CONTENTS

Certificate

Acknowledgement

Table of Cases

Chapter - I Introduction

Chapter – II Concept of cyber crime and its legal regulation

(A) Concept & classification of cyber crime Legal Regulation of cyber crime
Provisions Ancillary to Cyber Contraventions Chapter - III Punishment and Prevention
to Cyber Crime

(A) Punishment of Cyber Crime Prevention to Cyber Crime

Chapter - IV Jurisdiction on Cyber Space

(A) Private Defence on Cyber Space

(B) Cyber Terrorism

Chapter - V Conclusion & Suggestion

Bibliography

1
 Table of Cases

S. Cases
No
1 Air force Bal Bharti School Case, New Delhi
2 Bombay Swiss Couple Case
3 Solcedo’s Case
4 Swati Case
5 Pune City Bank Fraud Case
6 Yahoo Inc. V. Akash Arora
7 Rediff Communication limited V. Cyber booth and
Ramesh Nahata
8 Bazee.com Case
9 In United States V. Rice
10 In United States V. Morris
11 Bhim Sen Garg V. State of Raj
12 Regina V. Hicklin
13 Rath V. United States
14 Miller V. California
15 Ranjit Udeshi V. State of Maharashtra
16 Chandrakant Kalyandas Kakodar V. State of
Maharashtra
17 United States V. Thoms
18 Dr. Prakash V. State of T.N
19 Avinash Bajaj V. State of Delhi
20 State of Tamil Nadu V. Suhas Katti
21 Kharak Singh V. State of U.P
22 Hill V. National Collegiate Athletic Association
(v)

2
23 Reno V. Aclu

24 State of Punjab and others V. M/S Amritsar Beverages Ltd.

And others
25 P.R. Transport Agency V. Union of India and others

26 Bharat Cooking Cool Ltd.

27 Fatima Riswana V. State Represented by ACP Chennai and

others
28 State of Punjab V. Gurmit Singh

29 United States V. Kufrovich

30 Kirloskar Disal Reconstruction (P)Ltd. V. Kirloskar

Proprietary Ltd.
31 Rediff Communication Ltd V. Cyber booth & other

32 Erven Warinick V. Townend

33 Tata & Sons V. A.K.Choudhary

34 Satyam Infoway Ltd. V. M/s Sifynet Solutions Pvt.Ltd.

35 Himalaya Drug Co. V. Sumitt

36 Dalgit Titus Advocate and others V. Alfred A.Adevare and

others
37 Marks and Spencer PLC V. One in Million

38 American Civil Liberties Union V. Reno

39 Bennett Coleman & Co. Ltd. V. Long Distance Telephone

Company
40 Diebold Systems Private Ltd. V. Commissioner of
Commercial Taxes
41 Firoz V. State of Kerala

42 Easely McCaleb and Associates Inc. V. Perry

43 Euegne J. Strasser V. Bose Yalamanchi

44 M/s Sytam Infoway Ltd. V. Sifynet Solutions (Pvt.)Ltd

45 State of Maharashtra V. Praful B.Desai

3
 CHAPTER-I

INTRODUCTION

INTRODUCTION
Cybercrime refers to crimes committed over the internet in which the perpetrator, hidden by the
curtain of a computer screen, is not required to make personal contact with another person and
may not always disclose their name. In a cyber-crime, the computer or the data is the target, the
goal of the offence, or a tool used to commit another offence by providing the necessary inputs.
Cyber law is the law governing computer and the Internet Technology. It does not need stating
that new communication systems and digital technology have made dramatic changes in our life
styles. In today's highly digitalized world almost everyone is affected. A revolution is being
witnessed in the way people are transacting. Almost all transactions in shares are in demat form.
Cybercrime in a broader sense includes all computer related crimes and consists of any illegal
behaviour committed by means of, or in relation to, a computer system or network, including
such crimes as illegal possession and offering or distributing information by means of a
computer system or network. In the Indian context, cybercrime may be defined as a voluntary
and willful act or omission that adversely affects a person or property or a person's computer
systems and made punishable under the Information Technology Act, 2000 1 or liable to penal
consequences under the Indian Penal Code. It must be stated that cybercrimes may also involve
conventional criminal activities like theft, fraud, forgery, mischief, defamation etc., all of which
are subject to punishment under the Indian Penal Code.
Besides, the abuse of computer, computer system or internet has given rise to a number of new
crimes which were unknown prior to the emergence of computer technology, but are made
punishable under the Information Technology Act, 2000. The report of the United Nations
International Review of Criminal Policy on Prevention and Control of Computer Crime stated
that more than 50 per cent of the websites in United States, Canada and European countries have
experienced breach of security and threats of cyber terrorism which threw a serious challenge
before the law enforcement agencies2. A new trend that has developed in recent years is that the
militants are going for terror training. The internet has become a key teaching-tool for militants

1
The Act was assented to by the President of India on June 9,2000.
2
Available at https://www.unodc.org/pdf/Manual_ComputerRelatedCrime.PDF visited on June 7, 2023.

4
who are using it to educate recruits in cyber terrorists' training camps.
Gabriel Weimann, an internet and security expert while addressing the internet security
personnel said that websites and chat rooms used by militant Islamic Groups like Al-Qaida are
not only used for dissemination of propaganda, but also for terrorist education. He said, "Al-
Qaida has launched a practical website that shows how to use weapons, how to carry out a
kidnapping and how to use fertilizers to make a bomb”3. Attack on Parliament on December 13,
2001, is yet another glaring instance indicating how computer networks are being misused for
destructive activities by the anti-nationals.
The Bureau of Police Research & Development (B.P.R. & D.), Hyderabad, on analysing and
retrieving information from the laptop recovered from' the two terrorists who attacked
Parliament, sent to the Computer Forensic Division experts of the B.P.R. & D. Delhi. It was the
laptop which contained several evidences that confirmed the motives of the two terrorists,
namely, the sticker of the Ministry of Home that they had made on the laptop and pasted on their
Ambassador car to gain an entry into the Parliament House and the fake ID-card that one of
them was carrying with the Government of India emblem and seal. The emblems of three lions
were carefully scanned and the seal was craftly made alongwith the fake residential addresses of
Jammu and Kashmir. The detective forensic investigation showed that they were all forged and
scanned from the laptop of the accused.
The primary source of cyber law in India is the Information Technology Act, 2000 (IT Act)
which came into force on 17 October 2000 The primary purpose of the Act is to provide legal
recognition to electronic commerce and to facilitate filing of electronic records with the
Government. The IT Act also penalizes various cyber crimes and provides strict punishments
(imprisonment terms upto 10 years and compensation up to Rs 1 crore). Minor errors in the Act
were rectified by the Information Technology (Removal of Difficulties) Order, 2002 4 which was
passed on 19 September 2002.
With the march of time and advance of technology the problem of cybercrime is touching
alarming dimensions and therefore, calls for concerted action to evolve a universal regulatory
mechanism for the prevention and control of these crimes. In the Indian setting, there is need to
inculcate information consciousness among the Indian citizens. Though the Information
Technology Act, 2000 as amended in 2008, has reasonably succeeded in providing relief to
computer owners/users by extending the reach of law to almost all the online criminal activities
3
Available at https://www.reuters.com/article/idUSL21229852 visited on June 7,2023.
4
This order come into force at once.

5
and increasing awareness among the people, but it is not a foolproof law as yet since it was
primarily enacted for the promotion of e-commerce to meet the needs of globalisation and
liberalisation of economy.
The Act still suffers from certain lacunae as it does not provide adequate security against
webtransactions nor does it contain adequate provisions to prevent securities fraud, stock
confidentiality in the internet trading although the Securities Exchange Board of India (SEBI)
has notified that trading of securities on internet is legally recognised and valid. The
comprehensive legislation brought out in the form of Information Technology (Amendment)
Act, 2008 will certainly enable cracking down on crimes against information technology and
cyber frauds which are often committed by the business processing outsourcing (BPO) agencies
operating in the country. It will also help in preventing data theft by call center employees. The
amendment Act has provided a legal framework for crimes like video voyeurism, e-commerce
frauds, fraudulent impersonation called 'phishing', identity theft etc.
An Executive Order dated 12 September 2002 contained instructions relating provisions of the
Act in regard to protected systems and application for the issue of a Digital Signature Certificate.
On the same day, the Information Technology (Certifying Authorities) Rules, 2000 5 also came
into force. These rules prescribe the eligibility, appointment and working of Certifying
Authorities (CA). These rules also lay down the technical standards, procedures and security
methods to be used by a CA. These rules were amended in 2003, 2004 and 2006.The dark clouds
of stealth and in cognition engulf cyber terrorism, which is the newest face of terror and it is said
that a new breed of terrorism is on the rise.
The term implies two elements cyber and terrorism. Both of these are regarded as the two great
fears of the late 20th century. Both imply fear of the unknown. Fear of random, violent
victimization segues well with the distrust and outright fear of computer technology.169
Terrorism has entrenched humanity and going hand in hand with technology, it is spawning the
deadliest threat to the society. Cyber terrorism is a term esoteric, complex and difficult to
circumscribe within the four corners of a definition, which will be universally acceptable. While
the word "cyber" relates to cybernetics, which is our tool of trade, "terrorism" denotes an act of
violence. The ambiguity in the definition of the term cyber terrorism brings indistinctness in
action as Dorothy Denning points out, "An e-mail may be considered hacktivism by some and
cyber terrorism by others".

5
These Rules became effective from October 17, 2000

6
In order to evolve right standards and practices in the emerging area of cyberspace crime
adjudication, the three phased e-judiciary framework as proposed under the National Policy And
Action Plan For Implementation Of Informaiton And Communication Technology In The Indian
Judiciary6must be completed within the prescribed time limit latest by the year ending 2010, so
as to ensure speedy disposal cybercrime cases. The national e-Court project started in July, 2007
for the creation of e-judiciary and e-governance grid covering India's entire judicial system
would certainly ensure transparency, speed and fairness in the adjudication of cybercrime cases.
It would reduce work-load of the courts and ensure speedy disposal of cases as also eliminate
problems associated with paper based records such as their collection, maintenance, retention
etc. It is much easier to retain and retrieve electronic record. The courts in India, have already
adopted the system of videoconferencing for recording evidence of witnesses or under trial
prisoners etc. at the district level, which has reduced the security risk of the prisoners escaping
during transportation and has helped in saving the valuable time of the courts. Further expansion
of the video-conferencing in subordinate courts needs to be accelerated.
Whenever we talk about cyber-crime we can make out that it’s something related to a wrong
done were a computer system is insolvents. The term 'cyber-crime' is a wrongly applied name.
This term has nowhere been defined in any statute/ Act passed or enacted by the Indian
Parliament. The concept of cyber-crime is not radically different from the concept of
conventional crime. Both include conduct whether act or omission which cause breach of rules
of law and counter balanced by the sanction of the state. Though cyber-crimes is a new breed of
crimes which came into being just after the advent of the computers and the scenario has become
more worse with the influence of internet in our day to day life.
Conventional Crime :- Crime is a social and economic phenomenon and is as old as the human
society. Crime is a legal concept and has the selection of the Law. Crime or an offence is "A
legal wrong that can be followed by criminal proceeding which may result in to punishment."
The hallmark of criminality is that it is breach of the criminal law as per Lord Atkin, "The
criminal quality of an act can not be discovered by reference to any standard but one is the act
prohibited with penal consequences." A crime may be said to be any conduct accompanied by
act or omission prohibited by law and consequential breach of which is visited by penal
consequences.
Cyber Crime :- Cyber-crime is the latest and perhaps the most complicated problem in the

6
Available at https://main.sci.gov.in/pdf/ecommittee/action-plan-ecourt.pdf visited on 6 June 2023.

7
cyber world. "Cyber-crime may be said to be those species of which genus is the conventional
crime and where either the computer is an object or subject of the conduct constituting
crime.7Any criminal activity that uses a computer either as an instrumentality target or means for
perpetuating further crime comes with in the ambit of cyber-crime. A generalized definition of
cyber-crime may be "Unlawful acts where in the computer is either a tool or target or both."The
Computer may be used as a tool in the following kids of activity- financial crimes, sale of illegal
articles, pornography, online gambling, intellectual property crime, Email Spoofing, forgery,
cyber defamation, cyber stalking.
Before proceeding with the classification of cyber-crimes, it would be pertinent to deal with
various computer attacks that may result in network intrusion, which poses a serious threat to the
network security. Subsequently, Cyber Police Cells were also set up in the metropolitan cities
for handling cybercrimes. These cells are manned by specially qualified and trained police
officials assisted by computer experts as and when required for the investigation of cyber-
crimes. But most States have no special police cyber cells and the cybercrimes are being handled
by the general police. It is therefore, suggested that it should be mandatory for each State to set
up atleast one Special Cyber Crime Police Station well equipped with electronic technology and
computer trained staff where complaints relating to cybercrime could be launched online so that
hi-tech cybercrimes could be investigated efficiently and expeditiously.
It has been generally observed that the perpetrators of cyber-crime usually exploit the
weaknesses inherent in the computer which is being used or attacked. Therefore, some special
security measures may be adopted to prevent unauthorised use of the computer systems. It is
often alleged that the domestic laws controlling computer security are mostly directed to
safeguard national safety, security and integrity rather than providing adequate protection to
computer users, whether they are individuals or corporate entities. Therefore, the criminal laws
of various countries including cyber law should be universalised so as to extend adequate
protection to citizens, institutions, organisations, government and nongovernment agencies and
society as a whole against the menace of cyber-crime.
PROBLEM PROFILE
Here the problem profile primarily focuses on the various essential issues that are related to the
existence of the law and its norms and the assessment of these regulations being followed or not.
This also works on the weak points and loopholes of these rules or set of rules and regulations if

7
Available at https://www.naavi.org/pati/pati_cybercrimes_dec03.htm visited on 9 June 2023.

8
any. The basic and most essential is that whether there is an existence of conceptual clarity and
coherence with regard to the proper prosecution functions or not?In India, does the law
adequately address the role of the Public Prosecutor in the Criminal Justice System or the
Prosecutor isn’t liberal enough to prevail the features of the Indian law? This also works on that
whether the person holding the post has discretionary powers that legitimately belong to Public
Prosecutors or it there are some gaps and restrictions between it? Another question is that whether
there are rewards and punishments for the work of the Prosecutors that would aloof or motivate
for his actions and processing which would somehow balance the decorum or the working of the
law in a proper way? This would also work on that whether law makers declared the prosecution
policies to guide and orient the Public Prosecutors in some way or not?
Apart from that the biggest problem is that does the Public Prosecutors have an access to the
required infrastructure or there are some kind of limitations for the Prosecutor? As a developing
process there is a big concern about those dos these Prosecutors get any kind of training
programmers for them and their development and amendment as a better and professionals? the
most important and prime problematic concern is that is there any kind of legal mechanism that
would abridge and help to coordinate police and prosecutorsin any ways or not ?Finally that
who is the prosecutor's client?
LITERATURE REVIEW
In “An Empirical Study of Cybercrime and Its Preventions”8 author describes the
dependency of human on technology which leads to the cyber-crime. In this modern era of
technology, the world is heavily dependent on technology no matter where one goes. Due to our
heavy dependency on technology criminals have taken this advantage for their benefit.
Cybercrime is quickly becoming one of the fastest rising forms of modern crimes. Cybercrime
are well known for the downfall of so many companies, organizations and personal identities.
The main intent of this paper is to define cybercrime, various types of cybercriminals and
cybercrime affecting the world and its prevention. This paper will also analyse statistical data on
various types of cybercrime and its growth in last few years.
Author in “Cybercrime in India: Laws, Regulations, and Enforcement Mechanisms”
9
defines cybercrime involves the use of computers or computer network to commit criminal
8
S Batra,M Gupta, J Singh ,D Srivastava,I Aggarwal, An Empirical Study of Cybercrime and Its Preventions, In
2020 Sixth International Conference on Parallel, Distributed and Grid Computing (PDGC) 2020 Nov 6 (pp. 42-46).
IEEE.
9
S Kethineni , Cybercrime in India: Laws, Regulations, and Enforcement Mechanisms in The Palgrave Handbook
of International Cybercrime and Cyber deviance.( Springer, 2020)

9
activity. Cybercrime is not unique to India. As the country has experienced technological
innovation in the last two decades, the use and misuse of the Internet also spread across the
country. As of 2016, India is globally ranked third for “malicious activity,” whereas China and
the United States have taken the first and the second place, respectively (Mallapur 2016). Also,
the number of Internet users in India has reached over 330 million in 2017 and projected to grow
to about 512 million in 2022 (Statista 2019). With these growing trends, the country has
witnessed an increase in cybercrimes such as phishing, introducing malicious codes, identity
theft, bank fraud, transmission of sexually explicit materials, cyberstalking, and cyberbullying.
In “Indian government initiatives on cyber bullying: A case study on cyber bullying in
Indian higher education institutions”10 states that in the digitally empowered society,
increased internet utilization leads to potential harm to the youth through cyber bullying on
various social networking platforms. The cyber bullying stats keep on rising each year, leading
to detrimental consequences. In response to this online threat, the Indian Government launched
different help lines, especially for the children and women who need assistance, various
complaint boxes, cyber cells, and made strict legal provisions to curb online offenses. This
research evaluates the relevant initiatives. Additionally, a survey is conducted to get insights into
cyber bullying in higher education institutions, discussing multiple factors responsible for youth
and adolescents being cyber bullied and a few measures to combat it in universities/colleges.
In The Criminal Justice System: An Introduction 11, Ronald J. Waldron decided to assemble a
team of experts from various fields of criminal justice to write a comprehensive textbook on the
Criminal justice system. This book is primarily intended for the Criminal Justice introductory
course. It is also intended to provide fundamental System information. In addition, the course
introduces students to the criminal justice system and the criminal justice process. In addition, it
provides an overview of the criminal justice agencies and the criminal justice process. In
addition, it speculates on the future of the Criminal Justice System.
In “Evidence to Action: Research and Policy Implications in India 12” a comprehensive multi-
sectoral strategy is needed to mitigate the threats against youth caused by cyberbullying and
online risks. In principle, the Indian policy landscape is equipped to protect youth. It has

10
Kaur M, Saini M. Indian government initiatives on cyberbullying: A case study on cyberbullying in Indian higher
education institutions. Education and Information Technologies. 2023 Jan;28(1):581-615.
11
Ronald J. Waldron, The Criminal Justice System: An Introduction (Houghton Mifflin Company, U.S.A, 1976)
12
Sharma D, Sharma N, Bakshi R, Duggal M. Evidence to Action: Research and Policy Implications in India.
Cyberbullying and Digital Safety: Applying Global Research to Youth in India. 2022 Jul 22.

10
prioritized children’s well-being, autonomy, and protection against online risks through various
policies, programs, and institutions. Nevertheless, the dominant narrative currently is risk-averse
and restrictive. It is also limited in scope as it focuses on school-based strategies with limited
guidance or support for parents and regulations for businesses. Therefore, it would be ideal to
align stakeholders for an effective collaborative response.
Michael D. Lyman's Criminal Investigation13 represents a timeless and dynamic field of
scientific study. This book was written with the belief that crime detection is a fascinating field
that heavily relies on investigators' past experiences as well as recent technological advances.
This book presents information in a manner that parallels the steps and factors observed during a
real-life criminal investigation. In addition, it is intended to fulfill an ongoing demand for a
comprehensive explanation of the fundamentals of criminal investigation as practised by police
officers. The purpose of this book is also to combine scientific theories of crime detection with a
practical approach to criminal investigation
The primary objective of Modelling the Criminal Justice System14, edited by Stuart S. Nagel,
is to examine the relevance of deductive modelling in order to gain a better understanding of (1)
why the criminal justice system operates as it does and (2) how it can be made to operate more
effectively.
In relation to the administration of Justice15 Authored by Paul B. Weston and Kenneth M.
Wells discusses the major stages of the administration of justice, from the commission of a
crime to its final disposition, with a focus on laws and procedures in six functional areas. The
criminal justice system consists of police protection, prosecution of offenders, the Criminal
Courts system, probation services, correctional institutions, and parole supervision of released
criminals. This book also provides an excellent foundation for comparing the laws and
procedures of other states, allowing its use in other states and in appropriate classes in any state.
The inclusion of selected references at the end of each chapter, containing summaries of the
cited cases, books, and articles, gives this book interstate scope.
In Evidence and the Adversarial Process16, Jenny McEwan examines the nature of English
laws of evidence and asks why such laws, which frequently exclude evidence, must exist. It
consists of rules of evidence that operate in the Anglo-American Systems of trial rules that

13
Michael D. Lyman, Criminal Investigation (Prentice Hall, New Jersey, 1999)
14
Stuart S. Nagel, Modelling the Criminal Justice System (SAGE Publications, California, 1977).
15
Paul B. Weston and Kenneth M. Wells, The administration of Justice (Prentice Hall Inc, New Jersey, 1977).
16
Jenny McEwan, Evidence and the Adversarial Process (Blackwell Publishers, United Kingdom, 1992).

11
rational people would adopt in order to attain justice.
In Criminal Justice System17, written by Mrs. Gurkirat Kaur, the author addresses all questions
pertaining to the criminal justice system's victims. The victim may want to know the
investigation's status and how the police are handling the situation. The suspect's apprehension
status and the victim's role in the process. This book is intended to supplement community and
victim assistance services by assisting victims and witnesses in navigating the criminal justice
system and understanding their role within it.
Authors in “Crime against Children in Cyber Space in India: A Snapshot 18” states that the
internet is now an indispensible part of our daily routine. It has evolved into a formidable system
that has influenced business, commerce, and how we interact with our peers. Because of the
rapid expansion of this data highway, different types of online crime have emerged.
"Cybercrime" has emerged because of the rapid expansion of this data highway. Some people
apply the term "cybercrime" to a wide range of offences. In India, the UN Office on Drugs and
Crime collaborated with the “Ministry of Home Affairs” to develop strategic options to prevent
cybercrime against children and improve their online security. The government has begun to
educate police officers about “cyber-security” "Mobile surveillance", "tracing anonymous
emails", "phishing", and other topics are among the training modules available.
The chapter “Cyber Economic Crime in India: An Integrated Model for Prevention and
Investigation19” gives a brief overview of various stakeholders in the criminal justice system
involving cyber economic crime. A brief introduction, organizational structure, responsibility,
human resources, and their functionalities arecovered to provide an understanding of the role
each constituent of the criminal justice system plays. The British rule in India established the
Criminal Justice Administration, for an effective dispensation of justice in criminal matters. It is
the adversarial system of the common law. A brief overview of the Criminal Justice system of
Maharashtra and Mumbai is also discussed for better understanding of institutional arrangements
at state and city levels.
Author in “Women Empowerment in India: A Critical Analysis 20” states that, being a
17
Gurkirat Kaur, Criminal Justice, (Shree Publishers and Distributors, New Delhi, 2006).
18
Rahul M, Choudhary S, Azhari M. Crime against Children in Cyber Space in India: A Snapshot.
SpecialusisUgdymas. 2022 Jul 2;1(43):4741-51.
19
Rajput B., Criminal Justice Administration in India: An Overview. Cyber Economic Crime in India: An Integrated
Model for Prevention and Investigation. 2020:171-93.

20
Singh S, Singh A. Women Empowerment in India: A Critical Analysis. Tathapi. 2020;19(44):227-53.

12
traditional patriarchal society, women have been given a secondary status which is reflected in
the economic, social and political spheres. However, women equality and empowerment has
always remained a priority area and has been taken utmost care by stake holders. The paper
critically investigates the Indian status among other countries and tries to find out preparedness
to achieve Sustainable development Goal -5 of the United Nations. The paper develops
argument on the basis of secondary sources as review of existing literature published in journal,
books, reports of various, NGOs, Government and international organizations and websites. The
paper critically examines women empowerment in India, various models and dimensions. The
paper discusses constitutional safe guards as well as plans and programmed by the government
and their implementation, indicators of women empowerment. However, the country ranks low
while comparing with other countries. There is need of reassessing and modifying programmed
to achieve SDG-5 by 2030.
OBJECTIVES
1. To understand the meaning of cyber-crime and cyber -space.
2. To find out causation behind the victimization of women and children.
3. To analyze law dealing with in checking cyber-crime against women in India, and to find out
the loopholes in the law if there is any.
4. To find the gap between legal actions & technological advancement.
5. To situate the growing threat of cyber-crime against subject within the broader context and
challenge of cyber-crime, Internet growth and governance and human rights.
6. To find out the steps which should be taken by the government for checking cyber-crime in
India.

HYPOTHESIS
The research will proceed with the hypothesis that the law to check cyber crime is adequate.

RESEARCH METHODOLOGY
Due to the essentially conceptual nature of the pursuit, the chosen methodology for this research
study is "Doctrinal." Due to the paucity of research in this area and the scarcity of statistical
data, it was necessary to limit the study to a conceptual analysis. The theoretical study includes a
critical analysis of statutes and precedent, as well as a search for answers to the research
problem's questions and verification of the hypotheses formulated.

13
Secondary sources, such as books, journals, and case reports, were used to collect data for the
study. The perspectives, including general attitudes and perceptions of prosecutors regarding
various aspects of their work and service conditions, are gleaned from the researcher's casual
interactions with a number of prosecutors, police officers, and judicial officers.
CHAPTERISATION
The study has been divided into following chapters:
The first chapter shall deal with the “Introduction”, in which the factors that motivated the
researcher to select the current topic for research shall be described. It will also highlight the
problem profile and analyse the literature reviewed. Thereafter objectives of the present study
shall be drawn and hypothesis formulated. This chapter shall also throw light on the research
methodology to be used for conducting the research in hand.
The second chapter shall be titled "Historical Perspective". It shall makean attempt to trace the
origin and development of cyber crimes in India.
The third chapter on,“LegalFramework," shall make an effort to study the laws related to cyber
crime. An attempt shall also be made to analyse the laws and find out the lacuna.
In Chapter four, titled "Judicial Approach," landmark judgments of various courts including
the Supreme Court shall be examined.
A general conclusion shall be drawn in the final chapter titled "Conclusion and Suggestions"
based on the data collected from primary and secondary sources.In addition, suggestions for
improving the current situation that are pertinent to the topic at hand is to be provided. Last but
not least, the Bibliography of relevant Articles, Acts, Books, Journals, Dictionaries, etc. is to be
illuminated.

