INFORMATION TECHNOLOGY LAW
INFORMATION TECHNOLOGY
Information Technology means the use of hardware, software, services, and supporting
infrastructure to manage and deliver information using voice, data, and video.
Included in Information Technology
All computers with a human interface
All computer peripherals which will not operate unless connected to a computer or network
All voice, video and data networks and the equipment, staff and purchased services necessary
to operate them
All salary and benefits for staff whose job descriptions specifically includes technology
functions, i.e. network services, applications development, systems administration
All technology services provided by vendors or contractors
Operating costs associated with providing information technology
All costs associated with developing, purchasing, licensing or maintaining software
Excluded from Information Technology
"Closed/stand-alone" computer systems that monitor or automate mechanical or chemical
processes, such as the fire alarm system in the capitol building.
Audio-visual equipment which can be operated as a standalone piece of equipment, such as
televisions, tape recorders, VCRs, video cameras, and overhead projectors. Stand-alone video
editing equipment is excluded.
Copy machines and fax machines.
Licenses or subscriptions to electronic information provided to users in lieu of books or
magazines.
Salaries of staff who use technology but are not directly involved in developing, implementing
or supporting technology as documented on their job description questionnaire (JDQ). Data
entry staff, staff who digitize drawings, staff who do desktop publishing are excluded. "Power
users" who use advanced features of spreadsheets or word processing software are excluded.
Data entry services
Basic concepts of Informa on technology:
Informa on technology is the u liza on of computers to manipulate, disseminate, retrieve, and store
data and informa on. Informa on is a resource which has no value un l it is extracted, processed and
u lized. Informa on technology deals with informa on system, data storage, access, retrieval, analysis
and intelligent decision making.
Cyberspace
Cyberspace refers to the virtual computer world, and more specifically, an electronic medium
that is used to facilitate online communication. Cyberspace typically involves a large
computer network made up of many worldwide computer subnetworks that employ TCP/IP
protocol to aid in communication and data exchange activities.
In the common IT lexicon, any system that has a significant user base or even a well-designed
interface can be thought to be “cyberspace.”
The term cyberspace was initially introduced by William Gibson in his 1984
book, Neuromancer. The term is used to describe any facility or feature that is linked to the
Internet. People use the term to describe all sorts of virtual interfaces that create digital
realities.
Another prime example of cyberspace is the online gaming platforms advertised as massive
online player ecosystems. These large communities, playing all together, create their own
cyberspace worlds that exist only in the digital realm, and not in the physical world,
sometimes nicknamed the “meat space.”
The cyberspaces that we have created are pretty conformist and one-dimensional, relative to
what could exist. In that sense, cyberspace is always evolving, and promises to be more
diverse in the years to come.
Need For Cyber Law
Internet was ini ally developed as a research and informa on sharing tool and was in an
unregulated manner. Now it became more transac onal with e-business, e-commerce, egovernance and e-procurement etc. All legal issues related to internet crime are dealt with
through cyber laws
INTERFACE OF TECHNOLOGY AND LAW
Relationship between science, technology, and law
Law and science have a complicated relationship. Science is the systematic approach that
builds and organizes knowledge in the form of testable explanations and predictions about
the universe. Law refers to the system of rules which have been laid down by the social
institutions to regulate the actions of members and it may enforce such behaviour by the
imposition of penalties. However, with the growth of scientific and technological advances,
law, and science became interdependent on each other. Law seeks to curb the impacts of
science and technology which revolve around aspects such as risks, benefits, and ethical
implications.
Science and law are co-dependent on each other despite being two different disciplines in
modern society with the advances in science and technology.
Effects of science and technology on law
Science and technology have substantive as well as the procedural effect on the law. On the
substantive side, new scientific evidence and methodology can change the course of legal
claims and their outcomes, i.e., forensic science has opened new avenues in criminal law
while creating a myriad of legal, ethical, and social issues.
And on the procedural aspect of the law, it lays down how DNA samples should be collected
and stored, how genetic information may be used, when are convicted criminals allowed to
reopen their cases, etc.
Effects of law on science and technology
United States Congress enacted the Data Quality Act which imposes a series of substantive
and procedural requirements on scientific methodology. These developments indicate a
trend of growing legal intrusion on science and technology.
Division of the field into three primary standards
Different formulations exist for examining the law, science, and technology. There exist three
primary standards of the division of the field.
1. The role of the law in managing the impacts of science and technology which includes
controlling the risks, promoting the benefits, and addressing ethical implications.
2. The institutions of law and science examine how the law affects the practice of
scientific research as well as the reciprocal relationship that determines how science
and technology influence the law.
3. General inquiry into the problems and tensions which emerge from the intersection of
law with science and technology.
Ethical implications of technology
The law attempts to resolve moral issues in a socially acceptable manner. In various cases,
courts have considered their authority while giving a decision in ethical aspects of
controversial technological developments. Even when courts exclude ethical considerations,
they often remain the primary reason for litigation which is fought before the court in sociolegal grounds.
Legal v. scientific standards
A heated debate topic in the field of law, science, and technology states whether the law
should apply scientific standards and methods of proof, or apply its standards to scientific
evidence. An example is the concept of statistical significance, where the standard scientific
convention is that a result will be considered statistically significant if the probability of the
result being observed by chance alone is less than 5%. Legal experts argue that law should
apply a more lenient standard in cases of civil litigation where the standard of proof is
predominant of the evidence.
However, it is essential for the court to understand scientific methodologies while deciding
on cases that involve science and technology. In the case, Daubert v. Merrell Dow
Pharmaceuticals, Inc., the United States Supreme Court held that courts must guarantee that
scientific testimony must have grounding methods of science and procedures which have
derived from scientific methods.
Challenges faced by law in the field of science and technology
According to Moore’s Law, which predicts that the number of transistors on microchips will
double every two years. The law, on the contrary, is less dynamic in nature as it has to go
through a technical statutory process in order to keep up with the scientific developments.
Statutes can easily become outdated and case laws are also slow to adapt to the scientific and
technological developments due to the binding effect of past precedents. Therefore, it results
in the law being based on outdated scientific assumptions or fails to adapt to recent scientific
and technological knowledge. It is essential for the law to adapt to advancing science and
technology and incorporate adaptive legal regimes to keep up with science and technology.
JURISDICTION IN CYBER SPACE AND JURISDICTION IN TRADITIONAL SENCE
Issues of Internet jurisdiction stay a critical test for the use of law in the online atmosphere.
This is to give an available prologue to jurisdiction as it applies to the Internet.
Internet and Jurisdiction is the worldwide multi-stakeholder strategy network tending to the
strain between the cross-line Internet and national jurisdictions. Customary methods of
legitimate participation battle to determine the jurisdiction strains.
Extreme application of the rule of territoriality and the effort of computerized power put the
worldwide local area on a risky path whenever utilized on a worldwide scale.
If nothing is done, this lawful weapons contesting could prompt serious difficulties for the
worldwide computerized economy, basic liberties, online protection, and the specialized
Internet foundation.
The twenty-first century advanced real factor challenges and conventional methods of
worldwide legitimate participation, uncovering an institutional hole in Internet jurisdiction
that might be tackled by drawing lessons from the technical governance of the Internet.
Safeguarding the global character
Jurisdic on in Cyber Space
The nature of cyberspace has challenged the tradi onal no on of jurisdic on of court world
over.
Jurisdic on is the power of State to regulate the conduct of its subjects by legisla ons,
adjudica on and enforcement. The current module only deals with the adjudica ve
jurisdic on of court prescribe by State to resolve issues and fix the liability of par es.
Cyber Jurisdic on or Jurisdic on in Cyber Space- In simple terms, is the extension of
principles of interna onal jurisdic on into the cyberspace. Cyberspace has no physical
(na onal) boundaries. It is an ever-growing exponen al and dynamic space. With a ‘click of a
mouse’ one may access any website from anywhere in the world. Since the websites come
with ‘terms of service’ agreements, privacy policies and disclaimers – subject to their own
domes c laws, transac ons with any of the websites would bind the user to such agreements.
And in case of a dispute, one may have recourse to the ‘private interna onal law. In case the
“cyberspace offences” are either commi ed against the integrity, availability and
confiden ality of computer systems and telecommunica on networks or they consist of the
use of services of such networks to commit tradi onal offences, then one may find oneself in
the legal quagmire. The ques on is not only about mul ple jurisdic ons but also of problems
of procedural law connected with informa on technology. The requirement is to have broad
based conven on dealing with criminal substan ve law ma ers, criminal procedural
ques ons as well as with interna onal criminal law procedures and agreements.
Concept Of Jurisdic on
The concept of jurisdic on of a court emanates from the Sovereignty theory and Territorial
Theory of State. The authority of a court to hear a case and resolve a dispute involving person,
property and subject ma er is referred as the jurisdic on of that court. It is the legisla ve
func on of the Government to enact laws and judicial and/or administra ve func on to
enforce those laws. Thus, the principles of jurisdic on followed by a State must not exceed
the limits which interna onal law places upon its jurisdic on. These principles of jurisdic on
are enshrined in the cons tu on of a State and part of its jurisdic onal sovereignty. All
sovereign independent States possess jurisdic on over all persons and things within its
territorial limits and all causes, civil and criminal, arising within these limits.
TYPES OF JURISDICTIONS
There are different types of jurisdic ons
Enforcement Jurisdic on The power of a state to inves gate, arrest, prosecute, punish, or
otherwise enforce the law against persons present within its territory or aboard vessels or
aircra bearing its na onality.
Adjudica ve Jurisdic on. The jurisdic on (or authority) of the adjudicator is essen ally their
power to make decisions in rela on to the par es' rights. An 'adjudicator's jurisdic on' is also
o en used to refer to the scope of what they are en tled to decide, i.e. the dispute contained
in the No ce of Adjudica on.
Legisla ve Jurisdic on is the right of a State to prescribe the norma ve standards for the
regula on of its subjects. However, the State has to take into considera on the limita on of
interna onal law in the exercise of jurisdic on in cases that involve non territory en es. The
prescrip ve jurisdic on of state is not unlimited as the State would not like to prescribe a
conduct for the enforcement of which there is no basis in the prac cal aspect. In fact,
unlimited power of prescrip on measures will seriously undermine the sovereign authority of
the other State. As per the interna onal customary norms the State is obliged not to interfere
in any form or for any reason whatsoever in the internal and external affairs of other State.
Therefore, generally State adopts the principle of territoriality or effects doctrine and the
legisla ve power of the State.
Personal Jurisdic on: The authority of a court to hear and decide a dispute involving the
par cular par es before it. Types of Personal Jurisdic on
Personal Jurisdic on may be further classified into following 2 types:
General Jurisdic on - The “general” jurisdic on subjects a person to the power of the
applicable court with respect to any cause of ac on that might be brought. It has historically
relied on very close contacts of the person with the state, such as residency or domicile within
the state, physical presence in the state at the me of service of process, or some other
substan al “con nuous and systema c” contact with the forum state
Specific Jurisdic on - The “specific” jurisdic on, refers to the power of the applicable court
with respect to a par cular cause of ac on based upon some set of “minimum contacts” with
the forum state that relate to that cause of ac on.
Subject Ma er Jurisdic on: The authority of a court to hear and decide a par cular dispute
before it.
Original Jurisdic on: The authority of a court to hear and decide a case in the first instance
over the authority of other courts. For example, trial courts are courts of original jurisdic on
in many cases.
Appellate Jurisdic on: The authority of a court to review a prior decision in the same case by
another “lower” court
The jurisdic on is to be based on different principles and theories and tests:
Jurisdic on is the basic rule of fair play which is essen ally two-dimensional in both civil and
criminal ma ers. While in civil ma ers it comprises of; subject- ma er jurisdic on and
personal jurisdic on, in criminal ma ers it is personal and territorial, related to the place of
commission of crime. As regarding civil jurisdic on, variable rules are found when contractual,
consumer, copyright, intellectual property and trademark disputes are concerned. Wherever
overlapping jurisdic ons were manifested in li ga ons, they were resolved by resor ng to
theories like choice of law rule and minimum contacts theory
Subjec ve territoriality Under the subjec ve aspect of territorial jurisdic on a sovereign is
recognized as having the power to adopt criminal laws that apply to crimes that are physically
commi ed within his territorial borders. As other states make inadequate adjudica on hence
the state extend the subjec ve territorial principle and expand their Net to bring the culprit
within their domes c laws. The said principle extends jurisdic on to ac vi es which
commence within a State’s geographical territory but completed or consummated in other
territories. So, for example, the United Kingdom can adopt a statute that makes it a crime for
anyone to commit an act of murder within its borders.
Objec ve territoriality – Under the objec ve aspect of territorial jurisdic on a sovereign is
recognized as having the power to adopt a criminal law that applies to crimes that take effect
within its borders even if the perpetrator performs the act outside of its borders. In other
words, under this principal jurisdic on of the State is extended to those acts that are
commenced in another state’s territory but either (a) Consummated or completed in its own
land or (b) Such ac vi es produce harmful effects in the territory of the party extending
jurisdic on. The consumma on of ac vity factor is complemented to the subjec ve territorial
principle.
Principle of Na onality: It applies where the alleged offender is a na onal of the State, the
laws of which have been violated by his acts. In India, according to IPC, an Indian na onal is
liable to prosecu on in India for an offence commi ed in a foreign country which is punishable
under Indian law. (Sec 3) Punishment of offences commi ed beyond, but which by law may
be tried within, India. —Any person liable, by any [Indian law] to be tried for an offence
commi ed beyond [India] shall be dealt with according to the provisions of this Code for any
act commi ed beyond [India] in the same manner as if such act had been commi ed within
[India]
Principle of passive personality- The passive personality principle gives jurisdic on to a State
over the ac vi es of foreigners which harms the na onals of that foreign state. This test is
detested by customary interna onal law too and in the Lotus case the Turkey Statute jus fied
the jurisdic on
Principle of Universality. Universal Jurisdic on: Another form of assuming jurisdic on is
known as universal jurisdic on or the universal interest jurisdic on. As the name points out,
this jurisdic on is assumed by any State to prosecute an offender for acts which are known
universally by interna onal law to be a heinous crime, i.e., hijacking, child pornography, cyber
terrorism etc. A cyber-criminal can be prosecuted by any country based on universal universal
interest jurisdic on.
Protec ve Principle- As the term suggests this principle comes to play where security of any
state endangered by the act of any foreign na onal. According to the principle a state has
jurisdic on in respect of “certain conduct outside its territory by persons that directed against
the security of the state or against a limited class of other state interests.
Tests to determine jurisdic ons:
1.Minimum Contacts theory
2.Effects test or Calder Effect Test
3.Personal Jurisdic on Theory
4.Sliding scale theory or"Zippo"Test
5.Choice of law theory
6.Country-of -origin or Country of des na on theory
7.Forum Selec on Theory
8.Internet Jurisdic on “Lex loci delic “rule
1.Minimum Contacts theory
Minimum contact rule establishes that so long as a corpora on had a degree of contact within
the state bringing suit, they are subject to the laws of the state and can be sued by and within
the forum state in court. Examples of minimum contacts include conduc ng business within
the state, incorpora ng in the state, and visi ng the state. The theory was laid down in a
landmark case i.e., Interna onal Shoe Co. v. Washington, 326 U.S. 310 (1945). There was a
landmark decision of the Supreme Court of the United States in which the Court held that a
party, par cularly a corpora on, may be subject to the jurisdic on of a state court if it has
"minimum contacts" with that state. The ruling has important consequences for corpora ons
involved in interstate commerce. It was held: Suit cannot be brought against an individual
unless they have minimum contacts with the forum state.
Following Interna onal Shoe, courts have generally applied a three- part test in evalua ng
minimum contacts sufficient for jurisdic on:
(1) The non-resident defendant must do some act or consummate some transac on with the
forum or perform some act by which he purposefully avails himself of the privilege of
conduc ng ac vi es in the forum, thereby invoking the benefits and protec ons.
(2) the claim must be one which arises out of or results from the defendant's forum-related
ac vi es; and
(3) exercise of jurisdic on must be reasonable
2. Effects test or Calder Effect Test The theory was laid down in a landmark case i.e., Calder v.
Jones, 465 U.S. 783 (1984), It was a case in which the United States Supreme Court held that
a court within a state could assert personal jurisdic on over the author and editor of a na onal
magazine which published an allegedly libellous ar cle about a resident of that state, and
where the magazine had wide circula on in that state. Held that a state's courts could assert
personal jurisdic on over the author or editor of a libellous ar cle, where the author or editor
knew that the ar cle would be widely circulated in the state where the subject of the ar cle
would be injured by the libellous asser on. Held that California courts had jurisdic on over
the defendant
Fact of the case: The plain ff, actress Shirley Jones sued the defendants, the Na onal Enquirer,
its distributor, the writer of the ar cle, and Calder, the editor-in-chief of the magazine, over
an October 9, 1979 ar cle in which the Enquirer alleged that Jones was an alcoholic. Jones
lived in California, and although the Enquirer ar cle had been wri en and edited in Florida,
Jones filed her lawsuit in a California state court. Jones asserted that the court had jurisdic on
based on the large circula on Enquirer enjoyed in California. Held that California courts had
jurisdic on over the defendant.
Following condi ons needs to be sa sfied(a) an inten onal ac on,
(b) that was expressly aimed at the forum state,
(c) with knowledge that the brunt of the injury would be felt in the forum state.
If a court finds that a defendant's ac ons meet the standard of purposeful direc on, then
personal jurisdic on may be asserted based on Internet ac vi es which do not meet the
requisite level of interac vity or minimum contacts needed for other tests of personal
jurisdic on in Internet cases.
3.Personal Jurisdic on Theory All the person living within a defined area fall under the
jurisdic on of court concerned. But the dispute takes place when the party or par es live out
of its jurisdic onal territory or even out of the said poli cal en ty or country. This jurisdic on
receives a definite setback in the internet arena as in it, almost in every country there are a
number of cases, civil or criminal in which one party or the accused is a resident of another
country. However, this tradi onal theory was slightly twisted by the court in Zippo
manufacturing Co. V. Zippo Dot Com Inc. Which propounded the “sliding scale” theory which
said that the nature of the defendant ac vity is the decisive factor in determining jurisdic on.
Website which is passive, does not entail personal jurisdic on.
4. Sliding scale theory or "Zippo" Test has been generally accepted as the standard in Federal
Courts in deciding personal jurisdic on in Internet cases. Such cases are now primarily decided
based on a determina on of the website's "interac vity". Courts have held that the greater
the commercial nature and level of interac vity associated with the website, the more likely
it is that the website operator has "purposefully availed itself" of the forum state's jurisdic on
5. Choice of law theory There is a choice of laws op on in case of conflict of law situa on.
There are in the physical world a number of approaches which govern the transna onal
disputes; for example, the “choice of law methodologies to mi gate the “spill over effects”,
the rule of interna onal law, etc.
6. Country-of -origin or Country of des na on theory There are divergent opinions regarding
the rules country- of- des na on applicable to online commercial ac vity as the business
house is required to answer in a law court a few 100 miles away for noncompliance with the
law of that country. Then it will become not only imprac cal for the entrepreneur to run
business in this way but it will also have to be on an extra charge to face a li ga on outside
and away from their own jurisdic on.
7. Forum Selec on Theory In fact, the par es may themselves agree beforehand that for
resolu on of their disputes, they would either approach any of the available courts of natural
jurisdic on or to have the disputes resolved by a foreign court of their choice as a neutral
forum according to the law applicable to that court. In Modi Entertainment Network v. W.S.G.
Cricket Pvt. Ltd., it was held that it is a wellse led principle that by agreement the par es
cannot confer jurisdic on where none exists, on a court to which CPC applies, but this
principle does not apply when the par es agree to submit to the exclusive or non-exclusive
jurisdic on of a foreign court
8.Internet Jurisdic on “Lex loci delic “rule( law of the place where the delict [tort] was
commi ed" in the conflict of laws.)
“Cyber Crimes have extraterritorial aspect.” In the pre-Internet period, personal jurisdic on
was understood in terms of territoriality. The Physical Presence Theory (service within
jurisdic on) is one of the core theories on which a court may claim to exercise jurisdic on
over a defendant. Cyber space is a broad term which includes computers, networks, so ware,
data storage devices, the Internet, websites, emails and even electronic devices such as cell
phones, ATM machines etc. When one is online, one is almost everywhere. Tradi onal
interpreta ons spelled limita ons be it subject ma er related or territorial, in the internet
Age it means earth wide. As a single act on the net is the work play of several par cipants, as
there are website owners, the online intermediaries, the host, the author or creator of a piece
of wri ng or painter, etc, the corporate, the end user and so on. Hence a single infrac on or
wrong may involve all or some of these and again as the nature of Net goes, it is quite possible
that all of these come from various countries and hence, from various jurisdic on, In such a
case , even if one applies tradi onal principles of jurisdic on some of these may fall in
different jurisdic on by virtue of subject ma er jurisdic on and some may fall under yet
another jurisdic on due to personal jurisdic on and yet some of the par cipants may remain
uncovered by these principles. This leads to the birth of a law of cyberspace based on private
contrac ng on a global basis and enforced by a combina on of the SYSOP’s (system operators)
ul mate right to banish unruly users and the users ul mate right to migrate to other online
service providers (such as ISPs).
Tradi onal theories of jurisdic on are inapplicable to the Internet due to the following
reasons:
1.material posted on the internet has worldwide audience;
2.It is easy to move website from one territory to another;
3. A website can be hosted on one area, but directed at users in another geographic loca on;
4.Parts of a website may be hosted in one area, while other parts of the websites are hosted
in another loca on; and
5.It is not always possible to determine where a website or user is located.
Areas of conflict : Tradi onally no ons of jurisdic on and the Internet The advent of internet
culture gave the concept of a virtual world called as Cyber space which is basically a virtual
environment created by interconnected computers and computer networks on internet
without any boundary of distance and physical limita ons and overturned the century-old
established theories of jurisdic on which were deeply rooted in the territorial and physical
concept. While the Internet absolutely negates tangibility and terrestrial forms; applicability
of laws of the physical world are bound to face unprecedented legal hardship
The main areas of conflict are discussed in the subsequent sec ons
Inter- sovereign conflict - Extension of laws of one State to another has been an unimageable
concept unless it is backed by some treaty between the two states. For the Internet
environment, this is the first requirement as the borderless cyberspace has no established
norms.
Hypothe cal situa on- X, a physician registered in the UK, diagnoses and prescribes medicine
through a website to pa ents in India. A dispute thus arising between X and any pa ent in
India, an Indian court can claim subject ma er jurisdic on over the ma er and issue, either
summon or warrant to X to achieve his presence in the court saying that X is trea ng pa ents
in India without being formally registered here. This situa on will obviously give rise to a
conflict between UK and India and according to the tradi onal no on of sovereignty, both the
countries are righ ully exercising their jurisdic on and authority over the ma er. This conflict
has actually occurred in several cases like Yahoo! Inc. V. Ligue Contre Racisme et
L’An semi sme, United States v. Thomas, etc
Over inclusiveness- The tradi onal view rests on the concept that every sovereign state has
unques onable authority within its geographical limits but when a website is created, the
server is physically located within the boundaries of the state concerned. While as State, as
according to the tradi onal no ons, has legi mate control over its subjects and over the
physical infrastructure of the Internet (server, etc.), the par cular web page being visible in
any part of the globe, all the 300 states of the planet may have; applying the same tradional
no ons equal authority and interest.
Under inclusiveness- In this dimension of tradi onal theories States are forbidden to cross
the limit in in case of dispute arises between the par es from two different jurisdic on. It
shuns the Idea of crossing these boundaries and advocates the limits of a state’s authority
within its territorial boundaries. Thus, the under-inclusiveness of tradi onal concepts is
revealed because the States that want to regulate internet ac vi es cannot effec vely enforce
their laws against “purveyors of harmful material through the Internet” who are located
outside their territorial borders.
Indian Context of Jurisdic on. In Indian context the Code of Civil Procedure and Criminal
Procedure Code incorporates the jurisdic on of the Court in the case na onal and
interna onal aspects of issues. In case of India the general jurisdic on rules are contained in
Code of Civil Procedure, 1908.The Code has specific jurisdic on provisions rela ng to
moveable, immoveable property in sec on 16 to 18. In case of moveable property, the
jurisdic onal rule is mostly defendant centric and in case of immoveable property it is the lex
situs rule prevails i.e., the law of the forum where the property situated. Sec on 20 of the
Code covers the interna onal jurisdic on and has interpreted in the internet related cases
Jurisdic on under the IT Act, 2000
The substan ve source of cyber law in India is the Informa on Technology Act, 2000 (IT Act)
which came into force on 17 October 2000. The objec ve of the Act is to provide legal
recogni on to e- commerce and to facilitate storage of electronic records with the
Government.
• The State legisla ve enactments primarily reflect its prescrip ve jurisdic on. For example,
the IT Act, 2000 provides for prescrip ve jurisdic on as it States: “The provisions of this Act
shall apply also to any offence or contraven on commi ed outside India by any person
irrespec ve of his na onality.”.
• Further this Act shall apply to an offence or contraven on commi ed outside India by any
person if the act or conduct cons tu ng the offence or contraven on involves a computer,
computer system or computer network located in India.
• It is the legisla ve func on of the Government to enact laws and judicial and/or
administra ve func on to enforce those laws. Thus, the principles of jurisdic on followed by
a State must not exceed the limits which interna onal law places upon its jurisdic on.
The IT Act under the Sec 1(2) & Sec 75 of the Act incorporates the effect test of jurisdic on.
The IT Act also penalizes various cybercrimes and provides strict punishments. In pursuant to
this there are certain provision under this act which renders the idea of jurisdic on of court
for the trial of cases pertaining cyber-crimes in India as well as outside India.
Provisions of IT Act are as follows:
Sec 1 specifies the extent of the applica on of this act. It states that: (2) It shall extend to the
whole of India, save as otherwise provided in this Act, it applies also to any offence or
contraven on thereunder commi ed outside India by any person.
Sec 46 of the Act renders power to adjudicate in case of contraven on of any provision of this
act and for the purpose adjudging it provides for the appointment of adjudica ng officer who
is vested with the powers of civil courts which are conferred on the Cyber Appellate Tribunal
Sec 48 of the act provides for the Establishment of Cyber Appellate Tribunal (1) The Central
Government shall, by no fica on, establish one or more appellate tribunals to be known as
the Cyber Regula ons Appellate Tribunal.
Sec. 61 Civil Court not to have Jurisdic on. No Civil Court shall have jurisdic on to entertain
any suit or proceeding in respect of any ma er which an adjudica ng officer or the Cyber
Appellate Tribunal is empowered to determine under this Act. No court shall grant injunc on
in respect of any ac on taken or to be taken in pursuance of any power conferred by or under
this Act.
Sec 62 Deals with appeal to High Court. Any person aggrieved by any decision or order of
Cyber Appellate Tribunal may file an appeal to the High Court within 60 days from the date of
communica on of such decision or order. The High Court may allow it to be filed within a
further period of 60 days, if it is sa sfied that sufficient cause prevented him from filing the
appeal within the prescribed period.
Sec 75 deals with the provisions of the act to apply for offences or contraven on commi ed
outside India. It states that: any offence or contraven on commi ed outside India by any
person irrespec ve of his na onality. For the purpose of sub sec on (1), this act shall apply to
an offence or contraven on commi ed outside India by any person if the act or conduct
cons tu ng the offence or contraven on involves a computer, computer system or computer
network located in India.
The IT Act 2000 seems exhaus ve when it comes to adjudicate the ma er where the par es
are Indian ci zen and the offence or any contraven on has been commi ed in India as the
Indian Courts follow the principle of lex foris that means the law of the country but it s ll
creates confusion in order to exercise its extra territorial jurisdic on where the offence has
been commi ed outside India or by any non-ci zen. For instance, if an American ci zen
damaged the reputa on of one of the Indian Poli cian by publishing lewd comments through
the social media and the aggrieved person approached to Indian court for the jus ce. It is
obvious that IT act, 2000 provides for extra territorial jurisdic on but the issue arises here
that how far would it be effec ve to bring the American ci zen to India to be prosecuted for
cyber defama on as the IT Act is not applicable to the American ci zen. Jurisdic on is a major
issue which is not sa sfactorily addressed in the ITA or ITAA. Jurisdic on has been men oned
in Sec ons 46, 48, 57 and 61 in the context of adjudica on process and the appellate
procedure connected with and again in Sec on 80 and as part of the police officers’ powers
to enter, search a public place for a cyber-crime etc. In the context of electronic record, Sec on
13 (3) and (4) discuss the place of dispatch and receipt of electronic record which may be
taken as jurisprudence issues. In the case of India TV Independent News Service Pvt. Limited
v. India Broadcast Live LLC & Ors.15the court applied the effect test of USA Court. The case is
related to the launching of leading TV channels “INDIATV” in March 2004. As per the plain ff
the mark was adopted since 01.12.2002 and they applied for registra on of the same mark
on 22.01.2004. The mark was published in 2006 without any objec on within the s pulated
period. During the search on internet plain ff discovered the website. Plain ff filed a suit
against defendant for permanently restraining the defendant form the use of the mark. The
Defendant ques oned the jurisdic on of the court as they claimed that they were American
en es and don’t reside or work for gain in India. Realising the incompetency of the tradi onal
jurisdic onal rules due to outside Indian territorial jurisdic on the court referred to
jurisdic on rule of the USA court. Further, in the case of Banyan Tree Holding (P) Limited v.
A. Murali Krishna Reddy - the Plain ff Company involved in hospitality industry had registered
office at Singapore and defendants were from Hyderabad. It adopted the mark “Banyan Tree”
and Banyan tree as device and maintain website,since1996.The Banyan tree was not a
registered mark as per the law of the land as the applica on was pending for registra on.
Defendant ini ated the project by the name “Banyan Tree Retreat” and adver sed on website.
