Introduction

March 28, 2018 | Author: Ankit Yadav | Category: Element (Criminal Law), Mens Rea, Cybercrime, Crimes, Crime & Justice


Comments



Description

 CHAPTER-IINTRODUCTION The present age is the age of ‘automation’ where man is shifting his maximum burden on machines to get work done. The Computer Technology helps the present human civilization to such a greater extend that life without computers seem to be impossible! Speaking with examples, railway reservations, aircraft transportations, bio-matrix attendance in offices, Examination result cards, Traffic signals, Telephonic communications, Banking transactions, all are now carried out with the help of computer machines and every data and information has acquired electronic shape and capable to move through the optic fibers. Today, voice files, song files, photographs, currencies, news items, clips, bio-data’s, letters, so on and so forth are capable of being transferred, distributed, circulated and stored in electronic form. Thus present generation is greatly depends upon the computer technology for the easy mechanism and effective operations operated in electric format through computers . However, the facilities of computer technology have not come out without drawbacks. Though it makes the life so speedy and fast, but hurled under the eclipse of threat from the deadliest type of criminality termed as 'Cyber crime'. The Cyber crime can halt any railway where it is, it may misguide the planes on its flight by misguiding with wrong signals, it may cause any important military data to fall in the hands of foreign countries, and it may halt e-media and every system can collapse within a fraction of seconds. Therefore, it is necessary to examine the deadliest form of criminality of the present millennium, conceptually termed as ‘Cyber crime’. Evaluating nature of ‘Crime’-Socio-Political-Economical i)Crime as an evil factor of society 1 Despite crimeless society is myth, crime is omnipresent phenomenon, and it is non-separable part of social existence, one may get irritate by the question, 'Why there is too much ado about crime?' No one can deny that crime is a social phenomenon, it is omnipresent, and there is nothing new in crime as it is one of the characteristic features of the all societies existed so far, may it be civilized or uncivilized, and it is one of the basic instincts of all human behaviour! However, it should bear in mind that the social concern for high crime rate is not because of it's nature, but due to potential disturbance it causes to the society. Crime is a prime social concern and the seriousness of the social effect of crime hardly needs to be described. The general public is, by definition, always been the victim of crime. The general public suffers losses from crime either directly (in the treason or theft and destruction of public property), or indirectly (in the form of the expense of maintaining the police and the courts and in the form of uneasiness or even terror because of the prevalence of crime). In addition, some individuals are victims of crime in a more specific sense. The victims of crime may lose anything that has value. Safety, peace, money, and property are perhaps basic values, because they contribute to the satisfaction of many wishes. Therefore there is sentiment having hate for crime, which reflects into the form of prescription of punishment by political authority of given society. The crime is always considered as an evil for the society. ii)Definition of crime : flagged by Socio-Eco-Political riders Conceptually, crime is a dynamic and relative phenomenon and subjected to the relative socio-political & economical changes occurring in existing system of society. Therefore, neither alltime suitable comprehensive definition encompassing all aspects of ‘crime’ is possible at any moment of time nor can a single definition be made applicable to different society. With its dynamicity, it is influenced by the changes occuring in the correlated phenomenon and value system generated by these changes. As evident in present scenario where money is more 2 valuable than values, a definite hike in the corruption related offences are observed where social morality is low which influence the commission of crime attached less social stigma than ever before. . Incidentally economic crime is on its peak. This clearly reflects that crime has its interdependency with other social phenomenon, economic systems and political machineries. Also, the population is one of the important factors influencing incidences of crimes. A positive correlation between the growth in incidences of crime and the population of the country has been observed. Besides population, the other factors influencing the crime are such as situation at a particular place, rate of urbanization, migration of population from neighbouring places, unemployment, income inequality, [computer literacy in case of Cyber crime] etc.2 At the same time, the economic structure of give society is also influence the economic crimes. As every controlling systems for crime has much to do with the political system which prescribe norms, make rules, create preventive measure, the political structure and system also influence the crime in given society. This clearly demonstrates that every definition of crime has correlation with the socio-economical and political factors. iii)Emergence of Cyber crime – origin is rooted in World War-II The aftermath of World War-II has witnessed the drastic changes in every domain of life. The new mechanical adroit appear to convert all relationships of man with material things vanishing the boundaries between living and non-living being. Today mechanical adoption by human being is challenging the standards of conventional limitations laid down by time and space. The Cyber-technology has played major role in this transformation. The present study has been undertaken to touch some aspects, effect and prospects of this Cyber-technology with special reference to threat pose by Cyber crime by India. Efforts have been made to analyze legal framework available for its control in India. To start with, it is, therefore, necessary to demarcate the dimensions of word ‘crime’. Thus it is beyond doubt that 3 analytical thinking. Gradually during medieval period. and thoughts of lessie faire. and a fresh look to ‘crime’. the definition adopted to treat crime attempted on more secular principles. Allpolitical and social activities in general and 'Crime' in particular. the definition of crime flagged by religious interpretation. The period was known for complete dominance of religion.3 So far Indian society is concerned. particularly during ancient period. Thus from time immemorial the behavior that attracts ‘penal liability’ influenced and characterized by overall outcome of these standards. principles of natural justice. During this regime scientific and industrial revolution took place rapidly and State started to sponsor activities of venturing for new colonies. Each society have been providing its own description of criminal behavior and conduct made punishable by express will of the political community ruling over the society and it was always influence by religioussocial-political. State declared the sociopolitical and economical sphere as its sole jurisdiction and as crime fall in the list. positive approach. The concepts like utilitarian. State started to emerge as independent entity by breaking of religious bondages. Parenthetically. considered to be happened due to the presence of super-natural power. Medieval period had evidenced the eras of renaissance and restoration.‘crime’ is a relative phenomenon. which delivered new. just as concept of crime [has undergone] change with the growth of Information Technology so the categories of criminals who engage in such crimes. and pain and pleasure theory were outcome of this period which helped to open new horizons for the study of crime. Marching on the line of secularism.economical values prevailing in the given society. The Demonological theory of crime causation was an outcome of this period. universal in nature and essentially all societies from ancient to modern have been evidently demonstrating its presence. Latter period paved the way for scientific & industrial revolution and rational way of interpretation dominated the thinking. hedonistic philosophy. This was the period when European countries hurled into wars for grabbing colonies in different 4 . Thus after World Wars. These trans-national crimes overthrow the possibility of encompassing it within domestic definition. the fashion of grabbing of new territory and developing the colonies were come to an end. Cyber crime may be defined as “any crime with the help of computer and telecommunication technology”. Cyber crime -By-product of Computer Technology : In the information age the rapid development of computers. neo-globalization process begins and new types of crime started to emerge challenging the age old notion of sovereign and jurisdiction. Depending on the prevailing dominant factors. Asian and African countries started to liberate from the iron pawn of continental countries to shape their own laws on domestic requirement. i. One of such categories of crime which is new in origin. telecommunications and other technologies have led to the evolution of new forms of trans-national crime known as 'Cyber crime'. Soon the result of 5 . This was the basic factor for defining 'crime' on more secular line having social and psychological riders. The manpower. brains and intelligence that were earlier hurled into the development of new weapons. This process lasted long to World War . and requires treatment on different footing is 'Cyber crime'. Historiographical developments of crime reflect addition and deletion of various acts as a crime and non-crime. with the purpose of influencing the functioning of computer or the computer systems. now turned their attention for using the technology for other purposes.parts of the globe. Incidentally. but took reverse gear. techniques & tools. During this period Indian Criminal System shaped by Britishers on colonial footings. the list of criminal acts modified. the legal systems of various nations of different parts of the world started to merge and influence each other. Cyber crime has no virtual boundaries and may affect every country in the world.II when process of colonization not only stopped. at the same time. However. using electronic technology appears on the scene. Thus at the end of second millennium and at the start of third millennium we feel to entering from printing culture to electronic culture where everything has been done with the help of computers. ii. digital libraries etc.textual. The options available with the communication and information dissemination through computer networking has its own limitations and leeway. but computer networks exhibit these characteristics to a unique degree. television. First is a multidirectional interactivity: Any user can be a sender or a receiver. mobile phones. Third is transnationalism: Embargoing distant computer links is difficult without serving all outside telephone connections and thereby crippling economic development. the World Wide Web provides a basis for multiple languages . At the same time. photographic.. such as the telephone and radio. '…. The distinctive character of Internet communications for geographers comes from the Net's merging of three basic characteristics. It can be described in following words. Communication by Computer networking: Where the difference lies? One of the characteristic features of modern way of communication is the varieties it provides.. radio. pagers. video games are some of the toys invented for the purpose. there is the matter of the differences between computer networks and other types of communication. Second is instantaneity: Delay relate more to the speed of the processor used by the remote computer than to the distance of any browsed site. calculations. The electron based technology emerge as an alternative for paper based culture. accounting. Telephone. visual presentations. graphic. Some of these characteristics may be shared with other media. Furthermore. the electronic technology has provided wider dimensions of its use in most of the sphere of life such as banking and financial sectors. and 6 . robots and adroit. resistance to adopt change. the brutal weapons like e-mail bombing. This crime is high-tech and needs trained and equipped personnel to man investigatory and prosecuting agencies for effective prevention and control of computer related crime.circulating at a transnational scale in a multidirectional and instantaneous manner. why does too much hubbub there for demand of protective mechanism? The answer is simple to reply and difficult to digest. iii. why is there growing importance of Cyber crime? Why does too much excitement about it? Why is the present day society treating it as the deadliest form of crime? And ultimately. at least. logic bombs resulting into the disrupt behavior of computer networks are very few incidences of recent days. technological transformation is happening across the world without any exception.cartographic . computers and electronic diaries and we wonder how we managed without them. hacking. Unauthorized access. smashing computer networks on very large scale. Description of dangerous and the deadliest nature of Cyber crime can be imagined from following paragraphs – Today we find ourselves dependent on pagers. The more dependency and the utility of them in day to day work have given birth to the darker side of internet age. but 7 . blunt response and lack of awareness in society. Why does Cyber crime dangerous and the deadliest crime? One will wonder. The difference between the pace of development of Computer Technology and efforts to safeguards society from its misuse and probable harm it may cause. the present situation is aggravated and worsens due to the computer illiteracy. Today. spreading of viruses. cellphones. Network crime[…] are the most unpredictable calamity on the Cyber world. with potentially profoundly new consequences. The security is only for the present moment. The deadliest nature of Cyber crime can be put in the words of Vivek Sood. indulge in Cyber pornography involving children. a famous legal thinker and cyber law expert who has commented – "Cyber crime is the deadliest epidemic confronting our planet in this millennium. play online frauds by transfer of funds from one corner of the globe to another and gain access to highly confidential and sensitive information.B. These are the figures when no more than 10% of Cyber crime gets reported. Cyber crime is presently estimated to be growing at the rate of 4.technological utilization. Cyber crime seems to be the emerging trend of new criminality. either directly or indirectly. It is said that none is secure in the Cyber world. have the potential of shaking economies. it is necessary to recognize it as a constituent aspect of the wider political. social and economic reconstructing currently effecting countries worldwide. Justice J. This new technology not only provides opportunity for the profitable development of an international 8 . technological driving forces are in the hands of few. From 640 criminal complaints (1. With the growing use of the Internet. is not a slow journey by any standards. play tax frauds. planting computer viruses and online financial frauds.82.000 (773 per day) for the year 2000. Cyber crime such as hacking.7 per day) in 1993 to the projected 2. In the light of above description. Cyber crime would affect us all.1% per week. and commit innumerable other crimes on the Internet. A Cyber criminal can destroy web sites and portals by hacking and planting viruses. Sinha while commenting on the nature of Cyber crime observed – To understand Cyber crime as a significantly new phenomenon. which has potentiality to change the entire notion of set traditional road map of crime. access. Moreover he can cause harassment by e-mail threats or obscene material. computers facilitate to such a great extend that one can imagine!! For instance.8 It only if anybody tries to understand the potential harm the Cyber crime may cause can understand the danger of Cyber criminality. Thus the advancement. Computers. even theft can be 9 . They very technology that enables multinationals to do business more effectively and challenge the individual controls and regulations of nation states. And if this secure place is connected to Internet. to be noted down. Inquisitively. report. If everyone becomes aware of the dangers of being online. All over again. but it should be important to everyone. it is difficult to filch a book.information market but has also raised the specter of new criminal activities to exploit them. also offers the prospect of globally organized criminal networks. are extremely vulnerable. the dangers will slowly disappear. photographs or any other information in printed form from any house of office. the risk involve the committing Cyber crime is very less due to its special characteristics. Moreover the free flow of uncensored information on electronic networks and web-sites is an attractive to insurgents and extremist groups as it is to dissidents proclaiming their human rights. The description is not imaginarythat to steal the national secrets from any government office or any information about military equipments from the computers of respective organization is comparative more easily than to steal a loaf of bread from stall of unattained hawkers standing side by road. despite being such high technology devices. Ignorance of Cyber crime will be no excused I)Cyber crime -Ignorance may prove fatal Cyber crime is only important to a few people. inventions and revolution in the modern age is the basic driving factor for Cyber-technology. But one can take it in the form of CD ROM where one can store lakhs of pages. thousands of photographs from any secure location. effectively. These programs are written in several lines compatible to computer readable language. ii. when we carry into it our own language. These programs have some tips. it is just a pattern of electrons skimming a net of computers. the space could not be understood. processes and logic to be followed 10 . Cyber crime: the complex phenomenon – How so far to safeguard? One problem with Cyber crime is its complexity to understand and safeguards. What exactly it means? Indeed. And it is through a practice of analogy that this occupation occurs." or that we wonder about the dynamics of real-time discussions in "CB-chat" areas. if indeed we are to understand it. No doubt. accurately. But after all computers works through programs specially design for the purpose. or that we describe postings on "electronic bulletin boards. Furthermore. in one sense. We have no choice but to take control of this space at first with our ordinary terms.completed via computer networking without being physically entering into premises. i. or at least it could not be understood by us. These make computer related crime more severe and serious now-a-day. It is understood by us only when we put things into it. efficiently. It works fast.9 But described like this. What is Cyberspace & where does it occurs? First consider the word 'Cyber space'. when we colonize it. a construct that describes a location where a collection of activity occurs. without taking pause. it is not by an accident that we speak of e-mail. computers are boon and it is very good servant as well having lot of potentiality. when we domesticate it. instructions. and continuously. as now a day the paper-based system is rapidly replacing by electronic based system and more transactions are switching over to electronic format. the danger is growing ever fast. it was well 11 .by operating systems. The hackers then find another weakness to exploit and the cycle goes on and on. It is far easier to find weaknesses in existing operating systems rather than designing and developing a secure operating system.Crime can be defined as an act which is followed by legal consequences if it is considered as a mistake that is against the law. The hackers are always in search of any lacuna or loopholes of this programming system. and also advocates punishment for the list of some stipulated offences . hackers can easily exploit the numerous weaknesses in operating system and security products. treason etc. the subject matter of criminal law . And if they find it. If anyhow the lacuna has detected and patched up. security initiatives to be taken by the rulers. considered to be an authentic administrative treatise in India. the operating system (OS) manufacturer patches it up. CRIME: TRADITIONAL AND MODERN APPROACH Crime. Kautilya’s Arthashastra written around 350 BC. Thus when one weakness is exposed and exploited openly by the 'black hat' community. Crime is both a social and economic phenomenon. though the term crime is used at later stage of legal evolution. It is as old as human society. discusses the various crimes. they can break open the security of the programs and enter into the security zone where they can do any havoc.it is as old as human life. and mythological stories have spoken about crimes committed by individuals be it against another individual like ordinary theft and burglary or against the nation like spying. possible crimes in a state etc. Operating systems are composed of millions of lines of code and no single individual can claim to understand the security implications of every bit of these computer instructions. Many ancient books right from pre-historic days.is not a new thought . In developing economies. computers and other electronic devices pervading the human life.PRINCIPLES OF CRIMINAL LAW. the law's purview is not to punish criminal ideas but to punish those who act upon those ideas voluntarily."For example. 