Module III

Cybercrimes and Cyber Security

Topics discussed

1. Difference b/w cyber and Conventional crimes

2. Crimes in IT Act
3. Financial related crimes
4. Email crimes
5. Investigation and Adjudication
6. Budapest Convention
7. Jus-cogens

Cybercrimes means any computer crime or criminal activity committed over the internet.
This involves unlawful access to computer systems. Cybercrimes are offences relating to
computers, computer technologies, internet and virtual reality. Cyber Crime simply means
illegal use of computers and internet.

The oxford Dictionary defined the term cybercrime as “Criminal activities carried out by
means of computers or the Internet.”

“Cybercrime may be said to be those species, of which, genus is the

conventional crime, and where either the computer is an object or subject of

the conduct constituting crime”.

Cybercrime is not a novel kind of crime in the world. It is defined as any criminal activity
that occurs on or via the medium of computers, the internet, or any acknowledged technology
under the Information Technology Act. The term cybercrime may be judicially interpreted in
some Indian court judgements, but it is not defined in any act or statute passed by the Indian
Legislature. Cybercrime is an uncontrollable evil that arises from the misuse of modern
society's growing reliance on computers.

Development of Cyber-crime

The new technology development so an advent increase in cybercrimes too.The first recorded
crime occurred in 1820, when Joseph-Marie Jacquard, a French textile producer, invented the
loom. This mechanism made it possible to repeat a sequence of procedures in the weaving of

1
specific materials. This caused Jacquard employees to be concerned that their conventional
employment and livelihood might be jeopardised. They committed sabotage in order to deter
Jacquard from using the new technology in the future. This is the first documented
cybercrime.

Difference b/w Cybercrimes and Conventional crimes

Conventional crime refers to traditionally Cybercrimes are illegal use of computers

evolved actions that are illegal and and internet.
punishable by law.
More evidences can be collected in Cyber criminals leave behind very little
conventional crimes evidence making difficult to trace.

Mostly involve physical attacks The scale, reach and speed of crimes is very
wide and fast

The scale, reach and speed of crimes are The computer can be a victim and offender
limited

Classification Of Cyber Crimes

Cybercrimes can be classified in to 4 major categories as the following:

I. On the nature and purpose of the offence to the victims

(A) Cybercrime against Individual

(B) Cybercrime Against Organization

(C) Cybercrime Against Society

(A) Against Individuals

This can again be classified as cyber crimes against person and against property.

 Against Person

(i) Email spoofing: A spoofed email is one in which the e-mail header is forged so that the
mail appears to originate from one source but actually has been sent from another source.

2
(ii) Spamming: Spamming means sending multiple copies of unsolicited mails or mass e-
mails such as chain letters.

(iii) Cyber Defamation: This occurs when defamation takes place with the help of computers
and/or the Internet.

E.g., someone publishes defamatory matter about someone on a website or sends e-mails
containing defamatory information.

(iv) Harassment & Cyber stalking: Cyber Stalking Means following an individual's activity
over internet. It can be done with the help of many protocols available such as e- mail, chat
rooms, user net groups.

 Against Property

(i) Credit Card Fraud: As the name suggests, this is a fraud that happens by the use of a credit
card. This generally happens if someone gets to know the card number or the card gets stolen.

(ii) Intellectual Property crimes: These include Software piracy: Illegal copying of programs,
distribution of copies of software. Copyright infringement: Using copyrighted material
without proper permission. Trademarks violations: Using trademarks and associated rights
without permission of the actual holder. Theft of computer source code: Stealing, destroying
or misusing the source code of a computer.

(iii) Internet time theft: This happens by the usage of the Internet hours by an unauthorized
person which is actually paid by another person.

(B) Against Organisations

a) Government

b) Company, firm or group of individuals

(i) Unauthorized Accessing of Computer: Accessing the computer/network without

permission from the owner. This can be of two forms:

a) Changing/deleting data: Unauthorized changing of data.

b) Computer voyeur: The criminal reads or copies confidential or proprietary

information, but the data is neither deleted nor changed.

