Account Number, web address, if any,
office and residential address, location of facilities associated with
---------------------- functions of generation of Electronic Signature Certificate, voice
and facsimile telephone numbers, electronic mail address(es),
---------------------- administrative contacts and authorized representatives;
---------------------- b. The public key(s), corresponding to the private key(s) used by the
Certifying Authority and recognized foreign Certifying Authority
---------------------- to electronically sign Electronic Signature Certificate;
---------------------- c. Current and past versions of Certification Practice Statement of
Certifying Authority;
----------------------
d. Time stamps indicating the date and time of -
----------------------
i. grant of license;
---------------------- ii. confirmation of adoption of Certification Practice Statement
---------------------- and its earlier versions;

iii. commencement of operation of generation and issue of Notes
Electronic Signature Certificate by the Certifying Authority;
----------------------
iv. revocation or suspension of license of Certifying Authority;
v. commencement of operation of Cross Certifying Authority; ----------------------
vi. issue of recognition of foreign Certifying Authority; ----------------------
vii. revocation of suspension of recognition of foreign Certifying ----------------------
Authority.
Presently, the Controller is maintaining the following repositories: ----------------------
a. National Repository of Electronic Certificate http://ca.gov.in/nrdc. ----------------------

htm.
----------------------
b. Certificate suspension and revocation interest http://cccogov.in/crl.
htm. ----------------------
3. The Controller has the power to issue licenses to Certifying Authorities ----------------------
on compliances of all the rules and regulations prescribed under the Act.
----------------------
4. The Controller can also delegate its power in writing to Deputy Controller
or Asst. Controller or such other officer appointed under the Act. ----------------------
5. The Controller can investigate any contravention of the provisions of this ----------------------
Act, rules or regulations made thereunder. The Controller shall exercise
the like powers which are conferred on income-tax authorities under ----------------------
Chapter XIII of the Income-Tax Act, 1961 (43 of 1961), and shall exercise
such powers, subject to such limitations laid down under the Act. ----------------------
----------------------
Multiple Choice Single Response. ----------------------

1. The main functions of the Controller are as follows: ----------------------
i. Supervision ----------------------
ii. Certifying Public Keys
----------------------
iii. Laying down duties of Certifying Authorities
----------------------
iv. All of the above
2.. Time stamps indicate the date and time of ----------------------
i. Grant of license ----------------------
ii. Revocation or suspension of license of certifying authority ----------------------
iii. Issue of recognition of foreign certifying authority
----------------------
----------------------
----------------------

Notes 3.5 FUNCTIONS OF A CERTIFYING AUTHORITY
---------------------- The main function of a Certifying Authority is to issue a Electronic
---------------------- Signature Certificate to the Subscriber.
Any person can obtain a Electronic Signature Certificate from a Certifying
---------------------- Authority by making an application in the prescribed form and payment of
---------------------- fees not exceeding Rs. 25,000/- such application has to be accompanied by the
certificate practice or where there is no such statement, a statement containing
---------------------- such particulars as may be specified by regulations.
---------------------- On receipt of the application, the Certifying Authority may after

considering the Certification Practice Statement and after making enquiries as
---------------------- deemed fit by it, grant a Electronic Signature Certificate or for reasons recorded
in writing may reject the application.
----------------------
By an Executive Order (No. 2187/2000- pers. I) dated 12.09.2002, issued
---------------------- by the Ministry of Communication and Information Technology, the confusion
about the Certification Practice Statement accompanying the application form for
----------------------
issuance of Electronic Signature Certificate was removed. The said order states
---------------------- that the application shall not be required to be accompanied by a Certification
Practice Statement. However, the application is required to be made in the
---------------------- prescribed form given in schedule IV of the said Act (as per Rule 23).
---------------------- Before issuing a Electronic Signature Certificate to a subscriber, the
Certifying Authority shall validate that:
----------------------
a. The appellant holds the private key corresponding to the public key to be
---------------------- listed in the ESC.
---------------------- b. The private key and the public key are a functional part capable of creating
a electronic signature.
---------------------- c. The public key to be listed in the certificate can be used to verify the
---------------------- electronic signature of the appellant which is affixed by using his private
key.
---------------------- In addition to the above, the Certifying Authority shall also ensure the
---------------------- following -
1. The Electronic Signature Certificate application has been submitted by
----------------------
the subscriber to the Certifying Authority in the form provided by the
---------------------- Certifying Authority and the same has been approved by it.
2. The application form contains, inter alia, the particulars given in the
----------------------
model form given in Schedule IV of the Act.
---------------------- 3. No interim Electronic Signature Certificate is issued.
---------------------- 4. The Electronic Signature Certificate is generated by the Certifying
Authority upon receipt of an authorized and validated request for new
---------------------- Electronic Signature Certificates or Electronic Signature Certificate
---------------------- renewal.

5. The Electronic Signature Certificate contains or incorporates by Notes
reference such information, as is sufficient to locate or identify one or
more repositories in which revocation or suspension of the Electronic ----------------------
Signature Certificate will be listed, if the Electronic Signature Certificate
is suspended or revoked. ----------------------
6. The subscriber identify verification method employed for issuance of ----------------------

Electronic Signature Certificate is specified in the Certification Practice
----------------------
Statement and is subject to the approval of the Controller during the
application for a license. ----------------------
7. Where the Electronic Signature Certificate is issued to a person on the
----------------------
basis of another valid Electronic Signature Certificate held by the same
person and subsequently the Originating Electronic Signature Certificate ----------------------
has been suspended or revoked, the Certifying Authority that issued the
new Electronic Signature Certificate conducts investigations to determine ----------------------
whether it is necessary to suspend or revoke the new Electronic Signature
----------------------
Certificate.
8. The Certifying Authority provides a reasonable opportunity for the ----------------------
subscriber to verify the contents of the Electronic Signature Certificate
----------------------
before it is accepted.
9. If the subscriber accepts the issued Electronic Signature Certificate, the ----------------------
Certifying Authority publishes a signed copy of the Electronic Signature ----------------------
Certificate in a repository.
10. Where the Electronic Signature Certificate has been issued by the Licensed ----------------------
Certifying Authority and accepted by the subscriber, and the Certifying ----------------------
Authority comes to know of any fact, or otherwise, that affects the validity
or reliability of such Electronic Signature Certificate, the same is notified ----------------------
to the subscriber immediately.
----------------------
11. All Electronic Signature Certificates are issued with a designated expiry
date. ----------------------
A Certifying Authority while issuing a Electronic Signature Certificate ----------------------
shall certify that –
----------------------
1. It has complied with the provisions of this Act and the rules and regulations
made thereunder; ----------------------
2. It has published the Electronic Signature Certificate or otherwise made it ----------------------
available to such person relying on it and the subscriber has accepted it;
3. The subscriber holds that private key corresponding to the public key, ----------------------
listed in the Electronic Signature Certificate; ----------------------
4. The subscriber’s public key and private key constitute a functioning key
pair; ----------------------
5. The information contained in the Electronic Signature Certificate is ----------------------

accurate; and
----------------------

Notes 6. It has no knowledge of any material fact, which if it had been included in
the Electronic Signature Certificate would adversely affect the reliability
---------------------- of the representation made in clauses (1) to (5).
---------------------- Thus the Certifying Authority in addition to its function of identifying
the subscriber, it also certifies the practice and procedure followed by it
---------------------- in issuing a Electronic Signature Certificate so that it establishes itself a
trusted third party for the relying party.
----------------------
Electronic Signature Certificate Standard
----------------------
Rule 7 of the Information Technology (Certifying Authorities) Rules
---------------------- 2000 specifies the Electronic Signature Certificate Standard to be adopted by
all Certifying Authorities approved or licensed under the Act.
----------------------
As per the said rule, all Electronic Signature Certificates issued by the
---------------------- Certifying Authorities shall confirm to ITU X 509 Version 3 standard as per rule
6 and shall, inter-alia, contain the following data, namely:
----------------------
a. Serial Number (assigning of serial number to the Electronic Signature
---------------------- Certificate by Certifying Authority to distinguish it from other certificate);
---------------------- b. Signature Algorithm Identifier (which identifies the algorithm used by
Certifying Authority to sign the Electronic Signature Certificate);
----------------------
c. Issuer Name (name of the Certifying Authority who issued the Electronic
---------------------- Signature Certificate);
d. Validity period of the Electronic Signature Certificate;
----------------------
e. Name of the subscriber (whose public key the Certificate identifies); and
----------------------
f. Public key information of the subscriber.
---------------------- The Electronic Signature Certificate is an important instrument of trust
---------------------- and creates a bond between the subscriber and the issuer.
Generation of Electronic Signature Certificate
----------------------
The generation of the Electronic Signature Certificate shall involve:
----------------------
a. receipt of an approved and verified Electronic Signature Certificate
---------------------- request;
---------------------- b. creating a new Electronic Signature Certificate;

c. binding the key pair associated with the Electronic Signature Certificate
---------------------- to a Electronic Signature Certificate owner;
---------------------- d. issuing Electronic Signature Certificate and the associated public key for
operational use;
----------------------
e. a distinguished name associated with the Electronic Signature Certificate
---------------------- owner; and
---------------------- f. a recognized and relevant policy as defined in Certification Practice
Statement.
----------------------

Issue of Electronic Signature Certificate Notes
Before the issue of the Electronic Signature Certificate, the Certifying
----------------------
Authority shall -
i) confirm that the user’s name does not appear in its list of compromised ----------------------
users;
----------------------
ii) comply with the procedure as defined in his Certification Practice Statement
including verification of identification and/or employment; ----------------------
iii) comply with all privacy requirements; ----------------------
iv) obtain consent of the person requesting the Electronic Signature ----------------------
Certificate, that the details of such Electronic Signature Certificate can be
published on a directory service. ----------------------
Certificate Lifetime ----------------------
1. A Electronic Signature Certificate -
----------------------
a. shall be issued with a designated expiry date;
----------------------
b. which is suspended shall return to the operational use, if the suspension
is withdrawn. ----------------------
c. shall expire automatically upon reaching the designated expiry date ----------------------
at which time the Electronic Signature Certificate shall be archived;
d. on expiry; shall not be re-used. ----------------------
2. The period for which a Electronic Signature Certificate has been issued ----------------------
shall not be extended, but a new Electronic Signature Certificate may be
----------------------
issued after the expiry of such period.
Compromise of Electronic Signature Certificate ----------------------
Electronic Signature Certificate in operational use that becomes ----------------------
compromised shall be revoked in accordance with the procedure defined in the
Certification Practice Statement of Certifying Authority. ----------------------
Explanation - Electronic Signature Certificates shall - ----------------------
A. Be deemed to be compromised where the integrity of - ----------------------
i) the private key associated with the Electronic Signature Certificate
is in doubt; ----------------------
ii) the Electronic Signature Certificate owner is in doubt, as to the use, ----------------------
or attempted use of his key pairs, or otherwise, for malicious or
----------------------
unlawful purpose.
B. Remain in the compromised state for only such time as it takes to ----------------------
arrange for revocation.
----------------------
The Certifying Authority to ensure that all the Electronic Signature
Certificates issued by it are valid and trustworthy and confirm to the standards ----------------------
and rules and regulations laid down under the Act can exercise the following ----------------------
additional powers –

Notes Suspension of Electronic Signature Certificate
The Certifying Authority which has issued a Electronic Signature
----------------------
Certificate may suspend such Electronic Signature Certificate on happening of
---------------------- any of the following events -
a. On receipt of a request to that effect from -
----------------------
i) the subscriber listed in the Electronic Signature Certificate; or
----------------------
ii) any person duly authorized to act on behalf of the subscriber;
---------------------- b. If it is of opinion that the Electronic Signature Certificate should be
---------------------- suspended in public interest.
However, the Electronic Signature Certificate shall not be suspended for a
---------------------- period exceeding ten days unless the subscriber has been given an opportunity
---------------------- of being heard in the matter. On suspension of a Electronic Signature Certificate
under this section, the Certifying Authority shall communicate the same to the
---------------------- subscriber.
---------------------- Revocation of Electronic Signature Certificate
A Certifying Authority may revoke a Electronic Signature Certificate
----------------------
issued by it on happening of any of the following events -
---------------------- a. where the subscriber or any other person authorized by him makes a
request to that effect; or
----------------------
b. upon the death of the subscriber; or
----------------------
c. upon the dissolution of the firm or winding up of the company where the
---------------------- subscriber is a firm or a company.
---------------------- In addition to the above circumstances, a Certifying Authority may revoke
a Electronic Signature Certificate which has been issued by it at any time, if it
---------------------- is of the opinion that -
---------------------- a. a material fact represented in the Electronic Signature Certificate is false
or has been concealed;
----------------------
b. a requirement for issuance of the Electronic Signature Certificate was not
---------------------- satisfied;
---------------------- c. the Certifying Authority’s private key or security system was compromised
in a manner materially affecting the Electronic Signature Certificate’s
---------------------- reliability;
---------------------- d. the subscriber has been declared insolvent or dead or where a subscriber
is a firm or a company, which has been dissolved, wound-up or otherwise
---------------------- ceased to exist.
---------------------- However, a Electronic Signature Certificate shall not be revoked unless

the subscriber has been given an opportunity of being heard in the manner. On
---------------------- revocation of a Electronic Signature Certificate under this section, the Certifying
Authority shall communicate the same to the subscriber.
----------------------

Notice of Suspension or Revocation Notes
Where a Electronic Signature Certificate is suspended or revoked, the
----------------------
Certifying Authority shall publish a notice of such suspension or revocation,
as the case may be, in the repository specified in the Electronic Signature ----------------------
Certificate for publication of such notice. Where one or more repositories are
specified, the Certifying Authority shall publish notices of such suspension or ----------------------
revocation, as the case may be, in all such repositories.
----------------------
The revoked Electronic Signature Certificate shall be added to the
Certificate Revocation List (CRL). ----------------------
Guidelines for Certifying Authorities to follow certain procedures ----------------------
Every Certifying Authorities shall - ----------------------
a. make use of hardware, software, and procedures that are secure from
intrusion and misuse; ----------------------
b. provide a reasonable level of reliability in its services which are reasonably ----------------------
suited to the performance of intended functions;
----------------------
c. adhere to security procedures to ensure that the secrecy and privacy of the
electronic signatures are assured; and ----------------------
d. observe such other standards as may be specified by regulations. ----------------------
Other Compliances
----------------------
Certifying Authority to ensure that every person employed or otherwise
engaged by it complies, in the course of his employment or engagement, with ----------------------
the provisions of this Act, rules, regulations or orders made thereunder. ----------------------
Every Certifying Authority shall display its license at a conspicuous place
of the premises in which it carries on its business. ----------------------
Every Certifying Authority whose license is suspended or revoked shall ----------------------

immediately after such suspension or revocation, surrender the license to the
----------------------
Controller.
Where any Certifying Authority fails to surrender a license as mentioned ----------------------
hereinabove, the person in whose favour a license is issued, shall be guilty of an
----------------------
offence and shall be punished with imprisonment which may extend up to six
months or a fine which may extend up to ten thousand rupees or with both. ----------------------
Further, every Certifying Authority shall disclose in the manner specified
----------------------
by regulations.
a. its Electronic Signature Certificate which contains the public key ----------------------
corresponding to the private key used by that Certifying Authority to ----------------------
electronically sign another Electronic Signature Certificate;
b. any certification practice statement relevant thereto; ----------------------
c. notice of the revocation or suspension of its Certifying Authority certificate, ----------------------

if any; and
----------------------

Notes d. any other fact that materially and adversely affects either the reliability of
a Electronic Signature Certificate, which that Authority has issued, or the
---------------------- Authority’s ability to perform its services.
---------------------- Where in the opinion of the Certifying Authority, any event has occurred
or any situation has arisen which may materially and adversely affect the
---------------------- integrity of its computer system or the conditions subject to which a Electronic
Signature Certificate was granted, then, the Certifying Authority shall -
----------------------
a. use reasonable efforts to notify any person who is likely to be affected by
---------------------- the occurrence; or
---------------------- b. act in accordance with the procedure specified in its certification practice
statement to deal with such event or situation.
----------------------
Security Guidelines for Certifying Authorities
---------------------- The Certifying Authorities shall have the sole responsibility of integrity,
confidentiality and protection of information and information assets employed
----------------------
in its operation, considering classification, declassification, labelling, storage,
---------------------- access and destruction of information assets according to their value, sensitivity
and importance of operation.
----------------------
Information Technology Security Guidelines and Security Guidelines
---------------------- for Certifying Authorities aimed at protecting the integrity, confidentiality and
availability of services of Certifying Authority are given in Schedule II and
---------------------- Schedule III, respectively.
---------------------- The Certifying Authority shall formulate its Information Technology and
Security Policy for operation complying with these guidelines and submit it to
---------------------- the Controller before commencement of operation:
---------------------- Provided that any change made by the Certifying Authority in the
Information Technology and Security Policy shall be submitted by it within
---------------------- two weeks to the Controller.
---------------------- Duties of Subscribers
---------------------- In this PKI system, the subscriber also has a duty to discharge to ensure
the smooth and effective use and implementation of the electronic signatures in
---------------------- between, concerned and other applications.
---------------------- The duties of the subscribers are as follows:

Generating Key Pair
----------------------
Where any Electronic Signature Certificate, the public key of which
---------------------- corresponds to the private key of the subscriber which is to be listed in the
Electronic Signature Certificate has been accepted by a subscriber, then, the
---------------------- subscriber shall generate the key pair by applying the security procedure.
---------------------- Acceptance of Electronic Signature Certificate
---------------------- A subscriber shall be deemed to have accepted a Electronic Signature
Certificate if he publishes or authorizes the publication of a Electronic Signature
---------------------- Certificate

a) to one or more persons; or Notes
b) in a repository; or
c) otherwise demonstrates his approval of the Electronic Signature Certificate ----------------------
in any manner. ----------------------
By accepting a Electronic Signature Certificate, the subscriber certifies to
----------------------
all who reasonably rely on the information contained in the Electronic Signature
Certificate that - ----------------------
a. the subscriber holds the private key corresponding to the public key listed
----------------------
in the Electronic Signature Certificate and is entitled to hold the same;
b. all representations made by the subscriber to the Certifying Authority ----------------------
and all material relevant to the information contained in the Electronic
----------------------
Signature Certificate are true;
c. all information in the Electronic Signature Certificate that is within the ----------------------
knowledge of the subscriber is true.
----------------------
Control of Private Key
----------------------
Every subscriber shall exercise reasonable care to retain control of the
private key corresponding to the public key listed in his Electronic Signature ----------------------
Certificate and taken all steps to prevent its disclosure to a person not authorized
to affix the electronic signature of the subscriber. ----------------------
If the private key corresponding to the public key in the Electronic Signature ----------------------
Certificate has been compromised, then, the subscriber shall communicate the
same without any delay to the Certifying Authority in such manner as may be ----------------------
specified by the regulations.
----------------------
The subscriber shall be liable till he has informed the Certifying Authority
that the private key has been compromised. ----------------------
----------------------
----------------------
1. The subscriber’s public key and private key constitute a functioning ----------------------
key pair.
2. Electronic Signature can be given to the subscriber whose name is in ----------------------
the compromised users list.
----------------------
3. The electronic Signature Certificate continues to have validity even
after the death of the subscriber. ----------------------
----------------------
Activity 1 ----------------------
Search for a case law on revocation of ESC. ----------------------
----------------------

Notes Summary
---------------------- ●● The Controller, the Certifying Authorities and the Subscriber form the
part of a three-tier hierarchical system that issues, certifies and maintains
----------------------
electronic signature certificates or ESCs. The Electronic Signatures
---------------------- Certificates are the instrument of trust that bind the subscriber to its
Electronic Signature so that any third party can rely on it. To ensure that this
---------------------- trustworthiness is maintained, an impartial authority is established under
the Act known as Certifying Authorities which have the power to issue
----------------------
ESCs. Along with this power, the Certifying Authorities are responsible
---------------------- to maintain its impartiality and trustworthiness and are therefore required
to strictly adhere to all the compliances relating to their infrastructure,
---------------------- operations and accountability as laid down under the Act. The Certifying
Authorities can perform these functions only after obtaining a valid
----------------------
license from the Controller after following the strict procedure laid down
---------------------- under the Act.
●● The Controller appointed under the Act is the topmost authority under
----------------------
this PKI system and all Certifying Authorities established under the Act
---------------------- perform their functions under the general superintendence, supervision
and control of the Controller. The Controller also known as the Root
---------------------- Certifying Authority (RCA) is appointed by the Central Government.
The Controller can delegate its powers to Deputy Controllers or Asst.
----------------------
Controllers appointed under the Act. The Controllers are the licensing
---------------------- authorities for the Certifying Authorities and thus have to ensure that
the Certifying Authorities have complied with all the provisions of the
---------------------- Act and rules and regulations made thereunder. The Controller also is a
central repository for all the ESCs issued under the Act.
----------------------
●● To ensure that this system of issuance and control of ESC work effectively
---------------------- and efficiently so that a third party can rely on the electronic signature of
any subscriber, the subscribers also have some duties to perform under
----------------------
the Act viz generating a key pair, accepting an ESC and exercise control
---------------------- over its private key to ensure that it is not compromised.
●● In furtherance of the object of the Information Technology Act, 2000
---------------------- to give legal recognition to e-commerce transactions and to facilitate
---------------------- the e-filing of documents with the government agencies, this three-tier
system of Controller, Certifying Authorities and Subscribers established
---------------------- under the Act (also known as PKI) ensures that the electronic signatures
used are reliable and trustworthy.
----------------------
---------------------- Keywords
---------------------- ●● Certifying Authority: It means a person who has been granted a license
to issue Electronic Signature Certificate under S 24 of the Act.
----------------------
●● Certification Practice Statement: It means a statement issued by a
----------------------

Certifying Authority to specify the practices that the Certifying Authority Notes
employs in issuing Electronic Signature Certificates.
●● Controller: It means the Controller of Certifying Authorities appointed ----------------------
under S (17) (1) of the Act. ----------------------
●● License: It means a license granted to a Certifying Authority under S 24
of the Act. ----------------------
●● Subscriber: It means a person in whose name the Electronic Signature ----------------------
Certificate is issued.
----------------------
●● PKI: Public Key Infrastructure.
●● RCA: Root Certifying Authority. ----------------------
●● ESC: Electronic Signature Certificate. ----------------------
●● CPS: Certification Practice Statement.
----------------------
●● CRL: Certificate Revocation List.
----------------------
Self-Assessment Questions ----------------------
1. Define the Public Key Infrastructure with illustration and write briefly the ----------------------
role and responsibilities of each of its constituents.
----------------------
2. How can the authenticity of a electronic signature be verified? Explain in
detail. ----------------------
3. Which authority under the Act can issue Electronic Signature Certificates? ----------------------
What is the procedure required to be followed by these authorities for
obtaining a license to issue Electronic Signature Certificates? ----------------------
4. Under what circumstances can a license issued to a Certifying Authority ----------------------
be suspended or revoked?
----------------------
5. What is a Electronic Signature Certificate? What is the standard prescribed
under the Act? Explain in detail. ----------------------
6. Who is a Controller under the Act? Can he delegate any of the powers
----------------------
assigned to him under the Act?
7. What are the functions of a Controller? ----------------------
8. The Controller is also called the Root Certifying Authority. Explain in ----------------------
detail.
----------------------
9. What are the duties of a subscriber under the Act?
10. Explain the steps involved in generation of a Electronic Signature ----------------------
Certificate. ----------------------
11. Name 5 Certifying Authorities in India licensed to issue ESCs.
----------------------
----------------------
----------------------

Notes Answers to Check your Progress

1. True
----------------------
2. False
----------------------
3. False
----------------------

1. Central Government has the power to appoint controller.
----------------------
2. The Controller discharges its functions under the general control and
---------------------- supervision of the Central Government.
----------------------
----------------------
Multiple Choice Single Response.
----------------------
1. The main functions of the Controller are as follows:
----------------------
(iv) All of the above.
---------------------- 2. Time stamps indicating the date and time of –
---------------------- (iv) All of the above.
----------------------
----------------------
----------------------
1. True
---------------------- 2. False
---------------------- 3. False
----------------------
---------------------- Suggested Reading
---------------------- 1. Lessing, Lawrence. Code and other Laws of cyberspace.

2. MacDonald, Elizabeth and Diane Rowland. Information Technology Law.
----------------------
----------------------
----------------------
----------------------

Offences under IT Act, Adjudicating Officer and Cyber
Appellate Tribunal UNIT
Structure:
4.1 Contraventions under the Information Technology Act, 2000
4
4.2 Power to Adjudicate
4.3 Cyber Appellate Tribunal
4.4 Appeal to Cyber Appellate Tribunal
Summary
Keywords
Suggested Reading
Offences under IT Act, Adjudicating Officer and Cyber Appellate Tribunal 53

Notes
Objectives
----------------------
---------------------- After going through this unit, you will be able to:
• Discuss offences in respect of damage to computers, computer system
----------------------
and computer network and the punishments prescribed under the Act
---------------------- • Explain the role of adjudicating officers
---------------------- • Identify the role of the Cyber Appellate Tribunal
----------------------
---------------------- 4.1 CONTRAVENTIONS UNDER THE

INFORMATION TECHNOLOGY ACT, 2000
----------------------
The IT Act, 2000 provides for penalty for some specific acts which cause
----------------------
damage to computer, computer systems or computer network. It penalizes certain
---------------------- acts that are carried out without the permission of the computer owner or any other
person who is in charge of the computer, computer system or computer network.
---------------------- Damage may mean physical damage or harm or also general loss or injury including
damage caused to intangible property such as data residing on a computer. Earlier
----------------------
the penalty was granted to certain acts which were in the form of Compensation
---------------------- upto the amount of Rs. 1 Crore. But now with the latest Amendment in the year
2008, the monitory limit for the compensation to the victim has been removed. That
---------------------- means now the victim can receive any amount as compensation as granted after
adjudication which may be beyond Rs. 1 Crore as well.
----------------------
Any given computer, computer System or computer network under the
---------------------- control of the owner or his designator or in-charge at any given time and place
should be a secure system. Accordingly, to ensure that every computer enjoys
----------------------
the privileges and advantages of the secure system; Section 43 of the IT Act
---------------------- 2000 embodies all the acts that are harmful to the security of the Computer,
Computer System or Computer Network and also lays down penalty for some
---------------------- acts. The ambit and scope of this section is wide enough to include all acts
that may result in a physical damage to a Computer, Computer System or
----------------------
Computer Network or loss of data residing in any computer, Computer System
---------------------- or Computer Network. It also includes acts of copyright infringement and also
acts of internet time theft.
----------------------
The acts enumerated under Section 43 of the IT Act 2000 can also be termed
---------------------- as “cyber contraventions” as it includes within its ambit certain unlawful acts
which were unknown prior to the invention of computers and communication
---------------------- technology.
---------------------- Section 43 reads as under –
---------------------- “Penalty for damage to Computer, Computer System, etc. – If any person
without the permission of the owner or any other person who is in-charge of a
---------------------- Computer, Computer System or Computer Network, -

(a) accesses or secures access to such computer, computer system Notes
or computer network; “Access means gaining entry into, instructing or
communicating with the logical, arithmetical or memory function resources of ----------------------
a computer, computer system or computer network or computer resource.”
----------------------
Access can mean both physical as well as virtual access to a Computer,
Computer System or computer network. Physical access means where one is ----------------------
physically present such as a person switches on a computer to gain access.
----------------------
Virtual access means where one gains access to a computer through a remote
connection such as a connection via a satellite, microwave or a terrestrial line ----------------------
or other communication media like optical fibres/cables, etc.
----------------------
Both the following situations are taken into consideration under this sub-
section – ----------------------
4.2 attempts to access and
----------------------
4.3 securing access
----------------------
Thus repeated attempts or trials to access whether successful or not will be
covered under this clause. ----------------------
Following are the illustrations of access and secure access - ----------------------
1) Alex enters the room in which the laptop he intends to access is kept. He
switches on the laptop without permission. ----------------------
2) Pratibha takes a printout from a computer without permission. ----------------------

3) Anand secures access to an e-mail account of Bharati without the ----------------------
permission of Bharati.
----------------------
4) Nikhil secures access to a computer network using an internet connection
and some special tools for securing unauthorized access. ----------------------
Thus all kinds of acts that amount to ‘unauthorized access’ are covered
----------------------
under this clause.
Some common tools of unauthorized access are – ----------------------
1. Packet Sniffing ----------------------
Data is transmitted in the form of packets on networks. These packets ----------------------
are also known as data grams. These data packets are of various sizes
depending on the network bandwidth as well as the amount of data ----------------------
being carried by the packets. Each packet has a header which contains
information in respect of the source, destination, protocol, size, total ----------------------
number of packets in sequence and the unique number of the packet. ----------------------
The data carried is the encrypted form known as the hex of the data.
The network through which the data packet travels is made up of several ----------------------
layers or levels. This kind of a network is known as an Open system
interconnection or OSI Model. Amongst these several layers, the network ----------------------
layer prepares the packet for transmission. ----------------------
This is the layer in which the attack to seek unauthorized access generally
----------------------
takes place and the packets are intercepted either at the time they leave its

Notes source or at the time just prior to receipt by its destination. This method is
also called ‘sniffing’.
----------------------
2. Tempest Attack
---------------------- The word tempest stands for - “Transient Electromagnetic Pulse
Emanation Standard”. Advanced technology offers the ability to monitor
----------------------
electromagnetic emissions from computers. Data is reconstructed from
---------------------- the captured electromagnetic emissions. This data can be login ids and
passwords which enable unauthorized access. This technology which is
---------------------- very expensive allows remote monitoring of network cables or remotely
viewing monitors.
----------------------
3. Password Cracking
----------------------
Password cracking is a technique by which plaintext passwords are
---------------------- recovered from passwords which are generally stored in the encrypted
form. In addition to this technique, there are several other ways in which
---------------------- passwords can be obtained unlawfully or illegally. And the most easiest of
---------------------- the technique is guessing. Most of the users include some personal detail in
the password and therefore if you know the person it is quite easy to guess the
---------------------- password or atleast a part of the password. Other methods used in obtaining
passwords are social engineering, keystroke logging, phishing, shoulder
---------------------- surfing or using a trojan horse. Dictionary Attack and a Brute Force Attack
---------------------- are two of the most common attacks used for cracking passwords. In the
Dictionary attack, a Dictionary is used which has a database of commonly
---------------------- used passwords while in a Brute Force Attack all permutation combinations
of letters, numbers and special characters are tried.
----------------------
4. Buffer Overflow
---------------------- This type of a technique involves input of excessive data into a computer
---------------------- which causes the excess data to overflow into other areas of the memory
thus enabling the hacker to gain entry into a computer.
----------------------
5. Trojans
---------------------- The Password Trojan is a program which searches the victim’s computer
for passwords and then sends them to the attacker or the author of the
----------------------
Trojan. There are different types of Trojan programs for internet passwords
---------------------- or e-mail passwords. These Trojan programs usually send the information
back to the attacker via e-mail.
----------------------
6. Phishing
---------------------- Phishing is also called “webpage spoofing” which means that fake replica
---------------------- is made of a genuine webpage such as a banks webpage. The intention is
to fool the users into believing that they are connected to a trusted and a
---------------------- legitimate website and then ask the user to enter its id and password. This
information entered by the user is sent to the attacker.
----------------------
“Section 43(b) – Downloads, copies or extracts any data, computer
---------------------- database or information from such computer, computer system or computer

network including information or data held or stored in any removable storage Notes
medium.”
----------------------
“Download” means retrieving a file data from a remote computer,
computer systems or computer network and then saving, storing or copying it ----------------------
on to a hard disk or any removable storage medium.
----------------------
“Copy” means storing, saving or making an exact replica of a file (data) on
the same storage medium or some other removable storage medium or internal ----------------------
computer memory.
----------------------
“Extract” means to take out or derive a part or some contents from a data
or a file. ----------------------
“Removable storage medium” means and includes – ----------------------
a) magnetic storage medium viz. floppy disc, micro film, magnetic tapes.
----------------------
b) optical storage viz. CD-writable, CD-rewritable, DVD-writable, DVD
rewritable, ----------------------
c) punched cards, magnetic tapes, USB storages, etc. ----------------------
“Data” means a representation of information, knowledge, facts, concepts
----------------------
or instructions which are being prepared or have been prepared in a formalized
manner, and is intended to be processed, is being processed or has been processed ----------------------
in a computer system or computer network, and may be in any form (including
computer printouts, magnetic or optical storage media, punched cards, punched ----------------------
tapes) or stored internally in the memory of the computer.
----------------------
“Computer database” means a representation of information, knowledge,
facts, concepts or instructions in text, image, audio, video that are being ----------------------
prepared or have been prepared in a formalized manner or have been produced ----------------------
by a computer, computer system or computer network and are intended for use
in a computer, computer system or computer network. ----------------------
“Information” includes data, text, images, sound, voice, codes, computer ----------------------
programmes, software and databases or micro film or computer generated
microfiche. ----------------------
This clause prohibits any person from downloading, copying or extracting ----------------------
any data, computer database or any information without the permission of its
owner or without permission of any person in-charge of it. ----------------------
This is in respect of copyright protection in the digital medium as the ----------------------
‘owner’ of the data has exclusive rights to the contents and thus reproduction
which includes copying, downloading and extraction without permission shall ----------------------
be unlawful.
----------------------
This clause directly protects the exclusive rights of the owner of the data
or contents of the electronic record. ----------------------
Copyright is a bundle of rights which accrue to the owner exclusively. ----------------------
These rights includes the right of reproduction or making copies, extracts,
derivative works, etc. All aforesaid rights are protected by this clause and the ----------------------

Notes owner can claim compensation up to any amount if any of the aforesaid rights
are infringed.
----------------------
Thus all instances of software piracy i.e. making or using unlicensed copies
---------------------- of software, music and video piracy, making or using or downloading unauthorized
copies of music files of video, movies are covered under this section.
----------------------
Further, any unauthorized coping form any website i.e. contents of the
---------------------- websites, links on the websites, etc. will amount to a violation of the owner’s
rights under this clause.
----------------------
The ambit and scope of this clause in the IT Act 2000 is much wider than
---------------------- the one available under the Copyright Act as there are no “fair use” exceptions
available.
----------------------
Section 43(c) – introduces or causes to be introduced any computer
---------------------- contaminant or computer virus into any computer, computer system or computer
network.
----------------------
Virus - A computer virus means any computer instruction, information,
---------------------- data or program that destroys, damages, degrades or adversely affects the
performance of a computer resource or attaches itself to another computer
---------------------- resource and operates when a programme, data or instruction is executed or
---------------------- some other event takes place in the computer resource;
A virus is a computer program that can infect other computer programs
---------------------- by modifying them in such a way as to include a copy of it. There are two main
---------------------- classes of viruses. First are the file infector which attach themselves to ordinary
program files for eg .com or .exe files. The second category is system or boot-
---------------------- record infectors. These viruses infect the executable code found in certain
system areas on a disk, which are not ordinary files. In addition to this, there are
---------------------- what are known as e-mail viruses. An e-mail virus travels as an attachment to
---------------------- e-mail messages, and usually replicates itself by automatically mailing itself to
dozens of people in the victim’s e-mail address book. Some e-mail viruses don’t
---------------------- even require a double-click. They launch even when the user views the infected
message in the preview option of the e-mail software used by the user.
----------------------
Some Popular Viruses
----------------------
1. Melissa
---------------------- This virus was first noticed on 26th March, 1999.
---------------------- The first action of this virus was to infect Microsoft Word’s normal “.dot”
global template. Which means all new documents created by the user
---------------------- would get infected. Then the virus would insert some text into a word
---------------------- document at a specified time of the day. The next step of the virus was
to access Microsoft Outlook address book and e-mail the infected Word
---------------------- file as an attachment to the first fifty e-mail addresses entered there.
The moment the recipients open these attachment, their computers are
---------------------- also infected. The virus then sends the infected file to another 50 e-mail
---------------------- addresses. Thus this was the fastest spreading virus.

The Melissa virus is an automatic spamming virus. Notes
2. Chernobyl
----------------------
The Chernobyl, or PE CIH, virus activates itself every year on the 26th of
April - on the anniversary of the Chernobyl, Ukraine nuclear power plant ----------------------
tragedy. It was allegedly written by a Taiwanese citizen in 1998.
----------------------
The virus wipes the first megabyte of data from the hard disk of a personal
computer thus making the rest of the files of no use. In addition to this, ----------------------
it also deletes the data on the computer’s Basic Input-Output System
----------------------
(BIOS) chip so that the computer cannot function till a new chip is fitted
or the data on the old one is restored. This virus affects only executable ----------------------
files.
----------------------
3. VBS_LOVELETTER
The VBS_LOVELETTER virus (better known as the Love Bug or the ----------------------
ILOVEYOU virus) was reportedly written by a Filipino undergraduate. ----------------------
In May 2000, this deadly virus beat the Melissa virus and became the
world’s most prevalent virus. The original VBS_LOVELETTER utilized ----------------------
the addresses in Microsoft Outlook and e-mailed itself to those addresses.
The e-mail which was sent out had “ILOVEYOU” in its subject line. ----------------------
The attachment file was named “LOVE-LETTER-FOR-YOU.TXT.vbs”. ----------------------

People got fooled and believed the file to be a text file.
----------------------
The damage caused by this virus was extensive as it first selected some
files and then inserted its own code in lieu of the original data contained ----------------------
in the file.
----------------------
4. Pakistani Brain
----------------------
The Brain, the first virus known to have spread all over the world, was
a boot sector virus. This virus deleted the system commands which are ----------------------
instrumental in starting the computer from their predetermined space
on the hard disk and put them in the next unused space or sector. Then, ----------------------
it would mark the space where the system commands now reside as ----------------------
bad sectors. This way, it would become impossible to boot or start the
computer. Further it continued to take up all the unused space in the ----------------------
computer’s disk and mark it as corrupted sectors.
----------------------
5. Jerusalem
The Jerusalem virus also known as “Israeli” and “Friday the 13th” has ----------------------
several versions including the Jerusalem-B virus. It starts by infecting the ----------------------
.COM and .EXE files in a computer. After existing or being resident in a
computer for half an hour, it slows down the system processes by a factor ----------------------
of ten. On a pre-set date, Friday the 13th, the Jerusalem virus deletes all
the infected files from the user’s computer. Apart from the damage that it ----------------------
does, the other strain of the Jerusalem virus, Jerusalem-B, also shows a ----------------------
“black window” in the center of the screen at regular intervals.
----------------------

Notes Computer Contaminant – A computer contaminant means any set of
computer instructions that are designed –
----------------------
a) to modify, destroy, record, transmit data or programme residing within a
---------------------- computer, computer system or computer network;
b) by any means to usurp the normal operation of the computer, computer
----------------------
system or computer network.
---------------------- The following can be categorized as contaminants –
---------------------- a) Worms
---------------------- b) Trojans
Worm
----------------------
A computer worm is a self-contained program that is able to spread functional
---------------------- copies of itself or its systems to other computer systems. Unlike viruses, worms
do not attach themselves to a last program.
----------------------
The first worms were actually designed to do good rather than harm to
---------------------- computers and computer networks. First worm was developed for assistance
as a traffic controller when the controls of a plane moved from one computer
----------------------
to another. This worm named ‘creeper’ would travel from one computer screen
---------------------- to another sharing the message I’m creeper! Catch me ‘if you can!’ Another
worm was ‘town crier’ whose job was only to post announcements on all the
---------------------- computers of the network. Although these worms were apparently helpful, they
had some internet destructive capabilities such as the internet worm in 1998
----------------------
clogged all the machines on the network called ‘ARPANET’. All the machines
---------------------- on the network were disabled as the worm made copies of itself which resulted
in clogging the machines.
----------------------
Trojan
---------------------- Similar to the wooden horse from Greek mythology, a Trojan horse
---------------------- program pretends to do one thing while actually doing something completely
different. Most Trojan are used for malicious purposes, to irritate, scare people
---------------------- or harm computers. Password Trojan searches the victim’s computer for
passwords and then sends them to the attacker or the author of the Trojan. Key
---------------------- logger Trojans are very simple. They log all of the victim’s keystrokes on the
---------------------- keyboard and then either save them on a file or e-mail them to the attacker once
in a while. Key loggers usually don’t take much disk space and can masquerade
---------------------- as important utilities, thus making them very hard to detect. Destructive Trojans
can destroy the victim’s entire hard drive, encrypt or just scramble important
---------------------- files. Some might seem like joke programs, while they are actually destroying
---------------------- every file they encounter to pieces.
This clause takes into account all attempts made to introduce or successful
---------------------- introduction of any computer contaminant or virus into a computer, computer
---------------------- systems or computer network. By such an act, the damage that may be caused
can be much more than the compensation of Rs. 1 crore that has been provided
---------------------- for under the Act.

