Professional Documents
Culture Documents
LLB 6 Cyber Laws
LLB 6 Cyber Laws
MODULE-I:
Introduction
a) Need and role of law in cyber space.
Over the past decades, the Internet has become an indispensable element
of our social, professional, and economic lives. Some would even argue
that it should be labelled a critical infrastructure (cf. Latham 2003). The
Internet has brought a significant segment of the world’s population
more and better possibilities to connect. It has led to an increase in
efficiency in accessing and sharing information. And it has been a boost
for global trade, facilitating a new online economy and digitising
traditional economies. At the same time, it has become increasingly
clear that the Internet can also be used to create harms of many kinds,
ranging from cybercrimes (hacking, identity theft, and other forms of
fraud) to cyber-espionage, cyber-terrorism, and cyber-warfare. Due to
the centrality of the Internet in the global economy and in our personal
and professional lives, moreover, the impact of cybersecurity risks can
potentially be very severe. This is why, over the past decade,
cybersecurity – keeping the Internet and the networked digital
technologies connected to that network safe and secure – has become an
increasingly important topic.
For regulators, this last point is considered one of the key benefits of
using techno-regulation. Using techno-regulation is efficient, easy, and
very effective. It leads to very high levels of compliance. Because
disobeying the rule that is implemented into an artefact or system is
(nearly) impossible, techno-regulatory interventions are among some of
the most effective forms of regulation. Moreover, techno-regulation is
one of the most cost-effective ways of regulating. The enforcement of
the rule for example is delegated to the artefact or system, which means
there is no need for expensive law enforcement personnel. And since
end users are much less likely to break the rule, costs for enforcement
are expected to be reduced.
These two benefits play a key role in the increasing popularity of using
this regulatory strategy. This combination is a regulator’s dream: a
regulatory strategy that will lead to substantial, if not complete,
compliance at a fraction of the cost of many other types of regulatory
interventions, including but not limited to laws that need enforcement or
norms that do not have the same level of effectiveness. What’s more,
when regulators push for the use of techno-regulation on the Internet, for
example, to increase security, in the process this automatically leads to
significantly more control: more end users will ‘colour within the lines’
thus leading to a higher sense of command over the safe and secure use
of cyberspace.
Having said that, over the years, several lines of critique have been
launched against the use of techno-regulation. For one, this form of
regulation is incredibly opaque (cf. Leenes 2011; Yeung 2011). When
rules and norms get implemented into a technological artefact often end
users who are confronted with such a device are not aware of the fact
that they are being regulated. Sometimes instances of techno-regulation
can be labelled as illegitimate, precisely because end users do not know
if, and when, they are being regulated (cf. Yeung 2011). Under the rule
of law, transparency and accountability are key values to uphold for
governments when they seek to regulate the behaviours of citizens.
Citizens need to know under which rule (laws, standards, institutional
frameworks) they live and need to be able to hold government
accountable for the proper implementation of laws and law enforcement
that government executes on their behalf. When techno-regulatory
interventions take place outside the awareness of citizens, the
requirement of transparency is not met. Moreover, techno-regulation
runs the risk of being undemocratic (cf. Benoliel 2004). If end users do
not know that their actions are regulated by specific architectures, they
have no possibility to question, appeal or object to this.
Despite these reservations, techno-regulation is an increasingly popular
regulatory strategy for both public and private parties on the Internet.
Why is this the case? We explain the rising popularity of techno-
regulation by pointing to an underlying assumption. When techno-
regulation is deployed on the Internet, especially to increase
cybersecurity, regulators assume that when end users have less room for
manoeuvring, there will be less risks to security. If end users ‘cannot be
bad’ anymore, cybersecurity increases. Deploying techno-regulatory
interventions entails that the regulator increases the level of control,
because the action space of regulatees is more clearly defined and has
sharp boundaries. Hence, when using techno-regulation regulators may,
to borrow an idiom, strike two birds with one stone: it makes the Internet
more secure, and it increases the level of control. Especially for an
environment that is so valuable yet also appears to be so ‘untameable’ as
cyberspace, reaching these dual goals through a single type of
intervention may be very alluring for governments.
The question we need to ask ourselves, though, is: Is there really a
relationship between control over the Internet and cybersecurity, and
what role does techno-regulation play in this? Does an increase in
control over the Internet, brought about by using techno-regulation,
make the Internet a safer place?