Plain ff filed case with Delhi High Court alleging dishonesty on part of the defendant. The
court raised some important ques ons and replied it applying the jurisdic on rules of the USA
court. The case of Super Casse es Industries ltd. v. Myspace Inc. & another, is related to
copyright issues, cyber law and interna onal jurisdic on. The plain ff filed the suit for
restraining infringement of copyright, damages etc. through website of Myspace having base
at US. Defendant Myspace raised the jurisdic onal objec on on the ground that: (1) The
defendant is residing and carrying on business outside the jurisdic on of this court i.e., USA,
(2) The cause of ac on has not occurred within the territorial jurisdic on of Indian court. The
Court in the case discussed jurisdic on rules of Copyright Act and the Code in detail. The Court
emphasising on Sec on 62 of the Copyright Act held that the specific jurisdic onal provision
is plain ff centric and due to non obstante clause it will operate in addi ons to what has been
provided in the Code. This is to be treated as an addi onal ground above the normal grounds
laid down in Sec on 20 of the Code of Civil Procedure. The opera on of the rule under Sec on
20 CPC is not absolute and is subjected to the municipal law. If municipal law provides
otherwise or overrides the Private Interna onal Law principles, then the municipal law will
prevail. In the given case the Code of Civil Procedure rules are overridden by the Copyright
Act 1957 rules on jurisdic on. Delibera ng on the jurisdic on ground of ‘torts’, the Court held
that the commission of the tort is in India. The website of the defendants was engaged in
providing the online business worldwide including India. The tort or civil wrong is caused in
India as the act of downloading of copyrighted songs has occurred in India without the
permission of the plain ff. In case where the work is uploaded by the user on the foreign
server, the ini a on of the tort or part of the same has occurred in India as the infringing work
without the authority of the plain ff is communicated to the defendant with a limited licence
to further modify and communicate further. The said commission of the acts or the part of
the overt acts cons tutes the part of cause of ac on within the meaning of Sec on 20 (c) of
the Code of Civil Procedure and therefore the court have jurisdic on even on the basis of the
cause of ac on clause of CPC.
Apart of IT Act 2000, there are other relevant legisla on under Indian laws that gives the
authority to India Courts to adjudicate the ma ers related to cyber-crimes such as:
Contract
Tradi onally in case of contract the par es enjoy the autonomy of having op on to make
choice of court agreement rela ng to the future contractual disputes. The same autonomy is
applicable in the case of online contracts also. It is established principle that where more than
one court have jurisdic on in a certain ma er, the agreement between the par es to confer
jurisdic on only on one, to the exclusion of the other is valid and cannot be considered
contrary to law. The same rule is applied to cases involving foreign elements. The Court in the
case of Hakam Singh v. Gammo (India) Ltd. laid down two important condi ons for the
applica on of autonomy to decide the jurisdic on of the court. 1. first, the Court selected by
the common consent should have inherent jurisdic on
, 2. second, more than one court should have the jurisdic on so that the choice of forum
agreement can be exercised. However in case where the par es have not selected or applied
their autonomy regarding the jurisdic on of the court then jurisdic on can be fixed on the
basis “cause of ac on”.
The” cause of ac on” arises in the following places:
1. The place of forma on of contract i.e., where the contract has been entered;
2. The place of performance i.e., where the contract is performed or is required to be
performed as per the terms of contract;
3.The place where, the considera on is made
Jurisdic on Based on Code of Civil Procedure, 1908
The concept of jurisdic on can be understood in a be er way with reference to sec on 15 to
20 of code of civil procedure (1908), which talks about the place of suing or the subject ma er
jurisdic on and sec on 20 of this code specifically speaks about any other category of suit
which is not covered in sec on 15 to 19 of the code. Sec on 20 serves important ingredients
for the purpose of ins tu on of other suit in a court within the local limits of whose
jurisdic on' the defendant or each of the defendants resides, or carries on business, or
personally works for gain at the me of the commencement of suit. Any of the defendants,
where there are more than one defendant resides, or carries on business, or personally works
for gain at the me of the commencement of suit provided that in such cases either the leave
of the court is given, or the defendants who do not reside, or carry on business, or personally
works for gain, as aforesaid, acquiesce in such ins tu on or, the cause of ac on wholly or
par ally arises. However, this sec on doesn't seem to be fit in virtual world. The issue with
the cyber space jurisdic on is the presence of mul ple par es across various part of the globe
who only have virtual connec ons among them therefore we cannot have a clear idea about
the par es and the place of suing so that the jurisdic on of the court could be determined to
try such cases. In all civil ma ers, the Code of Civil Procedure (CPC), 1908, basically formulates
the Indian approach to jurisdic on. Under CPC, one or more courts may have jurisdic on to
deal with a subject ma er having regard to the loca on of immovable property, place of
residence or work of a defendant or place where cause of ac on has arisen. Where only one
court has a jurisdic on, it is said to have exclusive jurisdic on; where more courts than one
has jurisdic on over a subject ma er, they are called courts of available or natural jurisdic on.
The jurisdic on of the courts to try all suits of civil nature is very expansive as is evident from
the provisions of CPC.
Basis of Jurisdic on
1.Pecuniary
2.Subject-ma er
3.Territory and
4.Cause of ac on
In Casio India Co. Ltd. v. Ashita Tele Systems Pvt. Ltd., the plain ff was aggrieved by the
registra on of the domain name www.casioindia.com by the defendant with its registered
office in Mumbai. It filed a suit for trademark infringement in the Delhi High Court under the
relevant provisions of the trademarks Act, 1999 along with an interim injunc on applica on
under Order 39 Rule 1 &2 CPC, 1908. On the issue of territorial jurisdic on, the defendant
contended that it carried on business in Mumbai only and no cause of ac on arose in Delhi.
The plain ff, however, averred that the website could be accessed from Delhi also. A er
referring to Gutnick, Jus ce Sarin observed that “once access to the impugned domain name
website could be has from anywhere else, the jurisdic on in such ma ers cannot be confined
to the territorial limits of the residence of the defendants.” Hence, it was held that ‘the fact
that the website of the 2qwdefendant can be access from Delhi is sufficient to invoke the
territorial jurisdic on of this court.’ In Satya v. Teja Singh, the Supreme Court held that “every
case which comes before an Indian court must be decided in accordance with Indian law. It is
another ma er that the Indian conflict of laws may require that the law of a foreign country
ought to be applied in a given situa on for deciding a case, which contains a foreign element.
Such recogni on is accorded not as an act of courtesy, but on considera ons of jus ce. It is
implicit in that process that a foreign law must not offend our public policy.”
Jurisdic on based on the Criminal Procedure Code, 1973
The Criminal Procedure Code and Informa on Technology Act 2000 resolve the jurisdic onal
issue in case of Cyber Crimes in India. Sec on 1(2) of the IT Act refers to the concept of
extraterritorial applica on of the Act by sta ng that it is extended to whole of India and
applies to any offence or contraven on commi ed outside India by any person. na onality of
the offender is not an issue for the applica on of IT Act. Sec on 75 further clarifies that the
jurisdic on extends to any offence or contraven on commi ed outside India by any person
irrespec ve of his na onality provided the act or conduct cons tute offence or contraven on
involving a computer, computer system or computer network located in India. Therefore, the
effect principle of jurisdic on has been accepted for the jurisdic on of court. Further, the
Criminal Procedure Code under Sec on 177 to 189 deals with the jurisdic on of Court.
Sec on 177 lays down that the offence will be tried down by the Court within whose local
jurisdic on the offence was commi ed. If the offence is a con nuing one or commi ed in
parts in different territory, as per Sec on 178 the Court having the jurisdic on over any of
such local area can entertain the trail. Sec on 179 lays down the principle that the jurisdic on
of Court where offence is commi ed or consequence is ensued. Following it Sec on 182
requires that any offence of chea ng by means of telecommunica on be tried into any court
whose local jurisdic on such message were sent or received. In case of the offender commits
the crime beyond local jurisdic on but resides within the local jurisdic on, then within the
jurisdic on of local court where he resides may inquire into the offence as if it is commi ed
in the local area. Sec on 188 incorporate the na onality principle of jurisdic on as it provides
that if a ci zen of India outside the country commits the offence, the same is subject to the
jurisdic on of court in India. However the court can apply the jurisdic on in the above case
only if the offender is brought within the territory of the State. ii
• The Cr.P.C. lays down that the ordinary place of trial and inquiry is the court in whose
jurisdic on the crime has been commi ed. However, the subsequent provisions of the Cr.P.C.
dilute the strict necessity of territorial jurisdic on.
• The place of commission of an offence is uncertain, the offence is con nuing or it has been
commi ed partly in one and partly in another or it is several acts in several places, a court
having jurisdic on in any place may try the case.
• An offence can be tried where the consequence ensues. These provisions are very relevant
with regard to computer offences, in which the place of commission is very difficult to locate.
• In case of offence by le ers or telecom messages, jurisdic on lay with the court where the
message was sent or received. Thus, this provision shall be resorted to in case of offences
involving an e-mail. • Further the Cr.P,C. provides that no sentence or order of a criminal court
can be set aside for wrong Sec on 179 deals with the consequences of crime in Indian
territory. Sec on 188 of CrPC 1973 provides that even if a ci zen of India outside the country
commits the offence, the same is subject to the jurisdic on of courts in India.
Jurisdic on under IPC, 1860 Sec. 3. Punishment of offences commi ed beyond, but which
by law may be tried within, India. —Any person liable, by any [Indian law] to be tried for an
offence commi ed beyond [India] shall be dealt with according to the provisions of this Code
for any act commi ed beyond [India] in the same manner as if such act had been commi ed
within [India].
Sec.4Extension of Code to extra-territorial offences. The provisions of this Code apply also
to any offence commi ed by:
(1) any ci zen of India in any place without and beyond India;
(2) any person on any ship or aircra registered in India wherever it may be.
3) any person in any place without and beyond India commi ng offence targe ng a
computer resource located in India.
Discussion reflects that the jurisdic on issues are comprehensively dealt by the Informa on
Technology Act and Criminal Procedure Code. The jurisdic on of the court in case of
cybercrime commi ed by out state offender having impact within the territory of local court
is not useful ll the me offender is not within the jurisdic on of any local court. In such cases
the extradi on is the op on to bring the offender within the territory of India. Though
presently there is no Universal Conven on on Extradi on and therefore, in the absence of it,
extradi on is facilitated between States by bilateral agreement.
Relevant cases laws:
SIL Import v. Exim Aides Silk Importers In this case the court successfully highlighted the need
of interpreta on of the statute by judiciary in the light of technological advancement that has
occurred so far Un l there is specific legisla on in regard to the jurisdic on of the Indian
Courts with respect to Internet disputes, or unless India is a signatory to an Interna onal
Treaty under which the jurisdic on of the na onal courts and circumstances under which
they can be exercised are spelt out, the Indian courts will have to give a wide interpreta on
to the exis ng statutes, for exercising Internet disputes.
Impresario Entertainment & Hospitality Pvt. Ltd. vs S&D Hospitality Facts – in this case the
plain ff's company offers restaurant services which has its registered office in Mumbai and is
carrying its business in New Delhi and a restaurant under the name and style of 'SOCIAL' which
it has trademark and has various branches as well. The plain ff came to know about the
defendant's restaurant in Hyderabad under the name 'SOCIAL MONKEY. Also, it has a popular
beverage by the name A GAME OF SLING and the defendant has named a beverage as
Hyderabad Sling which is iden cal or decep vely similar to the plain ff's beverage. Both these
outlets had entered into contract with websites like Zomato and Dine Out and so the
informa on of both, along with menu and contact info was made available on the websites of
Zomato and Dine Out. Therefore, issue before the Delhi High Court was whether it had the
jurisdic on to adjudicate upon the ma er? The Hon'ble Court also observed that for the
purposes of a passing off or an infringement ac on (where the plain ff is not located within
the jurisdic on of the court), the injury on the plain ff’s business, goodwill or reputa on
within the forum state as a result of the Defendant's website being accessed in the forum state
would must be shown. Therefore, the court held that mere interac vity of the website in the
forum State did not a ract its jurisdic on. Earlier similar view was given in the case of Banyan
Tree Holding (P) Limited v. A. Murali Reddy and Anr wherein the court held that a passive
website, with no inten on to specifically target audiences outside the State where the host of
the website is located, cannot vest the forum court with jurisdic on.
Some other Case Laws in regards to problems associated with Jurisdiction
The issue of jurisdiction has been the most discussed and has been a point of convergence of
the entire globe. Without a particular lawful system for the internet, much dependence is set
on legal declarations of different nations that have built up the idea of ‘Internet Jurisdiction’.
International Shoe Co. V. Washington
The Washington state ordered an expense on organizations working together there that
worked as a required commitment to its Unemployment Compensation Fund, which was
expressed to have been applied to the Plaintiff. The US Courtroom held that the court can
practice its jurisdiction over non-occupant respondents if certain ‘base contacts’ with party
states exist to such an extent that the upkeep of the suit doesn’t affront conventional ideas
of reasonable play and generous equity.’
This hypothesis was additionally restricted to ‘purposeful ailment of the litigant to the
discussion state. The forum court may practice its jurisdiction over a non-inhabitant
Respondent/Litigants not actually present where a supposed injury emerges out of or
identifies with activities by the Defendant himself that are ‘deliberately coordinated’ towards
inhabitants of the party-state. It was held that ‘deliberate availment’ would not result from
‘irregular’ or ‘serendipitous’ contacts by the defendant in the forum state.
Nonetheless, a legitimate analysis of nature and quality of business exercises of a site
regarding deciding the jurisdiction was considered in Zippo Manufacturing Co. v. Zippo Dot
Com, Inc which presented ‘sliding scale examinations depending on passive, dynamic, and
intelligent sites.
Court saw that simple detached sites don’t frame individual jurisdiction; however, those sites
that empower parties of discussion state to go into contracts examining business with the
gathering state may give individual jurisdiction.
Further, jurisdiction on the impact of online connection in the forum state was advanced by
the Supreme Court in Calder v. Jones. The impact test is applied in cases with inadequate
intelligence or least contacts however where activity is focused at a specific party. In the
Internet setting, the impact test can be utilized to analyse the specific idea of a Defendant’s
Internet exercises to decide if its out-of-state activities were aimed at parties or substances
inside the forum state.
Further in Calder v. Jones, it was held that “deliberate heading requires a purposeful activity
that was explicitly focused on the party-state, with information that the brunt of the injury
would be felt in the forum state. In the event that a court tracks down a Defendant’s activities
fulfilling the guideline of deliberate heading, individual jurisdiction might be declared
dependent on Internet activities that don’t meet the essential degree of intelligence or least
contacts required for different trials of individual jurisdiction in Internet cases.”
The principal case to contemplate over the Internet jurisdiction was Casio India Co. V Ashita
Tele Systems Pvt. Ltd , where the court passed a directive against Defendant from utilizing
the site www.casioindia.com in light of the way that the site of Defendant is available in Delhi,
which is adequate to summon the regional jurisdiction of this Court.
The High Court of Delhi held that the simple capacity to get to the site gave the court regional
ward to settle on the current matter. In 2007, the Delhi High Court emphasized the US courts
property that, where the site is an intuitive one, having the objective crowd in somewhere
else, the court of those spots has the locale of debate emerging from that site exercises,
independent of the spot of respondents.
Indian Position on this issue was made very clear by the Delhi High Court on account
of Banyan Tree Holding (P) Limited v. A. Murali Krishna Reddy and Anr. The most fascinating
reality of the case was that both the parties to the case were not arranged inside the regional
jurisdiction of the court yet the sites of both the parties were available in Delhi.
The court’s view transformed from the Casio case and saw that the simple availability of a site
in Delhi isn’t adequate to incite ward by the Delhi Court. It repeated US case laws and held
that ‘The offended party needs to show Defendant’s ‘deliberate ailment coordinated towards
the discussion state, demonstrating that the utilization of site was with the expectation of
business exchange with the site client which prompts a harm or injury to the offended party.’
The High Court of Delhi got the position free from deciding Internet jurisdiction in World
Wrestling Entertainment, Inc. versus M/s. Reshma Collection & Ors , where it was initially
held that the simple availability of the site in a party state which ‘requests’ its business,
through which Defendant’s goods and administrations are sold, is sufficient to raise reason
for activity and in deciding the individual jurisdiction in Delhi.
The equivalent was emphasized in Choice Hotels International Inc. v. M. Sanjay Kumar and
Ors by the single appointed authority seat in the High Court of Delhi. The issue of Internet
jurisdiction has been testing a result of the association in various areas. Be that as it may,
Indian Courts have certainly invented the Internet jurisdiction with a wide viewpoint by
alluding to different case laws internationally.
Through investigation of plenty of case laws, we can see that Indian Courts have very much
combined the key laws of the jurisdiction, for example, Section 19 and 20 of CPC, in deciding
the Internet jurisdiction. It can likewise be noticed that the simple presence of a site is
adequate to summon jurisdiction despite the fact that the site has been utilized distinctly to
request organizations at a specific spot, in this way, generally perceiving the impact test as
spread out by the US Court in Calder case.
In any case, the act of observing just priority on case laws, without having particular rules or
laws will make these hypotheses of deciding jurisdiction powerless.
Interna onal Posi on Of Internet Jurisdic on Cases in Cyber Jurisdic on
The internet today is making a complete mockery of the law…. not just the tradi onal laws
but even the so-called modern laws. The very basis of any jus ce delivery system, the
jurisdic on, which gives powers to a par cular court to accommodate a par cular case, is
itself being threatened over the internet; leave alone the other tradi onal laws.
Stand of the USA.
The USA recognises two different forms of personal jurisdic on known as “General
Jurisdic on” an “Specific Jurisdic on”. The Courts under the General jurisdic on adjudicate
any claim against defendant related to claims linked with the forum State. Tradi onally
speaking, the US Cons tu on requires minimum contacts between a poten al defendant and
the forum State. The two cons tu onal tests regarding asser ng jurisdic on over a foreign
defendant were laid down in Interna onal Shoe Co. V. Washington. In tort ma ers, the lex
loci delic , the rule that the place in which injury occurred is place of suing; was followed,
but now the ever-expanding boundaries of the Internet have, both in civil and criminal
ma ers, exposed the defendant to universal jurisdic on. In the minimum contacts rule if the
ac on is against a person in personam, then the minimum contact must apply to the
defendant and if the ac on is against a thing in rem, then the minimum contacts must apply
to that thing. In rem, jurisdic on might apply to the asser on of claims for jurisdic on based
on e-mail storage box or stored file that is located on a computer server in the forum
jurisdic on. The minimum contacts jurisdic on has been based on domicile and consent.
However, domicile is not affected by the internet and the transac ons that pass through the
internet. In internet transac ons the minimum contact test is met by establishing the Internet
related ac ons which are but certain electronic transmission to decide whether there are
sufficient minimum contacts before a par cular court to assert jurisdic on. Thus, in the US,
the courts have taken electronic transmission into or other electronic connec ons with the
forum jurisdic on as the basis of jurisdic on but some courts have found that using an
electronic network does not subject the user to jurisdic on everywhere. The crucial issue of
applicability of personal jurisdic on to Internet ac vi es is where the judiciary opined that
mere availability of a website is not enough to establish minimum contact so as to exercise
jurisdic on over it. Other contacts in the forum State must also be established before jus fied
jurisdic on is exercised, held in Hoarst Corp. V. Goldberger 1997 US Dist. LEXIS 2065(SDNY)
The sliding- scale approach is comprehensively and formally stated in Zippo Manufacturing
Co. Zippo.Com Inc 952 F supp 1119(WD Pa 1997) Apart from sliding scale theory,
determina on of jurisdic on also takes place with the aid of effects test also known as Calder
Effect Test, propounded by the US Supreme Court in Calder v Jones, in which it was held that
jurisdic on can be premised on the inten onal conduct of the defendant outside the forum
state that is calculated to cause injury to the plain ff within the forum State. This test was
applied for online ac vity was enough to establish jurisdic on as the defendant knew that his
act will cause injury to the plain ff in the forum State where the plain ff corpora on had its
principal place of business and thus, fulfilled the requirement of “purposeful availment”. The
test was more elaborately applied in Yahoo! Inc. v. La Ligue Contre Le Racisme, in which the
court held that jurisdic on could be exercised in California over French civil rights groups
under French hate laws. Out of two approaches, the sliding-scale theory is mainly helpful in
resolving the disputes which are mainly in the area of commercial ac vi es, copyright or
trademark infringements, or in intellectual property cases. The effects test is mainly useful in
criminal ma ers. here at least three jurisdic ons are involved and who shall try him? The
dilemma was described very appropriately by La Forest, J., in Liebman v. The Queen, in
following words: “one is to assume that the jurisdic on lies in the country where the crime is
planned or ini ated. Other possibili es include the impact of the offence is felt, where it is
ini ated, where it is completed or again where the gravamen or the essen al element of the
offence took place. It is also possible to maintain that any country where any substan al or
any part of the chain of events cons tu ng an offence takes place may take jurisdic on. In
Burger King Corp. v., it was held that the exercise or personal jurisdic on over an out of state
defendant must comport with cons tu onal due process. In Doe v. Unocal Corp., it was held
that when an exercise of personal jurisdic on is challenged, the burden is on the plain ff to
demonstrate why the exercise of jurisdic on is proper. In Ballard v. Savage, it was held that
the plain ff can sa sfy this burden of proof by showing the following things: the defendant
purposefully availed itself of the privilege of conduc ng ac vi es in the forum state by
invoking the benefits and protec ons of the forum state’s laws;
Jurisdic on on the Basis of Online Contract
Online contracts come with ‘terms of service’ agreements and disclaimers. These
agreements impose restric ons on the users regarding the choice of law and forum selec on.
In Bremen v. Zapata Off-Shore Co., the judicial view arrived was that “such clauses (forum
selec on) are prima facie valid and should be enforced unless enforcement is shown by the
resis ng party to be ‘unreasonable’ under the circumstances.” This rule applies, under the
federal law, both if the clause was a result of nego a on between two business en es, and
if it is contained in a form of contract that a business presents to an individual on a take-itor-leave-it basis
Forum Selec on Clauses: Click-trap Contracts
It makes a good legal sense for the online service providers to limit their exposure to one
jurisdic on only. Defending lawsuits at mul ple loca ons could be both expensive and
frustra ng. Thus, the online service provider has no other choice but to subject themselves
to only one set of forum and applicable laws only. The user has no other choice, but to accept
the service provider’s ‘terms of service’ condi ons by clicking an on-screen bu on that says
“I Agree”, “I Accept” or “Yes”. In Steven J Caspi et al v. The Microso Network, L.L.C., et al.,
the user could not use Microso Network unless she clicked the “I agree” bu on next to a
scrollable window containing the terms of use. Each plain ff clicked the “I agree” bu on to
use Microso Network, indica ng their assent to be bound by the terms of the subscriber
agreement and thus forming a valid licence agreement. The Superior Court of New Jersey
held that the forum selec on clause contained in Microso Network subscriber agreements
was enforceable and valid.
Jurisdic on Based on Loca on of a Web Server
Asser ng personal jurisdic on based on the defendant’s use of IT infrastructure of a service
provider, located in the forum state, to host its website may also compel the forum state to
exercise its jurisdic on over such defendant. In Jewish Defence Organiza on, Inc. v. Superior
Court, the plain ff brought an ac on for defama on in a California court. Defendant’s only
relevant contacts with California consisted of contrac ng with Internet service providers,
“located in California,” to host a website which they maintained form their residence in New
York. The court concluded that the defendant’s conduct of contrac ng, via computer, with
Internet service providers, which may be California corpora ons or which may maintain
offices or databases in California, is insufficient to cons tute ‘purposeful availment. But in
3DO Co. v. Poptop So ware Inc., the court found it relevant that “defendants use a San
Francisco-based company as a server to operate a website that distributes allegedly infringing
copies of so ware.” The European approach to personal jurisdic on in cross- border dispute
is rather different from the American approach. The rules determining which country’s courts
have jurisdic on over a defendant are set out in a regula on issued by the Council of the
European Union, known as the ‘Brussels Regula on’. This new regula on is an update of a
1968 treaty among European countries, known as the Brussels Conven on on Jurisdic on and
the Enforcement of Judgments in Civil and Commercial ma ers.
Brussels Regula on
The Brussels Regula on, which became effec ve on March 1, 2002, (The Regula on on
Jurisdic on and the Recogni on and Enforcement of Judgments in Civil and Commercial
ma ers and online commercial disputes) replaces Brussels Conven on of 1968. It is
applicable to all European Council countries except Denmark, which will con nue to follow
the rules of the Brussels Conven on and the EFTA countries (Iceland, Liechtenstein, Norway,
Switzerland and Poland), where rules of the 1988 Lugano Conven on will be applicable.
Applicability of Brussels Regula on in Online Environment
Brussels Regula on sets the rule of jurisdic on: “subject to the provisions of this Regula on,
persons domiciled in a Contrac ng State shall, whatever their na onality, be sued in the
courts of that State”. Further, a person domiciled in a Contrac ng State may, in another
Contrac ng State, be sued ‘in ma ers rela ng to contract, in the courts for the place of
performance of the obliga on in ques on’. Further, the domicile of a company or other
associa on (including a partnership) is where it has its statutory seat (i.e., its registered
office), its central administra on or its principal place of business. From the point of
promo ons and sale, the Regula on says that the consumer may sue at home if the trader
pursues commercial ac vi es in the Member State of the consumer’s domicile or, by any
means, directs such ac vi es to that Member State
India and interna onal conven on over cyber jurisdic on:
Conven on on Cyber-crime, 2001 also known as the Budapest Conven on, is the first
interna onal treaty which discusses about the Internet and cybercrime by considering
na onal laws, increasing coopera on among na ons and improving inves ga ve techniques
The Conven on on Cyber-crime was opened at Budapest on 23rd November, 2001 for
signatures. It was signed by the Council of Europe in Strasbourg, France, Canada, Japan,
Philippines, South Africa and the United States. However, countries like India and Brazil have
declined to adopt the Conven on on the grounds that they didn't par cipate in its dra ing
but due to increasing incident of cyber-crimes India has been reconsidering its stand on the
conven on since 2018. It was the first ever-interna onal treaty on criminal offences
commi ed against or with the help of computer networks such as the Internet. The
Conven on deals in par cular with offences related to infringement of copyright, computerrelated fraud, child pornography and offences connected with security. It also covers a series
of procedural powers such as searches of and intercep on of material on computer networks.
Its main aim is to pursue “a common criminal policy aimed at the protec on of society against
cyber-crime, inter alia by adop ng appropriate legisla on and fostering interna onal coopera on.”
Ar cle 22 The Conven on on Cyber Crime, 2001 allows the country to have jurisdic on if
the cyber crime is commi ed: In its territory; On board a ship flying the flag of the country;
On board an aircra registered under the laws of the country By one of the countries
na onals, if the offence is punishable under criminal law where it was commi ed or if the
offence is commi ed outside the territorial jurisdic on of any State India is s ll not a signatory
to the Cyber Crime Conven on and the bilateral extradi on trea es, which it has signed with
around 50 countries so far, do not men on ‘cyber-crime’ as extraditable offences. But it may
not deter the Indian government from gran ng extradi on, as it was held in Rambabu Saxena
v. State, that “if the treaty does not enlist a par cular offence for which extradi on was
sought, but authorizes the Indian government to grant extradi on for some addi onal
offences by inser ng a general clause to this effect, extradi on may s ll be granted.”
United Na ons Conven on against Transna onal Organized Crime
(UNTOC): UNTOC is also known as the Palermo Conven on
This treaty was adopted by resolu on of the UN General Assembly in November 2000. India
being a signatory to this joined in 2002. UNTOC is also known as the Palermo Conven on,
under this the state par es are obliged to enact domes c criminal offences that target
organised criminal groups and to adopt new frameworks for extradi on, mutual legal
assistance, and law enforcement coopera on. Although the treaty does not explicitly address
cyber-crime, its provisions are highly relevant. In pursuant to this treaty Indian Parliament
enacted the Informa on Technology Act 2000.
Rome Conven on
To resolve cross-border consumer contractual disputes, the EU Member States became
signatories to the Rome Conven on, 1980. It decides which country law would applies in
contractual disputes. The Conven on gave freedom of choice to the contrac ng par es, as it
states that “a contract shall be governed by the law chosen by the par es. The choice must
be express or demonstrated with reasonably certainty.” It further states that “the mandatory
rules of the consumer’s country of habitual residence will always apply whatever choice of
law is made.”
Cyber law encompasses laws rela ng to:
Cyber crimes
Electronic and digital signatures
Intellectual property
Data protec on and privacy
Cyber space includes computers, networks, so ware, data storage devices(such as hard disks,
USB disks etc), the internet, websites, emails and even electronic devices such as cell phones,
ATM machines etc.
Cyber Crime
Any crime with the help of computer and telecommunica on technology.
Any crime where either the computer is used as an object or subject.
Categories of Cyber Crime
1. Cybercrimes against persons
2. Cybercrimes against property
3. Cybercrimes against government
1. Against a Person
Cyber stalking
Impersona on
Loss of Privacy
Transmission of Obscene Material
Harassment with the use of computer
2. Against Property
Unauthorized Computer Trespassing
Computer vandalism
Transmission of harmful programmes
Siphoning of funds from financial ins tu ons
Stealing secret informa on & data
Copyright
3. Against Government
Hacking of Government websites
Cyber Extor on
Cyber Terrorism
Computer Viruses
Some Other Crimes
Logic Bombs
Spamming
Virus, worms, Trojan Horse
E-Mail Bombing
E-Mail abuse etc.
Cyber-crimes against individuals
The following are some of the main cyber-crimes commi ed targe ng individuals.