“Section 43(d) – damages or causes to be damaged any computer, Notes
computer system or computer network, data, computer database or any other
programmes residing in such computer, computer system or computer network.” ----------------------
Attempts made to damage a computer, computer system or computer ----------------------
network or damages caused to a computer, computer system or computer
network data, computer database or any other program residing in such ----------------------
computer, computer system or computer network is covered under this clause.
----------------------
In addition to physical damage, it also includes damage caused to intangible
property such as data, database and software. Thus it includes damage to the ----------------------
hardware and/or software either done physically or through a virtual medium.
----------------------
Illustrations of damage to computers
----------------------
1. Prabhakarna spills coffee on the keyboard/practice causing physical
damage. ----------------------
2. Mr. Ganguly changes the internet configuration and settings of the ----------------------
computer.
3. Jaspreet Singh caused physical damage to the external parts of the ----------------------
computer. ----------------------
4. Mr. Bob changes the earlier hardware/software configuration by altering
----------------------
or rearranging the binary files through a remote connection.
5. Mr. Williams sends a virus of a computer. ----------------------
“Section 43(e) disrupts or causes disruption of any computer, computer ----------------------
system or computer network.”
----------------------
Disrupts means to interrupt the continuity or operation or bring disorder
in the operation or to break the operation of a computer, computer system or a ----------------------
computer network. Such disruptions may be caused by physical interventions
or virtual/remote interventions. When there is an unexpected deviation from ----------------------
the normal operation of a computer, computer system or computer network, ----------------------
it means that disruption is caused. Such deviations may cause a lot of damage
as the reliability and efficiency of the computer, computer system or computer ----------------------
network is affected injuriously.
----------------------
This clause covers attempts made to disrupt the successful operation of a
computer, computer system or computer network. ----------------------
Illustrations ----------------------
a. Mr. Paigude sends a worm on to a computer causing the computer
----------------------
operation to slow down.
b. Mr. Mahajan tampers with the network cables causing physical damage ----------------------
to a few cable due to which connectivity between the computers in the
----------------------
network is lost.
c. Mr. Chaudhary without authority installs a program on the computer ----------------------
which takes periodical back ups of all the data without user intervention. ----------------------

Notes This clause should be read along with clause (c) and clause (d) any act
covered under those clauses may also be one of the reasons of disruption.
----------------------
“43(f) denies or causes the denial of access to any person authorized to
---------------------- access any computer, computer system or computer network by any means.”
If any attempt is made to deny access, access is denied to a person
----------------------
authorized to access any computer, computer system or computer network. Such
---------------------- a person can claim compensation by virtue of this clause. Denial of access can
be physical or virtual. If any person is deemed physical access to a computer,
---------------------- computer system or computer network by blocking his path or not making
available keys of the room where the computer is kept etc., such acts shall
----------------------
amount to a violation under this clause. Further, if access is denied by changing
---------------------- password or access code etc., such an act shall also amount to a violation under
the said clause.
----------------------
One of the objectives of this clause was to prevent the occurrence of
---------------------- ‘Denial of Service attacks or DOS attacks. Such attacks block the authorized
users from using a website. With the widespread use of e-commerce websites
---------------------- and related activities, such a clause is very important and critical to protect the
website owners from such particular attacks that will cripple their e-commerce
----------------------
activity.
---------------------- In a typical DOS attack; the attacker will flood the website/network with
---------------------- overwhelming number of requests or traffics more than the website or network
is programmed to handle; causing the website on network to crash or otherwise
---------------------- become unstable. Such attacks block the users from using the websites. Popular
websites such as Ebay, Amazon, Yahoo and CNN have been victims of DOS
---------------------- attacks in the past. Such attacks are also popularly known as the “ping of death”.
---------------------- “Section 43(g) – provides any assistance to any person to facilitate access
to a computer, computer system or computer network in contravention of the
---------------------- provisions of this Act, rules or regulations made thereunder.”
---------------------- With this section, an abettor or the one who helps or assists a person doing
any of acts specified under Section 43 of this Act shall also be liable in the same
---------------------- way the person to whom he provided assistance is liable. Such an abettor shall
---------------------- also be liable to pay compensation to the aggrieved person.
“Section 43(h) – charges the services availed of by a person to the account
----------------------
of another person by tampering with or manipulating any computer, computer
---------------------- system or computer network.”
The purpose or the object is to safeguard the rights of an internet account
----------------------
holder against another person. Theft of internet hours was becoming a common
---------------------- phenomenon and due to the lack of specific legislation to counter such acts, this
act of theft was going unpunished.
----------------------
Theft as defined under IPC has the following five essential ingredients -
---------------------- 1. Dishonest intention to take property.
---------------------- 2. Property should be taken out of the possession of the person or owner.

3. It should be taken without consent of the owner. Notes
4. The property must be movable property.
----------------------
As internet time is not movable property as per definition, S 378 of IPC
has no applicability to acts of internet time theft. Due to this enabling section ----------------------
under IT Act, 2000 the aggrieved person can claim compensation for instances
----------------------
of internet time theft.
“Section 43(i) – destroys, deletes or alters any information residing in a ----------------------
computer resource or diminishes its value or utility or affects it injuriously by
----------------------
any means.”
Sub clause (i) to Section 43 of the Information Technology Act, 2000 ----------------------
has been added by the Amendment in 2008. Earlier the same provision was ----------------------
there in Chapter XI which comprises of various Cyber Offences. The same
provision was connoted as “Hacking” under Section 66. But now for giving the ----------------------
comprehensive outlook and including most of the wrongs and creating liability
the Amendment was made in 2008. ----------------------
If any person destroys, deletes or alters any information residing in a ----------------------

computer resource without the permission of the owner or person in charge of
the computer, he is liable to pay compensation to the person so aggrieved. Even ----------------------
if any person has diminished the value of the information or affected its utility ----------------------
adversely by any physical or by virtual means he is liable to pay compensation
to the victim. ----------------------
Under Section 425 of the Indian Penal Code, 1860 similar kind of ----------------------
provision is present which talks about the offence of “Mischief”. That is why
most of the times Hacking is defined as “Electronic Mischief”. Section 43(i) has ----------------------
given a magical strength to the law on the point. It includes almost every single
act which damages the information or data residing in the computer. The word ----------------------
“by any means” are so wide under the said subsection that it almost includes ----------------------
every single act because of which the diminishing the value or utility of the
information residing in the computer resource is possible. ----------------------
Cases filed under section 66 of the IT Act, 2000. ----------------------
1. Techie’s remand extended over $13m crime
----------------------
One software engineer Anjali Sharma was arrested for allegedly leaking
confidential information and source code of a leading software company ----------------------
to her husband and others. She was produced in the court after her day’s ----------------------
police custody expired and the same was extended by the hon’ble court
by 4 days. The same was extended as the public prosecutor told the court ----------------------
that the custodial interrogation of the engineer was required as she had
transferred vital data of the software company via e-mail to her husband, ----------------------
who is also a software engineer, and others. The public prosecutor stated ----------------------
that the company had suffered losses to the tune of US $13 million
following the leakage of confidential information and sought more time ----------------------
for the police to find out how Sharma transferred the data to various IT
firms and individuals. Sharma was an employee of the leading software ----------------------

Notes development company and was working on the project as a developer.
Sharma who had resigned from the firm, had transferred vital data of the
---------------------- company and source code to her husband and others. The firm registered
a complaint against her as the firm feared that Sharma’s action is likely to
---------------------- diminish the value of the company’s software.
---------------------- 2. Vice-Principal’s e-mail hacked
---------------------- A reader and vice-principal has fallen victim to internet fraud, commonly
called as phishing. Her e-mail ID was hacked and several mails were
---------------------- forwarded to her friends and relatives seeking financial help. She
approached the cyber crime cell complaining about false mails being sent
----------------------
to her relatives and friends asking for financial aid. “The mail mentioned
---------------------- that my health is in bad shape and that I require finance for medical
treatment,” she said. The matter came to light after a relative of hers called
---------------------- to inquire about her health on reading the mail. The police further said her
mail ID was hacked and password was changed subsequently. Later, the
----------------------
suspect sent an array of mails to the complainant’s relatives and friends to
---------------------- earn money. A complaint is registered u/s 65 of the IT Act, 2000.
“Section 43(j) – steals, conceals, destroys or alters or causes any person
----------------------
to steal, conceal, destroy or alter any computer source code used for a computer
---------------------- resource with an intention to cause damage.”
---------------------- Section 43(j) also an outcome of the Amendment of The Information

Technology Act in 2008. The earlier Act was criticized a lot for not having the
---------------------- basic contravention or an offence for the punishment of data theft. Data theft or
information theft is a very common offence in relation to computers. It is not
---------------------- always in relation to physical attributes of the data or information to be stolen,
---------------------- concealed or destroyed being a moveable property, but more than that is the
value of the data or information in relation the content that matters.
---------------------- Data security and data protection has been assured under this provision.
---------------------- The Information Technology Act, 2000 was criticized on the point that there is
no penal provision against data theft in it. The Amendment in 2008 has provided
---------------------- the utmost necessary change. Not only stealing, concealing, destroying but
altering the data is also a contravention under this Section. Every attempt has
---------------------- been made under the Act to take care of every single act that might be harmful
---------------------- to the data.
In addition to the offences enumerated hereinabove, the Act also lays
---------------------- down penalty for such persons who have failed to do the compliances as laid
---------------------- down under the Act. Under the provisions of this Act, a subscriber in order to
obtain a Digital Signature Certificate from a Certifying Authority, or a Certifying
---------------------- Authority in order to obtain a license from a Controller have to comply with
certain formalities laid down under the Act and the rules made thereunder. This
---------------------- involves submission of statements, reports, documents, returns etc. by which
---------------------- the authority to which they are submitted can assess and verify the eligibility
and capabilities of the applicant. Such provisions are mandatory in nature and
---------------------- the applicant is duty bound to furnish all the required particulars in a time bound

manner. Further, the Certifying Authorities and Controllers are duty bound to Notes
maintain books of accounts and records as per the provisions of the Act.
----------------------
The duties and responsibilities of the Subscriber, Certifying Authority and
Controller are made mandatory by Section 44 of the said Act and this section ----------------------
lays down the penalties to be imposed on the Subscriber, Certifying Authority
or the Controller if they fail to perform their duties and obligations as prescribed ----------------------
under the Act.
----------------------
●● If any person fails to furnish any document, return or report to the
Controller or the Certifying Authority as per the provisions of the IT Act, ----------------------
2000 or rules and regulations made thereunder, then he shall be liable to
----------------------
a penalty not exceeding one lakh and fifty thousand rupees for each such
failure. ----------------------
●● If any person fails to file any return or furnish such information, books
----------------------
or other documents within the prescribed time limit as per the IT Act
2000 or rules and regulations made thereunder then he shall be liable to ----------------------
a penalty not exceeding five thousand rupees for every day during which
such failure continues. ----------------------
●● If any person fails to maintain books of accounts or records as required ----------------------
under the IT Act 2000 or rules and regulations made thereunder, then he
shall be liable to a penalty not exceeding ten thousand rupees for every ----------------------
day during which the failure continues.
----------------------
With a view to extend the scope of the Act to cover all possible acts which
cause damage to computer, computer system or computer network or all or any ----------------------
act which controls any rule or regulation made thereunder, a residuary penalty
clause in inserted in the Act which states that whoever contravenes any rules ----------------------
or regulations made under the Act, and if no penalty has been provided for it ----------------------
expressly in the Act, then under such circumstances the person shall be liable
to pay a compensation not exceeding twenty five thousand rupees to the person ----------------------
affected by such contravention or a penalty not exceeding twenty five thousand
rupees. ----------------------
----------------------
4.2 POWER TO ADJUDICATE
----------------------
As per Section 46(1) of the Information Technology Act 2000, the Central
Government has powers to appoint any officer not below the rank of a Director ----------------------
to the Government of India or an equivalent officer of a State Government to ----------------------
be an adjudicating officer for holding an inquiry in the manner prescribed by
the Central Government for the purpose of adjudging whether any person has ----------------------
committed a contravention of any of the Provisions of this Act or of any rule,
regulation, direction or order made thereunder. ----------------------
The adjudicating officer is bound to follow the procedure laid down by ----------------------
the Central Government in conducting the inquiry and shall give a reasonable
opportunity to the person for making representation in the matter. The ----------------------
principles of natural justice are to be followed by the adjudicating officer. If ----------------------

Notes after conducting the inquiry in the manner prescribed, the adjudicating officer
is satisfied that the person has committed the contravention, he may impose
---------------------- such penalty or award such compensation as he thinks fit in accordance with the
provisions of that section.
----------------------
If the Adjudicating Officer does not follow the prescribed procedure in
---------------------- conducting the inquiry or does not follow the principles of natural justice and
denies the person against whom allegations are made, a fair chance of being
----------------------
heard and put up his case, then in such cases the order passed by the Adjudicating
---------------------- Officer will be liable to be set aside.
Minimum qualifications to become an adjudicating officer are prescribed
----------------------
by the Central Government and no person shall be appointed as an adjudicating
---------------------- officer unless he possesses such experience in the field of Information
Technology and legal or judicial experience as may be prescribed by the Central
---------------------- Government.
---------------------- Where more than one adjudicating officers are appointed, the Central
Government shall specify by order the matters and places with respect to which
---------------------- such officers shall exercise their jurisdiction.
---------------------- Every Adjudicating Officer shall have the powers of a Civil Court which
are conferred on the Cyber Appellate Tribunal under sub-section (2) of section
---------------------- 58 which are namely powers as are vested in the Civil Court under the Code of
Civil Procedure, 1908 (5 of 1908), while trying a suit such as –
----------------------
a) Summoning and enforcing the attendance of any person and examining
---------------------- him on oath.
---------------------- b) Requiring the discovery and production of documents or other electronic
records.
----------------------
c) Receiving evidence on affidavits.
---------------------- d) Issuing commissions for the examination of witnesses or documents.
---------------------- e) Reviewing its decisions.
---------------------- f) Dismissing an application for default or deciding it ex parte.
g) Any other matter which may be prescribed.
----------------------
Further all proceedings before the adjudicating officer shall be deemed
---------------------- to be judicial proceedings within the meaning of sections 193 and 228 of the
Indian Penal Code (45 of 1860); and the Adjudicating Officer shall be deemed
----------------------
to be a Civil Court for the purposes of section 345 and 346 of the Code of
---------------------- Criminal Procedure, 1973 (2 of 1974).
Factors to be taken into account by the Adjudicating Officer
----------------------
While deciding the quantum of compensation to be awarded to the
---------------------- aggrieved person, the adjudicating officer shall take into consideration the
---------------------- following factors, namely:
a. the amount of gain of unfair advantage, wherever quantifiable, made as a
---------------------- result of the default;

b. the amount of loss caused to any person as a result of the default; Notes
c. the repetitive nature of the default.
----------------------
Activity 1 ----------------------
----------------------
Preeti sends an e-mail to her friend Rohit. Rohit opens the e-mail and his
computer is infected by a virus, which has come through Preeti’s e-mail. ----------------------
Can he claim compensation from Preeti?
----------------------
4.3 CYBER APPELLATE TRIBUNAL ----------------------
----------------------
All orders passed by the Adjudicating Officer appointed under the Act are
appealable to the Cyber Appellate Tribunal established under the Act. ----------------------
The Central Government shall, by notification, establish one or more
----------------------
appellate tribunals to be known as the Cyber Appellate Tribunal. The Central
Government shall also specify, in the notification referred to in sub-section (1), ----------------------
the matters and places in relation to which the Cyber Appellate Tribunal may
exercise jurisdiction. ----------------------
Composition of Cyber Appellate Tribunal ----------------------
The Cyber Appellate Tribunal shall consist of a Chairperson and ----------------------
such number of members as the Central Government may appoint with the
notification in the official gazette. Before the Amendment in 2008 the head ----------------------
of Cyber Appellate Tribunal was called the Presiding Officer now after the
Amendment the designation of the head is Chairperson. ----------------------
Qualifications for appointment as Chairperson of the Cyber Appellate ----------------------

Tribunal
----------------------
A person shall not be appointed as Chairperson of Cyber Appellate
Tribunal unless he is or has been or is qualified to be a judge of a High ----------------------
Court. The members of the Cyber Appellate Tribunal shall be appointed by
----------------------
the Central Government from amongst the persons having knowledge of,
and professional experience in information technology, telecommunication, ----------------------
industry, management or consumer affairs.
----------------------
Term of Office
The Chairperson of a Cyber Appellate Tribunal shall hold office for a ----------------------
term of five years from the date on which he enters upon his office or until he ----------------------
attains the age of sixty-five years, whichever is earlier.
Salary, Allowances and Other Terms and Conditions of Service of ----------------------
Chairperson ----------------------
The salary and allowances payable to and the other terms and conditions
of service including pension, gratuity and other retirement benefits of the ----------------------
Chairperson of a Cyber Appellate Tribunal shall be such as may be prescribed; ----------------------

Notes Provided that neither the salary and allowances nor the other terms and
conditions of service of the Chairpersons shall be varied to his disadvantage
---------------------- after appointment.
---------------------- Filling Up of Vacancies
If, for reason other than temporary absence, any vacancy occurs in the
----------------------
office of the Chairperson of a Cyber Appellate Tribunal, then the Central
---------------------- Government shall appoint another person in accordance with the provisions
of this Act to fill the vacancy and the proceedings may be continued before the
---------------------- Cyber Appellate Tribunal from the stage at which the vacancy is filled.
---------------------- Resignation and Removal
---------------------- The Chairperson of a Cyber Appellate Tribunal may by notice in writing

under his hand addressed to the Central Government resign his office;
---------------------- Provided that the said Chairperson shall, unless he is permitted by the
---------------------- Central Government to relinquish his office sooner, continue to hold office until
the expiry of three months from the date of receipt of such notice or until a
---------------------- person duly appointed as his successor enters upon his office or until the expiry
of his term of office, whichever is the earliest.
----------------------
The Chairperson of a Cyber Appellate Tribunal shall not be removed
---------------------- from his office except by an order by the Central Government on the ground
of proved misbehaviour or incapacity after an inquiry made by a Judge of the
---------------------- Supreme Court in which the Chairperson concerned has been informed of
---------------------- the charges against him and given a reasonable opportunity of being heard in
respect of these charges.
----------------------
The Central Government may, by rules, regulate the procedure for the
---------------------- investigation of misbehaviour or incapacity of the aforesaid Chairperson.
Orders constituting Appellate Tribunal to be final and not to invalidate its
----------------------
proceedings
---------------------- No order of the Central Government appointing any person as the
---------------------- Chairperson of a Cyber Appellate Tribunal shall be called in question in any
manner and no act or proceeding before a Cyber Appellate Tribunal shall be
---------------------- called in question in any manner on the ground merely of any defect in the
constitution of a Cyber Appellate Tribunal.
----------------------
Staff of the Cyber Appellate Tribunal
---------------------- The Central Government shall provide the Cyber Appellate Tribunal with
---------------------- such officers and employees as that Government may think fit.
The officers and employees of the Cyber Appellate Tribunal shall
----------------------
discharge their functions under general superintendence of the Chairperson.
---------------------- The salaries, allowances and other conditions of service of the officers and
employees of the Cyber Appellate Tribunal shall be such as may be prescribed
----------------------
by the Central Government.
----------------------

Notes
----------------------
1. Before the Amendment in 2008, the head of Cyber Appellate Tribunal
----------------------
was called the_________________.
----------------------
4.4 APPEAL TO CYBER APPELLATE TRIBUNAL ----------------------
A person aggrieved by an order made by the Controller or an Adjudicating ----------------------

Officer under the Information Technology Act 2000 may prefer an appeal to the
----------------------
Cyber Appellate Tribunal having jurisdiction in the matter.
However, if the order is passed by an Adjudicating Officer with the ----------------------
consent of the parties, then no appeal shall lie to the Cyber Appellate Tribunal. ----------------------
The period of limitation for filing the appeal prescribed under the
Information Technology Act, 2000 is 45 days and hence every appeal is required ----------------------
to be filed within a period of forty five days from the date on which a copy of ----------------------
the order made by the Controller or the Adjudicating Officer is received by the
person aggrieved. The appeal shall be in such form and be accompanied by such ----------------------
fees as may be prescribed.
----------------------
If an appeal is filed beyond the prescribed period of limitation, then it has
to be filed along with an application for condonation of delay. The Appellate ----------------------
Tribunal may condone the delay if it is satisfied that there was sufficient reason
that prevented filing of the appeal within the prescribed time limit. ----------------------
On receipt of an appeal, the Cyber Appellate Tribunal may, after giving ----------------------
the parties to the appeal an opportunity of being heard, pass such orders thereon
----------------------
as it thinks fit, confirming, modifying or setting aside the order appealed against.
The Cyber Appellate Tribunal shall send a copy of every order made by ----------------------
it to the parties to the appeal and to the concerned Controller or Adjudicating
----------------------
Officer.
The appeal filed before the Cyber Appellate Tribunal is to be dealt with ----------------------
by it as expeditiously as possible and endeavour shall be made by it to dispose
----------------------
off the appeal finally within six months from the date of receipt of the appeal.
Procedure and Powers of the Cyber Appellate Tribunal ----------------------
The Cyber Appellate Tribunal shall not be bound by the procedure laid ----------------------
down by the Code of Civil Procedure, 1908 (5 of 1908), but shall be guided by
the principles of natural justice and, subject to the other provisions of this Act ----------------------
and of any rules, the Cyber Appellate Tribunal shall have powers to regulate its ----------------------
own procedure including the place at which it shall have its sittings.
----------------------
The Cyber Appellate Tribunal shall have, for the purposes of discharging
its functions under this Act, the same powers as are vested in Civil Court under ----------------------

Notes the Code of Civil Procedure, 1908 (5 of 1908), while trying a suit, in respect of
the following matters, namely:
----------------------
a) Summoning and enforcing the attendance of any person and examining
---------------------- him on oath.
b) Requiring the discovery and production of documents or other electronic
----------------------
records.
---------------------- c) Receiving evidence on affidavits.
---------------------- d) Issuing commissions for the examination of witnesses or documents.
---------------------- e) Reviewing its decisions.

f) Dismissing an application for default or deciding it ex parte.
----------------------
g) Any other matter which may be prescribed.
----------------------
Right to Legal Representation
---------------------- The Appellant may either appear in person or authorize one or more legal
---------------------- practitioners or any of its officers to present his or its case before the Cyber
Appellate Tribunal.
---------------------- Limitation
---------------------- The provisions of the Limitation Act, 1963 (36 of 1963), shall, as far as
may be, apply to an appeal made to the Cyber Appellate Tribunal.
----------------------
Jurisdiction of the Civil Court is expressly barred
----------------------
No court shall have jurisdiction to entertain any suit or proceedings in
---------------------- respect of any matter which an adjudicating officer appointed under the Act
or the Cyber Appellate Tribunal constituted under this Act is empowered to
---------------------- determine.
---------------------- Further no injunction shall be granted by any court or other authority in
respect of any action taken or to be taken in pursuance of any power conferred
---------------------- by or under the Act.
---------------------- Thus the Adjudicating Officer and the Controller have exclusive
jurisdiction in respect of the matters prescribed under the Act and there cannot
---------------------- be any interference with its powers from the Civil Courts.
---------------------- Appeal to the High Court
---------------------- Any person aggrieved by any decision or order of the Cyber Appellate
Tribunal may file an appeal to the High Court within 60 days from the date of
---------------------- communication of the decision or order of the Cyber Appellate Tribunal to him
on any question of law or fact arising out of such order.
----------------------
If the appeal is filed beyond the prescribed time limit of 60 days, the High
---------------------- Court in its discretion may allow filing of such appeal if it thinks that there was
sufficient reasons which prevented the person from filing the said appeal within
----------------------
the prescribed time limit.
----------------------

Compounding of Contraventions Notes
Any contravention mentioned hereinabove, either before or after the
----------------------
institution of adjudication proceedings be compounded by the adjudicating
officer or the Controller or any other officer authorized by the controller subject ----------------------
to such conditions that the adjudicating officer or the Controller may deem fit.
----------------------
However, the amount of compensation fixed by the adjudicating officer
or the Controller while compounding any contravention shall not exceed ----------------------
the maximum amount of penalty that is prescribed under the Act for that
contravention. ----------------------
Further, the adjudicating officer or the Controller cannot compound any ----------------------
contravention if the same or similar contravention has been committed by the
same person within a period of 3 years prior to the date of commitment of the ----------------------
contravention.
----------------------
Recovery of Penalty
----------------------
Any penalty imposed under the Act, if not paid, shall be recovered as
arrears of land revenue. ----------------------
----------------------
----------------------
1. Any order, even if passed with consent of the parties is appealable in
----------------------
the Cyber Appellate Tribunal.
2. The limitation period for filing the appeal under IT Act is 30 day. ----------------------
3. Powers vested in the Cyber Appellate Tribunal are same as the Civil ----------------------
Courts under the Code of Civil Procedure.
----------------------
4. The Adjudicating Officer and the Controller have exclusive jurisdiction
in respect of the matters prescribed under the Act and there cannot be ----------------------
any interference with its power from the Civil Courts.
----------------------
----------------------
Summary
----------------------
●● The new and advanced computer technology increased the efficiency of
people at work and ensured more accurate and timely results but at the ----------------------
same time this new technology gave rise to peculiar issues and offences
which were unknown earlier. Threats of virus, trojans and worms, the ----------------------
Denial of Service attacks that could cripple websites in a fraction of a
----------------------
second and internet time thefts are some of the challenges that one requires
to face as a trade off for using better and advanced technology. Thus a ----------------------
need was felt not only to address these issues and penalize the offender
but at the same time establish a machinery who is specially equipped to ----------------------
handle such issues effectively and in a time-bound manner.
----------------------

Notes ●● Section 43 of the Information Technology Act, 2000 elaborately addresses
the threats the computer, computer systems and computers networks are
---------------------- exposed to and prescribed the maximum amount of compensation that
could be awarded to the aggrieved person in case of a contravention as
---------------------- detailed in the section.
---------------------- ●● The Act has also established a three-tier machinery that is equipped to
adjudicate peculiar issues arising out of computer related transactions as
---------------------- detailed under this unit.
---------------------- ●● Any contravention under this unit can be adjudicated by the adjudicating
officer or the controller. These authorities are bound by procedures laid
---------------------- down under the act and also have to follow principles of natural justice
---------------------- while conducting an enquiry. An appeal against the order passed by the
adjudicating officer or the controller lies to the Cyber Appellate Tribunal
---------------------- while an appeal against the order passed by the Cyber Appellate Tribunal
shall lie to the High Court within a prescribed time limit.
----------------------
●● The jurisdiction of the civil court is ousted.
----------------------
----------------------
Keywords
---------------------- ●● Access: Gaining entry into, instructing or communicating with the logical,
arithmetical or memory function resources of a computer, computer
---------------------- system or computer network.
---------------------- ●● Damage: To destroy, alter, delete, add, modify or rearrange any computer
resource by any means.
---------------------- ●● OSI: Open System Interconnection.
---------------------- ●● TEMPEST: Transient Electromagnetic Pulse Emanation Standard.
●● Phishing: Webpage spoofing.
----------------------
●● Copy: Storing, saving or making an exact replica of a file (data) on
---------------------- the same storage medium or some other removable storage medium or
internal computer memory.
----------------------
●● Extract: To take out or derive a part or some contents from a data or a
---------------------- file.
---------------------- ●● Computer Contaminant: Virus, Trojan, Worm, Cookie, etc.
●● DOS: Denial of Service
----------------------
---------------------- Self-Assessment Questions

---------------------- 1. Describe in detail any 3 offences in respect of damage to computers.
---------------------- 2. Which Authority under the Act has the powers to adjudicate contravention
of any of the provisions under this unit? What is the scope and ambit of its
---------------------- powers?
---------------------- 3. Is internet time theft an offence? Elaborate.

4. Describe 2 common tools used for unauthorized access. Notes
5. What are worms? How are they different from virus?
----------------------
6. What is a “ping of death” attack?
----------------------
7. What is the constitution of a Cyber Appellate Tribunal? What are its
powers? ----------------------
8. Can a Civil Court grant an injunctive relief against any of the actions ----------------------
taken or proposed to be taken by the adjudicating officer? Discuss.
9. Who has the power of compounding contraventions under the Act. What ----------------------
is the procedure? ----------------------
10. Define
----------------------
a. Data
----------------------
b. Database
c. Information ----------------------
d. Access ----------------------
e. Computer contaminant ----------------------
----------------------
Answers to Check your Progress ----------------------
Fill in the blanks.
----------------------
1. Before the Amendment in 2008, the head of Cyber Appellate Tribunal
was called the Presiding Officer. ----------------------
----------------------
----------------------
----------------------
1. False
2. False ----------------------
3. True ----------------------
4. True ----------------------
----------------------
1. Mittal, D.P. Law of Information Technology ----------------------

2. Vishwananthan, S.T. The Indian Cyber Law and Rules. ----------------------
----------------------

Notes
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------

Miscellaneous Provisions of IT Act, 2000
UNIT
5
Structure:
5.1 Powers of the Police Officer under the Act

5.2 Provisions relating to Electronic Cheques and Truncated Cheques
5.3 Controller, Deputy Controller and Assistant Controllers to be Public
Servants
5.4 Offences by Companies
5.5 Power to make Rules
5.6 Amendments to Existing Laws
Summary
Keywords
Suggested Reading
Miscellaneous Provisions of IT Act, 2000 75

Notes
Objectives
----------------------
• Explain the special powers conferred on police officers under the act
----------------------
• Discuss the power vested in the central government to make rules to
---------------------- supplement the legislation
---------------------- • Describe the procedure to be followed in case the offences are
committed by companies
----------------------
----------------------
5.1 POWERS OF THE POLICE OFFICER UNDER THE ACT
----------------------
Investigation means and includes the procedure laid down under Criminal
---------------------- Procedure Code of India (CrPC) for collection of evidence in respect of the
---------------------- crime by a police officer or by any person authorized by the magistrate in this
behalf.
---------------------- Investigation includes gathering of all types of evidence including oral,
---------------------- documentary and electronic evidence and includes proceeding to the spot where
crime took place, making of panchnama, taking statements, search and arrest
---------------------- of the accused, take custodial interrogation of the accused, seize and seal crime
instruments.
----------------------
Procedure for investigation of any offence is laid down under the CrPC.
---------------------- But as per Section 4 of CrPC, all offences under any other law i.e. other than
Indian Penal Code (IPC) shall also be investigated, inquired into, tried and
---------------------- otherwise dealt with according to the provisions of CrPC, if there is no special
---------------------- enactment regulating the manner or place of investigation. Which means if
there is any special enactment regulating the manner or place of investigation,
---------------------- then those rules will prevail over CrPC.
---------------------- Even Information Technology Act incorporates a section which enables
the Act to have an overriding effect which means that the provisions of this Act
---------------------- shall have effect even if there is anything inconsistent therewith contained in
any other law for the time being in force including CrPC.
----------------------
The Information Technology Act, 2000 states that notwithstanding
---------------------- anything contained in the Code of Criminal Procedure, 1973 (2 of 1974), any
police officer, not below the rank of a Deputy Superintendent of Police, or any
----------------------
other officer of the Central Government or a State Government authorized by
---------------------- the Central Government in this behalf may enter any public place and search and
arrest without warrant any person found therein who is reasonably suspected of
---------------------- having committed or of committing or of being about to commit any offence
under this Act.
----------------------
The expression “public place” has been defined under the Act to include
---------------------- any public conveyance, any hotel, any shop or any other place intended for

use by, or accessible to the public. This provision under the IT Act, 2000 is a Notes
departure from the provisions contained in CrPC in respect of investigation.
----------------------
As per CrPC, an offence is classified as cognizable or non-cognizable.
A “Cognizable offence” means an offence for which a police officer may in ----------------------
accordance with the first schedule or under any other law for the time being in
force, arrest without warrant. A “Non-cognizable” means an offence for which ----------------------
a police officer has no authority to arrest without warrant.
----------------------
An offence is classified as Cognizable or Non-cognizable and bailable
or non-bailable in the First Schedule of CrPC. The Second Schedule of CrPC ----------------------
provides for a classification of offences against – other laws. In this schedule,
----------------------
an offence if punishable with imprisonment for three years and upwards but not
more than 7 years, such offence is classified as cognizable and non-bailable and ----------------------
in such cases the police can arrest without a warrant.
----------------------
But since the IT Act, 2000 has an overriding effect over provisions of
CrPc and by the virtue of S 80 of the said Act, any police officer not below ----------------------
the rank of a Deputy Superintendent of Police may enter any public place and
search and arrest without warrant any person found therein who is reasonably ----------------------
suspected of having committed or of committing or of being about to commit ----------------------
any offence under this Act even if the offence is not “Cognizable” as defined
under the Act. ----------------------
Thus the powers of the police under the said Act are very vast and need to ----------------------
be exercised judiciously and carefully taking into the consideration the nature
and seriousness of the offence. ----------------------
As in the case reported in AIR 1981 SC 368 between State of Gujarat and ----------------------
another vs. Lalsingh Kishansingh under the Bombay Prevention of Gambling
Act (4 of 1887) it was held that; as the commissioner of Police who is competent ----------------------
to direct by issuing special warrant or general order under S 6(1) (i), another
police officer of the requisite rank to arrest persons found gambling or present ----------------------
in the gambling house, can also arrest personally the offender concerned, ----------------------
there is no escape from the conclusion that the offences under S 4 and S 5 are
cognizable. Such offences are admittedly bailable. It follows as a necessary ----------------------
corollary therefrom, that the commissioner of police or the police officer who
is authorized by him to search, arrest and investigate such offences, is under a ----------------------
legal obligation to release the accused on bail under the provisions of S 496 or ----------------------
CrPC. The authority to grant bail to the person arrested in execution of such a
warrant is derived by the officer arresting, from the statute and consequently, no ----------------------
executive instructions or administrative rules can abridge or run counter to the
statutory provisions of the CrPC. ----------------------
As per the said Act, where any person is arrested by an officer other than ----------------------
a police officer, such officer shall, without unnecessary delay, take or send the
----------------------
person arrested before a magistrate having jurisdiction in the case or before the
officer-in-charge of a police station. ----------------------
----------------------

Notes Procedure as laid down under provisions of the Code of Criminal
Procedure, 1973 (2 of 1974), are to be followed in case of any entry, search or
---------------------- arrest, made under the Act.
----------------------
5.2 PROVISIONS RELATING TO ELECTRONIC CHEQUES
---------------------- AND TRUNCATED CHEQUES
---------------------- The Negotiable Instruments Act, 1881 (26 of 1881) was amended in the
year 2002 to include the electronic cheque.
----------------------
An electronic cheque is a cheque in the electronic form. As per Section
---------------------- 6 of the Negotiable Instruments Act, an electronic cheque is a cheque which
contains the exact mirror image of a paper cheque and is generated, written and
---------------------- signed in a secure system ensuring the minimum safety standards with the use
---------------------- of a digital signature (with or without biometrics signature) and asymmetric
crypto system.
---------------------- As per Section 6 of the Negotiable Instruments Act, a truncation of cheque
---------------------- is when the physical movement of a cheque in writing is truncated by replacing
it with its electronic image. A cheque is scanned and the digital or the electronic
---------------------- image is transmitted in the clearing cycle instead of the physical cheque.
---------------------- By virtue of the amended Negotiable Instruments Act, 1881 (26 of
1881) and the provisions of IT Act 2000, an electronic cheque and a truncated
---------------------- cheque is treated at par with a paper based cheque and their inclusion in the
Act has facilitated electronic payments and electronic clearings. However,
----------------------
the provisions of the IT Act 2000 are not applicable to any other negotiable
---------------------- instrument as defined under the Negotiable Instruments Act, 1881 (26 of 1881)
such as promissory notes and bills of exchange.
----------------------
The provision under the Act reads as follows
---------------------- The provisions of the Act, for the time being in force, shall apply to,
---------------------- or in relation to electronic cheques and the truncated cheques subject to such
modifications and amendments as may be necessary for carrying out the
---------------------- purposes of the Negotiable Instruments Act, 1881 (26 of 1881) by the Central
Government, in consultation with the Reserve Bank of India, by notification in
---------------------- the Official Gazette.
---------------------- Every notification made by the Central Government under sub-section
(1) shall be laid, as soon as it may be after it is made, before each House of
---------------------- Parliament, while it is in session, for a total period of thirty days which may be
---------------------- comprised in one session or in two or more successive sessions, and if, before
the expiry of the session, immediately following the session or the successive
---------------------- sessions aforesaid, both Houses agree in making any modification in the
notification or both Houses agree that the notification should not be made, the
---------------------- notification shall thereafter have effect only in such modified form or be of no
---------------------- effect, as the case may be, so, however, that any such modification or annulment
shall be without prejudice to the validity of anything previously done under that
---------------------- notification.