Answering that question is difficult for several reasons. First, there is the
issue of how we would qualify ‘making the Internet a safer place’. For
whom would the Internet become safer? And at what price? As we have
seen there are significant drawbacks to using techno-regulation. End
users carry the burden of the costs, while regulators (both from private
and public parties) stand to gain: more efficiency and effectiveness,
more compliance, a cheap implementation, and so on.
Second, it is debatable whether techno-regulatory interventions target
the right audience if they are designed to increase cybersecurity. As we
have seen, it is likely that techno-regulatory interventions lead to high
levels of compliance, since end users will almost always automatically
follow the implemented rule or norm. Hence, fewer end users will
engage in ‘risky behaviours’, whatever these may be in a given context.
While it is true that techno-regulation may prevent end users from
making mistakes that can have a negative effect on their own
cybersecurity or that of others, using this strategy will not weed out the
biggest threat to security: that of intentional attackers. Hackers,
cybercriminals, and those who engage in acts of cyber-espionage or
cyber-terrorism go to great lengths to find weaknesses in systems and
services and to exploit these to their benefit. Currently, the risks posed
by these intentional attackers are considered to be far greater (both in
terms of probability of occurrence and in terms of impact) than those
created by genuine errors that random end users will make. Techno-
regulatory interventions, or more generally the idea that a system’s
design will delineate the action space of end users, have no effect on
those who intentionally seek to exploit vulnerabilities in it. This
argument casts severe doubts on the assumption that more control
(through techno-regulation) will also lead to more cybersecurity.
While techno-regulation as a strategy has clear and admitted benefits, we
argue that the increasing tendency to seek to ‘solve’ cyber risks through
techno-regulation is in need of reconsideration. Should we not also look
at other strategies as well? In the rest of this article, we will contrast
techno-regulation with another regulatory strategy, which up until this
point in time has received little attention in the field of cybersecurity:
using trust.
d) Impact of Telecommunication and Broadcasting Law on Internet
Regulation.
Without some basic sense of trust, we would not be able to get up in the
morning. Overwhelmed by just thinking about all the possible turns fate
might take, we would not dare to leave the warm safety of our beds.
Trust is a strategy to deal with the complexities inherent in life. The fact
that, to a certain extent, we are aware of the unpredictable character of
the future and that we cannot foresee all the actions of others make that
we need trust to set aside some of these uncertainties. To trust is to act as
if we know for certain what tomorrow will bring, while in fact we are
groping in the dark.
Although most people intuitively have some ideas on what trust is, this
concept cannot be pinned down easily. In their review article, Seppanen,
Blomqvist, and Sundqvist (2007) counted more than 70 different
definitions of trust and this was only in the domain of inter-
organizational trust. As Simon (2013, 1) rightly concludes: ‘As
pervasive trust appears as a phenomenon, as elusive it seems as a
concept’.
What is trust?
For trust to be a very fruitful and robust strategy in dealing with the
uncertainties of everyday life, its limitations should not be
underestimated. First, trust is never the sole strategy at work to reduce
complexity. Rather, we should think of an amalgam of interdependent
strategies that are used to reduce complexity. Tamanaha (2007), for
example, explains how the rule of law enhances certainty, predictability,
and security between citizens and government (vertical) and among
citizens themselves (horizontal). The existence of rules and the fact that
citizens know there is a safety net in the form of a legal system fosters
trust. Möllering (2006, 111) explains how trust ‘is an ongoing process of
building on reason, routine, and reflexivity’. Estimating chances, relying
on roles and norms in society, and step-by step building confidence in
interactions provide meaningful grounds for the suspension of
uncertainties characteristic for trust. Luhmann (1979) states that trust
can only take place in a familiar world, an environment that is already
known by its inhabitants to a certain extent. A world is familiar when
shared norms and values are present; when people assume that others
perceive the world in a similar way and certain aspects of everyday life
are taken for granted. We can conclude that trust can be the dominant
strategy to reduce complexity; but it is never the sole strategy.