12 .C NIGAM.1351(AS AMENDED) THOUGH IT IS AN OFFENCE TO IMAGIN THE DEATH OF THE SOVEREIGN BUT THE COURT IN R. This is a necessary element—that is. Unlike thoughts. ELEMENTS OF CRIME : ACTUS REUS AND MENS REA Mens rea refers to the crime's mental elements of the defendant's intent.” LAW OF CRMES IN INDIA” . the mens rea of aggravated battery is the intention to do serious bodily harm. man cannot spend a day without computers or a mobile. That is.1820 RULED THAT THE INTENTION MUST BE REFLECTED BY SOME OVERT ACT. Crime in any form adversely affects all the members of the society.VOL. sometimes called the guilty mind1. V THISTLEWOOD. It stems from the ancient maxim of obscure origin.said by Per Lord Atkin that the only standard thing that can measure the criminality of act is the punishment or the penalisation given to that particular act. cyber crime has increased at rapid strides. All crimes require actus reus. Mensrea is the mental intention (mental fault). This element is based on the problem of standards of proof. words can be 1 R.1 ) 6 2 UNDER THE TREASON ACT. or the defendant's state of mind at the time of the offense. a criminal act or an unlawful omission of an act. A person cannot be punished for thinking criminal thoughts. "actus reus non facit reum nisi mens sit reas" that is translated as "the act is not guilty unless the mind is guilty. Further. must have occurred 2. the criminal act must be voluntary or purposeful. due to the rapid diffusion of the Internet and technology in almost all walks of society right from corporate governance and state administration. up to the lowest level of petty shop keepers computerizing their billing system. considered acts in criminal law. Arson requires an intent to commit a forbidden act. and solicitation are offenses in which words can constitute the element of actus reus. For murder. the reason the act was committed. perjury. while others such as murder require an intent to produce a forbidden result. the mental element requires the defendant acted with "malice aforethought". in those crimes where particular consequences form a part of the actus reus. 3. Motive. he was acting voluntarily 2. Others may require proof the act was committed with such mental elements such as "knowingly" or "willfulness" or "recklessness". This can be summed up in these words: a man will be criminally responsible if: 1. knew what he was doing. threats. Mens rea varies depending on the offense. Mens rea is almost always a necessary component in order to prove that a criminal act has been committed. For example. is not the same as mens rea and the law is not concerned with motive. conspiracy. The omission of an act can also constitute the basis for criminal liability.foresaw the likelihood of those consequences CYBER CRIME 13 . 2. “ A practice on hyper linking. In it.law relating to computers . Crimes in which computers are targets.The term 'cyber crime' has not been defined in any Statute or Act. CBI Manual defines cyber crime as: 1.(2002 edition. Every time a computer is moved by human hands.internet and e-commerce. A generalized definition of cyber crime may be "unlawful acts where in the computer is either a tool or target or both". any of the following actions may follow which may be regarded as actus reus: 3 ANKIT MAJUMDAR. Crimes committed by using computers as a means. The access intented to be secured must have been unauthorised. The Oxford Reference Online defines 'cyber crime' as crime committed over the Internet. one should see what the state of mind of a hacker was and that the hecker knew that the access was unauthorised in relation to any computer. including conventional crimes. Actus reus in cyber crimes has become a challenge as the entire act is committed in intangible surroundings. The following two ingredients form the mens rea applied to a hacker3: 1. So what exactly is Cyber Crime. The Encyclopedia Britannica defines 'cyber crime' as any crime that is committed by means of special knowledge or expert use of computer technology. Cyber Crime could reasonably include a wide variety of criminal offences and activities. There should be awareness on part of the hacker regarding the access. DOCTRINE OF CYBER CRIME : MENSREA AND ACTUS REUS IN Doctrine of mens rea applies to cyber crimes also.framing and met tagging” .)272 14 . 2. Either attempting to access the data stored on the computer or from outside through the said computer.   CHAPTER-II 15 .1. Trying to do some act using computer. 2. The deviance is noted in the following manner : cyber crime are easy to commit. can be committed in a jurisdiction without being physically present in it and they are often not clearly illegal.CYBER CRIME: A DEVIANCE FROM TRADITIONAL CRIMES Internet has revolutionized the conventional notion of crime.THREE CATEGORIES 16 : . require few resources related to the potential damage caused. Traditional crime Scene of occurrence Can be spotted report to the police alleged accused is generally a common man Arrest and seizure Investigatio n trial by court having jurisdiction productio n of evidence Multinationa l jurisdiction Intangible and volatile evidence Cyber crime Scene of occurrence unknown Latency in report to the police alleged accused is generally a computer Police is untrained Investigatio n High tec CYBER CRIMES . If there had been a sharing in many mobile equipmentsthe first source couldn’t be fixed.committing . misleading. Obscenity. Eg. OFFENSIVE MESSAGES (Messaging. AGAINST NATIONS – Cyber Terrorism – Damaging critical information in frastructures. Web based SMS-SMS can be sent by logging onto sites likeway2sms. AGAINST PERSONS – On-line harassment. MMS-Multimedia messages often defaming or obscene aresent among small groups using mobile phones/ Bluetooth.computer system and network operation.e direct access and indirect access. defaming) 1. annoying. insulting.com by becoming a member of the sitetyping the message of choice and choosing destinationto be sent 4 Valadmir golubev.”computer crime typology”16-1-2004.and covering up crime and connected to use of corresponding Facilities and means. MODUS OPERANDI OF CYBER CRIME: It is a system of actions of the criminals united by one intention directed on preparing . SMS-SMS may be sent using mobile phone of one’s own identity or by acquiring a fade identity.Few SMSs had been circulated affecting public tranquillity. 3.4 I. Arrest of theManaging Director of bazee. Often captured in private places unknowingly forfuture exploitation. Modus operandi of committing cybercrime mainly involves illegal interference in computer .. 2.AGAINST PROPERTY – Financial crimes – cheating on-line – illegal funds transfer. Cyber Stalking. false alarm as target of explosion. 17 . intimidating.com in a school MMS scandal in Delhi. Eg: False Tsunami warning.such interference is of two types i. cheating. 2.Chat room messages in internet relay chats happens bydirect connection between each others’ machines inwhich the IP logs are stored neither by Yahoo norGoogle and so information shared in Chat rooms maybe saved but can never be traced retrospectively to itsorigin. Landline/mobile calls.prankdial.Difficulty if the connection is in a non-existentfictitious address. Web based calls. false mail foradmission to a reputedUniversity). job racket) (SMS of lottery cheating.) 1.co. the IP logsinvariably had shown some Nigerian. emailsof prize money. 18 .com.Landlinecalls/mobile calls.uk domains IP which arefrequently used never share the login IPs and itprovides a conducive climate for commission ofcrimes. II. 4.com/ III. SMS/Email messages of winning a lottery of prizemoney or articles.net/www.Live. web based calls etc. Yahoo.To the extent it was made available. alluring people to deposit money. Chat room messages.Greed of the victim is the main reason why cyber frauds are successful.Many landlines still have no caller Ids.Calls can be made by spoofing the mobile numberusing the sites like http://www. OFFENSIVE CALLS (Offender calls either by his/her own name or by acquiring false identity.phonetrick.Clues available are email IDs and sometimes fewmobile phone numbers. articles.Middle East and American countries. DECEPTIVE MESSAGES (Lottery. falsepromise of jobs. Mediterranean.any where in the world by concealing one’sidentity  Way2sms never share the IP logs with law enforcementagencies. Hence usersdetails are not available. part of the films. music etc.IV. 19 . password or other unique identification feature. criminals and sometimes even by disgruntled employees.      DATA THEFT (Theft of proprietary information causing breach of confidentiality and integrity and There by altering its utility value. INTERNET VIOLATIONS OF COPY RIGHTS (Internet violation of copyrighted informations like feature films. More due to disharmony in employee/employer situations by disgruntled employees. Many a times the employers become suspicious about their ex-employees and attribute instances of data theft which the ex-employee was holding in his possession to carryout his official duties at the time of his employment.It is the first step towards credit card fraud. onlineshare trading scams and e-banking crimes. IDENTITY THEFT Identity theft involves fraudulent or dishonest use of someone’s electronic signature. or sell it to a competitor.  Uploading happening in Indian servers can be deleted. Frequently breach of Non Disclosure of Agreement(NDA) and Memorandum of terms of employment are often attributed to criminal activity by employers which in truth may be a civil violation. 1957 often challenges the film industries and law enforcement. Disharmony in work place often makes the ex-employees to take away the valuable data or design or client information.) Sensitive information belonging to business organizations is targeted by rivals. VI. causing loss to the revenue and criminal violations of Copy Right Act.IPR theft)  Posting of features films. songs. Sometimes they damage it. delete it. V. Despite that if persisting. 20 . FINANCIAL CRIMES – SPOOFING/ PHISHIHG/ INTERNET BANKING (Offender creates/Spoofs. Phishing usually involves spoofed emails that contain links to fake websites. the webpage of a bank or any organization in the guise ofenhancing their security or updating the services. A spoofed page becomes difficult to be distinguished by normal viewers. New PIN orPasswords reach as mobile SMS. Spoofing of the sites normally happens in bank pages if the intention is for a financial fraud. Spoofing becomes a pre-requisite for causing deceptive belief and it follows phishing of vital information. VII. deletion becomes a task of chance and persons behind the activity may not surface at all. Internet Banking requires unique authentication. Forgotten PIN or password option generates new ones if answers to the questions match. online share trading scams and e-banking crimes. almost everyone is affected by financial crimes. collects personal confidential information at various stages and abuses the information for causing wrongful loss.fraudulent transfer of funds in Internet banking)         This is a wide term that includes credit card fraud. Other sites get spoofed for misleading the viewer or for causing embarrassment. deletion happens by request. If it is an International server. mobile phone security if compromised. In today’s highly digitalized world. Fund transfer normally goes to bogus fictitious accounts within the country but far apart in Geography. criminals then know the precious PIN or Password. Phishing normally happens for credit card related information or for password details of internet banking.  Government sites get hacked and hackers sometimes claim responsibility for hacking. VIII. rootkits.  The intention may extend from causing a denial of service to bringing down a business competitor.  Malware is software designed to infiltrate or damage a computer system without the owner’s informed consent. sensitive proprietary or classified information without permission. backdoors.  Malware is a wide term that includes viruses. keystroke loggers and dialers.  Cyber espionage is the act of obtaining personal.  E-mail spam. Trojans.  Also known as cyber spying. spyware. worms. it involves the use of cracking techniques and malicious software including Trojans and spyware. Quick withdrawal happens through short living accounts and the offender manages to open further bogus accounts as a preparation for his future crimes. SPAM/MALWARE/ ESPIONAGE  Spam is the abuse of electronic messaging systems to send unsolicited bulk messages indiscriminately. frequently with commercial content. in large quantities to an indiscriminate set of recipients. WEB PAGE HACKING (The page gets defaced by altering the content of the file and appearance causing embarrassment and denial of service)  The primary objective in web page hacking is to deface and embarrass an organization or an institute. botnets. IX. the intention being to cause defamation and damage to the dignity of theinstitution. known as junk mail. is the practice of sending unwanted email messages. 21 . DENIAL OF SERVICE  This involves flooding a computer with more requests than it can handle.  Mobile devices are getting more computing power and are becoming increasingly feature rich. VIOLATION OF PRIVACY (Capturing and publishing the images. pp.  In a Distributed Denial of Service (DDoS) attack. 5Susan W. the perpetrators are many and are geographically widespread. often with the phone number to cause incessant disturbance by calls from international strangers. 2010. malware. stolen. Cybercrime: Criminal Threats from Cyberspace. data theft. This increases the likelihood of attacks against potential vulnerabilities. ABC-CLIO. pictures and videos of individuals often without the knowledge and concurrence and thereby passing humiliation andembarrassment)  Normally females victimized in this way by the posting of pictures with an attachment of an unwanted message. 91 22 .  Training the personnel for handling such situations and effectively ensuring the “need to know basis” may be a viable solution.X. SOCIALENGINEERING  A social engineering attack tricks people into revealing passwords or other confidential information by making people believe an unanticipated situation. Brenner. handsets.5 XII. XI. XIII. phishing etc. MOBILE DEVICE ATTACKS  Threats to the security of mobile devices include unauthorized access. causing it to crash. that there will be bomb attacks during the holidays can be considered cyber terrorism. As well there are also hacking activities directed towards individuals. Cyber terrorism in general. and the information stored on them.  Face book has proved to be a non-responsive. tending to cause fear among people. collecting information relevant for ruining peoples' lives. or other groups to map potential security holes in critical systems. organized by groups within networks. blackmailing etc. But there is a growing concern among federal officials[who?] that such intrusions are part of an organized effort by cyber terrorists. 23 .  Social networking sites like face book have maintained its unbroken silence if requests for deletion of posted pictures were addressed. can be defined as an act of terrorism committed through the use of cyberspace or computer resources (Parker 1983). robberies. despite requests not withstanding even if addressed to any of the International organizations like Child ExploitationOn-line Protection forums. Government officials and Information Technology security specialists have documented a significant increase in Internet problems and server scans since early 2001. As such. Social networking sites like Orkut have fairly responded to Police requests by furnishing the IP addresses and log details. religious or political objectives. A cyber terrorist is someone who intimidates or coerces a government or organization to advance his or her political or social objectives by launching computer-based attack against computers. families. XIV. a simple propaganda in the Internet. demonstrate power. foreign intelligence services. CYBER TERRORISM Cyber terrorism involves the use or threat of disruptive cyber activities for ideological. network. megaupload and various sites have provided a nurturing platform for the cultivation. According to the Federal Bureau of Investigation. propagation and transmission of the menace of pornography including children. OBSCENITY &PORNOGRAPHY (Uploading obscene and lascivious materials in Internet and causing propagation and transmission: abusing children and uploading of images of such abuse)  International online sharing sites like Rapidshare. DRUG TRAFFICKING Drug traffickers are increasingly taking advantage of the Internet to sell their illegal substances through 24 . XV. More than 20 cases are reported each month to the FBI and many go unreported in order to keep the victim's name out of the public domain. Blocking of porno-sites had been a challenge both in technical and legal means because the content can behosted in a different domain names or in different IP addresses from different geographies of the world. Perpetrators typically use a distributed denial-of-service attack. or computer system is subjected to repeated denial of service or other attacks by malicious hackers. e-mail server.Cyber extortion is a form of cyber terrorism in which a website. cyber extortionists are increasingly attacking corporate websites and networks. who demand money in return for promising to stop the attacks. XVI.  