Explanation - For the purposes of this Act, the expressions “electronic Notes
cheque” and “truncated cheque” shall have the same meaning as assigned to
them in section 6 of the Negotiable Instruments Act, 1881 (26 of 1881). ----------------------
----------------------
----------------------
1. The Negotiable Instruments Act, 1881 (26 of 1881) was amended in ----------------------
2002 to include the electronic bill of exchange.
2. The IT Act is not applicable to bill of exchange and promissory note. ----------------------
3. The electronic cheque contains the exact mirror image of a paper ----------------------
cheque and to secure minimum safety standards, digital signature is
----------------------
used.
----------------------
5.3 CONTROLLER, DEPUTY CONTROLLER AND ----------------------
ASSISTANT CONTROLLERS TO BE PUBLIC SERVANTS
----------------------
The Presiding Officer and other officers and employees of a Cyber
Appellate Tribunal, the Controller, the Deputy Controller and the Assistant ----------------------
Controllers shall be deemed to be public servants within the meaning of section
21 of the Indian Penal Code (45 of 1860). ----------------------
A distinction is made between the general public and certain classes of ----------------------
persons in the service and pay of the government, or exercising various public
functions, who are included in the word ‘public servant’. Public Servants in ----------------------
discharge of their duties have many privileges peculiar to themselves. ----------------------
In continuation of the privilege conferred on the Presiding Officer and
----------------------
other officers and employees of a Cyber Appellate Tribunal, the Controller, the
Deputy Controller and the Assistant Controllers appointed under the Act, the ----------------------
Act provides them with further protection against any suit, prosecution or other
legal proceeding to be filed against them for anything which is done in good ----------------------
faith or intended to be done in pursuance of this Act or any rule, regulation or
----------------------
order made thereunder.
----------------------
----------------------
1. The Presiding Officer and other officers and employees of a Cyber ----------------------
Appellate Tribunal are not public servants under section 21 of the
Indian Penal Code (45 of 1860). ----------------------
2. Public Servants in discharge of their duties have many privileges ----------------------
peculiar to themselves.
----------------------

Notes 5.4 OFFENCES BY COMPANIES
---------------------- Where a person committing a contravention of any of the provisions of
this Act or of any rule, direction or order made thereunder is a company, every
----------------------
person who, at the time the contravention was committed, was in charge of, and
---------------------- was responsible to, the company for the conduct of business of the company as
well as the company, shall be guilty of the contravention and shall be liable to
---------------------- be proceeded against and punished accordingly;
---------------------- Provided that nothing contained in this sub-section shall render any such
person liable to punishment if he proves that the contravention took place
---------------------- without his knowledge or that he exercised all due diligence to prevent such
---------------------- contravention.
Notwithstanding anything contained in sub-section (1), where a
---------------------- contravention of any of the provisions of this Act or of any rule, direction or
---------------------- order made thereunder has been committed by a company and it is proved
that the contravention has taken place with the consent or connivance of, or is
---------------------- attributable to any neglect on the part of, any director, manager, secretary or
other officer of the company. Such director, manager, secretary or other officer
---------------------- shall also be deemed to be guilty of the contravention and shall be liable to be
---------------------- proceeded against and punished accordingly.
Explanation - For the purposes of this section,
----------------------
(i) “Company” means any body corporate and includes a firm or other
---------------------- association of individuals, and
---------------------- (ii) “Director”, in relation to a firm, means a partner in the firm.
The following case laws illustrate the aforesaid proposition:
----------------------
1. N. Doraisamy vs. Archana Enterprises 1995 Cr. L.J 2306 9Mad)
----------------------
The prosecution proceedings against the person in-charge of and
---------------------- responsible to the company for the conduct of its business, or, the
persons, with whose consent or connivance of, or an act attributable to,
---------------------- or due to any neglect on their part, the offence had been committed, are
---------------------- maintainable irrespective of whether the company is prosecuted or not.
2. K.P.G. Nair vs. Jinbal Menthol India Ltd., 2002 S.C.C. (Cr) 1038
----------------------
A person other than company, in case of offence under section S 138 was
---------------------- committed by a company, can be proceeded against only if that person
was in-charge of and was responsible to the company for the conduct of
----------------------
his business.
---------------------- 3. Secunderabad Health Care Ltd. vs. Secunderabad Hospitals Pvt.
Ltd. (1999) 96 Comp Cas 106, 1998 Cr. L.J. 4521 (Aundh. Pra).
----------------------
What is required for holding a person vicariously liable for the offence is
---------------------- the actual role played by such person in the management committed by a
company and conduct of the business of the company. All such persons
----------------------
who are responsible in the management of the business of the company
and in charge of its business at the material time when the offence was Notes
committed by the company shall be deemed to be guilty of the offence.
----------------------
4. Anil Hada vs. Indian Acrylic Ltd. A.I.R. 2000 S.C. 145
Three categories of persons are brought within the purview of the penal ----------------------
liability through the legal fiction envisaged in S 14. They are: (1) the
----------------------
company which committed the offence, (2) everyone who was in charge
of and was responsible for the business of the company, and (3) any other ----------------------
person who is a director or a manager or a secretary or officer of the
company, with whose connivance or due to whose neglect the company ----------------------
has committed the offence.
----------------------
5. Anil Hada vs. Indian Acrylic Ltd. A.I.R. 2000 S.C. 145
----------------------
If the offence was committed by a company, it can be punished only if
the company is prosecuted. But instead of prosecuting the company, if ----------------------
a payee opts to prosecute only the persons falling within the second or
third category, the payee can succeed in the case only if he succeeds in ----------------------
showing that the offence was actually committed by the company. In such ----------------------
a prosecution, the accused can show that the company has not committed
the offence, though such company is not made an accused, and hence, ----------------------
the prosecuted accused is not liable to be punished. The provisions do
not contain a condition that prosecution of the company is sine quo non ----------------------
for prosecution of the other persons who fall within the second and the ----------------------
third categories mentioned above. No doubt, a finding that the offence
was committed by the company is sine qua non for convicting those ----------------------
other persons. But if a company is not prosecuted due to any legal snag
or otherwise, the other prosecuted persons cannot, on that score alone, ----------------------
escape from the penal liability created through the legal fiction envisaged ----------------------
on S 141 of the Act.
----------------------
1. Any company, which is guilty of the contravention of any of the ----------------------

provisions of this Act, shall be liable to be prosecuted against and
punished accordingly. ----------------------
2. If the accused person proves that the contravention took place without ----------------------
his knowledge or that he exercised all due diligence to prevent such
----------------------
contravention, he can escape liability under the Act.
3. All such persons, who are responsible in the management of the ----------------------
business of the company and in-charge of its business at the material
----------------------
time when the offence was committed by the company, shall be
deemed to be guilty of the offence. ----------------------
----------------------

Notes
Activity 1
----------------------
---------------------- Write a case comment on K.P.G. Nair v/s. Jainbal Menthol India Ltd.,
2002 S.C.C. (Cr) 1038.
----------------------
---------------------- 5.5 POWER TO MAKE RULES

---------------------- The Act provides for making of rules at three stages or levels as detailed
---------------------- herein below:
Power of Central Government to make rules
----------------------
The Central Government may, by notification in the Official Gazette and
---------------------- in the Electronic Gazette, make rules to carry out the provisions of this Act.
---------------------- In particular, and without prejudice to the generality of the foregoing
power, such rules may provide for all or any of the following matters, namely:
----------------------
(a) the manner in which any information or matter may be authenticated by
---------------------- means of digital signature under section 5;
---------------------- Rule 3 of the Information Technology (Certifying Authorities) Rules 2000

(b) the electronic form in which filing, issue, grant or payment shall be
---------------------- effected under sub-section (1) of section 6;
---------------------- No Rule as yet prescribed
---------------------- (c) the manner and format in which electronic records shall be filed, or issued
and the method of payment under sub-section (2) of section 6;
----------------------
No Rule as yet prescribed
---------------------- (d) the matters relating to the type of digital signature, manner and format in
---------------------- which it may be affixed under section 10;
Rules 4, 5 & 6 of the Information Technology (Certifying Authorities)
---------------------- Rules, 2000
---------------------- (e) the security procedure for the purpose of creating secure electronic record
and secure digital signature under section 16;
----------------------
Rules 4, 5 & 6 of the Information Technology (Certifying Authorities)
---------------------- Rules, 2000
---------------------- (f) the qualifications, experience and terms and conditions of service of
Controller, Deputy Controllers and Assistant Controllers under section 17;
----------------------
No Rule as yet prescribed
---------------------- (g) other standards to be observed by the Controller under clause (b) of sub-
---------------------- section (2) of section 20;
Rule 3 of the Information Technology (Other Standards) Rules, 2003
----------------------

(h) the requirements which an applicant must fulfil under sub-section (2) of Notes
section 21;
----------------------
Rules 8, 9, 10, 11, 19 & 20 of the Information Technology (Certifying
Authorities) Rules, 2000 ----------------------
(i) the period of validity of licence granted under clause (a) of sub-section
----------------------
(3) of section 21;
Rule 13 of the Information Technology (Certifying Authorities) Rules, ----------------------
2000
----------------------
(j) the form in which an application for licence may be made under sub-
section (1) of section 22; ----------------------

2000
----------------------
(k) the amount of fees payable under clauses C of sub-section (2) of section
22; ----------------------
2000
----------------------
(l) such other documents which shall accompany an application for licence
under clause (d) of sub-section (2) of section 22; ----------------------
2000
(m) the form and the fee for renewal of a licence and the fee payable thereof ----------------------
under section 23; ----------------------
Rules 8-13, & 15 of the Information Technology (Certifying Authorities)
Rules, 2000 ----------------------
(n) the form in which application for issue of a Digital Signature Certificate ----------------------
may be made under sub-section (1) of section 35;
----------------------
Rules 23 & 25 of the Information Technology (Certifying Authorities)
Rules, 2000 ----------------------
(o) the fee to be paid to the Certificate Authority for issue of a Digital ----------------------
Signature Certificate under sub-section (2) of section 35;
----------------------
Rule 30 of the Information Technology (Certifying Authorities) Rules, 2000
(p) the manner in which the adjudicating officer shall hold inquiry under sub- ----------------------
section (1) of section 46; ----------------------
Rules 4-12 of the Information Technology (Qualification and Experience
of Adjudicating Officers and Manner of Holding Enquiry) Rules, 2003 ----------------------
(q) the qualification and experience which the adjudication officer shall ----------------------
possess under sub-section (3) of section 46;
----------------------
Rule 3 of the Information Technology (Qualification and experience of
Adjudicating Officers and Manner of Holding Enquiry) Rules, 2003 ----------------------

Notes (r) the salary, allowances and the other terms and conditions of service of the
Presiding Officer under section 52;
----------------------
Rules 3-12 of the Cyber Regulations Appellate Tribunal (Salary,
---------------------- Allowances and other terms and conditions of service of Presiding
Officer) Rules, 2003
----------------------
(s) the procedure for investigation of misbehaviour or incapacity of the
---------------------- Presiding Officer under sub-section (3) of section 54;
Rules 3-7 of the Cyber Regulations Appellate Tribunal (Procedure for
----------------------
Investigation of Misbehaviour or Incapacity of Presiding Officer) Rules,
---------------------- 2003
---------------------- (t) the salary and allowances and other conditions of service of other officers
and employees under sub-section (3) of section 54;
---------------------- No Rule as yet prescribed
---------------------- (u) the form in which appeal may be filed and the fee thereof under sub-
section (3) of section 57;
----------------------
Rules 3-22 of the Cyber Regulations Appellate Tribunal (Procedure)
---------------------- Rules, 2000
---------------------- (v) any other power of a civil Court required to be prescribed under clause (g)
of sub-section (2) of section 58; and
----------------------
Rule 3 of the Information Technology (Other Powers of Civil Court vested
---------------------- in Cyber Appellate Tribunal) Rules, 2003
---------------------- (w) any other matter which is required to be, or may be, prescribed.
May be prescribed by Specific Rules, Orders, etc.
----------------------
Every notification made by the Central Government and every rule
---------------------- made by it shall be laid, as soon as may be after it is made, before each House
of Parliament, while it is in session, for a total period of thirty days which
----------------------
may be comprised in one session or in two or more successive sessions, and
---------------------- if, before the expiry of the session immediately following the session or the
successive sessions aforesaid, both Houses agree in making any modification in
---------------------- the notification or the rule or both Houses agree that the notification or the rule
should not be made, the notification or the rule shall thereafter have effect only
----------------------
in such modified form or be of no effect, as the case may be. So, however, that
---------------------- any such modification or annulment shall be without prejudice to the validity of
anything previously done under that notification or rule.
----------------------
The Central Government shall, as soon as may be after the commencement
---------------------- of this Act, constitute a Committee called the Cyber Regulations Advisory
Committee.
----------------------
The Cyber Regulations Advisory Committee shall consist of a Chairperson
---------------------- and such number of other official and non-official members representing the
interests principally affected or having special knowledge of the subject-matter
---------------------- as the Central Government may deem fit.

The Cyber Regulations Advisory Committee shall advise - Notes
(a) the Central Government either generally as regards any rules or for any
----------------------
other purpose connected with this Act;
(b) the Controller in framing the regulations under this Act. ----------------------
The section captures an intention that the committee would consist of ----------------------
industry experts who are expected to guide the Government and the Controller
regarding all aspects of the law. It is important to note that the section uses the ----------------------
words “representing the interests principally affected”. This is a clear indication
----------------------
that the framers of the Act envisaged that there would be industry representation
from those sections such as the IT industry, the Dot Com industry, the Lawyer ----------------------
community, etc.
----------------------
Power of Controller to Make Regulations
The Controller may, after consultation with the Cyber Regulations ----------------------
Advisory Committee and with the previous approval of the Central Government, ----------------------
by notification in the Official Gazette, make regulations consistent with this Act
and the rules made thereunder to carry out the purposes of this Act. ----------------------
In particular, and without prejudice to the generality of the foregoing ----------------------
power, such regulations may provide for all or any of the following matters,
namely: ----------------------
(a) the particulars relating to maintenance of database containing the ----------------------
disclosure record of every Certifying Authority under clause (m) of
section 18; ----------------------
No specific regulation has yet been framed ----------------------
(b) the conditions and restrictions subject to which the Controller may
----------------------
recognize any foreign Certifying Authority under sub-section (1) of
section 19; ----------------------
No specific regulation has yet been framed ----------------------
(c) the terms and conditions subject to which a licence may be granted under
clause (c) of sub-section (3) of section 21; ----------------------
Regulation 3 of the Information Technology (Certifying Authority) ----------------------

Regulations, 2001
----------------------
(d) other standards to be observed by a Certifying Authority under clause (d)
of section 30; ----------------------
Regulations 2001
----------------------
(e) the manner in which the Certifying Authority shall disclose the matters
specified in sub-section (1) of section 34; ----------------------
Regulations, 2001
----------------------

Notes (f) the particulars of statement which shall accompany an application under
sub-section (3) of section 35.
----------------------
The Central Government has issued instructions that every application
---------------------- for the issue of a Digital Signature Certificate shall not be required to be
accompanied by a certificate practice statement as required under S 35
---------------------- (3).
---------------------- (g) the manner in which the subscriber shall communicate the compromise
of private key to the Certifying Authority under sub-section (2) of section
---------------------- 42.
---------------------- In fact Rule 23 of the Information Technology (Certifying Authorities)
Rules, 2000 provides for a ‘Form for Application for Certificate’
---------------------- [Schedule-IV]
---------------------- Regulation 6 of the Information Technology (Certifying Authority)
Regulations, 2001
----------------------
(3) Every regulation made under this Act shall be laid, as soon as may be
---------------------- after it is made, before each House of Parliament, while it is in session,
for a total period of thirty days which may be comprised in one session or
---------------------- in two or more successive sessions, and if, before the expiry of the session
---------------------- immediately following the session or the successive sessions aforesaid,
both Houses agree in making any modification in the regulation or both
---------------------- Houses agree that the regulation should not be made, the regulation shall
thereafter have effect only in such modified form or be of no effect, as the
---------------------- case may be, so however, that any such modification or annulment shall
---------------------- be without prejudice to the validity of anything previously done under
that regulation.
---------------------- Power of State Government to make rules
---------------------- The State Government may, by notification in the Official Gazette, make
rules to carry out the provisions of this Act.
----------------------
In particular, and without prejudice to the generality of the foregoing
---------------------- power, such rules may provide for all or any of the following matters, namely:
---------------------- (a) the electronic form in which filling issue grant, receipt or payment shall
be effected under sub-section (1) of section 6:
----------------------
(b) for matters specified in sub-section (2) of section 6;
---------------------- (c) any other matter which is required to be provided by rules by the State
---------------------- Government.
Every rule made by the State Government under this section shall be laid,
----------------------
as soon as may be after it is made, before each House of the State Legislature
---------------------- where it consists of two Houses, or where such Legislature consists of one
House, before that House.
----------------------
----------------------

Notes
----------------------
Match the following. ----------------------
i. Procedure for authentication of digital signature a. Section 22 ----------------------
ii. Format for affixation of digital signature b. Section 5
iii. Period of validity for the license c. Section 30 ----------------------
iv. Amount of fees for the license d. Section 10 ----------------------
v. Salary and allowances for the presiding officer e. Section 21
vi. Other Standards observed by a certifying f. Section 52 ----------------------
authority ----------------------
----------------------
5.6 AMENDMENTS TO EXISTING LAWS
----------------------
1. Amendments made to The Indian Penal Code
----------------------
The definitions of the electronic record and the digital signature were
introduced by amending the Indian Penal Code, and all provisions ----------------------
applicable to documents were made applicable to electronic records and ----------------------
further all provisions applicable to signatures were made applicable to
digital signatures. Throughout the code, wherever the word document ----------------------
occurs, it is substituted with the word document or electronic record. This
----------------------
amendment ensured that the electronic record is treated at par with paper
based documents and the digital signature is a functional equivalent of a ----------------------
physical signature.
----------------------
The world electronic record as it appears in the said Act has the same
meaning as assigned to it in the Information Technology Act 2000. ----------------------
Electronic record means data, record or data generated, image or sound
----------------------
stored, received or sent in an electronic form or a micro film or computer
generated micro fiche. ----------------------
Further Section 464 which deals with making a false document has been ----------------------
amended and the following instances have been enumerated of making a
false document – ----------------------
1) a. Dishonestly or fraudulently making or transmitting any electronic ----------------------
record or part of any electronic record.
----------------------
b. Dishonestly or fraudulently affixing any digital signature on any
electronic record. ----------------------
c. Unauthorized affixation or transmission of any digital signature ----------------------
or electronic record by a person who dishonestly or fraudulently
intends to use it as evidence. ----------------------
----------------------

Notes 2) a. Dishonestly or fraudulently altering electronic record in any
material part after it has been affixed with digital signature without
---------------------- lawful authority after it has been made or executed by a person who
may be living or dead.
----------------------
3) a. Dishonestly or fraudulently causing any person to alter a document or
---------------------- an electronic record or to affix his digital signature on any electronic
record knowing that such person by reason of unsoundness of mind
----------------------
or intoxication cannot, or that by reason of deception practiced
---------------------- upon him, does not know the contents of electronic record or the
nature of the alternation.
----------------------
Further amendments have been made to sections in the Indian Penal code
---------------------- dealing with forging of documents, use of counterfeiting device or mark
used for authenticating document and also falsification of accounts.
----------------------
2. Amendments made to The Indian Evidence Act, 1872
---------------------- The Indian Evidence Act, has been amended to include the electronic
---------------------- record and digital signature.
The nature of digital evidence is such that it cannot be categorized as
---------------------- original and primary evidence and the definition of the word document cannot
---------------------- be made applicable to it.
As per the Indian Evidence Act, a document is any matter expressed or
---------------------- described upon any substance by means of letter, figures or marks or by more
---------------------- than one of those means, intended to be used, or which may be used for the
purpose of recording the matter. Thus writing is a document. An inscription on
---------------------- a metal plate is also a document.
---------------------- The contents of documents may be proved either by primary evidence
or by secondary evidence as per The Indian Evidence Act. Primary evidence
---------------------- means the document itself produced for the inspection of the court. Documents
must be proved by primary evidence. Secondary evidence of a document is
----------------------
admitted only under special circumstances as laid down under the Act.
---------------------- Due to the transient nature of electronic records, an electronic record
does not fall within the scope of the definition of a document and further it is
----------------------
difficult to ascertain which is the original electronic record as required by the
---------------------- Evidence Act. Whether the electronic record created for the first time in the
random access memory is original? Or whether the record saved on the hard
---------------------- disk is original? There are no definite answers to these questions because of the
nature of electronic records.
----------------------
Thus the Act was amended and a third category of evidence was introduced
---------------------- that is the electronic record. Further the method of proving an electronic record
---------------------- has been detailed in Section 65A and 65B of the Act. The process involves
certification from the person who owns and/or is in charge of the system which
---------------------- generated the electronic record.
----------------------

Another important amendment is in respect of presumptions as to the Notes
correctness of secure electronic records, secure digital signatures and Digital
Signature Certificates. However, an interesting point to note is that though ----------------------
the Act provides for a presumption in respect of the contents of an electronic
message, however there is no presumption as to the sender of an electronic ----------------------
message. ----------------------
3. Amendment made to the Bankers Books Evidence Act, 1891
----------------------
This Act provided for a presumption to the correctness of entries in the
statement of account produced by the Bank and also provided for a special ----------------------
procedure for the admissibility of the extract of a statement of account. The act,
----------------------
has been further amended to include admissibility of statement of account in
the electronic form as evidence. As per the act, the printout of the entries in the ----------------------
account has to be accompanied by a certificate issued by the principal accountant
or branch manager and the certificate should mention the operational security of ----------------------
the computer system, information management, system integrity and security
----------------------
measures, data backup and disaster recovery/management and audit trails and
verification. ----------------------
4. Amendment made to the Reserve Bank of India Act, 1934
----------------------
This Act has been amended to regulate the electronic fund transfer
between the banks inter-se and the banks and financial institutions. The main ----------------------
intention was to do away with paper trails and promote the EFT or Electronic ----------------------
Fund Transfer transactions.
----------------------
----------------------
Fill in the blanks.
1. The definitions of the_____________ and the digital signature were ----------------------
introduced by amending the Indian Penal Code.
----------------------
2. An amendment ensured that the electronic record is treated ______
with paper-based documents. ----------------------
3. Section____, which deals with making a false document, has been ----------------------
amended.
----------------------
4. The Indian Evidence Act has been amended to include the electronic
record and_______. ----------------------
5. The nature of ________ is such that it cannot be categorized as original ----------------------
and primary evidence and the definition of the word document cannot
be made applicable to it. ----------------------
----------------------
----------------------
----------------------

Notes Summary
---------------------- ●● The Information Technology Act, 2000 provides for some miscellaneous
provisions which contribute to making the said legislation complete in all
----------------------
respects.
---------------------- ●● The Act lays down the special powers given to the police for search and
arrest which are in addition to the powers available to the police under
----------------------
the CrPC. All offences under the said Act are made cognizable even if the
---------------------- punishment prescribed is less than 3 years.
●● The Controller, Deputy Controller, Assistant Controllers, Presiding
----------------------
Officer of the Cyber Appellate Tribunal and other officers and employees
---------------------- of the tribunal have been given the status of public servants and thus they
enjoy many privileges.
---------------------- ●● By virtue of the said Act, prosecution proceedings against the person in
---------------------- charge of and responsible to the company for the conduct of its business,
or, the persons, with whose consent or connivance of, or an act attributable
---------------------- to, or due to any neglect on their part, the offence had been committed,
are maintainable.
----------------------
●● The Act provides for making of rules at three stages or levels by the Central
---------------------- Government, State Government and the Controller to supplement the
provisions under the Act. The following rules have already been framed
---------------------- – The Information Technology (Certifying Authorities) Rules 2000, The
---------------------- Cyber Regulations Appellate Tribunal (Procedure) Rules, 2000 and the
Information Technology (Certifying Authorities) Regulations, 2001.
---------------------- The followings laws were amended:
---------------------- 1. The Indian Penal Code
---------------------- 2. The Indian Evidence Act
3. The Bankers Book Evidence Act
----------------------
4. The Negotiable Instruments Act
----------------------
---------------------- Keywords
---------------------- ●● IPC: Indian Penal Code
---------------------- ●● CrPC: Criminal Procedure Code
●● DSP: Deputy Superintendent of Police
----------------------
●● Public Place: Place which includes any public conveyance, any hotel,
---------------------- any shop or any other place intended for use by, or accessible to the public.
●● NI Act: Negotiable Instruments Act
----------------------
●● Cheque: a negotiable instrument as defined under the NI Act
----------------------
●● Company: means any body corporate and includes a firm or other
---------------------- association of individuals

Notes
----------------------
1. Explain in detail the proposition that “All offences under the IT Act, 2000
are cognizable”. ----------------------
2. Define the terms electronic cheque and truncated cheque.
----------------------
3. Explain with illustrations that a person in charge of and responsible to the
company for the conduct of its business can be prosecuted for an offence ----------------------
committed by the company under the Act. ----------------------
4. Describe in detail any 5 rules relating to digital signatures framed by the
Central Government under this Act. ----------------------
5. Explain in your own words the amendments carried out in the Indian ----------------------
Penal Code by the virtue of IT Act.
----------------------
6. An electronic record is now admissible in evidence. Discuss in detail.
----------------------
Answers to Check your Progress ----------------------

1. False ----------------------
2. True
----------------------
3. True
----------------------

1. False ----------------------
2. True
----------------------
----------------------
1. True ----------------------
2. True ----------------------
3. True ----------------------
----------------------
----------------------
----------------------

Notes Check your Progress 4
Match the following.
----------------------
i. –b
----------------------
ii. –d
---------------------- iii. – e
---------------------- iv. – a
---------------------- v. –f
vi. – c
----------------------
----------------------
---------------------- 1. The definitions of the electronic record and the digital signature were
introduced by amending the Indian Penal Code.
----------------------
2. An amendment ensured that the electronic record is treated at par with
---------------------- paper-based documents.
---------------------- 3. Section 464, which deals with making a false document, has been
amended.
----------------------
4. The Indian Evidence Act has been amended to include the electronic
---------------------- record and digital signature.
---------------------- 5. The nature of digital evidence is such that it cannot be categorized as

original and primary evidence and the definition of the word document
---------------------- cannot be made applicable to it.
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------

Introduction to Cyber Crimes
UNIT
6
Structure:
6.1 Definition
6.2 Types of Cyber Crimes
6.3 Instances of Cyber Crimes where Computer is used as a Tool
6.4 Instances of Cyber Crimes where Computer is used as a Target
6.5 E-mail related Crimes
Summary
Keywords
Suggested Reading
Introduction to Cyber Crimes 93

Notes
Objectives
----------------------
• Explain the meaning of cyber crimes
----------------------
• List various types of cyber crimes and their classification
----------------------
• Describe various tools used to commit a cyber crime
----------------------
---------------------- 6.1 DEFINITION

----------------------
The word ‘Cyberspace’ first appeared in the fantasy Novel “Neuromancer”
---------------------- written by author William Gibson, in the year 1994. This science fiction writer
described the online or the virtual world of computers, networks, digital media
---------------------- and people who operated it including “hackers” which means persons who
operated the internet by illegal means. That concept is no longer fictitious but
----------------------
absolutely real today and that virtual world described in the novel is now known
---------------------- as internet.
Any illegal activity in relation with computers or internet or rather
----------------------
cyberspace can be loosely termed as “cyber crime”.
---------------------- Free flow of uncensored information on electronic networks and websites
gives attractive opportunities to the criminals to commit cyber crimes. Just
----------------------
as crime has changed with the growth of information technology so have the
---------------------- categories of criminals who engage in such crimes like hackers, information
merchants and mercenaries.
----------------------
The degree of risk of internet abuse depends on the method of internet
---------------------- connectivity, the type of computer hardware used, the number and type of
security devices in use and the nature of the users i.e. educational institutions,
---------------------- government entities, private institutions, residential and private users, etc.
---------------------- Mostly Companies, Government Offices, Banks are the target of computer
crimes.
----------------------
Who are cyber criminals?
----------------------
A false sense of anonymity and security and the relative ease with which
---------------------- a crime can be committed in cyber space prompts its commission. A key press
is a digital footprint and its origin can be traced with the help of the right
---------------------- investigation tools and software.
---------------------- The age groups like 15 to 30 are engaged in doing such cyber crimes and
other illegal activities with computer and internet. The main thing is that they
---------------------- are the Computer literate people who know minute techniques of operating a
computer.
----------------------
Organized Hackers - These are a group of people organized together
---------------------- having a common agenda like cyber terrorism or fundamentalism, etc.

Professional Hackers/Crackers also known as vulnerability testing Notes
engineers. These are technically qualified people who generally try to locate
the weakness in the competitor’s software/website, etc. ----------------------
Employees - Employees terminated on the grounds or misconduct or ----------------------
employees who intentionally commit crimes like data theft before voluntarily
leaving the services of the company. ----------------------
There isn’t any obvious sign or evidence of a cyber crime. One may only ----------------------
suspect that a crime may have been committed. This poses a huge challenge
to investigating authorities to gather the evidences in order to prove a crime ----------------------
has been committed. So collection of evidences in case of cyber crimes is very
----------------------
difficult and hard because of the nature of electronic evidence that can easily be
manipulated and tampered with. ----------------------
Let us further explore the meaning and significance of each term to be ----------------------
able to build a sturdy definition of cyber crime.
The word crime is defined as an act of omission which is prohibited by ----------------------
law as injurious to the public and punished by the State. “Disobedience to a ----------------------
command or prohibition made with reference to a matter affecting public peace,
order or good government to which a sanction is attached, by way of punishment ----------------------
or pecuniary penalty, in the interest of the state by way of punishment or as a
whole, and not by way of compensation for the injury which the act or omission ----------------------
may have caused to an individual” is the definition of crime given in The ----------------------
Advanced Law Lexicon pg 1132.
“A crime is an act deemed by law to be harmful to society in general, ----------------------
even though its immediate victim is an individual” (P.S.R. Sadhanandham vs. ----------------------
Arunachalam, AIR 1980 SC 856, 862).
----------------------
Crime or a public wrong is a breach and violation of public rights and
duties due to the whole community and is distinguished from a private wrong ----------------------
or tort which is essentially an infringement of civil rights which belong to
individuals. ----------------------
Thus a computer crime or cyber crime can be defined as an act of omission ----------------------
which is prohibited by law as injurious to the public and punished by the State
which involves the computer or the Internet. ----------------------
The words computer crime and cyber crime now also find place in the ----------------------
Advanced Law Lexicon published in the year 2005.
----------------------
Computer crime is defined as “Offences that atleast partially involve
computers and is broadly defined as an illegal act that involves a computer, its ----------------------
systems or its applications.” (Advanced Law Lexicon page 939)
----------------------
Cyber crime is defined as computer crime committed over telecommunications
networks. (Advanced Law Lexicon page 1179) ----------------------
Thus, if we combine these two definitions together - a cyber crime is an ----------------------
illegal or an unlawful act which involves a computer or a computer network.
----------------------

Notes 6.2 TYPES OF CYBER CRIMES
---------------------- Cyber crimes can be broadly classified into two categories:
---------------------- 1. Computer is used as a tool
2. Computer is used as a target
----------------------
Computer crime or cyber crime is a crime where the computer is used as
---------------------- a means or tool to commit a crime or is a crime in which the computer is the
target. While the latter are new age crimes which have come into existence only
----------------------
after the invention of computer technology, however the former crimes have
---------------------- already been in existence prior to the invention of computer technology but can
now be committed with new technology. It is popularly said that to rob a bank
---------------------- in the modern age does not require lot of money and instruments, a keyboard
and an internet connection is enough!
----------------------
Crimes where the computer is used as a tool, is not new. Criminals have
---------------------- only found out new and better ways of committing them with the help of
---------------------- computer technology. For e.g. – fraud, theft, blackmail, forgery, sale of illegal
articles, gambling, defamation, etc.
---------------------- However, in the modern age, a computer can be a target of a crime.
---------------------- For e.g. – data or information theft, causing damage to computer, computer
networks, etc., denial of service attacks, web jacking, e-mail bombing, data
---------------------- diddling, salami attacks, etc.
---------------------- Another popular method of classifying cyber crimes is –
1. Against Individuals
----------------------
l The person
----------------------
1. Harassment via e-mails
---------------------- 2. Cyber Stalking
---------------------- 3. Circulation of obscene material
---------------------- 4. Defamation
5. Unauthorized access in the computer system
----------------------
6. Email Spoofing
----------------------
7. Cheating/Fraud
---------------------- l Persons property
---------------------- 1. Damage to Computers
---------------------- 2. Transmission of virus/worm
3. Unauthorized access/control over the computer system
----------------------
4. Intellectual property crimes
----------------------
5. Internet time theft
----------------------

2. Against Organization Notes
1. Government, Firm, Company, Group of Individuals
----------------------
2. Unauthorized access/control over the computer system
----------------------
3. Possession of unauthorized information
4. Cyber terrorism against Government Organization ----------------------
5. Intellectual property crimes ----------------------

6. Damage to Computers ----------------------
7. Transmission of virus/worm
----------------------
3. Against Society at large
----------------------
1. Pornography
2. Trafficking ----------------------
3. Financial Frauds ----------------------

4. Sale of illegal articles ----------------------
5. Online Gambling
----------------------
6. Forgery
----------------------
Why are computers so vulnerable?
Inspite of Computers being such high-end technology devices and inspite ----------------------
of the development of several security (hardware and software) tools, computers ----------------------
continue to be vulnerable to intrusions and attacks from unauthorized persons.
The main reasons can be grouped as under - ----------------------
1. Digital data occupies very little space. Large volumes of data worth ----------------------
crores of rupees can be stored on a small CD, USB which can fit into a
shirt pocket. Thus stealing data is much easier as compared to stealing of ----------------------
movable property.
----------------------
2. Sending confidential information/proprietary information or important
data via e-mails or uploading it on some website which offers this facility ----------------------
is also easily possible. Data can be compressed/encrypted before sending.
----------------------
3. Most of the bank accounts or e-mail accounts are protected by passwords.
Thus security of passwords is a major concern. People are not careful ----------------------
in protecting passwords. While some share their passwords, some write
----------------------
them down in places easily seen by others or some passwords are such
that are easy to guess thus making unauthorized access simple. ----------------------
4. Operating systems are composed of millions of lines of code and no single ----------------------
individual can claim to understand the security implications of every
bit of these computer instructions. Hackers easily exploit the numerous ----------------------
weaknesses in operating systems and security products.
----------------------
----------------------

Notes
----------------------

1. Cyber crimes can be broadly classified into how many categories?
----------------------
i. One
----------------------
ii. Two
---------------------- iii. Three
---------------------- iv. All of the above
---------------------- 2. Which of the following are cyber crimes?
i. Defamation
----------------------
ii. Data diddling
----------------------
iii. Denial of service attacks
---------------------- 3. Which of the following cyber crimes can be committed against a
person?
----------------------
i. Spoofing
----------------------
ii. Control over the computer system
---------------------- iii. Intellectual property crimes
----------------------
----------------------
Activity 1
---------------------- Visit the nearest cyber cell and collect information as to how many cyber
crimes against the property are reported.
----------------------
----------------------
6.3 INSTANCES OF CYBER CRIMES WHERE COMPUTER
---------------------- IS USED AS A TOOL
---------------------- Financial Fraud
---------------------- These form a special category of crimes which involve theft, misappropriation,
fraud, forgery, etc. for illegal financial gain.
----------------------
BPO Fraud
----------------------
India’s first major e-banking fraud was reported and the five of the
---------------------- employees who masterminded this fraud did it without having to break through
any security barriers or by decoding encrypted software and were neither
---------------------- hackers nor geeks. The employees of a BPO were privy to confidential details

of various account holders of a foreign Bank whose data was being processed Notes
by the BPO. Password/pins of these accounts were obtained from the account
holders by “sweet-talking”, a tactic which is also termed as social engineering. ----------------------
Having obtained the PIN numbers, fake e-mail accounts were opened to divert
e-banking funds transfer confirmations. Thus the original account holders ----------------------
never got the confirmation they would have otherwise got in the event of a ----------------------
fund transfer. Thereafter, the employees affected the illegal transfers into fake
accounts opened on the basis of wire transfer fabricated documents from where ----------------------
the money was then withdrawn.
----------------------
Credit Card Fraud
----------------------
A “Best Employee” awarder of a five star Hotel in the city was arrested
for his role in the unique Rs. one-crore credit card fraud. He was also and was ----------------------
promoted to the post of an auditor some time before the racket was unearthed.
The cashier actually had copied the credit card details in his pocket-size “card ----------------------
reader”. A gang of four, including the cashier was nabbed by the police for
----------------------
stealing details of 33 premium credit card owners, who had visited the hotel
over the period of time. The suspects copied these details on magnetic strips ----------------------
of blank and blocked credit cards using computer technology. In this manner,
they prepared 33 duplicate credit cards and used it for shopping costly items ----------------------
from various shops in Mumbai and Surat. The police have communicated the
----------------------
multinational banks regarding the fraud. The police further said that some credit
cards prepared by the accused clearly appear like duplicate ones, still some ----------------------
shop owners allowed shopping with these cards and the police suspect, they too
could be a part of the fraud. ----------------------
Student Hacker in the Net ----------------------
The arrest of a bright 3rd year BCom student in Chennai for purchasing ----------------------
electronic goods online using credit card details of card holders from across
the world has exposed a murky world of fraud in cyber space. A student and ----------------------
also a member of a community of hackers had been buying electronic goods
online using other people’s credit cards since April. Police recovered an electric ----------------------
guitar, a printer, an LCD TV, a digital camera, a weighing scale, a mobile and ----------------------
a laptop all worth Rs. Three Lakhs, and Rs. 38,500 in cash from him. The
student met two other people online a few months ago. They introduced him ----------------------
to an online hacker’s community on the net and gave him credit card details to
make purchases. Following the advice, this student tried to book an expensive ----------------------
mobile and ipod using the data they provided. To his surprise, he received the ----------------------
items within a week. He also couriered the valuables to them as gifts. He started
buying more goods online on eBay, an online auction website. It appears that ----------------------
atleast four US-based websites have been selling credit card information of
credit card holders abroad. ----------------------
16-yr-old rules Cyber Fraud Gang ----------------------

Ajay is 16 and a class X student. But, let him loose in cyber space and ----------------------
he turns a millionaire, leaving hundreds of credit card holders across the globe
bankrupt. Ajay was picked up from Mumbai and detained by Gujarat Police in ----------------------

Notes a hacking case that left them baffled with its sheer global spread. This student
from Mulund and son of an employee of a textile firm learnt the ropes of hacking
---------------------- online marketing websites and siphoned off money paid by cyber buyers to
his own account. The racket surfaced when Ahmedabad crime branch sheuths
---------------------- investigated a case of hacking of a popular online shopping site and arrested
---------------------- three boys in the city. They turned out to be a part of Ajay’s gang. Investigations
revealed that his network spreads across Mumbai, Hyderabad, Bangalore and
---------------------- Ahmedabad. His mentors live in the US, Vietnam and other countries. Ajay
had taught his accomplices to create fake accounts and crack into others’ credit
---------------------- card accounts to make big bucks. His prowess in hacking high security and
---------------------- government websites let Ajay into a hacking community, which gave him
access to a huge database of credit card Customer Verification Value (CVV)
---------------------- numbers of prominent banks across the globe. Ajay’s tools include his laptop, a
communicator and a cell phone. Ajay got in touch with online fraudsters during
---------------------- gaming and was hooked on to it fast. He has database of over 4000 international
---------------------- credit card holders, their CVV numbers and expiry dates. He fooled the cyber
police by using proxy servers for illegal transactions. After making money
---------------------- illegally at the online shopping giant’s expense for over four months, he got in
touch with his accomplices and let them to some secrets of the fraud.
----------------------
Pornography and Obscenity
----------------------
“Obscenity” is specifically prohibited by the Indian Penal Code. In the
---------------------- case of Ranjit D. Udeshi vs. State of Maharashtra reported in AIR 1965 SC
881, obscenity has been defined as “the quality of being obscene which means
---------------------- offensive to modesty or decency; lewd, filthy and repulsive.
---------------------- In the same judgement, the Supreme Court drew a distinction between
Obscenity and Pornography. It was held that while pornography denotes
---------------------- writings, pictures, etc. intended to arouse sexual desire, obscenity may include
publications not intended to do so but which have that tendency. While both
----------------------
offend against public decency and morals, pornography is obscenity in a more
---------------------- aggravated form.
---------------------- Pornography and obscenity on the internet and computers may take
various forms.
---------------------- Following are just a few examples:
---------------------- 1. Uploading of nude photographs on a website
---------------------- 2. Writing on blog sites which are obscene in nature
3. Uploading video clips on a website which are obscene in nature
----------------------
4. Creating a profile on a social networking website which is obscene in nature
----------------------
5. Transmission of sms/mms on mobile phones which is obscene in nature
---------------------- 6. Hosting of a website containing these prohibited/obscene materials
---------------------- 7. Use of computers for producing the obscene materials
---------------------- 8. Downloading through the Internet of obscene materials

Some illustrations: Notes
1. A lady was staying in a one room apartment in a modern city in India.
----------------------
Each evening was spent by her chatting with friends and sometimes
strangers on the internet. As days passed she got friendly with a boy she ----------------------
had come across on one of the public chat sites on the internet. They
started chatting regularly, were exchanging e-mails, photos, etc. He sent ----------------------
her some beautiful greeting cards and also shared some pictures with her
----------------------
on the net. She eventually got for herself a 24-hour internet connection
and a web camera. During one of her interviews for a job, she got a very ----------------------
strange response from her employer-to-be. He had told her that some of
her very revealing pictures were posted on the internet with some shots ----------------------
also in respect of her very private daily routine! She was devastated and
----------------------
approached the police in her city. On carrying out a thorough investigation,
the police came to the conclusion that someone had intentionally ‘hacked’ ----------------------
into her computer, gained control over the input/output devices and then
after remotely switching on the web camera had captured her pictures ----------------------
without her knowledge and posted them over the internet.
----------------------
2. Spurned lover arrested for sending obscene e-mails
----------------------
The ‘one-way love affair’ of an unemployed computer engineer here has
allegedly led him to cyber crimes and police custody. One Rajiv Sharma ----------------------
(26) of Pune was arrested by the cyber crime cell for allegedly sending
obscene e-mails and short message services (SMS) to a 22 year old girl ----------------------
and her father. Rajiv allegedly had an infatuation for the girl who also
----------------------
resides in the same locality. However, the girl avoided him. Rajiv later
created a fake e-mail account and sent obscene mails to the girl from ----------------------
various places, including his residence and cyber cafes. He also sent her
obscene SMSs. When all his efforts to woo her failed, Rajiv also sent ----------------------
obscene mails and SMSs to her father and friends between January 5 and
----------------------
April 7, 2008. Unable to bear the agony and mental torture, the victim and
her family lodged a complaint with the police. Initially Rajiv was booked ----------------------
under section 292 and 509 of the Indian Penal Code for committing an
offence of obscenity and hurling abuses. Later, the police invoked section ----------------------
67 of the Information Technology Act and the case was transferred to the
----------------------
cyber cell. The police had collected evidence that Rajiv had created fake
account and was sending mails through Rediff Bol messenger service to ----------------------
the victim and others with an intention to harass them. Rajiv was arrested
on Friday night and was remanded to police custody till Sunday. ----------------------
Defamation ----------------------
It is an act of imputing any person with an intention to cause harm to the ----------------------
reputation of a person and lower his dignity in the eyes of the public at large and
show him in bad light. To constitute an offence of defamation, the imputation ----------------------
that causes harm to reputation must be published.
----------------------
The internet offers ample avenues where such imputations can be ‘published’
such as websites, blogs, social networking sites like face book, Orkut, etc. ----------------------

Notes Orkut text on Sonia
The cyber crime cell of the Pune crime branch on Saturday arrested
----------------------
one more suspect for allegedly uploading obscene and derogatory text about
---------------------- Congress Chief Sonia Gandhi on Orkut. The suspect has been identified as a
resident of Hyderabad. Earlier, the crime branch had arrested one IT professional
---------------------- of Gurgaon, Haryana on May, 17. A Congress activist of Pune, who saw the
message, had lodged a complaint in this regard with the Deccan Gymkhana
----------------------
police in December 2007. This Hyderabad resident had added the derogatory
---------------------- text in a community named ‘I hate Sonia Gandhi’ on Orkut. He used his own
e-mail id for uploading the text. The police had first asked Google to provide
---------------------- the IP address of the person who posted the text on Orkut. After the police got
the e-mail id of the offender and his postal address, a team of police arrested
----------------------
the offender from his residence in Hyderabad on Saturday at around 2 pm. He
---------------------- admitted to having posted the message.
Cheating
----------------------
Cheating has been defined under Indian Penal Code as – Whoever by
---------------------- deceiving any person, fraudulently or dishonestly induces the person so
deceived to deliver any property to any person.
----------------------
The instances of online cheating are rising and the most infamous are the
---------------------- Nigerian E-mail scams or Lottery scams.
---------------------- Vice-Principal of a Law College cheated... almost
---------------------- A reader and vice-principal of a reputed Law College in Pune, has fallen
victim to internet fraud, commonly called as phishing. Her e-mail ID was
---------------------- hacked and several mails were forwarded to her friends and relatives seeking
financial help.
----------------------
The Vice Principal on Saturday approached the cyber crime cell of Pune
---------------------- police complaining about false mails being sent to her relatives and friends
asking for financial aid. “The mail mentioned that my health is in bad shape and
----------------------
that I require finance for medical treatment,” the VP said. The matter came to
---------------------- light after a relative of hers called the VP to inquire about her health on reading
the mail. She did not lose any money as the matter came to light before any
---------------------- financial transaction could be made”. Her e-mail ID was hacked and password
was changed subsequently. Later, the suspect sent an array of mails to the VP’s
----------------------
relatives and friends to earn money.
---------------------- E-mail Spoofing
---------------------- E-mail spoofing can be defined as an act of sending e-mail by a person
from another person’s account. Thus the e-mail appears to have originated from
---------------------- one account but is actually from another account. This is generally done with
a malicious intent to cause harm. E-mail spoofing is a term used to describe
----------------------
fraudulent e-mail activity in which the sender address and other parts of the
---------------------- e-mail header are altered to appear as though the e-mail originated from a
different source. E-mail spoofing is a technique commonly used for spam e-mail
---------------------- and phishing to hide the origin of an e-mail message.