Second, trust is not the preferred dominant strategy to reduce complexity
in all situations. When it is of the utmost importance that a certain goal
be reached or a, particularly, protocol be followed, other strategies may
be more appropriate. For example, although trust is an important aspect
in securing a nuclear plant, it is not the dominant strategy. Using control
mechanisms such as security protocols that one cannot circumvent, or
using security badges and biometric logging systems that control the
access to different parts of the plant are better strategies to reduce the
risks associated with a nuclear installation. To a certain extent, there still
should be trust vested in the employees to follow the rules and in the
technological systems in place. However, trust is not the dominant
strategy in regulating the functioning of the nuclear plant.
Trust as a goal of cyber security
Trust is a fruitful strategy to deal with uncertainties. However, it is
generally not recognised as an adequate regulatory strategy for
cybersecurity. ‘Trust is good, security is better’, or so the saying goes
(Keymolen, Corien, and Raab 2012, 24). Cybersecurity tends to focus on
implementing rules and norms into systems to ensure the integrity of the
communication and the stable functioning of the infrastructure. Rather
than neutralising certain dangers, much work in the field of
cybersecurity is focused on removing them. Although it is widely
accepted by technicians and regulators alike that 100% security does not
exist (Chandler 2009, 126–127; Singer and Friedman 2013, 70;
Zedner 2003, 159), there still appears to be a tacit intention to come as
close as possible to that goal. Consequently, in the relation ‘trust-
cybersecurity’, security is seen as a necessary condition for trust but
trust is not considered as part of cybersecurity. Security measures are put
in place to enable a familiar world, necessary for trust to thrive. The
Internet should have a taken-for-granted character to its users. To put it
differently:
If users had to decide every time they use an online service or make use
of an application on their smartphone, whether or not to trust the
underpinning infrastructure of the Internet, the costs would simply
become too high. People would be overwhelmed by the uncertainty of
such a complex and unstable environment and probably reject it as a
valuable means of interaction. For trust to take place on the interpersonal
level – or between a user and an organization –, the environment,
whether or not online, should be familiar first, that is, stable and
predictable. (Keymolen 2016, 108)
We also see this ‘trust as a goal of cybersecurity perspective’ reflected in
policy documents (cf. Broeders 2015). For example, the Dutch National
Cyber Security Agenda (NSCA) states that it is an explicit goal of
cybersecurity to ensure a stable infrastructure to foster trust of users:
[W]e cannot afford to let cyber criminals erode the trust we have – and
need to have in the ICT infrastructure and the services it provides. Trust
is a conditio sine qua non for normal economic transactions and inter-
human communication. It is at the core of social order and economic
prosperity, and in an increasingly ICT-dependent world, the security of
ICT plays an ever more important role here (National Cyber Security
Research Agenda II: 6–7)
In the academic literature, Nissenbaum (2001) has coined the
perspective described above as ‘trust through security’. She also
recognises the strong emphasis on computer security as a means through
which trust online can be established. Nissenbaum discerns three
security mechanisms put in place to ensure trust online: access
control, transparency of identity, and surveillance. The first refers to
passwords, firewalls, and other measures to ensure that only those actors
who are allowed to enter – clients, citizens, members – do enter and
those who are not allowed –hackers, spies, criminals – are blocked. The
second mechanism is about making actors more identifiable. Even if a
user does not willingly provide personal data, all sorts of cryptographic
and profiling techniques are used to authenticate users. The basic idea is
that if your identity is known you will think twice before acting
malicious, as you can be held accountable for your deeds. The third
mechanism is based on the idea that monitoring actions and behaviour
online can prevent bad things from happening or at least could help to
quickly and easily find the wrongdoers.
Nissenbaum is not against security. It is conspicuously clear that for
specific online activities such as banking or e-commerce, high security is
necessary. However, Nissenbaum (2004) warns against the seemingly
self-evident move to strive for more security in all online domains and
practices as it may endanger trust and the worthwhile practices trust
facilitates. Reducing complexity and uncertainties should never become
a permit to strive for overall security in a way that it narrows down
freedom, which is nurtured by trust to develop (amongst others)
innovative, creative, or political practices. She states:
In a world that is complex and rich, the price of safety and certainty is
limitation. Online as off, the cost of surety – certainty and security – is
freedom and wide-ranging opportunity.