Surprisingly sites like Paypal and other online payment sites have been hand in glove with such sites promptingone to infer that there might be a sharing of theproceeds of income by the propagation of pornography. crippling their ability to operate and demanding payments to restore their service. The rise in Internet drug trades could also be attributed to the lack of face-to-face communication. Some drug traffickers arrange deals at internet cafes. The sketchy effects that are often associated with drug trades are severely minimized and the filtering process that comes with physical interaction fades away  CHAPTER-III INFORMATION TECHNOLOGY ACT. 2000 : 25 .encrypted e-mail and other Internet Technology. use courier Web sites to track illegal packages of pills. These virtual exchanges allow more intimidated individuals to more comfortably purchase illegal drugs. and swap recipes for amphetamines in restricted-access chat rooms. T. information and all other necessary ingredients that form part of a cyber crime. 1860 and quite a few other legislations too. The I. Offence or crime has been dealt with elaborately listing various acts and the punishments for each. Cyber crime is a generic term that refers to all criminal activities done using the medium of computers.T. the Internet. modification or destruction. communication device and information stored therein from unauthorized access. In fact. data. computer network. disruption.cyber space and the worldwide web. equipment. Act defines a computer. computer resource.Cyber Crime is not defined in Information Technology Act 20006 or in the I. The Indian Evidence Act 1872. There isn’t really a fixed definition for cyber crime. Amendment Act 2008 or in any other legislation in India. The Indian Law has not given any definition to the term ‘cyber crime’. The Act totally has 13 chapters and 90 sections (the last four sections namely sections 91 to 94 in the ITA 2000 dealt with the amendments to the four Acts namely the Indian Penal Code 1860. disclosure. it cannot be too. use. the Indian Penal Code does not use the term ‘cyber crime’ at any point even after its amendment by the Information Technology (amendment) Act 2008. The Bankers’ Books Evidence Act 1891 and the Reserve Bank of India Act 1934). In fact. devices computer. 26 . the Indian Cyber law. 6 The bill was passed by both houses of the Parliament and received president assent on 9-6-2000. under the Indian Penal Code. But “Cyber Security” is defined under Section (2) (b) means of protecting information. T. recommending all States in the UN to give favourable considerations to the said Model Law. most of international trade and transactions were done through documents being transmitted through post and by telex only. Until then. which involve the use of alternatives to paper-based methods of communication and storage of information. LEGISLATION IN INDIA: It is against this background the Government of India enacted its Information Technology Act 2000 with the objectives 7 as follows.THE GENESIS OF IT LEGISLATION IN INDIA: Mid 90’s saw an impetus in globalization and computerisation. Evidences and records. and e-commerce seeing an enormous growth. stated in the preface to the Act itself. until then. With much of international trade being done through electronic communication and with email gaining momentum. were predominantly paper evidences and paper records or other forms of hard-copies only. “to provide legal recognition for transactions carried out by means of electronic data "electronic commerce". which provides for recognition to electronic records and according it the same treatment like a paper communication and record. an urgent and imminent need was felt for recognizing electronic records ie the data what is stored in a computer or an external storage attached thereto. with more and more nations computerizing their governance.T) ACT 2000. The United Nations Commission on International Trade Law (UNCITRAL) adopted the Model Law on e-commerce in 1996. 27 . The General Assembly of United Nations passed a resolution in January 1997 inter alia. OBJECTIVES OF I. to facilitate 7 Statements of objects and reasons(I. 1934 and for matters connected therewith or incidental thereto. The Act essentially deals with the following issues:  Legal Recognition of Electronic Documents  Legal Recognition of Digital Signatures  Offences and Contraventions  Justice Dispensation Systems for cyber-crimes. the Act was the subject of extensive debates. There were some conspicuous omissions too resulting in the investigators relying more and more on the time-tested (one and half century-old) Indian Penal Code even in technology based cases with the I. the Indian Evidence Act. 1891 and the Reserve Bank of India Act.21 of 2000. Major industry bodies were consulted and advisory groups were 28 .T.” The Information Technology Act. with one arm of the industry criticizing some sections of the Act to be draconian and other stating it is too diluted and lenient. the Parliament of India has passed the amendments to the Information Technology Act 2000. elaborate reviews and detailed criticisms. 2008. Being the first legislation in the nation on technology. got President assent on 9 June and was made effective from 17 October 2000.electronic filing of documents with the Government agencies and further to amend the Indian Penal Code.04 itself. Thus the need for an amendment – a detailed one – was felt for the I. 2000. Act almost from the year 2003. the Bankers' Books Evidence Act. INFORMATION TECHNOLOGY AMENDMENT ACT. 1872. computers and ecommerce and e-communication. which is popularly known as Indian cyberlaw. Act also being referred in the process and the reliance more on IPC rather on the ITA. was thus passed as the Act No. The IT Amendment Act 2008 brings about various sweeping changes in the existing Cyberlaw.T.2008 In the last week of December. the consolidated amendment called the Information Technology Amendment Act 2008 was placed in the Parliament and passed without much debate.          Some of the notable features of the ITAA are as follows: Focussing on data privacy Focussing on Information Security Defining cyber café Making digital signature technology neutral Defining reasonable security practices to be followed by corporate Redefining the role of intermediaries Recognising the role of Indian Computer Emergency Response Team Inclusion of some additional cyber crimes like child pornography and cyber terrorism authorizing an Inspector to investigate cyber offences (as against the DSP earlier) 29 . Such recommendations were analysed and subsequently taken up as a comprehensive Amendment Act and after considerable administrative procedures.T. Act and comparing it with similar legislations in other nations and to suggest recommendations. This Amendment Act got the President assent on 5 Feb 2009 and was made effective from 27 October 2009.formed to go into the perceived lacunae in the I. towards the end of 2008 (by which time the Mumbai terrorist attack of 26 November 2008 had taken place). 66 –A to F.a & b.72-A.SCHEME OF OFFENCES Schemes of offences INFORMATION TECHNOLOGY ACT.(j) New sections 43 –A . Sections 65 .72 30 . 68(2).67 A to C. 69. 67. 69. 84-B And 84 C.2000 INFORMATION TECHNOLOGY AMENDMENT ACT 20008 Section 43 (a). Electronic signatures introducedThis includes digital signatures as one of the modes of signatures and is far broader in ambit covering biometrics and other new forms of creating electronic signatures. 31 .43 is to cover only acts done inadvertently or by negligence. This certainly cannot be the intention /objective of the amendment. 43A The corporate responsibility for data protection is incorporated in S 43A in the amended IT Act. 2000 whereby corporate bodies handling sensitive personal information or data in a computer resource are under an obligation to ensure adoption of ‘reasonable security practices‟ to maintain its secrecy. 3. 2008 1.IT ACT. S. 2000 VS IT (AMENDMENT ) ACT. failing which they may be liable to pay damages. It allows 3 forms of authentication that are simpler to use such as retina scanning can be quite useful in effective implementation of the Act. Critique on amended section 43 of IT ActThe amended Act provides the distinction between “contravention” and “offence” by introduction of the element of mens rea for an offence (s 43 for contraventions and s 66 of the Act for offences). 2. Corporate responsibility introduced in S. Legal validity of electronic documents reemphasizedTwo new sections Section 7A and 10A in the amended Act reinforce the equivalence of paper based documents to electronic documents. ipods or other devices used to communicate.online payment sites. Section 7A in the amended Act makes audit of electronic documents also necessary wherever paper based documents are required to be audited by law. Although cell phones and other devices used to communicate would fall under the definition of computer in the IT Act.online auction sites.Section 2(ha)“Communication device “ and Section 2 (w) –“intermediary”. 6. Section 10A confers legal validity & enforceability on contracts formed through electronic means. 5. rules or regulations made thereunder‟. Critique on Power of Controller under the amended ActSection 28 of the Act provides that the Controller or any authorized officer shall investigate „any contravention of the provisions of this Act. cellphones.internet service provider. The insertion of definition of „intermediary‟ similarly clarifies the categories of service providers that come within its definition that includes telecom service providers.search engines.2008.video . webhosting service providers. Important definitions added Two very important definitions are added to the IT Act through IT Amendment Act.online market places and cyber cafes.These words should be replaced with words „any contravention of the provisions of this Chapter’ in light 32 .audio or image.4.network service providers.This amendment removes any ambiguity and brings within the ambit of the Act all communication devices. send or transmit any text . Therefore . and 33 . This role has now been assigned to the Certifying Authority in Section 30 of the IT Act. rules or regulations made thereunder” for insertion of words “ any contravention of the provisions of this Chapter” . the power of Controller has to be interpreted keeping in view the intent & objectives of the Act which can be clarified.the quantum of compensation that may be awarded is left to the discretion of Adjudicating officers. As per Section 46(2).This leaves a wide room for subjectivity and quantum should be decided as far as possible objectively keeping in view the parameters of amount of unfair advantage gained amount of loss caused to a person (wherever quantifiable). 2008. This change poses a major challenge to ensuring the secrecy and privacy of electronic signatures is maintained. Beyond 5 crore the jurisdiction shall now vest with competent court. electronic signatures certificates and publish the current status of each certificate. It will need to allocate more resources and manpower to regularly publish information regarding its practices. The role of the Controller to act as repository of digital signatures has been repealed by the IT Amendment Act. The Certifying authorities will bear greater responsibility and need to strengthen their security infrastructure to ensure its role as repository is delivered with efficacy. the Controller‟s power cannot mean to overlap with Adjudicating officers who are authorized to adjudicate on cases of contravention that fall under Section 43 or the subject matter jurisdiction of CAT or the Police. 7. Also. The Role of Adjudicating officers under the amended ActThe Adjudicating officer „s power under the amended Act in Section 46 (1A) is limited to decide claims where claim for injury or damage does not exceed 5 crores.of the fact that the amendment in Section 29 for Controllers power to access computers and data has been curtailed by removal of words “ any contravention of the provisions of this Act. 2000 the office of adjudicating officer had the powers of civil court and all proceedings before it are deemed to be judicial proceedings. filling of vacancies have been incorporated. this Section combines contraventions indicated in Section 43 with penal effect and reduces 34 . power of superintendence. Composition of CATThe amended Act has changed the composition of the Cyber Appellate Tribunal .The Presiding officer alone would earlier constitute the Cyber Regulations Appellate Tribunal which provision has now been amended. The tribunal would now consist of Chairperson and such number of members as Central Government may appoint.In the IT Act. NEW CYBERCRIMES AS OFFENCES UNDER AMENDED ACT- Sec 66 As proposed in ITAA. An analogy is drawn to Arbitrations where defect in constitution of a tribunal renders an award subject to challenge as per Indian laws. The decision making process allows more objectivity with Section 52 D that provides that the decision shall be taken by majority. The qualifications for their appointment. 2008. It is pertinent to note that there has not been any amendment in Section 55 by 2008 amendments which states that no order of CAT shall be challenged on ground that there existed a defect in constitution of appellate tribunal. resignation and removal. However. 8. in my view this runs contrary to principles of natural justice.repetitive nature of default. term of office salary . etc. information. register.Sec 66 A Sec 66 B Sec 66C Sec 66 D Sec 66 E Sec 66 F Sec 67 Sec 67 A Sec 72 the punishment from 3 years to 2 years. etc. Publishing Digital Signature Certificate 35 . Punishment for dishonestly receiving stolen computer resource orcommunication device Punishment for identity theft Punishment for cheating by personation by using computer resource Punishment for violation of privacy Punishment for cyber terrorism Punishment for publishing or transmitting obscene material inelectronic form. correspondence. information or document without the consen of the person concerned discloses such electronic record. register. Punishment for sending offensive messages through communication service. correspondence. in pursuance of any of the powers conferred underIT Act. It also introduces the pre-conditions of "Dishonesty" and "Fraud" to the current Section 66. book. document to any other person. book. has secured access to any electronic record. in electronic form Any person who.. Punishment for publishing or transmitting of material containingsexually explicit act. stealing of sensitive information. public order. or in relation to contempt of court.Publishing a Digital Signature Certificate or otherwise making it available to any other person with the knowledge that the certifying Authority listed in the certificate has not issued to other subscriber listed in the certificate has not accepted it or the certificate has been revoked or suspended. receiving stolen computer resource (s 66B). Section 66 F covers any act committed with intent to threaten unity . Sending of offensive or false messages (s 66A). the security. unless such publication is for the purpose of verifying a digital signature created prior to such suspension or revocation. A new offence of Cyber terrorism is added in Section 66 F which prescribes punishment that may extend to imprisonment for life . defamation or incitement to an offence . 2008. or to advantage of any foreign nation. decency .security or sovereignty of India or cause terror by causing DoS attacks.2000 now stand included by the IT (Amendment) Act. any information likely to cause injury to interests of sovereignty or integrity of India. unauthorized access to a computer resource. Creation. morality. publication or otherwise making available a DigitalSignature Certificate for any fraudulent or unlawful purpose Many cybercrimes for which no express provisions existed in the IT Act. friendly relations with other states. For other offences mentioned in Section 66 .Sec 73 Sec 74 false in certain particulars. introduction of computer contaminant.integrity. violation of privacy (s 66E). punishment prescribed is generally upto three years and fine of one/two lakhs has been prescribed and these offences are cognisable 36 . identity theft (s 66C). group of individuals or otherwise. cheating by personation (s 66D). as per new S.and bailable. punishment for attempt to commit offences is given under Section 84 c which will be punishable with one half of the term of imprisonment prescribed for that offence or such fine as provided or both. Section 67B punishes offence of child pornography. Punishment for disclosure of information in breach of lawful contract under sec 72 is increased from 2 yrs upto 5 yrs and from one lakh to 5 lakh or both. 84C makes attempt to commit an offence also a punishable offence with imprisonment for a term which may extend to one-half of the longest term of imprisonment provided for that offence. for publishing of obscene information imprisonment term has been reduced from five years to three years (and five years for subsequent offence instead of earlier ten years) and fine has been increased from one lakh to five lakhs (rupees ten lakhs on subsequent conviction). By virtue off Section 84 B person who abets a cybercrime will be punished with punishment provided for that offence under the Act. Also. This provision was essential to curb MMS attacks and video vouyerism. This will deter the commission of such crime. abetment to commit an offence is made punishable with the punishment provided for the offence under the Act and the new S. Section 67A adds an offence of publishing material containing sexually explicit conduct punishable with imprisonment for a term that may extend to 5 years with fine upto ten lakhs. 37 . child‟s sexually explicit act or conduct with imprisonment on first conviction for a term upto 5 years and fine upto 10 lakhs. This is a positive change as it makes even browsing and collecting of child pornography a punishable offence. This will not prove to play a deterrent factor for cyber criminals. In certain offences. 67. This provision will play a deterrent role and prevent commission of conspiracy linked cybercrimes. 84B. In S. Further. such as hacking (s 66) punishment is enhanced from 3 years of imprisonment and fine of 2 lakhs to fine of 5 lakhs. or integrity of India. 2009 . monitoring and decryption of Information ) Rules.In fact the power vests now with the Central Government or State Government that empowers it to appoint for reasons in writing. The subscriber or intermediary that fails to extend cooperation in this respect 38 . intermediaries shall be bound to preserve and retain such information as may be prescribed by the Central government and for such duration and format as it may prescribe.This provision is very helpful in collection of evidence that can prove indispensable in cybercrime cases.1. Section 67 C to play a significant role in cyber crime prosecutionSection 67 C brings a very significant change in the IT Act.2000 . The procedure and safeguards to exercise this power are laid out by the Information Technology (procedure and safeguards for interception . Section 69-Power of the controller to intercept amended Section 69 that deals with power of Controller to intercept information being transmitted through a computer resource when necessary in national interest is amended by Section 69. monitor or decrypt any information generated . any agency to intercept. defence of India. received or stored in any computer resource . This power is to be exercised under great caution and only when it is satisfied that it is necessary or expedient to do so in interests of sovereignty. friendly relations with foreign states or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence .security of the State . 