14
 CHAPTER-II

Concept of Cyber Crime and its legal regulation.

A new generation of crimes has cropped up by the advent of Internet Computer Hacking,
Software Piracy, Internet paedophilia, Industrial espionage, Password breaking, spoofing,
telecommunication frauds, e-mails bombing, spamming, pornography and the availability of
illicit or unlicensed products and services are offences that have already made their mark. 35
New Problems emerging on the scene include credit card fraud, cyber terrorism, Cyber
laundering and criminal use of secure Internet communications. 36
The present weak
electronic system of payment without adequate safeguards is posing a serious risk of
unauthorised withdrawal from banks and counter money laundering operations. Software
piracy is a boom business and video and phonographic industries are sinking day by day
globally.37

Concept & Classification of Cyber Crime :-

With the day to day evolution of human mind, the modes of committing crime are also
drastically changing. Criminals are getting smarter day by day and are applying there minds
in this context to commit crime and escape with out getting caught. With the advent of
computers no one thought that it will become a made or source of committing crime. Charles
Babbage, Who is well known as the father of computer world not have dreamt that the
machine he is giving the world may become a source of crime and world ever influence the
society in a negative way.

When ever we talk about cyber crime we can make out that its something related to a wrong
done were a computer system is involvent. The term 'cyber crime' is a wrongly applied name.
This term has nowhere been defined in any statute/ Act passed or enacted by the Indian
Parliament. The concept of cyber crime is not radically different from the concept of
conventional crime. Both include conduct whether act or omission which cause breach of
rules of law and counter balanced by the sanction of the state. Though cyber crimes is a new

B.B. Nanda & R.K. Tiwari "Cyber Crime - A Challenge to Forensic Science, the Indian Journal
35

AprilSept. 2000 at 103.

15
36
Ibid.

37
David Teather Pirates Sink Music Firms. HT April 21, 2001

16
breed of crimes which came into being just after the advent of the computers and the scenario
has become more worse with the influence of internet in our day to day life.

Conventional Crime :-

Crime is a social and economic phenomenon and is as old as the human society. Crime is a
legal concept and has the selection of the Law.

Crime or an offence is "A legal wrong that can be followed by criminal proceeding which
may result in to punishment." 38 The hallmark of criminality is that it is breach of the criminal
law as per Lord Atkin, "The criminal quality of an act can not be discovered by reference to
any standard but one is the act prohibited with penal consequences." 39 A crime may be said to
be any conduct accompanied by act or omission prohibited by law and consequential breach
of which is visited by penal consequences.

Cyber Crime :-

Cyber crime is the latest and perhaps the most complicated problem in the cybe world.
"Cyber crime may be said to be those species of which genus is the conventional crime and
where either the computer is an object or subject of the conduct constituting crime. 40 Any
criminal activity that uses a computer either as an instrumentality target or means for
perpetuating further crime comes with in the ambit of cyber crime. 41 A generalized definition
of cyber crime may be "Unlawful acts where in the computer is either a tool or target or
both."42 The Computer may be used as a tool in the following kids of activity- financial
crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, E-
Mail Spoofing, forgery, cyber defamation, cyber stalking

Distinction Between Conventional and Cyber Crime :-

There is apparently no distinction between cyber and conventional crime as both the crimes
results in to some sort of loss to one of the parties. However on a deep introspection we may
say that there exists a fine line of demarcation between the conventional and cyber crime
which is appreciable. The demarcation lies in the involvement of the medium in cases of
cyber crime.
"
38
Granville Williams.

39
Proprictary Articles Trade Association V.A.G. For canada (1932).
40
Ashish Pandey - Cyber Crime Detention & Prevention (Ist Edn.) 2006 JBA Publisher.
41
Duggal Pawan
42
Nagpal R. - What is cyber crime?

17
Cyber Criminals :-

Any person who commits an illegal act with a guilty intention or commits a crime is called
an offender or a criminal. In this context any person who commits a cyber crime is known as
a cyber criminal.

The cyber criminals may be children and adolescents aged below 6-18 years, they may be
organized hackers may be professional hackers or crackers, discontented employees, cheaters
or even psychic persons.43

Computer Crime :-

Computer crime can be defined as "Crime against an organization or an individual in which

the perpetrator of the crime uses a computer or any computer enabled technology for all or
part of the crime.10

Reasons for Cyber Crimes :-

Professor H.L.A. Hart in his classic work entitled "

The concept of Law"

has stated that human beings are vulnerable to unlawful acts which are crimes and therefore,
rules of law are required to protect them against such acts.44 Applying the same analogy to
cyber space, the computer systems despite being hi-tech devices, are extremely vulnerable.
This tecchnology can easily be used to dupe or exploit a person or his computer by illegal or
unauthorised access. The damage so caused to the victim may be direct or indirect result of
abuse of computer systems. The reasons for vulnerability of computers to cyber criminality
may briefly be stated as follows -

1. Huge Data Storage Capacity :-

The computer has a unique characteristic of capacity to store huge data in a relatively small
space. A small micro processor computer chip can store lakhs of pages in a CD-ROM. This
storage capacity45 has enough space to remove or derive information either through physical

43
Dongre Shilpa S. - Cyber Law and its applications (Edn. 2010) Current
Publications. 10 Barkha, Cyber Law and crimes.
44
Hart H.L.A. the concept of law P. 73.
45
The storage capacity is measured in terms of "bytes", "Megabytes" and "Kilobytes." Kilo stands
for 1000, one mega byte equals to about 500 pages of the text.

18
or visual medium in a much easier way. Any data stored in ROM46 will remain intact even if
the power is turned off. Whatever be the type of ROM used, the data stored therein is non-
vialatile and will remain so indefinitely unless it is intentionally erased or over written.

2. Wider Access to Information :-

Computer is an electronic device which carries out its functions with the help of complex
technology rather than manual actions of human beings. The greatest advantage of
networking in the computer age is the wider access to information resources over a large and
extensive medium. More and more organisations are resorting to networks for providing
easily accessible information to their employers,customers and parties with which they deal.
This is the reason why networking and cyber activities are increasingly becoming the order of
the day in the present information age.

Information dissemination through world wide web 47 has created new resources for faster and
cost effective easy access to information throughout the world. It has created new
environment of emails, chats, downloads etc. Now each and everyone is just a mouse 48 click
away from another. However wider access to information creates some problems like
protecting and guarding any computer system against unauthorised access where there is
possibility of breach, not due to human error, but because of the complex technogical
manipulations. For example a bank vault49 which usually contain lakhs of rupees is well
guarded against unauthorised access by miscreants as it is made up of very strong material
located in a reinforced room guarded by security personal. The trusted officials of the Bank
preserve the Keys and/or access code secret.

3. Complexity of Computer Systems :-

The computers work on operating systems and these operating systems and these operating
system in turn are composed of millions of codes. Human mind is fallible and it is possible
that there might be a lapse at any stage Thus hackers are the dreaded enemy of the internet

46
"ROM" stands for "Read only memory." Thus it is a type of Memory that can hold data
permanently or semi-permanently.
47
WWW is a network of sites that can be searched and retrieved by a special protocol known as
Hypertext Transfer Protocol (http). mere writing of address automatically reaches the internet
and brings the sought information on the screen.
48
In the context of computer 'mouse' is a printing device that functions by detecting two dimensional
motions related to its supporting surface.
49
"Vault" is a safe data store where backup data is preserved.

19
and general network security and they exploit the complexity of computer systems motivated
by personal vengeance, sabotage, fraud, greed or malice against the victim.50

4. Negligence of Network Users :-

Negligence is closely related to human conduct. It is therefore, quite probable that while
protecting the computer system there might be any lapse or negligence on the part of the
owner/user which may provide an opportunity for the cyber criminal to gain unauthorised or
illegal access or control over the computers.. This is particularly true with big organisations
such as banks, corporations Government offices etc. which are equipped with high-tech
software systems for public access but leave it totally insecure and unguarded against
information poachers or manipulators due to sheer negligence of their staff of employees.18

5. Non-Availability or Loss Evidence :-

The traditional methods for producing, storing, transmitting and dissemination information or
records has now been replaced by the digital computer processing and networke technology.
The Real issue before the law enforcement and investigating agencies is how to procure and
preserve evidence. The inadequacy of traditional methods of evidence and crime
investigation has necessitated adoption of new techno-legal procedure called cyber forensics
which has broadly been classified as computer forensics and network forensics. The forensic
experts play an important role in collecting and presenting admissible evidence electronic
evidence and search and seizure of material evidence relevant to the cyber crime under
investigation but still there are certain grey areas which enable the cyber criminals to tamper
with the evidence to mislead the investigating agencies.51

6. Jurisdictional Uncertainty :-
Cyber crimes cut across territorial borders which undermine the feasibility and legitimacy of
applying domestic laws which are normally based on geographical or territorial jurisdiction
cyber crime are committed through cyber space network interconnectivity and therefore they
do not recognise geographical limitations because of their transnational in nature. There
being no uniformity in law and procedure among the different nations for handling cyber

50
Dr. Vishwanath Paranjape-Legal Dimension of cyber crimes and Preventive Laws (Edn.
2010) P.14 18 James R. Richards : Transnational crimansl organisation, cyber crime and money
laundering (1999) P. 87
51
Supra F.N.-17 at P.15
20
criminals, Jurisdictional conflict poses a serious threat for a nation to deal with the cyber
offenders. In many cases it so happens that a particular cyber activity is recognised as a crime
in one country but it is not so in the country in which the criminal or the victim resides, with
the result the criminal easily escapes prosecution. In the absence of a single internationally
recognised code of law and procedure governing cyber crimes, the law enforcing authorities
of individual countries find it extremely difficult to tackle cyber crimes and criminal applying
their territorial law.

Unique Features of Cyber Crime :-

Computer crime may be committed breaching the user's privacy without reaching the victim.
There is no sign of any kind of violence or struggle at the scene of crime, which are usually
the elements of a traditional crime. Cyber Crime may be committed by a mere click of the
mouse without the knowledge of the victim, thus leaving him totally incapacitated. In many
cases, the victim even does not known that he has been subjected to a cyber crime and
become a victim of it. Computer crime have some unique and peculiar characteristics
which may briefly be stated as follows :-
1. Computer crimes have now become a global phenomenon
which does not have any territorial barriers or jurisdictional restrictions.
2. Another peculiar feature of cyber crime is non-existence of any physical evidence of
it. Unlike a traditional crime, where the evidence can visibly be seen and felt in the form of
weapon, blood

3. The perpetrators of cyber crimes are generally highly intelligent educated persons
who cherish a challenge. They are well conversant with the operation of the computer system
and its intestacies. A person without adequate knowledge of working of the computer system
and internet can not commit such crime.
4. Some of the cyber crime are not really new in substance, but the medium through
which they are committed is new whereas other represent an altogether new form illegal
activity. Some of the newly emerged cyber crimes are electronic vandalism cyber terrorism,
transnational crimes in cyber space etc.
5. The medium for cyber crime being computer network system, it does not require the
user to disclose his identity. Therefore a cyber criminal can conveniently manage his
enormity, which enables him to remain out of reach of the law enforcement agencies.

21
6. The computer network has created new potential to commit traditional crime in
nontraditional ways. For example, cyber terrorism, cyber fraud, money laundering theft of
data, cyber pornography, counterfeiting by using computer etc. are some of the traditional
crimes which are now committed on-line through electronic media.52
Computer Attacks :-
Before proceeding with the classification of cyber crimes, it would be pertinent to deal with
various computer attacks that may result in network intrusion, which poses a serious threat to
the network security. The attacks may be in different forms as stated below.
1. Scanning :- It is normally conducted as a prelude to a direct attack on systems that
the intruder finds to be easily vulnerable.

2. Penetration :- It is also termed as 'probe' and is often used on the internet or network
to unauthorised control of a computer. A probe may be followed by a more serious security
intrusion.
3. Modification :- It is an attack wherein the contents of a message or data on the
internet are modified before is received at the destination host. It is directed with the
Malicious intention to cause damage to the victim.
4. Creation :- In this form of attack, undersired data is created and inserted into the
network, generally mosquerading as the data from another authorised source in order to
harass the user.
5. Denial of Service Attack (Dos) :- The object of DoS attack is not to gain
unauthorised access to the computer or the data available therein but to prevent the legitimate
user of a service from using it. It may 'flood' a network with a large volume of unwanted
data to
cause annoyance to the victim (user). The local denial of service programs shut down the
computer on which they are run.
6. Account Comromise :- It is an unauthorised use of computer account by some one
other than a account owner which is intended to expose the victim to serious data loss, data
theft or theft of services.
7. Internet Infra-Structure Attacks :- This is the most serious of all the computer
attacks which causes grave damage to the components of internet infra structure rather than

Extracted from inaugural address delivered by shri S.P. Talwar, Deputy Governor, Reserve
52

Bank of India, in the National Seminor on computer Related Crime, Organised by CBI, New
Delhi on February 24, 1999.

22
the specific systems on the net. It can seriously hinder day-to-day working of many sites.
Exampls are network servers network access providers and large number of activated sites on
which users generally depend.53
Mode And Manner of Committing Cyber Crime :
1. Hacking :-
This kind of offence is normally referred as hacking in the generic sense. However the
framers of the information technology Act 2000 have nowhere used this term so to avoid any
confusion we would not interchangeably use the word hacking for "unautharised access" as
the latter has wide connotation. Hackers generally hack the password of e-mail account of
victims. Some time hacking can be done of the web cites also. The term "Computer hacking"
traditionally describes the penetration of computer system which is not carried out with the
aims of manipulation, sabotage or espionage, but for the pleasure of overcoming the technical
security measures.54
Phrekars are the hackers who hacks.
a) Telecommunication Network (or)
b) Mobile Network.

2. Theft of Information contained in Electronic Form :-

This includes information stored in computer hard disks, removable storage media etc. Theft
may be either by appropriating the data physically or by tampering them through the virtual
medium.
3. E-Mail Bombarding :-23

E-mail bombing refers to sending a large amount of e-mails to the victim resulting in the
victimi's email account (in case of an individual) or servers (in case of company or an e-mail
service provider) crashing. A simple way of achieving this would be subscribe the victim's e-
mail address to a large number of mailing lists. Mailing lists are special interest groups that
share information on a common cyber crime and the related law in India with one another via
e-mail. Mailing lists are very popular and can generate a lot of daily e-mail traffic depending
upon the mailing list. If a person has unknowingly subscribed to hundreds of mailing lists his
incoming e-mail traffic will be too large and his service provider will probably delete his
account.

53
Supra in. 17 at P.25
54
Prof. Dr. Ulrich Sieber, Legal Aspects of Computer Relted Crimes in the information
society, Prepared for the European commission, 1998. 23 Supra fn. 17 at P. 41

23
4. Data Diddling :-
The kind of an attack involves altering raw data just before a computer processes it and then
changing it back after the processing is completed.

5. Salami Attacks :-
This kind of crime is normally prevalent in the financial institutions or for the purpose of
committing financial crimes. An important feature of this type of offence is that the alteration
is so small that it would normally go unnoticed.55
6. Denial of Service Attack :-
The computer of the victim is flooded with more requests then it can handle which cause it to
crash. Distributed Denial of service (DDoS) attack is also a type of denial of service attack, in
which the offenders are wide in number and wide spread.
7. Virus or Worm Attacks :-
Viruses are programs that attach themselves to a computer or a file and then circulate
themselves to other files and to other computers on a network. They usually affect the data on
a computers either by altering or deleting it. Worms unlike virus do not neet the host to attach
themselves to. They merely make functional copies of themselves and do this repeatedly till
they eat up all the available space on a computer's memory. E.g. love bug virus, which
affected at least 5% of the computers of the globe56

8. Logic Bombs :-

These are event dependent programs. This implies that these programs are created to do
something only when event (known as a trigger event) E.g. even some viruses may be termed
logic bombs because they lie darmant all through the year and become active only on a
particular date (like the chernoby virusa code surreptitiously inserted in to an application or
operating system that causes it to perform some destructive or compromising activity when
ever specified conditions are met. 57
This is a program which is used for targeting
corporations, industries, etc. and to commit even a variety of traditional crimes like mischief
extoration and can act either instantly or at a future date. 58 As it targets chosen, systems a
chain of destructions is hardly perceived, there by the loss is confind with in certain limits.25
9. Trojan Attacks :-

55
Cyber crime by parthasarathi patil.
56
This virus was better known as I LOVE YOU (in may, 2000).
57
<http://www.huis.hirashima-u.ac.jp/computer/Jargon/LexiconEntries/Logic_bomb.html>.
58
Gulshan Rai, "Computer Related Crimes",
<http://www.mit.gov.in>. 25
<www.usdoj.gov/criminal/cybercrime/duronioIndict.htm>.

24
This term has its origin in in the word "Trajan Horse"59 is a harmless and friendly looking
enemy which causes erosion and loss, when active. Its deceptive look 60 is its primary can
notation where by it cannot be checked or controlled until the damage is done. Its
surreptitious attack makes it difficult to intercept or control it at the right moment. It is
designed as something as benign such as a directory lister, archiver, game or even a program
to find and destroy viruses.61 it is also used to capture the passwards of legitimate users of the
system which is done by impersonating the normal system logon program. 62 A special case of
Trojan Horse is the Mockingbird software that intercepts communications (especially login
transactions) between users and hosts and provides system-like responses to the users while
saving their responses (especially account IDs and passwards)30.

10. Internet Time Theft :-

Normally in these kinds of theft the Internet surfing hours of the victim are used up by
another person. This is done by gaining access to the login ID and the password.

Internet time theft is an offence when some unauthorised person steals the hours of Internet to
be used by a person. Gonerally, internet is a pay-off service i.e., in order to avail the internet
service a person has to pay money to the "Service Provider" for a particular duration. E.g.
colonel Bajwa's case-the Internet hours were used up by any other person.

11. Web Jacking :-35

This term is derived from the term hi jacking. In these kinds of offences the hacker gains
access and control over the web site of another.
He may even multiplate or change the information on the site. This may be done for fulfilling
political objectives for the money. E.g. recently the site of MIT (Ministry of Information
Technology) was hacked by the Pakistani Hackers and some obscene matter was placed
there in. Further the site of Bomby crime branch was also web jacked. Another case of web
jacking is that of the "Gold fish" case. In this case the site was hacked and the Information
pertaining to gold fish was changed. Further a ransom of US $1 million was demanded as
ransome. Thus web jacking is a process where by control over the site of another is hacked by
some consideration for it.

59
The word was coined by MIT-hcker-turned-NSA-Spook, Dan Edwords.
60
(1999) 3 WLR p.253
61
<http://www.netmeg.net/jargon/terms/+/trojan_horse.html>.
62
Rodney D. Ryder, chap11 in guide to cyber laws (wadhwa & co. (p) ltd. Nagpur 2001)
P.525 30 Supra fn. 30 p.254

25
Classification of Cyber Crimes :-

With the expanding dimensions of cyber crime it became necessary to analyse as to how
these crime vary in nature and form. Therefore, different actions which may amount to crime
criminally have been broadly classified into three main categories63 as follows:- 1. Cyber
Crimes where computer is used as target.

2. Cyber Crimes where computer is an instrument facilitating the crime; and

3. Cyber crimes where computer is incidental to other crimes.

1. Computer as a target of the Crime :

In this category of cyber crimes, computer is itself a target of the crime. The crimes which are
covered under this category are - (i) Sabotage of computer systems or computer networks.

(ii) Sobotage as operating systems and programs.

(iii) Theft of data or information.

(iv) Theft of intellectual property such as computer software.

(v) Theft or marketing information.

(vi) Blackmailing based on information gained from computerised filed such as personal
history sexual preferences, financial data etc.

(vii) Creating a Fake driving licence, passport or any other documents for identifications
purposes or changing tax records by gaing illegal access to secret files.64

2. Computer as an instrument facilitating Crime :-

The growth of micro-computer has generated new versions of traditional crimes E.g. software
piracy, counterfeiting, copyright violation of computer programs, theft of technological
equipment are covered under this category of crime. Illegal sale of duplicate database is yet
another example of this type of computer crime.

The glaring instance where computer was used as an instrument of committing cyber crime
was terrorist attack on Indian parliament65 on December 13, 2001 in which the terrorists used
computer and Internet in a variety of ways to perpetrate the crime.

63
32 Supra F.n. 24 at p. 79.
64
The list of these crimes is only illustrative and not exhaustive.

26
3. Where Computer is incidental to other crimes :

The crimes included in this category are those in which computer is not essential for the
crime to occur, but computerisation does help in the incidence of crime by processing of huge
amount of information and makes the crime more difficult to be traced and identified. The
best illustration of this specie of crime is money laundering and unlawful banking
transactions. In one case, a suspect committed murder by changing a patient's medical
prescription and dosage in a hospital computer.66

Traditional Classification :-
The traditional classification of cyber crimes a suggested by Ulrich sieber 67 includes two
distinct groups of such crimes namely :- 1. Cyber crimes of economic type ; and
2. Cyber crimes against privacy.
1. Cyber crimes of economic type :-
In some of the cyber crimes of economic type the computer science system generally
software as well as hardware, is the target of criminal activity. Some of such crimes are as
follows :-
a) Fraud committed through the manipulation of computer system
b) Illegal copy of the software and computer database to procure information for
criminal purposes.
c) Computer subotage which causes damage to the computer system comprising
hardware as well as intangible elements contained in computer program.
d) Illegal use of computer systems belonging to other person without authorisation.
These economic crimes involve intrusion in computer systems without authorisation, with the
fraudulent purpose of sabotaging or causing damage. The offender in these crimes surpasses
the access barriers for accomplishing his ulterior motives at the cost of victim agony.

2. Cyber crimes against privacy.

In cyber crimes involving violation of right to privacy, the computer system is used as a tool
for perpetrating the criminal act. Truly speaking, several behaviors stated above as cyber
crimes of economic type are similar to those that would correspond to this category of cyber

65
Similar use of computer technology was made by the terrorist who attacked the world Trade
center in U.S.A. on September 11, 2001 leading to its collapse and causing mass destruction
of property and human life.
66
Suri R.K. and Chhabra T.N. : Cyber Crime (2003) Reprint P. 49
67
Ulrich Sieber : The International Hand book on computer crime, p. 38.

27
crime, the only difference being that the behavior would not affect any proprietary right of
the victim, instead would affect his legal right such as right to privacy.
Ordinarily When a person sends an e-mail message, he expects that it will be used only by the
intended recipient and no one else. But unfortunately this right of privacy remains largely
unprotected and may be used for furtherance of a criminal activity. In case of other secret and
confidential records stored in computer, the confidentiality and secrecy there of has to be
protected in exercise of user's right to privacy so as to prevent it from being misused by cyber
criminals.68

General Classification :-

Although the classification of cyber crimes into economic type or privacy affecting behavior
as also the manner in which they are committed by use of computer as a target, or as an
instrument facilitating commission of crime has been endorsed by most of the authorities, but
general classification comprising three categories namely

(1) Cyber crime against persons

(2) Cyber crimes against all forms of property, and

(3) Cyber crimes against state or society as a whole sounds to be most rational and logical.69

1. Cyber crimes against persons :-

These crimes are committed against individual persons disturbing him physically or mentally.
Such offence include various crimes such as transmission of child pornography harassment of
anyone with the use of computer, e-mail or cyber stalking, dissemination of obsene or
defamatory material etc.

2. Cyber crimes against all forms of property :-

These crimes are committed to affect the property of a person by any electronic media
causing damage or loss to him. These include unauthorised computer intrusion through cyber
space computer vandalism and transmission of harmful programs and illegal possession of
computerised information etc.

68
Supra fn. 17. at. p.28
69
Nagpal R. ; What is Cyber Crime? (2004) p. 109

28
3. Cyber Crimes against state or society :-
Cyber terrorism is one distinct kind of criminal activity falling under the category. The
growth of internet has shown that the medium of cyberspace is being misused by individuals
and groups of threaten the government and also or terrorise the citizens of country. 70 This
crime manifests itself into terrorism when an individual "Cracks" into a website maintained
by the Government or its Defence Department.
These crimes include trafficking financial crimes, sale of illegal articles, on-line gambling

I. Crimes Against Persons :-

Cyber offenders make use of computer, computer systems and computer network for
committing offences against person or individual. The on-line offence that can be
committed against/person/individual may be stated as follows :-
1. Harassment via e-mails :-

Cyber harassment is distinct crime. Various kinds of harassment can and do occur in cyber
space or through the use of cyber space. Harassment through e-mails is a common
phenomenon. It is similar to harassing through letters. Harassment may be sexual racial,
religious or in any other form. Cyber harassment is a crime which relates to violation of
privacy of citizens which indeed is a serious crime. No one likes that any other person should
invade his/her invaluable right to privacy. which the medium of internet grants to every
person.
2. Cyber Stalking :-

Stalking is defined as "pursuing stealthily." 71 staking can be defined as a wilful conduct

involving repeated or continuing harassment of another individual that actually causes the
victim to feel terrorized, frightened, intimidated threatened, harassed or molested. In cyber
stalking, the internet is used to pursue, harass or contact another in unsolicited fashion. With
the technological development, stalking through the internet has found favour among the
offenders for certain advantages available, like case of communication access to personal
information and anonymity. But the end result is intimidation/harassment.