Cyberbullying
The term cyberbullying is not defined under any Indian law. in general cyberbullying refers to
bullying someone by threatening, harassing or embarrassing the vic m using technology
digital device. Generally, cyberbullying includes the following ac vi es on the internet:
Humilia ng/embarrassing content posted online about the vic m of online bullying, hacking
social media accounts Pos ng vulgar messages on social media Threatening the vic m to
commit any violent ac vity Child pornography or threatening someone with child
pornography In India, a whopping amount of almost 85% of children experiences
cyberbullying. There are no specific provisions that deal with cyberbullying. Sec on 67 of the
IT Act is the closest legal provision rela ng to cyberbullying. It penalises anyone who transmits
obscene materials in electronic form. The punishment for such transmission is imprisonment
for a term which may extend to 5 years and a fine which may extend to ten lakh rupees.
Also, Sec on 66E of the IT Act provides the punishment for viola ng any person’s privacy
through the internet. Under this sec on, any person who inten onally violates anyone’s
privacy by transmi ng, capturing or publishing private pictures of others shall be punished
with imprisonment up to three years imprisonment or a fine of up to 3 lakhs.
Further, Sec on 507 of IPC provides that any person who threatens anyone through
anonymous communica on shall be punished with imprisonment for up to 2 years.
One of the prime cases in which cyberbullying was discussed was Shreya Singhal v. Union of
India (2015). In this case, the Hon’ble Supreme Court struck down Sec on 66A of the IT Act.
The said Sec on dealt with the transmission of objec onable messages via a computer
resource. The court held that the said Sec on was a viola on of Ar cle 19(1)(a) of the Indian
Cons tu on, which deals with ci zens’ right to freedom of speech and expression. The court
further held that other legal provisions like Sec ons 66B and 67C of the IT Act and several
Sec ons of the IPC were sufficient enough to deal with cyberbullying.
Cyberstalking
Browsing anyone’s internet history or online ac vity, and sending obscene content online with
the help of any social media, so ware, applica on, etc. to know about that par cular person
is called cyberstalking. Cyberstalks take advantage of the inconspicuousness provided by the
internet.; once the stalker deletes the account, his/ her iden ty completely vanishes.
In India, in the year 2020, the state of U ar Pradesh witnessed the highest number of
cyberstalking incidents against women and children, with around 11 thousand registered
cases. Sec on 67 of the IT Act punishes cyber stalkers who send, cause to send, or publish
obscene posts or content on electronic media with imprisonment of up to 3 years and a fine.
Sec on 354D of IPC deals with stalking. But it is relevant to cyberstalking as well. Under the
Sec on, any cyber stalker is punishable with imprisonment up to 3 years and a fine.
Cyber defama on
Cyber defama on means injuring the other person’s reputa on via the internet through social
media, Emails etc. There are two types of Cyber defama on: libel and slander.
Libel: It refers to any defamatory statement which is in wri en form. For instance, wri ng
defamatory comments on posts, forwarding defamatory messages on social media groups,
etc. are a part of cyber defama on in the form of libel.
Slander: It refers to any defamatory statement published in oral form. For instance, uploading
videos defaming someone on YouTube is a part of cyber defama on in the form of slander.
Punishment for Cyber defama on is provided under Sec on 67 of the IT Act; whoever
publishes or transmits a defamatory statement about a person shall be punished with 2 years’
imprisonment and a fine up to ₹25000.
Phishing
Phishing refers to the fraudulent prac ce of sending emails under the pretext of reputable
companies to induce individuals to reveal personal informa on, such as passwords, credit card
numbers, etc., online. Phishing refers to the impersona on of a legi mate person and
fraudulently stealing someone’s data. Through phishing a acks, cybercriminals not only
exploit innocent individuals but also spoil the reputa on of well-known companies.
Sec on 66C of the IT Act penalises any offender commi ng phishing-related ac vi es. It
provides that anyone who fraudulently uses an electronic signature, password or any other
unique iden fica on feature of any other person is punishable with imprisonment of up to 3
years and a fine of up to rupees one lakh.
Cyber fraud
cyber fraud refers to any act of fraud commi ed with the use of a computer. Any person who
dishonestly uses the internet to illegal deceive people and gets personal data, communica on,
etc. with a mo ve to make money is called a cyber fraud.
Examples of cyber fraud include sending emails containing fake invoices, sending fake emails
from email addresses similar to the official ones, etc.
There is no specifica on for cyber fraud. But Sec on 420 of IPC which deals with chea ng
applies to cyber fraud also. Punishment for cyber fraud under Sec on 420 of IPC is
imprisonment of up to 7 years with a fine.
Cyber the
the unauthorized access of personal or other informa on of people by using the internet. The
main mo ve of the cyber criminals who commit cyber the is to gather confiden al data like
passwords, images, phone numbers, etc. and use it as leverage to demand a lumpsum amount
of money. The unauthorized transmission of copyrighted materials, trademarks, etc. over the
internet is also a part of cyber the . Cyber the s are commi ed through various means, like
hacking, email/ SMS spoofing, etc.
Yahoo!, Inc. v. Akash Arora (1999), which was one of the ini al cases related to cyber the in
India. In this case, the defendant was accused of using the trademark or domain name
‘yahooindia.com,’. The Court ordered a permanent injunc on under Order 39 Rules 1 & 2 CPC
in this case.
Under the IT Act, data the is defined under Sec on 43(b) as downloading, copying, or
extrac ng any data, computer database or informa on from such computer, system, or
network without the permission of its owner. Punishment for cyber the (specifically, iden ty
the ) is provided under Sec on 66C of the IT Act. The punishment for the same is
imprisonment of up to 3 years and/or up to Rs 2 lakh fine.
Spyware
Spyware is a type of malware or malicious so ware, when it is installed, it starts accessing and
compu ng the other person’s device without the end user’s knowledge. The primary goal of
this so ware is to steal credit card numbers, passwords, One-Time Passwords (OTPs), etc.
Punishment for spyware is provided under Sec on 43 of the IT Act. It states that if any person
damages the computer, system, etc. of any other person without his/ her permission, he/ she
shall be liable to pay damages by way of compensa on to the person so affected.
Cyber-crimes against organiza ons
cyber-a acking large companies or organisa ons can help them get their hands on extremely
confiden al data of both private and public ins tu ons or en es. Cyber-a acks on
organiza ons are generally launched on a large scale to get a lump sum amount of ransom.
Since such a acks dras cally damage the companies’ daily opera ons, most companies try to
resolve them as fast as possible. The following are the kinds of cyber-crimes launched
targe ng organiza ons.
A acks by virus
A computer virus is a kind of malware which connects itself to another computer program and
can replicate and expand when any person a empts to run it on their computer system. For
example, the opening of unknown a achments received from malicious emails may lead to
the automa c installa on of the virus on the system in which it is opened. These viruses are
extremely dangerous, as they can steal or destroy computer data, crash computer systems,
etc. The a ackers’ program such malicious viruses to get hold of organisa ons’ official or
confiden al data. The illegally retrieved data is then used as leverage to extort ransom from
the organisa ons.
There are no specific provisions as to virus a acks in India. Nevertheless, Sec on 383 of IPC,
which deals with extor on, is applicable to virus a acks. The Sec on states that whoever
inten onally puts any person in fear of any injury to him or anyone else, and dishonestly
induces the person so put in fear to deliver to any property or valuable security, or anything
signed or sealed which may be converted into a valuable security, commits ‘Extor on’. The
punishment for extor on under Sec on 384 of IPC is imprisonment for up to 3 years, or fine,
or both.
Salami a ack
It is one of the tac cs to steal money, which means the hacker steals the money in small
amounts. The damage done is so minor that it is unno ced. Generally, there are two types of
Salami a acks- Salami slicing and Penny shaving. In Salami slicing, the a acker uses an online
database to obtain customer informa on, such as bank/credit card details. Over me, the
a acker deducts insignificant amounts from each account. These sums naturally add up to
large sums of money taken from the joint accounts invisibly.
Any person convicted of a Salami a ack shall be punished under Sec on 66 IT Act with
imprisonment up to 3years or a fine up to 5 lakhs or maybe both
Web Jacking
Web Jacking refers to the illegal redirec on of a user’s browser from a trusted domain’s page
to a fake domain without the user’s consent. By using the method of Web Jacking, people
visi ng any well-known or reliable website can be easily redirected to bogus websites, which
in turn lead to the installa on of malware, leak of personal data, etc. Web jackers intend to
illegally collect confiden al informa on of users by en cing them to click on any link which
may seem genuine at the first glance.
There are no specific provisions dealing with web jacking under any Indian law. However, it
can be punished under Sec on 383 of IPC, which primarily deals with extor on. The
punishment for web jacking under Sec on 383 of IPC is imprisonment of up to 3 years or with
a fine, or both.
Denial of Service A ack
Denial of Service A ack or DoS, is a cyber-a ack on computer devices or systems, preven ng
the legal users or accessors of the system from accessing them. The a ackers generally a ack
systems in such a manner by trafficking the targeted system un l it ul mately crashes. DoS
a acks cost millions of dollars to the corporate world, as it curbs them from using their own
systems and carrying out their ac vi es. The a ack may be also used to incorporate
ransomware into corporate systems.
Cyber a ackers who launch DoS in India are punishable under Sec on 66F of the IT Act, which
deals with cyber terrorism. As per the said Sec on, any person who disrupts the authorised
access to a computer resource or gets access to a computer resource through unauthorised
means or causes damage to a computer network is liable for imprisonment which may extend
for life.
Data diddling
Data diddling is a cyber-crime which involves the unauthorized altera on of data entries on a
computer. It may be done either before or during the entry of such data. It is generally
commi ed by way of computer virus a acks. At mes, to conceal the altera on, the altered
data is changed to its original data a er retrieving the required informa on. Usually, the
strategic or sta s cal data of large companies.
In India, data diddling is an offence under Sec on 65 of the IT Act. The said Sec on provides
that knowingly or inten onally concealing, destroying, altering or causing another to conceal,
destroy, or alter any computer source code used for a computer, computer programme,
computer system or computer network is punishable with imprisonment of up to 3 years or
with fine of up to two lakhs.
Cyber-crimes against society at large
various other cyber-a acks are launched against the community at large. Such cyber crimes
may be aimed either against any par cular sec on of society or the en re country. The
following are a few types of cyber-crimes against the community at large.
Cyber pornography
As per Merriam-Webster Dic onary, pornography is the depic on of ero c behaviour (as in
pictures or wri ng) intended to cause sexual excitement. Accordingly, cyber pornography
refers to using the internet to display, distribute, import, or publish pornography or obscene
materials.
Under the IT Act, provisions as to cyber pornography are given under Sec on 67 of the IT Act.
It states that the following ac vi es are punishable with imprisonment of up to 3 years and a
fine of up to 5 lakhs:
Uploading pornographic content on any website, social media, etc. where third par es may
access it. Transmi ng obscene photos to anyone through email, messaging, social media, etc.
Cyber terrorism
Cyber terrorism means using cyberspace to hurt the general public and damage the integrity
and sovereignty of any country. The IT Act defines cyber terrorism under Sec on 66F as any
acts done by a person with the intent to create a threat to the unity, integrity, sovereignty and
security of the na on or create terror in minds of people or sec on of people by way of
disrup ng the authorised access to a computer resource or ge ng access to a computer
resource through unauthorised means or causing damage to a computer network.
Cyber terrorism is generally carried out in the following ways: Hacking government-owned
systems of the target country and ge ng confiden al informa on.
Destruc ng and destroying government databases and backups by incorpora ng viruses or
malware into the systems. Disrup ng government networks of the target na on. Distrac ng
the government authori es and preven ng them from focusing on ma ers of priority. The
punishment for cyber terrorism as provided under Sec on 66F of the IT Act is imprisonment
of up to 3 years and/or up to Rs 2 lakh fine.
Cyber Espionage
According to Merriam-Webster Dic onary, espionage is “the prac ce of spying or using spies
to obtain informa on about the plans and ac vi es especially of a foreign government or a
compe ng company.” Similarly, cyber espionage refers to the unauthorized accessing of
sensi ve data or intellectual property for economic, or poli cal reasons. It is also called ‘cyber
spying’.
In most cases of cyber espionage, spies in the form of hackers are deliberately recruited to
launch cyber-a acks on the government systems of enemy na ons to stealthily collect
confiden al informa on. The cross-border exposure of sensi ve data related to any country
can con nue as long as it stays undetected. The informa on gathered through cyber
espionage is then used by the gathering country to either combat or launch military or poli cal
a acks on the enemy country. Generally, the following data are gathered through cyber
espionage:
Military data
Academic research-related data
Intellectual property
Poli cally strategic data, etc.
Though cyber espionage has serious consequences, unfortunately, there are no specific
provisions related to it under any Indian law. However, cyber spies may be punished under
Sec on 120A of IPC, which deals with criminal conspiracy. It provides that when two or more
per-sons agree to do, or cause to be done, –an illegal act, or an act which is not illegal by illegal
means, such an agree-ment is designated a criminal conspiracy. The punishment of criminal
conspiracy is provided under Sec on 120B of IPC as a death sentence, imprisonment for life,
and rigorous imprisonment for at least 2 years.
Further, any Indian who abets cyber espionage against India can be also punished under
Sec on 121 of IPC, which deals with waging, a emp ng, or abe ng waging war against the
Government of India. The punishment prescribed for the same is the death sentence,
imprisonment for life, and a fine.
Hacking
Hacking is basically gaining unauthorized access to your system profit, protest, informa on
gathering, or to evaluate system weaknesses. The provisions for hacking are given in IT Act,
2000 under sec on 43-A and 66 and sec on 379 & 406 of Indian Penal Code. The punishment
for hacking is 3 years or shall be imposed with fine up to 5 lakhs.
Denial of Service
It brings down the server (any server). It is known as the flooding machine with requests in an
a empt to overload systems. It also uses bots for tasks. The provisions are given under sec on
43(f) of IT Act with imprisonment up to 3 years or with fine up to 5 lakh rupees.
Virus Dissemina on
It involves direct or search unauthorized access to system by introducing malicious programs
known as viruses, worms etc. Virus needs host while worms are standalone.
Provisions are provided under the IT Act, 2000 under sec ons 43-C, 66 and sec on 268 of the
Indian Penal Code.
Credit Card Fraud
Card fraud begins either with the the of the physical card or with the comprise of data
associated with the account. Provisions of such fraud are given under Sec on 66 C and 66 D
of IT ACT, 2000 and sec on 468 & 471 of Indian Penal Code, 1860.
INDIAN CONTEXT OF CYBER JURISDICTION AND ENFORCEMENT AGENCIES
In the Indian context, cyber jurisdic on and enforcement agencies play a crucial role in
dealing with cybercrimes and ensuring cybersecurity
Cyber Jurisdic on: Cyber jurisdic on refers to the legal authority of a court or agency to
handle cybercrime cases. In India, the Informa on Technology Act, 2000 (IT Act) is the primary
legisla on that governs cyber jurisdic on and cybercrimes.
Enforcement Agencies: India has several enforcement agencies responsible for addressing
cybercrimes and maintaining cybersecurity. Some of the important ones include:
a. Cyber Crime Inves ga on Cell (CCIC): Each state in India has a dedicated Cyber Crime
Inves ga on Cell or Unit. These cells are usually part of the State Police or CID and are
responsible for inves ga ng cybercrimes that occur within their respec ve state jurisdic ons.
b. Cyber Crime Inves ga on Units of Central Agencies: Central agencies like the Central
Bureau of Inves ga on (CBI), the Na onal Inves ga on Agency (NIA), and the Enforcement
Directorate (ED) also have specialized cybercrime inves ga on units. These units handle
complex and high-profile cybercrime cases that have na onal implica ons.
c. Indian Computer Emergency Response Team (CERT-In): CERT-In is the na onal nodal
agency responsible for cybersecurity in India. It operates under the Ministry of Electronics
and Informa on Technology (Meit) and serves as the primary agency for handling
cybersecurity incidents, providing emergency response, and coordina ng with various
stakeholders.
d. Na onal Cyber Crime Repor ng Portal: The Indian government has launched the Na onal
Cyber Crime Repor ng Portal (www.cybercrime.gov.in), which allows ci zens to report
cybercrimes online. The portal helps in streamlining the process of repor ng and inves ga ng
cybercrimes.
Interna onal Coopera on: India has signed various bilateral and mul lateral agreements
with other countries for coopera on in comba ng cybercrimes. Addi onally, India is a
member of interna onal organiza ons such as the INTERPOL and works closely with them to
address cybercrimes of transna onal nature.
Cyber Appellate Tribunal (CyAT): The Cyber Appellate Tribunal (CyAT) was established under
the IT Act to hear appeals against orders issued by the Controller of Cer fying Authori es and
adjudicate on ma ers related to cyber jurisdic on. However, it is important to note that the
CyAT has been largely non-func onal in recent years, and the jurisdic on of cyber-related
appeals has been transferred to high courts.
Coordina on Mechanisms: To ensure effec ve coordina on and informa on sharing, various
coordina on mechanisms exist in India. The Ministry of Home Affairs (MHA) and the Ministry
of Electronics and Informa on Technology (Meit) work closely to address cybersecurity and
coordinate efforts among different agencies. Addi onally, pla orms like the Indian Cyber
Crime Coordina on Centre (I4C) facilitate coordina on among various enforcement agencies.
INFORMATION TECHNOLOGY ACT 2000
Objec ves of IT Act 2000:
a. To give legal recogni on to any transac on which is done by electronic way or use of
internet
b. To give legal recogni on to digital signature for accep ng any agreement via computer.
c. To provide facility of filling documents online rela ng to different transac ons.
d.IT. Act2000 enable any company can store their data in electronic storage.
e. To stop computer crime and protect privacy of internet users.
f. To give more power to IPO, RBI and Indian Evidence act for restric ng electronic crime.
g. To give legal recogni on for keeping books of accounts
2. Scope of IT Act:
a. The act shall apply to Processing of personal data or partly by automa c means
b. other processing of personal data which form part of or are intended to form part of
personal data filing system.
This act shall not apply to the following:
a. Informa on technology Act 2000 is not applicable on the a esta on for crea ng trust via
electronic way. Physical a esta on is must.
b. A contract of sale of any immovable property.
c. A esta on for giving power of a orney of property is not possible via electronic record.
Background of Information Technology Act, 2000
United Nations Commission on International Trade Law in 1996 adopted a model law on ecommerce and digital intricacies. It also made it compulsory for every country to have its own
laws on e-commerce and cybercrimes. In order to protect the data of citizens and the
government, the Act was passed in 2000, making India the 12th country in the world to pass
legislation for cyber-crimes. It is also called the IT Act and provides the legal framework to
protect data related to e-commerce and digital signatures. It was further amended in 2008
and 2018 to meet the needs of society. The Act also defines the powers of intermediaries and
their limitations.
Schedule of Information Technology Act, 2000
The Act is divided into 13 chapters, 90 sections and 2 schedules. The following are the
chapters under the Act:
Chapter1 deals with the applicability of the Act and definitions of various terminologies used
in the Act.
Chapter2 talks about digital and electronic signatures.
Chapters3&4 Electronic governance and electronic records
Chapter5 is related to the security of these records and Chap 6 deals with regulations of
certifying authorities.
Chapter7 the certificates needed to issue an electronic signature.
Chapter8 the duties of subscribers and Chapter 9 describes various penalties.
Chapter10 provides sections related to the Appellate Tribunal.
Chapter11 various offences related to breach of data and their punishments.
Chapter12 provides the circumstances where the intermediaries are not liable for any offence
or breach of data privacy.
Chapter13 The final chapter, is the miscellaneous chapter.
The 2 schedules given in the Act are:
 Schedule 1 gives the documents and data where the Act is not applicable.
 Schedule 2 deals with electronic signatures or methods of authentication.
Applicability of Information Technology Act, 2000
According to Section 1, the Act applies to the whole country, including the state of Jammu
and Kashmir. The application of this Act also extends to extra-territorial jurisdiction, which
means it applies to a person committing such an offence outside the country as well. If the
source of the offence, i.e., a computer or any such device, lies in India, then the person will
be punished according to the Act irrespective of his/her nationality.
The Act, however, does not apply to documents given under Schedule 1. These are:





Any negotiable instrument other than a cheque as given under Section 13 of
the Negotiable Instruments Act, 1881.
Any power of attorney according to Section 1A of the Powers of Attorney Act, 1882.
Any sort of trust according to Section 3 of the Indian Trusts Act, 1882.
Any will including testamentary disposition given under the Indian Succession Act,
1925.
Any contract or sale deed of any immovable property.
Features of Information Technology Act, 2000
Following are the features of the Act:
 The Act is based on the Model Law on e-commerce adopted by UNCITRAL.
 It has extra-territorial jurisdiction.
 It defines various terminologies used in the Act like cyber cafes, computer systems,
digital signatures, electronic records, data, asymmetric cryptosystems, etc
under Section 2(1).
 It protects all the transactions and contracts made through electronic means and says
that all such contracts are valid. (Section 10A)
 It also gives recognition to digital signatures and provides methods of authentication.
 It contains provisions to the appointment of the Controller of Certifying Authorities
and his powers for the purposes of IT Act
 It recognises foreign certifying authorities (Section 19).
 It also provides various penalties in case a computer system is damaged by anyone
other than the owner of the system.
 The Act also provides provisions for an Appellate Tribunal to be established under the
Act. All the appeals from the decisions of the Controller or other Adjudicating officers
lie to the Appellate tribunal.
 Further, an appeal from the tribunal lies with the High Court.
 The Act describes various offences related to data and defines their punishment.
 It provides circumstances where the intermediaries are not held liable even if the
privacy of data is breached.
A cyber regulation advisory committee is set up under the Act to advise the Central
Government on all matters related to e-commerce or digital signatures.
Electronic records and signatures
The Act defines electronic records under Section 2(1)(t), which includes any data, image,
record, or file sent through an electronic mode. According to Section 2(1)(ta), any signature
used to authenticate any electronic record that is in the form of a digital signature is called an
electronic signature. However, such authentication will be affected by asymmetric
cryptosystems and hash functions as given under Section 3 of the Act.
Section 3A further gives the conditions of a reliable electronic signature. These are:
 If the signatures are linked to the signatory or authenticator, they are considered
reliable.
 If the signatures are under the control of the signatory at the time of signing.
 Any alteration to such a signature must be detectable after fixation or alteration.
 The alteration done to any information which is authenticated by the signature must
be detectable.
 It must also fulfil any other conditions as specified by the Central Government.
The government can anytime make rules for electronic signatures according to Section 10 of
the Act. The attribution of an electronic record is given under Section 11 of the Act. An
electronic record is attributed if it is sent by the originator or any other person on his behalf.
The person receiving the electronic record must acknowledge the receipt of receiving the
record in any manner if the originator has not specified any particular manner. (Section 12).
According to Section 13, an electronic record is said to be dispatched if it enters another
computer source that is outside the control of the originator. The time of receipt is
determined in the following ways:
 When the addressee has given any computer resource,
Receipt occurs on the entry of an electronic record into the designated computer resource.
In case the record is sent to any other computer system, the receipt occurs when it is retrieved
by the addressee.
 When the addressee has not specified any computer resource, the receipt occurs when
the record enters any computer source of the addressee.
Certifying authorities
Appointment of Controller of Certifying authorities
Section 17 talks about the appointment of the controller, deputy controllers, assistant
controllers, and other employees of certifying authorities. The deputy controllers and
assistant controllers are under the control of the controller and perform the functions as
specified by him. The term, qualifications, experience and conditions of service of the
Controller of certifying authorities will be determined by the Central Government. It will also
decide the place of the head office of the Controller.
Functions of the Controller of Certifying authorities.
Under Section 18, the functions of the Controller of certifying authority
 He supervises all the activities of certifying authorities.
 Public keys are certified by him.
 He lays down the rules and standards to be followed by certifying authorities.
 He specifies the qualifications and experience required to become an employee of a
certifying authority.
 He specifies the procedure to be followed in maintaining the accounts of authority.
 He determines the terms and conditions of the appointment of auditors.
 He supervises the conduct of businesses and dealings of the authorities.
 He facilitates the establishment of an electronic system jointly or solely.
 He maintains all the particulars of the certifying authorities and specifies the duties of
the officers.
 He has to resolve any kind of conflict between the authorities and subscribers.
 All information and official documents issued by the authorities must bear the seal of
the office of the Controller.
License for electronic signatures
Under Section 21 It is necessary to obtain a license certificate in order to issue an electronic
signature, any such license can be obtained by making an application to the controller who,
after considering all the documents, decides either to accept or reject the application. The
license issued is valid for the term as prescribed by the central government and is transferable
and heritable. It is regulated by terms and conditions provided by the government.
Under Section22, an application must fulfil the following requirements:
 A certificate of practice statement.
 Identity proof of the applicant.
 Fees of Rupees 25,000 must be paid.
Any other document as specified by the central government.
The license can be renewed by making an application before 45 days from the expiry of the
license along with payment of fees, i.e., Rupees 25000. (Section 23)
Any license can be suspended on the grounds specified in Section 24 of the Act. However, no
certifying authority can suspend the license without giving the applicant a reasonable
opportunity to be heard. The grounds of suspension are:
 The applicant makes a false application for renewal with false and fabricated
information.
 Failure to comply with the terms and conditions of the license.
 A person fails to comply with the provisions of the Act.
 He did not follow the procedure given in Section 30 of the Act.
The notice of suspension of any such license must be published by the Controller in his
maintained records and data.

Powers of certifying authorities
Following are the powers and functions of certifying authorities:
 Every such authority must use hardware that is free from any kind of intrusion. (Section
30)
 It must adhere to security procedures to ensure the privacy of electronic signatures.
 It must publish information related to its practice, electronic certificates and the status
of these certificates.
 It must be reliable in its work.
 The authority has the power to issue electronic certificates. (Section 35)
The authority has to issue a digital signature certificate and certify that:
o The subscriber owns a private key along with a public key as given in the
certificate.
o The key can make a digital signature and can be verified.
o All the information given by subscribers is accurate and reliable.
The authorities can suspend the certificate of digital signature for not more than 15 days.
(Section 37)
According to Section 38, a certificate can be revoked by the authorities on the following
grounds:
o If the subscriber himself makes such an application.
o If he dies.
o In case, the subscriber is a company then on the winding up of the company,
the certificate is revoked.
Circumstances where intermediaries are not held liable
Section 2(1)(w) of the Act defines the term ‘intermediary’ as one who receives, transmits, or
stores data or information of people on behalf of someone else and provides services like
telecom, search engines and internet services, online payment, etc. Usually, when the data
stored by such intermediaries is misused, they are held liable. But the Act provides certain
instances where they cannot be held liable under Section 79. These are:
 In the case of third-party information or communication, intermediaries will not be
held liable.
 If the only function of the intermediary was to provide access to a communication
system and nothing else, then also they are not held liable for any offence.
 If the intermediary does not initiate such transmissions or select the receiver or modify
any information in any transmission, it cannot be made liable.
The intermediary does its work with care and due diligence.
However, the section has the following exemptions where intermediaries cannot be
exempted from the liability:
 It is involved in any unlawful act either by abetting, inducing or by threats or promises.
 It has not removed any such data or disabled access that is used for the commission of
unlawful acts as notified by the Central Government.

Penalties under Information Technology Act, 2000
The Act provides penalties and compensation in the following cases:
Penalty for damaging a computer system
If a person other than the owner uses the computer system and damages it, he shall have to
pay all such damages by way of compensation (Section 43). Other reasons for penalties and
compensation are:
 If he downloads or copies any information stored in the system.
 Introduces any virus to the computer system.
 Disrupts the system.
 Denies access to the owner or person authorised to use the computer.
 Tampers or manipulates the computer system.
 Destroys, deletes or makes any alteration to the information stored in the system.
 Steals the information stored therein.
Compensation in the case of failure to protect data
According to Section 43A, if any corporation or company has stored the data of its employees
or other citizens or any sensitive data in its computer system but fails to protect it from
hackers and other such activities, it shall be liable to pay compensation.
Failure to furnish the required information
If any person who is asked to furnish any information or a particular document or maintain
books of accounts fails to do so, he shall be liable to pay the penalty. In the case of reports
and documents, the penalty ranges from Rupees Rupees fifty thousand to one lakh .For books
of accounts or records, the penalty is Rs. 5000. (Section 44)
Residuary Penalty
If any person contravenes any provision of this Act and no penalty or compensation is
specified, he shall be liable to pay compensation or a penalty of Rs. 25000.
Appellate tribunal
According to Section 48 of the Act, the Telecom dispute settlement and appellate tribunal
under Section 14 of the Telecom Regulatory Authority of India Act, 1997 shall act as the
appellate tribunal under the Information Technology Act, 2000. This amendment was made
after the commencement of the Finance Act of 2017.
All the appeals from the orders of the controller or adjudicating officer will lie to the tribunal,
but if the order is decided with the consent of the parties, then there will be no appeal. The
tribunal will dispose of the appeal as soon as possible but in not more than 6 months from
the date of such appeal. (Section 57)
According to Section 62 of the Act, any person if not satisfied with the order or decision of
the tribunal may appeal to the High Court within 60 days of such order.
Powers
According to Section 58 of the Act, the tribunal is not bound to follow any provisions of
the Code of Civil Procedure, 1908 and must give decisions on the basis of natural justice.
However, it has the same powers as given to a civil court under the Code. These are:







Summon any person and procure his attendance.
Examine any person on oath.
Ask to discover or produce documents.
Receive evidence on affidavits.
Examination of witnesses.
Review decisions.
Dismissal of any application.
Offences and their punishments under Information Technology Act, 2000
Amendments to Information Technology Act, 2000
With the advancement of time and technology, it was necessary to bring some changes to the
Act to meet the needs of society, and so it was amended.
S.no.
Offences
Section
Punishment
Tampering with the documents stored in a Section
computer system
65
Imprisonment of 3 years or a fine of
Rs. 2 lakhs or both.
Offences related to computers or any act Section
mentioned in Section 43.
66
Imprisonment of 3 years or a fine
that extends to Rs. 5 lakhs or both.