Trust in systems
The international treaties have a long way to tread before they are
capable of protecting intellectual property rights on the ground and
within the nations. Until practical realization of the best practices of the
treaties into domestic law takes a front seat, the standardization of
protection in the intellectual property rights domain would remain a
distant dream, miles away from reality.
In Super Cassettes Industries Ltd. vs. Myspace Inc. & Anr., the Hon’ble
Court held the intermediary liable for allowing viewing and sharing
images over the intellectual property ownership of Super Cassettes. The
case pronounced judicial activism by granting precedence to the Indian
Copyright Act, 1957 over the safe havens of IT Act, 2000, through
reading Section 81 of the IT Act 2000 in conjunction with and
over Section 79 of the IT Act 2000.
Section 14 Copyrights Act, 1957 elucidates what constitutes exclusive
rights. The Hon’ble High Court of Calcutta had recently passed an ex-
parte injunction at the instance of the petitioners Phonographic
Performance Ltd. (PPL), Indian Music Industry (IMI), and Sagarika
Music Pvt. Ltd., to restrict an array of ISPs namely Dishnet Wireless
Ltd, Reliance Wimax Ltd, Hathway Cable & Datacom Pvt Ltd, Hughes
Communications Ltd India, Tata Teleservices (Maharashtra) Ltd,
Reliance Communications Infrastructure Ltd, Wipro Ltd, Sify
Technologies Ltd, Bharti Airtel Ltd, Vodafone India Ltd, and BG
Broadband India Pvt Ltd., from providing access to www.songs.pk.
Out of the variety of theories and legal concepts that have evolved in the
recent past to address this major impediment of the jurisdiction of courts
to try infringements of intellectual property in the open world of
cyberspace, the most noteworthy of which are the Minimum Contacts
Test, the Effects Test, and the Sliding Scale Test or ‘Zippo Test’. These
are theories derived from US Courts. The Minimum contacts test is
applicable in circumstances where one or both parties are from outside
the court’s territorial jurisdiction whereby there is an element of contact
with the state where the court is located. The Effects test is applicable
where the consequence of the injury is felt at the particular state where
the court is located. The Sliding Test determines personal jurisdiction
through non-resident interactivities and the exchange of commercial
information over the internet of non-resident online operators.
Section 75 IT Act, 2000 applies to offences committed outside India if
the conduct constituted an offence involving a computer, computer
system, or computer network located in India. Section 4 IPC,
1860 extends its jurisdiction to offences committed in any place outside
India targeting a computer resource located in India. Indian courts have
the legal tools to adjudicate against the infringers of intellectual property
in the cyber domain, and judicial activism followed with effective
jurisprudence would come much to the rescue of the intellectual
property owners.
Conclusion
With the emerging trend of modernization of technology, it is crucial to
have a meaningful legal discourse on the intellectual property issues that
are set to barrage the cyber world. Solutions are critical to the present
discourse. Traditional regulations revolving around intellectual property
protection are not enough to be applied in cyberspace – more is vital, for
reasons of the typical challenges faced by the realm of cyberspace.
c) Berne Convention.
Berne Convention, Berne also spelled Bern, formally International
Convention for the Protection of Literary and Artistic Works,
international copyright agreement adopted by an international
conference in Bern (Berne) in 1886 and subsequently modified several
times (Berlin, 1908; Rome, 1928; Brussels, 1948; Stockholm, 1967; and
Paris, 1971). Signatories of the Convention constitute the Berne
Copyright Union.
The core of the Berne Convention is its provision that each of the
contracting countries shall provide automatic protection for works first
published in other countries of the Berne union and for unpublished
works whose authors are citizens of or resident in such other countries.
Each country of the union must guarantee to authors who are nationals
of other member countries the rights that its own laws grant to its
nationals. If the work has been first published in a Berne country but the
author is a national of a nonunion country, the union country may
restrict the protection to the extent that such protection is limited in the
country of which the author is a national. The works protected by the
Rome revision of 1928 include every production in the literary,
scientific, and artistic domain, regardless of the mode of expression,
such as books, pamphlets, and other writings; lectures, addresses,
sermons, and other works of the same nature; dramatic or dramatico-
musical works, choreographic works and entertainments in dumb show,
the acting form of which is fixed in writing or otherwise; musical
compositions; drawings, paintings, works of architecture, sculpture,
engraving, and lithography; illustrations, geographical charts, plans,
sketches, and plastic works relative to geography, topography,
architecture, or science. It also includes translations, adaptations,
arrangements of music, and other reproductions in an altered form of a
literary or artistic work, as well as collections of different works. The
Brussels revision of 1948 added cinematographic works and
photographic works. In addition, both the Rome and Brussels revisions
protect works of art applied to industrial purposes so far as the domestic
legislation of each country allows such protection.