70
The 9/11 terrorist attack on world Trade center in united states in 2001 and attack on India's
Parliament by terrorist on Dec., 13, 2001 are examples of these crimes.
71
According to Oxford dictionary

29
Stalking may be followed by serious violent acts such as physical harm to the victim. On-line
harassment and threats can take may forms.
Cyber stalking shares important characteistics with off-line stalking. Many stalkers resort to
stalking in order to gain control over their victims. Cyber-stalking usually occurs with
women who are stalked adult predators or pedophilesHe may be on the other side of the earth
or a neighbor or even a relative and he could be of either sex. Cyber stalking is also called as
"Cyber Teasing." Any person who via e-mail or certain messages which are in electronic
form tries to accuse a person or defames his prestige in society is said to be a cyber stakler.

3. Dissemination of obscene Material/Pornography or palluting through indecent

exposure :-
The term "dissemination of obscene material" is a very broad term which includes within it
sale, distribution, promotion and exhibition of a material which is obscene by the use of
computer technology. A material is obscene, if it predominantly draws an average person in
the contemporary community to a shameful or morbid interest in nudity, sex or excretion, or
such material, if taken as a whole lacks serious literary, artistic, political or scientific value.72
Pornography on the net may take various forms. It may include hosting of website containing
some prohibited material or use of computers for producing obscene materials. This would
include pornographic websites, pornographic magazines produced using computer (to
publish and print the material) and the internet (to download and transmit pornographic
pictures photographs, writing etc.) or downloading obscene material through the internet.
These obscene materials may pervert the mind of the adolescents and tend to deprave or
corrupt their mind. Sec. 6773 provides that a person who publishes or transmits or causes to be
published in the electronic form, any material which is lascivious, or if its effect is such as to
tend to deprave and corrupt person who are likely to read, see or here the matter contained or
embodied in it, is liable to be punished on first conviction with imprisonment upto three years
and with fine which may extend to rupees five lakh and in the event of a second or
subsequent conviction, with imprisonment up to three years and with fine, which may extend
to rupees lakh and in the event of a second or subsequent conviction with imprisonment of
either description for a term which may extend to five years and also with fine, which may
extend to ten lakh rupees.74 The counsel representing the girls parents who had filed the
complaint said that there would be no compromise on the issue and the boy accused of setting
up the website with pornographic material must be rusticated from the school. He claimed
that there were other twelve children of the school whose names were mentioned in the
website and the parents of these children wanted the expulsion of the accused from the school
as they did not want their children to study with him.The father of the accused boy had

72
Samaresh Bose V. Amal Mitra, AIR 1986
Sc 967 46 Oxford English dictionary, 2000.
73
I.T. Act, 2000
74
Sec. 67 of the I.T. Act, 2000 as amended vide I.T. (Amendment) Act, 2008 (Act No. 10 of
2009) 44 Jaya VS "Cyber Crimes", Page No.-18

30
brought evidence that even before his son had set up the pornographic website, other students
had been sending objectionable e-mails about the teacher's and the principal of the school.

Child Pornography :-
Child Pornography itself constitutes a separate category of cyber crime. This offence is
committed by the use of computer and the internet by its abusers to reach and abuse children
sexually throughout the the world at any place. The constant use of this technology has made
the children a vulnerable victim of this Cyber Crime.
4. Defamation :-
Defamation is an act of imputing any person with intent to be lower him in the eyes of the
right thinking members of society generally or to cause him to be shunned or avoided or to
expose him to hatred, contempt or ridicule. Cyber defamation is not different from
conventional defamation75 except the involvement of cyber space medium in the former.
A person may be defamed through the help of computer and the internet. Any derogatory
statement, which is designed to injure a person's reputation or business constitutes cyber
defamation. For example if someone publishes defamatory matter about a person on a
website or sends e-mail containing defamatory information to that person's friends. It is a
case of cyber defamation.76
5. Unauthorised Access :-
Unauthorised access to computer system or networks is another illegal activity which is
commonly referred to as "Hacking" As defined in section 2(1)(a) of the Information
Technology Act the word "Access" means gaining entry into or instructing or communicating
with the logical, arithmetical, or memory function resources of a computer system or
computer network. Unauthorised access would therefore, mean any kind of access without
the persmission or authorisation of either the rightful owner or the person in charge of a
computer, computer system or computer network. Thus accessing a server by cracking its
password authentication system would be an unauthorised access. Not only would that, even
switching on a computer system without the permission of the person in charge of a computer
system also be an unauthorised access. Unauthorised access as defined in the Information
Technology Act, 2000 reads as follows :- "Whoever, with the intent to cause or knowing that
he is likely to cause wrongful loss or damage to any person, destroys or deletes or alters any

75
Section 499 Indian Penal Code.
76
Vinod Kumar : Winning the Battle Against Cyber Crime; P. 83

31
information residing in a computer resource or diminishes its value or utility or affects it
injuriously by any means is said to commit hacking through unauthorised access.77

In case49 of united states, Mr. Brain A. Salcedo was sentenced on December 15, 2004 by the
U.S. District Judge Lassy Thornburgh for his role in a conpiracy to hack the nation wide
computer system of the Lowe's corporation. In this case salcedo and his co-accused conspired
and planned to gain unauthorised access to nation wide computer system Lowe's Corporation
and after gaining access, to download and steal credit card account numbers from that
computer system. In order to carry out this plan, the accused secretly compromised the
warless network at the Lowe's retail store in southfield Machigan and thereby gained
unauthorised access to Lowe's companies, his central computer system in NorthWilkesboro,
North Carolina and Ultimately to computer system located in Lowe's retail stores all around
the united states.

(1) Packet Sniffing :-

In order to understand the technique of packet sniffing, it is necessary to understand the basic
of data transmission. The data travels in the form of packets on networks. These packets also
referred to as 'data grams' are of various sizes depanding on the network bandwidth. The data
carried in the packet is measured in 'bytes'. Each packet has an identification label called
'header' which carries information of source, destination protocol, size of packet, total number
of packets in sequence and also the unique number of the packet. The data carried in the
packet is in the encrypted format
When a hacker wants to gain access to the transmission data, he would intercept the data
packets and then go on translating them from hex to actual data. This is technically called
'packet sniffing.'
(2) Password Cracking :-
A Password is a secret word or phrase that a user must know in order to gain access to a
computer system. Password crackers try to 'guess' the password contained in a pre-defined
dictionary or word. Another method adopted for password hacking is technically called as
'brute force attack' in which all possible combinations of letters, numbers and symbols are
tried out one by one until the password is find out. However, 'brute force attack' takes a fairly
long time to find out password then the dictionary attack.
(3) Buffer Overflow :-
Buffer overflow allows excessive data input into a computer. The excess data overflows into
other areas of the computer memory. This allows the hacker to insert executable code along
with input. This code enables the hacker into the computer. Buffer overflow is also known as
buffer overrun input overflow and unchecked buffer flow. This is the most commonly used
program to break into a computer.
77
Section 66 of the Information Technology Act.
2000 49 Solcedo's Case (2004) U.S.A.

32
(4) Web Jacking :-
Web-Jacking is another form of hacking. The term 'jacking' has been derived from the word
hijacking. In the Web-Jacking the perpetrator forcefully takes control over the website of
another with identical motive of deriving ransom to accomplish is monetary or political
purposes. In this kind of hacking, the hackers gain access and control over the website of
another person and even mutilates or changes the information on the hacked site. This occurs
when some one cogently takes control over website by cracking the password and later
changing it. The actual owner of the website does not have any control over what is being
shown on the website.

6. E-mail related crimes :-

In recent time, e-mail is the world's most commonly used form of communication. It is a form
of communication which makes the message to cover a long distance throughout the world.
However, like other means of communication. It is also being heavily misused for personal
gains and ulterior purposes.
The main e-mail related crimes are -78
(i) E-mail spoofing
(ii) Sending malicious coded through e-mail
(iii) E-mail bombing
(iv) Sending threatening e-mails
(v) Defamatory e-mails
(vi) E-mail frauds etc.

(i) E-mail spoofing :-

A spoofed e-mail may be said to be one. which misrepresents its origin. A spoofed e-mail
appears to originate from one source but has actually emerged from some other source.
Falsification of name and/or email address of the originator of the e-mail is usually done by
e-mail spoofing. Certain web-based e-mail services like www.sendfakemail.com, offer a
facility where in addition to above, a sender can also enter the e-mail address of the purported
sender of the email.

(ii) Sending malicious codes through e-mails :-

E-mail are often the fastest and easiest way to propagate malicious code over the internet. For
instance bug-virus reached millions of computer within 36 hours of its release from

78
Supra fn. 17 p. 40

33
philippines. Hackers often bind trojans, viruses, worms and other contaminants with e-
greeting cards and then e-mail them to unsuspecting persons such codes can also be bound
with software that appears to be anti-virus patch.

(iii) E-mail Bombing :-

E-mail bombing refers to sending a large amount of e-mails to the victim resulting in the
victim's email account (in case of an individual) or services (in case of a company or an e-
mail service provider) crashing. A simple way of achieving this would be to subscribe the
victim's e-mails address to a large number of mailing lists. Mailing lists are special interst
groups that share information on common cyber crime and the related law in India with one
another via e-mail. Mailing lists are very popular and generate a lot of daily traffic depending
upon the mailing list. Some generate only a few messages per day while others generate
hundreds of such messages. If a person has unknowingly subscribed to hundreds of mailing
lists his incoming e-mail traffic will be too large and his service provider will probaby delete
his account.79

(iv) Sending threatening e-mails :-

This is another way of committing a crime for ransom. With the advance of technology and
frequent use of internet, it has become easier for the criminals and gangsters to extract money
from the victim by threatening him of his life or any other relative's life with the help of
email by sending it from any part of the world. Any person having a basic knowledge of
computer or the use of internet can easily blackmail a person by threatening him via e-mails.

In a case80 Swati received an e-mail message from someone who called himself or herself
"your friend". The attachment with the e-mail contained morphed pornographic photographs
of swati. The e-mail message said that, if Swati does not send rupees ten thousand at a
specified place every month her photograph would be uploaded to the net and a copy would
be sent to her fiance. Scared by this message, Swati had first complied with the wishes of the
blackmailer and paid the first ten thousand rupees, but next month she approached her parents
and her fiance and apprised them of her agony. Consequently, They approached the police
and the investigation revealed that the culprit was none other then the girl who was Swati's

79
Supra fn. 17 p. 42
80
http://cybercrime.planetindia.net/e-mail/crimes_html.

34
friend who wanted that Swati Should breakup the relationship with her fiance so that she (the
accused girl) would get her chance to marry him.

hen and to whom through the e-mail.81

(v) Defamatory e-mails :-

E-mails are invariably used to send defamatory libel or slander against the victim in order to
compel him to satisfy the lust of criminal which may be either for money or for satisfying his
illegal or unlawful demand or for avenging rivalry. Defamatory e-mail is extremely fast and
simple method of communication by which any kind of message can be sent to any person
throughout the word, in a much more easier and effective manner. When one party makes a
false allegation or statement by sending e-mail to another person that can harm that person's
reputation, it is known as email defamation. The chances of defamation are markedly
increased by the advent of e-mail especially, work-related e-mail. It may be noted that e-mail
as a less formal, more economical and faster mode of communication is now being frequently
used as a daily part of our personal/professional life. The case with which e-mail may be
written and sent makes them more popular than the formal traditional modes of
communication. E-mail can be easily saved, reproduced, forwarded and broadcasted to others
omputer system records make it easy to establish who said, what, w

(vi) E-mail frauds etc. :-

There are many types of computer frauds and e-mail is a cheaper and popular devise for
distributing fraudulent message to potential victims.
E-mail fraud may be defined as any fraudulent behaviour connected with computerisation by
which someone intends to gain financial advantage for himself or for another person, thereby
causing economic loss to the victim.61
The cyber criminals often commit cyber frauds by resorting to (a) Spoofing, (b) Spamming or
(c) phishing as a tool to accomplish their fraudulent purpose.
(a) Sppofing :-

81
Dudeja V.D. Cybercrime & law (2002)
p.273. 61 Suri & Chhabra : Cyber crime (2003)
p. 398.

35
E-mail spoofing is often used to commit financial criminal frauds. With the help of this
technique, it is very easy not only to assume someone else's identity but also to hide one's
own. The person committing the fraud knows it well that there is little chance of his being
actually detected or identified.
(b) Spamming :-

Spam junk e-mail is another form of e-mail fraud. Junk e-mail is so cheap and easy to creat
that fraudsters employ it to attract investors to invest in bogus investment schemes or to
spread fictitious information about a company. This allows a deceptor to target several
potential investors at a time.82 Recently, the government of India has told the Supreme Court
that there will be no telemarketing calls on cell phone from September 5, 2007 as it is in the
process of setting up a "National Do Not Call Registry" a data base of numbers that do not
want to be disturbed.

(c) Phishing :-

The most common e-mail fraud is "Phishing" i.e. personal information scams. These scams
called phishing are currently the most common and dangerous form of e-mail fraud. It is a
high technology scam, which uses spam or pop-up messages to deceive a person for
disclosing his credit card number, bank account information, social security number,
password or other sensitive information. These messages usually ask to "Update" or
"Validate" any person's account information accompanied by the threat as dire comsequences
if the person referred does not respond. Such messages direct him towards a website which
looks like a legitimte organisation's site, but in reality, it is not so. The purpose of such
messages from the bogus sites is to trick the person for divulging his personal information so
that the operators can steal his identity and run-up bills or commit crime in that person's
name. In yet another case,58 the metropolitan magistrate of Delhi Found Mr. Azim, a 24 year
old engineer working in a call center guilty of fraudulently gaining the details of campa's
credit card and bought a television and a cordless phone from sony's website. The magistrate
convicted him for the offence of cheating under the Indian Penal code but surprisingly did
not pass any sentence and only asked him to furnish a personal bond of Rs. 20,000/- and the
accused was released on one years probation.

82
Spamming is a computer related cyber crime which consists of mass mailing of unsolicited e-mail
message.

36
II. Crimes Affecting Property :-

Computers are also being used as an effective media or instrument for committing crimes
relating to property. Some of these cyber crimes may be as follows :-

1. Computer Vandalism :-

Vandalism literally means deliberately destroying or damaging property of another. Thus

computer vandalism includes within it any kind of physical harm done to the computer of any
other person. These acts may take the form of theft of a computer, some part of a computer or
a peripheral attached to the computer or by physically damaging a computer or its
peripherals. The intention of the offender is generally to cause damage or harassment to the
computer owner.

The use of internet to hinder the normal functioning of a computer system through
introduction of viruses, warms or logic bombs is also referred to as computer sabotage, which
the cyber criminals use to gain economic advantage over a rival competitor or promote rival
illegal activities of terrorism, or to steal data in programs for extraction of money.83

Computer Virus :-

The term 'computer virus' was used for the first time by Fred Cohen84 in his thesis published
in 1984 wherein he referred to viruses that propagate by attaching themselves directly to the
computer programs. Historically, the first computer virus for personal computer was
discovered in 1980. These viruses are widespread today as a real danger to most computers
and, therefore, the computers users are expected to have basic knowledge of the working of
the viruses in order to save their computer against viral infections.85

83
Suri R.K. & Chabra T.N. : Cyber Crime (2003 : Reprint) p. 572
84
Dr. Fred Cohen in his doctroral thesis on electrical engineering presented to the university of
southern california in 1986 defined "Computer Virus" as a program that can infect to other
programs by Modifying them to include replicate version of itself.
85
Supra fn. 65 p. 579

37
One of the essential characteristics of virus is that is replicates like a biological virus. Just as a
biological virus replicates to spread its DNA, a computer virus replicates to spread its
program code in the programs it targets and makes new computer viruses.86

Thus it may be disruptive or destructive. Most viruses need some kind of activation
mechanism to set them off. They may remain dormant and undetected for long periods of
time.87 The virus that are triggered (activated) by the passing of certain specified date and
time are referred to as 'time bombs' whereas those which require a certain event to become
activated are termed as logic bombs.70

Classification of P.C. Viruses :-

Generally, there are three main classess of virus namely :-

(i) The file infectors ;

(ii) Boot Sector Viruses;

(iii) Macro Viruses

(i) The file infectors :-

The file infectors viruses attach themselves to ordinary programs files. They usually
infect*.com and/ *.exe programs. though some can also infect any program for which
execution is requested, such as *.sys, *.ovl, *PRG and *.MNU files. A resident virus hides
itself somewhere in memory. The first time an infected programs is executed and thereafter it
infects other programs when they are excuted. The vienna virus is an example of a direct
action virus. The file infectors may further be sub-classified into seven categories88 as follows
(a) Direct action file infectors - They infect a program each time it is executed.
(b) Resident infectors - They use the infected program to become resident in memory
from where they attack other programs as they are loaded into the memory.
(c) Slow Infectors - They infect files as they are changed or created, thus ensure that the
infection is saved.

86
Supra fn 17 p. 48
87
Mishra R.C. : Cyber Crime : Impact in the new millennum (2002)
p. 89 70 Logic bombs are event driven.
88
Supra fn. 69 p. 91

38
(d) Sparse Infectors - These viruses seek to avoid detection by striking only certain
program on occasional basis.
(e) Companion Infectors - They create new infected programs that are identical to the
original uninfected programs.

(f) Armoured Infectors - They are equipped with defence mechanism to avoid detection
by anti-virus technology.

(g) Polymorphic infectors - These viruses change their appearance each time an infected
program is run, so as to avoid detection.

(ii) Boot Sector Viruses;

Boot sector viruses infect executable code found in certain system areas on a disk, which are
not ordinary files. Boot-sector Viruses reside in a special part of a diskette or hard disk that is
read into memory and executed when a computer first starts. The bootsector virus normally
contains the program code for loading the rest of the computer's operating system. Once
loaded, a boot-sector virus can infect any diskette that is placed in the drive. It also infects the
hard disk so that the virus is loaded into memory when the system is restarted. Such viruses
are always memory resident viruses.89

(iii) Macro Viruses :

Macro-viruses are independent of operating systems and infect files that are usually regarded
as data rather than as program. These viruses are computer viruses that use an application's
own macroprogramming language to distribute themselves. These macros have the potential
to inflict damage to the document or to other computer software. They can infect word files
as well as any other application that uses a program language. Macro-viruses can spread
much more rapidly than other viruses because many people share " Date Files" freely. The
first macro virus i.e. "Concept" was observed in 1995 which infected its microsoft word
document and is now the most prevalent virus in the world. Presently more than one thousand
macro viruses are known to exist.66

Some Major Virus Incidents :-

89
Nandan Kamat : Law Relating to computers, Intenct and E-commerce p.
286. 66 Jaffrey & Gregory B : Fighting computers viruses (1997) p. 113

39
Melissa90 :-

This virus set a benchmark the world over when it was first noticed on 26th March, 1999. It
was the fastest spreading viirus. The Melissa virus is an automatic spamming virus. Its action
includes infecting Mircrosoft word's normal dot global template, which basically implies that
all new documents created by the user would get infected. After that each time when an
infected document is accessed, the virus will disable Microsoft word's Macro Warning
feature so that it is allowed to be activated. Its next action is to access Microsoft outlook
address book and e-mail the infected word file as an attachment to the first fifty e-mail
address entered there. As soon as the receivers of such email message open the attachment
their computers also get infected. The virus then sends the infected file to another 50 e-mail
addresses. This is the for the reason extensive spread of the virus in a short while. The virus
by itself installed in the victim's computers, is rather harmless. It merely inserts some text
into a document at a specified time of the day. The other examples of such viruses, which
affected the computers at large are Explore Zip, 91
ChemobyI 92
, VBS_LOVELETTER,
Pakistani Brain, Stoned-Marijuana, Jerusalem Cascade, Michelangelo etc.

Trojans :-

A Trojan is an unauthorised program, which functions from inside what seems to be an

authorised program thereby concealing what it is actually doing. In software field, this means
an unauthorised program, which passively gains control over another's system by
representing itself as an authorised program. The most common form of installing a Trojan is
through e-mail. It is a malicious, securitybreaking program that is disguised as something
benign, such as a directory lister, archiver, game or even a program to find destroy viruses.

There are many of installing a Trojan in someone's computer. To cite an example, where two
youths A and B both had heated arguments over a girl R whom both liked, and when the girl
was asked to choose, she preferred to choose B against A. There upon, A was enraged and
decided to take revenge from B. He sent B a spoofed e-card, which appeared to have come
from girl's e-mail account. The e-card actually contained a Trojan. As soon B opened the

90
Source - Asian School of Cyber Laws (Cyber Law Library) www.asianlaws.org
91
This virus was first discovered in June, 1999. Its activities are similar to Melissa. except that it was
incapable of replicating itself and was far more active.
92
This virus activates itself every year on 26th of April which is the anniversary day of the
chemobyI Ukraine Nuclear Power Tragedy. It was allegedly written by a Taiwanese citizen in 1998.

40
card. The Trojan was installed in his computer and consequently A assumed complete control
over B's computer which harassed him throughout.

Types of Trojans :-

There are many types of Trojans. Some of the common types of Trojans are as follows :-

(I) Remote Administration Trojans (RATs) :

These are the most common Trojans. They let a hacker access the victims, hard disk and also
perform many functions on his computer
(shut-down his computer open and close his CD-ROM drive etc.) Modern RATs are very
simple to use. They come packaged with two files. The server file and the client file. The
hacker tricks someone into running the server file, gets his I.P. address and gains full control
over his/her computer. Most RATs are used for malicious purposes to irritate. or scare
people or harm the computers. There are many programs that detect common Trojans.
(II) Password Trojans :
Password Trojans search the victim's computer for password and then send them to the
attacker or the author of the Trojans. whether it is an internet password or an e-mail password
there is a Trojan for every password. These Trojans usually send the information back to the
attacker via e-mail.
(III) Privileges Elevating Trojans :
These are usually used to be fool system administrators. They can either be bound into a
common system utility or pretend to be something harmless and quite useful and appealing.
Once the administrator runs it, the Trojans will give the attacker more privileges on the
system.
(IV) Key-Loggers :
These type of Trojans are very simply. They log all the victims keystrokes on the keyboard
including the password and then either save them on a file or e-mail them to the attacker,
Once in a while. Key loggers usually do not take much disk space and can mosquerade as
important utilities thus making them very difficult to detect.
(V) Destructive Trojans :
This Trojans can destroy the victim's entire hard drive in encrypt or just scrambll important
files.

41
Some might scem like joke progra, while they are actually ripping every file they encounter
to pieces.
(VI) Joke Programs :-
Generally joke programs are not harmful. They can either pretend to be formulating your hard
drive sending all your passwords to some hacker, self-destucting your computer turning in all
information about illegal and pirated software that you might have on your computer. In
reality the programs do not cause any damage. Some common Trojans are Back orifice (BO)
Net Bus 2 Pro Deep throat V2 etc.93

Denial of Service Attacks (DoS) :-

Denial of service attack (DoS) is a malicious act which denies to the user legitimte access to a
computer resource. It may be in any of the following forms :-

(a) attack which destroys or damages the resource;

(b) attack which causes the computer system to go down;

(c) attack which causes access to a computer system to be with held from its legitimate
user; (d) attack which forces a processing (input or output) system to slow down or
stop completely. The most common form of this attack is 'internet worm' or 'e-mail'
bombing or 'spamming'.

Significantly, the united kingdom in its new law against cyber crime effective from
November 7, 2006 has made DoS as an affence punishable with imprisonment which may
extend upto ten years.

The swedish law on computer crime has also bonned all DoS attacks on website from June 1,
2007. It declares both manual and automated DoS as a crime punishable under the law.Under
the Denial of service attack (DoS) the computer of the victim (sufferer) is swamped with
more request than it can handle there by causing the resource (e.g. a web-server) to crash,
denying authorised users the service offered by such resource. These attacks are usually
launched to make a particular service unavailable to some one who is authorised to use it.
This can be launched either by using one single computer or computers across the world,

93
What is Trojan? by Advocate Rohatas Nagpal (November 5, 2006) p.5.

42
where there are many computers in the source for launching it is known as 'distributed denial
of service attack' (DDoS)

Intellectual Property Crimes :-

Intellectual property consists of a bundle of rights. 94

The common forms of intellectual
property rights violations are software piracy copyright infringement, trade-mark and service
mark violations theft of computer source code etc. The internet is a fast developing tele-
communication and information system. It has become one of the most favoured and
convenient media to conduct business. Such efficient telecommunication and information
system has to conduct business. Such efficient tele-communication and information system
has strengthened legitimate commercial activities in the present day fast paced global market
which may also be easily used by the criminal networks. The explasion of digitisation and the
internet have further enabled intellectual property violators to easily copy and illegally
distribute trade secrets, trade-marks logos etc. It may seem simple and safe to copy
recordings movies and computer programs by installing a peerto-peer (P2P) file sharing
software program. However most material that one wants to copy is protected by copyright
which implies that a person is restricted from making copies there of unless permission to do
so has duly been obtained from the copyright owner. Making copies of intellectual property
including music, movies and software without the right to do so is punishable under the
copyright Act 1957.95

Copyright Protection :-
Copyright is an intellectual property right that subsists in literary and artistic creations. But
this right, when violated is not adequately protected and illegal unauthorised distribution of
copyrighted works is often the common grievance of copyright owners. A copyright owner
may place his work on the world-wide-web (www) with the intention of sharing his creations
with the public, but this is usually exploited by the cyber criminals for their personal gain.96
Some aggravated forms of copyright violations are widespread in the business world. They
are known as software piracy, industrial piracy etc.

94
The holder of the intellectual property has certain rights that are vested in him alone, unless he
chooses to assign to someone else.
95
Section 2(M) of the copyright Act, 1957 as amended in 1994 which come into force w.e.f. may
10, 1995
96
The various acts for which copyright act extends are enumerated in section 14 of the copyright act.

