Offence under IT ACT (SECTIONS 65 – 78)

Section 65 - Tampering with computer source documents.–

 Whoever knowingly or intentionally conceals, destroys or alters or
 intentionally or knowingly causes another to conceal, destroy, or alter
 any computer source code used for a computer, computer programme,
 when the computer source code is required to be kept or maintained by law for the
time being in force,
Punishment - with imprisonment up to three years,
or with fine which may extend up to two lakh rupees,
or with both.

“Computer source code” means the listing of programmes, computer commands, design and
layout and programme analysis of computer resource in any form.

Syed Asifuddin vs. State of A.P. - In this case, the Tata Indicom employees were
arrested for manipulation of a programme into the cell phones which were exclusively
franchised to Reliance Infocom. These handsets were technologically locked so that it would
only work with the Reliance services. Court held that Tampering with source code invokes
Section 65 of the Information Technology Act.

_______________________________________________

Section 66 - Computer related offences. –

If any person, dishonestly or fraudulently, does any act referred to in section 43,
Punishment - may extend to three years or with fine extending to five lakh rupees or
with both.
 The difference between Section 66 and Section 43 is that act must have been done
dishonestly or fraudulently. Thus the essential ingredients are:-
a) Unauthorised access to a computer resource.
b) Dishonest or fraudulent intent
 It involves an invasion of right and diminution of the value or utility of one‟s
information residing in a computer resource.
It is the essence – accused must cause destruction, damage, disruption, denial,
deletion, concealment, tampering, stealing or alteration of information residing in a computer
resource.

_______________________________________________

Section 66A. Punishment for sending offensive messages through communication

service, etc.–
Any person who sends, by means of a computer resource or a communication device,–
(a) any information that is grossly offensive or has menacing character; or
(b) any information which he knows to be false, but for the purpose of causing
annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation,
enmity, hatred or ill will, persistently by making use of such computer resource or a
communication device;
(c) any electronic mail or electronic mail message for the purpose of causing
annoyance or inconvenience or to deceive or to mislead the addressee or recipient
about the origin of such messages,
Punishment - extend to three years and with fine.

The legislative intent behind adding Section 66 A was to curb the sending of offensive
messages by means of computer which has the potential of causing annoyance,
inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill
will.
Inserted by the IT Amendment Act 2008, but declared unconstitutional and void in Feb 2016
by the Apex Court of India in Shreya Singhal v. Union of India. It was struck down in its
entirety being violative of Article 19 (1) (a) and not saved under Article 19 (2). Finally,
upholding freedom of expression. The public‟s right to know was being directly affected.

The following kinds of information were covered under Section 66A:-

 1. If you swear or abuse somebody, the swear words could be said to be grossly
offensive. The same could also be said to be having menacing character and your act
could come within the ambit of Section 66A(a) of the amended Indian Information
Technology Act, 2000.
2. Anything defamatory which affects the character, reputation, standing or goodwill of a
person could also be deemed to be grossly offensive.
3. Making false allegations against the character of a person or character assassination
could also qualify as grossly offensive and having menacing character.
4. Using insulting words or symbols which are obscene, could also qualify as grossly
offensive and having menacing character.
5. The first petition came up in the court following the arrest of two girls in Maharashtra
by Thane Police in November 2012 over a Facebook post. The girls had made
comments on the shutdown of Mumbai for the funeral of Shiv Sena chief Bal
Thackeray. The arrests triggered outrage from all quarters over the manner in which
the cyber law was used.
6. Aseem Trivedi, Mumbai was a Free speech campaigner. He was arrested by Mumbai
police for displaying cartoons on his website and Facebook page that mocked
parliament and corruption in high places. The caricatures were shared on other social
media. He was charged with sedition under section 124 A of the Indian Penal Code,
the Prevention of Insults to National Honour Act and section 66(A) of the IT Act.

_______________________________________________

Section 66B. Punishment for dishonestly receiving stolen computer resource or

communication device.–
Whoever dishonestly receive or retains
any stolen computer or communication device
knowing or having reason to believe the same to be stolen
Punishment - may extend to three years or with fine which may extend to rupees one lakh or
with both.
For example – Mr. A, has purchased a stolen cell phone or a computer worth Rs.50,000/- for
2000 where he knows that it is stolen property. he is liable under Section 66B.

_______________________________________________
Section 66C and 66D - identity theft.
Section 66E - Violation of privacy.
Section 66F - Cyber terrorism.
Section 67, 67A and 67B for cyber Stalking, obscenity, Defamation, Child Pornography.