In the Rome revision the term of copyright for most types of works
became the life of the author plus 50 years, but it was recognized that
some countries might have a shorter term. Both the Rome and the
Brussels revisions protected the right of making translations; but the
Stockholm Protocol and the Paris revision somewhat liberalized the
rights of translation, in a compromise between developing and
developed countries.
The areas of intellectual property that it covers are: copyright and related
rights (i.e. the rights of performers, producers of sound recordings and
broadcasting organizations); trademarks including service
marks; geographical indications including appellations of
origin; industrial designs; patents including the protection of new
varieties of plants; the layout-designs of integrated circuits;
and undisclosed information including trade secrets and test data.
Article 14.6 provides that any Member may, in relation to the protection
of performers, producers of phonograms and broadcasting organizations,
provide for conditions, limitations, exceptions and reservations to the
extent permitted by the Rome Convention.
It is further required that use of the trademark in the course of trade shall
not be unjustifiably encumbered by special requirements, such as use
with another trademark, use in a special form, or use in a manner
detrimental to its capability to distinguish the goods or services
(Article 20).
Article 23 provides that interested parties must have the legal means to
prevent the use of a geographical indication identifying wines for wines
not originating in the place indicated by the geographical indication.
This applies even where the public is not being misled, there is no unfair
competition and the true origin of the good is indicated or the
geographical indication is accompanied be expressions such as “kind”,
“type”, “style”, “imitation” or the like. Similar protection must be given
to geographical indications identifying spirits when used on spirits.
Protection against registration of a trademark must be provided
accordingly.
Article 25.2 contains a special provision aimed at taking into account the
short life cycle and sheer number of new designs in the textile sector:
requirements for securing protection of such designs, in particular in
regard to any cost, examination or publication, must not unreasonably
impair the opportunity to seek and obtain such protection. Members are
free to meet this obligation through industrial design law or through
copyright law.
The third is that Members may exclude plants and animals other than
micro-organisms and essentially biological processes for the production
of plants or animals other than non-biological and microbiological
processes. However, any country excluding plant varieties from patent
protection must provide an effective sui generis system of protection.
Moreover, the whole provision is subject to review four years after entry
into force of the Agreement (Article 27.3(b)).
The exclusive rights that must be conferred by a product patent are the
ones of making, using, offering for sale, selling, and importing for these
purposes. Process patent protection must give rights not only over use of
the process but also over products obtained directly by the process.
Patent owners shall also have the right to assign, or transfer by
succession, the patent and to conclude licensing contracts (Article 28).
The term of protection available shall not end before the expiration of a
period of 20 years counted from the filing date (Article 33).
Members shall require that an applicant for a patent shall disclose the
invention in a manner sufficiently clear and complete for the invention
to be carried out by a person skilled in the art and may require the
applicant to indicate the best mode for carrying out the invention known
to the inventor at the filing date or, where priority is claimed, at the
priority date of the application (Article 29.1).
Electronic Commerce
Types of e-commerce
Today, there are innumerable virtual stores and malls on the internet
selling all types of consumer goods. The most recognized example of
these sites is Amazon, which dominates the B2C market.
Consumer-to-consumer (C2C) is a type of e-commerce in which
consumers trade products, services and information with each other
online. These transactions are generally conducted through a third party
that provides an online platform on which the transactions are carried
out.
E-commerce applications
E-commerce is conducted using a variety of applications, such as Email,
online catalogs and shopping carts, Electronic Data Interchange (EDI),
the file transfer protocol, web services and mobile devices. This includes
B2B activities and outreach, such as using email for unsolicited ads,
usually viewed as spam, to consumers and other business prospects, as
well as sending out e-newsletters to subscribers and SMS texts to mobile
devices. More companies now try to entice consumers directly online,
using tools such as digital coupons, social media marketing and targeted
advertisements.