3
(ii) Denial Of Service: When Internet server is flooded with continuous bogus requests so as
to denying legitimate users to use the server or to crash the server. (iii) Computer
contamination / Virus attack: A computer virus is a computer program that can infect other
computer programs by modifying them in such a way as to include a (possibly evolved) copy
of it. Viruses can be file infecting or affecting boot sector of the computer. Worms, unlike
viruses do not need the host to attach themselves to.

(iv) Email Bombing: Sending large numbers of mails to the individual or company or mail
servers thereby ultimately resulting into crashing.

(v) Salami Attack: When negligible amounts are removed & accumulated in to something
larger. These attacks are used for the commission of financial crimes. (vi) Logic Bomb: It is
an event dependent program. As soon as the designated event occurs, it crashes the computer,
release a virus or any other harmful possibilities.

(vii) Trojan Horse: This is an unauthorized program which functions from inside what seems
to be an authorized program, thereby concealing what it is actually doing.

(viii) Data diddling: This kind of an attack involves altering raw data just before it is
processed by a computer and then changing it back after the processing is completed.

(C) Against Society

(i) Forgery: Currency notes, revenue stamps, mark sheets etc. can be forged using computers
and high-quality scanners and printers.

(ii) Cyber Terrorism: Use of computer resources to intimidate or coerce people and carry out
the activities of terrorism.

II. Based on nature of cyber crime

a) Social cyber crime

E.g., Trafficking, cyber obscenity, pornography, cyber gambling

b) Economic Cyber Crime

E.g., Credit card schemes, cyber fraud, gambling websites

III. Based on role of computer

a) Computer as a victim of crime
b) Computer as a tool of crime
4
 c) Computer as incidental to crime
IV. Based on nature, source and motive of crime
a) Financial crimes
b) Email crimes
c) Computer related crimes
d) Network related crimes

Financial crimes

1. Salami Attacks

Financial crime through insignificant alteration in singe case. In such a fraud, the suspect
performs subtle modifications in such a way the changes go unnoticed. For example, a
Criminal deducts tiny sums as at Rs. 2.50 per month from all the bank's customer's accounts
and deposits it into their account. In this situation, no account manager can approach the bank
for too little, but fraudulent profits are massive.

2. Online Gambling- money are acquired through gambling games.

3. Cyber laundering

Cyber laundering is a sophisticated form of money laundering that leverages the internet and
other digital platforms to conceal and transfer illegally obtained funds. It involves the use of
complex and advanced technologies, such as virtual currencies, encryption, and
anonymization, to cover the tracks of criminal activities.

Email- crimes

1. Email spoofing

A spoofed email is one that appears to originate from one source but has actually emerged
from another source. Email spoofing is usually done by falsifying the name and / or email
address of the originator of the email.

SMS Spoofing is also found in today’s modern world of technology. It allows changing
the name or number text messages appear to have come from.
2. Sending malicious codes through email.

5
Emails are often the fastest and easiest ways to propagate malicious code over the
Internet. Hackers often bind Trojans, viruses, worms and other computer contaminants
with greeting cards and then email them to unsuspecting persons.

3. Email bombing

Email bombing refers to sending a large number of emails to the victim resulting in the
victim's email account (in case of an individual) or servers (in case of a company or an
email service provider) crashing. A simple way of achieving this would be to subscribe
the victim's email address to a large number of mailing lists. Mailing lists are special
interest groups that share and exchange information on a common topic of interest with
one another via email.
4. Sending threatening emails

Email is a useful tool for technology savvy criminals thanks to the relative anonymity
offered by it. It becomes fairly easy for anyone with even a basic knowledge of computers
to become a blackmailer by threatening someone via e-mail.
5. Defamatory emails

Cyber defamation can be conducted through mails.