_______________________________________________

Section 67C. Preservation and retention of information by intermediaries.–

Intermediary any person who on behalf of another person receives, stores or transmits that
record or provides any service with respect to that record, it includes telecom service
providers, network service providers, internet service providers, web-hosting service
providers, search engines, online payment sites, online-auction sites, online-market places
and cyber cafes.
Intermediary is obliged to preserve and retain such information as may be specified for
such duration and in such manner and format as the Central Government may prescribe. Any
intermediary who intentionally or knowingly contravenes this
Punishment - may extend to three years and also be liable to fine.
_______________________________________________

Section 68. Power of Controller to give directions.–

 The Controller may, by order,
 direct a Certifying Authority or any employee of such Authority
 to take such measures or cease carrying on such activities as specified in the order,
 if those are necessary to ensure compliance with the provisions of this Act, rules or
any regulations made thereunder.
It is obligatory under the Provisions of section 18 – 26, 28, 29 and 44 of the Act to comply
with the directions of the controller.
Punishment - Any person who intentionally or knowingly fails to comply with any order
under, shall be guilty of an offence and shall be liable on conviction to imprisonment for a
term not exceeding two years or a fine not exceeding one lakh rupees or with both.

The offence under this section is cognizable and non-bailable one.

It is important to note that „Mens rea‟ is not required to make a person liable under Section
68 (2).

_______________________________________________

Section 69. Power to issue directions for interception or monitoring or decryption of

any information through any computer resource.–
Where the Central Government or a State Government or any of its officers specially
authorised by the Central Government or the State Government, as the case may be, in this
behalf may, if satisfied that it is necessary or expedient so to do, in the interest of
 the sovereignty or integrity of India,
 defence of India,
 security of the State,
 friendly relations with foreign States or
 public order or
 for preventing incitement to the commission of any cognizable offence relating to
above or
 for investigation of any offence.
- it may for reasons to be recorded in writing, by order, direct any agency of the appropriate
Government to
 intercept,
 monitor or
 decrypt or
 cause to be intercepted or monitored or decrypted
any information generated, transmitted, received or stored in any computer resource.
 The procedure and safeguards subject to which such interception or monitoring or
decryption may be carried out, shall be such as may be prescribed.
The subscriber or intermediary or any person in-charge of the computer resource shall,
when called upon by any agency extend all facilities and technical assistance to–
 provide access to or secure access to the computer resource generating,
transmitting, receiving or storing such information; or
 intercept, monitor, or decrypt the information, as the case may be; or
 provide information stored in computer resource.
Punishment - may extend to seven years and shall also be liable to fine.

_______________________________________________

Section 69A - Power to issue directions for blocking for public access of any
information through any computer resource.–
Where the Central Government or any of its officers specially authorised by it in this behalf
is satisfied that it is necessary or expedient so to do,
 in the interest of sovereignty and integrity of India,
 defence of India,
 security of the State,
 friendly relations with foreign States or
 public order or
 for preventing incitement to the commission of any cognizable offence relating
to above,
It may for reasons to be recorded in writing, by order, direct any agency of the
Government or intermediary to block for access by the public or cause to be blocked for
access by the public any information generated, transmitted, received, stored or hosted in any
computer resource.
The intermediary who fails to comply with the direction issued shall be punished with
an imprisonment for a term which may extend to seven years and also be liable to fine.
_______________________________________________
Section 69B - Power to authorise to monitor and collect traffic data or information
through any computer resource for cyber security.–
The Central Government may, to enhance cyber security and
 For identification,
 analysis and
 prevention of intrusion or
 spread of computer contaminant in the country,
by notification in the Official Gazette, authorise any agency of the Government to monitor
and collect traffic data or information generated, transmitted, received or stored in any
computer resource.
The intermediary or any person in-charge or the computer resource shall, provide
technical assistance and extend all facilities to such agency to enable online access or to
secure and provide online access to the computer resource generating, transmitting, receiving
or storing such traffic data or information.

Punishment - intentionally or knowingly contravenes shall be punished with an

imprisonment for a term which any extend to three years and shall also be liable to fine.

“Traffic data” means any data identifying any person, computer or location to or from which
the communication is or may be transmitted and includes communications origin,
destination, route, time, data, size, duration or type of underlying service and any other
information.