2. Many cybercrime cases cannot be solved due to lack of evidence and in many cases this is due to the fact that ISP failed to preserve the record pertaining to relevant time .According to this section. Any intermediary that contravenes this provision intentionally or knowingly shall be liable on conviction for imprisonment for a term not exceeding 2 yrs or fine not exceeding one lac or both. transmitted . In this respect. Power to block unlawful websites should be exercised with cautionSection 69A has been inserted in the IT Act by the amendments in 2008 and gives power to Central government or any authorized officer to direct any agency or intermediary(for reasons recorded in writing ) to block websites in special circumstances as applicable in Section 69. Section 69B added to confer Power to collect. with due authorization procedures complied with and not abused by any agency/intermediary including maintaining confidentiality and rules for maintaining or destruction of such records. The said rules provide ample safeguards to ensure the power in this section is diligently exercised. racism. promoting gambling. violent sex can reasonably be blocked. 4. defamation. We need to use this power with caution as it has a thin line that distinguishes reasonable exercise of power fro Censorship. received. pornography. slander. monitor traffic data As a result of the amendments in 2008 . 3. The rules also allow the blocking of websites by a court order.Under this Section the grounds on which such blocking is possible are quite wide. 2009 were passed vide GSR 781(E) dated 27 Oct 2009 whereby websites promoting hate content. The intermediary that fails to extend cooperation in this respect is punishable offence with a term which may extend to 7 yrs and imposition of fine. Section 69 B confers on the Central government power to appoint any agency to monitor and collect traffic data or information generated .or stored in any computer 39 . The element of fine did not exist in the erstwhile Section 69. the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public ) Rules. It further provides for review committee to review the decision to block websites. violence and terrorism.transmitted.is punishable offence with a term which may extend to 7 yrs and imposition of fine. 2008. The explanation to Section 70 defines what is “critical information infrastructure” .It encompasses the computer resource the destruction of which not only has an adverse impact on defence of India but also economy. This prescribes stringent permissions required to exercise the powers under this Section which are fully justified as abuse of this power can infreinge the right to privacy of netizens. It also provides for review of its decisions and destruction of records. By virtue of Section 70 A and B Indian CERT has been appointed as the National nodal agency for critical information infrastructure protection. public health or safety.resource in order to enhance its cybersecurity and for identification. provides for prohibition of monitoring or collection of data without authorization. analysis. This is very significant step as today our IT infrastructure may also be used to manage certain services offered to public at large. The intermediary that fails to extend cooperation in this respect is punishable offence with a term which may extend to 3 yrs and imposition of fine. and prevention of intrusion or spread of computer contaminant in the country . destruction of which may directly affect public health and safety . A very important step is coordination between CERT and service providers. The CERT shall play an indispensable role in maintaining cybersecuriy within the country. body 40 .It places responsibility to maintain confidentiality on intermediaries. Hence. their protection is equally important as is the maintaining of security and sovereignty of India. Significance of the term “Critical Information Infrastructure ”Section 70 has a very important definition added by the IT (amendment) Act. data centres. 2009 have been laid down to monitor and collect the traffic data or information for cyber security purposes under Section 69B . The Information Technology (procedure and safeguard for monitoring and collecting traffic data or information ) Rules. 5. 7. it has been clarified that awarding of compensation . by the police. issuing guidelines . Section 77 B makes offences punishable with imprisonment of three years and above as cognizable and offence punishable with 3 years of punishment as bailable. It has multiple roles education .This Section can be read with Section 81 proviso wherein it is clarified that IT Act shall not restrict any person from exercising any right conferred under copyright Act. the net effect of all amendments is that a majority of these cybercrimes are bailable. emergency response. barring a few offences.corporates.penalty imposed or confiscation made under this Act shall not prevent the award of compensation.and other persons ( Section 70B (6)). Important clarifications on the Act’s application & effect By virtue of Section 77 in the amended Act.alert system . such person shall be punishable with imprisonment of term that may extend to one year and fine of one lakh or both. 1957 or patents Act. reporting of cyber incident amongst other functions . That will lead to effective performance of the role of CERT in. 6. Since the majority of cyber crime offences defined under the amended IT Act are punishable with imprisonment for three years. in almost all other cyber crimes. It also excludes the court from taking cognizance of any offence under this section except on a complaint made by authorized officer of CERT to prevent misuse of the Section.or imposition of any other penalty or punishment under any law for the time being in force. The combined effect of Section 77 and 77 BBy virtue of Section 77 Compounding of offences other than offences for which imprisonment for life or punishment for a term exceeding has been provided has been made possible. A cyber 41 . 1970. This means that the moment a cybercriminal is arrested by the police. he has to be released on bail as a matter of right. Incase any person fails to comply with its directions. This makes the task of law enforcement agencies extremely challenging. This will be instrumental in quicker investigation in the cybercrime cases provided adequate tools and training is provided. Otherwise cybercafés . this section may be misused easily. is committing or is about to commit an offence. Liability of Intermediary amendedThe earlier section 79 made network service providers liable for third party content only when it fails to prove that the offence was committed without his knowledge or that he had exercised due diligence to prevent the commission of such offence or contravention.criminal. Unless it is reasonably suspected that a person has committed . It provides that the 42 . in particular could be adversely affected. he should not be arrested without warrant . Such officer is empowered to arrest without warrant a person found therein who is reasonably suspected of having committed or of committing or being about to commit any offence under this Act. will immediately attempt at destroying or deleting all electronic traces and trails of his having committed any cyber crime. However. Combined effect of Section 78 & 80The Section 78 of the Act is amended to confer power to investigate offences under the Act from DSP level to Inspector level. 8. The amended Section 79 states that the intermediary shall not be liable for any third party information if it is only providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted or the intermediary does not initite the transmission. 9. The burden of proof was on the network service provider. once released on bail. Section 80 has been amended and power to enter and search in a public place is now vested in any police officer not below the rank of inspector or any authorized officer of central government or state government. select the receiver and select or modify the information contained in transmission. With the increasing number of cybercrime cases it will become necessary to set up atleast one Examiner of Electronic Evidence in each State. Section 79 A is added that empowers the Central government to appoint any department or agency of Central or State government as Examiner of Electronic Evidence.whether by threats or promise or otherwise in the commission of the unlawful act ( Section 79(3)(a).cellphones . This may be extremely difficult for a complainant to prove. This agency will play a crucial role in providing expert opinion on electronic form of evidence The explanation to the Section has an inclusive definition of “electronic form evidence” that means any information of probative value that is either stored or transmitted in electronic form and includes computer evidence. The CFSIL laboratory in Hyderabad is playing similar role at present in cybercrime cases where forensic study of hard discs and other computer accessories.Intermediary shall be liable if he has conspired or abetted or induced. digital equipment is undertaken to provide expert opinion on the digital evidence analysed. digital video. digital fax machines. Section 3 (b) renders an intermediary liable in case upon receiving actual knowledge or on receiving notice from a government agency. defining it and elaborating the procedure to obtain the digital signature certificate and giving it legal validity. However. the intermediary fails to expeditiously remove or disable access to the unlawful material without vitiating the evidence in any manner. 10. Digital signature was defined in the ITA -2000 as 43 . Examiner of Electronic Evidence createdWith amendments in 2008. DIGITAL SIGNATURE: ‘Electronic signature’ was defined in the ITAA -2008 whereas the earlier ITA -2000 covered in detail about digital signature.digital audio. it is pertinent to note that the onus to prove conspiracy has now shifted on the complainant. While M/s. In fact. in electronic signature (or digital signature) there is no real signature by the person. It is a process of authentication of message using the procedure laid down in Section 3 of the Act. It would be pertinent to note that electronic signature (or the earlier digital signature) as stipulated in the Act is NOT a digitized signature or a scanned signature. It is relevant to understand the meaning of digital signature (or electronic signature) here.2008 thus introducing technological neutrality by adoption of electronic signatures as a legally valid mode of executing signatures. This includes digital signatures as one of the modes of signatures and is far broader in ambit covering biometrics and other new forms of creating electronic signatures not confining the recognition to digital signature process alone. 44 . Government of India.“authentication of electronic record” as per procedure laid down in Section 3 and Section 3 discussed the use of asymmetric crypto system and the use of Public Key Infrastructure and hash function etc. Thus Section 3 which was originally “Digital Signature” was later renamed as “Digital Signature and Electronic Signature” in ITAA . MTNL are some of the digital signature certifying authorities in India. Safescript and M/s. Electronic signature is not the process of storing ones signature or scanning ones signature and sending it in an electronic communication like email. TCS. relying on the specific technology of asymmetric crypto system and the hash function generating a pair of public and private key authentication etc. in the conventional sense of the term. IDRBT (Institute for Development of Research in Banking Technology – the research wing of RBI) is the Certifying Authorities (CA) for the Indian Banking and financial sector licensed by the Controller of Certifying Authorities.. M/s. This was later criticized to be technology dependent ie. email Policy etc  Periodic monitoring and review. certification Policies and adherence to policies Policies like password policy.T. Any body corporate or a person on its behalf shall be considered to have complied with reasonable security practices and procedures. technical. REASONABLE SECURITY PRACTICES       Site certification Security initiatives Awareness Training Conformance to Standards. Besides. on 11 April 2011. if they have implemented such security practices and standards and have a comprehensive documented information security programme and information security policies containing managerial. The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules have since been notified by the Government of India. Dept of I. the Central Government has to evolve detailed procedures and increase awareness on the use of such systems among the public by putting in place the necessary tools and stipulating necessary conditions. Access Control. duties of electronic signature certificate issuing authorities for biometric based authentication mechanisms have to be evolved and the necessary parameters have to be formulated to make it user-friendly and at the same time without compromising security. However.The other forms of authentication those are simpler to use such as biometric based retina scanning etc can be quite useful in effective implementation of the Act. operational and physical security control measures commensurate with the information assets being protected with the nature of 45 . business. In the event of an information security breach, the body corporate or a person on its behalf shall be required to demonstrate, as and when called upon to do so by the agency mandated under the law, that they have implemented security control measures as per their documented information security programme and information security policies. The international Standard IS/ISO/IEC 27001 on "Information Technology – Security Techniques - Information Security Management System Requirements" is one such standard referred to in sub-rule (1). In view of the foregoing, it has now become a major compliance issue on the part of not only IT companies but also those in the Banking and Financial Sector especially those banks with huge computerised operations dealing with public data and depending heavily on technology. In times of a litigation or any security breach resulting in a claim of compensation of financial loss amount or damages, it would be the huge responsibility on the part of those body corporate to prove that that said “Reasonable Security Practices and Procedures” were actually in place and all the steps mentioned in the Rules passed in April 2011 stated above, have been taken. In the near future, this is one of the sections that is going to create much noise and be the subject of much debates in the event of litigations, like in re-defining the role of an employee, the responsibility of an employer or the top management in data protection and issues like the actual and vicarious responsibility, the actual and contributory negligence of all stake holders involved etc. The issue has wider ramifications especially in the case of a cloud computing scenario (the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server, with the 46 services managed by the provider sold on demand, for the amount of time used) where more and more organisations handle the data of others and the information is stored elsewhere and not in the owners’ system. Possibly, more debates will emanate on the question of information owners vis a vis the information container and the information custodians and the Service Level Agreements of all parties involved will assume a greater significance ADJUDICATION: Adjudication powers and procedures have been elaborately laid down in Sections 46 and thereafter. The Central Government may appoint any officer not below the rank of a director to the Government of India or a state Government as the adjudicator. The I.T. Secretary in any state is normally the nominated Adjudicator for all civil offences arising out of data thefts and resultant losses in the particular state. If at all one section can be criticized to be absolutely lacking in popularity in the IT Act, it is this provision. In the first ten years of existence of the ITA, there have been only a very few applications made in the nation, that too in the major metros almost all of which are under different stages of judicial process and adjudications have been obtained in possibly less than five cases. The first adjudication obtained under this provision was in Chennai, Tamil Nadu, in a case involving ICICI Bank in which the bank was told to compensate the applicant with the amount wrongfully debited in Internet Banking, along with cost and damages. in April 2010. There is an appellate procedure under this process and the composition of Cyber Appellate Tribunal at the national level, has also been described in the Act. Every adjudicating officer has the powers of a civil court and the Cyber Appellate Tribunal has the powers vested in a civil court under the Code of Civil Procedure. 47 After discussing the procedures relating to appeals etc and the duties and powers of Cyber Appellate Tribunal, the Act moves to the actual criminal acts coming under the broader definition of cyber crimes. It would be pertinent to note that the Act only lists some of the cyber crimes, (without defining a cyber crime) and stipulates the punishments for such offences. The criminal provisions of the IT Act and those dealing with cognizable offences and criminal acts follow from Chapter IX titled “Offences” Section 65: Tampering with source documents is dealt with under this section. Concealing, destroying, altering any computer source code when the same is required to be kept or maintained by law is an offence punishable with three years’ imprisonment or two lakh rupees or with both. Fabrication of an electronic record or committing forgery by way of interpolations in CD produced as evidence in a court (Bhim Sen Garg vs State of Rajasthan and others, 2006, Cri LJ, 3463, Raj 2411) attract punishment under this Section. Computer source code under this Section refers to the listing of programmes, computer commands, design and layout etc in any form. Section 66:Computer related offences are dealt with under this Section. Data theft stated in Section 43 is referred to in this Section. Whereas it was a plain and simple civil offence with the remedy of compensation and damages only, in that Section, here it is the same act but with a criminal intention thus making it a criminal offence. The act of data theft or the offence stated in Section 43 if done dishonestly or fraudulently becomes a punishable offence under this Section and attracts imprisonment upto three years or a fine of five lakh rupees or both. Earlier hacking was defined in Sec 66 and it was an offence. 48 Section 66B: Dishonestly receiving stolen computer resource or communication device with punishment upto three years or one lakh rupees as fine or both. whereas in ‘hacking’ the owner’s consent is obtained or assumed and the latter act ‘cracking’ is perceived to be an offence. 