6. Email frauds

Emails can be used as way to conduct fraud and acquire money. In a case known as the
Euro lottery case, one Mr. Rao sent himself spoofed emails, which were supposedly from
the Euro Lottery Company. These mails informed him that he had won the largest lottery.
He also created a website in the name of the Euro Lottery Company, announced n it that
he had won the Euro Lottery and uploaded it on to the Internet. He then approached the
Income Tax authorities in India and procured a clearance certificate from them for
receiving the lottery amount. He approached many newspapers and magazines and spread
the news of winning lottery. The media seeing this as a story that would interest a lot of
readers hyped it up and played a vital role in spreading this misinformation. Mr. Rao then
went to many banks and individuals and told them that having won such a large sum of
money. He wheedled money out of these institutions and people by telling them that since
the lottery prize money would take some time to come to him and borrowed money from
them. People believing him most of these people loaned large amounts of money to him.
It was only when he did not pay back the loan amounts to the banks that they became

6
 suspicious. A countercheck by the authorities revealed the entire scheme and he was
arrested.

CYBERCRIMES

1. Cyber Terrorism
Terrorism has become an issue for the world since the end of the Cold War. The state
agencies are insufficient to combat or control terrorist attacks on humankind;
terrorists heinous acts have murdered a large number of people globally. As we live in
the digital age, and computers and the internet are also playing a role, becoming a
helpful instrument in the hands of terrorists. Cyber terrorism thus refers to unlawful
attacks against computers, networks and the information stored therein that are carried
out to intermediates or coerce a country’s government or citizens, having political or
social objectives. The primary goal of a cyber terrorist organisation when attacking a
nation, a location, or an organisation is to harm tangible property or assets and murder
people in order to prove their ideology or political ideologies. Thus, there is little
doubt that technological improvement in computers and networking has played a
critical role in providing them with opportunity, which has significantly influenced
terrorist techniques and behaviour.
These threats may include
1. Cyber warfare
2. Malicious Software
3. Domain hijacking
Previously, there was no explicit provision in the IT Act, 2000 that dealt directly with
cyber terrorism as a result, the Information Technology (Amendment) Act, 2008
added a new section 66F. Given the rise in terrorist activity in India and adjacent
countries, the IT Amendment Act of 2008 is a good change.
2. Cyber Hacking
It simply refers to have an unauthorized access to another computer system. It is the most
dangerous and commonly known cybercrime.
The hackers break down into the computers system and steal valuable information,
known as data, from the system without any permission. Hacking can be done for
multiple purposes like data theft, fraud, destruction of data, and causing damage to
computer system for personal gains. Therefore, hackers are able to spoof the data and
duplicate the IP address illegally.

7
 White Hat Hackers: These are the ethical hackers that use their hacking skills for good
reasons and do not harm the computer system.
Black Hat Hackers: These types of hackers use their computer knowledge to gain
unauthorized access to a computer system with a malicious or harmful intention. They
may steal, modify or erase data, and insert viruses and damage the system.
Grey Hat Hackers: They are the skilled hackers that usually do not hack for personal
gains. Therefore, they are hybrids between white hat and black hat hackers.

Hacking in various forms is already part of several offences, either as the means to their
commission or as a consequence. For instance, hacking could be a tool and means to
commit cheating, misappropriation, criminal breach of trust, theft, copyright violations,
spying into official secrets, or as part of the conspiracy to wage war against the State,
these are all well-defined offences. Some of the species of hacking have been defined as
contraventions as well as criminal offences in the IT. Act, 2000 as amended by the I.T.
(Amendment) Act, 2008. In the I.T. Act, 2000, section 66 titles as “Hacking with
computer system” defined and punished hacking with imprisonment upto three years, or
with fine which may extend up to two lakh rupees, or with both. The words of Section 66
limited the scope limiting it to punishment only for hacking a computer system only. The
words thus were changed in the amendment Act, 2008 and the various species of the
offence of hacking or may have elements of hacking were included in the amended
version of the I.T. Act, 2000. All of these was added to different provisions of section 43
of IT Act.

 Access to a computer.
 Downloading, copying or extraction of data from a computer.
 Introducing computer virus and contaminants.
 Causing damage to a computer.
 Causing disruption of a computer.
 Causing denial of access to a computer.
 Affecting critical information infrastructure.