An e-mail containing abusive words and filthy language was sent to a Notes
boss which appeared to have been sent by an employee, when it actually was
sent by an ex-employee wanting to harm the reputation of that employee. ----------------------
Intellectual Property Crimes ----------------------
Copyright Infringement ----------------------
Cyber Squatting (Domain name disputes)
----------------------
Trademark violation
----------------------
*These are discussed in detail later in the book*
Cyber Stalking ----------------------
Is a form of criminal intimidation i.e. acts which gives rise to an ----------------------

apprehension or fear. Thus acts that involve the computer or the internet
----------------------
and have the effect of causing fear or apprehension can be termed as cyber
stalking. The Oxford dictionary defines stalking as “pursuing stealthily”. ----------------------
Cyber stalking involves following a person’s movements across the internet
by posting messages (sometimes threatening) on the bulletin boards frequented ----------------------
by the victim, entering the chat-rooms frequented by the victim, constantly ----------------------
bombarding the victim with e-mails, etc.
----------------------
Cyber Terrorism
Terrorists groups engaged in cyber terrorism are noted for the threats to ----------------------
commerce, public safety and national security. These threats include ----------------------
●● Threats to public utilities and transportation
----------------------
●● Threats to commercial institutions and transnational organizations
----------------------
●● Threats to NGOs
●● Threats to individuals ----------------------
●● Threats to political groups ethnic groups ----------------------
●● Threats to security forces
----------------------
●● Threats to states
----------------------
The cyber terrorists target computers and computer networks of
individuals, corporate and government agencies. ----------------------
The term ‘Terrorism’ is already understood and defined under existing ----------------------
legislations. If the act of terrorism is committed using computers, it would mean
cyber terrorism and the current laws are itself sufficient to include “terrorist ----------------------
acts committed through use of computers”. The existing legislations such as
----------------------
IPC or Unlawful Activities Prevention Act etc. include punishments for acts of
terrorism. “Cyber Terrorism” are acts that use internet for terrorist propaganda, ----------------------
money settlement, communication leading to planning and execution of terror
plan, mass defacement of websites of the country, DDOS and Trojan attacks ----------------------
aimed at cyber assets of the nation, etc. ----------------------

Notes
----------------------

1. Which of the following can be termed as Cyber terrorism?
----------------------
i. Threats to public utilities and transportation
----------------------
ii. Threats to NGOs
---------------------- iii. Threats to political groups
---------------------- 2. What can be termed as obscenity?
i. Offensive to modesty
----------------------
ii. Lewd comments
----------------------
iii. Defamatory comment
---------------------- iv. (i) and (ii)
---------------------- v. All of the above
---------------------- 3. What can be termed as pornography?
i. Uploading nude videos
----------------------
ii. Hosting a website containing obscene material
----------------------
iii. Downloading obscene material through internet
----------------------
---------------------- 6.4 INSTANCES OF CYBER CRIMES WHERE COMPUTER

IS USED AS A TARGET
----------------------
Data Theft/Information Theft
----------------------
Techie’s remand extended over $13m crime
---------------------- Judicial magistrate first class on Wednesday extended the police custody
---------------------- of software engineer Anjali Sharma, who was arrested for allegedly leaking
confidential information of 3 DPLM software company and source code to
---------------------- her husband and others, till December 28. She was produced in the court after
her day’s police custody expired. Pressing to extend the police custody of the
---------------------- accused, assistant public prosecutor told the court that the custodial interrogation
---------------------- of the engineer was required as she had transferred vital data of the software
company via e-mail to her husband, who is also a software engineer, and others.
---------------------- The PP stated that the company had suffered losses to the tune of US $13
million following the leakage of confidential information and sought more time
---------------------- for the police to find out how Sharma transferred the data to various IT firms
---------------------- and individuals. Sharma was an employee of the Hinjewadi-based 3 DPLM,

which was dealing with a French company to develop interop software. She Notes
was working on the project as a developer. In September 2007, the company
officials noticed that Sharma, who had resigned from the firm, had transferred ----------------------
vital data of the company and source code to her husband and others. The firm
registered a complaint against her with the Hinjewadi police. Apprehending ----------------------
arrest, Sharma moved the district and sessions court here for anticipatory bail, ----------------------
but her plea was rejected recently.
----------------------
Unauthorized access to computer systems or networks
This activity is commonly referred to as hacking. The Indian law has ----------------------
however given a different connotation to the term hacking, so we will not use
----------------------
the term “unauthorized access” interchangeably with the term “hacking”.
E-mail Bombing ----------------------
E-mail bombing refers to sending a large number of e-mails to the victim ----------------------
resulting in the victim’s e-mail account (in case of an individual) or mail servers
(in case of a company or an e-mail service provider) crashing. In one case, a ----------------------
foreigner who had been residing in Simla, India for almost thirty years wanted ----------------------
to avail of a scheme introduced by the Simla Housing Board to buy land at
lower rates. When he made an application it was rejected on the grounds that ----------------------
the scheme was available only for citizens of India. He decided to take his
revenge. Consequently he sent thousands of mails to the Simla Housing Board ----------------------
and repeatedly kept sending e-mails till their servers crashed. ----------------------
Data Diddling
----------------------
This kind of an attack involves altering raw data just before it is processed
by a computer and then changing it back after the processing is completed. ----------------------
Electricity Boards in India have been victims to data diddling programs inserted
when private parties were computerizing their systems. ----------------------
Salami Attacks ----------------------

These attacks are used for the commission of financial crimes. The key ----------------------
here is to make the alteration so insignificant that in a single case it would
go completely unnoticed. E.g. A bank employee inserts a program, into the ----------------------
bank’s servers, that deducts a small amount of money (say Rs. 5 a month)
----------------------
from the account of every customer. No account holder will probably notice
this unauthorized debit, but the bank employee will make a sizable amount of ----------------------
money every month.
----------------------
To cite an example, an employee of a bank in USA was dismissed from
his job. Disgruntled at having been supposedly mistreated by his employers, ----------------------
the man first introduced a logic bomb into the bank’s systems. Logic bombs
are programs, which are activated on the occurrence of a particular predefined ----------------------
event. The logic bomb was programmed to take ten cents from all the accounts ----------------------
in the bank and put them into the account of the person whose name was
alphabetically the last in the banks rosters. Then he went and opened an account ----------------------
in the name of Ziegler. The amount being withdrawn from each of the accounts
in the bank was so insignificant that neither any of the account holders nor the ----------------------

Notes bank officials noticed the fault. It was brought to their notice when a person by
the name of Zygler opened his account in that bank. He was surprised to find a
---------------------- sizable amount of money being transferred into his account every Saturday.
---------------------- Denial of Service Attack
This involves flooding a computer resource with more requests than it can
----------------------
handle. This causes the resource (e.g. a web server) to crash thereby denying
---------------------- authorized users the service offered by the resource. Another variation to a
typical denial of service attack is known as a Distributed Denial of Service
---------------------- (DDOS) attack wherein the perpetrators are many and are geographically wide
spread, it is very difficult to control such attacks. The attack is initiated by
----------------------
sending excessive demands to the victim’s computer(s), exceeding the limit
---------------------- that the victim’s servers can support and making the servers crash. Denial-of-
service attacks have had an impressive history having, in the past, brought down
---------------------- websites like Amazon, CNN, Yahoo and eBay!
---------------------- Virus/Worm Attacks: Viruses are programs that attach themselves to
a computer or a file and then circulate themselves to other files and to other
---------------------- computers on a network. They usually affect the data on a computer, either
by altering or deleting it. Worms, unlike viruses do not need the host to attach
----------------------
themselves to. They merely make functioned copies of themselves and do this
---------------------- repeatedly till they eat up all the available space on a computer’s memory.
---------------------- Some Infamous Virus

JERUSALEM (1987): One of the earliest and most successful viruses
---------------------- activated each year on Friday the 13th - either displaying a message or deleting
---------------------- any programs that ran on the day. The virus, dubbed Jerusalem, installed itself
in the target computer’s memory when an infected file was opened. Early
---------------------- versions repeatedly infected files until the computer became overwhelmed by
their size. It remained active throughout the 1990s, infecting many computers
---------------------- in enterprises and government offices and becoming a popular template for
---------------------- future viruses due to its simple code.
STONED (1987): The Stoned - or Marijuana - virus became widespread
---------------------- in the early 90s. It was the most successful virus in terms of number of infections,
---------------------- infiltrating hard drives and the boot sector of floppy disks. Its most common
effect was to display a message on the screen when the computer started up that
---------------------- read: “Your PC is now stoned. Legalise marijuana.” There are more than 90
variants of the virus - and last year it resurfaced to infect a number of laptops
---------------------- running Microsoft Windows after anti-virus programs detected the virus but
---------------------- failed to remove it.
TEQUILA (1991): One of the first widespread viruses to use stealth
----------------------
techniques to avoid detection, Tequila was particularly dangerous as it couldn’t
---------------------- be removed from the infected computer’s memory. It infected computers by
writing an unencrypted copy of itself to sectors of the system’s hard disk
---------------------- and modifying the master boot record. It used a scrambling method to avoid
disassembly, changing itself from one infection to the next.
----------------------

MICHELANGELO (1991): After spreading quietly for months, the Notes
virus activated on March 6, 1991 - the birth date of its namesake - destroying
data on tens of thousands of computers by overwriting parts of the hard disk with ----------------------
random data. In the weeks before March 6, 1992, the Michelangelo virus became
a major news event with constant warnings about its destructive potential. The ----------------------
media coverage descended into hysteria with predictions, Michelangelo would ----------------------
wipe out millions of computers. However, when March 6 finally arrived only
around 10,000 computers were infected, and antivirus companies were accused ----------------------
of creating hype about the virus to increase sales.
----------------------
I LOVE YOU (2000): The most destructive worm of all time was I
LOVE YOU, also known as “Love letter”, which spread by e-mail and disguised ----------------------
itself as a romantic message to the recipient. If opened, it would send itself to
----------------------
everyone in the user’s address book, clogging e-mail systems around the world.
I LOVE YOU reached up to 45 million people in one day, causing more than $5 ----------------------
billion of damage with large corporations including the Pentagon and British
Parliament forced to shut down their e-mail systems/supplied. ----------------------
MONOPOLY (2000): Working in a similar way to I LOVE YOU, the ----------------------
Monopoly worm sent itself by e-mail boasting “proof” that Microsoft boss Bill
Gates was guilty of monopoly. At the time, Microsoft was immersed in a legal ----------------------
battle over its attempts to bundle Internet Explorer with its Windows operating
----------------------
system which led to accusations of abusing monopoly power. The worm was
delivered through an attachment called “Monopoly.vbs” that, when opened, ----------------------
displayed a humorous image of Bill Gates on a Monopoly game board. It then
attempted to mass mail itself to all of the user’s Outlook contacts. ----------------------
ANNAKOURNKOVA (2001): More a nuisance than a threat, this worm ----------------------
masqueraded as a picture of tennis star Anna Kournikova and relied on the
public’s fondness for the blonde pinup in order to spread itself. Annakournikova ----------------------
was short-lived and spread via Outlook e-mail with the subject line “Here you
----------------------
have, Go”, with an attachment called Annakournikova.ipg.vbs. Once opened,
the worm copied itself to the Windows directory and sent the file to all contacts ----------------------
in the user’s Outlook address book.
----------------------
NIMDA (2001): Before Nimda, worms were spread simply by copying
or e-mailing themselves. Nimda used this method but also moved via server- ----------------------
to-server web traffic, infecting shared network hard drives and downloading
itself to users who were browsing websites hosted on infected servers. The ----------------------
result was hundreds of thousands of infections on servers and home computers ----------------------
and a slowdown in internet traffic as Nimda searched for vulunerable servers to
attack. ----------------------
SASSER (2004): German teenager boasted about becoming the hero ----------------------
of his class after writing the potent Sasser worm that could spread without
user intervention. Sasser exploited an operating system flaw, prompting some ----------------------
computers using Windows XP and Windows 2000 systems to continually crash
and reboot. However it was easily stopped by a well-configured firewall or ----------------------
by Windows Update downloads. Sasser caused disruption worldwide, halting ----------------------

Notes Australia’s Railcorp trains as operators couldn’t communicate with signalmen
and forcing the cancellation of 40 Delta Air Lines Trans-Atlantic flights.
----------------------
STORM (2007): The worst virus to hit computers in recent times, Storm
---------------------- is classed as a “superworm”. It has become well-known for the way it constantly
morphs into new forms and finds ways to exploit people’s weaknesses. In
---------------------- 2007, it infected thousands of computers by masquerading as an e-mail about
a weather disaster, and then mutated and spread with another fake attachment
----------------------
infecting 10 million computers. Storm continues to infect unsuspecting users
---------------------- today, with subject lines focusing on a range of topics from Face book to love
interests. Recent versions can disguise themselves from virus scans and even
---------------------- shut down security programs. A warning has been issued about e-mails claiming
the Beijing Olympics will be delayed or cancelled due to earthquake damage,
----------------------
which appear to contain a link to a video but in fact are the Storm worm in
---------------------- disguise.
Logic Bombs
----------------------
These are programs that are activated on happening of an event. This
---------------------- implies that these programs are created to do something only when a certain
event (known as a trigger event) occurs. E.g. even some viruses may be termed
----------------------
logic bombs because they lie dormant all through the year and become active
---------------------- only on a particular date – Friday the 13th or April Fools Day!
---------------------- In June 2006 Roger Duronio, a disgruntled system administrator for

UBS was charged with using a logic bomb to damage the company’s computer
---------------------- network. Duronio was later convicted and sentenced to 8 years and 1 month in
prison, as well as a $3.1 million compensation to UBS.
----------------------
Trojan Attacks
---------------------- A Trojan as this program is aptly called, is an unauthorized program
---------------------- which from outside seems to be an authorized program, thereby concealing
what it is actually doing. There are many simple ways of installing a Trojan in
---------------------- someone’s computer. To cite an example, two friends Rahul and Mukesh had
a heated argument over one girl Radha whom they both liked. Radha chose
---------------------- Mukesh over Rahul. Rahul decided to get even. On the 14th of February, he sent
---------------------- Mukesh a spoofed e-card, which appeared to have come from Radha’s e-mail
account. The e-card actually contained a Trojan. As soon as Mukesh opened the
---------------------- card, the Trojan was installed on his computer. Rahul now had complete control
over Mukesh’s computer and proceeded to harass him thoroughly.
----------------------
Web Jacking
----------------------
This occurs when someone forcefully takes control of a website. The
---------------------- actual owner of the website does not have any more control over what appears
on that website. The latest incident has happened to the online trade magazine
---------------------- Internet.com. Its Internet domain name was “hijacked” when someone illegally
transferred ownership on several of its domain addresses. Several “whois”
----------------------
databases, which track domain ownership, listed the owner of the Internet.
---------------------- com domain as BCS Inc. based in Montreal, and listed Toronto-based domain

registrar TUCOWS.com Inc. as the registrar of record. Notes
Theft of Computer System: This type of offence involves the theft of a
----------------------
computer, some part(s) of a computer or a peripheral attached to the computer.
Physically Damaging a Computer System: This crime is committed by ----------------------
physically damaging a computer or its peripherals.
----------------------
----------------------
----------------------
i. Jerusalem a. 2007
ii. Tequila b. 2000 ----------------------
iii. I Love You c. 2001 ----------------------
iv. Nimda d. 1987
----------------------
v. Storm e. 1991
----------------------
----------------------
Activity 2
----------------------
Make a survey on virus attacks till date and find out the most widespread
----------------------
attack that crippled the cyber world.
----------------------
6.5 E-MAIL RELATED CRIMES ----------------------
E-mail Spoofing ----------------------

This is a technique by which an e-mail is sent from an e-mail address ----------------------
which appears to some person’s address but is actually not. There are some
websites available on the internet that make this facility available! ----------------------
Spamming ----------------------
E-mail spam involves sending of nearly identical messages to thousands
----------------------
of recipients. Spammers usually obtain addresses from web pages, Usenet
postings, from commercially available databases or simply guess them by using ----------------------
common names or domain names. Spammers generally take efforts to conceal
the origin of their messages either by spoofing e-mail address or IP address. ----------------------
Spamming can have serious consequences for legitimate e-mail users as the
----------------------
inboxes get clogged up. The United States of America regulates spam by the
CAN-SPAM Act 2003 and spam is regarded as a crime or an actionable tort. ----------------------
There is no legislation which directly deals with spamming in India.
----------------------
E-mail Viruses
An e-mail virus is a program that is distributed as an attachment to an ----------------------
e-mail message. These viruses are typically separate programs that cause damage ----------------------

Notes when they are manually executed by the user. These virus masquerade as pictures,
word files and other common attachments but are really EXE, VBS, PIF and other
---------------------- type of executable files in disguise. Many e-mail viruses hijack the user’s e-mail
program and send themselves out to everybody in the contact list.
----------------------
The Nigerian E-mail Scam
----------------------
This is how typically the text of the e-mail is that comes into your inbox
---------------------- from a person you know! That person’s e-mail account has been hacked for
sure!
----------------------
Subject: Please, need your help.
---------------------- How are you doing today? I am sorry I didn’t inform you about my
---------------------- travelling to Africa for a program called “Empowering Youth to Fight Racism,
HIV/AIDS, Poverty and Lack of Education, the program is taking place in three
---------------------- major countries in Africa which is Ghana, South Africa and Nigeria. It has been
a very sad and bad moment for me, the present condition that I found myself is
---------------------- very hard for me to explain.
---------------------- I am really stranded in Nigeria because I forgot my little bag in the Taxi
where my money, passport, documents and other valuable things were kept on
---------------------- my way to the Hotel I’m staying, I am facing a hard time here because I have
---------------------- no money on me. I am now owning a hotel bill of $1550 and they wanted me
to pay the bill soon else they will have to seize my bag and hand me over to the
---------------------- Hotel Management, I need this help from you urgently to help me back home,
I need you to help me with the hotel bill and I will also need $1600 to feed and
---------------------- help myself back home so please can you help me with a sum of $3500 to sort
---------------------- out my problems here? I need this help so much and on time because I am in a
terrible and tight situation here, I don’t even have money to feed myself for a
---------------------- day which means I had been starving, so please understand how urgent I needed
your help.
----------------------
I am sending you this e-mail from the city library and I only have 30
---------------------- minutes. I will appreciate whatsoever you can afford to send me for now and
I promise to pay back your money as soon as I return home. So please let me
---------------------- know on time so that I can forward you the details you need to transfer the
---------------------- money through Money Gram or Western Union.
----------------------
----------------------

1. Technique by which an e-mail is sent from an e-mail address, which
---------------------- appears to be some person’s address but is actually not, is known as
---------------------- Spamming.
2. Sending of nearly identical messages to thousands of recipients is
----------------------
called as E- Mail Spoofing.
----------------------

Summary Notes
●● Statistics indicate that cyber crimes are on the rise. The number of crimes ----------------------
registered with the police in whom a computer is involved either as a tool
----------------------
or as a target is definitely increasing every year. Cyber Crime is a reality
which is closer to you than you may think. A teacher’s e-mail account ----------------------
was hacked into as a result of a phishing attack which resulted in a lot
of inconvenience and hardship not only to the teacher but also to her ----------------------
friends and relatives. Several girls are victims as someone intentionally
----------------------
to malign the reputation of the girl creates her fake profile on a social
networking site with obscene photographs and real phone numbers. A lot ----------------------
of companies have faced tremendous losses due to data theft and such
cases mostly involve some insider. It is necessary for every individual ----------------------
to have knowledge about what cyber crimes are and how to protect
----------------------
themselves from being victims of cyber crimes.
●● Cyber crimes are broadly classified into two categories. One, where the ----------------------
computer is used as a tool and another, where the computer is used as
----------------------
a target. Crimes where computer is used as a target are new age crimes
which have come into existence only after the invention of computer ----------------------
technology such as transmission of virus or worms. Financial frauds,
Cyber Pornography, unauthorized access, data theft and transmission or ----------------------
virus, worms top the list of cyber crimes today.
----------------------
Keywords ----------------------
●● Cyber Crime: A cyber crime is an illegal or an unlawful act which ----------------------

involves a computer or a computer network.
----------------------
●● CD: Compact Disk.
----------------------
●● USB: Universal Serial Bus.
●● BPO: Business Process Outsourcing. ----------------------
●● SMS: Short Messaging Service. ----------------------
●● Orkut: Social Networking Site on internet.
----------------------
●● Phishing: Also called an identity theft.
●● Identity Theft: Theft of Login id and Password. ----------------------
●● Spoofing: To create a fake. ----------------------
●● DOS: Denial of Service.
----------------------
●● DDOS: Distributed Denial of Service.
----------------------
----------------------
----------------------
----------------------

Notes
----------------------
1. Describe any one method of classifying cyber crimes in detail.
---------------------- 2. What is a Distribute Denial of Service attack?
---------------------- 3. Has any Indian website been a victim of a DOS attack? Elaborate in detail.
---------------------- 4. Who are cyber criminals? Explain with 3 illustrations.

5. Describe three crimes in detail where the computer is used as a tool.
----------------------
6. Describe three crimes in detail where the computer is used as a target.
----------------------
7. What is a virus? Write notes of 5 infamous computer virus.
---------------------- 8. What is Data Diddling and what is a Salami Attack?.
---------------------- 9. What is Cyber Defamation? Explain with illustrations?
----------------------
----------------------
----------------------
----------------------
1. Into how many categories can cyber crimes be broadly classified?
---------------------- ii. Two
---------------------- 2. Which of the following are cyber crimes?
3. Which of the following cyber crimes can be committed against a person?
----------------------
iv. Spoofing
----------------------

---------------------- 1. Which of the following can be termed as Cyber terrorism?

2. What can be termed as obscenity?
----------------------
v. All of the above
----------------------
3. What can be termed as pornography?
----------------------
----------------------
----------------------

Check your Progress 3 Notes
----------------------
i. –d
----------------------
ii. –e
iii. – b ----------------------
iv. – c ----------------------
v. –a ----------------------
----------------------
----------------------
1. False ----------------------
2. False ----------------------
----------------------
----------------------
Suggested Reading
----------------------
1. Collins, Matthew. The Law of Defamation and the Internet.
2. Caloyannides, Michael. Privacy Protection and Computer Forensics. ----------------------
3. Sharma S.K. Encyclopedia of Cyber Laws and Crimes. ----------------------

4. Godwin, Mike. Cyber Rights Defencing free speech in the Digital Age. ----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------

Notes
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------

Cyber Offences
UNIT
7
Structure:
7.1 Source Code Theft or Tampering with Computer Source Documents
7.2 Computer related Offences
7.3 Publishing of Information which is Obscene in Electronic Form
7.4 Power of Controller to give Directions
7.5 Protected System
7.6 Penalty for Misrepresentation and Penalty for Breach of Confidentiality
and Privacy
7.7 Offences relating to Electronic Signature Certificates
7.8 Liability of Network Service Providers
7.9 Additional Provisions
7.10 Computer related Crimes under Indian Penal Code
Summary
Keywords
Suggested Reading
Cyber Offences 115

Notes
Objectives
----------------------
• Explain the meaning of cyber crimes as defined under the Information
----------------------
Technology Act, 2000
---------------------- • Discuss the scope of Information Technology Act, 2000 relating to
protection of Electronic signatures
----------------------
• Describe the nature and scope of liabilities in respect of Network
---------------------- Service Providers
---------------------- • State the provisions relating to confiscation and seizure
----------------------
---------------------- 7.1 SOURCE CODE THEFT OR TAMPERING WITH

COMPUTER SOURCE DOCUMENTS
----------------------
The offence of theft is clearly defined under the Indian Penal Code. The
---------------------- main ingredients of theft are dishonestly taking of movable property out of
---------------------- the possession of any person without the person’s consent and movement of
that property in order to such taking. Thus two important aspects are that this
---------------------- offence is relating to movable property and that the said movable property has
to be moved from one place to another. Movement indicates that it should be
---------------------- absent from its original place and should be taken or moved to a new place or
---------------------- destination.
Movable property is also defined under the Indian Penal Code as corporeal
---------------------- property of every description, except land and things attached to the earth or
---------------------- permanently fastened to anything which is attached to the earth.
The conventional definition of theft is inapplicable to theft of any
----------------------
electronic record as an electronic record is not defined as movable property.
---------------------- Further, making unauthorized copies of electronic records actually amounts to
stealing of the electronic record though it is not removed from its original place.
---------------------- However, theft of electronic record does not fit in the traditional definition of
theft under IPC and therefore this very important issue remains to be addressed
----------------------
by any existing legislation.
---------------------- However, the Information Technology Act has provided for a safeguard
to source code documents against unauthorized alteration, destruction and
----------------------
concealment though again the word copying has been omitted.
---------------------- Source Code can be defined as a set of instructions that are given to the
---------------------- computer to enable the computer to perform the desired or required operation.
For e.g. A computer is instructed to perform mathematical functions like 2+2
---------------------- = 4. If the Computer is instructed that 2+2 = 10 then the computer will follow
the instructions as the computer does not have reasoning powers of its own. It
---------------------- is designed only to follow and execute instructions one at a time.

These set of instructions are called programs. The programs can be Notes
written in high level programming languages such as PASCAL, FORTRAN,
JAVA, C++, Visual BASIC, etc. The programs are also expressed in the form of ----------------------
diagrams i.e. algorithms and flow charts. Such programs are then translated into
assembly language or binary language so that the computers can understand ----------------------
them. All of these are source codes. As defined under the Act, computer source ----------------------
code means the listing of programs, computer commands, design, layout and
program analysis of computer resource in any form. ----------------------
Source Code needs protection against unauthorized use as the value of ----------------------
source code to the owner who has developed it is very high. It is the intellectual
property of the owner and requires protection. ----------------------
Thus the Information Technology Act, 2000 Section 65 states that ----------------------
whoever knowingly or intentionally conceals, destroys or alters or intentionally
or knowingly causes another to conceal, destroy, or alter any computer source ----------------------
code used for a computer, computer program, computer system or computer
----------------------
network, when the computer source code is required to be kept or maintained
by law for the time being in force, shall be punishable with imprisonment up to ----------------------
three years, or with fine which may extend up to two lakh rupees, or with both.
----------------------
The offence is cognizable and non-bailable as per provisions of CrPC.
----------------------
7.2 COMPUTER RELATED OFFENCES
----------------------
Section 66 of The Information Technology Act, 2000 is drastically amended
----------------------
in the year 2008 to give it a much wider scope and include variety of acts under
the garb of the offences related to computer. The provision under Section 43 has ----------------------
also carried certain effects of the Amendment in 2008. The offence of Hacking
as it was under Section 66 in the previous Act has been shifted to Section 43(i) ----------------------
and it became the contravention as the acts committed under Section 43 are
----------------------
termed as Contraventions under the Act and the compensation in that regard
was the only necessary remedy available for the person affected by such acts. ----------------------
But the Amendment in 2008 has not only restricted it to pecuniary remedy.
----------------------
The most comprehensive part of the Amendment was that it changed the face
of Section 66. Section 66 initially provides that if any person dishonestly or ----------------------
fraudulently commits any act under Section 43, he shall be punished with
imprisonment for a term which may extend up to three years or with fine which ----------------------
may extend up to five lakh rupees or with both.
----------------------
More than that Section 66 now describes six different offences right form
clause A to F in the Amendment Act of 2008. ----------------------
Section 66A provides for punishment for sending offensive messages through ----------------------
communication service.
----------------------
----------------------
----------------------
Cyber Offences 117

Notes Section 66A is declared as invalid in Shreya Singhal Vs. UOI
Supreme Court in a landmark judgement struck down section 66A of the
----------------------
Information Technology Act, 2000 which provided provisions for the arrest of
---------------------- those who posted allegedly offensive content on the internet upholding freedom
of expression. Section 66A defines the punishment for sending “offensive”
---------------------- messages through a computer or any other communication device like a mobile
phone or tablet and a conviction of it can fetch a maximum three years of jail
----------------------
and a fine.
---------------------- Over the last couple of years there has been many cases in which
police has arrested the broadcasting of any information through a computer
----------------------
resource or a communication device, which was “grossly offensive” or
---------------------- “menacing” in character, or which, among other things as much as cause
“annoyance,” “inconvenience,” or “obstruction.” In a judgment authored by
---------------------- Justice R.F.Nariman, on behalf of a bench comprising himself and Justice J.
Chelameswar, the Court has now declared that Section 66A is not only vague
----------------------
and arbitrary, but that it also “disproportionately invades the right of free
---------------------- speech.”
FACTS Summary
----------------------
Two girls-Shaheen Dhada and Rinu Srinivasan, were arrested by the
---------------------- Mumbai police in 2012 for expressing their displeasure at a bandh called in
---------------------- the wake of Shiv Sena chief Bal Thackery’s death. The women posted their
comments on the Facebook. The arrested women were released later on and it
---------------------- was decided to close the criminal cases against them yet the arrests attracted
widespread public protest.
----------------------
Judgement
---------------------- The verdict in Shreya Singhal is immensely important in the Supreme
---------------------- Court’s history for many reasons. In a rare instance, Supreme Court has
adopted the extreme step of declaring a censorship law passed by Parliament
---------------------- as altogether illegitimate. The Judgment has increased the scope of the right
available to us to express ourselves freely, and the limited space given to the
---------------------- state in restraining this freedom in only the most exceptional of circumstances.
---------------------- Justice Nariman has highlighted, the liberty of thought and expression is not
merely an aspirational ideal. It is also “a cardinal value that is of paramount
---------------------- significance under our constitutional scheme.”
---------------------- Conclusion
In quashing Section 66A, in Shreya Singhal, the Supreme Court has not
----------------------
only given afresh lease of life to free speech in India, but has also performed its
---------------------- role as a constitutional court for Indians. The Court has provided the jurisprudence
of free speech with an enhanced and rare clarity. Various provisions of IPC and
---------------------- Sections 66B and 67C of the IT Act are good enough to deal with all these
crimes and it is incorrect to say that Section 66A has given rise to new forms of
----------------------
crimes.
----------------------

Section 66B provides for punishment for dishonestly receiving stolen Notes
computer resource or communication device. The person is liable under this
provision only when he knows that the computer resource or communication ----------------------
device what he is receiving is a stolen one. The punishment provided under this
Section is imprisonment of three years or fine of Rupees One Lakh or with both. ----------------------
Section 66C provides for the punishment for Identity Theft. Any person ----------------------
who makes use of Electronic Signature or password or any other unique
----------------------
identification feature of any other person fraudulently or dishonestly is liable
for the punishment for imprisonment up to three years or with fine up to Rupees ----------------------
One Lakh.
----------------------
Section 66D provides for punishment for Cheating by personation by
using computer resource. The punishment provided for such an act is up to three ----------------------
years of imprisonment or with fine up to Rupees One Lakh.
----------------------
Section 66E provides for Punishment for Violation of Privacy. Under
this Section if any person intentionally or knowingly captures, publishes or ----------------------
transmits the image of a private area of any person without his or her consent
he is liable for the punishment imprisonment up to three years or with fine not ----------------------
exceeding Rupees Two Lakh.
----------------------
Section 66F provides for Punishment for Cyber Terrorism. Under this
provision if any person- ----------------------
A) intentionally threatens the unity, integrity, security or sovereignty of India ----------------------

or strikes terror in the people or any section of the people by-
----------------------
(i) denying any person authorised access to computer resource
----------------------
(ii) attempting to penetrate or a computer access a computer resource
without authorisation or exceeding authorisation ----------------------
(iii) introducing computer contaminant
----------------------
and by such conducts causes death or injuries to the persons or damage
to or destruction of property or disrupts the supplies or services essential ----------------------
to the life of the community or adversely affect the critical information ----------------------
structure specified under Section 70.
B) knowingly or intentionally penetrates or accesses computer resource ----------------------
without authorisation or exceeding authorisation by such a conduct ----------------------
obtains access to information, data or computer database that is restricted
for reasons of security of the State or foreign relations or causes injury ----------------------
to the interest of the sovereignty and integrity of India, security of the
State or friendly relations with foreign states, public order, decency or ----------------------
morality or in relation to contempt of court, defamation or incitement to ----------------------
an offence or to the advantage of any foreign nation, group of individuals
or otherwise is liable for Cyber Terrorism. ----------------------
Anyone who commits such acts or conspires the commission of such acts ----------------------
is liable for the punishment up to life imprisonment.
----------------------
Cyber Offences 119

Notes
----------------------
---------------------- Match the following.

i. Section 66A a. Violation of privacy
----------------------
ii. Section 66C b. Cyber terrorism
----------------------
iii. Section 66E c. sending offensive messages
---------------------- iv. Section 66F d. Identity theft
----------------------
---------------------- Activity 1
----------------------
Analyze state-wise rate of cybercrimes in India and find the reasons for
---------------------- growth of such crimes.
----------------------
7.3 PUBLISHING OF INFORMATION WHICH IS OBSCENE
----------------------
IN ELECTRONIC FORM
----------------------
Obscenity or pornography in any form is banned in India. As an extension
---------------------- of this principle, obscenity in the electronic form is also banned. The Information
Technology Act makes publication and transmission of obscene material in the
---------------------- electronic form a cognizable non-bilable offence.
---------------------- As per the Section 67 of the said Act, whoever publishes or transmits or
causes to be published in the electronic form, any material which is lascivious
---------------------- or appeals to the prurient interest or if its effect is such as to tend to deprave and
---------------------- corrupt persons who are likely, having regard to all relevant circumstances, to
read, see or hear the matter contained or embodied in it, shall be punished on
---------------------- first conviction with imprisonment of either description for a term which may
extend to three years and with fine which may extend to five lakh rupees and
---------------------- in the event of a second or subsequent conviction with imprisonment of either
---------------------- description for a term which may extend to five years and also with fine which
may extend to ten lakh rupees.
---------------------- Publication or transmissions are essential ingredients of the offence.
---------------------- Further all those entities that cause or help or allow publication or transmission
of such material in the electronic form are also liable. Thus the scope of
---------------------- this section is vast as it covers Network Service Providers, Internet Service
Providers, Website Owners, Cyber Café Owners, Organizations having a
---------------------- computer network, etc. Thus all such entities become liable to face a penalty of
---------------------- imprisonment of either description for a term which may extend to five years
and with fine which may extend to one lakh rupees for the material that is
---------------------- transmitted through their resource or computer network though the said material
is not owned by them or even if they do not exercise any control over the said
---------------------- material.