43
Software Piracy :- When a computer operator obtains a copy of the software, he can easily
duplicate it without notifying it to the author and sell it for profit. This is termed as software
piracy which is a specie of copyright violation. This is more or less analogous to making a
xerox copy of the entire published book and sell it at a significantly low price and earn
money.
Industrial Piracy :- When an individual or a group of individuals attempts duplication and
distribution of copyright software for large profits, it is termed as industrial privacy with the
fall in price of the duplication equipments the incidents of industrial piracy have considerably
increased.
Protection of Trademarks :-
Trademarks are those intellectual property rights that protect a trader's goodwill and
reputation and differentiate his goods from other trader's in the same stream or business. 97 In
other words, it is a mark whereby the public at large identifies a traders goods. Trademark
infringement or passing off actions typically arise through use of marks by one person that
belong to some other person. Thus, if a particular logo is generally asscociated with and used
in relation to product 'X' its use by someone else in relation to product 'Y' would amount to
infringement of trademark right and it would be treated as an act of passing off which is
punishable under the law of torts.75 Cyber squatting :-
Cyber squatting means obtaining of a domain name in order to seek payment from the owner
of the trademark (including name trade name or brand name) and may include typo squatting
(where one letter is different) . Under this head one person user a domain name that is already
being used by some other person, either to reap undue benefit from such reputed or popular
name or in order to make money.98
A trademark owner can succeed in a cyber squatting action by showing that the defendant in
bad faith and with intent to wrongful gain got registered a domain name consisting of the
plaintiff's distinctive trademark.
The courts in India, have decided several cases regarding violation of intellectual property
rights on the internet. Thus is yahoo Inc.V.Akash Arora, 84 the Delhi High Court granted relief
to the petitioner yahoo Inc. who sought injunction against the defendants for attempting to
use the domain name " Yahooindia.com" for internet related services. yahoo.Inc. who were
the owners of the trademark "YAHOO" and also the domain name "yahoo.com" contended

97
Section 2(1)(Z)(6) of the Trademarks Act, 1999 for definition of
Trademarks. 75 Ibid
98
Supra fn. 17, p.59

44
that by adopting deceptively the similar domain name, the defendants were trying to cause
confusion by copying the format, contents, lay-out etc. of the plaintiff's prior created regional
section on their website. The defendants, on the other hand, contended that the provisions of
the trademark act were not attracted in this case. This Court however, ruled in favour of the
plaintiff and held that although service marks are not recognised in India, the services
rendered are to be recognised for "passing-off" actions.
In yet another case of Rediff communication limited V. Cyber booth and Ramesh Nahata, 85
the
Bombay High Court held that a
84
1999 PTC 19 Del. 210
85
AIR 2000 Bom. 27
domain name is more than an internet address and is therefor, entitled to protection under the
Trade Marks Act."
Trafficking :-
Online trafficking may assume different forms. It may be trafficking in druges, human beings
arms and ammunitions weapons wild-life etc. These forms of trafficking are going on
unabated because they are carried on under pseudonyms. A racket was busted in Chennai
where prohibited drugs were being sold under the pseudonym of honey.99

Financial Crimes and Money Laundering :

Internet financial crimes include cheating credit-card frauds, money laundering etc. Online
fraud and cheating are the most lucrative illegal businesses that are being carried on unabated
in the cyberspace. They may assume different forms. Some of the cases of online fraud and
cheating that have come to the light are those pertaining to contractual deceit, fake, offering
of jobs, credit card frauds, mark sheet scandals etc.

Cyber money laundering is common variety of financial crime. It means a fraudulent way of
accessing the credit card numbers of several persons when their monitory transactions are
taking place and then transferring the currency to one's own account or using it for one's own
benefit.

The terms 'money laundering' was used in a legal context for the first time in the Watergate
Scandal case of United States in 1973 and it meant, " a process of converting money derieved

99
The Times of India Dated April, 24, 2006
45
from illegal activities into a legally consumable form.100 Thus money laundering is a cyber
crime in which money is illegally downloaded while it is in transit.

The traditional crime of converting black money into white money is also a form of money
laundering but it involves handling the hard cash physically without being exposed to law
enforcement agencies. When the physically mode of money laundering became unsafe from
the point of escaping detection, the use of electronic transfer of money with the
popularisation of internet gained momentum. 101
The anonymous digital cash transfer by
money launder for legitimising ill-gotton money in his own name for cash benefit may be
further explained by an example. where a drug peddler has earned huge profit from his illegal
drug-trafficking and is in possession of hard currency, he would like it to be transformed into
legitimately owened money. For this purpose, he would hire the services of launderes (also
called Smurfs) to deposit funds in different names in small amounts at various branches of
different banks to different cities. In the meantime, the 'smurf' will be transferring the same
fund from each branch and deposit the money by internet banking into the account of the
drug peddler. In this way the hard currency is converted into digital e-cash and illegally
earned money becomes virtually anonymous and untraceable.

Sale of Illegal Articles :

These offence include selling of illegal articles through the use of internet, sale of narcotics,
weapons, wild-life-skins antiques etc. by posting information on websites, auction websites
and bulletinboards or simply by using e-mail communication are all covered under this
category of computer crime. For example, many of the auction sites in India are believed to
be selling cocaine in the name of honey and thus carrying on sale of prohibited articles
illegally. The illegal wildlife trade on internet is a recent phenomenon, which the cyber
criminals consider to be a most lucrative business. Though the current international law has a
well equipped mechanism for the settlement of crossborder disputes relating to commercial
transactions but there being no effective legal framework for regulating wildlife trade on

100
James R. Richards : Transnational Criminal Organisation, cybercrime and money loundering
(1999) p.44.
101
Hawala is special kind of underground banking system. which is considered highly efficient
means to launder money.

46
internet at the international level the sale of wildlife items via internet is a serious cause of
concern for the law enforcement agencies of various nations including India.102

Online Gambling :-

The habitual and professional gamblers have plenty of opportunities to satisfy their craze for
gambling on the internet. There are millions of websites hosted on servers abroad that offer
online gambling. Infect it is believed that many of these websites are actually fronts for
money laundering. The rapidly growing number of online gambling sites clearly indicates
that gambling has become a potential source of entertainment for the computer friendly
persons particularly the youths though they may at times by duped, deceived or cheated by
some fake gambling sites.103

Forgery :-

Computer network provides sufficient scope for the forgers to forge documents with the help
of sophisticated computers printers scanners etc. counterfeiting currency notes, postal and
revenue stamps marksheets etc. can easily be done through these computer devices. Infect it
has become a lucrative business for professional criminals and rocketeers to target the needy
customers unemployed persons, students etc. and extract money by providing them with
forged documents or fake appointment letters mark sheets etc. The aforesaid classification of
cyber crimes sufficiently highlights the enormity and margnitude of these offence and their
damaging effect on individual persons government commercial or business organizations,
banks and financial institutions industrial enterprises and human society as a whole. The
problem will continue to escalate with new advancements in technology.

Legal Regulation of Cyber Crime :-

The eminent English jurist salmond has rightly observed that law seeks to regulate the
conduct of individuals in the society.104 Need for a Cyber Law :

102
Supra fn. 17 p. 65
103
Supra fn. 17 p. 65
104
Fitzgerald P.J. : Salmond on Jurisprudence (12th
ed.) p. 3 96 Supra F.N. 17 at p. 210

47
The Information technology advanced by computer network undoubtedly pervades every
aspect of society and governance in the present new millennium with the increased
dependence of e-commerce and e-governance, a wide variety of legal issues related to use of
internet as well as other forms of computer or digital processing devices such as violation of
intellectual property, piracy freedom of expression, jurisdiction etc. have emerged, which
need to be tackled through the instrumentality of law.96 Since cyber space has no
geographical limitations or boundaries nor does it have any physical characteristics such as
sex, age, etc. it poses a big challenge before the law enforcement agencies for regulating
cyberspace transactions of citizen with in a country's territorial jurisdiction. Though in
practical terms, an internet user is subject to the laws of the state within which he/she goes
online but this general rule runs into conflict where the disputes are international in nature.

It is true that at the time when computer technology was at its. developing stage no one ever
contemplated that it can be indiscreetly misused by the internet users for criminal purposes.
Because of the anonymity of its character and least possibility of being detected, the cyber
criminals are misusing the computer for a variety of crimes which calls for the need for an
effective legal

CYBER LAWS OF VARIOUS COUNTRIES :-

Many countries have adopted cyber law in their legal regime to meet the challenges against
the internet criminal activities. Some countries have substantially updated 105 their cyber laws
while others have partially updated them.106 However, there are a number of countries which
have not initiated measures for adoption of cyber laws to combat computer and cyberspace
crimes. As the cybercrimes do not have any geographical or territorial boundaries, they are
capable of breaching national borders which may cause serious threat to countries where legal
protections against this crime are not adequate. Gaps and variations in domestic cyber laws of
different nations renders prosecution of international cyber criminals uncertain.

105
Notably, USA, UK, Canada, Australia Japan, Philippines, Turkey, Peru,Bestonia etc. have
fullfledged cyber law of their own. Consequent to the passing of the Information Technology
(Amendment) Act, 2008 (Act 10 of 2009), India has also become a country having a
comprehensive full-fledged cyber legislation of its own.
106
Brazil, China, Chile, Czach Republic Spain, Poland, Malasiya, Denmark, Srilanka, Bangladesh
etc. have partially updated cyber law.

48
Broadly speaking, there are mainly ten cybercrimes which the international community has
identified to be of global nature. They may be placed in four major categories as follows :—

1. Data-related cybercrimes, which include interception, modification and theft of data ;

2. Network related cybercrimes including interference and sabotage of network e.g.

distributed denial of service attack (DDoS) ;

3. Crimes related to access such as hacking, virus distribution etc.; and

4. Computer related crimes including computer fraud, computer forgery and aiding or
abetting cyber criminals.

Inadequate legal protection of digital information and weak enforcement mechanism for
protecting networked information enables the perpetrators of cybercrime to carry on their
online criminal activities across the national borders undeterred with least chances of their
being apprehended or nabbed.

UNITED STATUS :-

The first federal computer crime statute enacted in USA was the Computer Fraud and Abuse
Act, 1986 which was introduced to reduce hacking of computer systems. It was amended in
1994, 1996 and again in 2001 by the Patriot Act which addresses new abuses arising from
misuse of new technologies. In America, the States as well as the Federal Government have
enacted laws addressing cybercrimes. In States, the perpetrators of cybercrimes are
prosecuted under the statute similar to the California's Penal Code 107
dealing with
unauthorised access to computers, computer systems or computer networks or the New York
Computer Crime Law110 Both these statutes deal with tempering, interfering, damaging or
unauthorised access of computer data and computer systems. Similarly, the federal
Government's computer crime statute111 prohibits unauthorised use of certain computer and
alteration or destruction of the records contained in them.

The U.S. Federal Criminal Code relates to the cybercrimes as mentioned below—

107
Section 502 of Californian Penal Code as amended in
1997. 110 New York Penal Code-article 156.00-50 (1986)

49
1. fraud and related activity in connection with access devices;112

2. fraud and related activity in connection with computers ; and

3. communication lines, stations and systems.113

CANADA

The Criminal Code of Canada provides unaughorised use of computers and illegal
interception of communication s statutory offfence which are punishable under Section 342
and Section 184 respectively. As a signatory to Council of Europe Convention on Cyber
Crime, Canada has adopted cybercrime prohibitory law of the European Council with effect
from November 23, 2001. The treaty defining cybercrime covers five major areas of
computer related crime, namely, unauthorised access, breach of security and privacy rights,
IPR violations, offences against confidentiality and computer related frauds.114

111
18 USC Section 1030 (1995) 112 18 USC Section 1029 113 18 USC Section 1062.

114
The provisions contained in the Canadian Criminal Code seek to prevent unauthorised
data alteration or modification, network interference, network sabotage and virus
dissemination. However, Canada has not ratified European Council's Convention on
cybercrime concerning racists and genocides.

UNITED KINGDOM (UK)

The United Kingdom had enacted the Computer Misuse Act in 1990, but due to later
developments in computer technology and consequent emergence of new cyberspace crimes,
a new law against cybercrime was enacted by the British Parliament which came into force
with effect from November 7, 2006. The law mainly targets Denial of Service (DoS)
attackers with punishment upto ten years of imprisonment. It clarifies that old Computer
Misuse Act did not contain provisions regarding DoS as a specific cyber offence, it only
provided penalties for altering or modifying the computer data and its contents without
authorisation. The new Act explains DoS attack as an act of flooding the server with huge
quantities of data until the server collapses.

50
As per the new Computer Act of 2006, impairing the operation of any computer, preventing
access to any program or data to computer and destructing the operation of any program on
computer are crimes which are punishable with maximum of ten years imprisonment. Also,
causing someone to do any or all of the above crimes is punishable with imprisonment which
may extend upto two years. The stringent penal provisions in the Act have proved to be very
effective in preventing the menace of DoS which had a damaging effect on the computer
users prior to the enactment of new Act in 2006.

AUSTRALIA

Australia has been relatively slower in adopting specific legislation for cybercrime and had
divergent approaches throughout the various State territory and Federal jurisdictions. The
Federal and State Governments in Australia have adopted legislations creating different
offences to tackle the problem of computer crime.
Under the Australian legal system, a new Act called the "Cyber crime Act, 2001"—was
introduced which came into force on April 2, 2002 for amending the law relating to computer
offences, and for other similar purposes. The Act adds a new part 10.7 to the Criminal Code
Act, 1995, The new part contains new computer offences designed to address forms of
cybercrime which impairs the security, integrity, and reliability of computer data and
electronic communications.108
GERMANY
The law protecting Internet and electronic communications was enacted in Germany about
thirt five years ago during 1970's. However, the Federation Data Protection Act, 1990 as
amended in September, 1994 was introduced with a view to providing protection to
individual against his right to privacy being impaired through handling his personal data. This
equally applied to public bodies of the Federation as also the private automatic data filing
systems. Germany also enacted the Information and Communication Services Act, 1997.
which was not only confined to the protection of specific copyright violations but also
imposed liability for online unlawful activities holding the Internet Service Provider
invariably liable unless he could prove that he had no knowledge of the illegal content of the
stored data.109 The Federation Data Protection Act, 1994 was subsequently replaced by the
Federal Data Protection Act, 2002 .which came into force with effect from January 1, 2002.
Section 3 of the Act defines data processing while Section 4 relates to admissibility of data
processing and its use. Sections 5 and 6 deal with confidentiality of data and inaliable rights
of persons respectively.

108
http://www.usdoj.gov.criminal/cybercrime/compcrime.html.
109
Section 5(2) of the German Information and Communication Service Act, 1997.

51
Sections 7 and 8 of the Act of 2002 contain provisions relating to the compensation payable
to public and private bodies in case of illegal activities done in violation of the Act.
Section 43 deals with offences and penalties under the Act. It provides that anyone who
without authorisation starts, modifies, retrieves or alters any personal data protected by the
Act, shall be liable for imprisonment which may extend to one year or with fine. Expressing
concern for the growing incidence of cybercrime in Germany, Gabriel Weidman, a German
Security expert who teaches at the University of Haifa in Israel and University of Maize in
Germany, has commented that there has been 40 percent increase in cybercrime rate during
2005-06 as compared with the pervious year 2004-05. The reason for this rise was the use of
high speed wireless Internet connections by the perpetrators of these crimes for misleading
the investigators and creating confusion among them so as to evade detection and arrest.
Weimann therefore, suggested that it was necessary to legalise online searches by amending
the Federal Data Protection Act, 2002.

FRANCE
The French law relating to Internet and computer crimes is modelled on European legislation
which provides foundation of legal rules that apply throughout the European country. The
European Parliament had issued the Council of European Directives in legal framework for
electronic signature and certain information services particularly the ecommerce on
December 13, 1999. which have been adopted by France from June 8, 2000.
As regards the protection of IPR's on Internet transactions there is a French IP Code which
protects the intellectual property rights to creative works regardless of time, form, value or
purpose. France had enacted a legislation for regulating the electronic processing of
nominated data. There is a National Supervising Agency to regulate the implementation of
this legislation
PHILIPPINES
While the "Love Bug" virus (technically a 'worm') travelled as an attachment to e-mail
messages of companies and individuals around the world in May, 2000, its source was traced
by the US investigative agencies with the help of National Infrastructure Protection Centre
(NIPC) in Phillipines within 24 hours. They were able to identify perpetrators with the help
of Phillipines National Bureau of Investigation. Realising that the investigation in this case
was hampered due to lack of specific computer crime law, the Philippines enacted a law

52
called the Phillipines E-commerce Act, 2000.110 The perpetrator of 'Love Bug" virus Onel de
Guzmun was charged with the offence of fraud, theft, malicious mischief and violation of the
newly enacted computer crime law. The Act has been considerably, effective in controlling
the incidences of computer crimes in Philippines.

SRI LANKA
Sri Lanka enacted its Computer Crime Act, 2007121 replacing the earlier Act. The key feature
of the new Act is that it primarily addresses the computer related crimes and hacking
offences. It also contains provisions for expert penal to provide assistance to police in the
Investigation of cybercrimes.
The Act criminalise attempts at unauthorized access It provide that any person who
intentionally or without lawful authority carries out a function that can potentially affect or
damage any computer of computer system or Computer program, will be guilty of a crime
punishable under the Computer Crime Act.
PAKISTAN
Pakistan enacted its Prevention of Electronic Crimes Act, 2007 on January 17, 2007
providing stringent punishment to those who steal, deny or destroy valuable information
available on electronic networks. Thereafter, in order to remove certain lacunae and
deficiencies of the Act, a bill entitled Cyber Crime (Prevention of Electronic Crimes) Bill was
laid before the National Assembly on
September 7, 2007, but the Fill invoked sharp criticism from the legal luminaries and was
characterised as an arcehiac and draconian legislation with could do more harm than good to
the computer users. Explaining the alleged shortcomings of the Bill, Barrister Zamid Jamal
observed that, "Once this legislation is promulgated by the National Assembly, innocent
Pakistani persons who use computer on a daily basis would be victim of its draconian effect
as merely an act of formatting a herd disk will lead to a punishment of seven years
imprisonment and/or a fine of ten lakh rupees."

International Agencies for regulating E-commerce

There are certain international agencies which function to regulate trade and e-commerce at
the global level and provide a forum for resolution of disputes and problems by mutual
negotiations. The main among them are as follows

The Act came into force with effect from June 14,
110

2000. 121 Act No. 24 of 2007.

53
World Trade Organisation (WTO)
It was during the end of World War II (1939-45) that the economists around the world met in
Briton Woods, Hampshire and suggested the setting up of an international agency to restore
the economic order to harmonise tariff and international trade and solve the monetary
problems. There was proposal to set up an International Trade Organisation but it could not
come into existence due to opposition from US Congress. However, the representatives of 56
countries met again in Havana in 1947 to formulate guidelines to improve and regulate
international trade. Consequently, a
General Agreement on Tariff and Trade (GATT) was signed by the contracting countries in
December 1947. Initially, GArr dealt with reducing tariffs and improving trade among the
nations, but there was no any dispute settlement mechanism provided in it. The Eighth
round111 of GATT held in Uruguay in 1986, led to the proposal for creation of the World

Trade Organisation (WTO) which was supposed to deal with the following issues :—

1. trade related IPR's

2. trade related investment measures

3. trade related services

4. agricultural subsidy; and

5. trade related dispute settlement mechanism.

Thus the GATT continued to operate nearly five decades. Finally, the draft prepared by
Author Dunkel, the Secretary-General of the Board of Trade 112 was approved and formally
signed on April 15, 1994 by 125 countries at a meeting held in Marakech (Morocco) and it
was resolved that the World Trade Organisation be established from January 1, 1995 to
function as a trade policy reviewing body and a trade relation dispute settlement forum.
Besides, other agreements, an agreement on Trade Related aspect of Intellectual Property
Rights (TRIPS) was also signed by the member countries for the protection of computer
software.

The World Trade Organisation as a successor to the GATT, is an international organisation

designed to supervise and liberalise international trade. It deals with rules of trade between
nations at the global level and is responsible for negotiating and implementing new trade
111
The Eight round of GATT continued for seven and half years (1986 to 1994)
112
In the General Agreement on Tariff and Trade (GATT) meeting held in Genevea in 1947, the
participating countries had resolved to form a Board of Trade with a Secratory General.

54
agreements and seeks to ensure member country's adherence to all the WTO agreements and
their ratification by the respective Governments.

The member countries are obliged to abide by the articles of the Burne convention which
provide minimum standard to be met and member countries arc free to develop their own IPR
regimes. The Burne Convention of 1971 for the first time provided for protection of literary
and artistic work i e. copyright by an international agreement between the nations.

United States Commission on International Trade Law (UNCITRAL) was created by UN

resolution in 1976 with a view to harmonising international trade law. The law on e-
commerce was finally passed by the General Assembly by its resolution dated January 13,
2007, which has facilitated international trade among countries through e-commerce to a
considerable extent. WIPO Internet Copyright Treaty, 1996 In 1996, the World
Intellectual Property Organisation (WIPO) made two treaties commonly known as internet
treaties for countering the challenges posed by internet crimes. The treaties are silent on the
subject of liberty of internet service providers, us the issue of liability has been left to the
national legislations for determination.

The WIPO copyright treaty which was adopted in Geneva on December 20, 1996, and came
into force with effect from March 6, 2002, mentions about the right of communication but
does not contain a provision on the right of reproduction. It only declares that digital copies
will be considered as reproduction for the purpose of copyright law. 113
,Since the issues
pertaining to IPR violations on the internet have been dealt with the WIP0 copyright treaty,
the member countries are free to develop their own IPR regulations and laws.

Internet Corporation for Assigned Name and Numbers (ICANN)

The domain name disputes are being settled by online arbitration under the Uniform Domain
Name Disputes Resolution Policy adopted by the ICANN which is headquartered in
California. It was created on September 18, 1998 in order to handle a number of tasks such as
managing the assignment of domain names and IP addresses. The disputes pertaining to
domain name are settled by Alternative Dispute Resolution Service Providers. It exercises
jurisdiction over the entire internet and thus mitigates the hardships or citizens and respects
sovereignty of the existing legal systems of different nations.114

An Overview of Information Technology Act, 2000:

113
Article 1(4) of WIPO Copyright Treaty, 1996.
114
Choubey R.K. : An introduction to Cyber Crime and Cyber Law (Ist ed., 2008) p. 656.

55
Section 1 & Section 2 of the Information Technology Act is titled "Preliminary". Section 1
contains provisions relating to the short title. commencement and application. in Sec 2
various important definitions has been provided.

The Information Technology Act is named as "Digital Signature and Electronic Signature 115
and contains section 3 and 3A and specifically stipulates that any subscriber may
authenticate an electronic record by affixing his digital signature and electronic signature. It
further provides that any person can verify an electronic record by use of a public key of the
subscriber. Section 4 to 10A of the Information Technology Act is titled "Electronic
Governance" It is whole about Electronic Governance and provides inter alia amongst others
that where any law provides that information or any other matter shall be in writing or in the
typewritten or printed form, then, notwithstanding anything contained in such law, such
requirement shall be deemed to have been satisfied if such information or matter is - rendered
or made available in an electronic form; and accessible so as to be usable for a subsequent
reference. This chapter is related to the legal recognition of electronic record and Digital
Signatures, their use in Government, for efficient delivery of services to the public through
electronic means,116 retention of electronic records, publication in Electronic Gazette and also
empowered the Central Government to make rules in respect of digital signatures. Sections
11 to 13 of the Information Technology Act is "Regulation of Certifying Authorities. The
Act envisages a Controller of Certifying Authorities who shall perform the function of
exercising supervision over the activities of the Certifying, Authorities as also laying down
standards and conditions governing the Certifying Authorities as also specifying the various
forms and content of Digital Signature Certificates. The Act recognizes the need for
recognizing foreign Certifying Authorities and it further details the various provisions for the
issue of license to issue Digital Signature Certificates.

Electronic Signature Certificates" which contains section 33 to 39. These sections details
about the scheme of things relating to representation, suspension, revocation of Electronic
Signature Certificates.

The Information Technology Art is "Duties of Subscriber" which contains section 40 to 42.
This chapter details about generating key pairs

(i.e. public key and private key), duties of subscriber of electronic signature certificate,
acceptance of digital signature certificate and control of private key.
115
Amended vide ITAA 2008
116
Inserted vide ITAA-2008

57
The said Act is named "Penalties, Compensation and Adjunction117 contained sections 43 to

Section 48 to 64 of the Act is titled "The Cyber Appellate Tribunal" It talks of the
establishment of the Cyber Appellate Tribunal, which shall be an appellate body where
appeals against the orders passed by the Adjudicating Officers, shall be preferred. This
chapter also contains issues relating to legal representation, limitation, jurisdiction of civil
courts, appeal to High Court, compounding of contraventions and recovery of penalty. This
chapter also contains Composition of Cyber Appellate Tribunal, Qualifications for
Appointment as Chairperson and Members of Cyber Appellate Tribunal, Term of Office,
Salary allowance, conditions of service, etc. of Chairperson and Members; Powers of

Superintendence, direction, Powers of the Chairperson to transfer cases, Decision by

majority, Filling up of vacancies, Resignation and removal etc.

The Offences" which contains sections 65 to 78, talks about various offences and the said
offences shall be investigated only by a Police Officer not below the rank of the Inspector. 118
These offences include tampering with computer source documents, computer related
offences, sending offensive messages through communication service etc., publishing or
transmitting obscene material in electronic form, publishing or transmitting of material
containing sexually explicit, disobeying Controller's orders and directions, securing or
attempting to secure access to protected system etc. Section 79 Provides "Intermediaries Not
To Be Liable in Certain Cases." This states that the intermediary (network service provider)
shall not be liable for any third party information, data, or communication link made
available by him.

(C) PROVISIONS ANCILLARY TO CYBER

117
Inserted vide ITAA-2008
118
Substituted for the words "Deputy Superintendent of Police" by ITAA-2008

58
 CONTRAVENTIONS

Section 28 vests the powers to investigate the contraventions to the Controller or any other
officer authorized by him in his behalf. It reads as under:

Power to investigate Contraventions:119

1. The Controller or any other officer authorized by him in his behalf shall take up for
investigation any contravention of the provisions of this Act. rules or regulations made
there under.