Amazon
eBay
Walmart Marketplace
Chewy
Wayfair
Newegg
Alibaba
Etsy
Overstock
Rakuten
Shopify
WooCommerce
Magento
Squarespace
BigCommerce
Ecwid
Salesforce Commerce Cloud (B2B and B2C options)
Oracle SuiteCommerce
History of e-commerce
MODULE-IV:
Cyber Crime
As technology advances, man has become reliant on the Internet for all
of his requirements. The internet has provided man with quick access to
everything while seated in one location. Every imaginable thing that
man can think of can be done through the medium of the internet,
including social networking, online shopping, data storage, gaming,
online schooling, and online jobs. The internet is used in nearly all
aspects of life. As the internet and its associated advantages grew in
popularity, so did the notion of cybercrime. Different types of
cybercrime are committed.
However, only 25% of the ladies in this group of 40% are merely aware
of cyber-crime. The majority of cyber-crime goes unreported owing to
the victim’s reluctance and shyness, as well as the fear of defamation of
the family’s name. Frequently, the girl believes she is to blame for the
crime. Women sometimes neglect to report crimes due to their concerns,
enabling the perpetrator’s spirits to become even more harmed.
Basically, cybercrime is on the rise because it is regarded to be the
easiest method to commit a crime, and people who have a lot of
computer expertise but are unable to find work or do not have a lot of
money turn to this source and begin abusing the internet. It is simple for
cyber criminals to gain access to data from here and then use it to
withdraw money, blackmail, or do other crimes.
Cyber thieves are on the rise because they don’t see much of a threat and
because they are so well-versed in the networking system that they
believe they are safe. They are also the ones that create phoney accounts
and then commit crimes.
Legal Remedies
The victim has the right to file an appeal in court for compensation for
the wrong done to him under section 43A of the Information Technology
Act of 2000, as this section covers the penalties and compensations for
offences such as “damage to the computer, computer system, or
computer networks, etc.”Anybody corporate that deals with sensitive
data, information, or maintains it on its own or on behalf of others and
negligently compromises such data or information will be liable under
this section and will be required to pay compensation according to the
court’s discretion.
Section 65 of the Act covers the punishment for the offences which
involve “tampering with computer source documents”, where according
to the section, “Whoever knowingly or intentionally conceals, destroys
or alters or intentionally or knowingly causes another to conceal,
destroy, or alter any computer source code used for a computer,
computer program, computer system or computer network, when the
computer source code is required to be kept or maintained by law for the
time being in force, shall be punishable with imprisonment up to three
years, or with fine which may extend up to two lakh rupees, or with
both”.
There are still some gaps in the IT Act of 2008 since there are new and
unknown cyber-offenses for which the law needs to stretch its arms and
tighten its grip.
Here are also offences that are not covered by the IT Act because they
are already covered by other laws, such as “Cyber-defamation,” which is
governed by the Indian Penal Code, 1860. The term “Defamation” and
its punishment are defined under this Act, so there is no need for a
separate definition elsewhere because the impact of such an online
offence is the same as it is offline.
MODULE-V:
So how do you feel about this? How do you think using these
technologies might change society? Here we will explore some of the
key genetic technologies and probe some of the dilemmas and debates
around their use.
MODULE-VI:
Broadcasting
Over the air broadcasting is usually associated with radio and television,
though more recently, both radio and television transmissions have
begun to be distributed by cable (cable television). The receiving parties
may include the general public or a relatively small subset; the point is
that anyone with the appropriate receiving technology and equipment
(e.g., a radio or television set) can receive the signal. The field of
broadcasting includes both government-managed services such as public
radio, community radio and public television, and private commercial
radio and commercial television. The U.S. Code of Federal Regulations,
title 47, part 97 defines "broadcasting" as "transmissions intended for
reception by the general public, either direct or relayed". Private or two-
way telecommunications transmissions do not qualify under this
definition. For example, amateur ("ham") and citizens band (CB) radio
operators are not allowed to broadcast. As defined, "transmitting" and
"broadcasting" are not the same.
Transmission of radio and television programs from a radio or television
station to home receivers by radio waves is referred to as "over the air"
(OTA) or terrestrial broadcasting and in most countries requires
a broadcasting license. Transmissions using a wire or cable, like cable
television (which also retransmits OTA stations with their consent), are
also considered broadcasts but do not necessarily require a license
(though in some countries, a license is required). In the 2000s,
transmissions of television and radio programs via streaming digital
technology have increasingly been referred to as broadcasting as well.