Case studies Notes
1. eBay case
----------------------
eBay’s Indian CEO, Avnish Bajaj was arrested after his auction site
Baazee.com hosted a sexually explicit picture message of two Delhi ----------------------
school students. He was later released on bail. Avnish Bajaj is an American
----------------------
citizen. Bazee.com CEO Avnish Bajaj pleaded innocence in the scandal.
Senior advocates Arun Jaitley and A.S. Chandhik argued that no case ----------------------
could be made out against Bajaj, an India-born U.S. citizen, as Bazee.
com did not post the alleged obscene material on its website. As soon ----------------------
as they came to know of it from a private party, the said material was
----------------------
removed from the website, Jaitley claimed. It was further submitted that
Bajaj had been co-operating with the police in the investigation and even ----------------------
came here from Mumbai to assist the police. Bajaj was arrested on Friday
with the police claiming that Baazee.com listed the DPS MMS clip on its ----------------------
site under the title ‘DPS Girl Having Fun’ for sale on November 24 and
----------------------
that he did not make any effort to remove it until prodded. A Delhi Court
had rejected Bajaj’s bail plea and he was sent to judicial custody for six ----------------------
days.
----------------------
2. Spurned lover arrested for sending obscene e-mails
The ‘one-way love affair’ of an unemployed computer engineer here has ----------------------
allegedly led him to cyber crimes and police custody. Vishal was arrested ----------------------
by the cyber crime cell for allegedly sending obscene e-mails and short
message services (SMS) to a 22 year old girl and her father. Vishal created ----------------------
a fake e-mail account and sent obscene mails to the girl from various
places, including his residence and cyber cafes. He also sent her obscene ----------------------
SMSs. Vishal was booked under section 292 and 509 of the Indian Penal ----------------------
Code for committing an offence of obscenity and hurling abuses. Later,
the police invoked section 67 of the Information Technology Act and the ----------------------
case was transferred to the cyber cell.
----------------------
Section 67A and Section 67B have been added by way of Amendment in
the year 2008 for giving more effective remedy for the offence of Obscenity of ----------------------
material carrying sexually explicit acts in electronic form and to prohibit child
pornography. ----------------------
Section 67A provides that if any person publishes or transmits any ----------------------
material in electronic form which contains sexually explicit acts is liable for
first conviction for imprisonment up to five years and with fine up to Rupees ----------------------
Ten Lakh and for second or subsequent conviction for imprisonment up to seven ----------------------
years and with fine up to Rupees Ten Lakh.
----------------------
Section 67B provides punishment for publishing or transmitting of material
depicting children in sexually explicit act in electronic form. This provision ----------------------
makes child pornography as an offence. Any one who uses or compels the
children for committing such acts is liable for first conviction for imprisonment ----------------------
of five years and fine up to Rupees Ten Lakh and for second or subsequent
----------------------
conviction for imprisonment up to seven years and fine up to Rupees Ten Lakh.
Cyber Offences 121

Notes
----------------------

1. Section 66E of the Act deals with pornography in electronic form.
----------------------
2. Publication or transmissions are essential ingredients of the offences
---------------------- relating to obscenity in electronic form.
---------------------- 3. The penalty against child pornography is life imprisonment.
----------------------
----------------------
Activity 2
---------------------- Make a survey on the precautionary measures laid down by various

agencies after the Wonderland club exposure.
----------------------
----------------------
7.4 POWER OF CONTROLLER TO GIVE DIRECTIONS
----------------------
Sections 18 to 26, 28, 29 and 44 of the Information Technology Act, 2000
---------------------- describes the functions, duties and powers of the Controller thus establishing
the three-tier system where the Controller exercises control over the Certifying
---------------------- Authorities and also Subscribers. As it is the highest administrative body
---------------------- recognized under the Act, it has been conferred with a lot of powers to exercise
control over the Certifying Authorities.
----------------------
In exercise of these powers –
---------------------- 1. Exercise control over Certifying Authorities - The Controller may, by
order, direct a Certifying Authority or any employee of such Authority
----------------------
to take such measures or cease carrying on such activities as specified in
---------------------- the order if those are necessary to ensure compliance with the provisions
of this Act, rules or any regulations made thereunder. Any person who
---------------------- fails to comply with any order of the Controller, he shall be guilty of an
offence and shall be liable on conviction to imprisonment for a term not
----------------------
exceeding three years or to a fine not exceeding two lakh rupees or to
---------------------- both. Such offence has been made cognizable and non-bailable as per
provisions of CrPC.
----------------------
2. Electronic Tapping - If the Controller is satisfied that it is necessary or
---------------------- expedient so to do in the interest of the sovereignty or integrity of India,
the security of the State, friendly relations with foreign States or public
---------------------- order or for preventing incitement to the commission of any cognizable
offence, for reasons to be recorded in writing, by order, direct any agency
----------------------
of the Government to intercept any information transmitted through any
---------------------- computer resource. The Controller is the sole authority under the Act
to direct any agency of the Government to intercept any information
----------------------

transmitted through any computer, computer system, computer network, Notes
data, computer database or software. This section which enables electronic
tapping does not cause any breach to the Right of Privacy guaranteed under ----------------------
the Constitution as it is exercised within the parameters of reasonable
restrictions as defined under the Constitution. ----------------------
3. Decryption - The subscriber or any person in-charge of the computer ----------------------

resource shall, when called upon by any agency which has been directed
----------------------
under sub-section (1), extend all facilities and technical assistance
to decrypt the information. The subscriber or any person who fails to ----------------------
assist the agency referred to in sub-section (2) shall be punished with
an imprisonment for a term which may extend to seven years. This ----------------------
section is applicable to both, a person in-charge of a computer resource
----------------------
or a subscriber who is a person in whose name the Electronic Signature
Certificate is issued. In order to give assistance for decryption; the person ----------------------
in-charge or the subscriber may have to disclose his password or private
key (in case of Electronic signatures). However, such orders need to be ----------------------
complied with only if issued by the Controller and no other authority.
----------------------
----------------------
1. IT Act 2000 describes the function, duties and powers of the controller. ----------------------
2. If a person fails to comply with any order of the controller, he will not ----------------------
be liable or guilty of any offence.
----------------------
3. Breach to the right to privacy is not applicable to electronic medium.
----------------------
4. The subscriber or any person in charge of the computer resource when
called upon by any agency will be liable to give technical assistance ----------------------
to that particular agency.
----------------------
7.5 PROTECTED SYSTEM ----------------------
----------------------
The appropriate Government may, by notification in the Official Gazette,
declare any computer, computer system or computer network to be a protected ----------------------
system. The appropriate Government may, by order in writing, authorize the
persons who are authorized to access protected systems notified under sub- ----------------------
section. Further, any person who secures access or attempts to secure access
----------------------
to a protected system in contravention of the provisions of this section shall be
punished with imprisonment of either description for a term which may extend ----------------------
to ten years and shall also be liable to fine.
----------------------
Any National Nodal Agency may be appointed by the Central Government
for the purpose of development, protection and security of the Protected System ----------------------
or the critical information system.
----------------------
Section 70 of the Information Technology Act is the only provision which
Cyber Offences 123

Notes deals with the issue of protected system. The definition clause under Section
2 of the IT Act 2000 does not define a “protected system”. Under Section 70,
---------------------- the appropriate government whether Central or State has the discretion to
declare any computer, computer system or computer network as a protected
---------------------- system but section 70 does not define a protected system or any parameters or
---------------------- standards which will enable the appropriate government to declare a computer
system or a network to be a protected system. A computer, computer system or
---------------------- computer network, containing extremely crucial and critical information from
the government’s perspective may be declared a protected system.
----------------------
Further, any computer, computer system or computer network which is
---------------------- an integral part of the sovereign functions of a state, be it defence, maintenance
of public order, decency or friendly relations with other nations, can also be
----------------------
designated as a protected system.
---------------------- A government can also declare a computer, computer system or network
as a protected system if it feels, at any point of time, that it is critical for public
----------------------
interest and that any compromise with regard to its security could impact people,
---------------------- groups or even the society.
In an Executive Order (No 2(8)/2000-Pers.I) dated 12th September, 2002
----------------------
the Ministry of Communications and Information Technology, Department of
---------------------- Information Technology, the Central Government issued following instructions
regarding application of Section 70(1) of the Information technology Act, 2000:
----------------------
For the purpose of sub-section 1 of section 70 of the Act, details of
---------------------- every protected computer, computer system or computer network so notified
by appropriate government may be informed to the Controller of Certifying
---------------------- Authorities, Department of Information Technology, 6, CGO Complex, New
---------------------- Delhi, for the purpose of records and exercising powers under the Act.
Following is an order issued by the Tamil Nadu Government in respect of
---------------------- protected systems –
---------------------- Information Technology Department
---------------------- G.O. (Ms.) No. 6
Dated: 29.06.2005
----------------------
Read:
----------------------
1. From the DGP, Chennai, Letter No. 199409/A&R (2)/2004, dated
---------------------- 5.11.2004.
---------------------- 2. G.O. (Ms.) No.5, IT Department, dated: 29.6.2005

ORDER:
----------------------
WHEREAS, in the G.O. read above, the Government has declared
---------------------- that any computer, computer system (Hardware, Software and Accessories),
website, online service or computer network including the Uniform Resource
----------------------
Locator (URL) in any of the offices of the Government of Tamil Nadu or of
---------------------- the Government undertakings or Boards to be a “protected system”, under sub-
section (1) of section 70 of the Information Technology Act, 2000 (Central Act
21 of 2000). Notes
AND WHEREAS, the Government has decided to authorize certain
----------------------
persons to access protected system notified under sub-section (1) of section 70
of the said Act. ----------------------
NOW, THEREFORE, in exercise of the powers conferred by sub-section
----------------------
(2) of section 70 of the said Act, the Governor of Tamil Nadu hereby authorizes
the following persons to access the protected system notified under sub-section ----------------------
(1) of the said section 70 of the said Act, namely:
----------------------
(1) All existing current users of Computers in Government offices or
Government Undertakings or Boards as per their allowed permissions on ----------------------
their respective computers, accessories and work areas.
----------------------
(2) All existing owners of the contents of the websites, namely, Chief
Secretary and Secretaries to the Government of Tamil Nadu, all Heads ----------------------
of Departments, Officers of the level of Deputy Secretary to Government
and above, but below the Secretary to Government, all Chief Executives ----------------------
of Government undertakings or Boards having original content and ----------------------
authorization for approval of the contents for web hosting by the Secretary
to Government of the Department concerned. ----------------------
(3) All existing owners of the contents who are publishing the web pages and ----------------------
other online services from the Government organisations, Government
undertakings and other Government organisations having agreed to assist ----------------------
in the usage or hosting services.
----------------------
(4) Internet Service Providers (ISP) agencies who are providing the ISP,
hosting, web casting, network support and Maintenance agencies ----------------------
according to their Service Level Agreement provisions and permissions
with the respective Government Department/Government undertakings ----------------------
or Boards and during the existence of such contract with the Government, ----------------------
Government Undertakings or Boards concerned and without prejudice
to or not causing disrepute to the Government or functioning of the ----------------------
Government.
----------------------
A copy of this order shall also be made available on the Internet which
can be accessed at the address http://www.tn.gov.in ----------------------
(BY ORDER OF THE GOVERNOR) ----------------------
C.CHANDRAMOULI ----------------------
SECRETARY TO GOVERNMENT ----------------------
To
----------------------
----------------------
----------------------
----------------------
Cyber Offences 125

Notes All Departments of the Secretariat, Chennai - 9.
---------------------- The Director General of Police, Chennai 600 004

All Heads of Departments
----------------------
All Collectors & District Magistrates
----------------------
The Managing Director, ELCOT, Chennai 35
----------------------
Deputy Director General, NIC, Rajaji Bhavan, Chennai - 90
----------------------
All Public Sector Undertakings/Boards
----------------------
Copy to
----------------------
PS to CS, Chennai - 9
----------------------
PS to Secretary IT Department, Chennai - 9
----------------------
The Law Department, Chennai - 9
----------------------
The Home (Courts) Department, Chennai - 9
----------------------
The Finance Department, Chennai - 9
---------------------- The P&AR Department, Chennai - 9
---------------------- SF/SC
---------------------- /Forwarded/By order/
---------------------- Section Officer
----------------------
----------------------

1. Any ______may be appointed by the Central Government for the
---------------------- development, protection and superiority of the Protected System.
---------------------- 2. Section__ of the IT Act deals with the issue of the protected system.
---------------------- 3. A Government can declare a computer, computer system or network
as a_______.
----------------------
----------------------
7.6 PENALTY FOR MISREPRESENTATION AND PENALTY
----------------------
FOR BREACH OF CONFIDENTIALITY AND PRIVACY
----------------------
Penalty for Misrepresentation - Whoever makes any misrepresentation
---------------------- to, or suppresses any material fact from, the Controller or the Certifying
----------------------

Authority for obtaining any license or Electronic Signature Certificate, as the Notes
case may be, shall be punished with imprisonment for a term which may extend
to two years, or with fine which may extend to one lakh rupees, or with both. ----------------------
This section is applicable to both the Licensed Certifying Authorities as well as
the Subscribers under the Act. In order to obtain a license from the Controller, ----------------------
the Certifying Authority has to fill up a prescribed form and also submit a ----------------------
Certification Practice Statement (CPS). The Subscriber in order to obtain a
Electronic Signature Certificate has to fill up a form and disclose details and ----------------------
information as prescribed under the rules of the said Act. Though the Controller
and the Certifying Authorities have powers to suspend and revoke a license or ----------------------
a certificate respectively, disclosure of information which is incorrect, false or ----------------------
amounts to fraud or misrepresentation is made a criminal offence under the Act.
----------------------
Penalty for Breach of Confidentiality and Privacy
Save as otherwise provided in this Act or any other law for the time being ----------------------
in force, any person who, in pursuance of any of the powers conferred under this
----------------------
Act, rules or regulations made thereunder, has secured access to any electronic
record, book, register, correspondence, information, document or other material ----------------------
without the consent of the person concerned discloses such electronic record,
book, register, correspondence, information, document or other material to any ----------------------
other person shall be punished with imprisonment for a term which may extend
----------------------
to two years, or with fine which may extend to one lakh rupees, or with both.
The Act has conferred powers to – ----------------------
1. The Controller of Certifying Authorities ----------------------
2. The Deputy and Assistant Controller of Certifying Authorities ----------------------
3. Licensed Certifying Authorities and Auditors
----------------------
4. The Adjudicating Officer
----------------------
5. The Presiding Officer of the Cyber Appellate Tribunal
6. The Registrar of the Cyber Appellate Tribunal ----------------------
7. Network Service Provider ----------------------
8. Police Officer (Deputy Superintendent of Police) ----------------------
These officers are under the obligation not to disclose the data to which they
----------------------
have access without the consent of the person concerned.
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
Cyber Offences 127

Notes
----------------------

1. Whoever makes any misrepresentation to, or suppresses any material
----------------------
fact from, the controller or the certifying authority for obtaining any
---------------------- license shall be punished with imprisonment for a term of
i. Up to 2 Years
----------------------
ii. Up to 5 Years
----------------------
iii. Up to 3 Months
---------------------- 2. In order to obtain a license from controller, the certifying authority
---------------------- has to fill up a prescribed form and submit
i. Certification practise statement
----------------------
ii. Electronic signature statement
----------------------
iii. Certification statement
---------------------- 3. The Act confers powers to the following authority:
---------------------- i. Controller of certifying authorities
---------------------- ii. Network service provider
iii. Controller Police officer
----------------------
----------------------
---------------------- 7.7 OFFENCES RELATING TO ELECTRONIC SIGNATURE

----------------------
CERTIFICATES
---------------------- Penalty for publishing Electronic Signature Certificate false in certain

particulars –
----------------------
No person shall publish a Electronic Signature Certificate or otherwise
---------------------- make it available to any other person with the knowledge that -
(a) the Certifying Authority listed in the certificate has not issued it, or
----------------------
(b) the subscriber listed in the certificate has not accepted it, or
----------------------
(c) the certificate has been revoked or suspended,
---------------------- Unless such publication is for the purpose of verifying an Electronic
---------------------- Signature created prior to such suspension or revocation.
Any person who contravenes the provisions of sub-section (1) shall be
---------------------- punished with imprisonment for a term which may extend to two years, or with
---------------------- fine which may extend to one lakh rupees, or with both.
----------------------

Under the Act, both the Certifying Authority and the Subscriber has Notes
to publish and transmit a Electronic Signature Certificate. Rule 23 of the
Information Technology (certifying Authorities) Rules, 2000 provides for ----------------------
publishing of the Electronic Signature Certificate by a Certifying Authority ----------------------
after acceptance of it by the Subscriber. As the Electronic Signature Certificate
is an important instrument of trust; publishing Electronic Signature Certificate ----------------------
false in certain particulars is made a criminal offence.
----------------------
Publication for fraudulent purposes - Whoever knowingly creates,
publishes or otherwise makes available a Electronic Signature Certificate for ----------------------
any fraudulent or unlawful purpose shall be punished with imprisonment for a
term which may extend to two years, or with fine which may extend to one lakh ----------------------
rupees, or with both. ----------------------
The Electronic Signature Certificate is an important instrument of trust,
identifying the Subscriber over networks. The Public Key Infrastructure has ----------------------
been established so that third party can rely on the contents of the Electronic ----------------------
Signature Certificate as well as the identity of the subscriber. Thus the subscriber
as well as the Certifying Authority is duty bound to create and publish Electronic ----------------------
Signature Certificate which are true and correct and authentic. If any fraudulent
act or any illegality is committed while creating or publishing a Electronic ----------------------
Signature Certificate for an unlawful or fraudulent purpose it amounts to a ----------------------
criminal act.
----------------------

1. No person shall publish an electronic signature, which has been ----------------------
revoked or suspended.
----------------------
2. Rule 26 of the Information Technology (Certifying authorities) Rules,
2000 provides for publishing of the electronic signature certificate by ----------------------
the authority.
----------------------
3. The Private Key Infrastructure has been established so that third party
can rely on the contents of the electronic signature certificate and ----------------------
identify the subscriber.
----------------------
----------------------
7.8 LIABILITY OF NETWORK SERVICE PROVIDERS
----------------------
A Network Service Provider means an intermediary.
----------------------
An intermediary is defined under the Information Technology Act 2000
as - with respect to any particular electronic message, means any person who on ----------------------
behalf of another person receives, stores or transmits that message or provides
----------------------
any service with respect to that message.
----------------------
Cyber Offences 129

Notes For the removal of doubts, it is hereby declared that no person providing
any service as a network service provider shall be liable under this Act, rules
---------------------- or regulations made thereunder for any third party information or data made
---------------------- available by him if he proves that the offence or contravention was committed
without his knowledge or that he had exercised all due diligence to prevent the
---------------------- commission of such offence or contravention.
---------------------- Third party information - means any information dealt with by a network
service provider in his capacity as an intermediary.
----------------------
As per the definition of a Network Service Provider, the following are
---------------------- Network Service Providers –
1. Internet Service Providers
----------------------
2. Cellular Service Providers
----------------------
3. Call Centres
---------------------- 4. Cable Operators
---------------------- 5. Website owners
---------------------- Under the act, all these entities are held liable for the third party content
made available by it unless he is able to show that he had no knowledge of the
---------------------- violative content or that he has shown due diligence to prevent the commission
of the offence.
----------------------
Knowledge means actual and constructive knowledge while due diligence
---------------------- means reasonable steps taken by a person of ordinary prudence.
---------------------- This section has been criticized as draconian as NSPs are required to
shoulder an excessive and unwarranted responsibility for third party information
---------------------- over which they have no control.
----------------------
----------------------

---------------------- 1. A Network Service Provider means an _____________.
---------------------- 2. Knowledge means _______ and ______ knowledge.
----------------------
7.9 ADDITIONAL PROVISIONS
----------------------
Confiscation
----------------------
Any computer, computer system, floppies, compact disks, tape drives
---------------------- or any other accessories related thereto, in respect of which any provision
of this Act, rules, orders or regulations made thereunder has been or is being
----------------------
contravened, shall be liable to confiscation;
----------------------

Provided that where it is established to the satisfaction of the Court Notes
adjudicating the confiscation that the person in whose possession, power or
control of any such computer, computer system, floppies, compact disks, tape ----------------------
drives or any other accessories relating thereto is found is not responsible for
the contravention of the provisions of this Act, rules, orders or regulations ----------------------
made thereunder, the Court may, instead of making an order for confiscation ----------------------
of such computer, computer system, floppies, compact disks, tape drives or any
other accessories related thereto, make such other order authorized by this Act ----------------------
against the person contravening of the provisions of this Act, rules, orders or
regulations made thereunder as it may think fit. ----------------------
No penalty imposed or confiscation made under this Act shall prevent ----------------------
the imposition of any other punishment to which the person affected thereby is
----------------------
liable under any other law for the time being in force.
----------------------
7.10 COMPUTER RELATED CRIMES UNDER INDIAN
----------------------
PENAL CODE
The definition of the electronic record was added to the Indian Penal Code ----------------------
in the year 2000 at the time of enactment of the Information Technology Act ----------------------
and had the same meaning as per Section 2(1) (t) of the Information Technology
Act. By virtue of this addition, all offences relating to documents became ----------------------
applicable to electronic records.
----------------------
1. Forgery (Section 463)
----------------------
Whoever makes any false document or a false electronic record or part of
a document or electronic record, with an intent to cause damage or injury ----------------------
to the public or to any person or to support any claim or title, or to cause
any person to part with property or to enter into any express or implied ----------------------
contract or with intent to commit fraud or that fraud may be committed
----------------------
commits forgery.
2. Making a false document (Section 464) ----------------------
A person is said to make a false document or false electronic record – ----------------------
Firstly, Who dishonestly or fraudulently ----------------------
a) makes, signs, seals or executes a document or part of the document
----------------------
b) makes or transmits any electronic record or part of any electronic
record ----------------------
c) affixes any electronic signature on any electronic record ----------------------
d) makes any mark denoting the execution of a document or the
----------------------
authenticity of a electronic signature with the intention of causing
it to be believed that such document or part of the document, ----------------------
electronic record or electronic signature was made, signed, sealed,
executed, transmitted, affixed by or by the authority of a person by ----------------------
whom or by whose authority he knows that it was not made, signed,
----------------------
sealed, executed or affixed.
Cyber Offences 131

Notes Secondly, Who, without lawful authority, dishonestly or fraudulently, by
cancellation or otherwise, alter a document or an electronic record in any
---------------------- material part thereof, after it has been made, executed or affixed with
electronic signature either by himself or any other person, whether such
---------------------- person be living or dead at the time of such alteration; or
---------------------- Thirdly, Who dishonestly or fraudulently causes any person to sign,
seal, execute or alter a document or an electronic record or to affix his
----------------------
electronic signature on any electronic record knowing that such person by
---------------------- reason of unsoundness of mind or intoxication cannot, or that be reason
of deception practiced upon him, he does not know the contents of the
---------------------- document or electronic record or the nature of the alteration.
---------------------- Punishment for forgery is imprisonment of either description for a term
which may extend to two years or with fine or with both.
----------------------
Some examples
---------------------- 1. A student from a leading college of management created a profile
---------------------- on Orkut - a popular social networking site, of a leading management
trainer who used to teach at the management college. The said profile
---------------------- contained actual and real photographs of the management trainer, his
resume, real address and phone numbers. People communicated with this
---------------------- person believing that he was the IT leading management trainer.
---------------------- 2. A Phishing Attack - A person received an e-mail from Gmail stating that
he is required to enter his user id and password for the purpose of updating
---------------------- of records by Google/Gmail. After entering the user id and password, the
---------------------- person realized that he could not access his gmail account.
3. Cyber Defamation
----------------------
The offence of defamation is defined in Section 499 of The Indian Penal
---------------------- Code. It consists of the following essential ingredients –
---------------------- l Making or publishing of an imputation concerning a person
---------------------- l Such imputation should have been made (a) by words either spoken
or written (b) by signs or (c) by visible representations
---------------------- l The said implications should have been made with intent to harm or
---------------------- knowing or having reason to believe that it will harm the reputation
of such persons.
---------------------- The defamatory matter must be published; i.e. communicated to some
---------------------- person other than the person about whom it is addressed. Thus this section
finds applicability when defamatory material is posted on a website or a blog.
---------------------- However, communication of defamatory material by email to the person
concerned will not amount to defamation.
----------------------
Section 501, IPC states that whoever prints any matter, knowing or having
---------------------- good reason to believe that such matter is defamatory of any person would be
liable to imprisonment up to two years or fine or both. Thus the publisher of a
----------------------
newspaper in which the defamatory matter is printed is liable under this section.

Thus an Internet Service Provider hosting a website would be liable for Notes
the content of the website. Further the website owner will be liable for content
including third party content under Section 501 of IPC. However Section 79 ----------------------
of the IT Act also fixes the liability on the NSP for the content it transmits or
publishes. Punishment for defamation is simple imprisonment up to 2 years or ----------------------
with fine or with both. ----------------------
Case Study
----------------------
Orkut text on Sonia: one more arrested
----------------------
The cyber cell on Saturday arrested a suspect for allegedly uploading
obscene and derogatory text about Congress Chief Sonia Gandhi on Orkut. He ----------------------
had added the derogatory text in a community named ‘I hate Sonia Gandhi’ on
Orkut. The police had first asked Google to provide the IP address of the person ----------------------
who posted the text on Orkut.
----------------------

----------------------
----------------------
i. Forgery a. Section 499 of IPC
ii. Making a false document b. Section 463 of IPC ----------------------
iii. Cyber defamation c. Section 464 of IPC ----------------------
----------------------
Summary
----------------------
●● The primary objective of the Information Technology Act, 2000 was to
----------------------
promote
●● e-commerce and e-governance and thus cyber crimes were not addressed ----------------------
thoroughly. However the Act addressed three primary issues in respect of
----------------------
cyber crimes which are source code theft, hacking and cyber pornography.
All these three are made cognizable and non-bailable offences. In addition ----------------------
to this liability of third party, content is fixed on the Network Service
Providers or the intermediaries unless the NSP is able to show that he had ----------------------
no knowledge of the violative content or that he had shown due diligence
----------------------
to prevent the commission of the offence. This section was put to test
when the NRI CEO of an auction site ebay was arrested in the year 2004 ----------------------
for hosting an obscene clip on its website.
----------------------
●● The object of the Act was also to establish an infrastructure for creating,
circulating and authenticating Electronic Signature Certificates. Hence ----------------------
the Public Key Infrastructure was established (PKI) which is a three tier
structure consisting of Controllers, Certifying Authorities and Subscribers. ----------------------
Each constituent of the PKI have certain roles and responsibilities defined
----------------------
under the Act. In order to ensure the compliance of these roles and
responsibilities by the constituent in letter and in spirit, any violation by ----------------------
the constituent has been made a criminal offence.
Cyber Offences 133
Notes ●● In addition, as the electronic record has been defined under the Indian
Penal Code, all provisions/offences applicable to the document are now
---------------------- applicable to the electronic record.
----------------------
Keywords
----------------------
●● NSP: Network Service Provider.
---------------------- ●● Phishing: Method of stealing user id and password (also referred to as
---------------------- identity theft).
●● DSC: Electronic Signature Certificate.
----------------------
●● CA: Certifying Authority.
---------------------- ●● ISP: Internet Service Provider.
----------------------
----------------------
1. Is Hacking nothing but Electronic mischief?
----------------------
2. What is the law against cyber pornography in India? Discuss with case
---------------------- studies.
---------------------- 3. Is data theft a criminal offence? What are the provisions under Indian
law that will protect data and source code against unauthorized access,
---------------------- copying or theft.
---------------------- 4. What is an intermediary. Discuss the liabilities of network service
providers under the Act. Discuss with the help of ebay case.
----------------------
5. What is cyber defamation? What is the punishment for cyber defamation?
---------------------- 6. What are the powers of the Controller in respect of Electronic tapping and
---------------------- decryption?
7. What is a protected system? How is it ‘protected ‘ against unauthorized
---------------------- access?
---------------------- 8. Discuss the offences relating to Electronic Signature Certificates.
---------------------- 9. Is making a forged electronic record a crime? Discuss.
---------------------- 10. What is cyber stalking?
---------------------- Answers to Check your Progress

---------------------- i. –c
ii. –d
----------------------
iii. – a
----------------------
iv. – b
Check your Progress 2 Notes
----------------------
1. False
----------------------
2. True
3. False ----------------------
----------------------
----------------------
----------------------
1. True
2. False ----------------------
3. False ----------------------
4. True ----------------------

1. Any National Nodal Agency may be appointed by the Central Government ----------------------
for the development, protection and superiority of the Protected System.
----------------------
2. Section 70 of the IT Act deals with the issue of the protected system.
3. A Government can declare a computer, computer system or network as a ----------------------
Protected System. ----------------------
----------------------
----------------------
1. Whoever makes any misrepresentation to, or suppresses any material fact ----------------------
from, the controller or the certifying authority for obtaining any license
----------------------
shall be punished with imprisonment for a term of
i. Up to 2 Years ----------------------
2. In order to obtain a license from controller, the certifying authority has to ----------------------
fill up a prescribed form and submit
----------------------
i. Certification practise statement
----------------------
3. The Act confers powers to the following authority.
iv. All of the above ----------------------
----------------------
----------------------
----------------------
Cyber Offences 135

Notes Check your Progress 6
----------------------
1. True
----------------------
2. False
---------------------- 3. False
----------------------
----------------------
Fill in the blanks.
----------------------
1. A Network Service Provider means an intermediary.
---------------------- 2. Knowledge means actual and constructive knowledge.
----------------------
----------------------
---------------------- i. –b
---------------------- ii. –c
---------------------- iii. – a
----------------------
---------------------- Suggested Reading

---------------------- 1. Singh, Yatindra. Cyber Laws.
---------------------- 2. Narayanan, Ajit and Bennum (ed.). Law, Computer Science and Artificial
Intelligence.
----------------------
3. Brennan, Linda and Victoria Johnson. Social, ethical and policy
---------------------- implication of Information Technology.
---------------------- 4. Nandan, Kamath. Law relating to Computer, Internet and E-Commerce.

5. Lessing, Lawrence. Code and other Laws of cyberspace.
----------------------
6. Singhal, Arvind and Everett Rogers. India’s Communication Revolution:
---------------------- From Bullock Carts to Cyber Marts.
---------------------- 7. http://mylibertatem.com/shreya-singhal-v-union-of-india-the-landmark-
sec-66a-case/
----------------------
----------------------
----------------------
----------------------
----------------------

Constitutions Rights Vs. Cyber Crime
UNIT
8
Structure:
8.1 Right to Privacy and Art. 21 of the Constitution of India

8.2 Right to Privacy and Art. 19 (1) (a) and Art. 19 (2) of the Constitution of
India
8.3 Right to Privacy and Technological Invasion
8.4 Right to Privacy and Information Technology Act 2000
Summary
Keywords
Suggested Reading
Constitutions Rights Vs. Cyber Crime 137

Notes
Objectives
----------------------
• Clarify the ambit and meaning of the Right to Life guaranteed under
----------------------
Art. 19 (1)(a), Art. 19 (2) and Art. 21 under the Constitution of India
---------------------- • Explain the inclusion of the Right to Privacy under the Right to Life
guaranteed under the Constitution of India
----------------------
• Recognize and evaluate the protection available to the Right to Privacy
---------------------- under the existing Cyber Laws
---------------------- • Discuss the Right to Privacy in light of the crimes driven by technology
----------------------
---------------------- 8.1 RIGHT TO PRIVACY AND ART 21 OF THE

CONSTITUTION OF INDIA
----------------------
Penetration of technology in our day to day lives have definitely made
---------------------- our lives much simpler and effective thereby leaving more time in our hands to
do things more meaningful and result oriented. Progress and technology goes
----------------------
hand in hand. We can’t think of a single moment in our daily routine which is
---------------------- not touched by technology. But there is also a dark side to this; technology has
reached those parts of our lives which we would have preferred to be ‘private’.
----------------------
Taking pictures without the person’s consent has become very easy with
---------------------- the availability of sophisticated cell phones with cameras at low prices, tapping
of cell phone conversation; intercepting sms/mms/chat messages has become a
---------------------- common phenomenon. “Being watched” is also a common feeling with CCTVs
---------------------- and cameras planted in public places and work places and e-mails, chats, etc.
which are monitored, checked and sifted through at work places. Now all this is
---------------------- not a very comfortable feeling. So don’t we have a remedy against this unwanted
encroachment on our privacy?
----------------------
To understand this, we first need to understand what Right to Privacy is
---------------------- and then look at measures available to protect it.
---------------------- The following famous quote sums up the Right to Privacy very beautifully –
“A man has the right to pass this world, if he wills, without having
----------------------
his pictures published, his business enterprises discussed, his successful
---------------------- experiments written up for the benefit of others, of his eccentricities commented
upon, whether in handbills, circulars, catalogues, newspapers or periodicals.
----------------------
- Alton B. Parkar, American Jurist
---------------------- Robertson vs. Rochater Folding Box Co.
---------------------- Justice Luis D. Brande in Olmstead vs. The United States, (1927 (277)
US 438) observed and which now is considered as the most crisp definition of
---------------------- the Right to Privacy.

“The right to be alone - the most comprehensive of rights and the most Notes
valued by civilized men”.
----------------------
So is such a Right to Privacy available under any existing laws in India?
Is it guaranteed by the Constitution? ----------------------
Well, our constitution does not specifically provide the “right to privacy”
----------------------
as one of the fundamental rights guaranteed to the citizens. But it is protected
under various legislations like the Penal Code, the Evidence Act and the ----------------------
Constitution.
----------------------
The right to privacy is one of the most primary needs of man. It establishes
certain boundaries so that entry of others in it is restricted. It is a part and parcel ----------------------
of the Right to Live and breathe freely and think and act without supervision,
interference and disturbance. It is the very essence of democracy. ----------------------
Article 21 of the Constitution provides as under – ----------------------
“No person shall be deprived of his life or personal liberty except ----------------------
according to procedure established by law”.
----------------------
The Supreme Court of India has upheld this “right to privacy” in various
cases and it has been clearly enunciated in judicial pronouncements that “right ----------------------
to privacy” is a part and parcel of the fundamental Right to Life guaranteed
under the Constitution in its Article 21. ----------------------
In Kharak Singh vs. State of Uttar Pradesh, AIR 1963 SC 1295, the apex ----------------------
Court held that the expression life in Article 21 is not limited to bodily restraint
or confinement to prisons only. The Court further held that the domiciliary visits ----------------------
of the policemen were an invasion into the petitioner’s personal liberty. By the
----------------------
term ‘life’ as used in the Article, something more is meant than mere animal
existence. The inhibition against its deprivation extends to all those limits and ----------------------
faculties by which life is enjoyed. An unauthorized intrusion into a person’s
home and the disturbance caused to him is the violation of the personal liberty ----------------------
of an individual.
----------------------
In Maneka Gandhi vs. Union of India, AIR 1978 SC 597, the Supreme
Court widened the scope of the words ‘personal liberty’, observing: ----------------------
“The expression ‘personal liberty’ in Article 21 is of widest amplitude and ----------------------
it covers a variety of rights which go to constitute the personal liberty of man
and some of them have been raised to the status of distinct fundamental rights ----------------------
and given additional protection under Article 19”. ----------------------
The question relating to “right to privacy” was commented upon by
the apex Court in Govind vs. State of Madhya Pradesh. AIR 1975 SC 1378, ----------------------
wherein it was held that Article 21 protects the “right to privacy” and promotes ----------------------
the dignity of the individual. The Supreme Court observed:
“The right to personal liberty, the right to move freely and the freedom ----------------------
of speech create an independent right of privacy as an emanation from them ----------------------
which can be characterized as a fundamental right. The “right to privacy” would
necessarily have to go through a process of case by case development”. ----------------------

Notes In State of Maharashtra vs. Madhukar Narayan Mardikar, AIR 1991
SC 207, the apex Court held that ‘even a woman of easy virtue is entitled to
---------------------- privacy and no one can invade her privacy as and when he likes. So also it is
not open to any and every person to violate her person as and when he wishes.
---------------------- She is entitled to protect her person if there is an attempt to violate it against her
---------------------- wish. She is equally entitled to the protection of law.’ This judgment reaffirming
“right to privacy” as a fundamental right deserves to be hailed as the hallmark
---------------------- of excellence.
---------------------- In R. Rajagopal vs. State of Tamil Nadu, AIR 1995 SC 264, the Supreme
Court held that the “right to privacy” is implicit in the right to life and liberty
---------------------- guaranteed to the citizens of this country by Article 21. It is a “right to be left
alone”. A citizen has a right to safeguard the privacy of his own, his family,
----------------------
marriage procreation, motherhood, child-bearing and education among other
---------------------- matters. None can publish anything concerning the above matters without his
consent - whether truthful or otherwise. If one does so, one would be liable in an
---------------------- action for damages. It may, however, be different, if a person voluntarily thrusts
oneself or raises a self-created controversy.
----------------------
In People’s Union for Civil Liberties vs. Union of India. AIR 1997 SC
---------------------- 568, it was held that the right to hold a telephone conversation in the privacy of
one’s home or office without interference can certainly be claimed as “right to
----------------------
privacy”. Conversations on the telephone are often of intimate and confidential
---------------------- character. Telephone conversation is a part of man’s private life. “Right to
privacy” would certainly include telephone conversation in the privacy of one’s
---------------------- home or office. Telephone tapping is a serious invasion of privacy and would,
thus, infract Article 21 of the Constitution of India unless it is permitted under
----------------------
the procedure established by law. This case is discussed in more detail under the
---------------------- sub heading telephone tapping
Yet another dimension to right to privacy was added in Mr. ‘X’ vs. Hospital
----------------------
‘Z’, where the appellant’s blood was to be transfused to another but he was
---------------------- tested HIV (+) at the respondent’s hospital. On the account of disclosure of this
fact, the appellant’s proposed marriage to one ‘A’, which had been accepted,
---------------------- was called off. The appellant approached the National Consumer Disputes
Redressal Commission for damages against the respondents on the ground that
----------------------
the information required under medical ethics, to be kept secret, was disclosed
---------------------- illegally and that, therefore, the respondents were liable to pay damages to
the appellant. The Commission dismissed the petition on the ground that the
---------------------- appellate could seek his remedy in the civil court.
---------------------- Before the Supreme Court, the appellant contended that the principal of
“duty of care” applicable to persons in medical profession included the duty
---------------------- to maintain confidentiality and that the said duty had a correlative right vested
---------------------- in the patient that whatever came to the knowledge of the doctor would not be
divulged. The appellant added that for violating the duty as well as for violating
---------------------- the appellant’s right to privacy, the respondents were liable for damages to the
appellant.
----------------------

The Supreme Court, while rejecting the appellant’s contentions, held Notes
that the “right to privacy has been called out of the provisions of Article 21
and other provisions of the Constitution relating to the Fundamental Rights ----------------------
read with the Directive Principles of State Policy. Right of privacy may, apart
----------------------
from contract, also arise out of a particular specific relationship, which may be
commercial, matrimonial, or even political. Doctor-patient relationship, though ----------------------
basically commercial, is professionally, a matter of confidence and, therefore,
doctors are morally and ethically bound to maintain confidentiality. In such a ----------------------
situation, public disclosure of even true private facts may amount to an invasion ----------------------
of the right of privacy which may sometimes lead to the clash of one person’s
“right to be let alone” with another person’s “right to be informed”. The right, ----------------------
however, is not absolute and may be lawfully restricted for the prevention of
----------------------
crime, disorder or protection of health or morals or protection of rights and
freedom of others”. ----------------------
“Where there is a clash of two fundamental rights, as in this case, right ----------------------
of privacy of one party as part of right to life and right to lead a healthy life
of another party which is also a fundamental right under Article 21, the right ----------------------
which would advance the public morality or public interest, would alone be
----------------------
enforced through the process of court, for the reason that moral consideration
cannot be kept at bay and the judges are not expected to sit as mute structures ----------------------
of clay in the hall known as the courtroom, but have to be sensitive, in the sense
that they must keep their fingers firmly upon the pulse of the accepted morality ----------------------
of the day”. ----------------------
Further in Sharda vs. Dharmpal, (2003) 4 SCC 493, it was held by the
----------------------
Supre me Court that the right to privacy in terms of Art. 21 of the Constitution is
not an absolute right. If there was a conflict between fundamental rights of two ----------------------
parties, that right which advances public morality would prevail.
----------------------
The above catena of case law lays down that “right to privacy” is a part
of fundamental right under Article 21 of the Constitution. However there is ----------------------
no clear cut definition of the Right to Privacy which makes it difficult for law
----------------------
enforcement agencies to initiate any actions for alleged actions which cause
infringement of privacy and also makes it difficult for individuals to seek ----------------------
protection under any established law or rule against any acts which causes
infringement of their privacy rights. The Right to Privacy continues to be under ----------------------
threat as there is no clear definition available under any law and no enabling ----------------------
provision that makes an act of infringement of the Right to Privacy a criminal
offence. ----------------------
There is a need for a constitutional amendment whereby “right to privacy” ----------------------
should either be added in Article 21 or a new clause should be added in Article
19, which should be subject to appropriate judicial control, so that balance is ----------------------
struck between individual’s privacy and social exposure. ----------------------
----------------------

Notes 8.2 RIGHT TO PRIVACY AND ART. 19 (1) (A) AND ART.
19(2) OF THE CONSTITUTION OF INDIA
----------------------
Art 19(1) (a) is the fundamental right to “freedom of speech and
----------------------
expression” guaranteed by the Constitution of India. It is subject to the
---------------------- reasonable restrictions imposed by the State. Such reasonable restrictions are in
the form of the following offences defined under the Indian Penal Code:
----------------------
(i) defamation
---------------------- (ii) contempt of court
---------------------- (iii) offences against decency or morality
---------------------- (iv) offences against security of the State

(v) offences against friendly relations with foreign states
----------------------
(vi) incitement to an offence
----------------------
(vii) offences against public order
---------------------- (viii) offences against maintenance of the sovereignty and integrity of India.
---------------------- Thus it can safely be said that this fundamental right includes the Right
of Privacy as it protects one’s privacy by making the acts which amount to
---------------------- defamation and acts which cause injury to one’s decency and morality a criminal
---------------------- offence.
Offence of Defamation
----------------------
Making or publishing of an imputation concerning a person by words
---------------------- either spoken or written, by signs or by visible representations with an intention
to harm the reputation of such person.
----------------------
Thus the freedom of expression does not allow one to make statements
---------------------- that are communicated to a third party in any form with an intention to harm
the reputation of a person. If such statements are made; it amounts to a criminal
----------------------
offence punishable with fine and imprisonment under the Indian Penal Code.
---------------------- One can also claim damages and compensation under civil law for the harm
caused to one’s reputation.
----------------------
Offences against decency or morality under IPC
---------------------- Obscenity: The word obscenity has been defined under English statute
---------------------- and the test of the word has been laid down in the famous Hicklin Test, U/s 292
of the IPC. A book, pamphlet, paper, writing, etc. shall be deemed to be obscene
---------------------- if it is lascivious, appeals to the prurient interest or is such as to tend to deprave
and corrupt persons who are likely to read, see or hear it.
----------------------
Section 67 of the IT Act make publishing of information in the obscene
---------------------- form a criminal offence.
---------------------- Any act that may amount to outraging the modesty of a woman is a
criminal offence under the IPC.
----------------------