Security measures that can prevent Hacking

a) Passwords
b) Firewalls
It creates ‘wall’ between a network and possible intruders.
8
 c) Encryption
d) Digital Signatures
e) Clipper chip- This is used to prevent cellular based security breaches. It is a
government sponsored security system developed by American National security
Agency. Its main objective is to prevent private parties from encrypted cellular based
communications for illegal purposes.
2. Cyber Pornography

Cyber pornography is in simple words defined as the act of using cyberspace to create,
display, distribute, import, or publish pornography or obscene materials. With the advent of
cyberspace, traditional pornographic content has now been largely replaced by online or
digital pornographic content.
Obscene materials are those that can be regulated or criminalised becausetheir depiction of nu
dity, sex, or excretion is clearly offensive and has no aesthetic or scientific value.
The test of obscenity was first established in the case of Regina V. Hicklin as
thetendency"to deprave and corrupt those whose minds are open to such influences and into
whose hands a publication of this sort may fall," with the understanding that this test would a
pply only to the isolated passage of the work. The Indian Penal Code, 1860, addresses the
topic of obscenity in India. However, as internet technology advances, obscenity and
pornography take on electronic forms, making it hard to punish the culprit under the Indian
Penal Code, 1860. To address this new technology, the Indian government established the
Information Technology Act of 2000. Section 67 of the Information Technology Act of 2000
addresses obscenity and pornographic material on the internet. Section 67 A IT Act makes
publication, transmission and causing transmitted and published in electronic to be for
materials containing sexually any explicit act or conduct, punishment. Browsing or
downloading Pornography online is also punishable off the pornography Act IT Act.

One of the most heinous charges is child pornography. Abusers use the Internet to contact
and sexually abuse children all around the world. Children have become an appealing target
for cybercriminals as the internet has grown in popularity. Paedophiles utilise false identities
to entice children into their traps, including contacting them in chat rooms, where they
befriend them and take personal information from their hapless victims. These paedophiles
lure children onto the internet with the intent of sexually assaulting or exploiting them as a
sex object.

9
Section 67 of IT Act- Punishment for Cyber pornography

Any person publishes, transmits, or causes to be published or transmitted in the electronic

form any obscene material

Punishment: 1st Conviction imprisonment of 3 years and fine up to 5 lakhs

2nd Conviction Imprisonment up to 5 years and fine up to 10 lakhs.

Section 67 B- Punishment of Child Pornography

Punishment for publishing or transmitting of material depicting children in sexually explicit

act.

Punishment: 1st conviction imprisonment for 5 years and fine up to 10 lakhs

2nd Conviction up to 7 years and fine 10 lakhs

Cases:

a. Avinash Bajaj v. State NCT Delhi (2005)

This case is popularly known as Bazzee.com case, the story started when a sexually
explicit video clip of two school students was shot with a cell phone camera and then
distributed among friends through the Multimedia Messaging Service (MMS). The
clip, showing a young girl engaged in oral sex with a boy, was shot with her consent
but was circulated to the others without her permission. The clip then landed in the
hands of a smart entrepreneur who tried to make easy money out of it. Mr. Ravi Raj, a
final year M.Sc. Geophysics student of Indian Institute of Technology, Kharagpur had
opened an account under the name ‘Alice Electronics’ on the auction site Bazee.com
on 21’st of July, 2004. He posted the clip in that account on the 27th of November,
2004 under the header ‘DPS Girl having fun’ and it remained there till 29th
November, 2004. Mr. Raj was arrested on 14th December and produced before a
Delhi court two days later. The Court remanded him to three days police custody.
Meanwhile, the CEO of Bazee.com, Mr. Avnish Bajaj, was sentenced to jail for six
days by a Delhi court. Mr. Bajaj sought his release on bail on the ground that he had
been co-operating with the police in the investigation of the case and had flown in
from Mumbai to assist the probe. He was granted bail later. The DPS boy who was at
the centre of the MMS controversy was also arrested and bought before a Juvenile
Court in Delhi but was given bail. This case is important case under cyber