Receiving a stolen computer source or device Section
dishonestly
66B
Imprisonment for 3 years or a fine
of Rs. 1 lakh or both.
Identity theft
Section
66C
Imprisonment of 3 years or a fine of
Rs. 1 lakh or both
Cheating by personation
Section
66D
Either imprisonment for 3 years or
a fine of Rs. 1 lakh or both.
Violation of privacy
Section
66E
Either imprisonment up to 3 years
or a fine of Rs. 2 lakhs or both
Cyber terrorism
Section
66F
Life imprisonment
Transmitting obscene material in electronic Section
form.
67
Imprisonment of 5 years and a fine
of Rs. 10 lakhs.
Transmission of any material containing
Section
sexually explicit acts through an electronic
67A
mode.
Imprisonment of 7 years and a fine
of Rs. 10 lakhs.
Depicting children in sexually explicit form and
Section
transmitting such material through electronic
67B
mode
Imprisonment of 7 years and a fine
of Rs. 10 lakhs.
Failure to preserve and retain the information Section
by intermediaries
67C
Imprisonment for 3 years and a
fine.
Amendment of 2008
The amendment in 2008 brought changes to Section 66A of the Act. This was the most
controversial section as it provided the punishment for sending any offensive messages
through electronic mode. Any message or information that created hatred or hampered the
integrity and security of the country was prohibited. However, it had not defined the word
‘offensive’ and what constitutes such messages, because of which many people were arrested
on this ground. This section was further struck down by the Supreme Court in the case
of Shreya Singhal v. Union of India (2015).
Another amendment was made in Section 69A of the Act, which empowered the government
to block internet sites for national security and integrity. The authorities or intermediaries
could monitor or decrypt the personal information stored with them.
The 2015 Amendment Bill
The bill was initiated to make amendments to the Act for the protection of fundamental rights
guaranteed by the Constitution of the country to its citizens. The bill made an attempt to
make changes to Section 66A, which provides the punishment for sending offensive messages
through electronic means. The section did not define what amounts to offensive messages
and what acts would constitute the offence. It was further struck down by the Supreme Court
in the case of Shreya Singhal declaring it as violative of Article 19.
Information Technology Intermediaries Guidelines (Amendment) Rules, 2018
The government in 2018 issued some guidelines for the intermediaries in order to make them
accountable and regulate their activities. Some of these are: Internet service providers,
Domain registrars, Cloud service providers, Software vendors and resellers, Online market
places, System integrators, IT consultants.
 The intermediaries were required to publish and amend their privacy policies so that
citizens could be protected from unethical activities like pornography, objectionable
messages and images, messages spreading hatred, etc.
 They must provide the information to the government as and when it is sought within
72 hours for national security.
 It is mandatory for every intermediary to appoint a ‘nodal person of contact’ for 24×7
service.
 They must have technologies that could help in reducing unlawful activities done
online.
 The rules also break end-to-end encryption if needed to determine the origin of
harmful messages.
Information Technology (Intermediaries Guidelines and Digital Media Ethics
Code) Rules 2021
The government of India in 2021 drafted certain rules to be followed by the intermediaries.
The rules made it mandatory for intermediaries to work with due diligence and appoint a
grievance officer. They were also required to form a Grievance Appellate Tribunal. All
complaints from users must be acknowledged within 24 hours and resolved within 15 days. It
also provides a “Code of Ethics” for the people publishing news and current affairs, which
makes it controversial. Many believe that the rules curtail freedom of speech and expression
and freedom of the press.
The intermediaries were also required to share the information and details of a suspicious
user with the government if there was any threat to the security and integrity of the country.
As a result of this, writ petitions were filed in various high courts against the rules. Recently,
the Bombay High Court stayed in the case of Agij Promotion of Nineteenonea Media Pvt. Ltd.
vs. Union of India (2021) and Nikhil Mangesg Wagle vs. Union of India (2021) the two
provisions of the rules related to the Code of Ethics for digital media and publishers.
Landmark judgments on Information Technology Act, 2000
Shreya Singhal v. Union of India (2015)
In this case, 2 girls were arrested for posting comments online on the issue of shutdown in
Mumbai after the death of a political leader of Shiv Sena.They were charged under Section
66A for posting the offensive comments in electronic form. As a result, the constitutional
validity of the Section was challenged in the Supreme Court stating that it infringes
upon Article 19 of the Constitution. Whether Section 66A is constitutionally valid or not?
The Court, in this case, observed that the language of the Section is ambiguous and vague,
which violates the freedom of speech and expression of the citizens. It then struck down the
entire Section on the ground that it was violative of Article 19 of the Constitution. It opined
that the Section empowered police officers to arrest any person whom they think has posted
or messaged anything offensive. Since the word ‘offensive’ was not defined anywhere in the
Act, they interpreted it differently in each case. This amounted to an abuse of power by the
police and a threat to peace and harmony.
M/S Gujarat Petro synthesis Ltd and Rajendra Prasad Yadav v. Union of India (2014)
In this case, the petitioners demanded the appointment of a chairperson to the Cyber
Appellate Tribunal so that cases can be disposed of quickly and someone can keep a check on
the workings of CyAT. The respondents submitted that a chairperson would be appointed
soon.Issue is Appointment of the chairperson of CyAT.
The Court ordered the appointment of the chairperson and must see this as a matter of
urgency and take into account Section 53 of the Act.
Christian Louboutin SAS v. Nakul Bajaj and Ors (2018)
In this case, a suit was filed by a shoe company to seek an order of injunction against the
defendants for using its trademarks and logo.
Whether the protection of “safe harbour” under Section 79 of the Act be applied in this case?
The Court in this case observed that the defendant was not an intermediary as their website
was a platform for the supply of various products. It used third-party information and
promoted vendors in order to attract consumers for them. The Court held that e-commerce
platforms are different from the intermediaries and the rights granted to them in Section 79
of the Act. It ordered the intermediaries to work with due diligence and not infringe the rights
of the trademark owner. They must take steps to recognise the authenticity and genuineness
of the products while dealing with any merchant or dealer.
The Court added that if the intermediaries act negligently regarding IPR and indulge in any
sort of abetment or incitement of unlawful or illegal activity, they will be exempted from the
protection of safe harbour under Section 79 of the Act. Any active participation in ecommerce would also lead to the same. It also referred to the intermediaries’ guidelines,
which state that no intermediary must violate any intellectual property rights of anyone while
displaying any content on its website.
Loopholes in Information Technology Act, 2000
The Act provides various provisions related to digital signatures and electronic records, along
with the liability of intermediaries, but fails in various other aspects. These are:
No provision for breach of data
The provisions of the Act only talk about gathering the information and data of the citizens
and its dissemination. It does not provide any remedy for the breach and leak of data, nor
does it mention the responsibility or accountability of anyone if it is breached by any entity
or government organization. It only provides for a penalty if an individual or intermediary
does not cooperate with the government in surveillance.
No address to privacy issues
The Act failed in addressing the privacy issues of an individual. Any intermediary could store
any sensitive personal data of an individual and give it to the government for surveillance.
This amounts to a violation of the privacy of an individual. This concern has been neglected
by the makers.
Simple punishments
Though the Act in certain offences committed through electronic means, the punishments
given therein are much simpler. To reduce such crimes, punishments must be rigorous.
Lack of trained officers
With the help of money and power, one can easily escape liability. At times, these cases go
unreported because of a social stigma that police will not address such complaints.
A report shows that police officers must be trained to handle cybercrimes and have expertise
in technology so that they can quickly investigate a case and refer it for speedy disposal.
No regulation over Cyber Crimes
With the advancement of technology, cyber-crimes are increasing at a greater pace. The
offences described in the Act are limited, while on the other hand, various types of cybercrimes are already prevailing, which if not addressed properly within time, may create a
menace. These crimes do not affect any human body directly but can do so indirectly by
misusing the sensitive data of any person. Thus, the need of the hour is to regulate such
crimes. This is where the Act lacks.
ELECTRONIC GOVERNANCE (e-Governance)
Electronic governance or e-governance implies government functioning with the application
of ICT (Information and Communications Technology). Hence e-Governance is basically a
move towards SMART governance implying: simple, moral, accountable, responsive and
transparent governance.
SMART Governance





Simple — implies simplification of rules and regulations of the government and
avoiding complex processes with the application of ICTs and therefore, providing a
user-friendly government.
Moral —a new system in the administrative and political machinery with technology
interventions to improve the efficiency of various government agencies.
Accountable — develop effective information management systems to ensure the
accountability of public service functionaries.
Responsive — Speed up processes by streamlining them, hence making the system
more responsive.
Transparent — providing information in the public domain like websites or various
portals hence making functions and processes of the government transparent.
Interactions in e-Governance
There are 4 kinds of interactions in e-governance, namely:
1. G2C (Govt to Citizens) — The primary aim is to make the government citizen-friendly.
Interaction between the government and the citizens. This enables citizens to efficient
delivery of a large range of public services. Expands the accessibility , availability and
quality of govt services The primary aim is to make the government citizen-friendly.
2. G2B (Government to Business):
o It enables the business community to interact with the govt by using egovernance tools.
The objective is to cut red-tapism which will save time and reduce operational
costs. This will also create a more transparent business environment when
dealing with the government.
o The G2B initiatives help in services such as licensing, procurement, permits
and revenue collection.
3. G2G (Government to Government)
o Enables seamless interaction between various government entities.
o various departments and agencies within government or between two govts
like the union and state govts or between state govts.
4. G2E (Government to Employees)
o ICT tools help in interaction between the govt and its employees fast and
efficient and thus increases the satisfaction levels of employees.
o
Advantages of e-Governance













Improves delivery and efficiency of government services
Improved government interactions with business and industry
Citizen empowerment through access to information
More efficient government management
Less corruption in the administration
Increased transparency in administration
Greater convenience to citizens and businesses
Cost reductions and revenue growth
Increased legitimacy of government
Flattens organisational structure (less hierarchic)
Reduces paperwork and red-tapism in the administrative process which results in
better planning and coordination between different levels of government
Improved relations between the public authorities and civil society
Re-structuring of administrative processes
e-Governance Initiatives
Steps taken to promote e-governance in India are as follows:
 A National Task Force on IT and Software Development was set-up in 1998.
 The Ministry of Information Technology was created at the Centre in 1999.
 A 12-point agenda was listed for e-Governance for implementation in all the central
ministries and departments.
 The IT Act (2000) was enacted. This Act was amended in 2008.
 The first National Conference of States’ IT Ministers was organised in the year 2000,
for arriving at a Common Action Plan to promote IT in India.
 Government set-up NISG (National Institute for Smart Government).
 The state governments launched e-Governance projects like e-Seva (Andhra Pradesh),
Bhoomi (Karnataka), and so on.
 The National e-Governance Plan (NeGP) was launched. It consists of 31 Mission Mode
Projects (MMPs) and 8 support components.
 The National Policy on Information Technology (NPIT) was adopted in 2012.
The National e-Governance Plan (NeGP)

The National e-Governance Plan (NeGP), provides a holistic view of e-Governance
initiatives across the country.


Around this idea, a massive countrywide infrastructure reaching down to the remotest
of villages is evolving, and large-scale digitization of records is taking place to enable
easy, reliable access to the internet.
The Government has proposed to implement “e-Kranti: National e-Governance Plan
(NeGP) 2.0” under the Digital India programme.
e-Kranti – Electronic Delivery of Services



e-Kranti is an essential pillar of the Digital India initiative.
Considering the critical need for e-Governance, mobile governance and good
governance in the country, the approach and key components of e-Kranti have been
approved by the government.
The e-Kranti framework addresses the electronic delivery of services through a
portfolio of mission mode projects that cut across several government departments.
Objectives of e-Kranti
The main aims of the initiative are to:
 Redefine NeGP with transformational and outcome-oriented e-Governance initiatives
 Enhance the portfolio of citizen-centric services
 Ensure optimum usage of core Information & Communication Technology (ICT)
 Promote rapid replication and integration of e-Governance applications
 Leverage emerging technologies
 Make use of more agile implementation models
ELECTRONIC EVIDENCE
As per Sec on 79A of the IT Act, electronic form of evidence‘ means any informa on of
proba ve value that is either stored or transmi ed in electronic form and includes computer
evidence, digital audio, digital video, cell phones, digital fax machines. Courts can thus permit
the use of digital evidence such as e-mails, digital photographs, word processing documents,
instant message histories, spread sheets, internet browser histories, data bases, contents of
computer memory, computer backup, secured electronic records and secured electronic
signatures, Global Posi oning System tracks, Logs from a hotel’s electronic door, Digital video
or audio etc., during the course of trials of a civil or criminal case.
IT Act defines the term ‗electronic record ‘as ―data, record or data generated, image or
sound stored, received or sent in an electronic form or micro film or computer-generated
micro fiche. Sec on 6 of the IT Act provides that electronic records and electronic signatures
can be used in Government and its agency. Hence, they are admissible in a court of law. So,
whenever a dispute regarding online contracts or e-crimes is to be adjudicated by a court,
produc on of admissible evidence becomes necessary to decide the merits of the case.
Sec on 3 of the Evidence Act defines ―document as follows:
Document" means any ma er expressed or described upon any substance by means of
le ers, figures or marks, or by more than one of those means, intended to be used, or which
may be used, for the purpose of recording that ma er.
Evidence in Sec on 3 is defined as follows:
"Evidence" means and includes—
(1) all statements which the Court permits or requires to be made before it by witnesses, in
rela on to ma ers of fact under inquiry; such statements are called oral evidence;
(2) all documents including electronic records produced for the inspec on of the Court; such
documents are called documentary evidence.
Sec on 22-A of the Evidence Act, which deals with the relevance of oral admissions as to
contents of electronic records, reads as follows:
When oral admission as to contents of electronic records are relevant. Oral admissions as to
the contents of electronic records are not relevant, unless the genuineness of the electronic
record produced is in ques on is examined.
Sec on 59 of evidence act- Proof of facts by oral evidence. All facts, except the contents of
documents or electronic records, may be proved by oral evidence.
Sec on 45A of the Evidence Act is with regard to the opinion of the Examiner of Electronic
Evidence and it states thus:
Opinion of Examiner of Electronic Evidence.
When in a proceeding, the court has to form an opinion on any ma er rela ng to any
informa on transmi ed or stored in any computer resource or any other electronic or digital
form, the opinion of the Examiner of Electronic Evidence referred to in sec on 79A of the
Informa on Technology Act, 2000 (21 of 2000), is a relevant fact.
Explana on. -- For the purposes of this sec on, an Examiner of Electronic Evidence shall be
an expert.
Sec on 67A of the Evidence Act deals with proof as to digital signature.
Sec on 67A reads thus:
Proof as to digital signature. Except in the case of a secure electronic signature, if the digital
signature of any subscriber is alleged to have been affixed to an electronic record the fact that
such digital signature is the digital signature of the subscriber must be proved. It is necessary
to prove it in the manner of proof of electronic record. As such, Sec on 65B will be applicable.
Sec on 73A of the Evidence Act deals with the Proof as to verifica on of digital signature. It
reads thus:
Proof as to verifica on of digital signature. – In order to ascertain whether a digital signature
is that of the person by whom it purports to have been affixed, the Court may direct -(a) that person or the Controller of the Cer fying Authority to produce the Digital Signature
Cer ficate.
(b) any other person to apply the public key listed in the Digital Signature Cer ficate and verify
the digital signature purported to have been affixed by that person. For this purpose, the
controller of cer fying authority means the controller appointed under S.17(1) of the IT Act.
Sec on 4 of the IT Act speaks about the legal recogni on of the electronic records.
Legal recogni on of electronic records. Where any law provides that informa on or any
other ma er shall be in wri ng or in the typewri en or printed form, then notwithstanding
anything contained in such law, such requirement shall be deemed to have been sa sfied if
such informa on or ma er is-(a) rendered or made available in an electronic form; and (b)
accessible so as to be usable for a subsequent reference.
The ra onale behind the second requirement is that electronic data is intangible and by its
very nature transient. Thus, it is expedient to require it to be available for future reference.
Sec on 136 of the Evidence Act empowers a Judge to decide as to the admissibility of the
evidence. In order that the proof may be confined to relevant facts and may not travel beyond
the limits of the issue at trial, the Judge is empowered to ask in what manner the evidence
tendered is relevant. The judge must then decide its admissibility.
In State of Bihar v Sri Radha Krishna (1983) 2 SCR 808, the apex court observed that
admissibility of a document is one thing and its proba ve value is quite another and these
two aspects cannot be combined.
The normal rule of leading documentary evidence is the produc on and proof of the original
document itself.
The said rule is embodied in Sec on 61, which says that contents of documents may be
proved either by primary or by secondary evidence. Sec on 62 says that the primary evidence
means the document itself produced for inspec on of the Court.
Sec on 63
contains the various types of secondary evidence. Sec 65 enumerates the circumstances in
which secondary evidence can be adduced. Clause (d) of Sec 65 says that secondary evidence
of the contents of a document can be led when the original is of such a nature as not to be
easily movable. Computerized opera ng systems and support systems in industry cannot be
moved to the court. The informa on is stored in these computers on magne c tapes (hard
disc). Electronic record produced therefrom has to be taken in the form of a print out.
Sub-Sec on (1) of S.65B makes admissible without further proof, in evidence, the print out
of an electronic record contained on a magne c media, subject to the sa sfac on of the
condi ons men oned in Sub-sec (2). The sub-sec on makes admissible an electronic record
when cer fied that the contents of a computer printout are generated by a computer
sa sfying the condi ons of Sub-sec (1), the cer ficate being signed by the person described
therein. Thus, Sub-sec (4) provides for an alterna ve method to prove electronic record.
Best Evidence Rule in Proof of Contents of a Document.
The contents of the output must be authen c and there should be reason to believe that they
are authen c. A true copy can thus be captured in print or on a digital media, duly cer fied
by the observer. Video/Audio Tape Recordings: Indian courts had recognized the contents of
tape recording as admissible evidence for some me before the introduc on of the IT Act,
subject to certain condi ons being sa sfied. The Hon‘ble Supreme Court in Ziauddin
Burhanuddin Bukhari v Brijmohan Ramdas Mehra and Others [AIR 1975 SC 1788
(1)] observed that tape-recorded speeches are a 'document', as defined by Sec on 3 of the
Evidence Act, which stands on no different foo ng than photographs, and they are admissible
in evidence on sa sfying certain condi ons. The subject ma er recorded had to be shown to
be relevant according to rules of relevancy found in the Evidence Act.
In Jagjit Singh Vs. State of Haryana [(2006) 11 SCC 1)], the speaker of the Legisla ve Assembly
of the State of Haryana disqualified a member for defec on. While hearing the ma er, the
Supreme Court considered the digital evidence in the form of interview transcripts from the
Zee News television channel, the Aaj Tak television channel and the Haryana News of Punjab
Today television channel. The court determined that the electronic evidence placed on record
was admissible and upheld the reliance placed by the Speaker on the recorded interview
while reaching the conclusion that the voices recorded on the CD were those of the persons
taking ac on. The Supreme Court found no infirmity in the Speaker's reliance on the digital
evidence and the conclusions reached by him. The comments in this case indicate a trend
that the Judges in India are beginning to recognize and appreciate the importance of digital
evidence in legal proceedings.
Hard Disk: As to whether a hard disk of a computer can be considered as documentary
evidence, the High Court of Delhi in Dharam Bir Vs. CBI [148 (2008) DLT 289]
observed that:"While there can be no doubt that a hard disc is an electronic device used for
storing informa on, once a blank hard disc is wri en upon it is subject to a change and to
that extent it becomes an electronic record. Even if the hard disc is restored to its original
posi on of a blank hard disc by erasing what was recorded on it, it would s ll retain
informa on which indicates that some text or file in any form was recorded on it at one me
and subsequently removed. By use of so ware programs, it is possible to find out the precise
me when such changes occurred in the hard disc. To that extent even a blank hard disc which
has once been used in any manner, for any purpose will contain some informa on and will,
therefore, be an electronic record. So, once the hard disc is subject to any change, then even
if it is restored to the original posi on, by reversing that change, the informa on can be
retrieved by using the so ware designed for that purpose.
Data copied from Hard Disk to CD: Hard Disc is a storage devise. If wri en, then it becomes
electronic record under the Evidence Act. Under sec on 65B, it has to be proved that the
computer during the relevant period was in the lawful control of the person proving the email
vide Babu Ram Aggarwal & Anr. Vs. Krishan Kumar Bhatnagar & Ors. [2013, IIAD (Delhi)
441].
Call Records: In Rakesh Kumar and Ors. Vs. State (Criminal Appeal No. 19/2007 decided on
27.08.2009), the High Court of Delhi while apprecia ng the reliance placed by the prosecu on
upon the call records, observed that computer generated electronic records is evidence,
admissible at a trial if proved in the manner specified by Sec on 65B of the Evidence Act.
Digital Camera Photograph: As per sec on 2(t) of Informa on Technology Act, 2000, a
photograph taken from a digital camera is an electronic record and it can be proved as per
sec on 65B of the Indian Evidence Act.
ATM: Teller Machines (ATM) was held to be not computer by itself nor is it a computer
terminal (2005 AIR Knt. HCR 9). In Mohd Arif @ Ashfaq Vs. State NCT of Delhi [(2011) 13 SCC
621], the determina on of movement of a person on the basis of mobile phone was
discussed.
MODE OF PROOF OF ELECTRONIC RECORDS
Electronic records being more suscep ble to tampering, altera on, transposi on, excision,
etc. without such safeguards, the whole trial based on proof of electronic records can lead to
travesty of jus ce. It requires: Integrity of the data: That is the data as sent or recorded was intact and not tampered with.
Integrity of the hardware/so ware: The hardware and so ware used to read, downloading,
interpre ng, seeing or storing was func oning according to set standards and there was no
devia on or its corrup on.
Security of the system: The system used to access such electronic record was secured, and
during the par cular course of period it was not accessed by any unauthorized person, so as
to rule out the possibility of its tampering or malfunc oning.
Proof of SMS & MMS: If someone challenges the accuracy of an electronic evidence or erecord on the grounds of misuse of system or opera ng failure or interpola on, then the
person challenging it must prove the same beyond reasonable doubt.
Proof of e-mail: E-mail is a computer output of electronic record and therefore, it has to be
proved in the manner prescribed in Sec on 65B of the Indian Evidence Act, which requires a
cer ficate to be given by a person occupying responsible posi on in management of the
computer.
Proof of Obscene SMS sent through Mobile Phone: As per sec 2(t) of the IT Act, 'Mobile' is a
computer and SMS in the mobile is an electronic record. So, it is to be proved as per sec 65B
of the Indian Evidence Act which requires a cer ficate issued by a person, occupying
responsible posi on in management of the computer of the relevant ac vi es.
Proof of Contents of the CD: The person intending to prove C.D. is required to prove whether
the disputed C.D. was prepared by a combina on of a computer opera ng therein or different
computer opera ng in succession over that period or of different combina on of computers.
It is not necessary to examine the computer expert for the proof of C.D. in addi on to the
compliance of provisions of sec on 65B.
CASE LAW U/S. 65B OF THE EVIDENCE ACT
In Vikram Singh and Anr. v. State of Punjab and Anr. [(2017) 8 SCC 518], a three-Judge Bench
of the apex Court followed the law in Anvar P.V. (supra), clearly sta ng that where primary
evidence in electronic form has been produced, no cer ficate under Sec on 65B would be
necessary. But, in a subsequent judgment rendered in Shafiq Mohammad vs The State Of
Himachal Pradesh [(2018) 2 SCC 801] a two Judge Bench of the Hon‘ble Supreme Court held
that requirement of cer ficate under Sec on 65B (4) is not always mandatory. As there is
dichotomy of decisions in between Anwar PV ‘s case and Shafiq Mohammad ‘s case, in the
year 2019, a two-Judge Bench of the apex court referred the ma er to a another three-judge
bench for clarifica on on the point. The ma er was then decided recently by a Three-Judge
Bench of the Hon‘ble apex court in ARJUN PANDITRAO KHOTKAR Vs. KAILASH KUSHANRAO
GORANTYAL AND ORS. [2020 SCC Online SC 571] by Judgment, upheld the law laid in Anwar
PV ‘s case. The clarifica on referred to above is that the required cer ficate under Sec on
65B (4) is unnecessary if the original document itself is produced. This can be done by the
owner of a laptop computer, computer tablet or even a mobile phone, by stepping into the
witness box and proving that the concerned device, on which the original informa on is first
stored, is owned and/or operated by him. In cases where the “computer” happens to be a
part of a “computer system” or “computer network” and it becomes impossible to physically
bring such system or network to the Court, then the only means of providing informa on
contained in such electronic record can be in accordance with Sec on 65B(1), together with
the requisite cer ficate under Sec on 65B(4). The legal interpreta on by the court of the
following Sec ons 22A, 45A, 59, 65A & 65B of the Evidence Act has confirmed that the stored
data in CD/DVD/Pen Drive is not admissible without a cer ficate u/s 65 B(4) of Evidence Act
and further clarified that in the absence of such a cer ficate, the oral evidence to prove the
existence of such electronic evidence and the expert view under sec on 45A Evidence Act
cannot be availed to prove authen city thereof. In State of Karnataka v. M.R. Hiremath
[(2019) 7 SCC 515], the Court emphasized that non-produc on of a cer ficate under Sec on
65-B on an earlier occasion is a curable defect. It further held that ―the High Court erred in
coming to the conclusion that the failure to produce a cer ficate under Sec on 65-B(4) of the
Evidence Act at the stage when the charge-sheet was filed was fatal to the prosecu on. The
need for produc on of such a cer ficate would arise when the electronic record is sought to
be produced in evidence at the trial It is at that stage that the necessity of the produc on of
the cer ficate would arise.”
OTHER CASE LAWS
Sec on 66A of the IT Act: In Shreya Singhal Vs. Union of India [(2015) 0
AIR (SC) 1553], the Hon'ble the Apex Court declared Sec on 66A of the IT Act as
uncons tu onal. It has also been held that the wider range of circula on over the internet
cannot restrict the content of the right under Ar cle 19 (1) (a) nor can it jus fy its denial.
VIDEO-CONFERENCING: In The State of Maharashtra v. Dr. Praful B. Desai [AIR 2003 SC
2053], the ques on involved was whether a witness can be examined by means of a video
conference. The Supreme Court observed that video conferencing is an advancement of
science and technology which permits seeing, hearing and talking with someone who is not
physically present with the same facility and ease as if they were physically present. The legal
requirement for the presence of the witness does not mean actual physical presence. The
court allowed the examina on of a witness through video conferencing and concluded that
there is no reason why the examina on of a witness by video conferencing should not be an
essen al part of electronic evidence.
In Amitabh Bagchi Vs. Ena Bagchi (AIR 2005 Cal 11), the court held that the physical presence
of person in Court may not be required for purpose of adducing evidence and the same can
be done through medium like video conferencing.
In Twen eth Century Fox, Film Corpora on Vs. NRI Film Produc on
Associates (P) Ltd. (AIR 2003 KANT 148), certain condi ons have been laid down for video
recording of evidence. They are as follows:
1) The person who examines the witness on the screen shall file an affidavit/undertaking
before examining the witness with a copy to the other side with regard to iden fica on.
2) The witness has to be examined during working hours of Indian Courts. Oath is to be
administered through the media.
3) The witness should not plead any inconvenience on account of me different between
India and USA.
4) Before examina on of the witness, a set of plaint, wri en statement and other documents
must be sent to the witness so that the witness has acquaintance with the documents and an
acknowledgment is to be filed before the Court in this regard.
5) Learned Judge is to record such remarks as is material regarding the demeanour of the
witness while on the screen.
6) Learned Judge must note the objec ons if raised during recording of witness and to decide
the same at the me of arguments.
7) A er recording the evidence, the same is to be sent to the witness and his signature is to
be obtained in the presence of a Notary Public and therea er part of the record of the suit
proceedings.
8) The visual is to be recorded and the record would be at both ends. The witness also is to
be alone at the me of visual conference and notary is to cer ficate to this effect.
9) The learned Judge may also impose such other condi ons as are necessary in a given set
of facts.
10) The expenses and the arrangements are to be borne by the applicant who wants this
facility.
In Suvarna Musale vs Rahul Musale [2015 (2) Mh.L.J. 801], it was held that recording of
evidence with help of electronic method and techniques is acknowledged and recognized in
judicial system. In that case, the Pe oner-wife was working in U.S. and has a minor daughter
aged 6 yrs., traveling to India for being present physically was expensive and she may face
difficulty in ge ng leave and hurdles in obtaining VISA. An applica on for recording evidence
through video conferencing was therefore allowed.
PRESUMPTIONS
Sec on 92 of the IT Act 2000 made the amendments to the Indian Evidence
Act, 1872 and inserted certain presump ons in regard to the electronic evidence. They are
from Sec on 81-A, 85-A to 85-C, 88-A and 90-A.
Presump on as to telegraphic messages: The Court may presume that a message, forwarded
from a telegraph office to the person to whom such message purports to be addressed,
corresponds with a message delivered for transmission at the office from which the message
purports to be sent; but the Court shall not make any presump on as to the person by whom
such message was delivered for transmission.
Presump on as to electronic messages: It includes emails, SMS, MMS etc. of messages sent
via social networking sites, like WhatsApp, Twi er etc. Under Sec on 88A of the IT Act, there
is a presump on as to such messages, which enables the Court to presume that an electronic
message forwarded by the originator through an electronic mail server to the addressee to
whom the message purports to be addressed corresponds with the message as fed into his
computer for transmission; but the Court shall not make any presump on as to the person
by whom such message was sent.