Stalking Notes
There is no ‘legal’ definition of stalking. It can be defined as harassing
----------------------
or threatening behaviour a person engages into repeatedly against a person.
Though such harassing and threatening acts may not cause actual physical ----------------------
harm; the apprehension of fear is what constitutes an offence of stalking. Such
acts definitely have an effect of curtailing ones freedom and thus cause a direct ----------------------
infringement of privacy though not directly defined under IPC.
----------------------
Mathew, J. stated the law relating to Privacy in the following words:
----------------------
“………………. Privacy-dignity claims deserve to be examined with
care and to be denied only when an important countervailing interest is shown ----------------------
to be superior. If the Court does find that a claimed right is entitled to protection
as a fundamental privacy right, a law infringing it must satisfy the compelling ----------------------
State interest test…………….
----------------------
…………. Privacy primarily concerns the individual. It therefore relates
to and overlaps with the concept of liberty. The most serious advocate of privacy ----------------------
must confess that there are serious problems of defining the essence and scope ----------------------
of the rights and values”.
Any right to privacy must encompass and protect the personal intimacies ----------------------
of the home, the family, marriage, motherhood, procreation and child rearing ----------------------
……….”
Another dimension has been added to the recognition of privacy rights, ----------------------
when in State vs. Charulata Joshi, the Supreme Court held that: ----------------------
“the constitutional right to freedom of speech and expression conferred
----------------------
by Article 19(1)(a) of the Constitution which includes the freedom of the press
is not an absolute right. The press must first obtain the willingness of the person ----------------------
sought to be interviewed and no court can pass any order if the person to be
interviewed expresses his unwillingness”. ----------------------
Further in R. Rajagopal vs. State of Tamil Nadu where the question was: ----------------------
(1) whether a citizen of this country can prevent another person from writing
his life-story or biography (2) Whether freedom of press guaranteed by Art. ----------------------
19 (1) (a) entitle the press to publish such unauthorized account of a citizen’s
----------------------
life and activities and if so to what extent and in what circumstances? And (3)
whether the public officials, who apprehend that any of their colleagues may be ----------------------
defamed, can impose a prior restraint on the press to prevent such publication?
----------------------
Justice B.P. Jeevan Reddy observed that: (1) the right to privacy is implicit
in the right to life and liberty guaranteed to the citizens of this country by Article ----------------------
21. It is a “right to be let alone”. A citizen has a right to safeguard the privacy
of his own, his family, marriage, procreation, motherhood, child bearing and ----------------------
education among other matters. None can publish anything concerning the
----------------------
above matters without his consent – whether truthful or otherwise and whether
laudatory or critical. If he does so. He would be violating the right to privacy of ----------------------
the person concerned and would be liable in action for damages.
----------------------

Notes (2) The rule aforesaid is subject to the exception, that any publication
concerning the aforesaid aspects becomes unobjectionable if such publication is
---------------------- based upon public records including Court records. This is for the reason that once
matter becomes a matter of public record, the right to privacy no longer subsists and
---------------------- it becomes a legitimate subject for comment by press and media among others.
---------------------- (3) In the case of public officials, it is obvious, right to privacy, or for that
matter, the remedy of action for damages is simply not available with respect
----------------------
to their acts and conduct relevant to the discharge of their official duties. This
---------------------- is so even where publication is based upon facts and statements, which are
not true, unless the official establishes that the publication was made (by the
---------------------- defendant) with reckless regard for truth. In such a case, it would be enough
for the defendant (member of the press or media) to prove that he acted after a
----------------------
reasonable verification of the facts; it is not necessary for him to prove that what
---------------------- he has written is true……….
The Court held that the petitioners have a right to publish what they allege
----------------------
to the life-story/autobiography of Auto Shankar in so far as it appears from the
---------------------- public records, even without his consent or authorization. But if they go beyond
that and publish his life story, they may be invading his right to privacy, and
---------------------- then they will be liable for the consequences in accordance with law. Similarly,
the State or its officials cannot prevent or restraint the said publication.
----------------------
The important points discussed in the aforesaid judgments given by the
---------------------- Supreme Court are as follows:
---------------------- (1) Though the right to privacy does not enjoy the status of a specific
constitutional right, the individual’s right to privacy exists and any
---------------------- unlawful invasion of privacy would make the ‘offender’ liable for the
---------------------- consequences in accordance with law;
(2) Privacy Law has evolved largely through judicial pronouncements and
---------------------- that constitutional recognition is given to the right of privacy which
---------------------- protects personal privacy against unlawful governmental invasion;
(3) That the person’s “right to be let alone” is not an absolute right and may
---------------------- be lawfully restricted for the prevention of crime, disorder of protection
---------------------- of health or morals or protection of rights and freedom of others;
Hence, it would be important that these themes must take into consideration
----------------------
while looking into the issues of breach of confidentiality and privacy in the
---------------------- information technology (digital) medium.
----------------------
----------------------
----------------------
i. Defamation a. Obscenity
---------------------- ii. Hicklin Test b. Judicial law making
---------------------- iii. Privacy law c. Criminal law

8.3 RIGHT TO PRIVACY AND TECHNOLOGICAL INVASION Notes
Privacy in the technology driven world is a difficult proposition. ----------------------

Technology has become a kind of double-edged sword, on one hand it equips
----------------------
the person to safeguard his privacy and on the other it helps in encroaching on
the private space of another. ----------------------
Internet Protocol Addresses are considered as the identity of the person
----------------------
browsing the Internet. They are also referred to as digital footprints. With
advancement in technology there are various ways and means by which these IP ----------------------
addresses of users can be captured. It almost amounts to capturing the identity
of a person without the person’s knowledge or consent. ----------------------
The computer resource in use could easily be identified as it has been given ----------------------
a unique IP address (static or dynamic) by the Internet Service Provider (ISP).
It is represented by four octets and therefore ranging from 0 to 255 (example: ----------------------
202.14.232.33). Whenever a person browses, visits a site, sends an e-mail or
----------------------
chats online, he leaves his ‘distinctive’ IP address behind. It is possible either by
searching IP registration databases or by conducting a trace route, to determine ----------------------
an approximate physical location of an IP address.
----------------------
Sometimes these IP addresses are also misused by means which is
commonly known as “spoofing”. Spoofing means sending a message purporting ----------------------
to be from an IP address while it is from another address.
----------------------
In the digital medium we as users are under constant surveillance,
knowingly or unknowingly. ----------------------
To name a few widely used surveillance technologies – they are ----------------------
(a) Telephone tapping
----------------------
(b) Spamming
----------------------
(c) Cookies
(d) Web Bugs ----------------------
(e) E-mail or document bugs ----------------------

(f) Spyware ----------------------
(g) Online digital profiling
----------------------
A) Telephone Tapping
----------------------
In India there have been routine allegations against the government at
the state as well as at the centre for using of telephone tapping to spy on their ----------------------
political rivals. Be it Samajwadi Party General Secretary Shri Amar Singh in
the year 2006 or President Zail Singh accusing the Rajiv Gandhi Government ----------------------
of tapping Rashtrapati Bhavan telephones. With the technological advances, ----------------------
telephone tapping has now become very easy for even individuals to tap the
telephones of relatives of friends. The Supreme Court in the year 1996 laid ----------------------
down some procedural guidelines in respect of telephone tapping in a public
----------------------

Notes interest litigation filed by NGO, PUCL. The Indian Telegraph Act 1885 was
amended in the year 1997 to include the directions issued by the Supreme Court.
----------------------
A brief summary of the case PEOPLE’S UNION FOR CIVIL
---------------------- LIBERTIES [PUCL] Vs. UNION OF INDIA as reported in AIR 1997 SC
568 is as under -
----------------------
The People’s Union for Civil Liberties [PUCL] filed a writ petition with
---------------------- the Supreme Court challenging the constitutional validity of Section 5(2) of
the Indian Telegraph Act, 1882, which authorizes the government to intercept
---------------------- messages on the occurrence of any public emergency or in the interest of public
safety, if it is satisfied that it is necessary or expedient to do so in five given
----------------------
situations. PUCL approached the Court on the basis of a report on tapping of
---------------------- politician’s telephones by the Central Bureau of Investigation.
The Supreme Court observed as follows –
----------------------
The right to have telephone conservation in the privacy of one’s home or
---------------------- office is part of the Right to Life and Personal Liberty enshrined in Article 21 of
---------------------- the Constitution, which cannot be curtailed except according to the procedure
established by law. The Supreme Court asserted that telephone tapping amounts
---------------------- to an invasion of privacy in violation of this core right. The Freedom of Speech
and Expression guaranteed by Article 19 of the Constitution includes the right
---------------------- to express one’s convictions and opinions freely by word of mouth. When a
---------------------- person is talking on the telephone, she/he is exercising this freedom.
Article 17 of the International Covenant on Civil and Political Rights,
---------------------- 1966 expressly forbids arbitrary interference with privacy, family, home or
---------------------- correspondence and stipulates that everyone has the right to protection of the
law against such intrusions. The Supreme Court affirmed that international law,
---------------------- if it does not conflict with national legislation will be deemed as municipal
[domestic/national] law.
----------------------
Elaborating the scope of Section 5 (2) of the Indian Telegraph Act, 1882
---------------------- the Court clarified that this section does not confer unguided and unbridled
power on investigating agencies to invade a person’s privacy. Telephone tapping
---------------------- is only permitted in the following two circumstances:
---------------------- (i) On the occurrence of a Public Emergency: This means the prevailing of
a sudden condition or state of affairs affecting the people at large calling
----------------------
for immediate action.
---------------------- (ii) In the interest of Public Safety: This means the state or condition of
freedom from danger for the people at large.
----------------------
The test of whether the above circumstances exist would be apparent to a
---------------------- reasonable person.
---------------------- The Supreme Court strongly asserted, that if the two circumstances are
not in the interests of
----------------------
(i) the sovereignty and integrity of India
----------------------
(ii) the security of the State

(iii) friendly relations with foreign States Notes
(iv) public order
----------------------
(v) preventing incitement to the commission of an offence
----------------------
The Central or State Government or their duly authorized officers cannot
resort to phone tapping. ----------------------
The following directions were issued - ----------------------
1. Tapping of telephones is prohibited without an authorizing order from
the Home Secretary, Government of India or the Home Secretary of the ----------------------
concerned State Government. ----------------------
2. The order, unless it is renewed shall cease to have authority at the end of
two months from the date of issue. Though the order may be renewed, it ----------------------
cannot remain in operation beyond six months. ----------------------
3. Telephone tapping or interception of communications must be limited to
----------------------
the address(es) specified in the order or to address(es) likely to be used by
a person specified in the order. ----------------------
4. All copies of the intercepted material must be destroyed as soon as their
----------------------
retention is not necessary under the terms of Section 5(2) of the Indian
Telegraph Act, 1882. ----------------------
5. In an urgent case, this power may be delegated to an officer of the Home ----------------------
Department, Government of India or the Home Department of the State
Government, who is not below the rank of Joint Secretary. Copy of this ----------------------
order should be sent to the concerned Review Committee within one
week of passing of the order. ----------------------
6. This Review Committee shall consist of the Cabinet Secretary, Law ----------------------
Secretary and the Secretary Telecommunications at the Central
Government. At the state level, the Committee shall comprise of Chief ----------------------
Secretary, Law Secretary and another member (other than the Home ----------------------
Secretary) appointed by the State Government. The Committee shall on
its own, within two months of the passing of an order under Section 5 (2) ----------------------
investigate whether its passing is relevant. If an order is in existence, the
Committee should find out whether there has been a contravention of the ----------------------
provisions of Section 5 (2). If the Review Committee on investigation ----------------------
concludes that provisions of Section 5 (2) have been contravened, it shall
direct destruction of the copies of the intercepted material. ----------------------
Under the Information Technology Act 2000, a Controller or the Certifying ----------------------
Authority appointed under the Act can authorize a security agency to intercept
communications over telephones, internet, etc. in order to protect the interest of ----------------------
the nation or to prevent the commission of a cognizable offence.
----------------------
B) Spamming
----------------------
The word spam is commonly used to describe unsolicited bulk messages.
Unwanted e-mails or SMSes can flood the inbox of your computer or your cell ----------------------

Notes phone and you seem to have no control over it. Spam mails not only cause a lot
of nuisance, annoyance and inconvenience but also can spread viruses, Trojans
---------------------- or other malicious software on your computer. Spams can also be sent with an
objective to cause identity theft. The US has the CAN-SPAM Act 2003 while
---------------------- Australia also has a law relating to anti-spam. Unfortunately there is no law
---------------------- related to spam in India.
C) Cookies
----------------------
A cookie is neither a spyware or a virus. It is a block of text (digital
---------------------- identification tags) which the website places in a file on a computer hard disk
of a person to track his activity on the internet. While a code in the cookie
----------------------
file enables the website to label him as a particular user, it doesn’t identify
---------------------- him by name or address he has registered himself and provided the site with
such information or set up preferences in his browser to do so automatically.
---------------------- Some of these websites are affiliated to online advertising services. The result
is a constant stream of ‘customized’ advertisements; it includes junk mails
----------------------
too. Cookies are sometimes referred to as ‘necessary evil’ as they support and
---------------------- facilitate e-commerce activities, as they are keys to the “personalization” of the
web. Some websites do take consent of the user before placing a “cookie” on
---------------------- the user’s hard disk.
---------------------- D) Web Bugs
---------------------- Web bugs are programs used by online advertisers to create a database
containing some details of the users. Web bugs could be a part of a banner ad
---------------------- on a website’s web page that a person is viewing. The embedded instructions
would cause the person’s browser to transmit to the advertiser’s server, the URL
---------------------- of the page the person is visiting. Armed with this information, the advertiser’s
---------------------- server is then able to place on the web page, the person is about to view, a
banner ad that it thinks will interest the person. Surprisingly, this is one-way
---------------------- exchange of information and it occurs even though the person has not clicked
on the banner ad.
----------------------
E) E-mail Bugs
---------------------- “The most popular tool is a program which sends intimation to the
---------------------- originator of the e-mail once the recipient opens it. E.g. “Read Notify”
F) Spyware
----------------------
These programs cause the user’s computer to transmit information back
---------------------- to the software developer via Internet. One use of technology is to deliver
advertising content to the user that is tailored to the information that spyware
----------------------
gathers. It could also be used to scan the user’s hard drive to see what other
---------------------- software he has installed, adding this information to a profile of the user that
will be used for marketing purposes. Several developers have been discovered
---------------------- using this technology without informing the user or seeking his consent. The
software can do anything - from generating annoying pop-up advertisements to
----------------------
collecting passwords and credit card numbers.
----------------------

G) Online Digital Profiling Notes
A method by which advertisements are inserted on a web page with
----------------------
cookies tagged on them. Once these ads are accessed by users, a profile is built
in the background as the user moves from one site to another. This is how the ----------------------
advertising companies, known as profilers build a comprehensive profile of the
user’s surfing habits and use it to put ads targeting him on their partner sites. ----------------------
The Information Technology Act 2000 does not directly address these ----------------------
issues of breach of privacy in cyber space but still has some enabling provisions
to address issues of privacy in the digital medium which will be discussed in the ----------------------
following chapter.
----------------------
----------------------
Fill in the blanks.
----------------------
1. Internet Protocol Addresses are ____________of the internet user.
2. IP addresses are misused by “_________”. ----------------------
3. The word ______ is commonly used to describe unsolicited bulk ----------------------

messages.
----------------------
4. A ________is neither a spyware nor a virus.
----------------------
5. ________ are programs used by online advertisers to create a database
containing some details of the users. ----------------------
6. ________ programs cause the user’s computer to transmit information
----------------------
back to the software developer via Internet.
----------------------
8.4 RIGHT TO PRIVACY AND INFORMATION ----------------------

TECHNOLOGY ACT 2000
----------------------
Section 72 of the Information Technology Act 2000 prescribes a penalty
----------------------
for breach of confidentiality and privacy.
It provides that if any person who, in pursuance of any of the powers ----------------------
conferred under this Act, rules or regulations made thereunder, has secured
----------------------
access to any electronic record, book, register, correspondence, information,
document or other material without the consent of the person concerned discloses ----------------------
such electronic record, book, register, correspondence, information, document
or other material to any other person shall be punished with imprisonment for a ----------------------
term which may extend to two years, or with fine which may extend to one lakh
----------------------
rupees, or with both.
It is evident that the application of this section is limited to the acts and ----------------------
omissions of those persons, who have been conferred powers under this Act,
----------------------
rules or regulations made thereunder such as The Controller of Certifying
Authorities, The Deputy and Assistant Controllers of Certifying Authorities, ----------------------

Notes Licensed Certifying Authorities and Auditors, The Adjudicating Officer, The
Presiding Officer of the Cyber Appellate Tribunal, The Registrar of the Cyber
---------------------- Appellate Tribunal, Network Service Provider and Police Officer (Deputy
Superintendent of Police).
----------------------
The purpose of this section is that the person who has secured access to
---------------------- any such information shall not take unfair advantage of it by disclosing it to
the third party without obtaining the consent of the disclosing party. In case of
----------------------
unauthorized disclosure of such information, the said person shall be punished
---------------------- with imprisonment for a term, which may extend to two years, or with fine,
which may extend to one lakh rupees, or with both.
----------------------
Sec. 43 of the IT Act also enumerates in detail various acts which entitles
---------------------- a person to claim compensation up to 1 Crore for the damage caused. This
includes unauthorized access and therefore can be said is an enabling provision
---------------------- for protection of a person’s privacy rights.
----------------------
Summary
----------------------
●● Due to the advancement in technology, acts that may constitute a breach of
---------------------- privacy are inevitable. It is therefore necessary to assess and examine the
extent of damage and inconvenience that may be caused by such acts so
----------------------
as to classify them as an illegal activity. Protection of privacy rights also
---------------------- has a cultural base and therefore the laws of privacy in various countries
vary to a large extent. India needs a strong privacy protection legislation
---------------------- to protect itself against technological invasions.
----------------------
Keywords
----------------------
●● Stalking: Harassing or threatening behaviour a person engages into
---------------------- repeatedly against a person.
---------------------- ●● Spamming: Unsolicited bulk messages.
●● Cookies: Text files containing details of a user’s internet activity.
----------------------
---------------------- Self-Assessment Questions

---------------------- 1. Discuss the law of privacy in India in light of the various decisions of the
High Court and Supreme Court.
----------------------
2. Discuss in detail the guidelines laid down by the Supreme Court for
---------------------- Telephone Tapping.
---------------------- 3. Elaborate the various technological invasions in case of an individual’s
privacy.
----------------------
4. Are there any provisions in the IT Act 2000 to address this issue of breach
---------------------- of privacy?
----------------------


i. –c ----------------------
ii. –a
----------------------
iii. – b
----------------------

1. Internet Protocol Addresses are digital footprints of the internet user. ----------------------
2. IP addresses are misused by “spoofing”.
----------------------
3. The word spam is commonly used to describe unsolicited bulk messages.
----------------------
4. A cookie is neither a spyware nor a virus.
5. Web bugs are programs used by online advertisers to create a database ----------------------
containing some details of the users.
----------------------
6. Spywares programs cause the user’s computer to transmit information
back to the software developer via Internet ----------------------
----------------------
----------------------
Suggested Reading
----------------------
1. Caloyannides, Michael. Privacy Protection and Computer Forensics.
----------------------
2. Mittal, D.P. Law of Information Technology.
3. Verma, Amita. Cyber Laws. ----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------

Notes
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------

Intellectual Property in Cyberspace
UNIT
9
Structure:
9.1 Introduction to Intellectual Property
9.2 Copyright in Cyberspace
9.3 Trademark in Cyberspace
9.4 Patent in Cyberspace
Summary
Keywords
Suggested Reading
Intellectual Property in Cyberspace 153

Notes
Objectives
----------------------
• Explain intellectual property in connection with computers and internet
----------------------
• Discuss copyright in cyberspace, infringement, action against
---------------------- infringement and existing law
---------------------- • Relate trademarks and patents to cyberspace action against infringement
and existing law
----------------------
• Recommend the provisions under various laws for protection of
---------------------- intellectual property in cyberspace
----------------------
---------------------- 9.1 INTRODUCTION TO INTELLECTUAL PROPERTY

---------------------- The Black’s Law Dictionary defines “Property” as that which belongs
exclusively to one. In the strict legal sense, an aggregate of rights which are
----------------------
guaranteed and protected by the Government. The term is said to extend to
---------------------- every species of valuable right and interest. More specifically, ownership; the
unrestricted and exclusive right to a thing; the right to dispose of a thing in
---------------------- every legal way, to possess it, to use it, and to exclude everyone else from
interfering with it.
----------------------
Property is either movable or immovable. Property which cannot be
---------------------- touched because it has no physical existence such as claims, interest or rights is
called intangible property.
----------------------
Intellectual property is intangible property which is capable of being
---------------------- owned, possessed, used, assigned or transferred and which is guaranteed and
---------------------- protected by law.
The fruits of hard sustained intellectual labour is termed as intellectual
---------------------- property. Intellectual property vests in the valuable production of human mind,
---------------------- labour, skill and efforts. The intellectual property of whatever species is in the
nature of intangible incorporate property.
---------------------- The term intellectual property covers patents, industrial designs,
---------------------- copyright, trademark, know-how and confidential information as all are the
products of intellectual effort and creative activity in the field of applied arts,
---------------------- technology and fine arts.
---------------------- Patents give temporary protection to technological inventions and design
rights to the appearance of mass produced goods. Copyright give longer lasting
---------------------- rights in literary, artistic and musical creations. Trademarks are protected
against imitation.
----------------------
Law relating to intellectual property in India is codified under the
---------------------- following heads:

1. Trade Marks Act, 1999 Notes
2. Copyright Act, 1957
----------------------
3. Patent Act, 1970
----------------------
4. Designs Act, 2000
5. The Geographical Indications of Goods (Registration and Protection) ----------------------
Act, 1999 ----------------------
6. The Protection of Plant Varieties and Farmers Rights Act, 2001
----------------------
The Information Technology Act 2000 and also the Indian Penal Code
offer protection to intellectual property. ----------------------
----------------------
9.2 COPYRIGHT IN CYBERSPACE
----------------------
What is Copyright?
----------------------
Copyright is about protecting original expression. Copyright protects
“original works of authorship” that are fixed in tangible medium of expression ----------------------
from which they can be perceived, reproduced, or otherwise communicated
either directly or with aid of a machine or device. Copyright arises as soon as a ----------------------
‘work’ is created (or fixed) and registration of it is not compulsory for the owner
----------------------
to seek protection. Copyright does not extent to any idea, procedure, process,
system, method of operation, concept, principle or discovery, unless fixed in a ----------------------
tangible form.
----------------------
Copyright is a right given by the law to creators of literary, dramatic,
musical and artistic works and producers of cinematograph films and sound ----------------------
recordings. In fact, it is a bundle of rights including, inter alia, rights of
reproduction, communication to the public, adaptation and translation of the ----------------------
work.
----------------------
Copyright in Cyberspace
----------------------
As per the Copyright Act, literary work includes computer programmes,
tables, and compilations, including computer databases and thus the scope of ----------------------
the Copyright Act has been extended to cover certain elements in cyber space.
----------------------
A Computer database means a representation of information, knowledge,
facts, concepts, or instructions in text, image, audio, video, that are being ----------------------
prepared or have been prepared in a formalized manner or have been produced
by a computer, computer system, or computer network. Computer programme ----------------------
means a set of instructions expressed in words, codes, schemes, or in any other ----------------------
form, including a machine-readable medium, capable of causing a computer to
perform a particular task or achieve a particular result. ----------------------
Thus software is copyrightable in India. ----------------------
Constituents of Computer Software are -
----------------------
●● Preparatory design materials, like flowcharts, diagrams, written specifications,
form and report layouts, designs for screen displays, etc. ----------------------

Notes ●● Computer programmes (object code and source code) and other executable
code.
---------------------- ●● Software development tools, like relational database development
systems, compilers, report generators, etc.
----------------------
●● Database and data files.
---------------------- ●● Computer output, for example, sound, printout, computer file or data,
---------------------- electronic signals.
●● Screen displays.
---------------------- ●● Manuals and guides (on paper or stored digitally).
---------------------- ●● Programmed languages (Algorithms and functions).
Source Code and Object Code
----------------------
The computer programme whether written in assembly language or high-
---------------------- level language is known as the source code. When the source code is translated
by an assembler or a compiler into a machine language, it is known as the object
----------------------
code. Thus the object code is represented by strings of 0s and 1s of the binary
---------------------- number system or hexadecimal notation of the electrical charges. The object
code cannot be seen, touched or heard, but there can be no doubt that it exists.
---------------------- The question is would the object code existing in intangible form be referred to
as a literary work and hence be protected under the copyright laws.
----------------------
In Apple Computer Inc. vs. Franklin Computer Corpn, 714 F2d
---------------------- 1240 (3rd cir), 1983 it was held that the Copyright Act extends to the operating
---------------------- programmes as well as application programmes, whether fixed in source code
or object code or embodied in read only memory (ROM).
---------------------- The most notable case for copyright protection in software is Whelan
---------------------- Associates, Inc vs. Jaslow Dental Laboratory, Inc. 797 F.2d 122 (3rd Cir,
1986). In this case, the defendant obtained an unauthorized copy of the Plaintiff’s
---------------------- source code for its software, and developed its own competing version of the
Plaintiff’s software application. The court held that “copyright protection of
---------------------- computer programmes may extend beyond the programmes literal code to their
---------------------- structure, sequence and organization”. The court noted that the majority of the
creative effort in developing a computer programme involves the design rather
---------------------- than the mere coding of the programme.
---------------------- The ownership of the computer programmes, databases, software, etc. lies
with the first author as per the Copyright Act. In the case of a work made in the
---------------------- course of the author’s employment under a contract of service or apprenticeship,
to which clause the employer shall, in the absence of any agreement to the
----------------------
contrary, be the first owner of the copyright therein.
---------------------- Copyright Protection
---------------------- As per the Copyright Act 1957, “copyright” in computer programmes
mean an exclusive right -
----------------------
i) To reproduce the work in any material form including the storing of it
---------------------- any medium by electronic means;

ii) To issue copies of the work to the public not being copies already in Notes
circulation;
----------------------
iii) To communicate it to the public;
iv) To make any translation; ----------------------
v) To make any adaptation; ----------------------
vi) To do, in relation to a translation or an adaptation of the work, any of ----------------------
the acts specified in relation to the work in sub clauses (i) to (vi);
vii) To sell or give on commercial rental or offer for sale or for commercial ----------------------
rental any copy of the computer programme; ----------------------
Provided that such commercial rental does not apply in respect of
computer programmes where the programme itself is not the essential ----------------------
object of the rental; ----------------------
Assignment - The owner of the copyright in an existing work or the
----------------------
prospective owner of the copyright in a future work may assign to any person the
copyright either wholly or partially and either generally or subject to limitations ----------------------
and either for the whole term of the copyright or any part thereof.
----------------------
License - The owner of the copyright in any existing work or the
prospective owner of the copyright in any future work may grant any interest in ----------------------
the right by license in writing signed by him or by his duly authorized agent:
----------------------
The Register of Copyrights – It is prima facie evidence of the particulars
entered therein and documents purporting to be copies of any entries therein, or ----------------------
extracts therefrom certified by the Registrar of Copyrights and sealed with the
seal of the Copyright Office shall be admissible in evidence in all courts without ----------------------
further proof or production of the original. ----------------------
Infringement –
----------------------
Copyright in a work shall be deemed to be infringed
----------------------
(a) When any person, without a licence granted by the owner of the Copyright
or the Registrar of Copyrights under this Act or in contravention of the ----------------------
conditions of a licence so granted or of any condition imposed by a
competent authority under this Act – ----------------------
i) Does anything, the exclusive right to do which is by this Act ----------------------
conferred upon the owner of the copyright, or
----------------------
ii) Permits for profit any place to be used for the performance of the
work in public where such performance constitutes an infringement ----------------------
of the copyright in the work unless he was not aware and had no
reasonable ground for believing that such performance would be an ----------------------
infringement of copyright, or
----------------------
(b) When any person –
----------------------
i) Make for sale or hire, or sells or lets for hire, or by way of trade
displays or offers for sale or hire, or ----------------------

Notes ii) Distributes either for the purpose of trade or to such an extent as to
affect prejudicially the owner of the copyright, or
----------------------
iii) By way of trade exhibits in public, or
---------------------- iv) Imports (except for the private and domestic use of the importer)
into India, any infringing copies of the work.
----------------------
Exceptions – (Fair Use)
----------------------
The following acts shall not constitute an infringement of copyright, namely:
---------------------- (a) A fair dealing with a literary work for the purposes of –
---------------------- i) research or private study;
---------------------- ii) criticism or review, whether of that work or of any other work;
iii) reporting current events in a newspaper, magazine or similar periodical;
----------------------
iv) judicial proceeding or for the purpose of a report of a judicial
---------------------- proceeding;
---------------------- v) in any work prepared by the Secretariat of a Legislature or, where
the Legislature consists of two Houses, by the Secretariat of either
---------------------- House of the Legislature, exclusively for the use of the members of
---------------------- that Legislature;
vi) the reproduction in a certified copy made or supplied in accordance
---------------------- with any law for the time being in force;
---------------------- vii) the publication in a collection, mainly composed of non-copyright
matter, bona fide intended for the use of educational institutions,
----------------------
and so described in the title and in any advertisement issued by
---------------------- or on behalf of the publisher, of short passages from published
literary or dramatic works, not published for the use of educational
---------------------- institutions, in which copyright subsists:
---------------------- (b) The reproduction of a literary work-
(i) By a teacher or a pupil in the course of instruction; or
----------------------
(ii) As part of the questions to be answered in an examination; or
----------------------
(iii) In answers to such questions;
---------------------- In case of infringement of a copyright, the owner of the copyright has two
---------------------- remedies under the Act.
CIVIL REMEDY
----------------------
The owner is entitled to all such remedies by way of injunction, damages,
---------------------- accounts and otherwise as are or may be conferred by law for the infringement
of a right;
----------------------
Provided that if the defendant proves that at the date of the infringement
---------------------- he was not aware and had no reasonable ground for believing that copyright
---------------------- subsisted in the work, the plaintiff shall not be entitled to any remedy other than

an injunction in respect of the infringement and a decree for the whole or part Notes
of the profits made by the defendant by the sale of the infringing copies as the
court may in circumstances deem responsible. ----------------------
Criminal Proceedings ----------------------
As per the Copyright Act, if any person knowingly infringes or abets
----------------------
infringement of a copyright in a work, he shall be punishable with imprisonment
for a term not less than six months but which may extend up to 3 years and ----------------------
with fine which is not less than Rs. 50,000/- but which may extend up to Rs.
2,00,000/-. Enhanced penalty for second or subsequent convictions has also been ----------------------
prescribed. Further knowing use of infringing copy of computer programme is
----------------------
also a criminal offence under the said Act.
Remedies available under Information Technology Act 2000 ----------------------
Copyright Infringement though has not been addressed directly by the ----------------------
Information Technology Act 2000, there are some provisions that are applicable
to instances of copyright infringement. ----------------------
Section 43 of the said act prohibits unauthorized downloading, copying ----------------------

and extraction of any data, computer database or information without the
permission of the owner. In such cases, the penalty prescribed is up to Rs. 1 ----------------------
Crore by way of damages. The said act is also silent about “fair use” as stated ----------------------
under the Copyright Act making its provisions more stringent.
Section 65 of the said Act states that whoever knowingly or intentionally ----------------------
conceals, destroys or alters any computer source code used for any computer ----------------------
programme, when the source code is required to be maintained by law, he shall
be punishable with imprisonment up to 3 years or with fine which may extend ----------------------
up to Rs. 2 Lakhs or both. Thus this section addresses the issue of unauthorized
alteration or tampering with the source code of the programme which is ----------------------
classified as “literary work” under the Copyright Act. ----------------------
Section 66 of the said Act states that if a person knowingly or with an
----------------------
intention that he is likely to cause wrongful loss or damage to the person or
public, destroys, deletes or alters any information residing on the computer or ----------------------
diminishes its value or utility or affects it injuriously, he shall be punishable
with imprisonment up to 3 years or with fine which may extend up to Rs. 2 ----------------------
Lakhs or both. Thus this section addresses the issue of unauthorized alteration
----------------------
or deletion of computer programmes, tables, compilations including databases
which is classified as “literary work” under the Copyright Act. ----------------------
Contents of Websites, Blogs, Bulletin boards, Twitter are all entitled for
----------------------
copyright protection if it satisfies the definition of original work.
Some Copyright related issues in cyberspace not addressed by the ----------------------
Information Technology Act 2000 - ----------------------
In order to improve the speed at which a certain website is accessed on
the internet and to make the experience of internet browsing more effective and ----------------------
pleasurable, the browser employs various techniques such as – ----------------------

Notes a) Caching - It is used to improve response time for end users. It means
copying of a webpage/site and storing that copy for the purpose of
---------------------- speeding up subsequent accesses.
---------------------- b) Mirroring - It improves service for the users by replicating a web site
across various servers all over the world and make available the critical
---------------------- information to all the users at all the times.
---------------------- c) Downloading - It means to receive information, typically a file, from
another computer via modem.
----------------------
d) Uploading - It means to send information, typically a file, to another
---------------------- computer via modem.
---------------------- e) File swapping - A “peer to peer” transmission of digital files from one
computer to another via the internet.
----------------------
However these techniques do cross the line and infringe the rights of the
---------------------- copyright owner as multiple copies are made or the original work without taking
express permission from the author. The Network Service Providers, Internet
----------------------
Service Providers, Browser Companies, etc. are liable for these infringing
---------------------- activities in the strictest sense. These techniques though may come under the
“fair use “ classification as per the Act. However, these issues have not been
---------------------- addressed by the Copyright Act directly.
---------------------- Digital Downloads
---------------------- Accessing the Internet needs software support in the form of browser like
IE (Internet Explorer) or Netscape Navigator. A browser helps in downloading
---------------------- website, web page, software, music, and streaming video from the web. It
---------------------- facilitates digital download. One may save such downloads in the computer’s
hard disc or in removable storage devices; it amounts to fixation of digital
---------------------- downloads in tangible form.
---------------------- Filtering
---------------------- Another interesting proposition is the use of filtering software to filter

the content to be displayed in a browser. Web filtering technologies may
---------------------- employ a variety of approaches to ascertain the content of a web page. Such
filtering software might screen a web page for particular keywords, attempt,
----------------------
to interpret the images contained on the page, or identify the HTML tags
---------------------- used to format the browser from displaying the webpage, block the entire
site, or delete the targeted content and permit the remainder of the page to
---------------------- be displayed. Question is – has the website owner authorized the filtering
---------------------- software to alter the contents of the website? If no permission is granted, this
may amount to copyright violation.
----------------------
----------------------
----------------------

Notes
----------------------
1. ________ does not extent to any idea, procedure, process, system,
----------------------
method of operation, concept, principle or discovery, unless fixed in
a tangible form. ----------------------
2. ________ is copyrightable in India. ----------------------
3. Copyright protection of computer programmes may extend beyond
the programmes literal code to their _______, _______ and ________. ----------------------
4. Copyright in computer programs means an _____ right to make any ----------------------

translation.
----------------------
5. Research or private study _______ infringe the copyright of the work.
----------------------
9.3 TRADEMARK IN CYBERSPACE ----------------------
----------------------
Trademark is a mark or sign by which a trader or manufacturer
distinguishes his goods from other traders or manufacturers. In the course of ----------------------
time, when the mark is used frequently by the trader, the trader earns goodwill
and reputation. Thus a trademark has commercial and business value and is a ----------------------
valuable corporate asset which needs protection from misuse.
----------------------
Some peculiar issues relating to trademark violation in cyberspace are
discussed below – ----------------------
Domain Name Disputes ----------------------
The entire basis of the internet is the IP address or the Internet Protocol ----------------------
address. It is that unique address expressed in 4 octets which defines a computer
or a server. This address is an all numeric address which is difficult to remember ----------------------
and hence we have the domain names which correspond to a particular IP address.
The system that relates the IP address to an alphanumeric string of characters or ----------------------
name or Universal Resource Locator (URL) is called the Domain Name System ----------------------
or DNS. For example the IP address “207.82.250.251’ corresponds to the URL
http://www.hotmail.com. The last three letters of a domain name are called the ----------------------
extension. In the US, a vast majority of domains are assigned by a single registry
Network Solutions Inc. (NSI) which uses a multi-level system including top ----------------------
level domain names such as .com, .net, .org etc. Individual country extensions ----------------------
are also assigned such as .in for India, .ca for Canada, .fr for France.
The Internet Corporation for Assigned Names and Numbers (ICANN) ----------------------
a non-profit organization was formed to assume responsibility for IP address ----------------------
space allocation, root server management, etc.
The first step in acquiring a domain name is to contact the ICANN ----------------------
administrator and request for a domain name. If the same is not already assigned ----------------------

Notes to anyone, it will be approved by the administrator. No proof of ownership or
trademark registration is required to register.
----------------------
The most popular dispute arising out of bad faith registration of domain
---------------------- names by persons neither having trademark registration nor having any inherent
right is popularly known as cyber squatting.
----------------------
In the case of Yahoo! Inc. Vs. Akash Arora and another reported in 1999
---------------------- PTC (19) 210 (Delhi), the single judge of the Delhi High Court granted relief on
Yahoo! Inc’s petition seeking injunctive relief against the defendants who were
---------------------- attempting to use the domain name yahooindia.com for internet related services.
Yahoo Inc. which was the owner of trademark “Yahoo!” as well as domain
----------------------
name yahoo.com contended that, by adopting a deceptively similar domain
---------------------- name, the defendants had verbatim copied the format, contents, layout, colour
scheme and source code of the plaintiff. Relying on the “passing off” doctrine,
---------------------- the court acknowledged that the word “yahoo” had achieved distinctiveness and
is associated with the Plaintiff and is entitled to maximum protection.
----------------------
The ICANN has a domain name dispute resolution policy which offers a
---------------------- special administrative procedure for disputes involving domain names that are
shown to have registered in abusive attempts to profit from another’s trademark.
----------------------
Linking
----------------------
Linking facilitates access to a third party website by allowing the user to
---------------------- click on a location on the website and then the user is automatically taken to the
third party website. When the link takes the user to the first page or the home
---------------------- page of the third party website; no one is complaining; but when the link takes
---------------------- the user to an interior page on the third party website called as deep linking for
the purpose of bypassing advertisements, disclaimers, the third party website
---------------------- owner is not very happy!
---------------------- The US District Court Southern District of New York passed an order of
settlement stating that “the defendants agree permanently to cease the practice
---------------------- of framing plaintiffs’ websites”. Plaintiffs agree that Defendants may link from
the Totalnews.com website to any Plaintiffs’ website, provided that:
----------------------
a) Defendants may link to plaintiffs’ websites only via hyperlinks consisting
---------------------- of the names of the linked sites in plain text, which may be highlighted;
---------------------- b) Defendants may not use on any website, as hyperlinks or in any other
way, any of plaintiff’s proprietary logos or other distinctive graphics,
---------------------- video or audio material, nor may defendants otherwise link in any manner
reasonably likely to: (i) imply affiliation with, endorsement or sponsorship
----------------------
by any plaintiff; (ii) cause confusion, mistake or deception; (iii) dilute
---------------------- plaintiffs’ marks; or (iv) otherwise violate state or federal law;
---------------------- c) Each plaintiff’s agreement to permit linking by defendants remains

revocable, on 15 business days, at each Plaintiff’s sole discretion.
---------------------- Revocation by any plaintiff shall not affect any other terms and conditions
set forth herein. If defendant refuses to cease linking upon notice, and any
---------------------- plaintiff brings an action to enforce its rights under this subparagraph, it

shall be an affirmative defense that defendants’ conduct does not otherwise Notes
infringe or violate plaintiff’s rights under any theory of any intellectual
property, unfair competition or other law. ----------------------
Framing ----------------------
Framing is a more advanced form of hyper linking. A framing site links to
----------------------
another site, displaying the third party website within a window or frame. The
frame contains content from the framing site thus giving an impression to the ----------------------
user that contents of the third party website accessed is that of the framing site.
This is more of a violation of trademark laws and trademark and passing off ----------------------
remedies are available in such cases.
----------------------
Meta Tagging
----------------------
Meta Tagging is a process by which a site owner places certain words on
his or her website, so as to ensure that the site is found or located by the search ----------------------
engines when a word search of the particular word is made.
----------------------
When writing the code for a page, the author will add some tags to it, some
of these tags called meta tags are some words identifiable by search engines. ----------------------
There is a possibility that some words are used by the website owners as its
meta tags which are not connected to the website, its business or trademark. In ----------------------
fact these meta tags could be some other popular trademark. ----------------------
This possibility of using an unrelated trademark to promote traffic to
one’s website through search engines have led to several disputes. ----------------------
In the case of Playboy Enterprises Inc. Vs. Calvin Designer Label, the ----------------------
defendant was using the registered trademark ‘PLAYMATE’ and ‘PLAYBOY’
----------------------
as meta tags as well as domain names on the internet within their site. The
court was pleased to grant preliminary injunction in favour of Playboy Inc. ----------------------
observing that Playboy Inc. had made out a prima facie case or irreparable harm
and injustice. ----------------------
----------------------
----------------------
1. Trademark is a mark or sign by which a trader or manufacturer
_________ his goods from other traders or manufacturers. ----------------------
2. The ______________, a non-profit organization, was formed to ----------------------

assume responsibility for IP address space allocation, root server
----------------------
management etc.
3. ________ is a more advanced form of hyper linking. ----------------------
4. ___________is a process by which a site owner places certain words ----------------------
on his or her website, so as to ensure that the site is found or located by
the search engines when a word search of the particular word is made. ----------------------
----------------------

Notes
Activity 1
----------------------
---------------------- Analyse the case Yahoo!Inc. vs. Akash Arora and another.
----------------------
9.4 PATENT IN CYBERSPACE
----------------------
A patent is a monopoly or exclusive right granted by State in favour of an
---------------------- inventor in respect of an invention. It excludes the rights of others for a limited
duration to do certain acts in relation to that invention. It is granted to the person
---------------------- who is entitled to it and who fulfils the prescribed conditions imposed by the
state for such grant. It may also be described as official documentation which
----------------------
gives the patentee right of ownership of an invention.
---------------------- The object of patent law is to encourage scientific research, new technology
---------------------- and industrial progress. The grant of exclusive privilege to own, use or sell the
method or product patented for a limited period, stimulates new inventions of
---------------------- commercial utility. As observed in the case of Bishwanath Radhey Shyam vs.
Hindustan Metal Industries reported in AIR 1982 SC 1444, a patent is granted only
---------------------- for an invention which must be new and useful. It must have novelty and utility.
---------------------- India, like the European Union, does not allow patents for inventions
related to software. The following are not inventions within the meaning of the
---------------------- Patents Act. A mathematical or business method or computer program per se or
---------------------- algorithms.
In the year 2004-2005, Government of India brought an ordinance to make
---------------------- invention related to computer software imbedded in hardware like computer,
---------------------- mobile, televisions, etc. and having industrial application under the definition
of patentable invention by amending the clause (k) of section 3 under chapter II
---------------------- of Indian Patent Act, 1970. However, the same has not been notified as yet.
---------------------- It is therefore clear that computer program per se is not a subject matter
of the Patents Act but can only be the subject matter of Copyright Act in India.
----------------------
The reason for not considering the software as patentable subject matter
---------------------- was to avoid duality of protection available to software.