49 . Then can there be training programmes. Thanks to ITAA. courses on ‘ethical hacking’ were also taught academically. It would be relevant to note that the technology involved in both is the same and the act is the same. This led to an anomalous situation of people asking how an illegal activity be taught academically with a word ‘ethical’ prefixed to it. data theft of Sec 43 is being referred to in Sec 66 by making this section more purposeful and the word ‘hacking’ is not used.Now after the amendment. for instance. by the ITAA when it re-phrased the Section 66 by mapping it with the civil liability of Section 43 and removing the word ‘Hacking’. The word ‘hacking’ was earlier called a crime in this Section and at the same time. Section 66 is now a widened one with a list of offences as follows: Section 66A: Sending offensive messages through communication service. on “Ethical burglary”. “Ethical Assault” etc say for courses on physical defence? This tricky situation was put an end to. However the act of hacking is still certainly an offence as per this Section. though some experts interpret ‘hacking’ as generally for good purposes (obviously to facilitatenaming of the courses as ethical hacking) and ‘cracking’ for illegal purposes. Punishment for these acts is imprisonment upto three years or fine. causing annoyance etc through an electronic communication or sending an email to mislead or deceive the recipient about the origin of such messages (commonly known as IP or email spoofing) are all covered here. Acts of causing a computer contaminant (like virus or Trojan Horse or other spyware or malware) likely to cause death or injuries to persons or damage to or destruction of property etc. what was civil liability with entitlement for compensations and damages in Section 43. To summarise.Section 66C: Electronic signature or other identity theft like using others’ password or electronic signature etc. destruction. Section 66D: Cheating by personation using computer resource or a communication device shall be punished with imprisonment of either description for a term which extend to three years and shall also be liable to fine which may extend to one lakh rupee. has been 50 .66 are cognizable and non-bailable offences. Intention or the knowledge to cause wrongful loss to others ie the existence of criminal intention and the evil mind ie concept of mens rea. alteration or diminishing in value or utility of data are all the major ingredients to bring any act under this Section. It may be observed that all acts under S. deletion. Section 66F: Cyber terrorism – Intent to threaten the unity. integrity. Punishment is life imprisonment. Punishment is three years imprisonment or two lakh rupees fine or both. come under this Section. Punishment is three years imprisonment or fine of one lakh rupees or both. Section 66E: Privacy violation – Publishing or transmitting private area of any person without his or her consent etc. security or sovereignty of the nation and denying access to any person authorized to access the computer resource or attempting to penetrate or access a computer resource without authorization. email spoofing and the criminal activity stated in this Section. Contents of Section 67 when combined with the material containing sexually explicit material attract penalty under this Section. The strength of the Section and the reliability of electronic evidences were proved by the prosecution and conviction was brought about in this case. Act 2000 in India. was obtained in this Section in the famous case “State of Tamil Nadu vs Suhas Katti” on 5 November 2004. The earlier Section in ITA was later widened as per ITAA 2008 in which child pornography and retention of records by intermediaries were all included. if committed with criminal intent.T. This Section is of historical importance since the landmark judgement in what is considered to be the first ever conviction under I. Whoever publishes or transmits any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely to read the matter contained in it. shall be punished with first conviction for a term upto three years and fine of five lakh rupees and in second conviction for a term of five years and fine of ten lakh rupees or both. Section 67-Adeals with publishing or transmitting of material containing sexually explicit act in electronic form.referred to here. Publishing or transmitting obscene material in electronic form is dealt with here. involving sending obscene message in the name of a married women amounting to cyber stalking. Section 67deals with publishing or transmitting obscene material in electronic form. Depicting children engaged in 51 . Section 67-BChild Pornography has been exclusively dealt with under Section 67B. making it a criminal liability attracting imprisonment and fine or both. making pornographic video or MMS clippings or distributing such clippings through mobile or other forms of communication through the Internet fall under this category. received or stored in 52 . Screening videographs and photographs of illegal activities through Internet all come under this category. Bonafide heritage material being printed or distributed for the purpose of education or literature etc are specifically excluded from the coverage of this Section. ‘Children’ means persons who have not completed 18 years of age. monitor or decrypt any information generated. Section 67C fixes the responsibility to intermediaries that they shall preserve and retain such information as may be specified for such duration and in such manner as the Central Government may prescribe. to ensure that printing and distribution of ancient epics or heritage material or pure academic books on education and medicine are not unduly affected. Punishment for the first conviction is imprisonment for a maximum of five years and fine of ten lakh rupees and in the event of subsequent conviction with imprisonment of seven years and fine of ten lakh rupees. transmitted. creating text or digital images or advertising or promoting such material depicting children in obscene or indecent manner etc or facilitating abusing children online or inducing children to online relationship with one or more children etc come under this Section. Non-compliance is an offence with imprisonment upto three years or fine. for the purpose of this Section. TRANSMISSION OF ELECTRONIC MESSAGE AND COMMUNICATION: Section 69: This is an interesting section in the sense that it empowers the Government or agencies as stipulated in the Section. to intercept.sexually explicit act. under the conditions laid down in the Section. by order. which said that “On the occurrence of any public emergency. defence of India. vests with the Central Government or any of its officers with the powers to issue directions for blocking for public access of any information through any computer resource. monitor or decrypt does exist. It would be interesting to trace the history of telephone tapping in India and the legislative provisions (or the lack of it?) in our nation and compare it with the powers mentioned here.any computer resource. is to be followed and the reasons for taking such action are to be recorded in writing. Section 69B discusses the power to authorise to monitor and collect traffic data or information through any computer resource. Until the passage of this Section in the ITAA. the Government may. power to intercept. is satisfied that it is necessary or expedient in the interest of sovereignty or integrity of India. friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence. directing any agency of the appropriate Government. The subscriber or intermediary shall extend all facilities and technical assistance when called upon to do so. COMMENTARY ON THE POWERS TO INTERCEPT. or in the interest of the public safety. In any such case too. the necessary procedure as may be prescribed. if satisfied that it is necessary or 53 . subject to compliance of procedure as laid down here. MONITOR AND BLOCK WEBSITES: In short. security of the State. phone tapping was governed by Clause 5(2) of the Indian Telegraph Act of 1885. as the case may be. This power can be exercised if the Central Government or the State Government. under the same circumstances as mentioned above. Section 69A inserted in the ITAA. or relating to any particular subject. however “necessary or expedient”. or shall be disclosed to the Government making the order or an officer thereof mentioned in the order”.expedient so to do in the interests of the sovereignty and integrity of India. friendly relations with foreign States or public order or for preventing incitement to the commission of an offence. Without those two. The petition argued that it infringed the constitutional right to freedom of speech and expression and to life and personal liberty. pointing out that “unless a public emergency has occurred or the interest of public safety demands. Procedures for keeping such records and the layer of authorities etc were also stipulated. for reasons to be recorded in writing. the Supreme Court delivered its judgment. Other sections of the act mention that the government should formulate “precautions to be taken for preventing the improper interception or disclosure of messages”. rather many requests. to formulate rules to govern the operation of Clause 5(2). no government has formulated any such precautions. brought for transmission by or transmitted or received by any telegraph. shall not be transmitted. the authorities have no jurisdiction to exercise the powers” given them under 5(2). 54 . But ever since 1885. it could not do so. There have been many attempts. and public safety “means the state or condition of freedom from danger or risk for the people at large”. challenging the constitutional validity of this Clause 5(2). the security of the State. A writ petition was filed in the Supreme Court in 1991 by the People’s Union for Civil Liberties. direct that any message or class of messages to or from any person or class of persons. maybe for obvious reasons to retain the spying powers for almost a century. They went on to define them thus: a public emergency was the “prevailing of a sudden condition or state of affairs affecting the people at large calling for immediate action”. or shall be intercepted or detained. In December 1996. by order. CERT-In will perform activities like collection. subject to adherence to the prescribed procedures and without a warrant from a magistrate’s order. analysis and dissemination of information on cyber incidents. this Section 69 of ITAA is far more intrusive and more powerful than the above-cited provision of Indian Telegraph Act 1885. as nominated in Section 70B of ITAA) has very rarely exercised. Having said this. the CERT-In has stated that these powers are very sparingly (and almost never) used by it. Critical Information Infrastructure and Protected System have been discussed in Section 70. and monitor the websites that one visited. emergency measures for handling cyber security incidents etc. this Section was criticised to be draconian vesting the government with much more powers than required. Government of India.Now. monitoring and blocking) is something which the Government represented by the IndianComputer Emergency Response Team. (the National Nodal Agency. Perhaps believing in the freedom of expression and having confidence in the selfregulative nature of the industry. we should not be oblivious to the fact that this power (of intercepting. The role of CERT-In in e-publishing security vulnerabilities and security alerts is remarkable. In view of the foregoing. By virtue of this. The Indian Computer Emergency Response Team (CERT-In) coming under the Ministry of Information and Technology. has been designated as the National Nodal Agency for incident response. The Minister of State for 55 . Under this ITAA Section. the nominated Government official will be able to listen in to all phone calls. forecasts and alerts of cyber security incidents. read the SMSs and emails. Communications and IT Mr." These security incidents include website intrusions.000 such incidents in 2011 compared to 8. a police officer not below the rank of an Inspector shall investigate an offence under 56 .266. Section 75 clearly states that the Act applies to offences or contravention committed outside India.Sachin Pilot said in a written reply to the Rajya Sabha said that (as reported in the Press). As per Section 78. worms and spam. This Act has over-riding provisions especially with regard to the regulations stipulated in the Code of Criminal Procedure. respectively. network probing. Hence the role of CERT-In is very crucial and there are much expectations from CERT In not just in giving out the alerts but in combating cyber crime. spread of malicious code like virus. CERT-In has handled over 13. he added. intercepting and blocking the site. if the contravention or the offence involves a computer or a computer network located in India. notwithstanding anything contained in the Code of Criminal Procedure.315 and 13. CERT-In has observed that there is significant increase in the number of cyber security incidents in the country. phishing. Penalty for breach of confidentiality and privacy is discussed in Section 72 with the punishment being imprisonment for a term upto two years or a fine of one lakh rupees or both. 2010 and 2011. whenever so required and with due process of law. Considering the global nature of cyber crime and understanding the real time scenario of fraudster living in one part of the world and committing a data theft or DoS(Denial of Service) kind of an attack or other cyber crime in an entirely different part of the world. use the weapon of monitoring the web-traffic.266 incidents in 2009.301 security incidents were reported to and handled by CERT-In during 2009. 10. A total of 8. The larger issue being discussed at that time was how far is the content provider responsible and how far the Internet Service Provider and what is due diligence which as the CEO of the company. After passage of the ITAA and the introduction of ‘reasonable security practices and procedures’ and the responsibility of body corporate as seen earlier in Section 43A.this Act. As per this. select the receiver of the transmission and select or modify the information contained in the transmission and if he observes due diligence and follows the guidelines prescribed by the Central Government. for sale (and later the CD was sold). intermediary shall not be liable for any third party information hosted by him. Such powers were conferred to officers not below the rank of a Deputy Superintendent of Police earlier in the ITA which was later amended as Inspector in the ITAA. when the NRI CEO of the company was arrested for making the MMS clipping with objectionable obscene material depicting school children was made available in the public domain website owned by him. he should have exercised. DUE DILIGENCE: Liability of intermediaries and the concept of Due Diligence has been discussed in Section 79. the DIT came out with a set of rules titled Information Technology 57 . This concept of due diligence is also much being debated. Due Diligence was first discussed as an immediate fallout of the famous bazee.com case in New Delhi. if his function is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted or if he does not initiate the transmission. and to set at rest some confusion on the significance of due diligence and what constitutes due diligence. The Act is applicable to electronic cheques and truncated cheques (ie the image of cheque being presented and processed curtailing and truncating the physical movement of the cheque from the collecting banker to the paying banker). an intermediary shall be liable for any contravention of law committed by any user unless the Intermediary can prove that he has exercised due diligence and has not conspired or abetted in the act of criminality. work with user or owner of such information to disable such information that is in contravention of sub-rule (2).may enter any public place and search and arrest without warrant any person found therein who is reasonably suspected of having committed or of committing or of being about to commit any offence under this Act. upon obtaining knowledge by itself or been brought to actual knowledge by an affected person in writing or through email signed with electronic signature about any such information as mentioned in sub-rule (2) above.authorised …. search etc has been described in Section 80.(Intermediaries Guidelines) Rules on 11 April 2011. on whose computer system the information is stored or hosted or published. Notwithstanding anything contained in the Code of Criminal Procedure. This is another effective weapon that has been rarely and almost never utilised by the police officers. shall act within thirty six hours and where applicable. Overriding powers of the Act and the powers of Central Government to make rules and that of State Governments 58 . any police officer.” In essence. not below the rank of an Inspector or any other officer …. Further the intermediary shall preserve such information and associated records for at least ninety days for investigation purposes…. “the intermediary.. Power to enter. As per this. 2000 & INDIAN PENAL CODE All cyber crimes do not come under the IT Act.406.to make rules wherever necessary have been discussed in the Sections that follow. 409 IPC NDPS Act Arms Act Sec 66 of IT Act Online sale of Weapons Sec 67 of IT Act Hacking Sec 66 of IT Act Pornography Email bombing 59 . phishing   Email spoofing   Web-jacking   Criminal breach of trust  Online sale of Narcotics Sec 509 IPC Sec 465 IPC Sec420 IPC Sec 465.419 Sec 383 IPC Sec. cyber frauds. INFORMATION TECHNOLOGY ACT.Many cyber crimes come under the Indian Penal Code  Sending threatening message by email Sec 506 IPC Sec 499 IPC  Sending defamatory message by email  Sending a mail outraging the modesty   Forgery of electronic records   Bogus websites. with a Post Script remark at the bottom “This is a computer generated letter and hence does not require signature”. Words like ‘digital signature’. ‘electronic form’. The Act does not 60 . Evidences (information) taken from computers or electronic storage devices and produced as print-outs or in electronic media are valid if they are taken from system handled properly with no scope for manipulation of data and ensuring integrity of data produced directly with or without human intervention etc and accompanied by a certificate signed by a responsible person declaring as to the correctness of the records taken from a system a computer with all the precautions as laid down in the Section. In the definitions part of the Act itself. even if they are not signed. this Section is often being misunderstood by one part of the industry to mean that computer print-outs can be taken as evidences and are valid as proper records. Prior to the passing of ITA. However. were all inserted to make them part of the evidentiary mechanism in legislations. the “all documents including electronic records” were substituted. ‘secure electronic record’ ‘information’ as used in the ITA. all evidences in a court were in the physical form only.Sec 43 of IT Act Denial of Service Attack  THE INDIAN EVIDENCE ACT 1872 This is another legislation amended by the ITA. it was but natural that the evidentiary legislation in the nation be amended in tune with it. We find many computer generated letters emanating from big corporates with proper space below for signature under the words “Your faithfully” or “truly” and the signature space left blank. With the ITA giving recognition to all electronic records and documents. daybooks. 