2. The Controller or any other officer authorised by him in his behalf shall exercise the
like powers which are conceited on income tax authorities under chapter XII of the Income
tax Act, 1961 and shall exercise such powers, subject to such limitations laid down under
that Act. Section 63 empowers the parties to settle the matter between them by compounding
the contravention with the permission of the Controller or any officer authorized by him in
this behalf or by the djudicating

Officer, as the case may be, on certain conditions as they may specify. Compounding of
Contraventions:119

1. Any contravention under this chapter may, either before or after the institution of
adjudicating Proceedings, be compounded by the Controller or such other officer as may be
specially authorized by him in this behalf-or by the Adjudicating Officer, as the case may be,
subject to such conditions as the Controller or such, other Officer or the Adjudicating Officer
may specif Provided that such sum shall not, in any case, exceed the maximum amount of
penalty which may be imposed under this Act for the contravention so compounded.
Nothing in Subsection (I) shall apply to a person who commits the same or similar
contravention within a period of three years from the date on which the first contravention,
committed by him, was compounded. Explanation: For the purpose of this subsection, any
second or subsequent contravention committed after the expiry of a period of three years
from the date on which the contravention was previously compounded shall be deemed to be
first contravention.

119
Section 28 of the I.T. Act
2000. 119 Id. Section 63

59
Where any contravention has been compounded under sub-section (1), no proceeding or
further proceeding, as the case may be, shall be taken against the person guilty of such
contravention so compounded. Sub clause (3) of section 63 states that compounding of the
contravention terminates the penal proceedings against the contravener On compounding of
contravention, no further proceeding can be initiated in respect of that contravention. It does
not, however, be deemed to mean that the contravention has not been committed by the
contravener but that the victim intends to resolve all the differences with the contravener in
lieu of compensation. The following can be inferred as guidelines.120

• It is inexpedient to proceed with the case.

• The evidence in possession is meager and no useful purpose would be caused in

proceeding with the case.
• It is in the public interest lo compound the contravention

• Interests of administration may dictate in favour of compounding.

Confiscation121

Any computer, computer system or computer network, floppies, compact disks, tape drives
or, any other accessories related thereto, in respect of which any provisions of this Act, rules-
orders or regulations made thereunder has been or is being contravened, shall be liable to
confiscation.

The essential ingredients of this section are:

1. Any provisions of The Information Technology Act, 2000, or rules, orders or

regulations made thereunder has been or is being contravened,

2. The Contravention was committed or is being committed by or with the help of any
computer, computer system or computer network, floppies, compact disks, tape drives or any
other accessories related thereto, and, therefore, such computer, computer system or
computer network, floppies, compact disks, tape drives or any other accessories related

120
D.P. Mittal, Law of information technology (cyber law) 2000 IInd edn. p.188, Taxman Allied
service pvt. ltd.
121
Supra Fn. 132 at sec.76

60
thereto, are liable to be confiscated. There must be nexus between the offences or the
contraventions and the instruments used for the commission of such offences or the
contraventions, as the case may be, so as to make such instruments liable for confiscation.
The court may therefore direct confiscation of the said articles by means of, or relation to
which offence or the contravention has been committed.

The proviso, nevertheless, exempt such things from confiscation if it can be proved to the
satisfaction of the Court adjudicating the confiscation that the person in whose possession,
power or control of any such computer, computer system or computer network, floppies,
compact disks, tape drives or any other accessories related thereto, is found is not responsible
for the contravention of the provisions of this Act, rules, orders or regulations made
thereunder.

Penalties and Confiscation not to interfere with other punishments122

No penalty imposed or confiscation made under this Act shall prevent the imposition of any
other punishment to which the person affected thereby is liable to under any other law for the
time being in force.
The penalties and the confiscation under The Information Technology Act, 2000 are in
addition to and not in substitution with the punishments under any other law. Thus, if a cyber
crime is covered under The Information Technology Act. 2000 and The Indian Penal Code.
1860, both, the accused will be prosecuted and punished, if provided guilty, under both the
Acts.

Section 78 Power' to investigate offences123

Notwithstanding anything contained in The Code of Criminal Procedure,

1973, a police officer not below the rank of Deputy Superintendent of Police shall .investigate
, any offence under this Act.
Section 78 empowers only the police officer of high ranking to investigate any offence under
the Act. Only the police officer of the rank of DSP or police officers above this rank are
entitled to investigate offence under this Act. The logic behind this law may be that an officer
of senior rank can take sound and rationale decisions to curb cyber crimes.

122
Id, Section 77.
123
Id.
Section 78.
124
Id Section
79.

61
Certain Provisions covered in Chapter XIII titled Miscellaneous are relevant for the purpose
of this article and therefore they have been discussed below.

Network Service Providers not to be liable in certain cases124

For the removal of doubts, it is hereby declared that no person providing shall service as a
network service provider shall be liable under this Act, rules or regulations made there under
for any third party information or data made available by him if he proves that the offence or
contravention was committed without his knowledge or that he has exercised all due
diligence to prevent the commission of such offence or contravention.

Explanation: for the purpose of this section-

a) "network service provider" means an intermediary:

b) "third party information" means any information dealt with by a network service
provider in his capacity as an intermediary.

The network service provider shall not be liable to suffer civil or criminal liability for the acts
of third party. Section 79 recognises the difference between Network service provider who
provides only access to the information and ; information and Data provider who provides
information / data to the netizens. Provider of the content is liable' to be punished for the acts
committed in contravention of the information Technology Act, 2000 and not who provides
access or connection to a computer network and is not involved in the creation of the
information / data. Network service provider suffers no liability under the act for any
information dealt with by it in his capacity as an intermediary if he proves that the
contravention or the offence was committed without his knowledge or that he has exercised
all due diligence to prevent the committed without his knowledge or that he has exercised all
due diligence to prevent the commission of such offence or contravention. Absence of
knowledge or exercise of due diligence to prevent thq contravention or the offence are the
good ground of defense under section 79. Knowledge means awareness on the part of
network service provider indicating his state of mind. The ignorance or for that matter
innocence, if pleaded could be proved by alluding to the following. -

a) Non-existence of such circumstances as to raise suspicion or to lead an inference or

belief about the commission of the offence or contravention,

62
b) Even if the said circumstances are such that a reasonable man by probable reasoning
infer regarding the nature of thing concerned, these were not capable of absolute conviction
as to induce a higher state of mind to the level of knowledge. Knowledge is gained by a
person by making use of his perceptional facilities.

c) Knowledge could not be acquired even with the exercise of reasonable care and
diligence about the commission or contravention.124

Power of Police Officer and other Officers to Enter Search, etc.125

(1) Notwithstanding anything contained in The Code of Criminal Procedure. 1973 any police
officer, not below the rank of Deputy Superintendent of Police, or any other officer of
Central Government or State Government authorized by the Central Government in this
behalf may enter any public place and search .and arrest without warrant any- person
found therein who is reasonably suspected of having committed or of committing or
of being about to commit any offence under this Act.

Explanation: For the purpose of this sub-section, the expression "public place" includes any
public conveyance. any hotel, any shop or any other place intended for use by, or accessible
to the public.

(2). Where any person is arrested under sub-section (1) by an officer other than a Police
Officer, such officer shall, without unnecessary delay, take or send the person arrested
before a magistrate having jurisdiction in the case or before the officer inchargc of a
police station.

(3). The provisions of The Code of Criminal Procedure, 1973 shall, subject to the
provisions of this section apply so for as may be in relation to any entry, search or
arrest, made under this section

Act to Have Overriding Effect

The Provisions of this Act shall have effect notwithstanding anything inconsistent therewith
contained in any other law for the time being in force. It the provisions of any law for the

124
Supra Fn. 134 at p.1992.
125
Supra Fn. 132 at Section 80.

63
time being in force are inconsistent with the information Technology Act, 2000 then not
withstanding the provisions of any other law, the provisions of The Information Technology
Act, 2000 will prevail.

Offence by Companies126

(1). Where a person committing a contravention of any of the provisions of this Act or of any
rule, direction or order made thereunder is a company, every person who at the time the
contravention was committed, was in charge of and was responsible to, the company for the
conduct of business of the company as well as the company shall be guilty of the
contravention and shall be liable to be proceeded against and punished accordingly :

Provided that nothing contained in thus sub-section shall render any such person liable to
punishment if he proves that the contravention took place without his knowledge or that he
exercised all due diligence to prevent such contravention.

(2). Notwithstanding anything contained in sub-section (I), where the contravention of any of
the provisions of this Act or of any rule, direction or order or made there under has been
committed by a company and it is proved that the contravention has taken place with the
consent or connivance of, or is attributable to any neglect on the part of any director,
manager, secretary or other officer of the company, such director, malinger, secretary or other
officer shall be deemed to be guilty of the contravention and shall be liable to be proceeded
against and punished accordingly.

126
127 Id. Section 85.

64
 CHAPTER-III

Punishment and Prevention to Cyber Crime

The growing danger from crimes committed against computers or against information on
computers is beginning to claim attention in national capitals; In most countries around the
world, however, existing laws are likely to be un enforceable against such crimes. This lack
of legal protection means that business and Governments must rely solely on technical
measures to protect themselves from those who would steal deny access to or destroy
valuable information.

OFFENCES PUNISHABLE UNDER THE INFORMATION

TECHNOLOGY ACT, 2000

The rising incidence of cybercrimes due to fast development of computer technology

necessitated enactment of separate law for prevention and control of these offences.
Therefore, the Parliament enacted the Information Technology Act, 2000 as a regulatory
measure to tackle cyber offences in an effective manner. This Act is based on
UNCITRAL"127 Model Law on e-commerce, 1996 in furtherance of the United Nations
General Assembly resolution urging the member States to enact or revise their laws to create
a uniform environment for regulating e-commerce at the international level. Thus the main
object of the Act is to, "provide legal recognition for transactions carried out by electronic
data, internet and other means of electronic communications commonly referred to as e-
commerce as an alternative to paper-based methods of communication and storage of
information to facilitate electronic filing of documents". In view of this objective, the Act
also incorporates provisions for prevention and control of offences which are the result of e-
commerce and egovernance. The relevant provisions are contained in Chapter IX and chapter
XI of the Act.

127
UNCITRAL Stands for United Nations Commissions on International Trade Law.

65
(A) Punishment Of Cyber Crime :

Penalty for Damage of Computer, computer system etc.128

If any person without permission of the owner or any person who is incharge of a computer,
computer system or computer network-

(a) Accesses or secures access to such computer, computer system or computer network;

(b) Downloads, copies or extracts any data, computer data base or information from such
computer, computer system or computer network including information or data held or
stored in any removable storage medium;

(c) Introduces or causes to be introduced any computer contaminant or computer virus into
any computer, computer system or computer network;

(d) Damages or causes to be damaged any computer, computer system or computer

network, data, computer data base or any other program residing in such computer,
computer system or computer network;

(e) Disrupts or causes disruption of any computer, computer system or computer network;

(f) Denies or causes the denial of access to any person authorized to access any computer,
computer system or computer network by any means;

(g) Provides any assistance to any person to facilitate access to a computer, computer
system or computer network in contravention of the provisions of this Act, rules or
regulations made thereunder:

(h) Charges the service availed of by a person to the account of another person by
tampering with or manipulating any computer, computer system or computer network,

(i) He shall be liable to pay damages by way of compensation not exceeding one crore
rupees to the person so affected.

128
Section 43 of the Information Technology Act, 2000.

66
 Defines 'computer' as any electronic, magnetic, optical or other highspeed data processing
device or system which performs logical, arithmetic, and memory functions by manipulations
of electronic, magnetic or optical impulses, and includes all input, output, processing, storage,
computer software, or communication facilities which are connected or related to the
computer in a computer system or a computer network.129

Clarifies that "computer system" means a device or collection of devices, including input and
output support devices and excluding calculators which are not programmable and capable of
being used in conjunction with external files, which contain computer program, computer
instructions, input data and output data, that performs logic, arithmetic, data storage and
retrieval, communication controls and other functions.130

States that "Computer network" means the interconnection of one or more computers
through-.

(i). the use of satellite, microwave, terrestrial line or other communication media; and

(ii). terminals or a complex consisting of two or more interconnected computers whether or

not interconnection is continuously

maintained.131

Defines access as "access" with its grammatical variation and cognate expression means
gaining entry into, instructing or complicating with the logical, arithmetical, or memory
function resource of a computer, computer system or computer network.132

In United States v. Rice133, where the defendant, an IRS agent, without any authorization
accessed the computer of IRS to find Whether his friend was under investigation by the IRS
was held guilty of the unauthorized access irrespective of the fact that no monetary loss was
caused to The IRS.

129
Sec. 2(1) (i) of the I.T. Act 2000
130
Id, Sec. 2(1) (l)
131
Id, Sec 2(1) (j)
132
Id, Sec. 2 (1) (a)
133
Vakul Sharma, Information Technology Law and Practice 2004. (Ist Edition). P. 103, Universal
Law Publishing Co. Pvt. Ltd.

67
Under this subsection even the attempt to secure the access has been made punishable,
irrespective of the success or failure of the attempt. But, definitely, the success or failure of
the attempt would go a long way in determining the extent of damages awarded under this
section.

Downloading Copying Extraction

a file digital content form a file a file

mputer, computer system
ent) from a ent) from a
twork.
puter, computer system puter, computer system
etwork and then saving it twork and then selectively
of the digital content.
puter's hard disk or torage
medium.

Clause (c) of section 43 makes the introduction or causing to introduce any computer
contaminant or computer virus like worms, logic bombs. Trojan Horse program etc. into any
computer, computer system or computer network is a contravention for which damages up to
the tune of one crore of rupees can be claimed by the owner or person in charge of the
computer, computer system or computer network. The most famous example is 'love bug'
created and disseminated in the year 2000 which damaged many computers. There is a
famous saying: "Do not send a man where you can send a bullet". This saying cap be
modified in the cyber world as "Do not send a bullet where you can send a virus." It is
immaterial to take into account that the guilty person was not aiming to attack the computer,
computer system or computer network of the victim but of somebody else and it was by mere
chance that the computer of the victim was affected. Nor it is important to prove that the
person had the malafide intention while introducing or causing to introduce Computer
containment or virus. In United States v. Morris9 student Robert Morris with the intent to
demonstrate the inadequacy of security measures invented a program known as 'worm' and
released it to the internet causing computers to crash at universities, military installations and

68
medical research facilities. He was held to be guilty for violating the Computer fraud and
Abuse Act of USA irrespective of the fact that he did

This decision shows that if an offence is committed intentionally, it is immaterial to find

reason why it was intended. Clause (c) of section 43 has to be read conjointly with
Explanations (i), (iii) and (iv) of the section. This subsection also covers a person whose
computer is infected by a virus or contaminant without his knowledge and he sends the
infected file to another person without any malafide intention or knowledge Therefore it
becomes essential to install anti virus Software for protection against virus.

Clause (d) makes causing damage or attempt to cause damage to any computer, Computer
system or computer network, data, computer database or any other program residing in such
computer, computer System or computer network as a cyber contravention. The damage
includes the damage to the hardware as well as to the software. The damage may be done
physically or virtually by spread of virus etc. or otherwise.

Clause (e) makes disruption and attempt to make disruption to computer, computer system or
computer network a cyber contravention. The acts mentioned in clauses (c) and (d) may in
certain cases be reason of the disruption to computer, computer system or computer network.

Clause (f) makes the denial or attempt to deny access to computer, computer system or
computer network to any authorized person by any means. The denial of access may be
either physical or virtual. The Virtual denial of access may be either by changing- the
password, User's ID etc. or by any other means. It includes "Denial of Service Attacks'
whereby the attacker blocks the authorized users from visiting the targeted sites.

Clause (g) enumerates that providing assistance to any person for facilitating to access to any
computer, computer system or computer network in contravention to law is a cyber
contravention. Thus, any person who helps another person to access any computer, computer
system or computer network in violation to the provisions of this Act or rules or regulations
made thereunder is guilty of committing cyber contravention.

Clause (h) states that any person who charges the service availed of by a person to the
account of another person by tampering with or manipulating any computer, computer
system or computer network commits contravention. This clause provides protection against

69
theft of internet hours or any other misappropriation of fraud where by the cyber criminal by
changing, tampering manipulating the pass' word, user's ID etc.

Penalty for Failure to Furnish Information Return etc.11

If any person who is required under this Act or any rules or regulations made thereunder to-

(a) furnish any document, return or report to the Controller of the Certifying authority fails
to furnish the same, he shall he liable to

a penalty not exceeding one lakh and fifty thousand rupees for each such failure;

(b) file any return or furnish any information, books or other documents within the time
specified therefore in the regulations fails to file return or furnish the same within the time
specified therefore in the regulations, he shall be liable to a penalty not exceeding five
thousand rupees for every day during which .such failures continue;

(c) maintain books of accounts or records fails to maintain the same, he shall be liable to
a penalty not exceeding ten thousand rupees for every day during which the failure
continues.

Residuary Penalty :134

Whoever contravenes any rules or regulations made under this Act, for the contravention of
which no separate penalty has been provided, shall be liable to pay a compensation not
exceeding twentyfive thousand rupees to the person affected by such contravention.

If any person contravenes any rules or regulations made under this Act but of such
contravention no separate penalty has been provided under the Act, rules or regulations made
thereunder, then such contravener shall be liable to pay compensation which may extend to
twenty five thousand rupees but not more.

134
Id. Sec. 45

70
Tampering with computer source documents :135

Whoever knowingly or intentionally conceals, destroys or alters or intentionally or

knowingly causes another to conceal, destroy or alter any computer source code used for a
compute; computer program, computer system or computer network, when the computer
source code is required to be kept or maintained by law for the time being in force, shall be
punishable with imprisonment up to three years, or with fine which may extend up to two
lakh rupees, or with both. Explanation- for the purpose of this section, "computer source
code" means the listing of programs, computer consultants, design and layout and program
analysis of computer resource in any from.

Thus, the essential ingredients of s. 65 are :

1. A person should conceal, destroy or alter or cause another person to conceal, destroy
or alter any computer source code used for a computer, computer program, computer system
or computer network;
2. the computer source code should be required to be kept or maintained by law for the
time being in force;
3. the concealment, destruction or alteration to computer source code should be done
intentionally or knowingly.
The computer program, whether written in machine language, assembly language or high
level language, is known as the source code. When the source code is translated by an
assembler or a' compiler or a translator into machine language, it is known as object code.
Thus the object code is represented by strings of O's and 1' s of the binary number system or
hexadecimal notation of the electrical charges. The object code cannot be seen, touched or
heard but there can be no doubt that it exists-136 The computer source code as defined in the
Act incorporates the entire gamut of programming process. It includes computer
commands/programming codes(machine, assembly and high level), design prototypes, flow
charts,' diagrams, technical documentation, design and layout of the necessary hardware,
program testing details etc.
The Act accepts computer source code in both tangible and tangible form. The idea behind
the aforesaid section is to protect intellectual property invested in the computer programs. It
is an attempt to extend the protection to computer source documents (codes) beyound what is
available under copyright law.137

135
Id. Sec. 65
136
Supra Fn. 8 at p. 141
137
Id. at p. 142

71
Computer source codes are readable by human beings whereas object codes are only machine
readable.

Hacking with computer system -17

1. Whoever with the intent to cause or knowing that he is likely to cause wrongful loss
or damage to the public or any person destroys or deletes or alters any information residing
in the computer resource of diminishes its value or utility or affects it injuriously by any
means, commits hacking.
2. Whoever commits hacking shall be punished with imprisonment up to three years, or
with fine which may extend up to two lakh rupees, or with both.
"Computer resources" used in the definition of hacking is defined in section 2 (K) of the Act.
It runs as under : Computer resource means computer, computer system or computer network
data, computer database or software"18
A Person is said to commit hacking :-
1. When he causes wrongful loss or damage to the public or to any person.
2. by destroying or deleting or altering any information residing in the computer resource
or by diminishing its value or utility or affecting it injuriously by any means :
3. with the intention or knowledge that he is likely to cause such wrongful loss or damage
to the public or to any person.
Section 6(23)14 1860 states "Wrongful loss is the loss by unlawful means of property to
which the person losing it is legally entitled". The person who commits the offence of
hacking is called hacker. In common parlance, term 'hacking' is also being used as synonym
to 'unauthorized access to computer' or 'computer trespass'. To constitute hacking, however,
in terms of section 66, additional requirements under the section should also be fulfilled.
Hacking, in other words, can be termed as mischief with computer, computer system or
computer network, computer program or computer resource. The definition of hacking under
The Information Technology Act, 2000 is somewhat similar to the definition of mischief
under section 425.21 It states as under 'Whoever with the intent to cause or knowing that he
is likely to cause wrongful loss or damage to the public or any person, causes the detection of
any property, or any such change in any property or in situation there of as destroys or
diminishes its value or utility, or affects it injuriously, commit mischief
Publishing of information which is obscene in electronic Form138

Whoever publishes or transmits or causes to be published in the electronic form, any material
which is lascivious or appeals to the prurient interest or if its effects is such as to tend to

138
Id. Section 69

72
deprave or corrupt persons who are likely, having regard to all relevant circumstances, to
read, see or hear the matter contained or embodied in it, shall be punished on first conviction
with imprisonment for either description for a team which may extend to five years and with
fine which may extend to one lakh rupees and in the event of second or subsequent
conviction with imprisonment for cither description for a team which may-extend to ten
years and also with fine which may extend to two lakh rupees.

Defines 'electronic form' as follows:

'electronic form' means with reference to information means any information generated,
sent, received or stored in media, magnetic, optical, computer memory, micro film, computer
generated micro fiche or similar device'139

The essential ingredients of section 67 are :

1. Publication or transmission of material in an electronic form

2. Material should be lascivious or should appeal to the prurient interest of the potential
audience or the effect of materia should be such as to tend to deprave or corrupt the
minds of the potential audience.

139
Id. Section 2(1) (r)

73
Under the section publication and transmission of obscene information is prohibited and
violator is liable to be prosecuted and punished accordingly. Publication or transmission in
an electronic form includes dissemination, 'distribution, circulation and storage of
information or data in an electronic form. Thus the act of downloading is covered within the
ambit of the section. An important thing to note is that though publication or transmission of
obscene material in an electronic form is an offence but merely browsing or surfing obscene
material on the internet or possessing such material in the privacy of one's home is not an
offence. It is only, when the material is disseminated, published or transmitted in an
electronic form; it becomes an offence under section 67. In Other words, transmission and
not mere possession of obscene information is an offence and therefore, Section

67 docs cover within its ambit pornographic websites; pornographic magazines produced
using computers as well as transmitting pornographic pictures, photos, writings etc. through
the internet. In case where the obscene materials are in the form of video; the persons who
have acted in the video, the persons who have shot the video and ever person in the chain of
distribution is covered within the ambit of the section. The fact that transmission was
addressed to an intended person for his personal use is immaterial. The act of transmission
alone is sufficient to label an act as an offence if the essentials laid down in section 67 are
found to exist. The plea that tie audience of the transmission was desired to be the selected
people is unsustainable if others arc likely to have access to it. Even a single transmission
makes the person publisher and thus liable to be prosecuted and punished under the section if
material is lascivious or appeal to the prurient interest of the people.

What constitute obscenity, or in the words of section 67, what material can be considered to
be lascivious or such as to appeal to the prurient interest or having such effects as to tend to
deprave or corrupt persons who are likely, have regard to all relevant circumstances, to read,
see or hear the matter contained or embodied in it, is a question of fact. In a famous English
case, Regina v. Hicklin25 the court ruled that a material can considered to be obscene if its
"tendency is to deprave and corrupt those whose minds are open to such immoral influences
and into whose hands a publication of this sort may fall". As Lord Cockburn explained the
material deemed to be obscene "would suggest to the minds of the young of either sex and
even to person of more advanced years, thoughts of a most impure and libidinous character".

74
For a long time the rule laid down in Regina v. Hicklin governed even the American test of
obscenity until the judgments in Roth v. United States26 and Miller v. California27 came.

Roth v. United States repudiated the Hicklin test and defined obscenity more Strictly, as
material whose "dominant theme taken as a whole appeals to
the prurient interest" to the "average person, applying contemporary community standards."
Only material meeting, this test could be banned as "obscene" In Memoirs v.
Massachusetts28, the Court further redefined the Roth test by holding unprotected only that
which is "patently offensive" and "utterly without redeeming social value.

In Miller v. California, the Supreme Court of USA held "A state offence (herein Obscenity)
must also be limited to a work which taken as a whole appeal to the prurient interest in sex,
which portray sexual conduct in a patently offensive way and which do not have serious
literary, artistic, political or scientific value." The Supreme Court of USA laid down the
following guidelines to calculate if a work is obscene:-

1. Whether the average person applying contemporary community standards would find
the work, taken as a whole, appealing, to the prurient interest,

2. Whether the work depicts or describes, in a patently offensive way, sexual conduct
specifically defined by state law,

3. Whether the work, taken us a whole, lacks serious literary, artistic, political or
scientific value.

The USA Supreme Court further held following to be obscene; (a) Patently offensive
representations or descriptions of ultimate sexual acts, normal or perverted, actual or
stimulated (b) Patently offensive description of masturbation, excretory functions and
lewd exhibitions of the genitals.

In Ranjit Udeshi v. State of Maharashtra29 the Lady Chatterley's Lover written by D. H.

Lawrence was held 'obscene' as it had, according to the Supreme Court, a tendency to
"deprave and corrupt by immoral influences" the persons into whose hands the book was
"likely to fall". The Supreme Court said, "The word obscenity is really not vague because it
is a word which is well understood even if persons differ in their attitudes to what is
obscenity and what is not". The Court has held the following matters to be obscene

75
(l ) which depraves and corrupts those whose minds are open to such immoral influences.

(2) which suggests thoughts of a most impure and libidinous character.

(3) which is hardcore pornography.

(4) which has a substantial tendency to corrupt by arousing lustful desires. (5) which tends to
arouse sexually impure thoughts.