----------------------
----------------------
1. A patent is not a monopoly or exclusive right granted by State in favour
---------------------- of an inventor in respect of an invention.
---------------------- 2. The object of patent law is to discourage scientific research, new
technology and industrial progress.
----------------------
3. India, like the European Union, does not allow patents for inventions
---------------------- related to software.

Summary Notes
●● Protection of intellectual property rights in cyberspace is available in India ----------------------

mainly under two legislations. The Copyrights Act and The Trademarks
----------------------
Act.
●● Copyright protection is available to any original literary work under the ----------------------
Act. Since computer programs, compilations and databases have been
----------------------
included in the definition of literary work, copyright right protection is
extended to software in India which includes source code, object code, ----------------------
algorithms, etc. Thus in case of any act of infringement of copyright
in software, civil and criminal remedies are available under the Act for ----------------------
the owner of copyright. The Information Technology Act also makes
----------------------
unauthorized copying, downloading and extraction of data an offence
thus giving protection to the copyright owner and also makes intentional ----------------------
tampering or alteration or deletion of information or source code a
criminal offence. ----------------------
●● Some peculiar issues in respect of copyright violation arising out of the ----------------------
use of internet such as caching, mirroring have not been addressed in the
Copyright Act. ----------------------
●● A trademark has commercial and business value and is a valuable ----------------------
corporate asset which needs protection from misuse. It has been observed
in various decisions of the High Courts in India that a domain name is a ----------------------
valuable corporate asset which is entitled to trademark protection. Bad
faith registrations can be challenged by following the dispute resolution ----------------------
procedure laid down by ICANN. ----------------------
●● Framing, Deep Linking and Meta Tagging are instances of passing off
action and a trademark violation where a person tries to pass of its ‘goods’ ----------------------
as the ‘goods’ of its competitor or makes unfair use of the trademark of ----------------------
another.
●● The existing laws in India are sufficient to address the issues of protection ----------------------
of IPR in cyberspace. ----------------------
Keywords ----------------------
●● Computer Database: Representations of information, knowledge, facts, ----------------------

concepts, or instructions in text, image, audio, video, that are being ----------------------
prepared or have been prepared in a formalized manner or have been
produced by a computer, computer system, or computer network. ----------------------
●● Computer Programme: Set of instructions expressed in words, codes, ----------------------
schemes, or in any other form, including a machine-readable medium,
capable of causing a computer to perform a particular task or achieve a ----------------------
particular result.
----------------------
●● Source Code: Computer programme whether written in assembly
language or high-level language. ----------------------

Notes ●● Object Code: Source code is translated by an assembler or a compiler
into a machine language.
---------------------- ●● ICANN: The Internet Corporation for Assigned Names and Numbers.
---------------------- ●● NSI: Network Solutions Inc.
----------------------
----------------------
1. Define intellectual property and write a brief note on the law relating to
---------------------- intellectual property in India.
---------------------- 2. Is software protectable? Under which law? Discuss in detail.
3. What is cyber squatting? Describe the dispute resolution mechanism
----------------------
relating to cyber squatting.
---------------------- 4. Explain with the help of case laws as how domain name disputes are
---------------------- treated as trademark violation in India.
5. Are contents of a website protectable? What other intellectual property
---------------------- exists in a website which requires protection.
---------------------- 6. What is deep linking and meta tagging.
---------------------- 7. Is framing illegal in India?
8. Discuss the case of Yahoo! Inc. Vs. Akash Arora in detail.
----------------------
----------------------
----------------------
----------------------
Fill in the blanks:
----------------------
1. Copyright does not extent to any idea, procedure, process, system, method
---------------------- of operation, concept, principle or discovery, unless fixed in a tangible
form.
----------------------
2. Software is copyrightable in India.
---------------------- 3. Copyright protection of computer programmes may extend beyond the
---------------------- programmes literal code to their structure, sequence and organization.
4. Copyright in computer programmes mean an exclusive right to make any
---------------------- translation.
---------------------- 5. Research or private study does not infringe the copyright of the work.
----------------------

Fill in the blanks.
----------------------
1. Trademark is a mark or sign by which a trader or manufacturer distinguishes
---------------------- his goods from other traders or manufacturers.

2. The Internet Corporation for Assigned Names and Numbers, a non-profit Notes
organization, was formed to assume responsibility for IP address space
allocation, root server management etc. ----------------------
3. Framing is a more advanced form of hyper linking. ----------------------
4. Meta Tagging is a process by which a site owner places certain words on
----------------------
his or her website, so as to ensure that the site is found or located by the
search engines when a word search of the particular word is made. ----------------------
----------------------
----------------------
1. False ----------------------
2. False ----------------------
3. True ----------------------
----------------------
----------------------
1. Cornish, W.R. Intellectual Property Law.
2. Bainbridge, David. Software Copyright Law. ----------------------
3. Dryer, Rodney. Intellectual Property and the Internet. ----------------------
4. Unni, V.K. Trade Marks and the emerging concepts of Cyber Property ----------------------
Rights.
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------

Notes
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------

Cyber Jurisprudence
UNIT
10
Structure:
10.1 Introduction to Jurisprudence
10.2 Cyber Jurisprudence
10.3 Some Landmark Cases
Summary
Keywords
Suggested Reading
Cyber Jurisprudence 169

Notes
Objectives
----------------------
• Explain the concept of jurisprudence in general
----------------------
• Describe cyber jurisprudence
----------------------
• Elaborate on the present position and progress under cyber law for the
---------------------- past 8-9 years in India
---------------------- • Assess the impact of the Information Technology Act, 2000

• Evaluate the provisions of the IT Act, 2000 in the light of the cases
----------------------
decided
----------------------
---------------------- 10.1 INTRODUCTION TO JURISPRUDENCE

---------------------- Definition
---------------------- The word jurisprudence derives from the Latin term juris prudentia, which
means “knowledge of law”. The latin word juris means law and prudentia means
---------------------- knowledge. Thus jurisprudence signifies knowledge of law and its application.
In this sense, it covers the whole body of legal principles in the world.
----------------------
Jurisprudence commonly means the philosophy of law. It is well known
---------------------- that ‘law’ is not static but a dynamic concept which evolves and changes with
---------------------- the changing times, evolution of the society under different socio-economic and
political conditions and with the rapid changes in technology.
---------------------- Jurisprudence in its limited sense means general principles on which actual
---------------------- rules of law are based. It is concerned with the external rules which people must
obey. Here the word ‘law’ does not refer to any specific statute but to those general
---------------------- concepts and basic principles on which the statutes are based. For example in case
of criminal law, jurisprudence examines the general principles of penal liability
---------------------- but does not detail out the essential ingredients of each offence. In yet another
---------------------- approach, jurisprudence can be regarded as the philosophy of law dealing with
the nature and function of law also known as functional jurisprudence.
---------------------- Salmond defines jurisprudence as the “Science of the first principles of
---------------------- civil law”. Thus he states that jurisprudence deals with a particular species of
law, viz. civil law. The civil law comprises of rules applied by courts in the
---------------------- administration of justice.
---------------------- John Austin, popularly known as the father of modern jurisprudence calls
jurisprudence as “the Philosophy of Positive Law”. That is the law laid down
---------------------- by the political superior for commanding obedience from his subjects. This
definition is identical to that given by Salmond on civil law. Austin pointed out
----------------------
that the science of law is concerned with law as it is and not what it ought to be,
---------------------- which he considers as the science of legislation.

Dr. M.J. Sethna has defined jurisprudence as the study of fundamental Notes
legal principles including their philosophical, historical and sociological bases
and an analysis of legal concepts. Dr. Sethna refers to the definition of civil ----------------------
law as “all that body of principles, decisions and enactments made, passed
or approved by the legally constituted authorities or agencies in a state for ----------------------
regulating rights, duties, and liabilities and enforced through the mechanism of ----------------------
judicial process, securing obedience to the sovereign authority in the State.
----------------------
Contents of Jurisprudence
Though there are different views as to the contents of the subject, it has ----------------------
to be generally accepted that sources, legal concepts and legal theory constitute
----------------------
the main part of the study of jurisprudence.
a) Sources – Customs, legislation and precedents as sources of law. Methods ----------------------
of judicial interpretation and reasoning, pros and cons of codification of
----------------------
law, etc. are included in the study.
b) Legal Concepts – Analysis of legal concepts such as property, ----------------------
possession, ownership, obligations, acts, negligence, legal personality ----------------------
and related issues. Study of these abstract legal concepts facilitates a
better understanding of law. ----------------------
c) Legal Theory – Law as it exists and functions in the society and the ----------------------
manner in which law is created and enforced. Legal theory seeks to co-
relate law with other disciplines such as religion, philosophy, politics, ----------------------
ethics, etc.
----------------------
Schools of Jurisprudence
----------------------
There are mainly three schools of jurisprudence based on the legal
philosophy propounded by its advocates. ----------------------
1. Analytical School - It seeks to analyse the first principles of law as
----------------------
they actually exist in a given legal system. Law is treated as a command
emanating from the sovereign, namely the state. This school is also called ----------------------
the imperative school. The advocates of this school are neither concerned
with the past of the law nor with its future but they confine themselves to ----------------------
the study of the law as it actually exists, thus this school is also known
----------------------
as the positive school of jurisprudence. Jeremy Bentham and John Austin
are considered to be the forerunners of this school. Austin considered ----------------------
as the father of English Jurisprudence identifies law with command,
duty and sanction and a major thrust was separation of law from morals. ----------------------
Analytical positivism found place in the Indian legal system during the
----------------------
British Colonial rule. The post independence era in India necessitated
a fresh approach to the existing laws. Positivism in post independence ----------------------
Indian law differs from the Austin’s concept as it seeks to establish
harmonious relationship between ‘is’ and ‘ought’ and does not ignore the ----------------------
justice or morality from law. The approach of harmonious construction
----------------------
is best illustrated in the case of Kesavananda Bharati AIR 1973 SC
1461 while a rigid approach is reflected in the case of Tilkayat Shri ----------------------

Notes Govindlalji Maharaj Vs. The State of Rajasthan AIR 1963 SC 1638
and The Kerala Education Bill AIR 1958 SC 956. The Supreme Court
---------------------- also adopted a purely positivistic approach in the historic Habeas Corpus
Case A.D.M. Jabalpur Vs. S. Shukla AIR 1976 SC 1207 wherein it
---------------------- was held that fundamental rights remain suspended during Proclamation
---------------------- of Emergency. However, this approach is now gradually receding not
only in India but in all other progressive democratic countries. This view
---------------------- was found incompatible with the developing trend of social justice in the
historic case of Maneka Gandhi Vs. Union of India AIR 1978 SC 597
---------------------- wherein it was held that procedure prescribed by law has to be just, fair and
---------------------- reasonable and not oppressive or arbitrary. Concept of ‘due process’ that
is reasonableness and fairness was implicit in the expression ‘procedure
---------------------- established by law’. This view is also reflected in cases reported in AIR
1993 SC 2178 and AIR 1995 SC 922.
----------------------
2. Historical School - This school does not attach importance to the relation
---------------------- of law with the state but gives importance to the social institutions in which
the law develops itself. It concentrates on the evolution of law and deals
----------------------
with the general principles governing the origin and development of law
---------------------- and with the influences that affect the law. The four stages identified in the
evolution and development of law are a) Divine Law b) Customary Law
---------------------- c) Priestly class as the sole repository of Customary Law d) Codification.
Law also developed through Legal Fictions, Equity and Legislation.
----------------------
Development of Indian Jurisprudence post independence was with
---------------------- emphasis on justice, equality, liberty, and individual freedoms and rights.
The historical changes in the perception of law and legal institutions from
---------------------- ancient times to modern age indicate that laws ordained in dharma was not
only of divine origin but it also had the attributes of morality, humanity
----------------------
and above all some degree of permanence. As against this, modern man
---------------------- made laws may vanish with variation in pattern of government change in
political ideologies. A historical approach to the study of modern Indian
---------------------- law and legal system is relevant in order to appreciate its evolution and
various phases of development.
----------------------
3. Ethical School - Also called as the philosophical school believes that
---------------------- legal philosophy must be based on ethical values so as to motivate people
for an upright living. The science of ethics deals with the principles of
----------------------
morality which moulds man’s conduct enabling him to distinguish between
---------------------- right and wrong and respect the right of others in order to maintain social
harmony. According to this school, the purpose of law is to maintain law
---------------------- and order in society and legal restrictions can be justified only if they
promote the freedom of individuals in society.
----------------------
---------------------- 10.2 CYBER JURISPRUDENCE

---------------------- There has been an onward march of science based on the great powers of
human brain for logical reasoning. These advances have changed profoundly
----------------------
the capabilities and concepts of human society. In these circumstances, one has

to conclude that the basic principles of ethics, relating to good and bad, right Notes
and wrong, and so on should continue to be the principles by which human
society is governed and the legal systems responsible for the governance of ----------------------
society and interpretation of these ethical principles must take note of the new
----------------------
circumstances. There will be no ready case-laws to go by and one would have
to learn afresh how to search for truth and justice in the new societies as they ----------------------
emerge.
----------------------
The onset of computerization has given rise to a whole set of new legal
issues. For e.g. – in case of digital storage, it is possible to alter and vary ----------------------
information without necessarily disclosing any evidence of alteration; this
power to alter digital images and information will raise questions relating to ----------------------
civil liberties, personal privacy, criminal investigation techniques, evidence, ----------------------
etc. Redefining the notion of copyright, trademarks, technical and regulatory
conditions under which the information technology industry would operate, ----------------------
new services, new technologies and new standards are all part of a range of new
----------------------
legal problems which now need to be addressed by a legal framework.
Thus there was a need for a separate legislation to address issues relating ----------------------
to computers, internet and the Information Technology as ----------------------
●● Electronic Record was inadmissible in evidence.
----------------------
●● To facilitate e-commerce and e-governance, the digital equivalent of a
signature needed legal recognition. ----------------------
●● Regulatory framework was essential to supervise Certifying Authorities ----------------------
issuing Digital Signatures.
----------------------
●● Prevention of misuse arising out of electronic transactions.
Legislative History ----------------------
●● 1998 - Draft E-Commerce Act made available based on the UNCITRAL ----------------------
MODEL LAW on e-commerce.
----------------------
●● 2000 - Information Technology Act enacted
Object to promote e-commerce and e-governance, give legal recognition ----------------------
to electronic records and digital signatures and create civil and criminal
----------------------
liabilities for contraventions with the provisions of the Act.
●● 2005 - Amendments to IT Act Bill presented ----------------------
In light of the Gurgaon Karan Bahree Case and Bazee case, some ----------------------
amendments were proposed.
----------------------
●● 2006 - Bill returned by standing committee for modifications.
The standing committee rejected the proposed amendments under the ----------------------
chairmanship of Mr. Nikhil Kumar. ----------------------
●● 2008 - IT Act Amendment Bill retabled
----------------------
Ministry of Communications and Information Technology redrafted the bill
after taking into consideration the recommendations of the standing committee. ----------------------

Notes ●● Bill passed in the Lok Sabha (without debate)
●● Bill passed in Rajya Sabha (without debate)
----------------------
●● Bill received presidential assent on 5th February, 2009
---------------------- ●● Presently rules being framed u/s 43A, 67C and 79
---------------------- Some major developments have taken place in the evolution of law in
relation to computers and information technology since the past 10 years. The
---------------------- Information Technology Act 2000 was enacted in the year 2000 and there has
been a wide scope for interpretation of the otherwise technology specific and
----------------------
insufficient piece of legislation.
---------------------- In 2000, the IT Act was passed without any discussion in both the
---------------------- houses of Parliament. The Act was based on the Model UNCITRAL LAW
of e-commerce as the UN insisted that all its member countries should have
---------------------- an e-commerce legislation based on a common framework law to facilitate
international commerce and e-commerce in particular.
----------------------
Thus the IT Act 2000 focused on the e-commerce and e-governance
---------------------- aspects while regulation of cyber crimes and frauds though addressed was not
an area on which the act focused.
----------------------
However, right since its enactment, cyber crimes have taken centre stage
---------------------- and the enactment is being put to test for addressing the cyber crimes.
---------------------- Various instances of credit card frauds, lottery scams, identity thefts and
phishing, circulation of obscene material, defamation and data thefts were
---------------------- reported and amid all this, Indian Cyber Law continued to appear toothless.
---------------------- Meanwhile, as Internet 2.0 became more prominent in India, social
networking cyber crimes, including misuse of personal information posted
---------------------- on such sites was reported frequently. The misuse of personal information by
tampering and amending the same has grown tremendously.
----------------------
The year 2008 was also the year of cyber terrorism. The bomb blasts
---------------------- were preceded by e-mails announcing the impending acts. It was the year
---------------------- when cyber terrorists became far more adventurous. The inability of the law
enforcement agencies to nab cyber criminals and take effective action exposed
---------------------- the inadequacies of our laws.
---------------------- Cyber terrorism once again came to the fore in India in the form of the
Mumbai attacks. The terrorists were extremely technology savvy, and were
---------------------- using satellite phones with impunity.
---------------------- It was the year, when pushed by the Mumbai attacks, the government
swung into action and got the amendments to the Information Technology Act,
---------------------- 2000 passed in both the houses of Parliament in February 2009.
---------------------- 2008 was also the year in which network service providers started feeling
the heat of the process of law. Various litigations were filed insisting upon
---------------------- them to disclose third party information rendered and made available in their
computer systems. A network service provider got a taste of the result of giving
----------------------
wrong subscriber information to the law enforcers.

The year 2008 brought home the truth that if network service providers are Notes
negligent about giving correct subscriber information to the law enforcement
agencies; they need to face potential legal consequences, both civil and criminal. ----------------------
This is all the more so, as under the IT Act, 2000, these providers are made
----------------------
liable for all third party data and information made available by them. However,
they can exit from their liability, provided they are able to prove two conditions. ----------------------
The first condition is that the network service provider has to prove that he
had no knowledge of any contravention of law. The second condition is that ----------------------
the provider has to prove that despite due diligence, it could not prevent the ----------------------
commission of an offence or contravention of law.
----------------------
Right of Privacy under the Indian Context
The tehelka teams which have performed the ‘sting’ operation on various ----------------------
political leaders have given rise to a huge debate about an individual’s right to ----------------------
privacy. It has evoked the right to freedom of belief, thought and expression
which are basic principles envisaged in our constitution. The freedom of ----------------------
press is also a guaranteed right provided by our constitution. Further the
----------------------
constitution also guarantees right to information and as such the citizens have
the fundamental right to know what is happening around them. But on the ----------------------
other hand our constitution guarantees the right to privacy, though not being
an expressed fundamental right, the courts in India have taken a lead and have ----------------------
recognized it as a fundamental right. Every man has some zones of privacy, ----------------------
which cannot be infringed upon even by the State. It can be further contended
that the right to life has also been infringed upon as right to life envisages right ----------------------
to life with human dignity.
----------------------
The tehelka team’s act has damaged the political image of many leaders
which in turn may even prove to be a political death for those leaders. One line ----------------------
of argument is that the tehelka team has acted in a very prudent and responsible ----------------------
way by disclosing the whole drama on the e-space. As a matter of principle,
there is no doubt that in a conflict between ‘personal-interest’, and ‘national- ----------------------
interest’, undoubtedly ‘national-interest’ should prevail. Thus the tehelka team
----------------------
was very appropriate in doing so. But on the other hand, the argument is that the
tehelka team has tried to create a state of political uncertainty and unstableness ----------------------
there by threatening ‘national-interest’. Even the evidence produced by the
www.tehelka.com is not conclusive and there might be every possibility that it ----------------------
might be fabricated. ----------------------
Thus in view of the technological advancements which now make
----------------------
video and audio recording easy, cheap and easy without one knowing about
it, there is a dire need for evolving a Code of Ethics on the Cyber-Space and ----------------------
discipline.
----------------------
----------------------
----------------------

Notes
----------------------

i. 1998 a. IT Act
----------------------
ii. 2005 b. Cyber terrorism
----------------------
iii. 2008 c. UNCITRAL MODEL LAW
---------------------- iv. 2000 d.
Amendment due to Gurgaon
---------------------- Karan Bahree case
----------------------
10.3 SOME LANDMARK CASES
----------------------
A few landmark judgements were also given under the Information
---------------------- Technology Act, 2000.
---------------------- 1. Bazee.com - Brief Facts
A 17-year-old Delhi schoolboy who, sometime in July 2004, captured his
----------------------
own indiscretion with a female classmate on his mobile phone camera. He
---------------------- then transmitted the images to two friends on their mobile phones, from
whom a three-minute clip got circulated among 50 students. Thereafter,
---------------------- an Indian Institute of Technology (IIT) Kharagpur student, picked up the
video clip from the IIT’s Local Area Network and then posted it on bazee.
----------------------
com, said to be India’s largest Internet auction site. He did this with the
---------------------- help of an electronics firm in Kharagpur. Eight people are reported to
have bought the CD from the site. There is also a report that the CD was
---------------------- available in the Delhi market for atleast a few days.
---------------------- 2. Avnish Bajaj Vs. State (N.C.T) New Delhi
---------------------- (2005) 3 CompLJ 364(Del)

Mr. Avnish Bajaj was arrested under the Information Technology Act case
---------------------- that had been registered by the Delhi Police. IIT student was arrested a
---------------------- few days earlier, on the charge of circulating pornographic material for
monetary gain. The schoolboy was granted bail by the Juvenile Justice
---------------------- Board after he was taken into police charge and detained at an Observation
Home for two days.
----------------------
The penal sections invoked were Section 292 (sale, distribution, public
---------------------- exhibition, etc., of an obscene object) and Section 294 (obscene acts,
songs, etc., in a public place) of the Indian Penal Code (IPC), and Section
----------------------
67 (publishing information which is obscene in electronic form) of the
---------------------- Information Technology Act, 2000.
In the bail application filed by Avnish Bajaj, the court observed while
----------------------
granting bail that –
----------------------

a. It has not been established from the evidence that any publication Notes
took place by the accused directly or indirectly
----------------------
b. The actual obscene clip could not be viewed on the portal bazee.
com ----------------------
c. Prima facie Bazee.com had taken immediate steps to plug the
----------------------
loophole
d. Evidence collected indicates only that the obscene material may ----------------------
have been unlawfully offered for sale on the website.
----------------------
The criminal charges made by the Government against Avnish Bajaj in
the charge sheet were challenged before the Delhi High Court, which ----------------------
declined to quash the cyber criminal charges of online obscenity and ----------------------
directed the accused to face criminal trial. The matter is now pending in
the Supreme Court. ----------------------
3. Blogging and defamation - Barkha Dutt (NDTV) - Chaitanya Kunte ----------------------
Bloggers were scathing in their criticism of Barkha Dutt’s sensationalistic
coverage of the 11/26 Mumbai terror attack, accusing her of broadcasting ----------------------
sensitive information about the position of hostages and security troops, ----------------------
sensationalizing the news coverage, and being borderline hysterical,
in general. The National Security Guard, the Naval Chief, and the ----------------------
Information & Broadcasting Ministry had also criticized Indian news
television coverage of the crisis. This groundswell of criticism prompted ----------------------
mainstream media to join in and forced Barkha Dutt and NDTV to go on ----------------------
the defensive.
----------------------
Thereafter NDTV and Barkha Dutt insisted that blogger Chaitanya Kunte
take down his post “Journalism” and posting a retraction, presumably ----------------------
under threat of legal action.
----------------------
In an ironic turn of events, however, Chaitanya’s retraction post has
prompted even more bloggers to discuss the very same criticisms that ----------------------
NDTV had an issue with. This rakes up the issues of online defamation
and Bloggers rights and liabilities. ----------------------
Bloggers themselves need to assume that they are subject to some of the ----------------------
same laws that journalists are subject to, including defamation and libel
laws. What’s more, they don’t have some of the protections journalists ----------------------
enjoy, both in terms of the law itself and access to legal support. ----------------------
4. Pradyuman Maheshwari – TOI
----------------------
In March 2005, Pradyuman Maheshwari, who is now the Editor in Chief
for Exchange Media, shut down his media criticism blog Mediaah! after ----------------------
The Times of India served him a legal threat for libel and asked him to
take down nineteen posts that criticized TOI on various issues, including ----------------------
its tendency to blur the boundaries between ads and editorial content. ----------------------
----------------------

Notes 5. IIPM - Gaurav Sabnis
Business school IIPM sent legal notices to Indian bloggers Rashmi
----------------------
Bansal, Gaurav Sabnis and Varna Sriraman after they wrote about its
---------------------- unsubstantiated advertising claims.
6. Ajith D. - Shiv Sena
----------------------
The Supreme Court has refused to quash proceedings against 19-year-
---------------------- old computer science student Ajith D. who is charged with criminal
intimidation and hurting religious sentiments for starting an anti-Sena
----------------------
Orkut community in which an anonymous commentator had posted a
---------------------- death threat against Sena leader Bal Thackeray.
---------------------- Shiv Sena activists vandalised cyber cafes in Mumbai and Pune between
November 2006 and May 2007 to protest Orkut communities that ‘hurt’
---------------------- their religious sentiments, it has Google to deviate from its policy on
sharing private user data and set up an arrangement which enabled
---------------------- Mumbai police to directly ask Google to delete ‘objectionable’ content
---------------------- and ask it for IP addresses and service providers.
7. Rediff Communication Limited Vs. Cyber booth
----------------------
Protection to Domain names as trademarks - Action in passing off.
----------------------
Rediff Communication Limited filed suit for a permanent injunction
---------------------- restraining the defendants from using the mark/domain name “RADIFF”
or any other similar name so as to pass off or enable others to pass off
---------------------- their business or goods or services as for the business or goods or services
of the plaintiffs.
----------------------
According to the plaintiffs, the action of the defendants in registering
---------------------- the domain “RADIFF” with NSI and establishing and broadcasting a
web page on the Internet with the title “RADIFF ONLINE” is clearly
----------------------
intended to cause members of the public to believe that the defendants
---------------------- are associated with the plaintiffs and/or part of the Rediffusion group with
whom the words and mark “REDIFF” are exclusively associated.
----------------------
The plaintiffs submit that the defendants have adopted the word
---------------------- “RADIFF” as part of their trading style deliberately with a view to pass
of their business services as that of the plaintiffs and to induce members
---------------------- of the public into believing that the defendants are associated with the
plaintiffs and/or the Rediffusion group by so adopting and using the word
----------------------
“RADIFF” which is deceptively similar to “REDIFF” which is trading
---------------------- name and style of the plaintiffs. The plaintiffs submit that the adoption of
the word “RADIFF” which is deceptively similar to the plaintiffs’ trade
---------------------- name and style by the defendants is dishonest and has been done with
the deliberate intention to pass off the defendants business, goods and
----------------------
services as those of the plaintiffs and thereby illegally trade upon the
---------------------- reputation of the plaintiffs.
----------------------

It is the case of the defendant, there is no likelihood of any deception Notes
or confusion between www.rediff.com and www.radiff.com. During the
course of argument, the learned counsel for the defendants elaborately ----------------------
explained the manner in which the user normally seeks an access to a
particular website. ----------------------
However, the court found no merit in the contention of the defendant and ----------------------
held that as the websites were widely publicized in the newspapers and
----------------------
magazines, etc, there is always a possibility of the first user accessing the
defendants’ website believing it to be the plaintiffs’ website because of the ----------------------
close similarity in the domain names. A first time visitor to website cannot
possibly distinguish one website from another website which also he has ----------------------
not visited. Besides this, as a result of the adoption of the domain name
----------------------
“RADIFF”, the public are likely to associate the defendants’ domain name
with the plaintiffs and/or as part of the Rediffusion group. Injunction as ----------------------
prayed for was therefore granted.
----------------------
8. Obscene pictures on laptop of a fashion photographer
A Mumbai Sessions court acquitted Belgian fashion photographer, Van de ----------------------
Gaetan, in an obscenity case after the prosecution failed to make out any
----------------------
case against him.
Gaetan had clicked nude pictures of two aspiring models, Tushar ----------------------
Narvekar and Nitin Gupta, following which Mumbai police booked him ----------------------
for obscenity. Ironically, none of the two models ever approached the
police, and the pictures were never circulated, but only sent to the models ----------------------
through e-mail.
----------------------
In the order the court has held that Gaetan’s laptop (which had nude
pictures of models he had taken) was akin to a personal diary, and hence ----------------------
obscenity laws don’t stretch to such personal possessions. The court
held that possession of nude photographs on one’s laptop by itself is no ----------------------
offence...even if they are of male models. ----------------------
----------------------
----------------------
----------------------
i. Bazee.com a. Defamation
----------------------
ii. Avnish Bajaj vs. State b. Obscenity
----------------------
iii. Barkha Dutt case c. Possession of nude photographs
iv. Rediff Communication d. Circulation of Pornography ----------------------
v. Gaetan case e. Trademark ----------------------
----------------------
----------------------

Notes Summary
---------------------- ●● With the rapid development in computer and internet technology, existing
rules and regulations were insufficient to tackle these issues. A need for
----------------------
a new legislation was urgently felt which led to the enactment of the
---------------------- Information Technology Act 2000.
●● Though the legislation made an effort to address issues relating to digital
----------------------
evidence, e-commerce, e-governance and cyber crimes the legislation is
---------------------- insufficient as it is technology specific and does not address the issues of
cyber crimes, in detail. The courts have played a very important role in
---------------------- applying the legal principles evolved in the administration of justice as
can be seen from the various cases discussed in the articles above.
----------------------
●● There is a long road ahead for cyber law to evolve and mature. Science
---------------------- and technology is galloping away and the legal system needs to keep
pace with this technological revolution to maintain law and order in the
----------------------
society.
----------------------
Keywords
----------------------
●● Juris: Law
----------------------
●● Prudentia: Knowledge of law
----------------------
●● AIR: All India Reporter
---------------------- ●● SCC: Supreme Court Cases
----------------------
----------------------
1. What is Jurisprudence. Discuss in detail.
----------------------
2. Discuss the Austin’s theory of jurisprudence.
---------------------- 3. Discuss the case reported in AIR 1978 SC 597.
---------------------- 4. Write notes on the three schools of jurisprudence.
---------------------- 5. Why was there a need for a separate legislation to deal with issues arising
out of the use of computers and internet?
----------------------
6. Discuss the legislative history of cyber laws in India.
---------------------- 7. Discuss the cases in which S. 79 of the IT Act has been invoked.
---------------------- 8. Discuss the ethical, moral and legal issues relating to operating the website
www.tehelka.com.
----------------------
9. Express your views on blogging vis-à-vis defamation laws in the country
---------------------- in light of the NDTV Barkha Dutt Case.
---------------------- 10. Discuss the case of Satyam Infoway Ltd. Vs. Sifynet Solutions (P) Ltd
reported in (2004) 6 SCC 145.
----------------------


Match the following ----------------------
i. –c ----------------------
ii. –d
----------------------
iii. – b
----------------------
iv. – a
----------------------
i. –b
----------------------
ii. –d
----------------------
iii. – a
iv. – e ----------------------
v. –c ----------------------
----------------------
----------------------
Suggested Reading
----------------------
2. Mittal, D.P. Law of Information Technology. ----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------

Notes
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------

Cyber Laws International Perspective
UNIT
11
Structure:
11.1 What is Jurisdiction
11.2 Civil Jurisdiction
11.3 Criminal Jurisdiction
Summary
Keywords
Suggested Reading
Cyber Laws International Perspective 183

Notes
Objectives
----------------------
• Specify the problems of jurisdiction in the field of cyber transactions
----------------------
and cyber crimes
---------------------- • Enumerate the challenges of policing the cyberspace
---------------------- • Evaluate the impact of the conflict of laws in respect of cyber
transactions
----------------------
----------------------
11.1 WHAT IS JURISDICTION
----------------------
The most simple definition of the term jurisdiction would be the power
---------------------- of the Court to decide a dispute between two parties. It is the power of the
---------------------- court to decide a matter in controversy and presupposes the existence of a duly
constituted court. This power is conferred on the court by various statutes. The
---------------------- court which has the power to decide a particular dispute is then required to
apply the relevant law of the land to pass a judgment. If a court not having
---------------------- jurisdiction over a particular dispute passes an order, the same is deemed to be
---------------------- void and not binding on parties.
Jurisdiction can be territorial jurisdiction and pecuniary jurisdiction.
---------------------- Pecuniary jurisdiction is the limit of the monetary claim which the court can
---------------------- enquire into and adjudicate. Territorial jurisdiction is the geographical limits to
which the powers of the courts extend to adjudicate disputes.
---------------------- In respect of extra territorial jurisdiction, it has been recognized under
---------------------- the international law that a state may assert extra territorial jurisdiction under
certain circumstances. The principles governing the extra territorial jurisdiction
---------------------- are the following –
---------------------- 1. Territorial Principle
State’s territory for jurisdictional purposes extends to its land and
----------------------
dependant territories. The objective territorial principle is one in which
---------------------- the state exercises jurisdiction over all activities that are completed
within its territory though they may have been initiated elsewhere and
---------------------- the subjective principle is one in which the state exercises jurisdiction
over all activities that commence within its territory even though the final
----------------------
outcome may have occurred elsewhere.
---------------------- 2. Nationality Principle
---------------------- It is for each state to determine under its own law who are its nationals. A
person who is conferred a nationality enjoys its rights and is bound by its
---------------------- obligations irrespective of the place they are. Thus the state may assume
---------------------- extra territorial jurisdiction.