61 . THE RESERVE BANK OF INDIA ACT. Prior to the passing of ITA. cash-books. necessitated production of the original ledger or other register for verification at some stage with the copy retained in the court records as exhibits. 1934. after clause (p). THE BANKERS’ BOOKS EVIDENCE(BBE) ACT 1891 Amendment to this Act has been included as the third schedule in ITA. Section 58 of the Act sub-section (2). 1934 The next Act that was amended by the ITA is the Reserve Bank of India Act. tape or any other form of electro-magnetic data storage device”. With the passing of the ITA the definitions part of the BBE Act stood amended as: "bankers 'books’ include ledgers. disc.anywhere say that ‘computer print-outs need not be signed and can be taken as record’. to facilitate such electronic funds transfer and ensure legal admissibility of documents and records therein. account-books and all other books used in the ordinary business of a bank whether kept in the written form or as printouts of data stored in a floppy. a clause relating to the regulation of funds transfer through electronic means between banks (ie transactions like RTGS and NEFT and other funds transfers) was inserted. any evidence from a bank to be produced in a court. In essence. including intellectual property. Also. HACKING Hacking is not defined in The amended IT Act. (The term “hacker” originally meant a very gifted programmer. In recent years though. privacy. with easier access to multiple systems. According to wikipedia. i. The IT Act. as it is an intersection of many legal fields. programs. it now has negative implications. and jurisdiction. CHAPTER-IV TYPES OF CYBER CRIME Cyber law is a term used to describe the legal issues related to use of communications technology.e. 2000 as amended by The IT (Amendment) Act. in simple words Hacking is the unauthorized access to a computer system. to human activity on the Internet. 1. 2000.) LAW & PUNISHMENT: Under Information Technology (Amendment) Act. 2008. cyber law is an attempt to apply laws designed for the physical world. freedom of expression. Section 43(a) read with section 66 is applicable and 62 . Hacking means unauthorized attempts to bypass the security mechanisms of an in formation system or network. particularly “cyberspace”. It is less of a distinct field of law in the way that property or contract are. data and network resources. In India. 2008 is known as the Cyber law. It has a separate chapter XI entitled “Offences” in which various cyber crimes have been declared as penal offences punishable with imprisonment and fine. the Internet. primarily perpetrated by office workers with access to technology such as desktop computers and handheld devices. compoundable with permission of the court before which the prosecution of such offence is pending and triable by any magistrate. web pages. copies or extracts any data.downloads. DVD storage and other hand-held devices. iPods and even digital cameras. USB devices. bailable. 2. 1860 also applicable. computer system or computer network including information or data held or stored in any removable storage medium. which may extend to five lakh rupees or both. crime of data theft under Section 43 (b) is stated as . LAW & PUNISHMENT: Under Information Technology (Amendment) Act. capable of storing digital information such as flash drives. computer system of computer network . compoundablewith permission of the court before which the prosecution of such offence is pending and triable by any magistrate. then it is data theft. 63 . Data Theft offence is cognizable.Section 379 & 406 of Indian Penal Code. 2008. According to Information Technology (Amendment) Act. 2008. who is in charge of a computer.DATA THEFT According to Wikipedia.If any person without permission of the owner or any other person. Data Theft is a growing problem. which may extend to three years or with fine. If crime is proved under IT Act. 1860 also are applicable. The damage caused by data theft can be considerable with today’s ability to transmit very large files via e-mail. bailable. Section 43(b) read with Section 66 is applicable and under Section 379. accused shall be punished for imprisonment. computer data base or information from such computer. 405 & 420 of Indian Penal Code. Hacking offence is cognizable. the creator intends them to do. They can send your data to a third party and then delete your data from your computer. Spreading of Virus offence is cognizable. Information Technology (Amendment) Act. Most have not done this much damage in the past. IDENTITY THEFT According to wikipedia Identity theft is a form of fraud or cheating of another person’s identity in which someone pretends to be someone else by assuming that person’s identity. 2008. bailable. Section 43(c) & 43(e) read with Section 66 is applicable and under Section 268 of Indian Penal Code. fraudulently or dishonestly make use of the electronic signature. Identity theft is a term used to refer to fraud that involves 64 . 4. crime of identity theft under Section 66-C. They can also ruin/mess up your system and render it unusable without a re-installation of the operating system. typically in order to access resources or obtain credit and other benefits in that person’s name. 1860 also applicable. whoever. password or any other unique identification feature of any other person known as identity theft.3. compoundablewith permission of the court before which the prosecution of such offence is pending and triable by any magistrate. It will then attempt to replicate itself by sending itself to other potential victims. viruses can do any amount of damage. SPREADING VIRUS OR WORMS In most cases. but could easily do this in the future. Usually the virus will install files on your system and then will change your system so that virus program is run every time you start your system. 2008. Law & Punishment: Under Information Technology (Amendment)Act. Identity Theft offence is cognizable. It was typically a violent crime. Section 66-C and Section 419 of Indian Penal Code. E-MAIL SPOOFING According to wikipedia. 65 . the crime has evolved and today’s white collared criminals are a lot less brutal. It is becoming so common that you can no longer take for granted that the e-mail you are receiving is truly from the person identified as the sender. LAW & PUNISHMENT: Under Information Technology (Amendment) Act. However. e-mail spoofing is e-mail activity in which the sender addresses and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source. 2008. Spoofing is the act of electronically disguising one computer as another for gaining as the password system. E-mail spoofing is sending an e-mail to another person in such a way that it appears that the e-mail was sent by someone else. At one time the only way for someone to steal somebody else’s identity was by killing that person and taking his place. Email spoofing is a technique used by hackers to fraudulently send email messages in which the sender address and other parts of the email header are alteredto appear as though the email originatedfrom a source other than its actual source. A spoof emailis one that appears to originate from one source but actually has been sent from another source.stealing money or getting other benefits by pretending to be someone else. only to use it. since then. bailable. since it is not inherently possible to steal an identity. compoundable with permission of the court before which the prosecution of such offence is pending and triable by any magistrate. The term is relatively new and is actually a misnomer. 1860 also applicable. But the ramifications of an identity theft are still scary. 5. The person whose identity is used can suffer various consequences when they are held responsible for the perpetrator’s actions. Section 66-D and Section417. While the lawmakers have to be complemented for their appreciable work removing various deficiencies in the Indian Cyberlaw and making it technologically neutral. compoundable with permission of the court before which the prosecution of such offence is pending and triable by any magistrate. 2008. OBSERVATIONS ON ITA. a legislation which actually paves the way for cyber criminals to wipe out the electronic trails and electronic evidence by granting them bail as a matter of right.2008: Having discussed in detail all the provisions of ITA and ITAA. with a soft heart. 1860 also applicable. — a legislation that goes extremely soft on cyber criminals. let us now look at some of the broader areas of omissions and commissions in the Act and the general criticism the Acts have faced over the years.2000 AND ITAA. 419 & 465of Indian Penal Code. LAW & PUNISHMENT: Under Information Technology (Amendment) Act.Hackers use this method to disguise the actual email address from which phishing and spam messages are sent and often use email spoofing in conjunction with Web page spoofing to trick users into providing personal and confidential information. a 66 . Email spoofing offence is cognizable. a legislation that chooses to encourage cyber criminals by lessening the quantum of punishment accorded to them under the existing law. bailable. The most bizarre and startling aspect of the new amendments is that these amendments seek to make the Indian Cyber law a cyber crime friendly legislation. yet it appears that there has been a major mismatch between the expectation of the nation and the resultant effect of the amended legislation. a legislation that chooses to give far more freedom to cyber criminals than the existing legislation envisages. the amount of punishment for the offence of failure to comply with the directions of the Controller Of Certifying Authorities is reduced from three years to two years. This is all the more so as no person would normally diminish the value and utility of any information residing in a computer resource or affect the same injuriously by any means.legislation which makes a majority of cybercrimes stipulated under the IT Act as bailable offences. as defined under Section 66 of the existing Information Technology Act. 2000. here comes a contrary trend from the Indian legislature. which is lascivious. 2000. Deleting hacking as a specific defined offence does not appeal to any logic. Similarly. At that time when the entire world is going hammer and tongs against Cyber Crimes and Cyber Criminals. has provided for punishment for various cyber offences ranging from three years to ten years. from the existing five years to three years. the IT Act. Further it is shocking to find that the offences of hacking. The cutting of certain elements of the effects of hacking under the existing Section 66 and putting the same under Section 43 make no legal or pragmatic sense. computer system or computer network. A perusal of the said legislation shows that there is hardly any logical or rational reason for adopting such an approach. transmitting or causing to be published any information in the electronic form. with the permission of the owner or any such person who is in charge of the computer. Cyber criminals of 67 . a legislation that is likely to pave way for India to become the potential cyber crime capital of the world. However what amazes the lay reader is that the amendments to the IT Act have gone ahead and reduced the quantum of punishment. Section 67 has reduced the quantum of punishment on first conviction for publishing. Taking a classical case of the offence of online obscenity. the existing language of the under Section 66 has now been substituted by new language. has been completely deleted from the law book. These are non-bailable offences where the accused is not entitled to bail as a matter of right. Currently. In fact. Keeping in account human behaviour and psychology. destroy or delete all electronic traces and trails of his having committed any cyber crime. by the new IT Act amendments. facilitating the environment where they can tamper with. The legislation has now stipulated that Cyber crimes punishable with imprisonment of three years shall be bailable offences. a near impossibility. once released on bail. Another major change that the new amendments have done is that cyber crimes in India shall now be investigated not by a Deputy Superintendent of Police. given the current non. India has got only three cyber crime convictions. India is likely to see a drought of cyber crime convictions. there and then. it will be but natural to expect that the concerned cyber criminal. in almost all other cyber crimes. The fertile liberal treatment meted out to cyber criminals. the net effect of all amendments is that a majority of these cybercrimes shall be bailable. all of us need to remember that henceforth.exposure and lack of training of 68 . as under the existing law.the world targeting India or operating in India need not despair. your local police inspector is going to be your next point of contact. I believe if the new amendments come into force. In the 14-odd years since internet has been commercially introduced in our country. is likely to make a mockery of the process of law and would put the law enforcement agencies under extreme pressure. So . In common language. destroy and delete electronic evidence. by the police. he shall be released on bail as a matter of right. Since the majority of cyber crime offences defined under the amended IT Act are punishable with three years. but shall now be done by a low level police inspector. thus making the job of law enforcement agencies to have cyber crime convictions. The efficacy of such an approach is hardly likely to withstand the test of time. this means that the moment a cybercriminal will be arrested by the police. will immediately go and evaporate. barring a few offences. the moment you are a victim of any cyber crime. thanks to the passing of the IT Act). search a public place for a cyber crime etc. The government or the investigating agencies like the Police department (whose job has been made comparatively easier and focused. Section 13 (3) and (4) discuss the place of dispatch 69 . AWARENESS: There is no serious provision for creating awareness and putting such initiatives in place in the Act. This is so as the law has now produced more powers to the inspector than ever before. their detection. legal professionals. Especially. All in all. regarding cybercrimes. given their soft corner and indulgence for cyber criminals.Inspector level police officers to cyber crimes. 57 and 61 in the context of adjudication process and the appellate procedure connected with and again in Section 80 and as part of the police officers’ powers to enter. have taken any serious step to create public awareness about the provisions in these legislations. given the glaring loopholes as detailed above. which is absolutely essential considering the fact that this is a new area and technology has to be learnt by all the stake-holders like the judicial officers. In the context of electronic record. JURISDICTION: This is a major issue which is not satisfactorily addressed in the ITA or ITAA. litigant public and the public or users at large. Given this new development.Jurisdiction has been mentioned in Sections 46. The expectations of the nation for effectively tackling cyber crime and stringently punishing cyber criminals have all been let down by the extremely liberal amendments. 48. the new IT Act Amendments are likely to adversely impact corporate India and all users of computers. provisions like scope for adjudication process is never known to many including those in the investigating agencies. computer systems and computer networks. as also data and information in the electronic form. it is probable that the concept of e-hafta (or electronic hafta” is likely to be far more reinforced and developed as an institutional practice. investigation and prosecution. nothing could be seen as a scene in cyber crime! The evidences. which police station does he go to? If he is an employee of a Multi National Company with branches throughout the world and in many metros in India and is often on tour in India and he suspects another individual say an employee of the same firm in his branch or headquarters office and informs the police that evidence could lie in the suspect’s computer system itself. While filing cases under IT Act. there is no cyber crime. evidences may lie in some system like the intermediaries’ computers or some times in the opponent’s computer system too. In cyber crime. Often. However some fundamental issues like if the mail of someone is hacked and the accused is a resident of a city in some state coming to know of it in a different city. Very often. We cannot mark a place nor a computer nor a network. unless the police swing into action swiftly and seize the systems and capture 70 . where does he go to file he complaint. Pat of evidences is the ‘crime scene’ issues.and receipt of electronic record which may be taken as jurisprudence issues. EVIDENCES: Evidences are a major concern in cyber crimes. In all such cases. the network and the related gadgets along with of course the log files and trail of events emanating or recorded in the system are actually the crime scene. nor seize the hard-disk immediately and keep it under lock and key keep it as an exhibit taken from the crime scene. has to be spread and proper training is to be given to all concerned players in the field. territoryfree and sans all jurisdiction and frontiers and happens in ‘cloud’ or the ‘space’. the investigators do not accept such complaints on the grounds of jurisdiction and there are occasions that the judicial officers too have hesitated to deal with such cases. many often. be it as a civil case in the adjudication process or a criminal complaint filed with the police. the data. The knowledge that cyber crime is geography-agnostic. borderless. the evidences, such vital evidences could be easily destroyed. In fact, if one knows that his computer is going to be seized, he would immediately go for destruction of evidences (formatting, removing the history, removing the cookies, changing the registry and user login set ups, reconfiguring the system files etc) since most of the computer history and log files are volatile in nature. There is no major initiative in India on common repositories of electronic evidences by which in the event of any dispute (including civil) the affected computer may be handed over to a common trusted third party with proper software tools, who may keep a copy of the entire disk and return the original to the owner, so that he can keep using it at will and the copy will be produced as evidence whenever required. For this there are software tools like ‘EnCase’ wih a global recognition and our own C-DAC tools which are available with much retrieval facilities, search features without giving any room for further writing and preserving the original version with date stamp for production as evidence. NON COVERAGE OF MANY CRIMES: While there are many legislations in not only many Western countries but also some smaller nations in the East, India has only one legislation -- the ITA and ITAA. Hence it is quite natural that many issues on cyber crimes and many crimes per se are left uncovered. Many cyber crimes like cyber squatting with an evil attention to extort money. Spam mails, ISP’s liability in copyright infringement, data privacy issues have not been given adequate coverage. Besides, most of the Indian corporate