_______________________________________________

Section 70. Protected system –

The appropriate Government may, by notification in the Official Gazette, declare any
computer resource which directly or indirectly affects the facility of Critical Information
Infrastructure, to be a protected system.
“Critical Information Infrastructure” means the computer the incapacitation or
destruction of which, shall have an impact on national security, economy, public health or
safety.
 The appropriate Government may, by order in writing, authorise the persons who are
authorised to access protected systems notified under sub-section
Any person who secures access or attempts to secure access to a protected system in
contravention of the provisions of this section shall be punished with imprisonment of either
description for a term which may extend to ten years and shall also be liable to fine.
The central government has designated the National Critical Information Infrastructure
Protection Centre (NCIIPC) an organization to define and identify a comprehensive
framework for ensuring the effectiveness of the information security controls.
Few authorised personal under section 70 are :-
• Designated UIDAI officers and support staff.
• UIDAI authorised team members
• UIDAI third party vendors and its partners.

In Shankar vs. State police had registered a case in Cyber Crime Cell Crime under Section
5 of the Official Secrets Act, Section 43 and 66 of the Information Technology Act, Sections
378, 379, 463, 465, 470, 471 and 5050 of IPC on the basis of the complaint lodged by an
IAS officer.
Accused having taken advantage of the absence of Legal Advisor, unauthorisedly
accessed into the computer system of Legal Advisor and downloaded the transcript of the
telephonic conversation. He caused it to be publication in newspapers and telecast on TV.
Thus diminished the value of information, utility and affected it injuriously by means of
securing access and downloaded the information, which was recorded and saved for the
purpose of exclusive possession and use by one of the witness. He was held responsible for
the access and the leak of the telephonic conversation. Accused was held liable under
Section 66 and 70 of the IT Act.

_______________________________________________

Section 70B - Indian Computer Emergency Response Team (CERT – IN) to serve as
national agency for incident response.–
The Central Government shall, by notification in the Official Gazette, appoint an
agency of the Government to be called the Indian Computer Emergency Response Team.
The agency shall have a Director General and such other officers and employees as may be
prescribed. The Indian Computer Emergency Response Team shall serve as the national
agency for performing the following functions in the area of cyber security,–
1. collection, analysis and dissemination of information on cyber incidents;
2. forecast and alerts of cyber security incidents;
3. emergency measures for handling cyber security incidents;
4. coordination of cyber incidents response activities;
5. issue guidelines, advisories, vulnerability notes and white papers relating to
information security practices, procedures, prevention, response and reporting
of cyber incidents;
6. such other functions relating to cyber security as may be prescribed.

For carrying out its function the agency may call for information and give direction to the
service providers, intermediaries, data centres, body corporate and any other person.

Punishment – who fails to provide information will be liable for imprisonment extending to
one year or with fine which may extend to one lakh rupees or with both.

No court shall take cognizance of any offence under this section, except on a
complaint made by an officer authorised in this behalf by the agency.

CERT – IN is a national focal point for gathering information on threats and

facilitating response to computer based incidents. Its key role is to institutionalise „cyber
security‟

_______________________________________________

Section 71. Penalty for misrepresentation.–

Whoever makes any misrepresentation to, or suppresses any material fact from the
Controller or the Certifying Authority for obtaining any licence or electronic signature
Certificate – shall be punished with imprisonment for a term which may extend to two
years, or with fine which may extend to one lakh rupees, or with both.
The liability of the licensed certifying authority is towards the controller is under Sections
21and 22. And that of the subscriber towards the certifying authority under section 35.

_______________________________________________

Section 72. Penalty for Breach of confidentiality and privacy.–

 If any person who, in pursuance of any of the powers conferred under this Act, rules
or regulations made thereunder,
 has secured access to any electronic record, book, register, correspondence,
information, document or other material
 without the consent of the person concerned,
 discloses such electronic record, book, register, correspondence, information,
document or other material to any other person
- shall be punished with imprisonment for a term which may extend to two years, or
with fine which may extend to one lakh rupees, or with both.
The said section has a limited application only it confines itself to the acts and omissions
of the person conferred powers under this act only. The idea behind this section to that a
person should not take unfair advantage of the secured access, by disclosing it to the third
party. An obligation of confidence arises between the data collector/ controller.
_______________________________________________

Section 72A. Punishment for disclosure of information in breach of lawful contract.–

 Any person including an intermediary who,
 while providing services under the terms of lawful contract,
 has secured access to any material containing personal information about another
person,
 with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful
gain
 discloses, without the consent of the person concerned, or in breach of a lawful
contract,
 such material to any other person,
 - shall be punished with imprisonment for a term which may extend to three years, or
with fine which may extend to five lakh rupees, or with both.

It is a kind of data protection measure, wherein a service provider who has secured access
to any material containing personal information about a person discloses such information
without the consent of the person.