OPINION OF EXAMINER OF ELECTRONIC EVIDENCE
When the court has to form an opinion as to the electronic signature of any person, the
opinion of the cer fying Authority which has issued the Electronic Signature Cer ficate is
relevant U/S 47A of the Evidence Act. Further, in a proceeding where the court has to form
an opinion on any ma er rela ng to any informa on transmi ed or stored in any computer
resource or any other electronic or digital form, the opinion of the Examiner of Electronic
Evidence referred to in Sec 79A of the IT Act is a relevant fact. But when there is a conflict of
opinion between the experts, then the court is competent to form its own opinion with regard
to signature on a document (Vide Kishan Chand Vs. SitaRamAIR2005P&H 156).
CERTIFYING AUTHORITIES As per Sec 18 of IT Act, 2000 provides the required legal sanc
ty to
the digital signatures based on asymmetric cryptosystems. The digital signatures are now accepted at
par with handwri en signatures and the electronic documents that have been digitally signed are
treated at par with paper documents. The IT Act provides for the Controller of Cer fying Authori es
(CCA) to license and regulate the working of Cer fying Authori es. The Cer fying Authori es (CAs)
issue digital signature cer ficates for electronic authen ca on of users. The Controller of Cer fying
Authori es (CCA) has been appointed by the Central Government under sec 17 of the Act for purposes
of the IT Act. The Office of the CCA came into existence on November 1, 2000. It aims at promo ng
the growth of E-Commerce and E- Governance through the wide use of digital signatures.
The Controller of Certifying Authorities (CCA) has established the Root Certifying Authority (RCAI) of
India under sec18(b) of the IT Act to digitally sign the public keys of Certifying Authorities (CA) in the
country. The RCAI is operated as per the standards laid down under the Act.
The CCA certifies the public keys of CAs using its own private key, which enables users in the
cyberspace to verify that a given certificate is issued by a licensed CA. For this purpose, it operates,
the Root Certifying Authority of India (RCAI). The CCA also maintains the Repository of Digital
Certificates, which contains all the certificates issued to the CAs in the country.
REGULATION OF CERTIFYING AUTHORITIES
IT Act, 2000 has established a Cer fying Authority to regulate the electronic transac ons. The
various aspects of the regula on of cer fying authori es.
The following sec ons IT Act, 2000 pertain to the regula on of cer fying authori es:
Sec 17 – Appointment of the Controller and other officers
The Central Government may appoint a Controller of Cer fying Authori es a er no fying the
Official Gaze e. They may also appoint Deputy Controllers and Assistant Controllers as it
deems fit.
The Controller discharges his responsibili es subject to the general control and also direc ons
of the Central Government
The Deputy Controllers and Assistant Controllers shall perform the func ons assigned to them
by the Controller under the general superintendence and also control of the Controller.
The qualifica ons, experience and terms and condi ons of service of Controller, Deputy
Controllers, and Assistant Controllers shall be such as may be prescribed by the Central
Government.
The Head Office and Branch Office of the office of the Controller shall be at such places as
the Central Government may specify, and these may be established at such places as the
Central Government may think fit.
There shall be a seal of the Office of the Controller.
Func ons of Controller (Sec on 18)
A Controller performs some or all of the following func ons:
Supervise the ac vi es of the Cer fying Authori es and also cer fy their public keys Lay
down the standards that the Cer fying Authori es follow
Specify the following:
qualifica ons and experience requirements of the employees of all Cer fying Authori es
condi ons that the Cer fying Authori es must follow for conduc ng business the content of
the printed, wri en, visual materials and adver sements in respect of the digital signature
and the public key
The form and content of a digital signature cer ficate and the key the form and manner in
which the Cer fying Authori es maintain account terms and condi ons for the appointment
of auditors and their remunera on Facilitate the Cer fying Authority to establish an
electronic system, either solely or jointly with other Cer fying Authori es and its regula on
Specify the manner in which the Cer fying Authori es deal with the subscribers
Resolve any conflict of interests between the Cer fying Authori es and the subscribers
Lay down the du es of the Cer fying Authori es
Maintain a database containing the disclosure record of every Cer fying Authority with all
the details as per regula ons. Further, this database is accessible to the public.
Recogni on of Foreign Cer fying Authority (Sec on 19)
• A Controller has the right to recognize any foreign cer fying authority as a cer fying
authority for the purpose of the IT Act, 2000. While this is subject to the condi ons and
restric ons which the regula ons specify, the Controller can recognize it with the previous
approval of the Central Government and no fy in the Official Gaze e.
• If a controller recognizes a Cer fying Authority under sub-sec on (i), then its digital
signature cer ficate is also valid for the purpose of the Act.
• If the controller feels that any cer fying authority has contravened any condi ons or
restric ons of recogni on under sub-sec on (i), then he can revoke the recogni on. However,
he needs to record the reason in wri ng and no fy in the Official Gaze e.
.Controller to act as a repository (Sec on 20)
• The Controller will act as a repository of all digital signature cer ficates under this Act.
• The Controller will –
• Make use of secure hardware, so ware, and also procedures.
• Observe the standards that the Central Government prescribes to ensure the secrecy and
also the security of the digital signatures.
• The Controller will maintain a computerized database of all public keys. Further, he must
ensure that the public keys and the database are available to any member of the public.
License to issue Digital Signature Cer ficates (Sec on 21)
(1) Subject to the provisions of sub-sec on (2), any person can apply to the Controller for a
license to issue digital signature cer ficates.
(2) A Controller can issue a license under sub-sec on (1) only if the applicant fulfills all the
requirements. The Central Government specifies requirements with respect to qualifica on,
exper se, manpower, financial resources, and also infrastructure facili es for the issuance of
digital signature cer ficates.
(3) A license granted under this sec on is –
(a) Valid for the period that the Central Government specifies
(b) Not transferable or inheritable
(c) Subject to the terms and condi ons that the regula ons specify
6. Power to inves gate contraven ons (Sec on 28)
The Controller or any other Officer that he authorizes will inves gate any contraven on of
the provisions, rules or regula ons of the Act.
The Controller or any other Officer that he authorizes will also exercise the powers conferred
on Income-tax authori es under Chapter XIII of the Income Tax Act, 1961.
Also, the exercise of powers will be limited according to the Act.
Du es Of Subscribers (Sec on 40 to 42)
With respect to the Electronic Signature Cer ficate the subscriber has to perform such du es
as may be prescribed by the Act. Further every subscriber has to exercise reasonable care to
retain control of the private key corresponding to the public key listed in his Digital Signature
Cer ficate. He has to take all steps to prevent its disclosure. In the event of the private key
being compromised the subscriber has to communicate the same immediately to the
Cer fying Authority as specified by the Regula ons. The subscriber shall be liable ll he has
informed the Cer fying Authority that the private key has been compromised.
Sec on: 40. Genera ng key pair.
Where any Digital Signature Cer ficate, the public key of which corresponds to the private
key of that subscriber which is to be listed in the Digital Signature Cer ficate has been
accepted by a subscriber, then, the subscriber shall generate the key pair by applying the
security procedure.
Sec on: 41. Acceptance of Digital Signature Cer ficate.
(1) A subscriber shall be deemed to have accepted a Digital Signature Cer ficate if he
publishes or authorizes the publica on of a Digital Signature Cer ficate—
(a) to one or more persons;
(b) in a repository, or otherwise demonstrates his approval of the Digital Signature Cer ficate
in any manner.
(2) By accep ng a Digital Signature Cer ficate, the subscriber cer fies to all who reasonably
rely on the informa on contained in the Digital Signature Cer ficate that—
(a) the subscriber holds the private key corresponding to the public key listed in the Digital
Signature Cer ficate and is en tled to hold the same;
(b) all representa ons made by the subscriber to the Cer fying Authority and all material
relevant to the informa on contained in the Digital Signature Cer ficate are true;
(c) all informa on in the Digital Signature Cer ficate that is within the knowledge of the
subscriber is true.
Sec on: 42. Control of private key.
(1) Every subscriber shall exercise reasonable care to retain control of the private key
corresponding to the public key listed in his Digital Signature Cer ficate and take all steps to
prevent its disclosure to a person not authorized to affix the digital signature of the subscriber.
(2) If the private key corresponding to the public key listed in the Digital Signature Cer ficate
has been compromised, then, the subscriber shall communicate the same without any delay
to the Cer fying Authority in such manner as may be specified by the regula ons.
Explana on. — For the removal of doubts, it is hereby declared that the subscriber shall be
liable ll he has informed the Cer fying Authority that the private key has been compromised.
PENALTY FOR DAMAGE TO COMPUTER, COMPUTER SYSTEM, ETC. Sec 43
If any person without permission of the owner or any other person who is in charge of a
computer, computer system or computer network –
• accesses or secures access to such computer, computer system or computer network or
computer resource];
• downloads, copies or extracts any data, computer data base or informa on from such
computer, computer system or computer network including informa on or data held or
stored in any removable storage medium;
• introduces or causes to be introduced any computer contaminant or computer virus into
any computer, computer system or computer network;
• damages or causes to be damaged any computer, computer system or computer network,
data, computer data base or any other programmes residing in such computer, computer
system or computer network;
• disrupts or causes disrup on of any computer, computer system or computer network;
• denies or causes the denial of access to any person authorised to access any computer,
computer system or computer network by any means;
• provides any assistance to any person to facilitate access to a computer, computer system
or computer network in contraven on of the provisions of this Act, rules or regula ons made
thereunder;
• charges the services availed of by a person to the account of another person by tampering
with or manipula ng any computer, computer system, or computer network;
• (i) destroys, deletes or alters any informa on residing in a computer resource or diminishes
its value or u lity or affects it injuriously by any means; steal, conceal, destroys or alters or
causes any person to steal, conceal, destroy or alter any computer source code used for a
computer resource with an inten on to cause damage;] he shall be liable to pay damages by
way of compensa on to the person so affected.]
Explana on. –For the purposes of this sec on, –
• computer contaminant means any set of computer instruc ons that are designed–
• to modify, destroy, record, transmit data or programme residing within a computer,
computer system or computer network; or
• by any means to usurp the normal opera on of the computer, computer system, or
computer network;
• computer data-base means a representa on of informa on, knowledge, facts, concepts or
instruc ons in text, image, audio, video that are being prepared or have been prepared in a
formalised manner or have been produced by a computer, computer system or computer
network and are intended for use in a computer, computer system or computer network;
• computer virus means any computer instruc on, informa on, data or programme that
destroys, damages, degrades or adversely affects the performance of a computer resource or
a aches itself to another computer resource and operates when a programme, data or
instruc on is executed or some other event takes place in that computer resource;
• damage means to destroy, alter, delete, add, modify or rearrange any computer resource
by any means. computer source code means the lis ng of programme, computer commands,
design and layout and programme analysis of computer resource in any form.
COMPENSATION FOR FAILURE TO PROTECT DATA. –43A
Where a body corporate, possessing, dealing or handling any sensi ve personal data or
informa on in a computer resource which it owns, controls or operates, is negligent in
implemen ng and maintaining reasonable security prac ces and procedures and thereby
causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to
pay damages by way of compensa on to the person so affected.
Explana on. –For the purposes of this sec on, –
• body corporate means any company and includes a firm, sole proprietorship or other
associa on of individuals engaged in commercial or professional ac vi es;
• reasonable security prac ces and procedures means security prac ces and procedures
designed to protect such informa on from unauthorized access, damage, use, modifica on,
disclosure or impairment, as may be specified in an agreement between the par es or as may
be specified in any law for the me being in force and in the absence of such agreement or
any law, such reasonable security prac ces and procedures, as may be prescribed by the
Central Government in consulta on with such professional bodies or associa ons as it may
deem fit;
• sensi ve personal data or informa on means such personal informa on as may be
prescribed by the Central Government in consulta on with such professional bodies or
associa ons as it may deem fit.
PENALTY FOR FAILURE TO FURNISH INFORMATION RETURN, ETC. SEC 44
If any person who is required under this Act or any rules or regula ons made thereunder to• furnish any document, return or report to the Controller or he Cer fying Authority fails to
furnish the same, he shall be liable to a penalty not exceeding one lakh and fi y thousand
rupees for each such failure.
• file any return or furnish any informa on, books or other documents within the me
specified therefor in the regula ons fails to file return or furnish the same within the me
specified therefor in the regula ons, he shall be liable to a penalty not exceeding five
thousand rupees for every day during which such failure con nues.
• maintain books of account or records, fails to maintain the same, he shall be liable to a
penalty not exceeding ten thousand rupees for every day during which the failure con nues.
RESIDUARY PENALTY. –SEC 45
Whoever contravenes any rules or regula ons made under this Act, for the contraven on of
which no penalty has been separately provided, shall be liable to pay a compensa on not
exceeding twenty-five thousand rupees to the person affected by such contraven on or a
penalty not exceeding twenty-five thousand rupees.
POWER TO ADJUDICATE. –SEC46
(1) For the purpose of adjudging under this Chapter whether any person has commi ed a
contraven on of any of the provisions of this Act or of any rule, regula on, 1[direc on or
order made thereunder which renders him liable to pay penalty or compensa on,] the
Central Government shall, subject to the provisions of sub-sec on (3), appoint any officer not
below
the rank of a Director to the Government of India or an equivalent officer of a State
Government to be an adjudica ng officer for holding an inquiry in the manner prescribed by
the Central Government.
2[(1A) The adjudica ng officer appointed under sub-sec on (1) shall exercise jurisdic on to
adjudicate ma ers in which the claim for injury or damage does not exceed rupees five crore:
Provided that the jurisdic on in respect of the claim for injury or damage exceeding rupees
five crores shall vest with the competent court.]
• The adjudica ng officer shall, a er giving the person referred to in sub-sec on (1) a
reasonable opportunity for making representa on in the ma er and if, on such inquiry, he is
sa sfied that the person has commi ed the contraven on, he may impose such penalty or
award such compensa on as he thinks fit in accordance with the provisions of that sec on.
• No person shall be appointed as an adjudica ng officer unless he possesses such experience
in the field of Informa on Technology and legal or judicial experience as may be prescribed
by the Central Government.
• Where more than one adjudica ng officer are appointed, the Central Government shall
specify by order the ma ers and places with respect to which such officers shall
exercise their jurisdic on.
• Every adjudica ng officer shall have the powers of a civil court which are conferred on
the―Appellate Tribunal under sub-sec on (2) of sec on 58, and–
• all proceedings before it shall be deemed to be judicial proceedings within the meaning of
sec ons 193 and 228 of the Indian Penal Code (45 of 1860);
• shall be deemed to be a civil court for the purposes of sec ons 345 and 346 of the Code of
Criminal Procedure, 1973 (2 of 1974);
1[(c) shall be deemed to be a civil court for purposes of Order XXI of the Civil Procedure
Code, 1908 (5 of 1908).]47. FACTORS TO BE TAKEN INTO ACCOUNT BY THE ADJUDICATING
OFFICER. –
While adjudging the quantum of compensa on under this Chapter, the adjudica ng officer
shall have due regard to the following factors, namely: –
• the amount of gain of unfair advantage, wherever quan fiable, made as a result of the
default;
• the amount of loss caused to any person as a result of the default;
• the repe ve nature of the default.
OFFENCES UNDER THE ACT
The increased rate of technology in computers has led to the enactment of Informa on
Technology Act 2000. The conver ng of the paperwork into electronic records, the storage of
the electronic data, has tremendously changed the scenario of the country.
Offenses: Cyber offenses are the unlawful acts which are carried in a very sophis cated
manner in which either the computer is the tool or target or both. Cybercrime usually
includes:
(a) Unauthorized access of the computers (b) Data diddling (c) Virus/worms a ack (d) The
of computer system (e) Hacking (f) Denial of a acks (g) Logic bombs (h) Trojan a acks (i)
Internet me the (j) Web jacking (k) Email bombing (l) Salami a acks (m) Physically
damaging computer system.
The offenses included in the IT Act 2000 are as follows:
1. Tampering with the computer source documents.
2. Hacking with computer system.
3. Publishing of informa on which is obscene in electronic form.
4. Power of Controller to give direc ons
5. Direc ons of Controller to a subscriber to extend facili es to decrypt informa on
6. Protected system
7. Penalty for misrepresenta on
8. Penalty for breach of confiden ality and privacy
9. Penalty for publishing Digital Signature Cer ficate false in certain par culars
10. Publica on for fraudulent purpose
11. Act to apply for offense or contraven on commi ed outside India
12. Confisca on
13. Penal es or confisca on not to interfere with other punishments.
14. Power to inves gate offenses.
Offenses UNDER THE IT ACT, 2000
1.Tampering with computer source documents:
Sec on 65 of this Act provides that Whoever knowingly or inten onally conceals, destroys or
alters or inten onally or knowingly causes another to conceal, destroy or alter any computer
source code used for a computer, computer Programme, computer system or computer
network, when the computer source code is required to be kept or maintained by law for the
being me in force, shall be punishable with imprisonment up to three year, or with fine
which may extend up to two lakh rupees, or with both.
Explana on:
For the purpose of this sec on “computer source code” means the lis ng of programmes,
computer commands, design and layout and programme analysis of computer resource in
any form.
Object:
The object of the sec on is to protect the “intellectual property” invested in the computer. It
is an a empt to protect the computer source documents (codes) beyond what is available
under the Copyright Law.
This sec on extends towards the Copyright Act and helps the companies to protect the source
code of their programmes.
Sec on 65 is tried by any magistrate. This is cognizable and non- bailable offense.
Imprisonment up to 3 years and or fine up to Two lakh rupees.
CASE LAWS
Friso v. State of Kerela:
Facts: In this case, it was declared that the FRIENDS applica on so ware as a protected
system. The author of the applica on challenged the no fica on and the cons tu onal
validity of so ware under Sec on 70. The court upheld the validity of both. It included
tampering with source code. Computer source code the electronic form, it can be printed on
paper.
Held: The court held that Tampering with Source code is punishable with three years jail and
or two lakh rupees fine of rupees two lakh rupees for altering, concealing and destroying the
source code.
Syed Saifuddin case:
Facts: In this case, the Tata Indicom employees were arrested for manipula on of the
electronic 32- bit number (ESN) programmed into cell phones the were exclusively
franchised to Reliance Infocom.
Held: Court held that Tampering with source code invokes Sec on 65 of the Informa on
Technology Act.
Parliament A ack Case:
Facts: In this case, several terrorists a acked Parliament House on 13 December 2001. In this
Case, the Digital evidence played an important role during their prosecu on. The accused
argued that computers and evidence can easily be tampered and hence, should not be relied.
In Parliament case, several smart device storage disks and devices, a laptop was recovered
from the truck intercepted at Srinagar pursuant to informa on given by two suspects. The
laptop included the evidence of fake iden ty cards, video files containing clips of the poli cal
leaders with the background of Parliament in the background shot from T.V news channels.
In this case design of Ministry of Home Affairs car s cker, there was game “wolf pack” with
user name of ‘Ashiq’, there was the name in one of the fake iden ty cards used by the
terrorist. No back up was taken. Therefore, it was challenged in the Court.
Held: Challenges to the accuracy of computer evidence should be established by the
challenger. Mere theore cal and generic doubts cannot be cast on the evidence.
2. Hacking with the computer system:
Sec on 66 provides that- (1) Whoever with the intent to cause or knowing that he is likely to
cause wrongful loss or damage to the public or any person destroys or deletes or alters any
informa on residing in a computer resource or diminishes its value or u lity or affects it
injuriously by any means, commits hacking.
(2) Whoever commits hacking shall be punished with imprisonment up to three years, or with
fine which may extend up to two lakh rupees, or with both.
Explana on: The sec on talks about the hacking ac vity.
Punishment: Imprisoned up to three years and fine which may extend up to two lakh rupees
or with both.
CASE LAWS
R v. Gold & Schifrin:
In this case, it is observed that the accused gained access to the Bri sh telecom Prestel Gold
computers networks file amount to dishonest trick and not a criminal offense.
R v. Whitely:
In this case, the accused gained unauthorized access to the Joint Academic Network (JANET)
and deleted, added files and changed the passwords to deny access to the authorized users.
The perspec ve of the sec on does not merely protect the informa on but to protect the
integrity and security of computer resources from a acks by unauthorized person seeking to
enter such resource, whatever may be the inten on or mo ve.
Cases Reported In India:
Official website of Maharashtra government hacked. The official website of the government
of Maharashtra was hacked by Hackers Cool Al- Jazeera, and claimed them they were from
Saudi Arabia.
Publishing of obscene informa on in electronic form:
Sec on 67 of this Act provides that Whoever publishes or transmits or causes to be published
in the electronic form, any material which is lascivious or appeals to the prurient interest or
if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to
all relevant circumstance, to read see or hear the ma er contained or embodied in it, shall
be punished on first convic on with imprisonment of either descrip on for a term which may
extend to five years and with fine which may extend to one lakh rupees and in the event of a
second or subsequent convic on with imprisonment of either descrip on for a term which
may extend to ten years and also with fine which may extend to two lakh rupees.
CASE LAWS:
The State of Tamil Nadu v. Suhas Ka .
Facts: This case is about pos ng obscene, defamatory and annoying message about a
divorcee woman in the Yahoo message group. E-mails were forwarded to the vic m for
informa on by the accused through a false e-mail account opened by him in the name of the
vic m. These
pos ngs resulted in annoying phone calls to the lady. Based on the complaint police nabbed
the accused. He was a known family friend of the vic m and was interested in marrying her.
She married to another person, but that marriage ended in divorce and the accused started
contac ng her once again. And her reluctance to marry him he started harassing her through
the internet.
Held: The accused is found guilty of offenses under sec on 469, 509 IPC and 67 of the IT Act
2000 and the accused is convicted and is sentenced for the offense to undergo RI for 2 years
under 469 IPC and to pay fine of Rs.500/-and for the offense u/s 509 IPC sentenced to undergo
1 year Simple imprisonment and to pay fine of Rs.500/- and for the offense u/s 67 of IT Act
2000 to undergo RI for 2 years and to pay fine of Rs.4000/- All sentences to run concurrently.
“The accused paid fine amount and he was lodged at Central Prison, Chennai. This is
considered the first case convicted under sec on 67 of Informa on Technology Act 2000 in
India.
In a recent case, a groom’s family received numerous emails containing defamatory
informa on about the prospec ve bride. Fortunately, they did not believe the emails and
chose to take the ma er to the police. The sender of the emails turned out to be the girl’s
step-father, who did not want the girl to get married, as he would have lost control over her
property, of which he was the legal guardian.
Avanish Bajaj (CEO of bazzee.com – now a part of the eBay group of companies) case.
Facts: There were three accused first is the Delhi schoolboy and IIT Kharagpur Ravi Raj and
the service provider Avanish Bajaj.
The law on the subject is very clear. The sec ons slapped on the three accused were Sec on
292 (sale, distribu on, public exhibi on, etc., of an obscene object) and Sec on 294 (obscene
acts, songs, etc., in a public place) of the Indian Penal Code (IPC), and Sec on 67 (publishing
informa on which is obscene in electronic form) of the Informa on Technology Act 2000. In
addi on, the schoolboy faces a charge under Sec on 201 of the IPC (destruc on of evidence),
for there is apprehension that he had destroyed the mobile phone that he used in the
episode. These offenses invite a s ff penalty, namely, imprisonment ranging from two to five
years, in the case of a first- me convic on, and/or fines.
Held: In this case, the Service provider Avanish Bajaj was later acqui ed and the Delhi
schoolboy was granted bail by Juvenile Jus ce Board and was taken into police charge and
detained into Observa on Home for two days.
Power of Controller to give direc ons:
Sec on 68 of this Act provides that (1) The Controller may, by order, direct a Cer fying
Authority or any employee of such Authority to take such measures or cease carrying on such
ac vi es as specified in the order if those are necessary to ensure compliance with the
provisions of this Act, rules or any regula ons made thereunder.
(2) Any person who fails to comply with any order under sub-sec on (1) shall be guilty of an
offense and shall be liable on convic on to imprisonment for a term not exceeding three years
or to a fine not exceeding two lakh rupees or to both.
Explana on: Any person who fails to comply with any order under subsec on (1) of the above
sec on, shall be guilty of an offense and shall be convicted for a term not less than three years
to a fine exceeding two lakh rupees or to both.
Punishment: Imprisonment up to a term not exceeding three years or fine not exceeding two
lakh rupees.
Direc ons of Controller to a subscriber to extend facili es to decrypt informa on:
Sec on 69 provides that- (1) If the Controller is sa sfied that it is necessary or expedient to
do in the interest of the sovereignty or integrity of India, the security of the State, friendly
rela ons with foreign States or public order or for preven ng incitement to the commission
of any cognizable offense; for reasons to be recorded in wri ng, by order, direct any agency
of the Government to intercept any informa on transmi ed through any computer resource.
(2) The subscriber or any person in charge of the computer resource shall, when called upon
by any agency which has been directed under sub-sec on (1), extend all facili es and
technical assistance to decrypt the informa on.
(3) The subscriber or any person who fails to assist the agency referred to in subsec on shall
be punished with imprisonment for a term which may extend to seven years.
Punishment: Imprisonment for a term which may extend to seven years. The offense is
cognizable and non- bailable.
Protected System:
Sec on 70 of this Act provides that –
(1) The appropriate Government may, by no fica on in the Official Gaze e, declare that any
computer, computer system or computer network to be a protected system.
(2) The appropriate Government may, by order in wri ng, authorize the persons who are
authorized to access protected systems no fied under sub-sec on (1).
(3) Any person who secures access or a empts to secure access to a protected system in
contraven on of the provision of this sec on shall be punished with imprisonment of either
descrip on for a term which may extend to ten years and shall also be liable to fine.
Explana on: This sec on grants the power to the appropriate government to declare any
computer, computer system or computer network, to be a protected system. Only authorized
person has the right to access to protected system.
Punishment: The imprisonment which may extend to ten years and fine.
Penalty for misrepresenta on:
Sec on 71 provides that- (1) Whoever makes any misrepresenta on to, or suppresses any
material fact from, the Controller or the Cer fying Authority for obtaining any license or
Digital Signature Cer ficate, as the case may be, shall be punished with imprisonment for a
term which may extend to two years, or which fine which may extend to one lakh rupees, or
with both.
Punishment: Imprisonment which may extend to two years or fine may extend to one lakh
rupees or with both.
Penalty for breach of confiden ality and privacy:
Sec on 72 provides that- Save as otherwise provide in this Act or any other law for the me
being in force, any person who, in pursuance of any of the powers conferred under this Act,
rules or regula on made thereunder, has secured assess to any electronic record, book,
register, correspondence, informa on, document or other material without the consent of
the person
concerned discloses such material to any other person shall be punished with imprisonment
for a term which may extend to two years, or with fine which may extend to one lakh rupees,
or with both.
Explana on: This sec on relates to any person who in pursuance of any of the powers
conferred by the Act or it allied rules and regula ons have secured access to any: Electronic
record, books, register, correspondence, informa on, document, or other material. If such a
person discloses such informa on, he will be punished. It would not apply to disclosure of
personal informa on of a person by a website, by his email service provider.
Punishment: Term which may extend to two years or fine up to one lakh rupees or with both.
Penalty for publishing Digital Signature Cer ficate false in certain par culars:
Sec on 73 provides that – (1) No person shall publish a Digital Signature Cer ficate or
otherwise make it available to any other person with the knowledge that(a) The Cer fying Authority listed in the cer ficate has not issued it; or
(b) The subscriber listed in the cer ficate has not accepted it; or
(c) The cer ficate has been revoked or suspended unless such publica on is for the purpose
of verifying a digital signature created prior to such suspension or revoca on.
(2) Any person who contravenes the provisions of sub-sec on (1) shall be punished with
imprisonment for a term which may extend to two years, or with fine which may extend to
one lakh rupees, or with both.
Explana on: The Cer fying Authority listed in the cer ficate has not issued it or, the
subscriber listed in the cer ficate has not accepted it or the cer ficate has been revoked or
suspended. The Cer fying authority may also suspend the Digital Signature Cer ficate if it is
of the opinion that the digital signature cer ficate should be suspended in public interest.
A digital signature may not be revoked unless the subscriber has begiven opportunity of being
heard in the ma er. On revoca on, the Cer fying Authority need to communicate the same
with the subscriber. Such publica on is not an offense it is the purpose of verifying a digital
signature created prior to such suspension or revoca on.
Punishment: Imprisonment of a term of which may extend to two Years or fine may extend
to 1 lakh rupees or with both.
CASE LAWS:
Benne Coleman & Co. v. Union of India
In this case, the publica on has been stated that ‘publica on means dissemina on and
circula on’. In the context of the digital medium, the term publica on includes and
transmission of informa on or data in electronic form.
Publica on for fraudulent purpose:
Sec on 74 provides that- Whoever knowingly creates, publishes or otherwise makes available
a Digital Signature Cer ficate for any fraudulent or unlawful purpose shall be punished with
imprisonment for a term which may extend to two years, or with fine which extends to one
lakh rupees, or with both.
Explana on: This sec on prescribes punishment for the following acts:
Knowingly crea ng a digital signature cer ficate for any
1. fraudulent purpose or,
2. unlawful purpose.
Knowingly publishing a digital signature cer ficate for any
1. fraudulent purpose or
2. unlawful purpose
Knowingly making available a digital signature cer ficate for any
1. fraudulent purpose or
2. unlawful purpose.
Punishment: Imprisonment for a term up to two years or fine up to one lakh or both.
Act to apply for offense or contraven on commi ed outside India:
Sec on 75 provides that- (1) Subject to the provisions of sub-sec on (2), the provisions of this
Act shall apply also to any offense or contraven on commi ed outside India by any person
irrespec ve of his na onality.
For the purposes of sub-sec on (1), this Act shall apply to an offense or Contraven on
commi ed outside India by any person if the act or conduct cons tu ng the offense or
contraven on involves a computer, computer system or computer network located in India.
Explana on: This sec on has a broader perspec ve including cyber-crime, commi ed by
cyber criminals, of any na onality, any territoriality.
CASE LAW:
R v. Governor of Brixton prison and another
Facts: In this case the Ci bank faced the wrath of a hacker on its cash management system,
resul ng in illegal transfer of funds from customers account into the accounts of the hacker,
later iden fied as Vladimir Levin and his accomplices. A er Levin was arrested, he was
extradited to the United States. One of the most important issues was the jurisdic onal issue,
the ‘place of origin’ of cyber-crime.