including some Public Sector undertakings use Operating Systems that are from the West especially the US and many software utilities and hardware items and sometimes firmware are from abroad. In such cases, the actual reach and import of IT Act Sections dealing with utility software or a system software or an Operating System upgrade or update used for downloading the software utility, is to be specifically addressed, as 71 otherwise a peculiar situation may come, when the user may not know whether the upgrade or the patch is getting downloaded or any spyware getting installed. The Act does not address the government’s policy on keeping the backup of corporates including the PSUs and PSBs in our county or abroad and if kept abroad, the subjective legal jurisprudence on such software backups. Most of the cyber crimes in the nation are still brought under the relevant sections of IPC read with the comparative sections of ITA or the ITAA which gives a comfort factor to the investigating agencies that even if the ITA part of the case is lost, the accused cannot escape from the IPC part. To quote the noted cyber law expert in the nation and Supreme Court advocate Shri Pavan Duggal, “While the lawmakers have to be complemented for their admirable work removing various deficiencies in the Indian Cyberlaw and making it technologically neutral, yet it appears that there has been a major mismatch between the expectation of the nation and the resultant effect of the amended legislation. The most bizarre and startling aspect of the new amendments is that these amendments seek to make the Indian cyber law a cyber crime friendly legislation; - a legislation that goes extremely soft on cyber criminals, with a soft heart; a legislation that chooses to encourage cyber criminals by lessening the quantum of punishment accorded to them under the existing law; ….. a legislation which makes a majority of cybercrimes stipulated under the IT Act as bailable offences; a legislation that is likely to pave way for India to become the potential cyber crime capital of the world……” Let us not be pessimistic that the existing legislation is cyber criminal friendly or paves the way to increase crimes. Certainly, it does not. It is a commendable piece of legislation, a landmark first step and a remarkable mile-stone in the technological growth of the nation. But let us not be complacent that the existing law would suffice. Let us remember that the criminals always go faster than the investigators and always try to be one step ahead in 72 technology. After all, steganography was used in the Parliament Attack case to convey a one-line hidden message from one criminal to another which was a lesson for the investigators to know more about the technology of steganography. Similarly Satellite phones were used in the Mumbai attack case in November 2008 after which the investigators became aware of the technological perils of such gadgets, since until then, they were relying on cell phones and the directional tracking by the cell phone towers and Call Details Register entries only. Hopefully, more and more awareness campaign will take place and the government will be conscious of the path ahead to bring more and more legislations in place. Actually, bringing more legislations may just not be sufficient, because the conviction rate in Cyber crime offences is among the lowest in the nation, much lower than the rate in IPC and other offences. The government should be aware that it is not the severity of punishment that is a deterrent for the criminals, but it is the certainty of punishment. It is not the number of legislations in a society that should prevent crimes but it is the certainty of punishment that the legislation will bring. E-RECORDS MAINTENANCE POLICY OF BANKS: Computerisation started in most of the banks in India from end 80’s in a small way in the form of standalone systems called Advanced Ledger Posting Machines (Separate PC for every counter/activity) which then led to the era of Total Branch Automation or Computerisation in early or mid 90’s. TBA or TBC as it was popularly called, marked the beginning of a networked environment on a Local Area Network under a client-server architecture when records used to be maintained in electronic manner in hard-disks and external media like tapes etc for backup purposes. Ever since passing of the ITA and according of recognition to electronic records, it has become mandatory on the part of banks to maintain proper computerized system for electronic records. Conventionally, all legacy systems in the banks always do have a record maintenance policy often with RBI’s 73 Besides. if not already done already. always ensuring confidentiality.. On the legal compliance side especially after the Rules were passed in April 2011. Thanks to computerisation and introduction of computerized data maintenance and often computer generated vouchers also. on the “Reasonable Security Practices and Procedures” as part of ITAA 2008 Section 43A. ensuring against tamperability. availability and Non Repudiation. letters.and their individual Board approval stipulating the period of preservation for all sorts of records. ledgers. vouchers. Indian Banks’ Association took the initiative in bringing out a book on Banks’ e-Records Maintenance Policy to serve as a model for use and adoption in banks suiting the individual bank’s technological setup. retrieval systems. This policy should not be confused with the Information Technology Business Continuity and Disaster Recovery Plan or Policy nor the Data Warehousing initiatives. Hence banks should ensure that e-records maintenance policy with details of e-records. CHAPTER-V LEGISLATIONS IN OTHER NATIONS: 74 . off-site backup. their upkeep. the certificate to be given as an annexure to e-evidences as stipulated in the BBE Act also emphasizes this point of maintenance of e-records in a proper ensuring proper backup. their nature. most of the banks became responsive to the computerized environment and quite a few have started the process of formulating their own Electronic Records Maintenance Policy. banks should strive well to prove that they have all the security policies in place like compliance with ISO 27001 standards etc and e-records are maintained. documents etc. access control and access privileges initiatives should be in place. integrity. register. the technological requirements. Besides. there are a number of laws in the US both at the federal level and at different states level like the Cable Communications Policy Act. The Sarbanes-Oxley Act (SOX) signed into law in 2002 and named after its authors Senator Paul Sarbanes and Representative Paul Oxley. In the US. mandated a number of reforms to enhance corporate responsibility. Children’s Internet Protection Act.SIMILARLY. regulates all health and insurance related records. there are many legislations governing e-commerce and cyber crimes going into all the facets of cyber crimes. storage. and combat corporate and accounting fraud. WHAT ARE GOVERNMENTS DOING TO FIGHT CYBER BATTLE ? According to the US Defense Secretary Robert Gates. child pornography. enhance financial disclosures. Companies dealing with US firms ensure HIPAA compliance insofar as the data relating to such corporate are handled by them. Data Communication. after 75 . WE HAVE CYBER CRIME LEGISLATIONS AND OTHER RULES AND REGULATIONS IN OTHER NATIONS.As against the lone legislation ITA and ITAA in India. they have the Health Insurance Portability and Accountability Act popularly known as HIPAA which inter alia. their upkeep and maintenance and the issues of privacy and confidentiality involved in such records. in many other nations globally. IN THE UK. BESIDES CYBER CRIME LAW PASSED RECENTLY IN AUGUST 2011. Children’s Online Privacy Protection Act etc. THE DATA PROTECTION ACT AND THE PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS ETC ARE ALL REGULATORY LEGISLATIONS ALREADY EXISTING IN THE AREA OF INFORMATION SECURITY AND CYBER CRIME PREVENTION. cyberspace is the new domain in which war will be fought. electronic records and data privacy have all been addressed in separate Acts and Rules giving thrust in the particular area focused in the Act. Such increased vigilance is gaining attention. as both governments and corporate entities have become prime targets of cyber attacks. the bill is still under debate. 76 . Iran.land. Hackers used spam email to target the computers of small businesses and individual users. Privacy experts such as Marc Rotenberg. • The US Federal Bureau of Investigation (FBI) has established a separate division to address cyber crime in a coordinated manner.54 The US government has been focusing on protecting its digital infrastructure. However. The NSTIC aims to promote a platform where internet users will receive IDs. the hackers were able to transfer money from those accounts. sea. Russia and many other countries are now creating and training ‘cyber armies’. Executive Director of the Electronic Privacy Information Center. North Korea. who were believed to be engaged in an international crime syndicate that hacked into US computer networks to steal US$70 million. thereby increasing trust among users. believe that such a bill could obstruct communication and economic activities. air and space. and has been opposed by many organizations that believe it may give the government more power and control over the internet. declaring it a ‘strategic national asset.’ Similarly. the US Department of Commerce announced that it is planning to launch an office — the National Strategy for Trusted Identities in Cyberspace (NSTIC) — to promote online trusted identity technologies. Countries cracking down on cyber crime US is facilitating global cyber security: • In January 2011. Israel. By gaining access to users’ passwords and bank account details. the FBI arrested more than 90 people. In January 2011. In October 2010. US Senators Joseph Lieberman and Susan Collins re-introduced a bill — the Cybersecurity and Internet Freedom Act of 2011 — granting President Barack Obama the authority to shut down the internet in the country in the event of a cyber attack. According to a UK government spokesman. the UK also plans to coordinate with Poland on information secu. the Police Central e-Crime Unit (PCeU) was set up to fight national cyber crime. equating it to international terrorism and major incidents.rity policy while planning for the Euro2012 football championships and the London 2012 Olympics.” Apart from increasing investments. 77 .crime UK is investing to improve its defense tactics against cyber : • The UK considers cyber crime to be a tier 1 threat. building upon the existing expertise within SOCA (national police unit responsible for pro-active operations against serious and organized crime) and the Met Police Central e-Crime Unit. China is fighting cyber crime with the international support : • Although China has been regarded as the largest source of targeted hacking attacks. • In 2009. Association of Southeast Asian Nations (ASEAN) and other international communities and governments in efforts to fight cyber crime. the country is also on the receiving end of attacks. In 2009. In October 2010. China incorporated computer crimes into its criminal law legislation. The PCeU collaborates with law enforcement agencies and private industries. By February 2011. "The government is determined to build an effective law enforcement response to the cyber crime threat. nearly 200 Chinese government websites were attacked or infiltrated daily. the UK government commited to providing GBP650 million (US$1 billion) to cyber security initiatives. GBP63 million (US$100 million) had been allocated for cyber security. In 2008. The country is collaborating with the UN. 70 – The US has been supporting the Chinese government in its fight against cyber crime. respectively.– In 2003. Over 2009–10. the Indian government proposed an initiative to develop a unit that will include a group of hackers acting as a specialized team as counter offence to hacking activities from foreign countries. The designated web watchdog team will be responsible for targeting specific networking websites that engage in espionage and incite riots. • In November 2010. nearly all police stations in Iran will have their own cyber police unit. India’s Central Bureau of Investigation (CBI) signed an agreement with industry body Nasscom to share expertise on ways to counter cyber attacks. • By the end of 2011. the Indian government announced that it plans to set up an institute dedicated to training professionals and developing technologies to tackle cyber crime. The National Technical Research Organisation 78 . Indian government is setting up IT institute : • In January 2011. with a total cost of INR1 billion (US$21 million). Iran officially launched its cyber police unit to ramp up its fight against cyber crime. China had tightened its Guarding State Secrets law. • In July 2010. by May 2010.69. the US provided assistance to China in 13 major cases of internet crime. by holding internet and mobile phone operators responsible for customers who try to leak confidential information. The institute will be a public-private partnership initiative. China signed the ASEAN-China Coordination Framework for Network and Information Security Emergency Responses and an agreement among the governments of the SCO Member States on Cooperation in the Field of Ensuring International Information Security with the ASEAN and SCO member states. Iran is launching cyber police unit: • In January 2011. • In an effort to protect confidential information. along with the Defence Intelligence Agency (DIA). Europol (the EU’s law enforcement agency) created the European Union Cyber crime Task Force.(NTRO). NATO alliance provides platform for coordinated initiative: • At the North Atlantic Treaty Organization (NATO) summit in November 2010. NATO and the US. Also by that time. International organizations zero in on cyber security Europol enforces EU cyber security initiatives • In June 2010. a European information sharing and alert system will facilitate communication between rapid response teams and law enforcement authorities. was delegated to create this capability. approved plans for a coordinated approach to tackle cyber crime in member states.78 The task force includes an expert group of representatives from Europol. the EU. • By 2012. Eurojust (the EU judicial cooperation body) and the European Commission. by 2013. such as cyber attacks — with a CERT center in each EU country. 79 . and facilitates cross-border cooperation and information exchange. the European Commission is expected to create a network of Computer Emergency Response Teams (CERTs) — that can react in case of computer-related emergencies. Under the approval. an EU cyber crime center will be established to coordinate cooperation between member states. • Europol provides the EU members with investigative and analytical support on cyber crime. Police has been able to 80 .000 from accounts of four US customers were dishonestly transferred to bogus accounts.Such cases happen all over the world but when it happens in India it is a serious matter. Some employees gained the confidence of the customer and obtained their PIN numbers to commit fraud.50. There was not as much of breach of security but of sourcing engineering. They must have remembered these numbers.SOME INDIAN CASE LAWS 1. Highest security prevails in the call centers in India as they know that they will lose their business. This will give a lot of ammunition to those lobbying against outsourcing in US. Pune Citibank MphasiS Call Center Fraud US $ 3. It is a case of sourcing engineering.The call center employees are checked when they go in and out so they can not copy down numbers and therefore they could not have noted these down. All accounts were opened in Pune and the customers complained that the money from their accounts was transferred to Pune accounts and that’s how the criminals were traced. gone out immediately to a cyber café and accessed the Citibank accounts of the customers. They got these under the guise of helping the customers out of difficult situations. State of Tamil Nadu Vs Suhas Katti The Case of Suhas Katti is notable for the fact that the conviction was achieved successfully within a relatively quick time of 7 months from the filing of the FIR. It also raises a lot of issues regarding how the police should handle the cyber crime cases and a lot of education is required.com was arrested in December 2004 because a CD with objectionable material was being sold on the website. This opened up the question as to what kind of distinction do we draw between Internet Service Provider and Content Provider. In this case preliminary investigations do not reveal that the criminals had any crime history. The burden rests on the accused that he was the Service Provider and not the Content Provider. We must still ensure such checks when a person is hired. Customer education is very important so customers do not get taken for a ride. However.) of Delhi (2005) 3 Comp LJ 364 (Del) 81 .com case CEO of Bazee. the efficient handling of the case which happened to be the first case of the Chennai Cyber Crime Cell going to 8Avnish Bajaj v State (N. 2. Most banks are guilt of not doing this. Considering that similar cases have been pending in other states for a much longer time. best of background checks can not eliminate the bad elements from coming in and breaching security. There is need for a national ID and a national data base where a name can be referred to.prove the honesty of the call center and has frozen the accounts where the money was transferred. The Mumbai city police and the Delhi Police got into action. Bazee. There is need for a strict background check of the call center executives. The CEO was later released on bail. The CD was also being sold in the markets in Delhi.T.8 3.C. Further the Defence counsel argued that some of the documentary evidence was not sustainable under Section 65 B of the Indian Evidence Act.4680/2004. On 24-3-2004 Charge Sheet was filed u/s 67 of IT Act 2000. the Police traced the accused to Mumbai and arrested him within the next few days.500/-and 82 . She however married another person. Ld. Egmore.C. 469 and 509 IPC before The Hon’ble Addl. On her reluctance to marry him. CMM Egmore by citing 18 witnesses and 34 documents and material objects. 509 IPC and 67 of IT Act 2000 and the accused is convicted and is sentenced for the offence to undergo RI for 2 years under 469 IPC and to pay fine of Rs. On the prosecution side 12 witnesses were examined and entire documents were marked as Exhibits. Based on a complaint made by the victim in February 2004. The Defence argued that the offending mails would have been given either by ex-husband of the complainant or the complainant her self to implicate the accused as accused alleged to have turned down the request of the complainant to marry her. including the witnesses of the Cyber Cafe owners and came to the conclusion that the crime was conclusively proved. The accused was a known family friend of the victim and was reportedly interested in marrying her. Additional Chief Metropolitan Magistrate. The posting of the message resulted in annoying phone calls to the lady in the belief that she was soliciting.trial deserves a special mention. the accused took up the harassment through the Internet. The case related to posting of obscene. However.NO. This marriage later ended in divorce and the accused started contacting her once again. E-Mails were also forwarded to the victim for information by the accused through a false e-mail account opened by him in the name of the victim. The same was taken on file in C. the court relied upon the expert witnesses and other evidence produced before it. delivered the judgement on 5-11-04 as follows: “ The accused is found guilty of offences under section 469. defamatory and annoying message about a divorcee woman in the yahoo message group. 