(6) which passes the permissive limits judged from our community standards. In short,
according to Supreme Court in Ranjit Udeshi case that material was considered to be obscene
which "is likely to deprave and corrupt those whose minds are open to influences of this sort
and into whose hands the book is likely to fall".The Hon'bie Court further held" ... the
obscene matter must be considered by itself and separately to find out whether it is so gross
and

Difference between section 67 of The Information Technology Act 2000 and section
292 of The Indian Penal Code, 1860

1. The punishment under section 67 is much more stringent than that under section 292.
Under section 67 on first conviction the punishment is imprisonment for either description
for a term which may extend to five years and with fine which may extend lo one lakh rupees
and in the event of second or subsequent conviction imprisonment for either description for a
term which may extend to ten years and also with fine which may extend to two lakh rupees.
However, under section 292 the punishment on first conviction is imprisonment for either
description for a term which may extend to two years and with fine which may extend to two
thousand rupees and in the event of second or subsequent conviction, imprisonment for
either description for a term which may extend to five years and also with fine which may
extend to five thousand rupees.

2. According to The Code of Criminal Procedure, 1973 the offence under section 67 of
The Information Technology Act, 2000 is Cognizable and non-bailable whereas the offence
under section 292 of The Indian Penal Code, 1860 is cognizable and bailable.

3. On first conviction, the offence under section 67 is triable by Magistrate of the first
class and on second conviction it is triable by the Court of Sessions where as the offence
under section 292 of The Indian Penal Code, 1860 is triable by any magistrate.

76
4. Section 67 of The Information Technology Act, 2000 does not expressly contain any
of the exceptions enlisted in section 292 The Indian Penal Code, 1860, in the opinion, of the
writer, however, any such act as is likely to fall under these exceptions would not be
considered obscene for the purpose of section 67 also.

In State of Tamil Nadu v. Suhas Katti 140 the Chief Metropolitan Magistrate convicted the
accused merely within seven months from the filing of the FIR under section 469, 509 of the
Indian Penal Code, 1860 and 67 of The Information Technology Act. 2000 for posting
obscene, defamatory and annoying message about a divorcee woman in the yahoo message
group and forwarding obscene emails to others through a false e-mail account providing her
residential telephone number inviting people to talk with her on phone. The posting of the
message and e-mails resulted in annoying phone calls to the victim in the belief that she was
soliciting. The accused was convicted and sentenced to rigorous imprisonment for 2 years
and fine of Rs. 500/- under section 469 IPC and 1 year Simple imprisonment and fine of
Rs.500/- for the offence under section 509. The Indian Penal Code, 1860 and rigorous
imprisonment for 2 years and fine of Rs.4000/- for the offence under section 67 of the
information Technology Act, 2000. All sentences, however, were to run concurrently. This is
considered to be the first case of conviction under section 67 of Information Technology Act,
2000 in India.

A group of experts told a conference in Australia that new hightech advances are making
internet crimes against children easier for pedophiles to commit and more difficult to detect
faster broadband. DSL and cable connections have contributed to an increase in pedophile
activity on the internet. According to Arnold Bell, the head of American FBI's cyber division
indecent images unit, "Our caseload in this crime type has gone up 2,000% since we started
in images in 1996"141 With popular networking sites as their tool, spurned lovers are closing
in on their victims. A if lewd profile of a girl, recently, was posted on site Orkut by her
married internet friends.142 An air-hostess of Kingfisher Airlines has approached a city court
and sought action against officials social networking website www.orkut.com for their
failure to .withdraw her vulgar and defamatory profile allegedly posted by a prankster. Her

140
Website www.naavi.org/cl.editerial 04/Suhas katti cass.htm.
141
Times International, Times of India 31.10.2006, P.8, Co.-I (New Delhi)
142
Delhi Times, Times of India. 03.10.2006, P. 1 Col. II (New
Delhi) 30 Times of India, 23.01.2007 P. 20 Cal-I (New Delhi)
42
Times City, Times of India, (New Delhi) pub. 29-12-2006.

77
profile on the site carries her photo in an official uniform and is full of vulgar material.
Prankster has given her neighbor's telephone numbers in her profile with an invitation to
other Orkut users to contact her for friendship. In pursuable to her complaint Additional
Chief Metropolitant Magistrate, Delhi has directed the police to register an FIR and file a
report by February 9, 200730 In another instance a class XII student of Noida was arrested on
2812-2006 for allegedly putting on orkut.com an obscene profile of a class XII student of
another school On August 4, 2006 two students of Bal Bharati Public School were suspended
for allegedly putting a morphed obscene photo of a teacher on orkut.com, September 5, 2006
Karan of Delhi Shahid Sukhdev Singh College and Manish of Greater Noida Engineering
Institute were held for putting morphed obscene photos of a Ghaziabad girl on the internet. 42
It is quite clear from the above discussion that publication and transmission of obscene
materials has been expanding to its length and breadth via internet and most of the offenders
belong to young age group. Such cases can be prosecuted under Section 67 of The
Information Technology Act.2000 and section 292 (Obscenity) and 500 (Defamation) of The
Indian Penal Code. 1860 along with The indecent Representation of Women Act.

Power of the Controller to give Directions143

1. The Controller may, by order, direct a Certifying Authority or any employee of such
authority to take such measures or cease carrying on such activities as specified in the orders
if those are necessary to ensure compliance with the provisions of this Act, rules or any
regulations made there under,

2. Any person who fails to comply 'with any order under subsection (1) shall be guilty of
an offence and shall liable on conviction to imprisonment of a term not exceeding three years
or to a fine not exceeding two lakh rupees or to both.

The essential ingredients of this section so as to make a person criminally liable are:

1. The Controller should have, by order, directed a Certifying Authority or any

employee of such authority to take such measure or cease carrying on such activities as
specified in the orders;

2. such orders should be necessary to ensure compliance with the provisions of the Act,
rules or any regulations made there under; the accused should have failed to comply with
such orders, It is important to clarify few points here Firstly, the Controller's order for taking

143
31 Section 68 of The I.T. Act
2000.

78
measures and ceasing to carry on activities is qualified by expression "if those are necessary"
and "to ensure the compliance of this Act, rules or any regulations made thereunder". Thus,
the order may be given by the controller to the certifying authorities and others only if the
relevant purpose could not be achieved without such order and is in connection with ensuring
the compliance with the provisions of the Act, rules or regulations made thereunder.

Secondly, section 68 enumerates that the Controller may give directions to the Certifying
Authorities or any employee of such authority to do or prohibit doing certain acts to ensure
compliance with the provisions of the Act, rules or regulations made thereunder By viture of
section 18 (1), power of controller under section 68 is also extendable to the subscriber of
digital signature as section 18(1) empower the Controller to resolve conflict of interest
between the certifying authorities and subscribers.

Thirdly, power under section 68 can also be exercised by Deputy Controller, Assistant
Controller or any other officer to whom such powers have been delegated by the Controller
by virtue if his power under section 27. Section 27 runs as under:

Power to Delegate:144 The Controller may, in writing, authorize the Deputy Controller,
Assistant Controller or any officer to exercise any of the powers of the Controller under this
chapter.

Directions of a Controller to a Subscriber to extend facilities to Decrypt Information.145

1. If the Controller is satisfied that it is necessary or expedient so to do in the interest of

the sovereignty or integrity of India, the security of the state, friendly relations with foreign
states, or public order or for preventing incitement to the commission of any cognizable
offence, for reasons to be recorded in, writing, by order, direct any agency of the
Government to intercept any information transmitted through any computer resource.

2. The subscriber or any person in charge of the computer resource shall, when called
upon by any agency which has been directed under subsection (1). extend all facilities and
technical assistance to decrypt the information.

3. The subscriber or any person who fails to assist the agency referred to in sub-section
(2) shall be punished with an imprisonment for a term which may extend to seven years.

144
Id, Section 27.
145
Id. Section 69.

79
Defines "computer resource" as 'any computer, computer system or computer network,
data, computer database or software'146

The essential ingredients of subsection (1) of section 69 are as follows:

1. The Controller should have directed any agency of the Government to intercept any
information transmitted through any computer resource:

2. The Controller should have passed such direction on being satisfied that it is
necessary or expedient to do so in the interest of the sovereignty or integrity of India, the
security of the state,friendly relations with foreign States, or public order or for preventing
incitement to the commission of any cognizable offence;

Protected System147

1. The appropriate Government may, by notification in the Official Gazette, declare any
computer, computer system or computer network to be a protected system.

2. The appropriate Government may by order in writing, authorized the persons who are
authorized to access protected systems notified under sub-section (1).

3. Any person who secures access or attempts to secure access to a protected system in
contravention of the provisions of this section shall be punished with imprisonment for either
description for a term which may extend to ten years and shall also be liable to fine.

The following are the essentials to make a person criminally liable under this section:

1. The appropriate Government should have declared any computer, computer system
or computer network to be a protected system.

2. Such declaration should have been made by the appropriate Government through
notification in the Official Gazette. The intruder secured access or attempted to secure
access to the notified protected system in contravention of the provisions of this section

3. The intruder should not have been authorized to access the notified protected system.

A declaration by the Government notifying a computer, computer system or computer

network to be protected system can be made in the interest of the Sovereignty of India or the
state concerned, defence, public security, state integrity and financial, economic and
commercial security or friendly relations with other nations.

146
Id. Section 2(1) (K)
147
Id, Section 70

80
Penalty for Misrepresentation148

Whoever makes any misrepresentation to, or suppresses any material fact from, the
Controller or the Certifying Authority for obtaining any licence or Digital Signature
Certificate, as the case may be shall be punished with imprisonment for a term which may
extend to two years, or with fine which may extend to one lakh rupees, or with both.
'Subscriber' means a person in whose name Digital Signature certificate is issued.149

'Certifying Authority' means a person who has been granted a license to issue Digital
Signature Certificate Under section 24.150

Controller' means the Controller of Certifying Authority appointed under sub section (1) of
sec 17.39

The following are the essentials to make a person criminally liable under Section 71:

1. The person should have made any misrepresentation to or suppressed any

material fact from the controller or the certifying authority;

2. Such misrepresentation or suppression of material fact shall be in connection with

obtaining of any licence or digital signature certificate. Stating of incorrect and false facts
can be called as misrepresentation and non disclosure of required facts can be termed as
suppression. The aforesaid section has implications for both the licensed certifying Authority
and the subscriber under the Act. Under the scheme of the Act, the liability of the licensed
Certifying Authority is towards the

Controller (Ss. 21-22) whereas he subscriber is liable towards the Certifying Authority
(section 35)40 Though the Controller and likewise licensed Certifying Authority has the
power to suspend or revoke the licence and digital signature certificate of the licenced
certifying authority (section 25) and subscriber (section 38) respectively, but under the
aforesaid section they have been entrusted with additional power to file criminal charges
against such applicants who have misrepresented, or suppressed any material fact from
them.53

Breach of Confidentiality and Privacy151

148
Id. Section 71.
149
Id. Section 2(Zg)
150
Id. Section 2(g)
39
Id. Section 2(m)
40
Supra, Fn 8 at
p. 165. 53 Id. at p
166.

81
Save as otherwise provided in this Act or any other law for the time being force, any person
who in pursuance of any of the powers conferred under this Act, Rules or Regulations made
thereunder, has secured access to any electronic record, book, register, correspondence,
information, document or other material without the consent of person concerned discloses
such electronic record, book, register, correspondence, information, document or other
material to any other person shall be punished with imprisonment for a term which may
extend to two years, or with fine which may extend to one lakh rupees, or with both.

The following are the ingredients of section 72 to make a person criminally liable:

1. A person should disclose electronic record, book, register, correspondence,

information, document or any other material to any other person.

2. The person who disclosed the electrical record, book, register,

correspondence, information, document or any other material should have secured the access
to them in pursuance of any of the powers conferred under this Act, rules or regulations
made there under;

Penalty for Publishing Digital Signature Certificate False in Certain Particulars.152

1. No person shall publish Digital Signature Certificate or otherwise make it available to any
person, 'with the knowledge that

(a) The Certifying Authority listed in the certificate has not issued it : or

(b) The subscriber listed in the certificate has not accepted it ; or

(c) The certificate has been revoked or suspended, unless such publication is for the
purpose of verifying a digital signature created prior to such suspension or revocation.

151
Id, Section 72.
152
Id. Fn. 43, Sect. 73

82
2. Any person who contravenes the provisions of Sub-section (1) shall be punished with
imprisonment for a term which may extend to two years. or with fine which may extend to
one lakh rupees, or with both.

Ingredients of this section to make a person criminally liable are :

1. A person should have published or otherwise would have made available digital
signature certificate to any other person;

2. He should have published or would have made it available to any person with the
prior knowledge of the fact theat the Certifying Authority listed in the certificate has not
issued it or the subscriber listed in the certificate has not accepted it or the certificate has
been revoked or suspended.

An exception, however, has been restored to this i.e. if the publication of digital signature
certificate is for the purpose of verifying a digital signature created prior to such suspension
or revocation, then it does not constitute an offence under the Act.

Publication for Fraudulent Purpose153

Whoever knowingly creates, publishes or otherwise makes available a digital signature

certificate for and fraudulent or unlawful purpose shall be punished with imprisonment for a
term which may extend to two years, or with fine which may extend to one lakh rupees, or
with both.
The following amounts to an offence under this section :-

1. Creation, publication or otherwise making available a digital signature certificate;

2. Such creation, publication etc. shall be for any fraudulent or unlawful purpose;

3. The person creation, publishing or making available digital signature shall do so

knowingly.

Thus knowingly creating, publishing or making available a digital signature certificate for
any fraudulent or unlawful purpose is an offence under section 74 punishable with
imprisonment up to two years or fine up to one lakh rupees or both.

153
Id. Section 74

83
(B) Preventive of Cyber Crime

Despite penal provisions and preventive measures provided in the Indian Penal Code and the
I.T. Act, a perusal of Cybercrime statistics of preceding years clearly indicates that there has
been no decline in the crime rate and on the contrary, they are recording a steady rising trend.
There are many new cybercrimes emerging which need improvised

investigative and legal techniques and skills to handle them efficiently. 154 Crime statistics
have an important role in formulating preventive crime strategy as they contain relevant data
on specific crimes and criminals which helps the criminal law enforcement agencies to make
best possible use of them for working out effective strategy to tackle them efficiently.155

Prevention is always better than cure. It is always better to take certain precautions
while operating the net. Anybody should make them his part of cyber life.

5P mantra for online security : Precaution Prevention, Protection, Preservation and

Perseverance. A netizen should keep in mind the following things.156

1. To prevent cyber stalking avoid disclosing any information pertaining to oneself. This
is as good as disclosing your identity to strangers in public place.

2. Always avoid sending any photograph online particularly to strangers and chat friends
as there have been incidents of misuse of the photographs.

3. Always use latest and up date anti virus software to guard against virus attacks.

4. Always keep back up volumes so that one may not suffer data loss in case of virus
contamination

5. Never send your credit card number to any site that is not secured, to guard against
frauds.

154
Dr. N.V. Paranjape : Criminology and Penalogy (14th ed., 2009) p. 208.
155
Taft Donald : Criminology (4th edition) p. 469
156
Shailesh Kumar Zarkar, technical advisor and network security consultant to the Mumbai Police
Cyber crime Cell

84
6. Always keep a watch on the sites that your children are accessing to prevent any kind
of harassment or depravation in children.

7. It is better to use a security programme that gives control over the cookies and send
information back to the site as leaving the cookies unguarded might prove fatal.

8. Web site owners should watch traffic and check any irregularity on the site. Putting
host-based intrusion detection devices on servers may do this.

9. Use of firewalls may be beneficial.

Electronic Surveillance

Surveillance has always been considered as an effective crime prevention and crime
detection measure. The development of information technology has greatly facilitated
surveillance not only of communication activities but also e-mails, file-transfers or location
in cyberspace. It may be put into operation on the suspect's terminal equipment such as
computer or mobile-phone or within the network such as mail server, which is physically
away from the suspect.157
It hardly needs to be stressed that surveillance by law enforcement agencies in course of
cybercrime investigation is to be carried out strictly in accordance with the procedural law of
crime. The private entities such as employers,' owners or industries and business houses,
ISP's may also have their own surveillance services for prevention of these crimes.
Surveillance any be either (i) direct surveillance or (ii) intrusive surveillance. Direct
surveillance is the common form used for crime detection. It is conducted using a network
resource away from the physical location of the suspect such as cyber safe's or ISP's-web-
server. It- is directed for establishing by whom or under that circumstances any crime was
committed.
Intrusive surveillance as distinguished from direct surveillance, refers to finding out anything
that is taking place in any residential or closed premises or in any private vehicle. It is carried
out on the suspect's computer or other form of terminal device. Since intrusive surveillance
involves interference in a person's privacy, its use is limited to serious cybercrimes which
threaten national security or national economy etc.

Intrusion Management as a Preventive Strategy

More recently, intrusion management is being used as a protective strategy for prevention
and control of cybercrimes. It seeks to prevent unlawful intrusions in the computer system by
utilising effective e-security controls. It lays greater stress on computer user's and
ecommerce organizations to make sure that the functional areas of vulnerability of the
157
Walden Ian : Computer Crime & Digital, investigations (2007) p.137

85
computer system are kept well under constant vigil so that identification and authenticity,
access and accountability as also accuracy and reliability of data is well secured against any
unauthorised intrusion.
Presently, in most cases the investigation ends up with the conclusion that victim's computer
system was attacked and there was sufficient evidence to show that substantial damage has
been caused to his computer system due to such intrusion attack, but the exact source of
attack could not be located or traced. Therefore, recourse to intrusion management process
which seeks to plug the security loop-holes may be found to be very useful as a measure of e-
security.
The main intrusion protection devices that may be used for esecurity can be placed into four
major categories, namely, (i) Anti-virus software, (ii) Fire walls, (iii) Authentication, and (iv)
Encryption.
(i) Anti-virus software : Virus scanning software is installed at all points of attack. All
diskettes must be scanned before being loaded on to network and attack servers.
(ii) Firewalls : Firewall is a software which provides a layer of isolation between the
inside network and the outside network. Firewall technology has now been certified by the
National

Computer Security Association (NCSA).

(iii) Authentication : Implies password protection so that only properly authenticated
users are able to access the particular network resource. Bio-metric authentication device is
also used for the purpose wherein attributes arising from a person's retinal patterns, voice
recognition etc. are derived from electronic analysis which help the user to make sure
whether the transmitted data is genuine or unauthorised.
(iv) Encryption : Involves changing of data into an indecipherable form prior to
transmission. Thus even if transmitted, it cannot be interpreted. The changed unmeaningful
data is called cipher text. Encryption must be accompanied by decryption or changing the
unreadable text back into its original form.

Data Protection

Considering the fact that right to privacy on internet and data protection have been
recognised as a basic human right by the international community, India should enact an
appropriate legislation to address privacy and data protection issues so that a uniform pattern
of privacy standard is followed by the netizens and the ISP's at the governmental and the
non-government level. In this context, it may be stated that though Article 21 of the
Constitution of India protects right to privacy of an individual as a fundamental right but it is
available only against the state action and does not extend protection against actions of

86
private parties. Section 72 of the Information Technology Act also provides protection to
online data privacy on computer, computer system and computer network but it has only a
limited scope. Therefore, enactment of an independent online Data, Protection Act,
uniformly applicable to all persons organizations throughout India on the U.K. pattern would
prove to be a step forward towards the prevention and control of unlawful intrusions. The
United Kingdom has its Data Protection Act of 1998 to regulate data/ information processed
by computers. Similarly, Germany, Austria and Scandinavia also have their electronic
surveillance regulating laws to protect data and personal data information.
The Council of Europe (CoE) passed the Data Protection Directives to protect privacy and
regulate processing of personal data throughout Europe. United States also has enacted
Children's Online Privacy Protection Act, 2002, which requires parent's prior consent before
collecting, using or disclosing personal data/information for children below 13 years of age.
As an international effort to protect privacy and trans-national flow of personal data, the
Organisation for Economic Co-operation & Development (OECD) 158 was established in
1996, which presently has 35 leading industrial nations as its members. It has issued
guidelines 159 consisting of certain basic principles with a view to attempting a balance
between the protection of data privacy and the advancement of free flow of personal
information from OECD countries. Thus the personal data is protected by adopting
reasonable security safeguards against the risks of loss or unauthorised access, destruction,
use, modification or disclosure etc.

Switch-over to Paperless Electronic Record

In order to ensure, availability of an electronic information, agencies and organisations

should ensure that the electronic process collects all the relevant data and it is retained
properly and is readily accessible. The lengthy period of time between the collection of
information and its use in many situations such as litigation, arbitration etc. may be
detrimental to the parties. It has been noticed that most agencies and organisations in India
still retain important paper documents in their original form instead of converting them -into
electronic record. Even the people in general place more reliance on paper documents rather
than their electronic record.

While conversion of paper-based record in electronic form, care has to be taken that legal
rights of persons are not disturbed and the validity or authenticity of the documents is not
thwarted in any way. As it is, the Government and most organisations require certain types of
transactions to be in written and signed document form for their legal authenticity. They also

158
Though India is not a member of OECD but in 2001 it became 27th member of the Development
Centre, an autonomous body that functions within OECD.
159
These guidelines were drafted in 1979 and adopted in 1980. They need to be revised in view of the
technological developments ir collection and use of personal data in the present millennium.

87
provide that electronic records and signatures shall not be legally recognised. This is rather
unfortunate. It is high time when this mindset has to be changed and it needs to be recognised
that going paperless by switching over to electronic record of documents in no way reduces
their legality. Since electronic records are readily accessible, easy to preserve and procure
and are of a lasting nature, switching over from paper-record to paperless electronic records
would certainly facilitate accelerating the process of cybercrime detection, investigation and
trial.

Liability of ISP's Needs Reconsideration

It is generally observed that when a copyright owner takes action against infringement on the
internet, he invariably sues the ISP as well along with the person who actually commits the
infringement. The purpose of holding the ISP contributorily liable for infringement is to
compel him to remove the infringing material from his servers because he controls that
network160 This increasing trend towards targeting ISP's drags them into frequent litigation
which leads many of them to close down their internet services. Though Section 79 of the IT.
Act provides exemption from liability to

160
Verma S.K. & Raman (ed.): Legal Dimensions of Cyberspace, jili (2004).

88
 CHAPTER-IV

Jurisdiction on Cyber Space

Where is cyberspace?161 The answers to this question seem to approach the metaphysical: it
is everywhere and nowhere, it exists in the smallest bursts of matter and energy and is called
forth only by the presence of man through the intercession of an Internet provider. If the
answers are useless, it only shows that we are asking the wrong question. We should first ask:
what is cyberspace? To this question at least a functional answer is possible. Functionally,
cyberspace is a place. It is a place where messages and Web Pages are posted for everyone in
the world to see, if they can find them. 162 The United States Supreme Court's first opinion
about the Internet contains language that makes one hopeful that U.S. courts will accept the
legal metaphor of cyberspace as a place outside national boundaries: "Taken together, these
tools constitute a unique medium - known to its users as 'cyberspace'-- located in no particular
geographical location but available to anyone, anywhere in the world, with access to the
internet."163There exists in international law a type of territory which I call international
space." Currently there are three such international spaces: Antarctica, outer space, and the
high seas. for jurisdictional analysis, cyberspace should he treated as a fourth international
space.

(A) Private Defence on Cyber Space.

The information technology is a double edge sword, which can be used for destructive as well
as constructive work. Thus, the fate of many ventures depends upon the benign or vice
intentions, as the case may be, of the person dealing with and using the technology. 164 For
instance, a malicious intention forwarded in the form of hacking, data theft, virus attack, etc
can bring only destructive results. These methods, however, may also be used for checking
the authenticity, safety and security of one's technological device, which has been primarily
relied upon and trusted for providing the security to a particular organisation. For instance,
the creator of the "Sasser worm" has been hired as a "security software programmer" by a
161
William S. Byassec. Jurisdiction of Cyberspace : Applying Real World Precedent to the virtual
community, 30 wake forest L. Rev. 197, 198 (1995).
162
Orson Scott Card. Wyrms 165-188 (1987)
163
Reno V. Aclu., 117 S. ct. (1997)
164
The Times of India (Delhi Times), Net gain for e-crime. Dated
20.09.04 p. 5. 5 Praveen Dalal, "Preventing violations by aggressive
defense."

89
German firm, so that he can make firewalls, which will stop suspected files from entering
computer systems. This exercise of hiring those persons who are responsible for causing
havoc and nuisance is the recognition of the growing and inevitable need of "self protection",
which is recognised in all the countries of the world, In fact, a society without protection in
the form of "self help" cannot be visualised in the present electronic era. The content
providers, all over the world, have favoured proposed legislations in their respective
countries, which allow them to disable copyright infringers computers. In some countries the
software developers have vehemently supported the legislations, which allows them to
remotely disable the computer violating the terms and conditions of the license allowing the
use of the software. This position has, however, given birth to a debate about the desirability,
propriety and the legality of a law providing for a disabling effect to these "malware". The
problem is further made complicate due to absence of a uniform law solving the
"jurisdictional problem". The Internet recognises no boundaries: hence the attacker or
offender may belong to any part of the world, where the law of the offended country may not
be effective. This has strengthened the need for a "techno-legal' solution rather than a pure
legal recourse in the present electronic era.5

The need of private defence:

The most deadly and destructive consequence of this helplessness is the emergence of the
concept of "cyber terrorism". The traditional concepts and methods of terrorism have taken
new dimensions, which are more destructive and deadly in nature. In the age of information
technology the terrorists have acquired an expertise to produce the most deadly combination
of weapons and technology, which if not properly safeguarded in due course of time, will
take its own toll. The damage so produced would be almost irreversible and most catastrophic
in nature. In short, we are facing the worst form of terrorism popularly known as "Cyber
Terrorism".165 The expression "cyber terrorism" includes an intentional negative and harmful
use of the information technology for producing destructive and harmful effects to the
property, whether tangible or intangible, of others. For instance, hacking of a computer
system and then deleting the useful and valuable business information of the rival competitor
is a part and parcel of cyber terrorism. The definition of "cyber terrorism" cannot be made
exhaustive as the nature of crime is such that it must be left to be inclusive in nature. The

165
Praveen Dalal, "Cyber terrorism and its solutions : An Indian
Perspective." 7 Supra f.n. 5.

90
nature of "cyberspace" is such that new methods and technologies are invented regularly;
hence it is not advisable to put the definition in a straight jacket formula or pigeons hole.
Infact, the first effort of the Courts should be to interpret the definition as liberally as possible
so that the menace of cyber terrorism can be tackled stringently and with a punitive hand.7
The law dealing with cyber terrorism is, however, not adequate to meet the precarious
intentions of these cyber terrorists and requires a rejuvenation in the light and context of the
latest developments all over the world. The laws have to take care of the problems originating
at the international level because the Internet, through which these terrorist activities are
carried out, recognises no boundaries. Thus, a cyber terrorist can collapse the economic
structure of a country from a place with which a country may not have any reciprocal
arrangements, including an "extradition treaty". The only safeguard in such a situation is to
use the latest technology to counter these problems, Thus, a good combination of the latest
security technology and a law dealing with cyber terrorism is the need of the hour.166

The concept of private defence:

In India there is no law, which is specifically dealing with prevention of malware through
private defense. Thus, the existing analogous provisions have to be applied in a purposive
manner. The following provisions of the I.P.C., which is a general law dealing with offences
in India, are of great significance in dealing with and tackling the use of malware by the use
of private defence.