MODULE-VII:
CHAPTER I
PRELIMINARY 1. Short title, extent, commencement and application
(1) This Act may be called the Information Technology Act, 2000. (2) It
shall extend to the whole of India and, save as otherwise provided in this
Act, it applies also to any offence or contravention thereunder
committed outside India by any person.
(3) It shall come into force on such date as the Central Government may,
by notification, appoint and different dates may be appointed for
different provisions of this Act and any reference in any such provision
to the commencement of this Act shall be construed as a reference to the
commencement of that provision. (4) Nothing in this Act shall apply to,
— (a) a negotiable instrument as defined in section 13 of the Negotiable
Instruments Act, 1881; (b) a power-of-attorney as defined in section 1A
of the Powers-of-Attorney Act, 1882; (c) a trust as defined in section 3
of the Indian Trusts Act, 1882; (d) a will as defined in clause (h) of
section 2 of the Indian Succession Act, 1925 including any other
testamentary disposition by whatever name called; (e) any contract for
the sale or conveyance of immovable property or any interest in such
property; (f) any such class of documents or transactions as may be
notified by the Central Government in the Official Gazette.
(1), the matters and places in relation to which the Cyber Appellate
Tribunal may exercise jurisdiction.
(b) is or has been a member of the Indian Legal Service and is holding
or has held a post in Grade I of that Service for at least three years.
53. Filling up of vacancies. If, for reason other than temporary absence,
any vacancy occurs in the office n the Presiding Officer of a Cyber
Appellate Tribunal, then the Central Government shall appoint another
person in accordance with the provisions of this Act to fill the vacancy
and the proceedings may be continued before the Cyber Appellate
Tribunal from the stage at which the vacancy is filled.
(3) The Central Government may, by rules, regulate the procedure for
the investigation of misbehaviour or incapacity of the aforesaid
Presiding Officer.
(1) The Central Government shall provide the Cyber Appellate Tribunal
with such officers and employees as that Government may think fit
(2) The officers and employees of the Cyber Appellate Tribunal shall
discharge their functions under general superintendence of the Presiding
Officer.
(2) No appeal shall lie to the Cyber Appellate Tribunal from an order
made by an adjudicating officer with the consent of the parties.
(3) Every appeal under sub-section (1) shall be filed within a period of
tony-five days from the date on which a copy of the order made by the
Controller or the adjudicating officer is received by the person aggrieved
and it shall be in such form and be accompanied by such fee as may be
prescribed: Provided that the Cyber Appellate Tribunal may entertain an
appeal after the expiry of the said period of tony-five days if it is
satisfied that there was sufficient cause tor not filing it within that
period.
(5) The Cyber Appellate Tribunal shall send a copy of every order made
by it to" the parties to the appeal and to the concerned Controller or
adjudicating officer.
(6) The appeal filed before the Cyber Appellate Tribunal under sub-
section (1) shall be dealt with by it as expeditiously as possible and
endeavour shall be made by it to dispose of the appeal finally within six
months from the date of receipt of the appeal.
(1) The Cyber Appellate Tribunal shall not be bound by the procedure
laid down by the Code of civil Procedure, 1908 but shall be guided by
the principles of natural justice and, subject to the other provisions of
this Act and of any rules, the Cyber Appellate Tribunal shall have
powers to regulate its own procedure including the place at which it
shall have its sittings.
(2) The Cyber Appellate Tribunal shall have, for the purposes of
discharging its functions under this Act, the same powers as are vested
in a civil court under the Code of Civil Procedure, 1908, while trying a
suit, in respect of the following matters, namely:—
61. Civil court not to have jurisdiction. No court shall have jurisdiction
to entertain any suit or proceeding in respect of any matter which an
adjudicating officer appointed under this Act or the Cyber Appellate
Tribunal constituted under this Act is empowered by or under this Act to
determine and no injunction shall be granted by any court or other
authority in respect of any action taken or to be taken in pursuance of
any power conferred by or under this Act.