The term personal information has not been defined. There is onus on the service
providers to maintain privacy of the users/ registrants.
The concept of confidentiality under Section 72 and 72A should be read along with the
Article 19(2) on right to freedom of speech and expression and Article 21.

_______________________________________________

Section 73. Penalty for publishing electronic signature Certificate false in certain
particulars.–
No person shall publish a ESC or otherwise make it available to any other person with the
knowledge that–
 the Certifying Authority listed in the certificate has not issued it; or
 the subscriber listed in the certificate has not accepted it; or
 the certificate has been revoked or suspended,
unless such publication is for the purpose of verifying an electronic signature created prior to
such suspension or revocation.

Punishment - Who contravenes the provisions – imprison extend to two years, or with fine
which may extend to one lakh rupees, or with both.
There should be prior knowledge of the fact and there should be publication or
transmission of the ESC.

_______________________________________________

Section 74. Publication for fraudulent purpose.–

Whoever knowingly creates, publishes or otherwise makes available a ESC for any
fraudulent or unlawful purpose shall be punished with imprisonment for a term which may
extend to two years, or with fine which may extend to one lakh rupees, or with both.
The basic difference between Section 73 and 74 is that section 73 provides punishment
for publishing ESC false in certain particulars whereas Section 74 provides penalty for
publishing ESC for fraudulent purposes. However, penalty for both the offences is same.
An ESC is an important instrument. It creates a binding linkage between the CA and
subscriber. Onus is on both. An ESC is a digital identity of a subscriber in the digital
medium.

_______________________________________________

Section 75. Act to apply for offence or contravention committed outside India.–
This Act shall apply to an offence or contravention committed outside India by any person if
the act or conduct constituting the offence or contravention involves a computer, computer
system or computer network located in India.
The provisions of this Act shall apply to any person, irrespective of his nationality.
The act has adopted the principle of universal jurisdiction to over both cyber
contravention and cyber offences.
An Indian visiting pornographic website based in foreign land would not be liable
under Section 67 but where a website based in foreign land sends lascivious material to a
person in Indian then sender would be liable under section 67 as computer system in India is
being affected. And the Indian watching such content would be liable under section 292 IPC.

_______________________________________________

Section 76. Confiscation.–

Any computer, floppies, compact disks, tape drives or any other accessories related thereto,
in respect of which any provision of this Act, rules, orders or regulations made thereunder
has been or is being contravened, shall be liable to confiscation:
Provided that where it is established to the satisfaction of the court adjudicating the
confiscation that the person in whose possession, power or control of any such computer,
computer system, floppies, compact disks, tape drives or any other accessories relating
thereto is found is not responsible for the contravention of the provisions of this Act, rules,
orders or regulations made thereunder, the court may, instead of making an order for
confiscation of such computer, computer system, floppies, compact disks, tape drives or any
other accessories related thereto, make such other order authorised by this Act against the
person contravening of the provisions of this Act, rules, orders or regulations made
thereunder as it may think fit.

Dictionary meaning of confiscation is to “take or seize property with authority”. Only

the court adjudicating the confiscation can give orders regarding such confiscation. In order
to maintain the spirit of this section, any process of confiscation should be immediate. Any
delay in confiscation may result in deletion, tampering or modification of electronic
evidence.

_______________________________________________

Section 77. Compensation, penalties or confiscation not to interfere with other

punishment.–
Aforesaid section lays down a mandatory condition that any adjudication process
resulting in award of compensation, imposition of penalty or confiscation under this Act
shall not interfere with the other punishments under any other law for the time being in force.

_______________________________________________

Section 77A. Compounding of offences.–

A court of competent jurisdiction may compound offences. Except these :-
 offences for which the punishment for life or
 imprisonment for a term exceeding three years has been provided,
 by reason of his previous conviction, liable to either enhanced punishment or to a
punishment of a different kind
 any offence affects the socio economic conditions of the country or has been
committed against a child below the age of 18 years or a woman.
The person accused of an offence under this Act may file an application for compounding in
the court in which offence is pending for trial and the provisions of sections 265B and 265C
of the Code of Criminal Procedure, 1973 (2 of 1974) shall apply.

_______________________________________________

Section 77B. Offences with three years imprisonment to be bailable.–

Such offences shall also be cognizable This section is in sync with the CrPC, 1973.

_______________________________________________

Section 78. Power to investigate offences.–

Notwithstanding anything contained in the Code of Criminal Procedure, 1973 (2 of 1974), a
police officer not below the rank of Inspector shall investigate any offence under this Act.

_______________________________________________________