(i) Section 96 of the Code declares that nothing is an offence, which is done in the
exercise of the right of private defence. This section recognises the principle of self-help
which is considered to be just, fair and reasonable in all the countries of the world.

(ii) Section 97 of the Code provides that every person has a right, subject to the
restrictions contained in Section 99, to defend: First- His own body and the body of any other
person against any offence offecting the human body. Secondly- The property, whether
moveable or immoveable, of himself or of any other person, against any act which is an
offence falling under the definition of theft, robbery, mischief or criminal trespass. This
section recognises the right of a "third party" to protect the property of another, besides
protecting his property. Thus, a public-spirited individual has a right to self-help by helping

166
7 www.naavi.org.

91
innocent victims of malware. For instance, a netizen who is an expert in protecting computers
from viruses may make a programme, which has a potential to curb the virus put on the
internet and may launch the same on it. In such a situation the person launching the malware
cannot complain that such third party has no reason to feel aggrieved and has no right to
retaliate. Such an action on the part of that public-spirited individual is morally, equitably and
legally justified and will be protected by this section. This is a benign concept and it requires
the most liberal, purposive and updating interpretation.

(iii) Section 99, among other things, provides that there is no right of private defence in
cases in which there is time to have recourse to the protection of the public authorities.
Further, it provides that the right to private defence in no case extends to the inflicting of
more harm than it is necessary to inflict for the purpose of defence, i.e. the principle of
proportionality. It is suggested that this section applies to offences involving human beings as
such and not the results created due to acts or omissions of the human beings. Thus, the
requirement of taking recourse to public authorities arises only when the following two
requirements are fulfilled:

(a) There must not be any apprehension of death or grievous hurt (because in that case the
concerned person is left with no choice but the instant life saving action) by the act or
omission in question, and

(b) Such act or omission must originate out of an active physical participation of human
agency and it should not be limited to any act or omission unsupported by its physical
presence.

Reading Section 103 along with Section 99 further strengthens this argument. Section 103
provides that the "right of private defence of property‖ extends, under the restrictions
mentioned in Section 99, to the voluntary causing "death" or of any other harm to the
wrongdoer, if the offence of robbery, house breaking by night, mischief by fire to certain
properties, theft, mischief or house trespass, arc committed or attempted to be committed
under such circumstances us may reasonably cause apprehension that death or grievous hurt
will be the consequence, if such right of private defence is not exercised. A close reading of
these sections reveals that these sections are tracing the operation of private defence visa-vis
human being's active and physical involvement and not in the sense of malware. This position
is made crystal clear if we read the definition of

92
"death" under section 46, which provides that the word 'death" denotes death of a human
being, unless the contrary appears from the context. It would bring absurd results if we argue
that the context in the present situation is talking about the "death of the computer" or the
"operating system". Similarly, it will be unreasonable, in fact unrealistic and imaginary, to
argue that for protecting one's computer from malware, every time recourse to public
authorities has to be taken. In fact, the main reason for providing the provisions concerning
private defense is that State cannot protect the life and property of the citizen at all times.
Thus, as a measure of the citizen at all times. Thus, as a measure of public policy and
practical convenience, the concept of sell-help has been given a moral, equitable and legal
sanction.

Even under the code there is an inherent and patent conflict between section 99 and section
103. Section 103 is subject to section 99, whereas section 99 itself is subject to section

99. It is talking about taking recourse of public authorities when the act "does not" reasonably
cause the apprehension of death or of grievous hurt. It means that if there is an immediate
threat of death or grievous hurt, then recourse to public authorities need not be taken. This is
logical and satisfies the tests of common sense, because a person cannot approach the public
authorities after his death, which may result due to immediate peril to the life. Similarly, no
useful purpose will be served by approaching the public authorities if grievous hurt has
already been afflicted. In fact if there is an apprehension of death or grievous hurt, the right to
private defence can be exercised even against a public servant who is though acting in good
faith under the colour of his office is not strictly justifiable- by law. It must be appreciated
that no malware can cause any physical injury or apprehension of the same, which may
necessitate recourse to public authorities within the meaning of section 99. Thus, it can safely
be concluded that recourse to self-help can be taken under section 103 of the Code without
approaching public authorities since it does not involve the real and active physical presence
of the human agency. This is also in conformity with the basic theme and object of the
concept of self-help and the practical requirements of law and its regulation of society.

The application of Section 99 is not, however, completely excluded while exercising the right
of private defense under Section 103. It must be noted that section 99 also recognises the
principle of proportionality among other things. This means that the proposed harm given by
the technological property holder must commensurate with the nature and gravity of the

93
threat. Thus, the harm, if at all it is considered to be so, caused must be reasonable,
proportionate and not unduly harsh. The moment it exceeds the limits, which may be deemed
to be appropriate by a reasonable person, it will offend the benign objects of section 99, and
may become illegal. Thus, to this extent, and in this sense only,

Section

103 is subject to section 90, This interpretation satisfies the conflicting interests of private
defence of information technology and the proportionate action required to be taken by the
person exercising the private defence. This is not the end of this matter. Sections 99 and 103
must be interpreted in the light of Section 105 to make them meaningful. Section 105 of the
Code provides that the right of private defence of property commences as soon as a
reasonable apprehension of danger to property commences. There is a possibility that a
particular malware may not give rise to such apprehension at all because of its programming
and operational specifications. In such a case, the owner of the information technology comes
to its knowledge when the damage has already been done. In such a situation no useful
purpose will be served by approaching the public authorities, as they cannot undo what has
already been done. To avoid such an eventuality, it is advisable to adopt precautionary
technological measures, since precaution is always better than the cumbersome and expensive
cure. As a concluding argument it may he pointed out that, by virtue of Section 40 of the
Code, the right of private defence is allowed against offences committed under the "special
laws as well. In India the Information Technology Act, 2000 (ITA) is a special law applicable
to matters pertaining to information technology. Thus, the provisions private defence will
also take their colour from it. In case there is a conflict between the provisions of the code
and the ITA, the latter will prevail. Fortunately, there is no conflict between the provisions of
the Code and ITA, hence the interpretation given to the sections, as mentioned above,
together with a purposive interpretation of the provisions of the ITA would be sufficient to
take care of the principles governing private defence of technological property, including the

Intellectual property rights stored in it.

94
 (B) Cyber Terrorism

The criminal, the outlawed has mastered technology. Mankind was yet to recover from the
terrorism pathogen, which has plagued humanity for decades, and yet its combination with
"Cyber" has made it doubly dangerous and alarming. The critical infrastructure or nations, the
communication systems globally, the banking network worldwide and the aviation and
intelligence systems are all easy targets and deprat obvious vulnerabilities.

Definition of cyber terrorism.

The dark clouds of stealth and incognition engulf cyber terrorism, which is the newest face
of terror,167 and it is said that a new breed of terrorism is on the rise. 168 The term implies two
elements cyber and terrorism. Both of these are regarded as the two great fears of the late
20th century. Both imply fear of the unknown. Fear of random, violent victimization segues
well with the distrust and outright fear of computer technology. 169 Terrorism has entrenched
humanity and going hand in hand with technology, it is spawning the deadliest threat to the
society. Cyber terrorism is a term esoteric, complex and difficult to circumscribe within the
four corners of a definition, which will be universally acceptable. While the word "cyber"
relates to cybernetics, which is our tool of trade, "terrorism" denotes an act of violence. The
ambiguity in th definition of the term cyber terrorism brings indistinctness in action as
Dorothy Denning points out, "An e-mail may be considered hacktivism by some and cyber
terrorism by others".170

167
V.K. Gera, "Cyberterrorism : The Newest Face of Terror" in Verinder Grover, Encyclopedia of
International Terrorism, Vol 2, 66.
168
Ch. Arthur & N. von Herberstein, "Cyberterror Attack Rocks America" Independent 5-3-98, 1,
<http://www.infosec.com/denial/denial_last 030498a.html> last accessed 7-20-2000.
169
Mark M. Pollitt, "Cyberterrorism : Fact or Fancy?" FBI Laboratory,
<http://www.cs.georgetown/edu/ denning/infosec/pollitt.html> last accessed 15-4-2005.
170
Dorothy Denning, "Activism, Hacktivism and Cyber Terrorism : The Intrnaet as a Tool for
Influencing Foreign Policy", <http://www.nautilis.org/info-policy/work
shop/papers/denning.html> accessed 6-7-2000.

95
In 1997, Barry Collin coined the term "cyber terrorism" and defined it as the convergence of
cybernetics and terrorism.171 The term has since entered popular parlance and is also defined
as "attacking sabotage prone targets by computer, which poses disastrous consequences for
our incredibly computer-dependent society".172 In the form of cyber terrorism the terrorist,
finds an easy, risk-free, low-cost option. Whatever may be the motive of the terrorist,
political or economic, a terrost is bound to create terror and the term "terrorism" conjures up
an image of blood, smoke, destruction and a sea of suffering humanity.

Perhaps the comprehensive and popular definition is given by the FBI, which defines cyber
terrorism

as

The premeditated, politically motivated attack against information, computer systems,

compute programs and data which result in violence against non-combatant targets by sub-
national groups and clandestine agents.173

Thus, cyber terrorism is the politically motivated use of computers by sub-national and
clandestine agents to pressurise an audience or to cause a government to alter its orders or
policies. The definition may be extended by noting that Department of Defense (DoD)
operations for information warfare174 also include physical attacks on computer facilities and
transmission lines. Although, computer attacks are different from cyber terrorism, yet if
certain computer attacks are destructive and disruptive enough to terrorise the victim, which
reflect "Severity of effects" and lead to death, injury, extended power outages, airplane
crashes, water contamination or major loss of confidence portions of the economy then it may
be termed as cyber terrorism.175

171
Barry C. Collin, "The Future of Cyber Terrorism". Proceedings of 11th Annual International
Symposium on Criminal Justice Issues.
172
Dave Petinari, "Cyber terrorism, information warfare and attacks being launched now and in
the future in the heartland of America", Police Futurist Internationals
<http://policefuturists.org/fall97/terror.html. last accessed 6-2-2000.
173
"Cyberterrorism : The New Kind of Terrorism", CCRC (8-4-2004).
174
Clay Wilson - Information Warfare and cyber war : Capabilities and Related policy issues : (CRS)
Report RL ( 14-3-2003)
175
Dorothy Denning, "Is Cyber War Next?" November 2001, Social Science Research
Council, <http://www.ssrc.org/setp11/essays/denning.htm> 17 Supra, n. 11.

96
The incognito nature of the operative of the terrorist act is the biggest challenge and greatest
advantage of the cyber terrorist. For a subversive attack, borders do not have to be crossed,
bombs do not have to be smuggled and placed, hostages do not have to be kidnapped and
captured, and terrorists do not have to surrender their lives. Plainly stated, tomorrow's
terrorist may be able to do more with a key board than with a bomb". 17 Cyber terrorism
mainly targets the national infrastructure of a country and cyber terrorists are interested in
controlling systems of nuclear reactors, large storages of strategic raw material like gas and
oil, systems of water supply, power distribution, traffic centres, communication secrets, etc.

TECHNIQUE

The Internet gives the terrorists exclusive opportunities. 176 Technically speaking, the cyber
terrorist is not yet so potent so as to terrorise a nation by merely resorting to the Internet. The
terrorist groups currently lack the capability to mount a meaningful operation. Cyber attacks
lack the horror and bloodshed, which are the ultimate motives of a terrorist. In the Conference
of Terrorism held in Paris in May 2000, the participants stated that terrorist organisations are
not likely to use technology to further their malevolent ends. 177 However, it is also reported
that most of the captured files of Al-Qaeda are either not encrypted or they are poorly
encrypted. Reports also say that Osama bin Laden has taken steps to improve organisational
secrecy and to make clever use of technology.178 Although, at a slower pace yet the terrorist
is embracing technology to simplify its nefarious designs and to maximise the damage of the
physical attack. Seized computers belonging to Al-Qaeda indicate that its members are now
becoming familiar with hacker tools that are freely available over the Internet. 179 Not only
this, while refurbishing their outfits, they are giving due importance to technology and the
computer literate youth has started joining the ranks of the terrorist and it is said that once a
new tactic is publicised, it is likely to motivate other rival groups to follow along the new
pathway.

176
Michael Whine, "Cyberspace : A New Medium for Communication, Command, and Control by
Extremists", <http://www.ict.org.il/>
177
David Tucker, "The Future of Armed Resistance Cyber Terror? Mass Destruction?"
September 2000, Report on Conference held at the university Pantheon-Assas, Paris, May 15
to 17, 2000, <http://www.nps.navy.mil/ctiw/files/substate conflict dynamics pdf>.
178
David Kaplan, "Playing Offense : The Inside Story of How US Terrorist Hunters are Going After
AlQaeda". 2-6-2003, US News and Word Report, 19-29.
179
Richard Clarke, "Vulnerability : What are Al-Qaeda's Capabilities?", April 2003, PBS Frontiline :
Cyberwar, <http://www.pbs.org>.

97
The terrorist first make a simulated test of the computer attack, which they have developed
so as to avoid detection of their preparation.

Member of Al-Qaeda and other terrorist groups are reported to use the Internet, encryption
software, and other up-to-date technology to link its members, plan attacks, raise funds and
spread propaganda.180 Evidence shows that, Mohamed Atta, the leader of the attacks carried
out on 11 September 2001 had made his air reservation ticket online and other members of
Al-Qaeda used Internet based telephone services to communicate with other cells overseas.
Khalid Sheikh Mohammed, the mastermind of the attacks against the World Trade Center,
reportedly used Internet chat software to communicate with at least two airline hijackers. 181
The international terrorist groups have already resorted to advanced technological methods to
commit terrorist acts. Ramzi Yousuf, the man sentenced to life imprisonment for helping to
bomb the World Trade Centre was reportedly trained as an electrical engineer, made plans to
use sophistricated electronics to detonate bombs on US airlines and also used sophisticated
encryption to protect his data and to prevent law enforcement agencies from reading his plans
in case he is captured.182 The Virtual world has offered a lush green inviting playground to
today's terrorist where it can organise any dirty game and at the same time remain
conspicuously absent from the scene of occurrence. Attacks in the physical world like
bombing critical infrastructure of a country, government computer bank, and telephone
equipments are traditional targets of the terrorists. But today, there is a convergence of the
physical and virtual worlds, and these two being disparate, activities of the terrorist do also
differ in nature. Today's terrorist remaining hidden and unnoticed can do a lot, he can
increase the amount of iron supplement in cereals, thereby killing hundreds of infants and
children of a nation, 183
altering a medicine prescription in a hospital, thereby causing
innumerable to

perish, change pressure in gas lines, take command of the floodgates in a dam, handle
184

3,00,000 volts of electric power thereby causing destruction of property185 and the like.

180
Cyberterrorism, <http://www.terrokrismanswers.com/terrorism> last accessed 9-3-2005.
181
Robert Windrem, "9/11 Detainee : Attack Scaled Back",
<http://www.msnbc.com/news/969759.asp> last accessed 21-09-2003.
182
Robert Windrem, "9/11 Detainee : Attack Scaled Back",
<http://www.msnbc.com/news/969759.asp> last accesed 21-9-2003.
183
Barry C. Collin, "The Future of Cyber Terrorism", Institue for Security and Intelligence,
<Afgen.com/terrosisml.html> last accessed 16-4-2005.
184
Ibid

98
Not only on the land, a cyber terrorist without taking the risk of flying can take control of the
air traffic system or alter the system to such a fashion that airplanes fly into each other
resulting in mass causalities. However, this scene requires that the entire human element in
control of the aircraft be ignored. Thus, the cyber terrorist gets a risk-free, low-cost option to
cause the greatest of havocs and catastrophes.

Barton Gellman, "Cyber Attacks by Al-Qaeda Feared : Exprets, Terrosts at Threashold of

185

Using Web as Deadly Tool.

99
 Counteraction to cyber terrorism
As cyber terrorism is a combination of an urge to cause terror mixed with technological
advancements, no single measure can successfully combat it. Thus, only a multi-thronged
counteraction will bring effective results.

The myriad responses to the menace at the international level are enumerated in the following
headings.

Legal Response

Main players in cyber terrorism are organised criminal groups, criminal societies and national
and transnational criminal organisations. 186
Thus, in cyber legislations of almost all the
countries, recognition is given to the criminal liability of the cyber terrorist. After 11
September 2001 holocaust, legislations are fixing liability for funding terrorist acts and if
found guilty, to block funds and seize assets of such persons.

Unfortunately, there has not been an exclusive legislation to combat Cyber terrorism by any
country but the criminal liability of cyber terrorist, holding him responsible for hacking, DoS,
which are used by the terrorist for their destructive ends is the present and plausible approach
by all the countries.

Indian approach

Like most of the countries. India too responded to the misuse of information technology and
Internet vandalism by passing its lone cyber

Act, the IT Act, 2000. However, it also made consequential amendments in some traditional
laws 187 so as to update them. But this Act addressed some of the cybercrimes and

186
V. Golubev, "Organisational Legal Aspects of Counteraction to Computer Terrorism,"
Entrepreneurship, State, State and Law, Kyiv, 2004 Scientific Practical Magazing, 121-124.
187
The amendments were made in the Evidence Act. 1872; the Penal Code, 1860; the Bankers Books
Evidence Act 1891, and the Reserve Bank of India Act 1934.

100
vandalisation of data while the word "cyber terrorism" did not occur in the Act until 2008
when the amendment made important introductions relating to the subject of cyber terrorism.

The IT (Amendment) Act, 2008 (10 of 2009) not only defines the term cyber terrorism but it
has many sections in pari materia. It is the amalgamation of several sections in the amended
Act which, taken together make a meaningful and effective law provision to address this
dreaded peril.

International Response
There is an international consensus that a hacker should not be allowed to get away only
because of legal inadequacies.188 Cyber terrorism, being a global meance, it is impossible to
combat it without international harmonisation of laws on the subject and a concerted effort by
the international society. As terrorism is being fought through regional and international
cooperation, so also cyber terrorism can be thwarted only when nations come together and
make a positive move.

Governmental Response

US, having the densest connectivity and convergence, is the easiest target of cyber terrorism.
Thus, the governmental response in this country is strongest compared to the other countries.

After II September 2001, the US government reacted towards it in the most effective manner
so as to construct a more resilient society of Americans which will strengthen them to fight
terrorism of any sort. However, much before that, the government also announced plans to
safeguard the critical infrastructure or Supervisory Control and Data Acquisition (SCADA)
when they are connected to the

Internet to monitor certain industrial processess and also national security of America.189

188
David R. Johnson, "Due Process and Cyber Jurisdiction", Cyber Law Institue,
<http://www.ascur.org/jeme/vol2/issues1/due.html>.
189
S. Venkmatesh, "Control of Cyber Terrorism" in Cyber Terrorism. (Authorspress, New Delhi
2003) 277.

101
 CHAPTER-V

CONCLUSION AND SUGGESTIONS

Commenting on the information technology revolution which has transformed the world
into a global community, Waleter B Wriston observed, "technology has made us a 'global
community' in the literal sense of the term. Mankind now has a completely integrated
information marketplace capable of moving ideas to any place on this planet in minutes.
Information and ideas will go where they are wanted and stay where they are well treated. It
will flee from manipulation or onerous regulation of its value or use, and no government
can restrain it for long"190.

As someone rightly said that "bytes are replacing bullets in the crime world". The
growth of cyber crime in India, as all over the world, is on the rise and to curb its scope and
complexity is the pertinent need today. Cyber space offers a plethora of opportunities for
cyber criminals either to cause harm to innocent people, or to make a fast buck at the expense
of unsuspecting citizens. The case studies indicate that all walks of life are getting exposed to
cyber crime. Several people have come forward and reported such crimes, which have met
with an assuring and prompt response from the law enforcement authorities from the different
cities of the country. The practice of any craft builds expertise and excellence over a period of
time, and the nascent field of cyber crime investigation is no exception. It is clear that in
India, this building of a community practice has started happening and the cyber sleuths are
learning new tools and honing them with initiative and experience. The aim of instituting the
annual India Cyber Cop Award was to help this process. This compilation is an attempt to
help that process in cataloguing, chronicling and documenting cyber crime as it gets reported
and investigated.

Internet in the present millennium has become all pervasive and omnipresent. It has
also brought with it new problems hitherto unknown to humanity. Internet in a sense is
analogous to the "high seas" which no one owns yet people of all the nationalities use it. The
term 'cybercrime' encompasses within it a variety of criminal activities taking place in the
cyberspace through the media of global communication and information via internet. It is an
inevitable evil having its origin in the growing dependence of mankind on computers in
modern life, the reason being that the computers despite being high technology devices are

190
Walter B Wriston : The Twilight of Sovereignty : How the Information Technology Revolution is
Transforming Our World (2003) p.31.

102
extremely vulnerable. Thus, whenever any crime or criminal activity takes place with the use
of computer, it constitutes a cybercrime. It is for this reason that 'cybercrime' has been
defined as "an unlawful act wherein the computer is either a tool or a target or both".191

The foregoing analysis clearly indicates that cybercrimes are such harmful activities in
the cyberspace which may cause damage to a person, property or even the State or society as
a whole. There are many cybercrimes which are being committed by offenders all over the
world using computer technology. Being radically different from the conventional crimes, the
law enforcement agencies find it difficult to tackle cybercrimes with the existing
infrastructural mechanism because of lack of adequate knowledge about the computer
operating systems. This is the main reason why this relatively new variety of crime is posing
a challenge to the legal regime. The problem has been further aggrevated by the introduction
of internet.
However, as a measure to prevent and control internet crimes, the Parliament enacted the
Information Technology Act, 2000 which came into force on October 17, 2000. The Act
categorically defines offences relating to cyberspace such as tempering with computer source
document, hacking with computer system, breach of confidentiality and privacy etc. It is not
that prior to this legislation there was no law to deal with these offences. The Indian Penal
Code, 1860 already contained provisions to prevent and control cybercrimes but they were
not found to be sufficient enough to tackle all varieties of cyberspace crimes.

It hardly needs to be stated that science and technology has extended its tentacles cutting
across the national frontiers whereas the law is still struggling to define and redefine the
boundaries for the control of cybercrimes. Following a similar course, the cyber law
particularly, the Information Technology Act is engaged in prevention and control of
cybercrimes within the country's territorial jurisdiction overlooking the fact that cyber
criminality is a global phenomenon which has no territorial limits.

Cybercrime being global in character, generally affects the person far away from the place of
offence, may it be in the same country or some other country. It therefore, requires policing at
international level as also the active cooperation of the international community. The
European Convention on Cybercrime192 was indeed a praiseworthy attempt as it laid down
guidelines to be followed by the member States in combating cybercrime. The Convention
suggested measures to be initiated by the states for restructuring their cyber laws to meet the

191
Supra Chapter 1.
192
Effective From June, 2001

103
new challenges. The Convention not only dealt with the changes and improvements in the
substantive part of criminal law but also referred to the procedural aspect which must be
taken into consideration while restructuring the existing law to meet the current needs of
developing technology. It has been generally accepted that procedural aspect of criminal law
is the main hurdle in tackling the problem of cybercrime effectively but at the same time, the
substantive part of cybercrime also needs to be redefined to fight against ongoing cyber
criminality. Out of a variety of cybercrimes, the European Convention has chosen ten specific
cybercrimes193 and urged the member States to include them in their information technology
laws and provide a concrete mechanism to fight against them. But it is rather unfortunate that
many cybercrimes of a particular country are not treated as crime under the criminal law of
other countries, which really poses a problem when cross country cybercrimes are involved.
The solution to this problem lies in enacting a global cyber law uniformly applicable to all the
countries of the world. The crux of the matter is that universally accepted standard
cybercrime preventive laws should not vary from place to place. In other words, uniformity
be ensured with reference to substantive cyber laws of various nations.

The countries which have updated their cyber law to suit the needs of developing computer
technology are notably, United States, Canada, Australia, Japan, India, Germany and other
European countries. Though United States was the first country to adopt a comprehensive law
on cybercrime but it was found to be insufficient to cope with all incidents of cyberspace
crime and therefore, new legislation had to be introduced to cater the requirements of the
rapidly developing information technology and the resulting new criminal activities.

Japan amended its Penal Code to include many criminal acts which constitute cybercrime.
Besides, there is a separate law on computer related crimes. So far India is concerned, it has
introduced a comprehensive information technology law by amending the Principal
Information Technology Act, 2000 by the I.T. (Amendment) Act, 2008 w.e.f 5th February,
2009. The amending Act has inserted as many as 15 new cyberspace offences which are
punishable under the I.T. Act. That apart, many of the provisions of the Indian Penal Code
have been amended to include within it certain criminal acts relating to cyberspace and
electronic media.