10
 pornography and also was helpful to describe the intermediary liability in
cybercrimes.
b. Dr Prakash case,
In this case in 2008, a Fast track court in Chennai sentenced orthopaedic surgeon Dr.
Prakash to Life imprisonment in case relating to taking obscene picture of the women
and uploading them on to internet. Dr. Prakash became the first person to be arrested
under the IT Act. He was accused of sexually exploiting women and uploading their
obscene pictures on the internet with the help of his brother based in the US.
c. Ritu Kohli’s case
In the case, Manish was unlawfully communicating with a person named Ritu Kohli
on the website www.mirc.com under the name Ritu Kohli. Manish was regularly
conversing on the abovementioned Website as Ritu Kohli, using filthy and offensive
language, disseminating her residential telephone number, and asking others to call
her. As a result, Ritu Kohli began receiving obscene calls from various chatters in
India and overseas. The case was first filed under s. 509 of IPC. This case alarmed the
need of addressing these crimes through IT Act and thus successful amendment was
made.

3. Cyber Theft
It is another form of cybercrime used by the cyber criminals to steal information or
money from a distant location with the help of a computer or an internet. It includes
various types of crimes like:
a. Identity Theft: It refers to the fraud which an individual does by making a fake
identity on the internet in order to steal money from bank accounts, credit or debit
cards, etc.
b. Forgery: It means making of false document, signature, currency, revenue stamp, etc.
c. Phishing
It is a another very common type of cybercrime which is used by hackers to steal
information which is personal like passwords, usernames, bank account number,
credit card details, etc. It is generally carried out with the help of email spoofing.
d. Web hijacking
It refers to hijacking of the victims account with the help of a fake website in order to
damage it or change the information of the victims’ webpage.
4. Malicious Software

11
Malware is malicious software it is harmed to computer networks and systems there
are various types of malwares.

Types of Malwares
1) Adware
Adware — commonly called “spam” — serves unwanted or malicious advertising.
While relatively harmless, it can be irritating as adware can hamper your computer’s
performance.
2) Fileless Malware
Fileless malware doesn’t directly impact files or the file system.
3) Viruses
A virus infects other programs and can spread to other systems, in addition to
performing its own malicious acts. A virus is attached to a file and is executed once
the file is launched. The virus will then encrypt, corrupt, delete, or move your data
and files.
4) Worms
Worms do not need human action to spread once they are in a network or system.
Worms often attack a computer’s memory or hard drive.
5) Trojans
A trojan program pretends to be a legitimate one, but it is in fact malicious. A trojan
can’t spread by itself like a virus or worm, but instead must be executed by its victim.
Eg. I love you virus
6) Bots
A bot is a software program that performs an automated task without requiring any
interaction. Bots can execute attacks much faster than humans ever could. A computer
with a bot infection can spread the bot to other devices, creating what’s known as a
botnet.
7) Ransomware
Ransomware attacks encrypt a device’s data and holds it for ransom. If the ransom
isn’t paid by a certain deadline, the threat actor threatens to delete or release the
valuable data.
E.g., 2022 Costa Rican Government.
8) Spyware

12
 Cybercriminals use spyware to monitor the activities of users. By logging the
keystrokes, a user inputs throughout the day, the malware can provide access to
usernames, passwords, and personal data.
9) Mobile Malware
These spreads through mobile phones to control spying tools and are installed in
mobile handsets.
10) Rootkits
Rootkits were not originally designed as malware, but they have become a common
attack vector for hackers. A rootkit allows a user to maintain privileged access within
a system without being detected.