5. Chennai.4000/. The plaintiff filed a suit for permanent injunction restraining the defendant from doing his illegal acts of sending derogatory 9{State of Tamil Nadu Vs. Egmore.500/.9 4.All sentences to run concurrently. the defendant Jogesh Kwatra being an employ of the plaintiff company started sending derogatory. v. After some time the two broke up and the girl created fraudulent email ids such as “Indian barassociations” and sent emails to the boy’s foreign clients. vulgar. a Court of Delhi assumed jurisdiction over a matter where a corporate’s reputation was being defamed through emails and passed an important ex-parte injunction.”The accused paid fine amount and he was lodged at Central Prison. The bank was held liable for the emails sent using the bank’s system. defamatory. R K Malhotra. Suhas Katti. The boy’s company lost a large number of clients and took the bank to court. CMM. SMC Pneumatics (India) Pvt. obscene. The couple exchanged many emails using the company computers. The Bank NSP Case The Bank NSP case is the one where a management trainee of the bank was engaged to be married. This is considered as the first case convicted under section 67 of Information Technology Act 2000 in India. Jogesh Kwatra In India's first case of cyber defamation.for the offence u/s 509 IPC sentenced to undergo 1 year Simple imprisonment and to pay fine of Rs. filthy and abusive emails to his employers as also to different subsidiaries of the said company all over the world with the aim to defame the company and its Managing Director Mr. In this case. She used the banks computer to do this. 83 . Chennai in 2004}. Ltd.and for the offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to pay fine of Rs. Hon'ble Judge of the Delhi High Court passed an exparte ad interim injunction observing that a prima facie case had been made out by the plaintiff. vulgar. Further the defendant is under a duty not to send the aforesaid emails. This order of Delhi High Court assumes tremendous significance as this is for the first time that an Indian Court assumes jurisdiction in a matter concerning cyber defamation and grants an ex-parte injunction restraining the defendant from defaming the plaintiffs by sending derogatory. abusive. defamatory. PARLIAMENT ATTACK CASE Bureau of Police Research and Development at Hyderabad had handled some of the top cyber cases. defamatory. 6. vulgar. abusive and obscene emails either to the plaintiffs or their subsidiaries. Consequently. He further contended that the acts of the defendant in sending the emails had resulted in invasion of legal rights of the plaintiffs. After hearing detailed arguments of Counsel for Plaintiff. Counsel further argued that the aim of sending the said emails was to malign the high reputation of the plaintiffs all over India and the world. It is pertinent to note that after the plaintiff company discovered the said employ could be indulging in the matter of sending abusive emails.emails to the plaintiff. humiliating and abusive emails either to the plaintiffs or to its sister subsidiaries all over the world including their Managing Directors and their Sales and Marketing departments. intimidating. including analysing and retrieving information from the laptop recovered from terrorist. 84 . the Delhi High Court restrained the defendant from sending derogatory. Hon'ble Judge also restrained the defendant from publishing. obscene. transmitting or causing to be published any information inthe actual world as also in cyberspace which is derogatory or defamatory or abusive of the plaintiffs. the plaintiff terminated the services of the defendant. humiliating and defamatory in nature. On behalf of the plaintiffs it was contended that the emails sent by the defendant were distinctly obscene. Further. SONY. which runs a website called www.SAMBANDH. It all began after a complaint was filed by Sony India Private Ltd. Andhra Pradesh Tax Case Dubious tactics of a prominent businessman from Andhra Pradesh was exposed after officials of the department got hold of computers used by the accused person. The owner of a plastics firm was arrested and Rs 22 crore cash was recovered from his house by sleuths of the Vigilance Department. They sought an explanation from him regarding the unaccounted cash within 10 days.sony-sambandh.who attacked Parliament. namely the sticker of the Ministry of Home that they had made on the laptop and pasted on their ambassador car to gain entry into Parliament House and the the fake ID card that one of the two terrorists was carrying with a Government of India emblem and seal. The emblems (of the three lions) were carefully scanned and the seal was also craftly made along with residential address of Jammu and Kashmir. It later revealed that the accused was running five businesses under the guise of one company and used fake and computerised vouchers to show sales records and save tax. 7. targeting Non 85 . was sent to Computer Forensics Division of BPRD after computer experts at Delhi failed to trace much out of its contents.000 vouchers to prove the legitimacy of trade and thought his offence would go undetected but after careful scrutiny of vouchers and contents of his computers it revealed that all of them were made after the raids were conducted. But careful detection proved that it was all forged and made on the laptop.com. The laptop contained several evidences that confirmed of the two terrorists’ motives. The accused person submitted 6. 8. who were gunned down when Parliament was under siege on December 13 2001. The laptop which was seized from the two terrorists.COM CASE India saw its first cybercrime conviction recently. 419 and 420 of the Indian Penal Code. Secondly. The company lodged a complaint for online cheating at the Central Bureau of Investigation which registered a case under Section 418. In May 2002. She gave her credit card number for payment and requested that the products be delivered to Arif Azim in Noida. The transaction closed at that. a judgment of this 86 . The matter was investigated into and Arif Azim was arrested. After following the relevant procedures of due diligence and checking. The judgment is of immense significance for the entire nation. a lenient view needed to be taken. The court therefore released the accused on probation for one year. The court convicted Arif Azim under Section 418. felt that as the accused was a young boy of 24 years and a first-time convict. The company undertakes to deliver the products to the concerned recipients. while working at a call centre in Noida gained access to the credit card number of an American national which he misused on the company’s site. The CBI recovered the colour television and the cordless head phone In this matter. Besides being the first conviction in a cybercrime matter. the CBI had evidence to prove their case and so the accused admitted his guilt. however. the company took digital photographs showing the delivery being accepted by Arif Azim. At the time of delivery. the company delivered the items to Arif Azim. The website enables NRIs to send Sony products to their friends and relatives in India after they pay for it online. but after one and a half months the credit card agency informed the company that this was an unauthorized transaction as the real owner had having made the purchase. it has shown that the the Indian Penal Code can be effectively applied to certain categories of cyber crimes which are not covered under the Information Technology Act 2000. someone logged onto the website under the identity of Barbara Campa and ordered a Sony Colour Television set and a cordless head phone. The court. Investigations revealed that Arif Azim.Resident Indians. 419 and 420 of the Indian Penal Code — this being the first time that a cybercrime has been convicted. The payment was duly cleared by the credit card agency and the transaction processed. identity or password is misused. Personal data so collected by misrepresenting the identity of the legitimate party is commonly used for the collecting party’s advantage. The high court recognised the trademark rights of the plaintiff and passed an ex-parte ad interim 87 . passwords. etc. 9.sort sends out a clear message to all that the law cannot be taken for a ride. The plaintiff in this case was the National Association of Software and Service Companies (Nasscom). entailing an injunction and recovery of damages. it held phishing to be an illegal act by defining it under Indian law as “amis representation made in the course of trade leading to confusion as to the source and origin of the e-mail causing immense harm not only to the consumer but even to the person whose name. such as a bank or an insurance company in order to extract personal data from a customer such as access codes. The defendants were operating a placement agency involved in head-hunting and recruitment. delivered in March. Ajay Sood & Others In a landmark judgment in the case of National Association of Software and Service Companies vs Ajay Sood & Others. The Delhi HC stated that even though there is no specific legislation in India to penalise phishing. by way of an example. Nasscom vs. in order to lay down a precedent in India. which they could use for purposes of headhunting. the court stated that it is a form of internet fraud where a person pretends to be a legitimate association. Elaborating on the concept of ‘phishing’. In order to obtain personal data. ‘05. court also stated. the Delhi High Court declared `phishing’ on the internet to be an illegal act. that typical phishing scams involve persons who pretend to represent online banks and siphon cash from e-banking accounts after conning consumers into handing over confidential banking details. the defendants composed and sent e-mails to third parties in the name of Nasscom.” The court held the act of phishing as passing off and tarnishing the plaintiff’s image. India’s premier software association. This case achieves clear milestones: It brings the act of “phishing” into the ambit of Indian laws even in the absence of specific legislation. Subsequently. the fictitious names were deleted from the array of parties as defendants in the case. According to the terms of compromise. The court further restrained the defendants from holding themselves out as being associates or a part of Nasscom. to avoid recognition and legal action. On discovery of this fraudulent act. During the progress of the case. The court appointed a commission to conduct a search at the defendants’ premises. The offending e-mails were then downloaded from the hard disks and presented as evidence in court. Two hard disks of the computers from which the fraudulent e-mails were sent by the defendantsto various parties were taken into custody by the local commissioner appointed by the court. The court also ordered the hard disks seized from the defendants’ premises to be handed over to the plaintiff who would be the owner of the hard disks. the company in which Mr Karan Bahree 88 . 10. It clears the misconception that there is no “damages culture” in India for violation of IP rights. Infinity e-Search BPO Case The Gurgaon BPO fraud has created an embarrassing situation for Infinity e-Search. the defendants admitted their illegal acts and the parties settled the matter through the recording of a compromise in the suit proceedings.6 million to the plaintiff as damages for violation of the plaintiff’s trademark rights. This case reaffirms IP owners’ faith in the Indian judicial system’s ability and willingness to protect intangible property rights and send a strong message to IP owners that they can do business in India without sacrificing their IP rights. the defendants agreed to pay a sum of Rs1.injunction restraining the defendants from using the trade name or any other name deceptively similar to Nasscom. it became clear that the defendants in whose names the offending e-mails were sent were fictitious identities created by an employee on defendants’ instructions. The company has also said that it had nothing to do with the incident. In this era of convergence the definition of „communication device‟ and „intermediary‟ have been rightly inserted/revisited and validity of e-contracts is reinforced by insertion of Section 10 A. A British newspaper had reported that one of its undercover reporters had purchased personal information of 1. who was reportedly involved in the case has denied any wrongdoing. In this sort of a situation we can only say that the journalist has used "Bribery" to induce a "Out of normal behavior" of an employee. This is not observation of a fact but creating a factual incident by intervention. the employee of Infinity eSearch. The fact that the CD contained such data is itself not substantiated by the journalist. However. Investigation is still on in this matter.  CONCLUSION & SUGGESTIONS: The IT( Amendment ) Act. Plethora of new cyber crimes have been incorporated under chapter XI as offences under the amended Act to combat growing kinds of cyber crimes particularly. India is now technologically neutral with electronic signatures replacing the requirement of digital signatures .2008 from an overall perspective has introduced remarkable provisions and amendments that will facilitate the effective enforcement of cyber law in India. 89 . offered a job. a New Delhi-based web designing company.000 British customers from an Indian call-center employee. Section 46(5) of the IT Act is a welcome provision that empowers the Adjudicating officers by conferring powers of execution on the office of Adjudicating officer at par with a civil court. In the instant case the journalist used an intermediary. requested for a presentation on a CD and later claimed that the CD contained some confidential data.was employed. employing the strategies recommended below can facilitate the enforcement of cyber laws in our country – i.serious crimes such as child pornography. Educating the common man and informing them about their rights and obligations in Cyberspace. However. These are some of the challenges that cyber law enforcement teams will be faced with The power of interception of traffic data and communications over internet will need to be exercised in strict compliance of rules framed under respective Sections in the Act conferring such powers of monitoring. The practical reality is that most people are ignorant of the laws of the cyberspace. Having discussed the new amendments and challenges before Indian cyber law regime . Many of the offences added to the Act are cognizable but bailable which increases the likelihood of tampering of evidence by cybercriminal once he is released on bail. collection . and cyber terrorism. The police must therefore play a vigilant role to collect and preserve evidence in a timely manner .For this . the police force will need to be well equipped with forensic knowledge and trained in cyber laws to effectively investigate cybercrime cases. The introduction of Examiner of Electronic Evidence will also aid in effective analysis of digital evidence & cybercrime prosecution. different kinds of cybercrimes. including the Judiciary 90 . Power for blocking websites should also be exercised carefully and should not transgress into areas that amounts to unreasonable censorship. decryption or interception. liability of ISPs has been revisited and onus shall lie on complainant to prove lack of due diligence or presence of actual knowledge by intermediary as proving conspiracy would be difficult. The Intermediaries have been placed under an obligation to maintain and provide access to sensitive information to appropriate agencies to assist in solving cybercrime cases under Section 67C. and forums for redressal of their grievances. There is an imperative need to impart the required legal and technical training to our law enforcement officials. Section 69. Accessibility is one of the greatest impediments in delivery of speedy justice. The investigation of cybercrimes and prosecution of cybercriminals and execution of court orders requires efficient international cooperation regime and procedures. trial of such offences and conviction is a difficult proposition. Trained and well-equipped law enforcement personnel . without a duly signed extradition treaty or a multilateral cooperation arrangement. India assumes prescriptive jurisdiction to try accused for offences committed by any person of any nationality outside India that involves a computer. every local police station should have a cybercrime cell that can effectively investigate cybercrime cases . The reporting and access points in police department require immediate attention. ii. v. Also we have only one Government recognized forensic laboratory in India at Hyderabad which prepares forensic reports in cybercrime cases. In domestic territory.2000.at local. IT 91 . iii.2000 no guidelines exist for ISPs to mandatorily store and preserve logs for a reasonable period to assist in tracing IP addresses in Cybercrime cases. state. Further under Section 79 of the IT Act . iv.and the Police officials to combat the Cybercrimes and to effectively enforce cyber laws . We need more such labs to efficiently handle the increasing volume of cybercrime investigation cases. computer system or network located in India. Although Section 1(2) read with Section 75 of the IT Act. proper investigation. mutual cooperation and prosecution of cybercases. and global levels can ensure proper collection of evidence. on the enforcement front. This needs urgent attention and prompt action. crime based on electronic offences are bound to increase and the law makers have to go the extra mile compared to the fraudsters. they come into the gamut of cyber crime and become punishable offences. Hence. but falling into the wrong hands with a criminal intent who are out to capitalize them or misuse them. 92 . it should be constant endeavour of rules to keep the crimes lowest. Trojan Horse. Technology is always a double-edged sword and can be used for both the purposes – good or bad. (few of which were briefly pointed out in this paper) which will surface while the amendments are tested on the anvil of time and advancing technologies! To sum up. law makers and investigators ii) Internet or Network Service Providers or banks and other intermediaries and iii) the users to take care of information security playing their respective role within the permitted parameters and ensuring compliance with the law of the land. Especially in a society that is dependent more and more on technology.(Amendment) Act. Scavenging (and even DoS or DDoS) are all technologies and per se not crimes. it should be the persistent efforts of rulers and law makers to ensure that technology grows in a healthy manner and is used for legal and ethical business growth and not for committing crimes. to keep them at bay. It should be the duty of the three stake holders viz i) the rulers. 2008 is a step in the right direction . however. though a crime-free society is Utopian and exists only in dreamland. there are still certain lacunae in the Act. Steganography. regulators.
Copyright © 2024 DOKUMEN.SITE Inc.