3. Protective Principle Notes
A state relies on this principle when its national security is under threat as
----------------------
it has the inherent right to protect itself.
4. Passive Personality Principle ----------------------
It is an extension of the nationality principle to apply to any crime ----------------------
committed against the national of a state wherever the national may be.
----------------------
5. The ‘Effects Doctrine’
It is an extra territorial application of national laws. ----------------------
6. Universality Principle ----------------------

A state may assert its universal jurisdiction irrespective of who committed ----------------------
the act and where it occurred. A state has jurisdiction to define punishment
for certain offences recognized by the universal community as common ----------------------
concern.
----------------------
11.2 CIVIL JURISDICTION ----------------------
Personal Jurisdiction (Civil) ----------------------

Personal Jurisdiction is the competence of the court to determine a case ----------------------
against a particular category of persons – natural as well as legal. The question
is whether or not the person is subject to the court in which the case is filed. ----------------------
If the person has a physical presence within the territorial jurisdictional ----------------------
limits of the court, then there is no difficulty in applying the municipal laws to
the person. However if the person is a non-resident, the issue of applicability ----------------------
of laws and forums arise. The discussion below deals with this issue in the civil
----------------------
context.
Indian Context ----------------------
Civil jurisdiction or the power of the courts to adjudicate a civil dispute. ----------------------
Such powers have been conferred upon the courts by various statutes. Some of
the relevant statutes are discussed in brief below - ----------------------
Civil Procedure Code ----------------------

Section 15 CPC Court in which suits to be instituted – Every suit shall be ----------------------
instituted in the Court of the lowest grade competent to try it.
----------------------
Section 16 CPC Suits to be instituted in the Court within the local limits of
whose jurisdiction the property/subject matter is situated. However, if the relief ----------------------
can be entirely obtained through the personal obedience of the defendant then
the suit can be initiated within the local limits of whose jurisdiction the property ----------------------
is situated or within the local limits of whose jurisdiction the defendant actually
----------------------
and voluntarily resides, or carries on business or personally works for gain.
Section 19 CPC Where a suit is for compensation for wrong done to the ----------------------
person or to movable property, if the wrong was done within the local limits of
----------------------

Notes the jurisdiction of one court and the defendant resides, or carries on business or
personally works for gain within the local limits of the jurisdiction of another
---------------------- court, the suit may be instituted at the option of the Plaintiff in either of the said
courts.
----------------------
Subject to the aforesaid limitations as per S. 20 of CPC, every suit shall
---------------------- be instituted in a court within the local limits of whose jurisdiction –
---------------------- a) the defendant actually and voluntarily resides, or carries on business or
personally works for gain.
----------------------
b) the cause of action, wholly or in part arises.
---------------------- The following case discusses the issue of jurisdiction for disputes arising
---------------------- out of commercial transactions in detail. Power of the court to adjudicate a
suit arising out of contractual obligations has been discussed in detail in the
---------------------- following case.
---------------------- Reported in AIR 1989 SUPREME COURT 1239

G.L. OZA AND K.N. SAIKIA, JJ.
----------------------
Civil APPEAL No. 2682 of 1982, D/- 13-3-1989
----------------------
A.B.C. LAMINART Pvt. Ltd. and another.
---------------------- Appellants vs. A.P. Agencies, Salem.
---------------------- Respondent.
---------------------- It has been held that as per provisions of the Contract Act (1872), S.2(a)
- in Order Confirmation acknowledging receipt of order, registering it subject
---------------------- to terms and conditions overleaf and the general terms are mentioned overleaf
containing clause making dispute subject to jurisdiction of particular court,
---------------------- such a clause forms part of agreement.
---------------------- In the online context, this will find application in a click wrap contract
which is discussed in detail below.
----------------------
It has been further held that as per Contract Act (1872), Sec. 23 and 28 -
---------------------- Contract to vest jurisdiction in one of the courts within whose jurisdiction cause
of action arises is not against public policy.
----------------------
In the online context, this will find application when the contracting
---------------------- parties are from two different countries. Then this ‘forum selection’ clause in
the contract assumes a great significance.
----------------------
It has also been held that as per provisions of Civil P.C. (1908), S. 20(c), to
---------------------- determine the jurisdiction of Court where more than one court has jurisdiction,
---------------------- a contract to vest jurisdiction in one of them is not against public policy.
It is observed by the hon’ble court in the present case that “where there
---------------------- may be two or more competent courts which can entertain a suit based upon a
---------------------- part of cause of action having arisen therein within, if the parties to the contract
agreed to vest jurisdiction in one of such courts to try the dispute which might
---------------------- arise as between themselves the agreement would be valid. If such a contract is

clear, unambiguous and explicit and not vague, it is not hit by Sec. 23 and 28 of Notes
the Contract Act. This cannot be understood as parties contracting against the
Statute. Mercantile Law and practice permit such agreement.” ----------------------
“Under Sec. 23 of the Contract Act, the consideration or object of an ----------------------
agreement is lawful, unless it is opposed to public policy. Every agreement of
which the object or consideration is unlawful is void. Hence there can be no ----------------------
doubt that an agreement to oust absolutely the jurisdiction of the Court will be
----------------------
unlawful and void being against public policy. However, such will be the result
only if it can be shown that the jurisdiction to which the parties have agreed ----------------------
to submit had nothing to do with the contract. If on the other hand it is found
that the jurisdiction agreed would also be a proper jurisdiction in the matter of ----------------------
the contract, it could not be said that it ousted the jurisdiction. In other words,
----------------------
where the parties to a contract agreed to submit the disputes arising from it to
a particular jurisdiction which would otherwise also be a proper jurisdiction ----------------------
under the law their agreement to the extent they agreed not to submit to other
jurisdiction cannot be said to be void as being against public policy. If on the ----------------------
other hand the jurisdiction they agreed to submit would not otherwise be proper
----------------------
jurisdiction to decide disputes arising out of the contract, it must be declared
void being against public policy. Sec. 28 also leads to the same conclusion. ----------------------
The principles of Private International Law that the parties should be bound by
the jurisdiction clause to which they have agreed unless there is some reason ----------------------
contrary to being applied to municipal contracts.”
----------------------
As per Civil P.C. (1908), Section 20(c) when a suit is on contract, in case
of breach of contract, the dispute can be filed at place where it was made and ----------------------
also at the place of performance as it is also a part of cause of action.
----------------------
“The jurisdiction of the Court in matter of a contract will depend on the
status of the contract and the cause of action arising through connecting factors. ----------------------
In the matter of a contract there may arise cause of action of various kinds. In
----------------------
a suit for damages for breach of contract the cause of action consists of making
of the contract, and of its breach, so that the suit may be filed either at the ----------------------
place where the contract was made or at the place where it should have been
performed and the breach occurred. The making of the contract is a part of ----------------------
cause of action. A suit on a contract, therefore, can be filed at the place where
----------------------
it was made. The determination of the place where the contract was made is
part of the law of contract, but making of an offer on a particular place does not ----------------------
form cause of action in a suit for damages for breach of contract. Ordinarily,
acceptance of an offer and its intimation result in a contract and hence a suit can ----------------------
be filed in a court within whose jurisdiction the acceptance was communicated.
----------------------
The performance of a contract is a part of cause of action and a suit in respect
of the breach can always be filed at the place where the contract should have ----------------------
been performed or its performance completed. If the contract is to be performed
at the place where it is made, the suit on the contract is to be filed there and ----------------------
nowhere else. In suits of agency actions, the cause of action arises at the place
----------------------
where the contract of agency was made or the place where the actions are to be
rendered and the payment is to be made by the agent. Part of cause of action ----------------------

Notes arises where money is expressly or impliedly payable under a contract. In cases
of repudiation of a contract, the place where repudiation is received is the place
---------------------- where the suit would lie. If a contract is pleaded as part of the cause of action
giving jurisdiction to the Court where the suit is filed and that contact is found
---------------------- to be invalid, such part of cause of action disappears.”
---------------------- “When the Court has to decide the question of jurisdiction pursuant to
an ouster clause, it is necessary to construe the ousting expression or clause
----------------------
properly. Often the stipulation is that the contract shall be deemed to have
---------------------- been made at a particular place. This would provide the connecting factor for
jurisdiction to the Courts of that place in the matter of any dispute on or arising
---------------------- out of that contract. It would not, however, ipso facto take away jurisdiction of
other Courts. Where an ouster clause occurs, it is pertinent to see whether there
----------------------
is ouster of jurisdiction of other Courts. When the clause is clear, unambiguous
---------------------- and specific accepted notions of contract would bind the parties unless the
absence of ad idem can be shown, the other Courts should avoid exercising
---------------------- jurisdiction. As regards construction of the ouster clause when words ‘alone’,
‘only’, ‘exclusive’, and the like have been used there may be no difficulty.
----------------------
Even without such words in appropriate cases, the maxim ‘expression unius est
---------------------- exlusio alterius’- expression of one is the exclusion of another may be applied.
What is an appropriate case shall depend on the facts of each case. In such a case,
---------------------- mention of one thing may imply exclusion of another, when certain jurisdiction
is specified in a contract an intention to exclude all other from its operation may
----------------------
in such cases be inferred. It has therefore to be properly construed.”
---------------------- “Where the clause under which it was claimed there was ouster of
jurisdiction of Courts only stated that any dispute arising out of sale would be
----------------------
subject to jurisdiction of Court within whose jurisdiction order was placed but
---------------------- there were no exclusive words like ‘exclusive’, ‘alone’, ‘only’ and the like,
other jurisdictions having connecting factors were not clearly, unambiguously
---------------------- and explicitly excluded.”
---------------------- “A cause of action means every fact, which, if traversed, it would be
necessary for the plaintiff to prove in order to support his right to a judgment
---------------------- of the Court. In other words, it is a bundle of facts which taken with the law
applicable to them gives the plaintiff a right to relief against the defendant.
----------------------
It must include some act done by the defendant since in the absence of such
---------------------- an act no cause of action can possibly accrue. It is not limited to the actual
infringement of the right sued on but includes all the material facts on which
---------------------- it is founded. It does not comprise evidence necessary to prove such facts, but
every fact necessary for the plaintiff to prove to enable him to obtain a decree.
----------------------
Everything which if not proved would give the defendant the right to immediate
---------------------- judgment must be a part of the cause of action. But it has no relation whatever
to the defence which may be set up by the defendant nor does it depend upon
---------------------- the character of the relief prayed for by the plaintiff.”
---------------------- “In the matter of a contract, there may arise causes of action of various
kinds. In a suit for damages for breach of contract, the cause of action consists
---------------------- of making of the contract, and of its breach, so that the suit may be filed either

at the place where the contract was made or at the place where it should have Notes
been performed and the breach occurred. The making of the contract is a part
of the cause of action. A suit on a contract, therefore, can be filed at the place ----------------------
where it was made. The determination of the place where the contract was made
----------------------
is part of the law of contract. But making of an offer on a particular place
does not form cause of action in a suit for damages for breach of contract. ----------------------
Ordinarily, acceptance of an offer and its intimidation result in a contract and
hence a suit can be filed in a court within whose jurisdiction the acceptance was ----------------------
communicated. The performance of a contract is part of cause of action and a ----------------------
suit in respect of the breach can always be filed at the place where the contract
should have (been) performed or its performance completed. If the contract is to ----------------------
be performed at the place where it is made, the suit on the contract is to be filed
----------------------
there and nowhere else. In suits for agency actions, the cause of action arises at
the place where the contract of agency was made or the place where actions are ----------------------
to be rendered and payment is to be made by the agent. Part of cause of action
arises when money is expressly or impliedly payable under a contract. In cases ----------------------
of repudiation of a contract, the place where repudiation is received is the place ----------------------
where the suit would lie. If a contract is pleaded as part of the cause of action
giving jurisdiction to the Court where the suit is filed and that contract is found ----------------------
to be invalid, such part of cause of action disappears.”
----------------------
Thus in case of contracts various courts can exercise jurisdiction for a
dispute arising out of the contract as discussed hereinabove. However when the ----------------------
transactions are international in nature, the complexity increases and one needs ----------------------
to be careful in determining the jurisdiction.
----------------------
Each e-commerce websites are accessible from anywhere in the world
though the services or goods provided by the website may be restricted to a ----------------------
particular geographical location. However, such online transactions may lead
to disputes, which could be domestic or international. The question is how to ----------------------
resolve these disputes keeping in view the complexity of online activity. ----------------------
Choice of Law
----------------------
In international transactions, choice of law is also a crucial factor. When
the cause of action arises from contract and the parties have not effectively ----------------------
selected the governing substantive law, the relevant factors in a choice-of-law ----------------------
analysis are:
----------------------
a) Place of Contract
b) Place of Negotiation of Contract ----------------------
c) Place of Performance ----------------------
d) Location of the Subject-matter ----------------------
e) Location of the Parties
----------------------
In the case of Thermal Power Corporation vs. The Singer Company
reported in AIR 1993 SC 998 the Supreme Court held that: ----------------------

Notes “The expression ‘proper law of a contract’ refers to the legal system
by which the parties to the contract intended their contract to be governed.
---------------------- If their intention is expressly stated or if it can be clearly inferred from the
contract itself or its surrounding circumstances, such intention determines the
---------------------- proper law of the contract. Where however the intention of the parties is not
---------------------- expressly stated and no inference about it can be drawn, their intention as such
has no relevance. In the event, the courts endeavour to impute an intention by
---------------------- identifying the legal system with which the transaction has its closest and most
real connection. The expressed intention of the parties is generally decisive in
---------------------- determining the law of the contract. The only limitation on this rule is that the
---------------------- intention of the parties must be expressed bonafide and it should not be opposed
to public policy”.
----------------------
The Civil Procedure Code U/S 13 also lays down the criteria for accepting
---------------------- a Foreign Judgement. In the case of Smita Conductors Ltd. vs. Euro Alloys
Ltd. reported in (2001) 7 SCC 728 the Supreme Court held that a foreign award
---------------------- cannot be recognized or enforced in India if it is contrary to:
---------------------- 1) Fundamental policy of Indian Law
2) Interests of India
----------------------
3) Justice or Morality
----------------------
US Approach
---------------------- Personal Jurisdiction
---------------------- a) General Jurisdiction
---------------------- It subjects a person to the power of the applicable court.
---------------------- b) Specific Jurisdiction

Is the power of the applicable court with respect to the cause of action
---------------------- based upon a set of “minimum contacts”.
---------------------- c) Long Arm Statute
---------------------- This principle authorizes the court to claim personal jurisdiction over a
non-resident defendant whose principle business is outside the state on
---------------------- the ground that their actions fall within the state.
---------------------- d) Due Process of law
These are the limits on the powers of the court to exercise the traditional
----------------------
notions of fair play and substantial justice.
---------------------- The ground rules for establishing personal jurisdiction for the non-resident
---------------------- were laid down by the US Supreme Court in the case of International Shoe Co.
vs. State of Washington, Office of Unemployment and Placement et al.
---------------------- It held that a court’s exercise of personal jurisdiction over a non-resident
---------------------- defendant is proper if that defendant has had certain minimum contacts with the
forum state such that the maintenance of the suit does not offend ‘traditional
---------------------- notions of fair play and substantial justice’.

It held that the three criteria for establishing “minimum contacts” are: Notes
a) the defendant must “purposefully avail” himself of the privilege of doing
----------------------
business with the forum state,
b) the cause of action arises from defendant’s activities in the forum state, and ----------------------
c) the exercise of jurisdiction would be fair and reasonable. ----------------------
The ‘minimum contact’ principle laid the foundation of state’s jurisdiction ----------------------
over other state subject. It advocated establishment of ‘minimum contacts’ to
give rise to obligation between the defendant and forum state. Primarily, it does ----------------------
not look into the issue whether the contacts were sufficient or insufficient to
establish “purposeful availment”. ----------------------
Long-arm statute went a step ahead of ‘minimum contacts’ to look into ----------------------
whether the contacts were sufficient or insufficient to establish “purposeful
availment”, like ----------------------
●● Purposefully and successfully solicitation of business from forum [state] ----------------------

residents
----------------------
●● Establishment of contacts with the forum [state] residents
●● Associated with other forum [state] related activity ----------------------
●● Substantial enough connection with the forum [state] ----------------------
Once the court determined that sufficient ‘minimum contacts’ existed to ----------------------
exercise specific jurisdiction over the defendant, the court then would have to
consider whether it was responsible to subject the non-resident defendant to ----------------------
the personal jurisdiction of the forum to the extent that federal constitutional
requirements of due process will allow. ----------------------
The importance of the International Shoe Company’s case is that it is ----------------------
established for the first time that personal jurisdiction might exist even though
the defendant had no physical presence in the forum state. It acted as precursor ----------------------
to the states’ long-arm statutes. ----------------------
Later, with the advent of e-commerce this judgment has been used by the
courts all over the United States as an established law in identifying “minimum ----------------------
contacts” to claim personal jurisdiction over a non-resident. ----------------------
Some cases relating to cyberspace and exercise of jurisdiction of courts
----------------------
1. Cody vs. Ward, 954 F. Supp.43 (D. Conn. 1997)
----------------------
A Connecticut resident brought suit in Connecticut against a California
resident, claiming reliance on fraudulent representation made by the ----------------------
defendant resulting in a loss. The court held that it had valid jurisdiction
over the defendant based upon bulletin board messages posted by the ----------------------
defendant on an online service’s “Money Talk” bulletin board and e-mail
----------------------
messages and telephone conversations from the defendant in California
to the plaintiff in Connecticut. It simply concluded that the “purposeful ----------------------
availment” requirement was satisfied by the defendant’s electronic
contacts with the plaintiff. ----------------------

Notes 2. CompuServe, Inc. vs. Patterson, 89 F.3d 1257 (6th Cir 1996)
CompuServe, an Ohio Corporation with its main offices and facilities in
----------------------
Ohio, sued one of its commercial shareware providers, a resident of Texas.
---------------------- The suit was filed in Ohio and the defendant asserted that the Federal
District Court in Ohio lacked jurisdiction over him, claiming never to set
---------------------- foot in Ohio. The appellate court measured the defendant’s “contacts” with
Ohio and concluded that jurisdiction was proper because: (a) the defendant
----------------------
had “purposefully availed” himself of the privilege of doing business in
---------------------- Ohio by subscribing to CompuServe and subsequently accepting online
CompuServe’s Shareware Registration Agreement (which contended an
---------------------- Ohio choice of law provision) in connection with his sale of shareware
programs on the service, as well as by repeatedly uploading shareware
----------------------
programs to CompuServe’s computers and using CompuServe’s e-mail
---------------------- system to correspond with CompuServe regarding the subject matter of
lawsuit; (b) the cause of action arose From Patterson’s “activities” in
---------------------- Ohio because he only marketed his shareware through CompuServe; and
(c) it was not unreasonable to require Patterson to defend himself in Ohio
----------------------
because by purposefully employing CompuServe to market his products,
---------------------- and accepting online the Shareware Registration Agreement, he should
have reasonably expected disputes with CompuServe to yield lawsuit in
---------------------- Ohio.
---------------------- 3. Bensusan Restaurant Corp. vs. King, 937 F. Supp. 295 (SDNY), 1996)
A New York jazz club operator sued a Missouri club owner claiming
----------------------
trademark infringement, dilution and unfair competition over the use of
---------------------- the name “The Blue Note”. The defendant maintained a website promoting
his Missouri “Blue Note” club and providing a Missouri telephone number
---------------------- through which tickets to the club could be purchased. The issue, as framed
by the Federal District Court, was whether the existence of the website,
----------------------
without more, was sufficient to vest the court with personal jurisdiction over
---------------------- the defendant under New York’s long-arm statute. The court held that it did
not. The court considers whether the existence of the website and telephone
---------------------- ordering information constituted an “offer to sell” the allegedly infringing
“product” in New York, and concluded it was not. The court noted that,
----------------------
although the web site is available to any New Yorker with internet access, it
---------------------- takes several affirmative steps to obtain access to this particular site, to utilize
the information contained there, and to obtain a ticket to the defendant’s club.
---------------------- These steps would include the need to place a telephone call to Missouri and
to physically travel to Missouri to pick up the tickets ordered. Therefore, the
----------------------
court concluded that any infringement that might occur would in Missouri,
---------------------- not New York. “The mere fact that a person can gain information on the
allegedly infringing product is not the equivalent of a person advertising,
---------------------- promoting, selling or otherwise making an effort to target its product in
New York”. It found that the defendant did nothing to “purposefully avail”
----------------------
himself of the benefit of New York. There was no evidence of the defendant
---------------------- actively encouraging New Yorkers to visit the site.

4. Bremen vs. Zapata Off-Shore Co., 407 US 1, 9-10 (1972) Notes
Online Contracts are subject to terms of use, disclaimers and agreements.
----------------------
These terms impose restrictions on its users in respect of forum selection
and choice of law. In the present case it was held that these terms are ----------------------
binding on its users unless enforcement is shown by the resisting party to
be ‘unreasonable’ under the circumstances. This rule applies, under the ----------------------
federal law, both if the clause was a result of negotiation between two
----------------------
business entities, and if it is contained in a form of contract that a business
presents to an individual on a take-it-or-leave-it basis (non-negotiable ----------------------
contracts).
----------------------
5. Steven j. Caspi, et al. vs. Microsoft Networ, L.L.C., et al, 1999 WL
462175, 323 NJ Super. 118 (NJ App. Div., July 2, 1999) ----------------------
In this case, the user could not use the Microsoft Network unless she
----------------------
clicked the “I agree” button next to a scrollable window containing the
terms of use. Each plaintiff clicked the “I agree” button to use the Microsoft ----------------------
Network, thus giving their express assent to be bound by the terms of the
subscriber agreement and thus forming a valid license agreement. The ----------------------
Superior Court of New Jersey held that the forum selection clause in
----------------------
Microsoft Network subscriber agreement was enforceable and valid.
----------------------
----------------------
i. Civil Jurisdiction a. US approach on claim of personal jurisdiction ----------------------
ii. Choice of law b. Civil court ----------------------
iii. Long Arm Statute c. Limitation on powers of the court ----------------------
iv. Due Process of law d. Place of performance or location of parties
----------------------
----------------------
11.3 CRIMINAL JURISDICTION
----------------------
The Information Technology Act 2000 is silent about the jurisdiction of
courts and therefore offences under chapter XI of the Information Technology ----------------------
Act will be tried by the JMFC of the Court of Session as per provisions of CrPC
based on the term of imprisonment prescribed under the section. ----------------------
Cyber crimes under the Indian penal code will be tried as per provisions ----------------------
of CrPC.
----------------------
Jurisdiction under Criminal Procedure Code and Indian Penal Code
Jurisdiction under Criminal Procedure Code: ----------------------
As per Section 1 (2) of CrPC, the Code extends to the whole of India. ----------------------
Section 77 states that a warrant of arrest may be executed at any place in
India. ----------------------

Notes Section 78 provides for the procedure to be followed for execution of a
warrant outside jurisdiction.
----------------------
The law relating to extradition between independent states is based on
---------------------- treaties. But the law has operation - national as well as international. It governs
international relationships between sovereign states which are secured by
---------------------- treaty obligations. But whether an offender should be handed over pursuant to a
---------------------- requisition is determined by domestic law of the state on which the requisition
is made. Though extradition is granted in implementation of the international
---------------------- commitments of the state, the procedure to be followed by the courts in deciding,
whether extradition should be granted and on what terms, is determined by the
----------------------
municipal law. AIR 1969 SC 1171.
---------------------- The functions which the Courts in the two countries perform are therefore
---------------------- different. The court within whose jurisdiction the offence is committed decides
whether there is prima facie evidence on which a requisition may be made
---------------------- to another country for surrender of the offender. When the state to which the
requisition is made agrees consistently with its international commitments to
----------------------
lend its aid, the requisition is transmitted to Police authorities, and the courts of
---------------------- that country consider, according to their own laws, whether the offender should
be surrendered. AIR 1969 SC 1171.
----------------------
Jurisdiction under the Indian Penal Code
----------------------
The code extends to the whole of India and provides for punishment of
---------------------- offences committed within India.
---------------------- As per Section 3 of the IPC – Any person liable by any Indian Law to
be tried for an offence committed beyond India shall be dealt with according to
---------------------- this Code for any act committed beyond India in the same manner as if such act
had been committed within India.
----------------------
Section 4 of the IPC provides for extension of the code to extra-territorial
---------------------- offences.
---------------------- The provisions of this code apply to any offence committed by
---------------------- a) any citizen of India in any place without and beyond India
b) any person on any ship or aircraft registered in India wherever it may be.
----------------------
Special Jurisdiction
----------------------
Adjudicating Officer
----------------------
Adjudicating officers have been appointed under the act and has
---------------------- jurisdiction to try contravention of chapter IX of the Act. As per the Information
Technology Act, 2000 jurisdiction of the Civil Court stands ousted.
----------------------
Cyber Appellate Tribunal
----------------------
The Cyber Appellate Tribunal has been constituted to hear appeals from
---------------------- the order of the Adjudicating Officer.

Universal Jurisdiction Notes
Information Technology Act 2000
----------------------
Section 75 - to apply for offence or contravention committed outside India.
----------------------
The provisions of the Act shall also apply to any offence or contravention
committed outside India by any person irrespective of his nationality if the ----------------------
act or conduct constituting the offence or contravention involves a computer,
computer system or computer network located in India. ----------------------
Though India is not a signatory to the Cyber Crime Convention, the Act ----------------------
has adopted the principle of universal jurisdiction.
----------------------
----------------------
----------------------
1. IT Act, 2000 provides for criminal jurisdiction of courts.
2. Section 3 and 4 of IPC deals with extra-territorial jurisdiction of ----------------------
Indian courts. ----------------------
3. The Cyber Appellate Tribunal has been constituted to hear appeals
from the order of the Adjudicating Officer. ----------------------
4. India is a signatory to the Cyber Crime Convention; hence, the Act ----------------------
has adopted the principle of universal jurisdiction.
----------------------
----------------------
Summary
----------------------
●● Cyber Jurisdiction is the extension of principles of international
jurisdiction in cyberspace. As there are no geographical boundaries to ----------------------
transactions/actions on the internet be it civil or criminal issues relating
to multiple jurisdictions and procedural law are inevitable while dealing ----------------------
with disputes arising out of internet based transactions or cyber crimes.
----------------------
●● This unit broadly discusses principles of jurisdiction evolved in India as
well as the US in respect of both civil and criminal jurisdictions. The ----------------------
principles are found in various statutes such as CPC, Contract Act, CrPC,
----------------------
IPC and Information Technology Act 2000. The law is further evolved
through various decisions of the Supreme Court, few of which have been ----------------------
discussed hereinabove.
----------------------
Keywords ----------------------
●● CPC: Civil Procedure Code. ----------------------
●● CrPC: Code of Criminal Procedure.
----------------------
●● IPC: Indian Penal Code.
----------------------
●● SC: Supreme Court.

Notes
----------------------
1. Define the term jurisdiction. What is extra-territorial jurisdiction?
---------------------- 2. Are click wrap contracts enforceable? Are the terms binding on the user?
Discuss in detail with reference to relevant cases.
----------------------
3. Discuss the various principles of extra-territorial jurisdiction. Discuss the
---------------------- provisions of extra territorial jurisdiction under CrPC and IT Act 2000.
---------------------- 4. Discuss the various provisions relating to jurisdiction under the Civil
Procedure Code.
----------------------
5. “As per Civil P.C. (1908), S.20(c) when a Suit is on contract, in case of
---------------------- breach of contract, the dispute can be filed at place where it was made and
also at the place of performance as it is also a part of cause of action”.
---------------------- Discuss in the light of the case A.B.C. LAMINART Pvt. Ltd., and other
---------------------- Appellants vs. A.P. Agencies, Salem.
6. Discuss the concept of “choice of law” in detail.
----------------------
7. Discuss the US approach to personal jurisdiction.
----------------------
8. What is the special jurisdiction established under the IT Act 2000?
---------------------- 9. Discuss the case of International Shoe Company in detail.
---------------------- 10. Discuss the case of Bensusan Restaurant Corp. vs. King in detail.
----------------------
---------------------- Answers to Check your Progress

---------------------- i. –b
ii. –d
----------------------
iii. – a
----------------------
iv. – c
---------------------- 1. False
---------------------- 2. True
3. True
----------------------
4. False
----------------------
----------------------

Notes
Suggested Reading
----------------------
2. Mittal, D.P. Law of Information Technology. ----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------

Notes
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------

Case Studies
UNIT
12
Structure:
12.1 Dow Jones & Company Inc vs. Gutnick Case

12.2 Groff vs. America Online, Inc. Case
12.3 Yahoo! Inc. vs. Akash Arora Case
Summary
Keywords
Case Studies 199

Notes
Objectives
----------------------
• Explain the implications of the provisions of the cyber laws that you
----------------------
have learnt in the earlier units by studying real life cases
---------------------- • Interpret various provisions under cyber laws in light of the cases
discussed
----------------------
----------------------
12.1 DOW JONES & COMPANY INC VS. GUTNICK CASE
----------------------
[2002] HCA 56 (Austl.)
----------------------
Online publication of a defamatory article – Jurisdiction
----------------------
Barron’s Online is the online version of the Dow Jones Company’s print
---------------------- publication Barron’s. This publication was available to subscribers of wsj.
com Joseph Gutnick, an Australian resident of the State of Victoria instituted a
---------------------- suit for defamation against the Dow Jones Company for allegedly publishing
a defamatory article in its online publication Barron’s Online in the Victoria
----------------------
Court. Dow Jones challenged the suit on the point of jurisdiction contending
---------------------- that the State of Victoria has no jurisdiction to try and entertain the suit on the
following grounds –
----------------------
a) Barron’s Online was published in New Jersey.
---------------------- b) Location of the server hosting the website wsj.com was located in New
---------------------- Jersey.
Thus the court having jurisdiction would be that of New Jersey and the
---------------------- applicable law would be the New Jersey Law.
---------------------- The point under consideration before the Victoria Court was where the
article was deemed to be published.
----------------------
The Court held that – publication of a defamatory statement is a bilateral
---------------------- act in which the publisher makes it available and the third party has it available
for his or her comprehension. Thus the alleged defamatory article was published
----------------------
with respect of Joseph Gutnick’s cause of action, not when Dow Jones placed it
---------------------- on its hosting web server but only when the subscribers in Victoria accessed it.
The site recorded about 550,000 hits and several hundred downloads had taken
---------------------- place in Victoria by use of credit cards. For these reasons it was held that the
defamation occurred in Victoria. Thus it was held that the jurisdiction of the
----------------------
Victorian Court was legal and proper and applicability of the Victorian law of
---------------------- defamation legal and proper.
The court observed as follows on the policy arguments of Dow Jones
----------------------
company –
----------------------

a) Plaintiff can win damages only in location where he has a reputation Notes
which limits the choice of forum.
----------------------
b) A judgment for damages is enforceable only in a location in which the
defendant has reachable assets. ----------------------
c) Publishers can easily determine in advance which law will apply in
----------------------
defamation cases as identifying the person about whom material is to be
published will readily identify the defamation law to which that person ----------------------
may resort.
----------------------
It is settled law that publication is held to take place where the contents
of the publication, oral or spoken are seen and heard and comprehended by ----------------------
the reader or listener. Thus it has been rightly held in the present case that the
Victoria Court has jurisdiction as the downloading of the allegedly defamatory ----------------------
article from the internet was done in Victoria.
----------------------
12.2 GROFF VS. AMERICA ONLINE, INC. CASE ----------------------
1998 WL 307001 (R.I. SUPER. CT. 1998) ----------------------

Forum Selection Clauses in Click-Trap Contracts ----------------------
Some peculiar issues in respect of click wrap contracts ----------------------
With the emergence of the internet and e-commerce website, a new way
of contracting was introduced. In the physical world, a contract was concluded ----------------------
when the offer was accepted by the offered unconditionally and in compliance ----------------------
with the provisions of the Indian Contract. The mode of communication was
either direct/oral or through post and thus two rules governing the modes of ----------------------
acceptance also evolved which are popularly known as the postal rule and the
rule for instantaneous communication. In case of electronic contracts and more ----------------------
particularly online contracts, the offered can communicate his acceptance by ----------------------
clicking on the “I agree” or the “I accept button” Such contracts are known as
click wrap contracts. The meaning of this term “I agree” or “I accept” is that the ----------------------
user agrees to all the terms and conditions that govern the use and operation of
the website. Such web based contracts are also not negotiable as the user has ----------------------
little or no say in respect of the terms and conditions that govern the website. ----------------------
This raises a question as to the enforceability and legality of the terms and
conditions which have been forced down on the user unilaterally. One argument ----------------------
against such contracts could be that the consent of the use is not “free and
wilful” consent. ----------------------
Forum Selection ----------------------

As a website can be accessed from multiple geographical locations, it ----------------------
makes a good legal sense for the online service providers to limit their exposure
to one jurisdiction only. Defending lawsuits at multiple locations could be both ----------------------
expensive and frustrating. Thus the online service providers has no other choice
----------------------
but to subject themselves to only one set of forum and applicable laws only. The
user has no other choice, but to accept the service provider’s ‘terms of service’ ----------------------
Case Studies 201

Notes conditions by clicking on an on-screen button that says “I agree”, “I Accept” or
“Yes”.
----------------------
Both these issues have been dealt with in the following case:
---------------------- Groff vs. America Online, Inc.,
---------------------- The plaintiff was an individual from Rhode Iceland who subscribed to the
America Online Service. The Plaintiff sued the company in Rhode Iceland State
---------------------- Court, alleging violation of state consumer protection laws by the Company. The
process of becoming a member of AOL includes steps in which the applicant
----------------------
must assent to AOL’s terms of service by clicking an “I Agree” button. The
---------------------- terms of service “contains a forum-selection clause which expressly provides
that Virginia law and Virginia courts are the appropriate law and forum for the
---------------------- litigation between members and AOL.” AOL moved to dismiss this suit from
the Rhode Iceland Superior Court for want of jurisdiction on the ground that a
----------------------
forum-selection clause in the contract clearly stipulated that the suit be brought
---------------------- in Virginia, where AOL’s base of operation was located.
---------------------- The court dismissed the suit of the preliminary pint of jurisdiction.
The court held that the plaintiff expressly agreed to AOL’s terms of
---------------------- service online by the click of an “I Agree” button. The terms of service included
---------------------- a clause stating that jurisdiction lies to courts in Virginia only. AOL’s customers
must first click on “I Agree” button indicating assent to be bound by AOL’s
---------------------- terms of service before they can use the service. This button first appears on the
web page in which the user is offered a choice either to read, or simply agree
---------------------- to be bound by, AOL’s terms of service. It also appears at the foot of the terms
---------------------- of service, where the user is offered the choice of clicking either an “I Agree”
or “I Disagree” button, by which he accepts or rejects the terms of service. The
---------------------- court held that a valid contract existed, even if the plaintiff did not know of the
forum-selection clause:
----------------------
“Our Court …stated the general rule that the party who signs an instrument
---------------------- manifests his assent to it and cannot later complain that he did not read the
instrument or that he did not understand its contents. Here, plaintiff effectively
---------------------- “signed” the agreement by clicking “I Agree” button not once but twice. Under
---------------------- these circumstances, he should not be heard to complain that he did not see,
read, etc. and is bound to the terms of his agreement.”
----------------------
Citing Bremen vs. Zapata, the court considered whether the enforcement
---------------------- of the clause would be “unreasonable”. It did so by application of a nine-
factor test, including such criteria as the place of execution of the contract,
---------------------- public policy of the forum state, location of the parties and witnesses, relative
bargaining power of the parties, and “the conduct of the parties.” The court
----------------------
concluded that enforcement of the clause would not be unreasonable, and so
---------------------- dismissed the case.
Similarly, in Steven J. Caspi, et al. vs. Microsoft Network, L.L.C., et al,
----------------------
the user could not use the Microsoft Network unless she clicked the “I agree”
---------------------- button next to a scrollable window containing the terms of use. Each plaintiff

clicked the “I agree” button to use the Microsoft Network, including their Notes
assent to be bound by the terms of the subscriber agreement and thus forming a
valid license agreement. The Superior Court of New Jersey held that the forum ----------------------
selection clause in Microsoft Network subscriber agreement was enforceable
and valid. ----------------------
In the case of Groff vs. America Online, Inc., the court had also taken ----------------------
into consideration the “place of execution” of the online contract. It opined the
----------------------
place where the transaction has been performed appears to take place where
defendant’s mainframe is located (Virginia).” And not the place Rhode Island ----------------------
when the plaintiff clicked the “I agree” button.
----------------------
It thus can be concluded that the Courts have started taking into
consideration the location of computer network to ascertain where the cause of ----------------------
action for a suit arose in order to confer jurisdiction on a particular court.
----------------------
Thus Click Wrap contracts are enforceable contracts and cannot be set
aside at the instance of the user on the ground that he was not aware of the ----------------------
terms and conditions to which he has given his assent to provide the terms and
conditions were brought to his notice by some means. ----------------------
----------------------
12.3 YAHOO! INC. VS. AKASH ARORA CASE
----------------------
1999 PTC (19) 201
----------------------
In Yahoo! Inc. vs. Akash Arora; the defendant was restrained from using
the domain name “yahooindia.com” which had the format, content and colour ----------------------
scheme identical to the plaintiff’s “yahoo.com”. It was observed by Dr. M.K.
Sharma, J. of the Delhi High Court that “if an individual is a sophisticated ----------------------
user of the Internet, he may be an unsophisticated consumer of information and
----------------------
such a person may find his/her way to the different internet site which provides
almost similar type of information as that of the plaintiff and thereby confusion ----------------------
could be created in the mind of the said person who intends to visit the Internet
site of the plaintiff, but in fact reaches the Internet site of the defendant”. ----------------------
Further, The Delhi High Court rejected the argument that the provisions ----------------------
of the Indian Trademark Act would not be attracted to the use of the domain
trade name or domain name on the Internet. It held that although the word ----------------------
‘services’ may not find place in the expression used in sections 27 and 29 of the ----------------------
Act, services rendered have to be recognized for an action of passing off. That
is, the two marks/domain names “Yahoo!” of the plaintiffs and “yahooindia” of ----------------------
the defendants are almost similar excepting for the use of suffix ‘India’ in the
latter. ----------------------
Similarly, in Rediff Communication Ltd. vs. Cybertooth, wherein the ----------------------

plaintiffs filed the suit for a permanent injunction restraining the defendants
from using the mark/domain name “REDIFF” or any other similar name so as ----------------------
to pass off or enable others to pass off their business or goods or services as for ----------------------
the business or goods and services of the plaintiffs. Further, it was contended
by the defendants that the manner of watching for information on the Internet is ----------------------
Case Studies 203

Notes such that there is no likelihood of deception or confusion between www.rediff.
com and www.radiff.com; that the user of the Internet can never connect to a
---------------------- website by mistake. Besides, the users of the website are person skilled in the
use of computers and are educated people and thus there is no possibility of any
---------------------- confusion being made by an Internet user in the two names.
---------------------- A.P. Shah, J. of Bombay High Court observed, “the Internet domain names
are of importance and can be a valuable corporate asset. A domain name is more
----------------------
than an Internet address and is entitled to the equal protection as trademark.
---------------------- With the advancement and progress in the technology, the services rendered in
the Internet site have also come to be recognized and accepted and are being
---------------------- given protection so as to protect such provider of service from passing off the
services rendered by other as his services”.
----------------------
He concluded that “I am prima facie satisfied that the only object in
---------------------- adopting the domain name “RADIFF” was to trade upon the reputation of the
plaintiffs domain name……. once the intention to deceive is established, the
----------------------
court will not make further enquiry about likelihood of confusion. If it is found
---------------------- that the man’s object in doing that which he did was to deceive that he had an
intention to deceive the court will be very much more ready to infer that his
---------------------- object has been achieved, if the facts tend to show that is the case and to say that
his intention to deceive ripening into deceit gives ground for an injunction”.
----------------------
---------------------- Summary
---------------------- ●● All the aforesaid cases highlight the jurisdictional aspect when it comes to
dealing with online transaction and disputes arising therefrom. Jurisdiction
----------------------
is a very important and crucial area when it comes to online transactions
---------------------- and its implications on civil as well as criminal actions. Some well
established principles on the point of jurisdiction which have been laid
---------------------- down by precedents from a catena of decisions of various national and
international courts have been applied to transactions on the internet as
----------------------
we have seen from the cases discussed hereinabove. Though the internet
---------------------- and computer law is in its nascent stage and developing, some age old
principles still have application to the transactions carried out using this
---------------------- new and dynamic medium without much difficulty.
----------------------
Keywords
----------------------
●● Defamation: An intentional false communication – either published or
---------------------- publicly spoken.
---------------------- ●● Jurisdiction: Power of the Court to adjudicate a dispute.
●● Damages: A pecuniary compensation or indemnity, which may be
---------------------- recovered in the courts by any person who has suffered loss, detriment
---------------------- or injury.
●● Publication: To make public, to make known to people in general.
----------------------

Notes
----------------------
1. Discuss the law of defamation in India.
2. Define the term jurisdiction. ----------------------
3. Discuss the Yahoo Case in detail with reference to various provisions ----------------------
under the Trademark Act.
----------------------
4. Discuss the law relating to enforceability of click wrap contracts with
reference to various case laws in the subject. ----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
----------------------
Case Studies 205

Notes References
----------------------
A. Statutes
---------------------- 1. Information Technology Act, 2000
---------------------- 2. Constitution of India,
3. Indian Penal Code, 1860
----------------------
4. Indian Evidence Act, 1872
----------------------
B. Books
---------------------- 1. Singh, Yatindra. Cyber Laws.
2. Narayanan, Ajit and Bennum (ed.). Law, Computer Science and
----------------------
Artificial Intelligence.
---------------------- 3. Nandan, Kamath. Law relating to Computer, Internet and
E-Commerce.
----------------------
4. Ahmed, S.S. A Guide to Information Technology: Cyber Law and
---------------------- E-Commerce.
5. Lessing, Lawrence. Code and other Laws of cyberspace.
----------------------
6. MacDonald, Elizabeth and Diane Rowland. Information Technology
---------------------- Law.
7. Mittal, D.P. Law of Information Technology
----------------------
8. Vishwananthan, S.T. The Indian Cyber Law and Rules.
---------------------- 9. Collins, Matthew. The Law of Defamation and the Internet.
---------------------- 10. Caloyannides, Michael. Privacy Protection and Computer Forensics.
11. Sharma S.K. Encyclopedia of Cyber Laws and Crimes.
----------------------
12. Godwin, Mike. Cyber Rights Defencing free speech in the Digital
---------------------- Age.
13. Brennan, Linda and Victoria Johnson. Social, ethical and policy
---------------------- implication of Information Technology.
---------------------- 14. Singhal, Arvind and Everett Rogers. India’s Communication
Revolution: From Bullock Carts to Cyber Marts.
----------------------
---------------------- 16. Verma, Amita. Cyber Laws.
17. Cornish, W.R. Intellectual Property Law.
----------------------
18. Bainbridge, David. Software Copyright Law.
---------------------- 19. Dryer, Rodney. Intellectual Property and the Internet.
---------------------- 20. Unni, V.K. Trade Marks and the emerging concepts of Cyber
Property Rights.
----------------------
C. Webliography
---------------------- 1. http://mylibertatem.com/shreya-singhal-v-union-of-india-the-landmark-
sec-66a-case/
----------------------

IT Act (Cyber Context)

Uploaded by

Copyright:

Available Formats

You might also like

IT Act (Cyber Context)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IT Act (Cyber Context)

Uploaded by

Copyright:

Available Formats

IT ACT

(FOR PRIVATE CIRCULATION ONLY)

COURSE DESIGN AND REVIEW COMMITTEE

Published by Symbiosis Centre for Distance Learning (SCDL), Pune

Copyright © 2019 Symbiosis Open Education Society

Unit No. TITLE Page No.

Introduction to Cyber Laws 1

---------------------- 1.1 WHAT IS CYBER LAW

2 IT Act (Cyber Context)

Information, knowledge and data have become valuable corporate ----------------------

Introduction to Cyber Laws 3

---------------------- 1.2 UNCITRAL MODEL LAW

4 IT Act (Cyber Context)

Introduction to Cyber Laws 5

6 IT Act (Cyber Context)

Introduction to Cyber Laws 7

8 IT Act (Cyber Context)

Introduction to Cyber Laws 9

---------------------- Check your Progress 2

---------------------- 2. IT Act 2000 focuses on maintenance of electronic records.

10 IT Act (Cyber Context)

●● Authentication: A process by which the identity of a person is confirmed ----------------------

Introduction to Cyber Laws 11

12 IT Act (Cyber Context)

Check your Progress 1 ----------------------

Suggested Reading ----------------------

1. Singh, Yatindra. Cyber Laws. ----------------------

Introduction to Cyber Laws 13

14 IT Act (Cyber Context)

E-Commerce and E-Governance 15

16 IT Act (Cyber Context)

E-Commerce and E-Governance 17

---------------------- In order to understand law relating to electronic commerce transactions,

2. Click Wrap Contracts ----------------------

Section 13 of The IT Act, 2000 defines the time of dispatch of an ----------------------

E-Commerce and E-Governance 19

20 IT Act (Cyber Context)

In case of electronic communications or a website where it can be ----------------------

E-Commerce and E-Governance 21

---------------------- State True or False.

---------------------- 4. Place of contract is not essential to decide the jurisdiction of courts.

22 IT Act (Cyber Context)

c. Intention to adopt the content of the document. ----------------------

E-Commerce and E-Governance 23

24 IT Act (Cyber Context)

The three major objectives of a signature are - ----------------------

E-Commerce and E-Governance 25

---------------------- Fill in the blanks.

---------------------- 2.5 WHAT IS E-GOVERNANCE

---------------------- The purpose of implementing e-governance is to enhance good governance.

26 IT Act (Cyber Context)

E-Commerce and E-Governance 27

---------------------- ●● General Administration

28 IT Act (Cyber Context)

E-Commerce and E-Governance 29

---------------------- Fill in the blanks.

---------------------- Make a survey of development in rural areas of Maharashtra due to

30 IT Act (Cyber Context)