Cyber Crimes Under IT ACT

(Please go through the sections)

Cyber crimes under IT Act are divided into two:

a) Cyber Offences

The Chapter XI- Offences under Section 65-78 of IT Act deals with Cyber Crimes

b) Cyber Contraventions
Chapter IX- Section 43-45

Sections under the Information Technology Punishment

(Amendment) Act, 2008
1. Section 66A: Cyber Stalking, i.e., sending Imprisonment up to 3
offensive messages through any years long with a fine.
communication services like a computer or
mobile phone

2. Section 66B: Receiving stolen computer’s Imprisonment which may

resources or communication device extend up to 3 years, or
dishonestly with a fine of rupee 1 lakh
or both.
3. Section 66C: Identity Theft Imprisonment which may

13
 extend up to 3 years along
with a fine that may
extend up to rupee 1 lakh.
4. Section 66D: Phishing, i.e., punishment for Imprisonment which may
cheating by personation by the use of extend up to 3 years along
computer’s resources with a fine that may
extend up to rupee 1 lakh.
5. Section 66E: Voyeurism, i.e. punishment for Imprisonment for 3 years
violating privacy of an individual along with a fine which
may be extended up to 2
lakh rupees or both.
6. Section 66F: Cyber Terrorism Life imprisonment.

7. Section 67A: Publishing/ or transmitting Imprisonment up to 5

material in electronic form containing years along with a fine
sexually explicit contents that could extend up to 10
lakh rupees in the first
convict; and imprisonment
can be extended up to 7
years with fine of 20 lakh
rupees in the second
convict.
8. Section 67B: Child pornography Imprisonment up to 5
years along with a fine
that could extend up to 10
lakh rupees in the first
conviction; and
imprisonment can be
extended up to 7 years
with an extended fine of
10 lakh rupees in the
second conviction.

14
Cyber Contraventions

The Information Technology Act provides legal protection to the owner of computer
resources against cybercrimes. Any illegal act or unauthorized use of the computer, computer
system or computer network constitutes cybercrime in the form of contravention or offence.
Section 43-45 of the Act deals with the cyber contraventions and its penalties.

A. Access without authority

If he accesses or secure access to the computer, computer system or computer network

without authority. In a case, where Mphasis BPO Fraud Four call centre employees were held
liable for obtaining PIN Codes from four customers and misusing them. Court held that Sec.
43(a) and Sec. 66 were applicable here due to the nature of unauthorised access involved to
commit transactions.

• Downloading, copying or extracting any data without authority: If he downloads,

copies or extracts any data, computer data base or information from such computer,
computer system or computer network.

• Introduction of computer contaminant or virus: If he introduces or causes to be

introduced any computer contaminant or computer virus into any computer, computer
system or computer network including information

• Damage to computer database: If any person damages any computer system, or

network, or any computer data, database or programme.

• Disruption of computer, computer system or computer network: If any persons

disrupt any computer, computer system or computer network.

• Denial of access to authorised person: If he denies access to any person authorized

to access any computer, computer system or computer network by any means.

Some of the contraventions were added by IT Amendment Act, 2008

I. Destruction, deleting or alteration of information. If he destroys, deletes or alters

any information residing in a computer resource or diminishes its value or utility
or affects it injuriously by any means.
II. Stealing, concealing, destroying or altering computer source code. If he steals,
conceals, destroys or alters any computer source code used for a computer
resource with an intention to cause damage.

15
 He shall be liable to pay damages by way of compensation to the person so affected
(Prior to the IT (Amendment) Act, 2008 the number of damages by way of
compensation was up to 1 crore only.

Investigation and Adjudication

Section 78 of the Act of the Act deals with Power to investigate offences. It is described that
A police officer not below the rank of ‘Inspector’ shall investigate any offence under this Act.
Section 80 of the Act describes the power exercised by these authorities.

Sec. 80- Power to enter and search any place

This can be done by Any police officer not below the rank of inspector or any other of
Central Gov/ State Gov authorized by Central Government.

Adjudication

Dealt under Section 46- Appointment of adjudicating officer

The CG can appoint one or more person as adjudicators to hold an inquiry in the matters
arising under the Act.

Who can be appointed as adjudicator?