Held: The Court held that the real- me nature of the communica on link between Levin and
Ci bank computer meant that Levin’s keystrokes were actually occurring on the Ci bank
computer. It is thus important that in order to resolve the disputes related to jurisdic on, the
issue of territoriality and na onality must be placed by much broader criteria embracing
principles of reasonableness and fairness to accommodate overlapping or conflic ng
interests of states, in spirit of universal jurisdic on.
Confisca on:
Sec on 76 provides that- Any computer, computer system, floppies, compact disks, tape
drives or any other accessories related thereto, in respect of which any provisions of this Act,
rules, orders or regula ons made thereunder has been or is being contravened, shall be liable
to confisca on: Provided that where it is established to the sa sfac on of the court
adjudica ng the confisca on that the person in whose possession power or control of any
such computer, computer system, floppies, compact disks, tape drives or any other
accessories rela ng thereto is found is not responsible for the contraven on of the provisions
of this Act, rules orders or regula ons made thereunder, the court may, instead of making an
order for confisca on of such computer, computer system, floppies, compact disks, tape
drives or any other accessories related thereto, make such other order authorized by this Act
against the person contravening of the provisions of this Act, rules, orders or regula ons
made thereunder as it may think fit.
Explana on: The aforesaid sec on highlights that all devices whether computer, computer
system, floppies, compact disks, tape drives or any other storage, communica on, input or
output device which helped in the contraven on of any provision of this Act, rules, orders, or
regula ons made under there under liable to be confiscated.
Penal es or confisca on not to interfere with other punishments:
Sec on 77 provides that – No penalty imposed or confisca on made under this Act shall
prevent the imposi on of any other punishment to which the person affected thereby is liable
under any other law for the me being in force.
Explana on: The aforesaid sec on lays down a mandatory condi on, which states the
Penal es or confisca on not to interfere with other punishments to which the person
affected thereby is liable under any other law for the me being in force. Power to inves gate
offenses:
Sec on 78 provides that – Notwithstanding anything contained in the Code of Criminal
Procedure, 1973, a police officer not below the rank of Deputy Superintendent of Police shall
inves gate any offense under this Act.
MAKING OF RULES AND REGULATION
Power of Controller to make regula ons. –
(1) The Controller may, a er consulta on with the Cyber Regula ons Advisory Commi ee
and with the previous approval of the Central Government, by no fica on in the Official
Gaze e, make regula ons consistent with this Act and the rules made thereunder to carry
out the purposes of this Act.
(2) In par cular, and without prejudice to the generality of the foregoing power, such
regula ons may provide for all or any of the following ma ers, namely: (a) the par culars rela ng to maintenance of data-base containing the disclosure record of
every Cer fying Authority under clause (m) of sec on 18;
(b) the condi ons and restric ons subject to which the Controller may recognize any foreign
Cer fying Authority under sub-sec on (1) of sec on 19;
(c) the terms and condi ons subject to which a license may be granted under clause © of
subsec on (3) of sec on 21;
(d) other standards to be observed by a Cer fying Authority under clause (d) of sec on 30;
(e) the manner in which the Cer fying shall disclose the ma ers specified in sub-sec on (1)
of sec on 34;
(f) the par culars of statement which shall accompany an applica on under sub-sec on (3)
of sec on 35.
(g) the manner by which the subscriber communicates the compromise of private key to the
Cer fying Authority under sub-sec on (2) of sec on 42.
Every regula ons made under this Act shall be laid, as soon as may be a er it is made, before
each House of Parliament, while it is in session, for a total period of thirty days which may be
comprised in one session or in two or more successive sessions, and if, before the expiry of
the session immediately following the session or the successive sessions aforesaid, both
Houses agree in making any modifica on in the regula on or both Houses agree that the
regula on should not be made, the regula on shall therea er have effect only in such
modified form or be of no effect, as the case may be; so, however, that any such modifica on
or annulment shall be without prejudice to the validity of anything previously done under
that
regula on.
Power of State Government to make rules. –
(1) The State Government may, by no fica on in the Official Gaze e, make rules to carry out
the provisions of this Act.
(2) In par cular, and without prejudice to the generality of the foregoing power, such rules
may provide for all or any of the following ma ers, namely: –
(a) the electronic form in which filing, issue, grant, receipt or payment shall be affected under
sub-sec on (1) of sec on 6;
(b) for ma ers specified in sub-sec on (2) of sec on 6;(3) Every rule made by the State
Government under this sec on shall be laid, as soon as may be a er it is made, before each
House of the State Legislature where it consists of two Houses, or where such Legislature
consists of one House, before that House
CYBER APPELLETE TRIBUNAL
The Information Technology Act, 2000 also provides for the establishment of the Cyber Appellate
Tribunal. In this article, we will look at the establishment, composition, jurisdiction, powers, and
procedures if a Cyber Appellate Tribunal.
Establishment of Cyber Appellate Tribunal (Section 48)
The Central Government notifies and establishes Cyber Regulations Appellate Tribunal.
The Central Govt notify all the matters and places fall under the jurisdiction of the Tribunal.
The composition of Cyber Appellant Tribunal (Section 49)
The Central Govt appoints only one person in a Tribunal – the Presiding Officer of the Cyber
Appellate Tribunal.
The qualifications for appointment as Presiding Officer of the Cyber Appellate
Tribunal (Section 50)
A person is considered qualified for the appointment as the Presiding Officer of a Tribunal if –
He has the qualification of the Judge of a High Court
He is or was the member of the Indian Legal Service and holds or has held a post in Grade I of
that service for at least three years.
The Term of Office (Section 51)
The Term of Office of the Presiding Officer of a Cyber Appellate Tribunal is 5 years from the date
of entering the office or until he attains the age of 65 years, whichever is earlier.
Filling up of vacancies (Section 53)
If for any reason other than temporary absence, there is a vacancy in the Tribunal, then the
Central Government hires another person in accordance with the Act to fill the vacancy. Further,
the proceedings continue before the Tribunal from the stage at which the vacancy is filled.
Resignation and removal (Section 54)
The Presiding Officer can resign from his office after submitting a notice in writing to the
Central Govt, provided:
he holds office until the expiry of three months from the date the Central Government receives
such notice (unless the Government permits him to relinquish his office sooner), OR
he holds office till the appointment of a successor, OR
until the expiry of his office; whichever is earlier.
In case of proven misbehaviour or incapacity, the Central Government can pass an order to
remove the Presiding Officer of the Cyber Appellate Tribunal. However, this is only after the
Judge of the Supreme Court conducts an inquiry where the Presiding Officer is aware of
the charges against him and has a reasonable opportunity to defend himself.
The Central Government can regulate the procedure for the investigation of misbehaviour or
incapacity of the Presiding Officer.
Orders constituting Appellate Tribunal to be final and not to invalidate its
proceedings (Section 55)
According to this section, no order of the Central Government appointing any person as the
Presiding Officer of the Tribunal can be questioned in any manner. Further, no one can question
any proceeding before a Cyber Appellate Tribunal in any manner merely on the grounds of any
defect in the Constitution of the Tribunal.
Appeal to Cyber Appellate Tribunal (Section 57)
Subject to the provisions of sub-section (2), a person not satisfied with the Controller or
Adjudicating Officer’s order can appeal to the Cyber Appellate Tribunal having jurisdiction in
the matter.
No appeal shall lie to the Cyber Appellate Tribunal from an order made by an adjudicating with
the consent of the parties.
1. The person filing the appeal must do so within 25 days from the date of receipt of
the order from the Controller or Adjudicating Officer. Further, he must accompany
the appeal with the prescribed fees. However, if the Tribunal is satisfied with the
reasons behind the delay of filing the appeal, then it may entertain it even after
the expiry of 25 days.
2. On receiving an appeal under sub-section (1), the Tribunal gives an opportunity to
all the parties to the appeal to state their points, before passing the order.
3. The Cyber Appellate Tribunal sends a copy of every order made to all the parties
to the appeal and the concerned Controller or adjudicating officer.
4. The Tribunal tries to expeditiously deal with the appeals received under subsection (1). It also tries to dispose of the appeal finally within six months of
receiving it.
Procedure and powers of the Cyber Appellate Tribunal (Section 58)
1. The Code of Civil Procedure, 1908 does not bind the Cyber Appellate Tribunal.
However, the principles of natural justice guide it and it is subject to other
provisions of the Act. The Tribunal has powers to regulate its own procedure.
2. In order to discharge its functions efficiently, the Tribunal has the same powers as
vested in a Civil Court under the Code of Civil Procedure, 1908, while trying a suit
in the following matters:
a. Summoning and enforcing the attendance of any person and
examining him under oath
b. Ensuring the availability of the required documents or electronic
records
c. Receiving evidence on affidavits
d. Issuing commissions for examining witnesses or documents
e. Reviewing its decisions
f. Dismissing an application for default or deciding it ex-parte, etc.
3. Every proceeding before the Cyber Appellate Tribunal is like a judicial proceeding
within the meaning of sections 193 and 228 and for the purposes of section 196
of the Indian Penal Code. Further, the Tribunal is like a Civil Court for the purposes
of section 195 and Chapter XXVI of the Code of Criminal Procedure, 1973.
Right to Legal Representation (Section 59)
The appellant can either appear in person or authorize one or more legal practitioners to present
his case before the tribunal.
Limitation (Section 60)
The provisions of the Limitation Act, 1963, apply to the appeals made to the Tribunal.
Civil Court not to have jurisdiction (Section 61)
If the IT Act, 2000 empowers the adjudicating officer or the Cyber Appellate Tribunal for certain
matters, then no Civil Court can entertain any suit or proceedings for the same.
Further, no court can grant an injunction on any action that a person takes in pursuance of any
power that the Act confers upon him.
Appeal to High Court (Section 62)
If person is not satisfied with the decision or order of the Tribunal. he can file an appeal with the
High Court within 60 days of decision from the Tribunal.
Compounding of contraventions (Section 63)
1. The Controller authorizes may compound any contravention before or after the
institution of adjudication proceedings subject to the conditions specifies. No
second compounding before 3years. after 3 yrs. second compounding is possible.
Once compounded no proceeding possible.Penalty recovered as per revenue
recovery-sec 64
CYBER CRIME INVESTIGATION
CHILD
PORNOGRAPHY /
CHILD SEXUALLY
ABUSIVE
MATERIAL (CSAM)
CYBER BULLYING
CYBER CRIME
CSAM refers to content having an image of sexual in nature, of a child, abused or
sexually exploited. Section 67 (B) of the Information Technology Act states that
publishing/transmitting any material, in electronic form, portraying children in
sexually explicit acts, is a punishable cyber-crime.
A bullying or a form of harassment perpetrated through electronic media or
communication devices such as laptop, computer, mobile phone etc.
CYBER STALKING
• It is the use of electronic media by a person to track a person or tries to
communicate/ contact another person to impose personal interaction continually
despite the reluctance and disinterest by such person;
• To monitor the email, internet or any other form of electronic communication of
the other person and thereby committing an offence of stalking.
ONLINE JOB FRAUD
Wherein a person who is in need of a job is duped for money or defrauded by giving
him/her fake promises to employment with higher wages through electronic
communication.
ONLINE
SEXTORTION
When someone threatens to circulate or publish any sensitive/ private material/
images/ content using electronic medium if the other person rejects or denies
providing images, favours of sexual nature or money.
VISHING
Fraudsters try to obtain personal information like bank account password, customer
ID, ATM PIN, OTP, credit card CVV etc. over a phone call.
PHISHING
It is a type of fraud that involves stealing of personal information of a person such
as a bank’s customer ID, Credit Card/ Debit Card number, CVV number, etc. through
electronic channels that seem to be from a genuine source.
RANSOMWARE
• A computer malware that encrypts the storage media and files on electronic
devices like mobile phones, laptops, desktops, etc., by taking control over the data/
information as a hostage.
• The aggrieved are demanded ransom to get his information/ data decrypted or
else they are threatened to even sell the data/ information on the dark web.
WORMS, VIRUS &
TROJANS
CYBER-SQUATTING
• Virus is a program to enter one’s computer and damage and/or alter the files
and/or data and replicate it.
• Worms are malevolent programs that make multiple copies of themselves on the
local drive and network shares, etc.
• Trojan is a dangerous program. Unlike viruses, trojan horses do not replicate, but
are destructive. Trojan opens a backdoor entry to one’s computer which allows
malevolent users to access the system, allowing confidential and personal sensitive
information to be stolen.
It is an act of trafficking in, registering, or using a domain name to make undue profit
from the reputation of a trademark which belongs to somebody else.
CRYTO-JACKING
An unauthorized way to mint cryptocurrencies through the use of computer
resources.
ESPIONAGE
An act where the information & data is collected from the user without his/her
knowledge & permission.
Investigation of cyber-crimes
Power of investigation
The power to investigation comes under Sec78 of the IT Act, which says that “notwithstanding
anything contained in the Code of Criminal Procedure, 1973, a police officer not below the rank of
Inspector shall investigate any offence under this Act”. the Criminal Procedure Code, 1978 and
the Indian Penal Code, 1860, were also amended to introduce cyber-crime under their ambit.
Process of search & arrest
Any police officer, not below the rank of the Inspector or any other officer of the Central
Government or State Government authorized by the Central Government in this regard, may
enter any public place, search and arrest without warrant any person, who is reasonably
suspected of having committed or of committing or about to commit an offence under the IT Act.
any person who is arrested by an officer other than a police officer then such officer shall, without
any unreasonable delay, take or send the person arrested before a magistrate having jurisdiction
in the case or before the officer-in-charge of a police station.
The Government of India had launched the online cyber-crime reporting
portal, www.cybercrime.gov.in to lodge complaints.
The Central Government has launched a scheme of Indian Cyber Crime Coordination Centre
(I4C)] to handle the cybercrime
The said scheme has following seven components:
National Cybercrime Threat Analytics Unit (TAU),
National Cybercrime Forensic Laboratory (NCFL)
National Cybercrime Training Centre (NCTC)
Cybercrime Ecosystem Management
Platform for Joint Cybercrime Investigation Team
National Cybercrime Reporting Portal
National Cyber Research and Innovation Centre (NCR&IC)
The government is also planning to set up Regional Cyber Crime Coordination Centres at
respective States/UTs.
One can report a cyber-crime by:
 Filing a written complaint in nearest, any Cyber Cell
 Lodging an F.I.R (First Information Report)
 Filing a complaint at https://www.cybercrime.gov.in/Accept.aspx
After filing of a complaint / F.I.R., the process of investigation, is hereby given below in diagram
In case the response has not been appropriate then the complainant can write to State / UT Nodal
Officer and Grievance Officer, the details of which can be accessed here:
Recently, for Delhi only, a new feature “Citizen Financial Cyber Fraud Reporting and
Management System” has been activated for prevention of money loss in case of Cyber Financial
Fraud; for immediate reporting the complainant can Call 155260 (9 AM – 6 PM only) and further
details can be accessed from ‘Citizen Manual’ under “Resources Section”
at www.cybercrime.gov.in.
Prosecution for cyber-crimes
Some common cyber-crimes incidents which attract prosecution as per the applicable provisions
of the IT Act, are provided herein below:
It is created for provoking a religious group to act or pass obnoxious/ objectionable
Online hate remarks against a public figure or the country etc.
community
Applicable provisions:
Section 66A of IT Act + 153A & 153B of the Indian Penal Code (IPC)
If a person’s email account is hacked and offensive / indecent emails are sent to people
Email account
who are in person’s address book.
hacking
Applicable provisions: Sections 43, 66, 66A, 66C, 67, 67A and 67B of IT Act.
Web
defacement
The Website’s homepage is swapped with a defamatory or pornographic content/ page.
Applicable provisions: Sections 43 and 66 of IT Act and Sections 66F, 67 and 70 of IT Act
also apply in some cases.
Cyber
terrorism
The terrorists are using virtual & physical storage for hiding data & records of their illegal
business.
Applicable provisions: terrorism laws apply + Section 66F & 69 of IT Act.
Phishing and It involves acquiring sensitive information fraudulently by masquerading as a reliable &
email scams
legitimate entity.
Applicable provisions: Section 66, 66A and 66D of IT Act + Section 420 of IPC
Objec ves of IT Act 2000:
a. To give legal recogni on to any transac on which is done by electronic way, internet
b. To give legal recogni on to digital signature for accep ng any agreement via computer.
c. To provide facility of filling documents online
d. According to I.T. Act 2000, any company can store their data in electronic storage.
e. To stop computer crime and protect privacy of internet users.
f. To give more power to IPO, RBI and Indian Evidence act for restric ng electronic crime.
g. To give legal recogni on for keeping books of accounts in electronic form.
This act shall not apply to the following:
a. IT Act 2000 is not applicable on the a esta on for crea ng trust via electronic way. Physical
a esta on is must.
b. A contract of sale of any immovable property.
c. A esta on for giving power of a orney of property is not possible via electronic record.
Impact of IT Act:
contain many posi ve aspects.
a. provisions for the e-businesses are that email is now a valid and legal form of
communica on in our country that can be duly produced and approved in a court of law.
b. Companies are now able to carry out electronic commerce using the legal infrastructure
provided by the Act.
c. Digital signatures have been given legal validity and sanc on in the Act.
d. The Act opens the doors for the entry of corporate companies in the business of being
Cer fying Authori es for issuing Digital Signature Cer ficates.
e. The Act now allows Government to issue no fica on on the web thus heralding egovernance.
f. The Act enables the companies to file any form, applica on or any other document with any
office, authority, body or agency owned or controlled by the appropriate Government in
electronic form by means of such electronic form as may be prescribed by the appropriate
Government.
g. The IT Act also addresses the important issues of security, which are cri cal to the success
of electronic transac ons. The Act has given a legal defini on to the concept of secure digital
signatures security procedure, as s pulated by the Government Under the IT Act, 2000, it is
possible for corporate to have a statutory remedy in case if anyone breaks into their computer
systems or network and causes damages or copies data. The remedy provided by the Act is in
the form of monetary damages, not exceeding Rs. 1 crore.
IMPACT OF THE IT ACT ON OTHER LAWS
Parallel Provisions in the IPC and IT Act the Information Technology Act, 2000 ("IT
Act") and the Indian Penal Code, 1860 ("IPC") penalise a number of cyber-crimes and there
are many provisions in the IPC and the IT Act that overlap with each other. Many of the cybercrimes penalised by the IPC and the IT Act have the same ingredients and even nomenclature.
Here are a few examples:
Hacking and Data Theft: Sec 43 & 66 of the IT Act penalise a number of activities ranging from
hacking into a computer network, data theft, introducing and spreading viruses through
computer networks, damaging computers or computer networks or computer programmes,
disrupting any computer or computer system or computer network, denying an authorised
person access to a computer or computer network, damaging or destroying information
residing in a computer etc. The maximum punishment for the above offences is imprisonment
of up to 3 (three) years or a fine or Rs. 5,00,000 (Rupees five lac) or both.
Sec 378 of the IPC relating to "theft" of movable property will apply to the theft of any data,
online or otherwise, since sec22 of the IPC states that the words "movable property" are
intended to include corporeal property of every description, except land and things attached
to the earth or permanently fastened to anything which is attached to the earth. The
maximum punishment for theft under section 378 of the IPC is imprisonment of up to 3
(three) years or a fine or both.
It may be argued that the word "corporeal" which means 'physical' or 'material' would exclude
digital properties from the ambit of the aforesaid sec 378 of the IPC. The counter argument
would be that the drafters intended to cover properties of every description, except land and
things attached to the earth or permanently fastened to anything which is attached to the
earth.
Sec 424 of the IPC states that "whoever dishonestly or fraudulently conceals or removes any
property of himself or any other person, or dishonestly or fraudulently assists in the
concealment or removal thereof, or dishonestly releases any demand or claim to which he is
entitled, shall be punished with imprisonment of either description1 for a term which may
extend to 2 (two) years, or with fine, or with both." This aforementioned section will also
apply to data theft. The maximum punishment under section 424 is imprisonment of up to 2
(two) years or a fine or both.
Sec 425 of the IPC deals with mischief and states that "whoever with intent to cause, or
knowing that he is likely to cause, wrongful loss or damage to the public or to any person,
causes the destruction of any property, or any such change in any property or in the situation
thereof as destroys or diminishes its value or utility, or affects it injuriously, commits
mischief". Needless to say, damaging computer systems and even denying access to a
computer system will fall within the aforesaid section 425 of the IPC. The maximum
punishment for mischief as per section 426 of the IPC is imprisonment of up to 3 (three)
months or a fine or both.
Receipt of stolen property: Sec 66B of the IT Act prescribes punishment for dishonestly
receiving any stolen computer resource or communication device. This section requires that
the person receiving the stolen property ought to have done so dishonestly or should have
reason to believe that it was stolen property. The punishment for this offence under Sec66B
of the IT Act is imprisonment of up to 3 (three) years or a fine of up to Rs. 1,00,000 or both.
Sec 411 of the IPC too prescribes punishment for dishonestly receiving stolen property and is
worded in a manner that is almost identical to section 66B of the IT Act. The punishment
under section 411 of the IPC is imprisonment of either description for a term of up to 3 years,
or with fine, or with both. Please note that the only difference in the prescribed punishments
is that under the IPC, there is no maximum cap on the fine.
Identity theft and cheating by personation: Sec 66C of the IT Act prescribes punishment for
identity theft and provides that anyone who fraudulently or dishonestly makes use of the
electronic signature, password or any other unique identification feature of any other person
shall be punished with imprisonment of either description for a term which may extend to 3
years and shall also be liable to fine which may extend to Rs. One lac.
Sec 66D of the IT Act prescribes punishment for 'cheating by personation by using computer
resource' and provides that any person who by means of any communication device or
computer resource cheats by personation, shall be punished with imprisonment of either
description for a term which may extend to 3 years and shall also be liable to fine which may
extend to Rs. 1,00,000
Sec 419 of the IPC also prescribes punishment for 'cheating by personation' for a term which
may extend to 3 years or with a fine or with both.
The provisions of sec 463, 465 & 468 of the IPC dealing with forgery and "forgery for the
purpose of cheating", may also be applicable in a case of identity theft. Sec 468 of the IPC
prescribes punishment for forgery for the purpose of cheating and provides a punishment of
imprisonment may extend to 7 years and also a fine.
The only difference between the punishments prescribed under sections 66C and 66D of the
IT Act and section 419 of the IPC is that there is no maximum cap on the fine prescribed under
the IPC. However, the punishment under section 468 is much higher in that the imprisonment
mat extend to 7 years. Further, whilst the IT Act contemplates both the imposition of a fine
and imprisonment, the IPC uses the word 'or' indicating that the offence could be punished
with imprisonment or by imposing a fine. Most importantly, the fundamental distinction
between the IPC and the IT Act in relation to the offence of identity theft is that the latter
requires the offence to be committed with the help of a computer resource.
Obscenity: Sec 67, 67A & 67B of the IT Act prescribe punishment for publishing or
transmitting, in electronic form: (i) obscene material; (ii) material containing sexually explicit
act, etc.; and (iii) material depicting children in sexually explicit act, etc. respectively. The
punishment prescribed for an offence under section 67 of the IT Act is, on the first conviction,
imprisonment may extend to 3 years with fine which may extend to Rs. 5,00,000 and in the
event of a second or subsequent conviction, may extend to 5 years, to be accompanied by a
fine which may extend to Rs. 10,00,000. The punishment prescribed for offences under
sections 67A & 67B of the IT Act is on first conviction, imprisonment may extend to 5 years,
with fine which may extend to Rs. 10,00,000 and in the event of second or subsequent
conviction, imprisonment may extend to 7 years with fine which may extend to Rs. 10,00,000
The provisions of sections 292 and 294 of the IPC would also be applicable for offences of the
nature described under sections 67, 67A and 67B of the IT Act. Section 292 of the IPC provides
that any person who, inter alia, sells, distributes, publicly exhibits or in any manner puts into
circulation or has in his possession any obscene material or any other obscene object
whatsoever shall be punishable on a first conviction with imprisonment may extend to 2
years, with fine extend to Rs. 2,000 and, in the event of a second or subsequent conviction,
with imprisonment may extend to 5 years, with fine may extend to Rs. 5,000
Section 294 of the IPC provides that any person who, to the annoyance of others, does any
obscene act in any public place, shall be punished with imprisonment may extend to 3
months, or with fine, or with both.
Cyber-crimes not provided for in the IPC
The following cyber-crimes penalised by the IT Act do not have an equivalent in the IPC.
Section 43(h) of the IT Act: Section 43(h) read with section 66 of the IT Act penalises an
individual who charges the services availed of by a person to the account of another person
by tampering with or manipulating any computer, computer system, or computer network. A
person who tampers with the computer system of an electricity supplier and causes his
neighbour to pay for his electricity consumption would fall under the aforesaid section 43(h)
of the IT Act for which there is no equivalent provision in the IPC.
Section 65 of the IT Act: Section 65 of the IT Act prescribes punishment for tampering with
computer source documents and provides that any person who knowingly or intentionally
conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy,
or alter any computer source code (i.e. a listing of programmes, computer commands, design
and layout and programme analysis of computer resource in any form) used for a computer,
computer programme, computer system or computer network, when the computer source
code is required to be kept or maintained by law for the time being in force, shall be
punishable with imprisonment for up to 3 years or with a fine which may extend to Rs.
3,00,000 or with both.
To a certain extent, section 409 of the IPC overlaps with section 65 of the IT Act. Section 409
of the IPC provides that any person who is in any manner entrusted with property, or with
any dominion over property in his capacity as a public servant or in the way of his business as
a banker, merchant, factor, broker, attorney or agent, commits criminal breach of trust in
respect of that property, shall be punished with imprisonment for life or with imprisonment
of either description for a term which may extend to 10 years, and shall also be liable to a
fine. However, section 65 of the IT Act does not require that the person who tampers with or
damages or destroys computer source documents should have been entrusted with such
source code. Under section 409 of the IPC, criminal breach of trust should have been
committed by someone to whom the property was entrusted.
Violation of privacy: Sec 66E of the IT Act prescribes punishment for violation of privacy and
provides that any person who intentionally or knowingly captures, publishes or transmits the
image of a private area of any person without his or her consent, under circumstances
violating the privacy of that person, shall be punished with imprisonment which may extend
to 3 years or with fine not exceeding Rs. 2,00,000 or with both.
There is no provision in the IPC that mirrors Section 66E of the IT Act, though sections 292
and 509 of the IPC do cover this offence partially.
Section 292 of the IPC has been discussed above. Section 509 of the IPC provides that if any
person intending to insult the modesty of any woman, utters any word, makes any sound or
gesture, or exhibits any object, intending that such word or sound shall be heard, or that such
gesture or object shall be seen, by such woman, or intrudes upon the privacy of such woman,
such person shall be punished with simple imprisonment for a term which may extend to 1
(one) year, or with fine, or with both. Unlike section 66E of the IT Act which applies to victims
of both genders, section 509 of the IPC applies only if the victim is a woman.
Section 67C of the IT Act: Section 67C of the IT Act requires an 'intermediary' to preserve and
retain such information as may be specified for such duration and in such manner and format
as the Central Government may prescribe. The section further provides that any intermediary
who intentionally or knowingly contravenes this requirement shall be punished with
imprisonment for a term may extend to 3 years and with fine. An 'intermediary' with respect
to any particular electronic record, has been defined in the IT Act to mean any person who on
behalf of another person receives, stores or transmits that record or provides any service with
respect to that record and includes telecom service providers, network service providers,
internet service providers, web-hosting service providers, search engines, online payment
sites, online-auction sites, online-market places and cyber cafes. There is no corresponding
provision in the IPC.
Cyber terrorism: Sec 66F of the IT Act prescribes punishment for cyber terrorism. Whoever,
with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror
in the people or any section of the people, denies or causes the denial of access to any person
authorized to access a computer resource, or attempts to penetrate or access a computer
resource without authorisation or exceeding authorised access, or introduces or causes the
introduction of any computer contaminant, and by means of such conduct causes or is likely
to cause death or injuries to persons or damage to or destruction of property or disrupts or
knowing that it is likely to cause damage or disruption of supplies or services essential to the
life of the community or adversely affect critical information infrastructure, is guilty of 'cyber
terrorism'. Whoever knowingly or intentionally penetrates or accesses a computer resource
without authorisation or exceeding authorised access, and by means of such conduct obtains
access to information, data or computer database that is restricted for reasons for the
security of the State or foreign relations, or any restricted information, data or computer
database, with reasons to believe that such information, data or computer database so
obtained may be used to cause or likely to cause injury to the interests of the sovereignty and
integrity of India, the security of the State, friendly relations with foreign States, public order,
decency or morality, or in relation to contempt of court, defamation or incitement to an
offence, or to the advantage of any foreign nation, group of individuals or otherwise, is also
guilty of 'cyber terrorism’. Whoever commits or conspires to commit cyber terrorism shall be
punishable with imprisonment which may extend to imprisonment for life.
There is no provision in the IPC that mirrors section 66F of the IT Act, though section 121 of
the IPC (waging, or attempting to wage war, or abetting waging of war, against the
Government of India) does cover this offence partially.
Compoundable, Cognizable and Bailable offences.
Section 77A of the IT Act provides that, subject to certain exceptions, all offences under the
IT Act for which the punishment is imprisonment for a term of 3 years or less, are
compoundable. The provisions of sections 265B and 265C of Cr.P.C 1973 ("CrPC") shall apply
with respect to such compounding.
Section 77B of the IT Act provides that notwithstanding anything contained in the CrPC, all
offences punishable with imprisonment of 3 years and above under the IT Act shall be
cognizable and all offences punishable with imprisonment of 3 years or less shall be bailable.