(1) Any contravention under this Chapter may, either before or after the
institution of adjudication proceedings, be compounded by the
Controller or such other officer as may be specially authorised by him in
this behalf or by the adjudicating officer, as the case may be, subject to
such conditions as the Controller or such other officer or the
adjudicating officer may specify: Provided that such sum shall not, in
any case, exceed the maximum amount of the penalty which may be
imposed under this Act for the contravention so compounded.
(2) Nothing in sub-section (1) shall apply to a person who commits the
same or similar contravention within a period of three years from the
date on which the first contravention, committed by him, was
compounded. Explanation.—For the purposes of this sub-section, any
second or subsequent contravention committed after the expiry of a
period of three years from the date on which the contravention was
previously compounded shall be deemed to be a first contravention.
Liabilities
Offences
Notable cases
Section 66
In February 2001, in one of the first cases, the Delhi police arrested
two men running a web-hosting company. The company had shut
down a website over non-payment of dues. The owner of the site
had claimed that he had already paid and complained to the police.
The Delhi police had charged the men for hacking under Section
66 of the IT Act and breach of trust under Section 408 of
the Indian Penal Code. The two men had to spend 6 days in Tihar
jail waiting for bail.
In February 2017, A Delhi based Ecommerce Portal made a
Complaint with Hauz Khas Police Station against some hackers
from different cities accusing them for IT Act / Theft / Cheating /
Misappropriation / Criminal Conspiracy / Criminal Breach of Trust
/ Cyber Crime of Hacking / Snooping / Tampering with Computer
source documents and the Web Site and extending the threats of
dire consequences to employees, as a result four hackers were
arrested by South Delhi Police for Digital Shoplifting.[9]
Section 66A
In September 2012, a freelance cartoonist Aseem Trivedi was
arrested under the Section 66A of the IT Act, Section 2
of Prevention of Insults to National Honour Act, 1971 and
for sedition under the Section 124 of the Indian Penal Code.[10] His
cartoons depicting widespread corruption in India were considered
offensive.
On 12 April 2012, a Chemistry professor from Jadavpur
University, Ambikesh Mahapatra, was arrested for sharing a
cartoon of West Bengal Chief Minister Mamata Banerjee and
then Railway Minister Mukul Roy.[13] The email was sent from the
email address of a housing society. Subrata Sengupta, the secretary
of the housing society, was also arrested. They were charged under
Section 66A and B of the IT Act, for defamation under Sections
500, for obscene gesture to a woman under Section 509, and
abetting a crime under Section 114 of the Indian Penal Code.[14]
On 30 October 2012, a Puducherry businessman Ravi Srinivasan
was arrested under Section 66A. He had sent tweet accusing Karti
Chidambaram, son of then Finance Minister P. Chidambaram, of
corruption. Karti Chidambaram had complained to the police. [15]
On 19 November 2012, a 21-year-old girl was arrested
from Palghar for posting a message on Facebook criticising the
shutdown in Mumbai for the funeral of Bal Thackeray. Another
20-year-old girl was arrested for "liking" the post. They were
initially charged under Section 295A of the Indian Penal Code
(hurting religious sentiments) and Section 66A of the IT Act.
Later, Section 295A was replaced by Section 505(2) (promoting
enmity between classes).[16] A group of Shiv Sena workers
vandalised a hospital run by the uncle of one of girls.[17] On 31
January 2013, a local court dropped all charges against the girls. [18]
On 18 March 2015, a teenaged boy was arrested
from Bareilly, Uttar Pradesh, for making a post on Facebook
insulting politician Azam Khan. The post allegedly contained hate
speech against a community and was falsely attributed to Azam
Khan by the boy. He was charged under Section 66A of the IT Act,
and Sections 153A (promoting enmity between different religions),
504 (intentional insult with intent to provoke breach of peace) and
505 (public mischief) of Indian Penal Code. After the Section 66A
was repealed on 24 March, the state government said that they
would continue the prosecution under the remaining charges.[19][20]
Section 69A
Criticisms
In November 2012, IPS officer Amitabh Thakur and his wife social
activist Nutan Thakur, filed a petition in the Lucknow bench of
the Allahabad High Court claiming that the Section 66A violated the
freedom of speech guaranteed in the Article 19(1)(a) of the Constitution
of India. They said that the section was vague and frequently misused. [27]