• Any officer not below the rank of Director to the Gov of India

• He shall possess knowledge in IT and legal and judicial experience

• Adjudicating officer is termed as “Quasi-Judicial body”

Qualifications for an adjudicating Officer

The qualifications for appointment are discussed under Information Technology (qualification
and experience of adjudicating officers and manner of Holding Enquiry) rules, 2003 deal with
eligibility of adjudicating officer, their appointment and manner of holding enquiry.

a) Possess a bachelor Degree

b) Possesses relevant information technology experience in handling

Government functions.

c) Legal and judicial experience qualified for a District or Additional DM

d) Quasi- judicial body with 5-year experience

16
 e) Is eligible as a Grade I officer in Government Departments

Power of the Adjudicating Officer

1. Powers of Civil Court

2. Power to award compensation not exceeding 5 crores.

3. Power to impose penalty, compensation

Residuary Penalty (Sec.45)

No penalty prescribed a compensation not exceeding Twenty-five Thousand to the person

affected.

Scope and manner of enquiry (Rule 4)

1. Complaint shall be made to adjudicating officer

2. The officer issue a notice along with all documents to necessary parties to proceedings
fixing a date and time for proceedings

3. The adjudicating officer will explain the nature of offence if pleads guilty its
recorded.

4. The officer on the basis of report decides whether an enquiry should take place or the
report shall be dismissed and decide to hear the matter.

5. The officer can seek assistance to the matters from officer or controller or any officer
under CERT India or Concerned Inspector of Police.

6. The officer can fix date for the production of evidence

7. The application must be heard within 4 months and whole matter must be decided
within 6 months

8. On being convinced the application is cyber offence under Chapter XI of the Act, he
must refer it to Magistrate through a presiding officer.

9. Power to issue order for paying damages or pay penalty

10. The copy of order must be delivered to parties

17
Budapest Convention on Cybercrimes, 2001

This was the first international agreement dealing with cybercrimes. The Council of Europe’s
(CoE) Cybercrime Convention is also known as the Budapest Convention. It was open for
signature in 2001 and came into force in 2004. The convention is the sole legally binding
international multilateral treaty on cybercrime. It coordinates cybercrime investigations
between nation-states and criminalizes certain cybercrime conduct. Further an Additional
Protocol on 2006, made publishing of xenophobic and racist material an offence.

-India is not a party to this Convention

Offences recognized under the Convention

1. Offences against confidentiality, integrity, and availability of computer data and

systems

2. Computer related offences

3. Content related offences

4. Criminal copyright infringement.

Important principles governing the Convention

1. Mutual Legal assistance (MLA) (Article 27)

The parties to agreement must agree for mutual assistance for the purpose of
investigations and proceedings concerning the cyber offences.

2. Extradition (Article 24)

The countries should agree on extradition as to punish for those crimes which are
punishable in both countries. The person should be deprived pf liberty for a maximum
of 1year or more severe penalty. In case, of a different agreement is agreed by the
countries they can give punishment.

The enforcement Machinery

The enforcing of investigation and monitoring of these crimes under convention are dealt by
a committee called the Cyber Crime Convention Committee (T- CY).

‘Jus Cogens’

18
Most of the international principles are applied to treat the relations between two nations
based on these international principles. Some of these principles are applicable to all nations
despite the fact that they are a party to these conventions. This principle is called ‘Jus
cogens’.

Jus cogens, also known as the peremptory norm, is a fundamental and overriding principle of
international law. It is a Latin phrase that translates to ‘compelling law’. It means a body of
fundamental principles of international law which binds all states and does not allow any
exceptions. It is binding upon all the members of the international community in all
circumstances. Jus cogens imply absolute restrictions on genocide, slavery or slave trade,
torture or other inhuman treatment, prolonged arbitrary detention, and racial discrimination.
The Russian proposal entitled “Countering the use of information and communications
technologies for criminal purposes” was recently put forth in the United Nations General
Assembly (UNGA). The Russian proposal calls for creation of a committee that will convene
in August 2020 in New York in order to establish a new treaty through which nation-states
can coordinate and share data to prevent cybercrime.

19
20