Most of the cyber-crimes covered under the IT Act are punishable with imprisonment of 3
years or less. The cyber-crimes which are punishable with imprisonment of more than 3 years
are:
a. publishing or transmitting obscene material in electronic form under section 67 of the
IT Act;
b. publishing or transmitting of material containing sexually explicit act, etc., in electronic
form under section 67A of the IT Act;
c. publishing or transmitting of material depicting children in sexually explicit act, etc.,
in electronic form under section 67B of the IT Act; and
d. cyber terrorism under section 66F of the IT Act.
All of the cyber-crimes under the IPC are bailable other than offences under section 420
(cheating and dishonestly inducing delivery of property), section 468 (forgery for the purpose
of cheating), section 411 (dishonestly receiving stolen property), section 378 (theft) and
section 409 (criminal breach of trust by public servant, or by banker, merchant or agent),
which are non-bailable.
Non-Compoundable
Offences under sections 463 and 465 (forgery), sections 425 and 426 (mischief), section 468
(forgery for the purpose of cheating), section 469 (forgery for the purpose of harming
reputation) and section 292 (sale, etc., of obscene books, etc.) of the IPC are noncompoundable offences
Compoundable
offences under sections 378 and 379 (theft), 420 (cheating and dishonestly inducing delivery
of property), sections 425 and 426 (mischief when the only loss or damage caused is loss or
damage to a private person), section 509 (word, gesture or act intended to insult the modesty
of a woman), section 411 (Dishonestly receiving stolen property) and section 419
(Punishment for cheating by personation) of the IPC are compoundable offences. Of these,
offences under sections 420 and 509 can be compounded only with the permission of the
court.
Non -cognizable
cyber-crimes under the IPC sections 425 and 426 (mischief) and sections 463 and 465 (forgery)
which are non-cognizable.
Conflict between the IPC and the IT Act: Case Law
In the case of Sharat Babu Digumarti v. Government of NCT of Delhi3, the conflict between
provisions of the IPC and the IT Act came to the fore. In this case, on November 27, 2004, an
obscene video had been listed for sale on baazee.com ("Bazee"). The listing was intentionally
made under the category 'Books and Magazines' and sub-category 'eBooks' in order to avoid
its detection by the filters installed by Baazee. A few copies were sold before the listing was
deactivated. Later Delhi police's crime branch charge-sheeted Avinash Bajaj, Bazee's
managing director and Sharat Digumarti, Bazee's manager. The company Bazee was not
arraigned as an accused and this helped Avinash Bajaj get off the hook since it was held that,
vicarious liability could not be fastened on Avinash Bajaj under either section 292 of the IPC
or section 67 of the IT Act when Avinash's employer Bazee itself was not an accused. Later
changes under section 67 of the IT Act and section 294 of IPC against Sharat Digumarti were
also dropped, but the charges under section 292 of the IPC were retained. The Supreme Court
then considered if, after the charges under section 67 of the IT Act was dropped, a charge
under section 292 of the IPC could be sustained. The Supreme Court quashed the proceedings
against Sarat Digumarti and ruled that if an offence involves an electronic record, the IT Act
alone would apply since such was the legislative intent. It is a settled principle of
interpretation that special laws would prevail over general laws and latter laws would prevail
over prior legislation. Further, section 81 of the IT Act states that the provisions of the IT Act
shall have effect notwithstanding anything inconsistent therewith contained in any other law
for the time being in force.
In Gagan Harsh Sharma v. The State of Maharashtra certain individuals were accused of theft
of data and software from their employer and charged under sections 408 and 420 of the IPC
and also under sections 43, 65 and 66 of the IT Act. All of these sections, other than section
408 of the IPC, have been discussed above. Section 408 of the IPC deals with criminal breach
of trust by clerk or servant and states that "whoever, being a clerk or servant or employed as
a clerk or servant, and being in any manner entrusted in such capacity with property, or with
any dominion over property, commits criminal breach of trust in respect of that property,
shall be punished with imprisonment of either description for a term which may extend to
seven years, and shall also be liable to fine".
Offences under sections 408 and 420 of the IPC are non-bailable and cannot be compounded
other than with the permission of the court. Offences under sections 43, 65 and 66 of the IT
Act are bailable and compoundable. Therefore, the petitioners pleaded that the charges
against them under the IPC be dropped and the charges against them under the IT Act be
investigated and pursued. It was further argued that if the Supreme Court's ruling in Sharat
Babu Digumarti were to be followed, the petitioners could only be charged under the IT Act
and not under the IPC, for offences arising out of the same actions.
The Bombay High Court upheld the contentions of the petitioners and ruled that the charges
against them under the IPC be dropped.
A Suitable Home for Cyber Offences
We currently have a situation where a number of offences are penalised by both the IPC and
the IT Act, even though the ingredients of both offences are the same. There are subtle
differences in punishments under these statutes, especially in aspects like whether the
offence is bailable or compoundable or cognizable. An offence such as obscenity may take
place through different types of media, both online or offline. However, it could result in
unfairness if 2 different statutes apply to the same offence on the basis of the media used.
Theft is theft, irrespective of whether the stolen property is digital or physical. Obscenity
transmitted by internet should be treated at par with obscenity which is transmitted offline.
IPC's treatment of stalking
The legislature's treatment of the offence of "stalking", accomplished through the insertion
of new section 354D in the IPC through the Criminal Law (Amendment) Act, 20135, is a case
in point. Section 354D penalises the offence of "stalking" whether it has a cyber component
or not. If a man follows a woman and contacts, or attempts to contact, such woman to foster
personal interaction repeatedly despite a clear indication of disinterest by such woman, it
amounts to stalking. If a man monitors the use by a woman of the internet, email or any other
form of electronic communication, it will also result in the offence of stalking. There are a few
exemptions to this offence of stalking, and all the defences apply irrespective of whether the
stalking is cyber stalking or not. The punishment prescribed for stalking by Section 354D of
the IPC does not discriminate on the basis of the presence or absence of the "cyber"
component.
Amendments to the IPC to cover cyber-crimes
The Indian legislature has made amendments to the IPC, to cover cyber-crimes. as follows:
a. a new sec 29A was created to define "electronic record" by linking it with the
definition given in the IT Act
b. a new sub-sec (3) was inserted in sec 4 of the IPC (relating to the extension of the IPC
to extra territorial offences) that states that the provisions of the IPC shall be
applicable to any person in any place "without and beyond India", committing an
offence targeting a computer resource located in India.
c. in sec118 & 119 of the IPC (that deal with the concealment of a design to commit an
offence punishable with death or imprisonment for life and a public servant
concealing a design to commit an offence which it is his duty to prevent, respectively),
the words "voluntarily conceals by any act or omission or by the use of encryption or
any other information hiding tool, the existence of a design" were inserted before the
words "to commit such offence or makes any representation which he knows to be
false respecting such design
d. sec 464 of the IPC (which penalises the making of a false document), the phrase
"digital signature" was replaced with the phrase "electronic signature" in all places.
The section was also amended to include the making of false electronic records and
affixing electronic signatures under its ambit and the phrase "affixing electronic
signature" was given the same meaning as it has under the IT Act.
e. "Electronic record" was included within the ambit of sections 164, 172, 173, 175,
192, 204, 463, 466, 468, 469, 470, 471, 474 and 476 of the IPC that earlier only
provided for documents, books, paper, writing or records, as the case may be;
f. in sec 466 of the IPC (which deals with forgery of court records or of public registers),
the term "register" was defined to include any list, data or record of any entries
maintained in an "electronic form", as defined in section 2(1) (r) of the IT Act and
g. a new sec 354D was inserted in the IPC that introduces the offence of cyber stalking,
which has been discussed above.
E-COMMERCE
E-Commerce or Electronic Commerce means buying and selling of goods, products, or services
over the internet. E-commerce is also known as electronic commerce or internet commerce.
These services provided online over the internet network. Transaction of money, funds, and data
are also considered as E-commerce. The standard definition of E-commerce is a commercial
transaction which is happened over the internet. Ex Online stores like Amazon, Flipkart, Myntra,
eBay, Quikr,.
Types of E-Commerce Models
Electronic commerce can be classified into four main categories. The basis for this simple
classification is the parties that are involved in the transactions.
1. Business to Business
This is Business to Business transactions. Here the companies are doing business with each other.
The final consumer is not involved. So, the online transactions only involve the manufacturers,
wholesalers, retailers etc.
2. Business to Consumer
Business to Consumer. Here the company will sell their goods and/or services directly to the
consumer. The consumer can browse their websites and look at products, pictures, read reviews.
Then they place their order and the company ships the goods directly to them. Popular examples
are Amazon, Flipkart.
3. Consumer to Consumer
Consumer to consumer, where the consumers are in direct contact with each other. No company
is involved. It helps people sell their personal goods and assets directly to an interested party.
Usually, goods traded are cars, bikes, electronics etc. OLX, Quikr etc follow this model.
4. Consumer to Business
This is the reverse of B2C, it is a consumer to business. So the consumer provides a good or some
service to the company. Say for example an IT freelance who demos and sells his software to a
company. This would be a C2B transaction.
Advantages of E-Commerce
 E-commerce provides the sellers with a global reach. Now sellers and buyers can
meet in the virtual world, without the hindrance of location.
 It eliminates many fixed costs of maintaining brick and mortar shops. This allows
the companies to enjoy a much higher margin of profit.
 It provides quick delivery of goods with very little effort on part of the
customer. Customer complaints are also addressed quickly. It also saves time,
energy and effort for both the consumers and the company.
 One other great advantage is the convenience it offers. A customer can shop 24×7.
The website is functional at all times, it does not have working hours like a shop.
 Electronic commerce also allows the customer and the business to be in touch
directly, without any intermediaries.






Disadvantages of E-Commerce
The start-up costs of the e-commerce portal are very high. The setup of the
hardware and the software, the training cost of employees, the constant
maintenance and upkeep are all quite expensive.
Although it may seem like a sure thing, the e-commerce industry has a high risk of
failure. Many companies riding the dot-com wave of the 2000s have failed
miserably. The high risk of failure remains even today.
At times, e-commerce can feel impersonal. So it lacks the warmth of an
interpersonal relationship which is important for many brands and products. This
lack of a personal touch can be a disadvantage for many types of services and
products like interior designing or the jewellery business.
Security is another area of concern. Only recently, we have witnessed many
security breaches where the information of the customers was stolen. Credit card
theft, identity theft etc. remain big concerns with the customers.
Then there are also fulfilment problems. Even after the order is placed there can
be problems with shipping, delivery, mix-ups etc. This leaves the customers
unhappy and dissatisfied.
UNCITRAL MODEL




UNCITRAL (United Nations Commission on International Trade Law) has prepared a suite
of legislative texts to enable and facilitate the use of electronic means to engage in
commercial activities, which have been adopted in over 100 States. The most widely
enacted text is the UNCITRAL Model Law on Electronic Commerce (1996), which
establishes rules for the equal treatment of electronic and paper-based information, as
well as the legal recognition of electronic transactions and processes, based on the
fundamental principles of non-discrimination against the use of electronic means,
functional equivalence and technology neutrality. The UNCITRAL Model Law on Electronic
Signatures (2001) provides additional rules on the use of electronic signatures.
The United Nations Convention on the Use of Electronic Communications in
International Contracts (New York, 2005) builds on pre-existing UNCITRAL texts to offer
the first treaty that provides legal certainty for electronic contracting in international trade.
Most recently, the UNCITRAL Model Law on Electronic Transferable Records (2017) applies
the same principles to enable and facilitate the use in electronic form of transferable
documents and instruments, such as bills of lading, bills of exchange, cheques, promissory
notes and warehouse receipts.
In 2019, UNCITRAL approved the publication of Notes on the Main Issues of Cloud
Computing Contracts, while continuing work towards a new instrument on the use and
cross border recognition of electronic identity management services (IdM services) and
authentication services (trust services).
UNCITRAL continues its efforts to legally enable emerging technologies such as artificial
intelligence, data transactions, digital platforms and digital assets, including in connection
with other areas of work such as dispute resolution, security interests, insolvency and the
international transport of goods, as well as, more generally, digital trade.
LEGAL ASPECTS AND COMPLIENCES FOR E-COMMERCE IN INDIA
A shi has been observed from producer-oriented markets to customer-oriented ones. Thus
evolves the E-commerce industry which has successfully catered to consumers’ needs and has
eased and supplied the consumers with what they require i.e., innumerable op ons, easy
return, delivery at the doorstep and such other services as per their comfort.
The law considers all businesses, whether online and/ or offline as equal. The main challenges
to overcome in the E-commerce industry are unfamiliarity with digital systems and a diverse
array of languages, to begin with. These factors demand the introduc on of an appropriate
omnichannel strategy. By combining this with a robust offline-to-online model, knowledge
about the E-commerce website’s legal requirements assisted sales and product cura on, the
E-commerce market can expect a smooth integra on into the wider E-commerce ecosystem.
The main reasons for India’s underperformance are market inefficiencies and
underdevelopment and the lack of knowledge of the people about the benefits of Ecommerce business in India.
Legal Requirements of E-commerce business in India
The legal obliga ons to start an E-commerce business in India are as follows:
1. Company or LLP Registra on
Every business is required to get registered with the Ministry of Corporate Affairs under the
applicable laws. Such a business shall either be incorporated under the (Indian) Companies
Act, 2013 or a foreign company or an office, branch or an agency outside India and necessarily
be owned or controlled by an Indian resident,the bank account is opened in the name of the
company/ LLP which in return shall make the process of GST registra on
E-commerce website, as a Company it is the most suitable op on as it is the only type of en ty
that have the access to angel funding or equity funding, which acts as a precondi on to run a
successful E-commerce business.
2. GST Registra on
GST registra on is mandatory under the Central Goods & Service Tax (CGST) Act.
3. Bank Account
bank account is cumpolsary.
4. Payment Gateway
A payment gateway is mandatory for a proprietary E-commerce website to process the
payments. one payment gateway is sufficient to accept various forms of online payments.
once the payment is received by the customer by the website, such payment is sent to that
respec ve business’s bank account through the payment gateway.
5. Legal Documents
If any business operates through online marketplaces, then the marketplace provides the
seller with a legal document or sellers’ agreement and the seller must abide by the sellers’
agreement. It is important for any business to go through the sellers’ agreement(s) in detail
before the execu on as it is the legal binding agreement between the seller and the
marketplace.
Other requirements
There are a few addi onal requirements such as cyber law due diligence, compliance under
the Compe on Laws of India and the laws related to data protec on and appointment of a
Nodal Officer
Compliances for E-commerce business in India
1. Foreign Direct Investment
Foreign Direct Investment means the investment made by the foreign en es in the
companies situated in India. The same can be done either by opening a subsidiary or associate
in a foreign country, acquiring a controlling interest in an exis ng foreign company, or by
means of a merger or joint venture with a foreign company. In India, the Ministry of Commerce
and Industry, The Department of Industrial Policy and Promo on, Government of India form
policy pronouncements on FDI. There are two ways to invest in India through FDI:
‘Approval route’ in which the prior permission of the central government is required before
doing any foreign investment in India under a par cular sector.
‘Automated route’ in which no prior permission is required and foreign en es can directly
invest in Indian businesses under a par cular sector.
The FDI policy allows Foreign Direct Investment to the extent of 100% in the marketplace
model of E-commerce by the way of the Automa c Route.
2. IT Act, 2000
The IT Act, 2000 is the primary regulator for E-commerce sellers conduct business in the same
manner as the physical sellers with the only dis nc on of non-availability of the physical body
in order to sell things. Through E-commerce, the vendors are required to generate bills, file
returns, pay taxes, prepare ledgers and maintain records. They must perform all the same on
the online pla orm.
The IT Act, 2000 is based on United Na ons Commission on Interna onal Trade Law
(UNCITRAL) and acts as a developing E-commerce enabling legisla on in India. The salient
features of the Act for e commerce are.
E-contracts Transac on Security
Digital signature
3. Payment and Se lements Systems Act, 2007
As per the Payment and Se lements Systems Act, the E-commerce business shall succeed as
a payment system if it follows the Rules specified by RBI for online transac ons and payments.
It is compulsory for an intermediary that is receiving payments through digital modes to have
an ac ve Nodal Account for se ling the payments of the sellers on its E-commerce pla orm.
4. Consumer Protec on Act, 2019
The E-commerce is monitored by the Consumer Protec on Act the Ministry of Consumer
Affairs, Food and Public Distribu on on May 17, 2021, has no fied the Consumer Protec on
(E-Commerce) Rules, 2021.
DIGITAL SIGNATURES
A digital signature is a cryptographic technique used to validate the authen city and integrity
of digital documents or messages. It provides a way to verify that a document or message has
not been tampered with and that it originated from the claimed sender.
Here's how digital signatures work:
Genera ng a Key Pair: To create a digital signature, the sender first generates a key pair
consis ng of a private key and a corresponding public key. The private key is kept secret and
known only to the sender, while the public key is shared with others.
Signing the Document: The sender uses their private key to perform a mathema cal opera on
on the document or message they want to sign. This opera on creates a unique digital
signature that is specific to both the document and the sender's private key.
Verifica on: To verify the digital signature, the recipient uses the sender's public key. They
apply the same mathema cal opera on to the received document using the public key. If the
generated signature matches the received signature, it means the document has not been
altered during transmission and was indeed signed by the claimed sender.
Authen ca on and Integrity: Digital signatures provide authen ca on and integrity. The
recipient can be confident that the document originated from the sender and has not been
modified since it was signed. If any changes are made to the document a er it has been
signed, the digital signature verifica on will fail.
Trust and Cer fica on Authori es: In some cases, digital signatures are issued and verified
by trusted third-party organiza ons known as Cer fica on Authori es (CAs). These CAs vouch
for the authen city of the key pairs by digitally signing the public keys of individuals or
organiza ons. This creates a chain of trust, where the CA's digital signature on the public key
ensures its validity.
Applica ons of digital signatures
Signing and verifying contracts, agreements, and legal documents.
Securing electronic transac ons and financial transac ons.
Authen ca ng emails and ensuring their integrity.
Protec ng so ware and code integrity through code signing.
digital signatures are legally recognized in many countries, including India, under the
Informa on Technology Act, 2000, and can be used as evidence in courts.
E-COMMERCE- TECHNICAL AND LEGAL ISSUES
Here are some key technical and legal issues related to e-commerce:
Technical Issues:
Website Development and Design: Crea ng a user-friendly and secure e-commerce website is
crucial. It involves designing an intui ve interface, ensuring seamless naviga on, and
providing secure payment gateways.
Data Security: E-commerce pla orms handle sensi ve customer informa on, such as
personal data and payment details. Protec ng this data from unauthorized access, hacking,
and data breaches is essen al. Implemen ng robust security measures like encryp on, secure
sockets layer (SSL) cer ficates, and regular vulnerability assessments is crucial.
Payment Processing: E-commerce pla orms must integrate secure payment gateways that
offer mul ple payment op ons. Ensuring proper encryp on, fraud detec on mechanisms,
and compliance with Payment Card Industry Data Security Standard (PCI DSS) are vital.
Scalability and Performance: As the number of users and transac ons increases, e-commerce
pla orms must scale up to handle the load efficiently. Ensuring high performance, availability,
and responsiveness of the website is important to provide a seamless user experience.
Mobile Op miza on: With the growing use of mobile devices for online shopping, op mizing
e-commerce websites for mobile pla orms is crucial. Responsive design, mobile-friendly
interfaces, and smooth mobile checkout processes are essen al for capturing mobile
customers.
Legal Issues:
Consumer Protec on: E-commerce pla orms must comply with consumer protec on laws,
including clear product descrip ons, accurate pricing, fair return policies, and transparent
terms and condi ons. Adequate customer support and dispute resolu on mechanisms are
necessary to address consumer concerns.
Intellectual Property Rights (IPR) Protec ng intellectual property is cri cal in e-commerce.
Businesses must ensure that their website content, product images, trademarks, and
copyrighted materials are not infringed upon by others. e-commerce pla orms should have
policies in place to address copyright and trademark infringement claims by third par es.
Privacy and Data Protec on: E-commerce pla orms collect and process customer data,
requiring compliance with data protec on laws and regula ons. implement data protec on
policies, and securely handle customer data to protect privacy rights.
Cybersecurity and Fraud Preven on: E-commerce pla orms are vulnerable to cyber threats
and fraud a empts. Implemen ng robust cybersecurity measures, educa ng customers about
online risks, and establishing fraud detec on and preven on mechanisms are essen al.
Jurisdic on and Governing Laws: Determining the applicable jurisdic on and governing laws
for e-commerce transac ons can be challenging, especially in cross-border transac ons.
Businesses must navigate interna onal laws, taxa on regula ons, and dispute resolu on
mechanisms to ensure compliance.
Contractual Agreements: E-commerce transac ons involve the forma on of online contracts.
Ensuring the enforceability of these contracts, including the use of clear terms and condi ons
and obtaining user consent, is vital.
E-COMMERCE TRENDS AND PROSPECTS
Mobile Commerce (m-commerce):. E-commerce pla orms are op mizing their websites and
developing dedicated mobile apps to provide seamless shopping experiences.
Omnichannel Retailing: E-commerce is no longer limited to online-only experiences.
Omnichannel retailing integrates online and offline channels to provide a seamless shopping
experience across various touchpoints. This includes op ons like in-store pickups, click-andcollect, and the integra on of online and offline inventory management.
Personaliza on and Ar ficial Intelligence (AI): E-commerce pla orms are leveraging AI and
machine learning to offer personalized shopping experiences. AI algorithms analyse customer
data to recommend products, personalize marke ng messages, and provide targeted offers.
Chatbots and virtual assistants are also being used to enhance customer support.
Voice Commerce: Voice assistants like Amazon's Alexa, Google Assistant, and Apple's Siri are
increasingly being used for voice-based shopping. Users can search for products, place orders,
and make payments using voice commands. Voice commerce is expected to grow as voice
recogni on technology improves and becomes more widely adopted.
Social Commerce: Social media pla orms are becoming significant channels for e-commerce.
Social commerce allows users to discover and purchase products directly through social media
pla orms, elimina ng the need to visit external websites. Social media pla orms are
integra ng shopping features, including product tagging and in-app checkout op ons.
Sustainability and Ethical Shopping: Consumers are increasingly conscious about
sustainability and ethical prac ces. They seek out e-commerce pla orms that offer ecofriendly products, fair trade op ons, and promote social responsibility. E-commerce
businesses are adop ng sustainable prac ces, implemen ng eco-friendly packaging, and
providing transparency in their supply chains.
Cross-border E-commerce: The growth of cross-border e-commerce allows businesses to
reach customers beyond their domes c markets. Improved logis cs and payment gateways,
coupled with rising consumer demand for interna onal products, have fueled the growth of
cross-border e-commerce. This trend presents significant opportuni es for businesses to
expand globally.
Augmented Reality (AR) and Virtual Reality (VR): AR and VR technologies are being u lized
to enhance the online shopping experience. Customers can visualize products virtually, try on
clothing or accessories, and experience immersive virtual shopping environments. AR and VR
technologies have the poten al to bridge the gap between physical and online shopping.
Same-day and Last-mile Delivery: E-commerce companies are focusing on improving the
speed and efficiency of delivery. Same-day delivery and last-mile delivery solu ons are being
implemented to meet customer expecta ons for quick order fulfillment. Delivery op ons like
drones and autonomous vehicles are also being explored.
E-taxa on, e-banking, online publishing, and online credit card payments are all key aspects
of the digital economy and have transformed the way we conduct financial transac ons and
engage in various online ac vi es. Here's an overview of each of these areas:
E-taxa on: E-taxa on refers to the electronic filing and payment of taxes payments, and
refunds electronically. E-taxa on offers convenience, efficiency, and reduces paperwork.
E-banking: E-banking, also known as online banking or internet banking, allows customers to
perform various banking transac ons and services through electronic channels, such as
websites or mobile apps
Online Publishing: Online publishing refers to the distribu on and dissemina on of wri en
content, such as ar cles, news, books, and magazines, through digital pla orms. enabling
authors, journalists, bloggers, and publishers to reach a wider audience. allows for real- me
updates, interac ve content, mul media integra on, and personalized reading experiences.
It has also given rise to self-publishing pla orms, e-books, and digital subscrip ons.
Online Credit Card Payment: Online credit card payment enables consumers to make
purchases and payments electronically using credit or debit cards on e-commerce websites,
mobile apps, or other online pla orms. Online credit card payment systems u lize encryp on
and secure payment gateways to ensure the confiden ality of card informa on and protect
against fraud. Online credit card payments have become an integral part of e-commerce,
enabling seamless transac ons and facilita ng global business.
ELECTRONIC EMPLOYMENT CONTRACTS
Electronic employment contracts, also known as e-contracts or digital contracts, are legally
binding agreements between employers and employees that are created, signed, and stored
electronically... some key points regarding electronic employment contracts:
Legality and Validity electronic contracts are legally recognized and considered valid, provided
certain criteria are met. These criteria typically include consent, inten on to create legal
rela ons, and mee ng the requirements of applicable electronic signature laws or regula ons.
Electronic Signatures: Electronic employment contracts require the use of electronic
signatures, electronic signatures can be in the form digital cer ficates, or other secure
authen ca on methods.
Data Protec on and Privacy: When using electronic employment contracts, it is crucial to
consider data protec on and privacy laws. Employers must ensure that personal data
collected during the contract crea on and signing process is handled in compliance with
applicable data protec on regula ons. This includes obtaining appropriate consent,
implemen ng security measures to protect data, and clearly communica ng data handling
prac ces to employees.
Accessibility and Reten on: Electronic employment contracts offer advantages in terms of
accessibility and reten on. They can be accessed and signed remotely, elimina ng the need
for physical presence. Digital storage enables easy retrieval, tracking, and management of
contracts.
Consent and Acceptance: Electronic employment contracts require explicit consent and
acceptance from both par es. Employees should have the opportunity to review the terms
and condi ons of the contract Employers should maintain clear records of the en re process,
including the offer, acceptance, and any subsequent changes or amendments made to the
contract.
Employee Rights and Protec ons: It is essen al to ensure that electronic employment
contracts do not undermine the rights and protec ons afforded to employees under labour
laws or employment regula ons. Contract terms must comply with statutory requirements,
and employees should have a clear understanding of their rights, obliga ons, and any
limita ons imposed by the electronic format of the contract.
Electronic Contractor Agreements:
Electronic contractor agreements are legally binding contracts between a company or
individual (the client) and an independent contractor.
Sales, Re-Seller, and Distributor Agreements:
Sales, re-seller, and distributor agreements are contracts that establish the rela onship
between a company (the supplier or manufacturer) and another party (the re-seller or
distributor) for the sale and distribu on of products or services. These agreements outline the
rights and obliga ons of both par es, including pricing, product specifica ons, territory
restric ons, marke ng responsibili es, intellectual property rights, termina on clauses, and
dispute resolu on mechanisms. Electronic versions of these agreements can be used to
facilitate and streamline the sales and distribu on process.
Non-Disclosure Agreements (NDAs):
Non-disclosure agreements, also known as confiden ality agreements, are legal contracts that
protect sensi ve and confiden al informa on shared between par es. NDAs prevent the
unauthorized disclosure or use of confiden al informa on and typically include provisions
related to the defini on of confiden al informa on, the obliga ons of the par es to maintain
confiden ality, the dura on of the agreement, and any excep ons or limita ons to the
obliga ons. NDAs can be created and signed electronically, ensuring the protec on of
confiden al informa on in digital communica ons and transac ons.
Shrink Wrap Contracts:
Shrink wrap contracts are license agreements that are included inside the packaging of
so ware or other digital products. These contracts become binding when the user opens the
package or breaks the seal, indica ng acceptance of the terms. Shrink wrap contracts o en
cover so ware licensing, end-user rights, limita ons of liability, warran es, and dispute
resolu on mechanisms. While shrink wrap contracts were more commonly used in the past,
click-wrap agreements (where users must click "I Agree" or a similar bu on) and browse-wrap
agreements (where terms are posted on a website) have become more prevalent in the digital
age.
Source Code Escrow Agreements:
Source code escrow agreements are contracts that provide a mechanism for protec ng the
con nuity and availability of so ware source code in the event of certain circumstances, such
as the bankruptcy or discon nua on of a so ware vendor. In source code escrow agreements,
the vendor deposits the source code with a trusted third-party escrow agent. If specified
trigger events occur, such as the vendor's inability to provide ongoing support or maintenance,
the source code is released to the licensee. This ensures that the licensee can con nue to use
and maintain the so ware independently. Source code escrow agreements can be executed
electronically, and the escrowed materials can be securely stored in a digital format.
Cyber Law and IPRs- Copyright in Informa on Technology
The debate between copyrights and patents in the context of so ware revolves around the
protec on of so ware-related inven ons and determining the appropriate form of
intellectual property (IP) rights for so ware
Copyrights for So ware:
Copyright law grants automa c protec on to original works of authorship, including so ware
code. In many countries, so ware code is considered a literary work, and its author is
automa cally granted copyright protec on upon crea on. Copyright protects the expression
of ideas in so ware, covering the code's specific structure, organiza on, and sequence of
instruc ons. The copyright holder has exclusive rights to reproduce, distribute, modify, and
publicly display the so ware.
Authorship and Assignment: Under copyright law, the individual or individuals who created
the so ware code are considered its authors., in the case of so ware developed by employees
as part of their job du es, the employer may be considered the author and copyright owner
by default. Authorship and ownership can be specified through agreements or contracts,
where authors may assign their rights to another party, such as an employer or a client.
Patents for So ware:
Patent protec on for so ware involves obtaining a patent from a patent office, which grants
the inventor the exclusive right to use, sell, and prevent others from using the patented
inven on. In obtaining a patent generally requires demonstra ng that the so ware inven on
is novel, non-obvious, and has a specific technical effect or solves a technical problem.
Authorship and Assignment: Patents are typically granted to individuals or en es that are
recognized as inventors. The inventor is considered the author of the patented so ware
inven on. In some cases, companies may require employees or contractors to assign their
rights to the so ware inven on through contractual agreements. However, the ownership and
assignment of patent rights can vary depending on the specific agreements and employment
rela onships involved.