193
Section 1, Chapter II of the European Convention document which contains Articles 2 to 13
defining ten cybercrimes under five separate titles

104
 Broadly speaking, the law enforcement agencies all over the world are confronted with
four major problems while dealing with cybercrimes in a network environment. The detention
and prosecution of cyber criminals online is hindered by the challenges, which may be
technical, legal, operational and jurisdictional.

As regards technical challenges, cybercrimes such as hacking of a website, stealing

data stored in computers, espionage, exchange of pornographic material, blackmailing etc.
involve detection of source of communication which is a complicated task. Therefore, the
cyber criminals find it easy to impersonate on the internet and hide their identity.

The legal challenge emerges from the fact that cyber criminality is no longer confined
to the developed countries alone but it has assumed global dimensions in recent decades. The
conventional legal techniques of investigation of cybercrimes are inadequate particularly, in
case of crosscountry crimes. The problem becomes more complex because of lack of any
universally accepted definition of cybercrime. Therefore, a cybercrime in a country may not
necessary be a crime in another country. There are hardly twenty countries in the world which
have enacted comprehensive cyber laws. In the absence of an adequate cybercrime laws, the
cyber criminals carry on their illegal activities undeterred. Therefore, effective handling of
cybercrimes requires a legal framework which is equally applicable to all the countries. The
cyber laws should also be responsive to the fast developing information technology. The
internet has enabled the cyber offenders to target maximum number of people at a minimal
cost merely at the click of a button. Therefore, cyber security assumes utmost importance.

The operational challenges faced by the law enforcement agencies because of lack of
adequate cyber forensic technology for dealing with cybercrimes constitute another in-road
which renders it difficult to collect and preserve sufficient evidence against the person
accused of cybercrime, thereby resulting in his/her acquittal by the court. The traditional
modes of procuring evidence are unsuited in case of cybercrime investigation because most of
the evidence exists in electronic form. Therefore, there is dire need to develop suitable
computer forensic mechanism for effective handling by cybercrime investigation.

In the context of e-mail bombing by the Internet Black Tigers against the Sri Lankan
embassies was perhaps the closest thing to cyber terrorism that has excursed so for.

Most studies to date have shown that critical information infrastructures of potentially
vulnerable to a cyber terrorist attack. The increasing complexity of information systems
creates new vulnerabilities and challenges for It management. Even if the technology is armor

105
plated, insiders acting alone or in concert with other terrorists maybe able to exploit their
access capabilities to work considerable harm.194

Computer and information security, data protection, and privacy are all growing
problems. No single technology or product will eliminate threats and risk. I do not believe
we have even begun to thing of the social and economics implications of a considerable cyber
terrorism attack against our infrastructure. Securing our computers, information, and
communications networks secure our economy and our country. A global strategy and policy
for combating this type of terrorism is need now.

SUGGESTIONS
In view of the expanding dimensions of computer-related crimes, there is need for
adopting appropriate regulatory legal measures and gearing up the law enforcement
mechanism to tackle the problem of cybercrime with stern hands. Even a short delay in
investigation may allow cyber criminals enough time to delete or erase the important data to
evade detection, which may cause huge loss to the internet user or the victim. That apart, the
peculiar nature of cybercrimes is such that the offender and the victim(s) do not come face to
face, which facilitates the criminals to carry on their criminal activities with sufficient
sophistication without the fear of being apprehended or prosecuted. It is for this reason that a
multi-pronged approach and concerted efforts of all the law enforcement functionaries is
much more needed for effective handling of cybercrime cases. A common cybercrime
regulatory law universally acceptable to all the countries would perhaps provide a viable
solution to prevent and control cyber criminality.

The process of crime prevention essentially requires co-operation and active support of
citizens, institutions, industries and the Government alike. Therefore, a sound strategy for
prevention of cybercrimes necessitates mobilisation of community participation in cambating
this menace. This calls for participative role of all those who perceive that the growing
incidence of cybercrime is a potential danger to society as a whole. It also calls for self
protection initiatives by the people who are vulnerable to cybercrimes. They must have
adequate knowledge and awareness about the nature and gravity of these crimes and the
dangers fraught by them. Obviously, media has an important role to play in warning people

194
Cyber Terrorism, By Kevin coleman, Technolytics, october 10, 2003.
http://www.symante.com/avcerter/reference/cyberterrorism.pdf.

106
against the possible dangers and evil effects of cybercrimes on victim(s) as also the nation
and the safety measures which are necessary to combat this hi-tech criminality.

Regulatory control through effective laws is yet another measure of cyber crime
prevention. It is possible to exercise control over these crimes by effective implementation of
law by enforcement agencies. The legal preventive measures may help in reducing the
incidence of cybercrimes provided they get community's active support in exposing the
criminals. Some other suggestions to prevent and reduce the incidence of cybercrimes at
domestic level are as follows :—

1. Net security be tightened up :

Computer technology has proved to be a boon to the commercial world. Perhaps, it is the area
which has been most benefited by the advent of computers. Most of the commercial,
industrial and business transactions are carried on through internet services at the national as
well as the international level. The increasing use of computers in the field of trade and
commerce has at the same time opened new vistas for the perpetration of cybercrimes by the
offenders for their personal monetary gain. With the liberalisation and globalisation of
economy, the business houses now believe that there is a huge and profitable market for
commercially exploiting the networks. With the increased dependence on computer in
commercial field, most of the money transactions are being carried out with the help of
computer network making it possible for the cyber criminals to illegally intercept and commit
financial frauds. It is therefore, necessary that an adequate security mechanism be developed
for safeguarding e-commerce and e-banking against possible online frauds, forgeries, or
misappropriation of money etc.

As regards the legality of financial transaction on the internet, the

Securities Exchange Board of India (SEBI) vide its notification dated January 25, 2000, has
provided that trading of securities on internet will be valid in India but there is no provision to
this effect in the Information Technology Act which provides legal validity and prevent
security frauds and stock manipulations over the internet. A specific provision for protection
of confidentiality in the net-trading, therefore, needs to be incorporated in the I.T. Act.

107
2. Use of encryption technology :

It should be mandatory for all government, semi-government and non government

commercial organisations which have resorted to massive computerisation for the
transmission of information and commercial transactions, to appoint well trained Information
Security

Officers who should be responsible for overall protection of computer resources and they
should also be made accountable for any lapse in computer security.

The use of encryption technology may also help to protect data and communications from
unlawful and unauthorised access, disclosure or alteration. It also helps to prevent crime by
protecting valuable secret information over inter-connected computer and networks. The law
enforcement agencies should therefore, develop and support the use of strong and recoverable
encryption services for protecting personal and business data from being misused or stolen by
miscreants.

Similar to encryption, there is one more technique known as 'steganography', which is used as
a safeguard against network invasion. It is a technique of obscuring information in a manner
so as to prevent its detection. It involves writing that is not readily discernible to the casual
observer, just as in ancient times, the practice of writing secret messages in invisible ink
using milk; fruit-juice or urine which darkens when heated was prevalent to transmit
messages.

Firewall device is yet another tool which may be extensively used to provide an alert against
attempted intrusions in database. It is a software program which monitors data flowing
between one computer to another on the network. Firewall device can be used to control the
amount of data flowing over one's computer network.

3. Intrusion Management:

A new preventive strategy called the 'intrusion management' may be used for testing,
detection and investigation of cybercrime. It is a process which primarily aims at preventing
intrusions in the computer system thus providing effective e-security control mechanism. The
computer users and e-commerce organizations should ensure that functional areas of

108
vulnerability of the computer system are kept properly controlled so that (i) identification and
authenticity, (ii) access, (iii) accountability, (iv) accuracy, and (v) reliability of data is
absolutely safeguarded.

It has been observed that most cybercrime investigations end up with the conclusion
that victim's computer system has been damaged due to cybercrime attack but the source of
attack could not be traced or located. Therefore, one of the most important aspect of intrusion
management is to plug the security loopholes so as to render the computer system absolutely
safe and secured. The protective measures contemplated under the intrusion management
system include protection against viruses by adopting antivirus strategies, use of firewalls,
authentication and encryption technology.

4. False e-mail identity registration be treated as an offence :

Cyber criminals often furnish fictitious information while registering themselves for an e-mail
address with a website because the email service providers refuse to provide two ID's to the
same person. This false and misleading information on the internet helps the criminal to
suppress his real identity and mislead the investigating authorities in reaching the real culprit.
There being no provision in the Information Technology Act to prevent registration of a
person for an e-mail address with a website by providing false information, a person can
establish false e-mail identity with a fictitious IP address and misuse the same for perpetration
of a cybercrime.

This lacunae in the Act has been taken care of by inserting a new Section 66A in the principal
Act by the I.T. (Amendment) Act, 2008 (10 of 2009), which provides that any false e-
mail identity registration with a website will be an offence punishable upto two years of
imprisonment. It is certainly a step forward towards the prevention and control of
cybercrimes.

5. Self-regulation by computer and net users :

Self-regulation may be suggested as one of the practicable solution to reduce the

incidence of cybercrime. It is a process of developing a healthy code of conduct by adopting a
policy of restraint by both, the computer users as well as the service providers. Internet
Service Providers (ISP) can play a crucial role in eliminating online crimes by taking some

109
self-regulatory initiatives. To start with, ISPs can collectively set out a ethical code of
conduct to be followed by them while extending internet services/facilities to the users.
Likewise, they can lay down the conditions through a written agreement binding the users to
refrain from indulging in illegal activities. Besides, they may also specify in the contract that
breach of these conditions would lead to termination of the internet services.

6. Liberalisation of law relating to search and seizure :

Government's regulatory mechanism to control widespread cyber criminality needs to

be further intensified. Most importantly, the existing legal regimes should enable the law
enforcement agencies to accomplish their tasks fearlessly without any external pressure. The
law-enforcement agencies should be empowered to seek such details from the Service
Providers as may be necessary for the investigation of internet crime without, however,
violating any of the fundamental or privacy rights of the parties. The law relating to search,
seizure and arrest as applicable to cyberoffences needs to be liberalised so as to enable the
police or the investigating agencies to apprehend the cyber offenders and initiate criminal
proceedings against them.

The tele-communicatioin department should also review its policy towards ISPs and
impose selective restrictions on them while extending internet services by classifying them on
the basis of age, profession or standing as Internet Service Provider.

7. Use of voice-recogniser, filter software and collar-ID for

Protection against unauthorised access :

Technology indeed is itself a powerful tool which has generated cybercrime. Therefore, as a
first step to prevent its misuse, the places where computer is popularly used as a means for
carrying out routine life activities, should be equipped with some safety and security devices
to protect against unauthorised usage of computer systems. For example, the modern voice
recognition system which relies on voice pattern for activation may effectively be used. So
also, anomaly detection software, which identifies unusual pattern of computer use helps the
users or organisations to respond and frustrate the attacker. Similarly, filter software have
afforded protection against known threats.

110
8. Development of cyber forensics and Biometric Techniques:

In order to provide substantial technical assistance to the investigating agency in

identification, location, preservation and extraction of digital information from a computer
system so as to produce it in the form of evidence of cybercrime before the court of law, the
cyber forensic techniques need to be developed. The cyber forensics technique consists of
three components, namely, computer forensics, cyber forensics and software forensics.
Obviously, the three are inter-related to constitute a compact cybercrime detection
mechanism. Computer forensics deal with collection of evidence from computer media
seized at the scene of crime by extracting hidden or deleted information from the computer
disk.

Cyber forensics also called as 'network forensics', relate to digital evidence that is
distributed across the large computer network. The main object of cyber forensics is to
discover the evidence and access the intent and identity of the cyber criminal as also to
determine the impact of crime on the victim(s). The software forensics mainly deal with
author of the malicious code and provide substantial clues to identify the perpetrator of
cybercrime.

Like the computer forensics, the use of biometric techniques can also be of great help
in identifying the real perpetrator of cybercrime. Biometrics involve electronic analysis of
attributes arising from a person's physical characteristics that are unique to that person. For
example, the codes derived from electronic analysis of fingerprints, footprints, retinal scans,
body odor etc. can provide important clues to identify the person accused of cybercrime,
though it needs to be corroborated by other material evidence.

9. Need to establish a Computer Crime R&D Centre :

Perhaps the most effective method of preventing cyber crime is to create awareness
among the computer users abut the possible dangers emanating from misuse of information
technology for criminal activities. It is all the more necessary because every user of network
is a potential victim and his ignorance about the information security and safeguards,
multiplies the chances of his vulnerability to cybercrime. Therefore, generating awareness
among the owners and users of computers through proper education may substantially help in
reducing the threats as well as the damages caused by these crimes. Generally, the internet
users remain unaware of the fact that while they are online, they may fall a victim to

111
cybercrime or may themselves unknowingly involve in an activity which constitutes an
offence though did they did not intend to commit it. This is more true particularly, in case of
adolescents who, for the sake of entertainment or fun, switch over to pornographic website
and sometimes themselves become a victim of such crime. This possibility can be eliminated
by apprising the internet users about the dangers and consequences of the unlawful acts which
they may inadvertently or ignorantly commit on the net.

10. Need for a Universal Legal Regulatory Mechanism :

Law and criminal justice delivery system have not kept pace with the technological
advancements made around the world during the preceding years, which has provided ample
scope for the abuse of internet. The conventional old laws pertaining to protection of property
are no longer valid for protecting the unauthorised manipulation of information through
computer networks. Therefore, there is need for restructuring of the substantive as well as the
procedural law relating to computer generated crimes so that offenders may be brought to
justice. At present, the definition of cybercrime varies from country to country depending on
the incidence of such crimes and the State's sensitivity to them. In the absence of any
universally accepted definition of cybercrime, investigation of cross-border crime cases is
carried on according to the procedural law of the place where the cybercrime is committed.

The problems arising due to divergence of laws and procedure of different nations may be
eliminated to a considerable extent if at least major cybercrimes are uniformly recognised
and incorporated by all the countries in their penal laws. This would ensure uniformity as
regards identification of various actions as cybercrime. Since these crimes have wide ranging
ramifications, the penalties imposable on cyber offenders should be stringent and even
exemplary so that they may desist from indulging in cyberspace criminality.

The question of a nation's jurisdiction in case of a cybercrime committed outside the

country but having disastrous effect on that country itself, still remains unresolved as there is
no general consciousness of different nations on this vital issue. The jurisdictional uncertainty
regarding crimes committed in cyberspace has made committing of such crime easier but
punishing the perpetrator thereof more difficult. Therefore, the need of the hour is drafting of
a uniform global cyber law with the co-operation of all the countries of the world.

112
 Jurisdictional uncertainty as regards the investigation and trial of cybercrime is
perhaps the most ticklish problem which the law enforcement agencies all over the world are
facing. Cyber criminals may cause irreparable damage to victim(s) from a distant place
without the risk of being spotted out or identified. This enables them to commit crimes
beyond national borders without being physically present at the scene of crime.

11. Global Code of Digital Law for resolving IPR related

Disputes :

It has been generally accepted that intellectual property is going to be the real estate of the
Third Millennium. 9
The information technology revolution during the closing years of
twentieth century has opened scope for new variety of disputes in IPR regime, both at
national and international level. The resolution of these disputes needs a global Code of
Digital Law to be developed which should have universal acceptance all over the world. This
is all the more necessary in view of the expanding dimensions of IPR transactions having
multi-national ramifications.

12. Need for Universalisation of cyber law :

It has been generally observed that the perpetrators of cyber crime usually exploit the
weaknesses inherent in the computer which is being used or attacked. Therefore, some special
security measures may be adopted to prevent unauthorised use of the computer systems. It is
often alleged that the domestic laws controlling computer security are mostly directed to
safeguard national safety, security and integrity rather than providing adequate protection to
computer users, whether they are individuals or corporate entities. Therefore, the criminal
laws of various countries including cyber law should be universalised so as to extend
adequate protection to citizens, institutions, organisations, government and nongovernment
agencies and society as a whole against the menace of cyber crime.

13. The menace of cyber terrorism :

Perhaps, the greatest threat posed by computer system and internet is that of cyber terrorism.
It has changed the traditional concept of terrorism as the development of information
technology has enabled terrorists to acquire more sophisticated and destructive technology

113
and weapons to attack their targets. 195
The damage caused by the cyber terrorists is so
catastrophic and irreparable that it completely shatters the National security and adversely
affects the nation's economy. Presently, cyber terrorism has assumed international dimensions
therefore, there is need to tackle this problem by developing e-security technology and
adopting stringent penal policy both at the national as well as international level.

It may be suggested that India should make use of SAARC11 forum to evolve consensus
among the member countries about the need for concerted efforts to curb cyber criminality
particularly cyber terrorism through regional co-operation. Efforts should also be made to
acquire advance cyber technology from the developed countries adopting a mutual

Code of Cyber Legislation.

15. Special Cyber Crime Investigation Cell for Hi-tech crimes:

In keeping with the demand of time, the setting up of a Cybercrime
Investigation Cell under the Central Bureau of Investigation (CBI) was notified in September,
1999 which actually started functioning with effect from March 31, 2000. The cell is headed
by a Superintendent of Police and has jurisdiction all over India. It has the power to
investigate the offences specified in Chapter XI of the Information Technology Act, 2000 and
is also empowered to probe into other hi-tech crimes. There are presently six cybercrime
investigation cells functioning in India with headquarters in Delhi, Mumbai, Chennai,
Bangalore, Hyderabad and Kolkata.

Police Station on August 30, 2001, which has jurisdiction all over the State. Subsequently,
Cyber Police Cells were also set up in the metropolitan cities for handling cybercrimes. These
cells are manned by specially qualified and trained police officials assisted by computer
experts as and when required for the investigation of cyber crimes. But most States have no
special police cyber cells and the cybercrimes are being handled by the general police. It is
therefore, suggested that it should be mandatory for each State to set up atleast one Special
Cyber Crime Police Station well equipped with electronic technology and computer trained
staff where complaints relating to cybercrime could be launched online so that hi-tech
cybercrimes could be investigated efficiently and expeditiously. The police official working

195
Terrorist attack on U.S. World Trade Center (WTC) on 11 September, 2001 and on Indian
Parliament on 13 December, 2001; Taj and Oberai Hotel, Mumbai on 26 November, 2008 etc. are
the glaring examples of blatant misuse of computer technology for heinous cybercrimes. 11 South
Asian Association for Regional Co-oporation.

114
in these special cells should be empowered to conduct search of publicly accessible data or
data in private systems, computer equipment’s, disk etc. with the prior permission by the
concerned magistrate.

16. e-Judiciary and Video-conferencing for speedy justice :

In order to evolve right standards and practices in the emerging area of cyberspace
crime adjudication, the three phased e-judiciary framework as proposed under the National
Policy on Information and Communication Technology (NICT) must be completed within the
prescribed time limit latest by the year ending 2010, so as to ensure speedy disposal
cybercrime cases. The national e-Court project started in July, 2007 for the creation of e-
judiciary and e-governance grid covering India's entire judicial system would certainly ensure
transparency, speed and fairness in the adjudication of cybercrime cases. It would reduce
work-load of the courts and ensure speedy disposal of cases as also eliminate problems
associated with paperbased records such as their collection, maintenance, retention etc. It is
much easier to retain and retrieve electronic record.

The courts in India, have already adopted the system of videoconferencing for
recording evidence of witnesses or undertrial prisoners etc. at the district level, which has
reduced the security risk of the prisoners escaping during transportation and has helped in
saving the valuable time of the courts. Further expansion of the video-conferencing in
subordinate courts needs to be accelerated.

17. Need For Cyber Crime Reporter or Cyber Law Journal:

So far computer crime statistics are concerned, they do not reflect the true picture of
incidence of cybercrimes. The reason being that operational speed and capacity of computer
software makes it very difficult to detect cybercrime. That apart, many victims of computer
crime desist from reporting the crime because they apprehend unnecessary harassment and
waste of time, energy and money in litigation which may drag on for years. The trading
community and businessmen are particularly reluctant to report having fallen a victim to
cybercrime due to the fear of adverse publicity, like loss of goodwill, embarrassment or
harmful repercussions.

The lack of necessary technological expertise to deal with cybercrime on the part of
law enforcement agencies is also a contributing factor for nonreporting of cybercrime cases

115
by the victim(s). The intangible nature of cybercrime and anonymity of the perpetrator of the
crime further complicates the issue of cybercrime reporting. In short, it may be concluded that
reporting of cybercrime cases is, by and large, scanty and whatever cases are reported, they
are mostly either dropped for want of sufficient evidence or withdrawn or compromised by
the parties-before they are finally disposed of by the court. However, in view of the
consistently rising graph of the incidence of cybercrimes and more and more cases coming
before the courts for adjudication, it would be worthwhile to start publication of a Cyber-
Crime Reporter' or 'Cyber Law Journal' for the benefit of the members of the Bar Bench,
police and enforcement agencies and all others who are concerned with the detection,
investigation and prosecution of cybercrime and criminals.

18. I.T. (Amendment) Act, 2008-A step in the right direction :

With the march of time and advance of technology the problem of cybercrime is touching
alarming dimensions and therefore, calls for concerted action to evolve a universal regulatory
mechanism for the prevention and control of these crimes. In the Indian setting, there is need
to inculcate information consciousness among the Indian citizens. Though the

Information Technology Act, 2000 as amended in 2008, has reasonably succeeded in

providing relief to computer owners/users by extending the reach of law to almost all the
online criminal activities and increasing awareness among the people, but it is not a foolproof
law as yet since it was primarily enacted for the promotion of e-commerce to meet the needs
of globalisation and liberalisation of economy. The Act still suffers from certain lacunae as it
does not provide adequate security against webtransactions nor does it contain adequate
provisions to prevent securities fraud, stock confidentiality in the internet trading although the
Securities Exchange Board of India (SEBI) has notified that trading of securities on internet is
legally recognised and valid.

The comprehensive legislation brought out in the form of Information Technology

(Amendment) Act, 2008 will certainly enable cracking down on crimes against information
technology and cyber frauds which are often committed by the business processing
outsourcing

(BPO) agencies operating in the country. It will also help in preventing data theft by call
center employees. The amendment Act has provided a legal framework for crimes like video-
voyeurism, e-commerce frauds, fraudulent impersonation called 'phishing', identity theft etc.

116
19. Digital Time Stamping System (DTS):

The Information Technology Act, 2000, allows transactions signed electronically to be

recognised and made enforceable by law but there is no mechanism or device to know as to
when and exactly at what time the particular electronic document was prepared and signed
electronically. The non-availability of any reliable evidence to establish the exact date and
time when the disputed electronic document was made and signed leaves enough margin for
uncertainty resulting in weakening of the prosecution case in such cybercrimes. This problem
can be overcome by introducing a electronic device called 'Digital Time Stamping System'

(DTS) in electronic transactions. It consists of an apparatus called 'Tamperproof Box', in

which a highly secured time-stamping server is used to create digital time stamps (DTS). The
system has been successfully working in the United States for the last so many years.

117
 Select Bibliography

1. Kamal Ahmad : The Law of Cyber-Space (U. N. Institute of Training & Research)
2006.
2. Dr. Amita Verma : Cyber Crimes and Law (Central
Law Publications) 2009.
3. S. K. Bansal : Cyber Crimes (A. P. H. Publishing Corporation, Delhi) 2003.
4. Dr. R. K. Chaubey : An Introduction to Cyber Crime & Cyber Law (Kamal Law
House Kolkata) 2008.
5. Dr. Farooq Ahmad : Cyber Law in India : Law on Internet, 2nd Edition (Pioneer Book
Publication, Delhi) 2005.
6. Nandan Kamath : Law Relating to Computers Internet & Commerce, 2nd Edition
(Universal Law Publications Co. Delhi) 2000.
7. Rahul Mathan : Law Relating to Computers and Internet (Butterworth, New Delhi)
2000.
8. R. C. Mishra : Cyber-Crime : Impacts in the New Millennium : Ist Ed. (Author's Press,
Delhi) 2002.
9. R. Nagpal : What is Cyber Crime ; (2003)
10.B. B. Nanda and R. K. Tiwari : Farensic Science in India : A vision for 21st Century
(Select Publishers Delhi) 2001.
11. Ashish Pandey : Cyber-Crime - Deviation and Prevention (J.B.A. Publications) 2008.
12. Dr. N. V. Paranjape : Criminology & Penology : 14th Ed. (Central Law Agency,
Allahabad) 2008.
13. Ratanlal and Dhirajlal : The Indian Penal Code ; 28th Ed.
(Wadhawa and Co. Nagpur) 2002.

(vii)

14.R. K. Sharma : Managing Information Knowledge & Power in Cyber Age (Bookwell
Pub. Delhi) 2004.
15. Vakul Sharma : Handbook of Cyber Law (Macmillan) 2002.

118
16. Vakul Sharma : Information Technology : Law & Practice (Universal Pub. Co. Delhi)
2007.
17.R. K. Suri and T. N. Chhabra : Cyber Crime (Pentagon Press, New Delhi) Ist Ed.
2001, reprint 2003.
18.Yatindra Singh (Justice) : Cyber Laws 3rd Ed. (Universal Law Publishing Pvt. Ltd.)
2007.
19.D. P. Mittal, Law of Information Technology (Cyber Law) IInd Ed. (Taxman Allied
Services Pvt. Ltd.) 2000.
20. Nishant P. Trilokekor, A Practical Guide to the information Technology Act. Ist Ed.
(Snowwhite Pub. Pvt. Ltd.) 2000.
21. Pavan Duggal (Advocate) : Cyber Law-The Indian Perspective 2nd Edition.
22. Mani's A Practical approach to cyber laws (Kamal Publishers) 2008.
23. Dr. Vishwanath Paranjape – Legal Dimensions of cyber crimes and Preventive laws,
Central Law Agency – 2010.
24. Cyber Crimes by G. Ram Kumar 2006.
25. The Times of India.
26. The Nav Bharat Times 27. Internet.

(viii)

119