The Copyrights vs. Patents Debate:
The debate between copyrights and patents in the so ware industry is complex and
mul faceted. Some arguments in favour of copyright protec on for so ware include:
Copyright provides automa c protec on without the need for a formal applica on process.
Copyright protects the expression of ideas, which is more applicable to so ware code.
Copyright is generally more accessible and affordable for individual so ware developers and
small businesses.On the other hand, proponents of patent protec on for so ware argue:
Patents provide a higher level of exclusivity and legal certainty, as they require a rigorous
examina on process.
Ul mately, the choice between copyrights and patents depends on various factors, including
the nature of the so ware inven on, the goals of the inventor or company, the jurisdic on's
legal framework, and the resources available for obtaining and enforcing IP rights. It is
advisable to consult with legal professionals specializing in IP law to determine the most
suitable form of protec on for so ware inven ons and address authorship and assignment
issues effec vely.
Copyright in Internet-Mul media & Copyright issues-So ware Piracy
Copyright in the Internet Age:
Copyright law applies to the digital environment, including the internet. The internet has
presented new challenges and opportuni es for copyright protec on. Here are some key
considera ons regarding copyright in the internet age:
Digital Content: The internet allows for the widespread dissemina on and reproduc on of
digital content, such as text, images, videos, music, and so ware. Copyright law grants
exclusive rights to the creators of such content, including the right to reproduce, distribute,
display, and perform their works. Online pla orms and content creators need to be mindful
of copyright laws and obtain proper licenses or permissions to use copyrighted material.
Online Publishing and Sharing: With the rise of social media, blogs, and user-generated
content pla orms, individuals can easily publish and share their crea ve works online.
Copyright protec on automa cally applies to original content, giving creators the exclusive
right to control its use and distribu on.
Digital Rights Management (DRM): DRM technologies are used to protect copyrighted digital
content from unauthorized copying or distribu on. DRM systems employ encryp on and
access controls to prevent infringement and enforce licensing terms. While DRM can help
protect copyright holders' rights, it has also been a subject of debate due to issues such as
user restric ons, interoperability, and poten al limita ons on fair use.
Mul media and Copyright Issues:
Mul media refers to the combina on of different media elements, such as text, images, audio,
and video, into a single interac ve presenta on. Copyright issues in mul media can arise
when using copyrighted material without proper authoriza on or licensing. Some
considera ons include:
Fair Use: is a legalprinciple that allows limited use of copyrighted material without permission,
for purposes such as cri cism, commentary, news repor ng, teaching, or research.
Licensing and Permissions: When crea ng mul media content, it is essen al to obtain proper
licenses or permissions for any copyrighted material used. This includes obtaining licenses for
music, images, video clips, and other copyrighted elements.
So ware Piracy:
So ware piracy refers to the unauthorized copying, distribu on, or use of so ware without
proper licensing or permission from the copyright holder. so ware piracy include:
Copyright Infringement: Unauthorized copying, distribu on, or use of so ware violates the
copyright holder's exclusive rights. This includes downloading or sharing so ware from
unauthorized sources, using cracked or counterfeit so ware, or bypassing licensing
restric ons.
Consequences: So ware piracy has significant financial implica ons for so ware developers
and publishers, as it leads to lost revenue. Copyright infringement can result in legal ac on,
including fines and penal es.
An -Piracy Measures: So ware companies employ various an -piracy measures, such as
product ac va on, license keys, digital rights management (DRM), and online verifica on
systems, to protect their so ware from piracy. Addi onally, so ware companies may pursue
legal ac on against individuals or organiza ons involved in so ware piracy.
Educa on and Awareness: Promo ng educa on and awareness about the importance of
respec ng so ware copyrights is crucial in comba ng so ware piracy. This includes educa ng
users about the legal and ethical implica ons of so ware piracy, encouraging the use of
legi mate so ware, and providing affordable licensing op ons for different user groups.
Patents - European Posi on on Computer related Patents
Understanding Patents:
A patent is an exclusive intellectual property right granted to an inventor or assignee by a
government authority. It provides the inventor with the right to exclude others from making,
using, selling, or impor ng their inven on for a limited period of me, typically 20 years from
the filing date. To be eligible for a patent, an inven on must meet certain criteria:
Novelty: The inven on must be new and not publicly disclosed before the filing date of the
patent applica on.
Inven ve Step: The inven on must involve an inven ve or non-obvious step, meaning it
should not be obvious to someone skilled in the relevant field.
Industrial Applicability: The inven on must have a prac cal applica on and be capable of
being made or used in some industry.
Patentable Subject Ma er: The inven on should fall within the subject ma er that is eligible
for patent protec on under the applicable laws.
European Posi on on Computer-Related Patents:
The European Patent Conven on (EPC) governs patent law in Europe and establishes the
framework for patentability across member states. Regarding computer-related inven ons,
including so ware-related inven ons, the European Patent Office (EPO) applies specific
guidelines.
Technical Character: The EPO requires computer-implemented inven ons to have a technical
character to be eligible for patent protec on.
Technical Problem-Solving: The inven on should solve a technical problem or provide a
technical solu on to a technical problem.
Exclusions: The EPO excludes certain subject ma ers from patentability, such as mathema cal
methods, computer programs "as such," and business methods that do not have a technical
character or effect.
Technical Contribu on: For so ware-related inven ons, the EPO focuses on the technical
aspects and contribu ons of the inven on.
Legal posi on of U.S. on Computer related Patents
The legal posi on of the United States on computer-related patents is guided by the provisions
of the United States Patent and Trademark Office (USPTO) and court decisions. Here are key
aspects of the U.S. legal posi on on computer-related patents:
Statutory Basis: Computer-related patents in the U.S. are primarily governed by Sec on 101
of the U.S. Patent Act, which states that "any new and useful process, machine, manufacture,
or composi on of ma er" may be eligible for patent protec on.
Patent Eligibility: The U.S. follows a two-step framework to determine patent eligibility for
computer-related inven ons. The first step involves assessing whether the claimed inven on
falls within one of the statutory categories (process, machine, manufacture, or composi on
of ma er). The second step examines whether the inven on is directed to a patent-eligible
subject ma er or if it is an abstract idea, natural phenomenon, or law of nature.
Alice/Mayo Test: The U.S. Supreme Court established the Alice/Mayo test, derived from two
landmark cases (Alice Corp. v. CLS Bank and Mayo Collabora ve Services v. Prometheus
Laboratories), to evaluate the patent eligibility of computer-related inven ons. The test
involves determining whether the claims are directed to an abstract idea and, if so, whether
the claims include an inven ve concept that transforms the abstract idea into a patent-eligible
applica on.
Technical Aspects and Inven ve Concepts: To meet the patent eligibility requirements,
computer-related inven ons in the U.S. typically need to demonstrate that they involve
specific technical improvements or solu ons to a technical problem. Merely implemen ng
generic or conven onal computer func onali es without a technical contribu on may be
considered abstract and ineligible for patent protec on.
Patentability Requirements: Computer-related inven ons in the U.S. are subject to the
standard patentability requirements, such as novelty, non-obviousness, and enablement.
Indian Posi on on Computer related Patents –Trademarks
Indian Posi on on Computer-Related Patents:
In India, the patentability of computer-related inven ons, including so ware-related
inven ons, is as per the Indian Patents Act, 1970, and the guidelines issued by the Indian
Patent Office. key aspects of the Indian posi on on computer-related patents:
Patent Eligibility: According to Sec on 3(k) of the Indian Patents Act, "a mathema cal or
business method or a computer program per se or algorithms" are not considered patentable
inven ons. This provision implies that computer programs and algorithms, as such, are not
eligible for patent protec on in India.
Technical Effect or Novel Hardware: To be considered patentable, computer-related
inven ons in India need to demonstrate a technical effect or involve novel hardware in
addi on to the so ware. Purely abstract or so ware-based inven ons are generally not
considered patentable.
Technical Contribu on: The Indian Patent Office focuses on the technical contribu on or
innova on provided by the computer-related inven on. The inven on must go beyond the
mere implementa on of a computer program and should involve a solu on to a technical
problem or a technical improvement.
Technical Effect on Physical En es: To enhance the chances of patentability, computerrelated inven ons in India should demonstrate a technical effect on physical en es or a
technical effect beyond the computer program itself. may include improvements in hardware,
network infrastructure, data processing, or other technical aspects.
Patentability Requirements: Computer-related inven ons in India must sa sfy the standard
patentability requirements, including novelty, non-obviousness, and industrial applicability.
Indian Posi on on Trademarks:
Trademark protec on in India is governed by the Trademarks Act, 1999, and administered by
the Controller General of Patents, Designs, and Trademarks. key aspects of the Indian posi on
on trademarks:
Registrable Trademarks: In India, trademarks that are dis nc ve and capable of dis nguishing
the goods or services of one en ty from those of others are registrable. Descrip ve marks,
generic terms, or marks lacking dis nc veness may face challenges during the registra on
process.
Absolute Grounds for Refusal: The Indian Trademarks Act specifies certain absolute grounds
for refusing trademark registra on. These include marks that lack dis nc veness, consist
exclusively of marks or indica ons that have become customary in the current language or
established prac ces, or are likely to deceive or cause confusion.
Rela ve Grounds for Refusal: Trademark applica ons may also face refusal based on rela ve
grounds, such as prior conflic ng trademarks, well-known marks, or marks with a reputa on
in India.
Trademark Registra on Process: The trademark registra on process in India involves filing an
applica on with the Trademarks Registry, examina on by the Registry, publica on for
opposi on, and if no opposi on is raised, issuance of the trademark registra on cer ficate.
Enforcement and Protec on: Trademark owners in India can enforce their rights through civil
and criminal remedies. Infringement ac ons, passing off ac ons, and criminal complaints can
be filed against unauthorized use or imita on of registered trademarks.
Trademarks in Internet - Domain name registra on,Disputes & WIPO
Trademarks in the Internet
Trademarks play a crucial role in the online environment, par cularly in rela on to domain
names. Here are key considera ons regarding trademarks in the internet age:
Domain Names: Domain names are the addresses used to locate websites on the internet
(e.g., www.example.com). Trademarks can be incorporated into domain names to help
consumers iden fy and associate specific websites with par cular brands.
Trademark Protec on: Trademark owners can register their trademarks with the appropriate
trademark offices to obtain exclusive rights to use their marks in connec on with specific
goods or services. These registered trademarks provide stronger protec on and can be
enforced against unauthorized use, including in domain names.
Domain Name Registra on: Domain names are registered through domain name registrars
accredited by organiza ons such as the Internet Corpora on for Assigned Names and
Numbers (ICANN). Registering a domain name does not automa cally confer trademark
rights, but it may create a poten al conflict if the domain name is iden cal or similar to an
exis ng trademark.
Domain Name Disputes: Domain name disputes can arise when someone registers or uses a
domain name that infringes on another party's trademark rights. Common disputes include
cybersqua ng (registering a domain name in bad faith to profit from someone else's
trademark) and typo squa ng (registering domain names with slight misspellings of popular
brands).
Uniform Domain Name Dispute Resolu on Policy (UDRP): The UDRP is a policy established
by ICANN to resolve domain name disputes. It provides a streamlined process for trademark
owners to challenge domain name registra ons that infringe their rights. The UDRP allows for
the transfer or cancella on of domain names found to be registered and used in bad faith.
World Intellectual Property Organiza on (WIPO): WIPO is an interna onal organiza on that
administers the UDRP and provides services for resolving domain name disputes. Trademark
owners can file complaints with WIPO's Arbitra on and Media on Centre to ini ate
proceedings under the UDRP.
UDRP Criteria: To succeed in a UDRP complaint, the trademark owner must demonstrate
three elements: (a) the domain name is iden cal or confusingly similar to their trademark; (b)
the registrant has no legi mate rights or interests in the domain name; and (c) the domain
name was registered and is being used in bad faith.
Remedies: Successful UDRP complainants can obtain the transfer or cancella on of the
infringing domain name. However, UDRP proceedings do not address issues of monetary
damages, which would require separate legal ac on in a court of law.
Databases in IT-Protec on of databases -Posi on in USA,EU and India
Databases in Informa on Technology:
Databases play a crucial role in informa on technology by organizing, storing, and managing
large volumes of data. They are u lized in various sectors, including business, research, and
government. Protec on of databases involves safeguarding the valuable informa on they
contain and ensuring their integrity and security.
Posi on in the United States (U.S.):
In the United States, databases are primarily protected through a combina on of contractual
agreements, trade secrets, and copyright law. Here are key aspects of the U.S. posi on on the
protec on of databases:
Copyright Protec on: In the U.S., databases may qualify for copyright protec on as
compila ons. Copyright protec on extends to the original selec on, arrangement, and
coordina on of the data within the database. However, individual data or facts within the
database are not copyrightable.
Copyright Database Protec on Act (CDPA): The CDPA provides addi onal protec on to
certain databases that exhibit a sufficient level of crea vity in their selec on, arrangement,
and organiza on. To qualify for this protec on, the database must be a significant investment
of resources and not merely a compila on of exis ng data.
Contractual Agreements: Database owners can protect their databases through contractual
agreements, such as non-disclosure agreements (NDAs) and end-user license agreements
(EULAs). These agreements can impose restric ons on access, use, and disclosure of the
database.
Posi on in the European Union (EU):
In the European Union, the protec on of databases is primarily governed by the Database
Direc ve (Direc ve 96/9/EC) and the Database Regula on (Regula on 2019/882). Here are
key aspects of the EU posi on on the protec on of databases:
Sui Generis Database Right: The EU provides a unique form of protec on called the "sui
generis" database right. It grants the database creator or the one who made a substan al
investment in the obtaining, verifica on, or presenta on of the contents of a database the
exclusive right to prevent extrac on or reu liza on of the whole or a substan al part of the
database.
Originality Requirement: To qualify for the sui generis database right, the database must
represent a substan al investment and exhibit qualita vely or quan ta vely significant
efforts. Originality, in the sense of crea vity, is not required for this right.
Posi on in India:
In India, the protec on of databases is primarily governed by the Copyright Act, 1957. Here
are key aspects of the Indian posi on on the protec on of databases:
Copyright Protec on: In India, databases may be protected by copyright as compila ons. The
selec on, coordina on, and arrangement of the data within the database may qualify for
copyright protec on, but individual data or facts within the database are not protected.
Contractual Agreements: Similar to the U.S. and EU, contractual agreements, such as NDAs
and EULAs, can be used to protect databases in India. These agreements can impose
restric ons on access, use, and disclosure of the database.
CYBER CRIMES
Cybercrime refers to criminal ac vi es that are carried out using computers, networks, or the
internet. These crimes involve the use of technology as a tool or target for illegal ac vi es.
Here are some different kinds of cybercrimes:
Hacking: Unauthorized access to computer systems or networks to gain informa on,
manipulate data, or disrupt services.
Phishing: Sending decep ve emails or messages that appear legi mate to trick individuals
into revealing sensi ve informa on, such as passwords or credit card details.
Malware A acks: Distribu ng malicious so ware, such as viruses, worms, or ransomware, to
compromise computer systems or steal data.
Iden ty The : Stealing personal informa on, such as social security numbers or bank account
details, to commit fraud or impersonate someone else.
Denial-of-Service (DoS) A acks: Overloading a target's computer system or network to make
it unavailable to legi mate users.
Distributed Denial-of-Service (DDoS) A acks: Coordina ng mul ple systems to launch a DoS
a ack on a target, making it even more challenging to restore normal opera ons.
Cyber Espionage: Illegally accessing and stealing sensi ve informa on, trade secrets, or
intellectual property for economic, poli cal, or military gain.
Online Fraud: Engaging in various fraudulent ac vi es, such as online scams, fake auc ons, or
investment fraud, to deceive vic ms and obtain financial benefits.
Cyberbullying: Harassing, in mida ng, or threatening individuals through digital pla orms,
o en involving social media or online messaging.
Online Child Exploita on: Producing, distribu ng, or accessing child pornography, grooming
minors for sexual exploita on, or engaging in other forms of online child abuse.
Data Breaches: Unauthorized access to and the of sensi ve data from organiza ons,
exposing personal informa on or trade secrets.
Cyberstalking: Persistent harassment, monitoring, or stalking of individuals online, o en
involving malicious intent or a threat to physical safety.
Cyber Extor on: Threatening individuals, organiza ons, or businesses with harm, data
breaches, or public exposure unless a ransom or payment is made.
Intellectual Property (IP) The : Unauthorized copying, distribu on, or use of copyrighted
material, so ware piracy, or counterfei ng branded products.
Online Scams: Various fraudulent schemes conducted online, including romance scams,
lo ery scams, or phishing scams.
These are just a few examples of the different types of cybercrimes that exist. As technology
advances, cybercriminals con nuously find new ways to exploit vulnerabili es, so it's
important for individuals, organiza ons, and law enforcement agencies to stay informed and
take preven ve measures to mi gate cyber risks.
Cyber-crimes under IPC, Cr.P.C and Indian Evidence Law
Under the Indian legal system, cybercrimes are addressed through various statutes, including
the Indian Penal Code (IPC), the Code of Criminal Procedure (Cr.P.C), and the Indian Evidence
Act. Here's an overview of how these laws relate to cybercrimes:
Indian Penal Code (IPC):
The IPC is the primary criminal law statute in India and provides provisions for dealing with
various offenses, including cybercrimes. Some relevant sec ons of the IPC related to
cybercrimes are:
Sec on 43: Deals with unauthorized access, damage, or disrup on of computer systems,
networks, or data.
Sec on 65: Addresses tampering with computer source documents.
Sec on 66: Covers computer-related offenses such as hacking, data the , and computer
fraud.
Sec on 66B-66E: Addresses offenses related to iden ty the and online impersona on.
Sec on 67A-67C: Pertains to the publica on, transmission, or distribu on of obscene or
sexually explicit material online.
Sec on 72: Covers breach of confiden ality and misuse of personal informa on.
Sec on 420: Covers offenses related to online fraud and chea ng.
Code of Criminal Procedure (Cr.P.C):
The Cr.P.C is the procedural law that governs the inves ga on, arrest, and trial of criminal
offenses in India. It applies to cybercrimes as well. Some key provisions include:
Sec on 154: Deals with the registra on of a First Informa on Report (FIR) upon receiving a
complaint about a cybercrime.
Sec on 41: Allows the police to arrest individuals suspected of commi ng cybercrimes,
subject to certain condi ons.
Sec on 91: Empowers the police to issue summons and produce relevant documents or
electronic evidence during the inves ga on.
Indian Evidence Act:
The Indian Evidence Act governs the admissibility and presenta on of evidence in Indian
courts, including electronic evidence in cybercrime cases. Key provisions include:
Sec on 65B: Specifies the condi ons and procedures for the admissibility of electronic
evidence, including computer-generated documents and digital records.
Sec on 45A: Allows the court to presume the integrity and authen city of electronic records
if certain condi ons are met.
Sec on 59: Permits the court to compare a disputed electronic record with a genuine one for
the purpose of determining its authen city.
Sec on 114: Allows the court to draw inferences based on the facts and circumstances of the
case, including the behavior and conduct of the accused in cybercrime cases.
It's important to note that the interpreta on and applica on of these laws may vary based on
specific cases and judicial precedents. Addi onally, there are other specialized statutes and
rules, such as the Informa on Technology Act, 2000 and the Rules framed thereunder, that
specifically address cybercrimes and provide addi onal legal provisions and procedures for
their inves ga on and prosecu on in India.
Cyber crimes under the Informa on Technology Act, 2000
The Informa on Technology Act, 2000 (IT Act) is a dedicated legisla on in India that addresses
various aspects of cybercrimes and provides legal provisions for their preven on,
inves ga on, and prosecu on. It covers a wide range of offenses related to computer systems,
electronic records, and digital transac ons. Here are some key cybercrimes under the IT Act:
Unauthorized Access and Hacking (Sec on 66): This provision deals with unauthorized access
to computer systems, networks, or resources, as well as hacking ac vi es that compromise
the confiden ality, integrity, or availability of data or computer systems.
Data The and Misuse (Sec on 43A): This sec on pertains to the unauthorized access,
downloading, copying, or stealing of electronic data, including personal or sensi ve
informa on, and the consequent misuse or disclosure of such data.
Iden ty The (Sec on 66C): It addresses the offense of iden ty the , which involves
fraudulently or dishonestly using someone else's electronic iden ty for unlawful ac vi es or
gaining unauthorized benefits.
Online Fraud (Sec on 66D): This sec on covers various forms of online fraud, including
chea ng, impersona on, and deceiving individuals through electronic communica on or
online pla orms.
Publishing or Transmi ng Obscene Material (Sec on 67): This provision deals with the
publica on, transmission, or dissemina on of obscene or sexually explicit material through
electronic means, including websites, social media, or messaging pla orms.
Cyber Stalking (Sec on 66A): It addresses the offense of cyber stalking, which involves using
electronic communica on to repeatedly and harassingly follow or contact a person, causing
distress or fear.
Cyber Terrorism (Sec on 66F): This sec on covers offenses related to cyber terrorism,
including unauthorized access, disrup on, or destruc on of cri cal informa on infrastructure,
with the inten on to threaten the unity, integrity, security, or sovereignty of India.
Breach of Confiden ality and Privacy (Sec on 72): This provision addresses the unauthorized
disclosure, misuse, or breach of confiden ality of personal or sensi ve informa on obtained
while providing services under a lawful contract.
Tampering with Computer Source Code (Sec on 65): It deals with the offense of tampering,
altering, or destroying computer source code, which is the backbone of so ware programs.
Punishment for Publishing False Digital Signatures (Sec on 72B): This sec on covers the
publica on or fraudulent use of false digital signatures, which are used for electronic
authen ca on or verifica on purposes.
The IT Act also includes provisions for the establishment of the Cyber Appellate Tribunal and
the appointment of Adjudica ng Officers to handle specific cases related to cybercrimes. It is
important to consult the full text of the Informa on Technology Act, 2000, along with its
subsequent amendments, for a comprehensive understanding of the legal provisions related
to cybercrimes in India.
Cyber-crimes under Interna onal Law
Cybercrime is a global issue that o en requires interna onal coopera on for effec ve
inves ga on and prosecu on. While there is no single comprehensive interna onal law
specifically dedicated to cybercrimes, several interna onal agreements and ini a ves address
cybercrime and provide a framework for interna onal coopera on. Here are some key aspects
of cybercrime under interna onal law:
Budapest Conven on on Cybercrime: The Budapest Conven on, also known as the Council
of Europe Conven on on Cybercrime, is an interna onal treaty that aims to harmonize
na onal laws, improve coopera on, and establish common legal and procedural frameworks
for addressing cybercrime. It covers various cyber offenses, including illegal access, data
interference, computer-related fraud, and child pornography.
United Na ons Conven on against Transna onal Organized Crime: This conven on, also
known as the Palermo Conven on, includes provisions related to the preven on,
inves ga on, and prosecu on of organized crime, which can encompass cybercrimes carried
out by criminal organiza ons.
Interpol: The Interna onal Criminal Police Organiza on (Interpol) plays a crucial role in
facilita ng interna onal coopera on in comba ng cybercrimes. Interpol's Cybercrime
Programme provides a pla orm for sharing informa on, coordina ng inves ga ons, and
suppor ng member countries in addressing cyber threats.
Mutual Legal Assistance Trea es (MLATs): MLATs are agreements between countries that
enable them to request and provide assistance in gathering evidence, loca ng suspects, and
conduc ng inves ga ons in cross-border cases. MLATs are o en used to facilitate
interna onal coopera on in cybercrime inves ga ons.
Interna onal Telecommunica on Union (ITU): The ITU is a specialized agency of the United
Na ons that promotes interna onal coopera on in telecommunica ons and informa on and
communica on technologies. The ITU works on developing cybersecurity frameworks,
promo ng best prac ces, and facilita ng coopera on among member countries.
Regional Ini a ves: Various regional organiza ons and ini a ves, such as the European
Union's cybercrime ini a ves, the African Union Conven on on Cyber Security and Personal
Data Protec on, and the Asia-Pacific Economic Coopera on (APEC) Cybersecurity Framework,
address cybercrime at the regional level and promote coopera on among member states.
It's important to note that the enforcement of interna onal cybercrime laws and coopera on
mechanisms may vary among countries. Each country may have its own domes c laws and
procedures for dealing with cybercrimes and may priori ze different aspects of cybercrime
preven on, inves ga on, and prosecu on. Collabora on and informa on sharing among
countries are crucial to effec vely combat cybercrimes that transcend na onal borders
Hacking, Child Pornography, Cyber Stalking, Denial of service
A ack, Virus Dissemina on, So ware Piracy
Under Indian law, various statutes address cybercrimes, including those men oned. Here's a
brief overview of how these cybercrimes are addressed under Indian law:
Hacking: Unauthorized access to computer systems or networks with the inten on of gaining
informa on, causing damage, or disrup ng services is covered under Sec on 66 of the
Informa on Technology Act, 2000 (IT Act). It provides for penal es for hacking ac vi es,
including imprisonment and fines.
Child Pornography: The produc on, distribu on, or possession of child pornography is
prohibited under the Protec on of Children from Sexual Offences (POCSO) Act, 2012.
Addi onally, the IT Act under Sec on 67B criminalizes the publishing or transmi ng of child
pornography in electronic form and imposes severe penal es.
Cyber Stalking: Cyber stalking, which involves persistently harassing or threatening individuals
through digital means, is addressed under Sec on 354D of the Indian Penal Code (IPC) and
Sec on 66E of the IT Act. These provisions provide for penal es and imprisonment for cyber
stalking offenses.
Denial-of-Service (DoS) A ack: The IT Act under Sec on 43 provides for penal es for
unauthorized access, damage, or disrup on of computer systems, including DoS a acks. If the
a ack causes damage to computer resources, it can a ract addi onal charges under Sec on
66 of the IT Act.
Virus Dissemina on: The crea on and dissemina on of computer viruses, malware, or other
malicious so ware are covered under the IT Act. Sec on 43 provides penal es for
unauthorized access, while Sec on 66 deals with computer-related offenses, including
spreading viruses.
So ware Piracy: The Copyright Act, 1957, addresses so ware piracy in India. Unauthorized
reproduc on, distribu on, or use of copyrighted so ware without the permission of the
copyright owner is an offense under this Act. It provides for civil remedies, including
injunc ons, damages, and even criminal prosecu on in some cases.
It's important to consult the full text of these laws and any subsequent amendments to
understand the specific provisions, penal es, and legal procedures involved in addressing
cybercrimes under Indian law.
Internet Relay Chat (IRC) Crime,
Internet Relay Chat (IRC) is a real- me text-based communica on protocol that allows users
to chat with each other in channels or private messages. While IRC itself is not inherently
criminal, it can be misused for illegal ac vi es. Here are some examples of IRC-related crimes:
Distribu on of Illegal Content: IRC can be used as a pla orm for sharing and distribu ng illegal
content, such as child pornography, copyrighted material, or pirated so ware. Engaging in
such ac vi es on IRC can lead to criminal charges under relevant laws governing these
offenses.
Harassment and Threats: IRC channels and private messages can be used for cyber
harassment, online bullying, or making threats against individuals or groups. Such ac ons are
considered criminal offenses and can lead to charges under applicable laws related to
harassment, stalking, or threats.
Botnets and Malware Distribu on: IRC has been exploited by cybercriminals to control and
coordinate botnets, which are networks of compromised computers used for malicious
purposes. Criminals may use IRC to distribute malware, launch DDoS a acks, or carry out
other illegal ac vi es.
Cyber Fraud and Scams: IRC can be used as a pla orm for carrying out online fraud and scams,
such as phishing a acks, social engineering, or fraudulent schemes. Criminals may
impersonate others, manipulate users, or deceive them into providing sensi ve informa on
or making financial transac ons.
Illegal Trading and Hacking Discussions: IRC channels dedicated to illegal ac vi es, such as
hacking, trading stolen data, or sharing hacking tools, can facilitate criminal ac ons. Engaging
in such ac vi es on IRC can lead to criminal charges related to hacking, unauthorized access,
or the .
Credit Card Fraud
Credit card fraud refers to the unauthorized use of someone else's credit card or credit card
informa on to make fraudulent transac ons or obtain financial gain. It is a form of iden ty
the and a significant concern in the realm of financial crimes. Here are some common types
of credit card fraud:
Stolen Card: This occurs when a credit card is physically stolen from its owner. The thief can
then use the card to make unauthorized purchases before the the is reported.
Card Skimming: In this method, fraudsters use a device to capture credit card informa on
during legi mate transac ons. This can happen at ATMs, gas sta ons, or other places where
cards are swiped or inserted.
Phishing: Phishing involves tricking individuals into providing their credit card informa on by
impersona ng a legi mate organiza on or individual through fraudulent emails, websites, or
phone calls.
Online Fraud: Criminals use stolen credit card informa on to make unauthorized purchases
online. This can involve using the card directly or using the informa on to create cloned cards.
Iden ty The : When someone's personal informa on, including credit card details, is stolen,
it can be used to open new credit card accounts or make unauthorized transac ons.
Card Not Present Fraud: This type of fraud occurs when credit card informa on is used for
transac ons where the physical card is not required, such as online or over-the-phone
purchases. Fraudsters use stolen card details to make these unauthorized transac ons.
Account Takeover: In an account takeover, fraudsters gain access to a person's credit card
account through various means, such as hacking, and make unauthorized transac ons or
changes to the account.
Net Extor on, Phishing
Net Extor on: Net extor on, also known as online extor on, is an act of coercing or
threatening individuals,organiza ons,businesses to obtain money,property, or other valuables
through the use of the internet or digital pla orms. It involves the following elements:
Threats: The perpetrator sends threatening messages or engages in in mida on tac cs, such
as threatening to release sensi ve or confiden al informa on, damaging the vic m's
reputa on, or launching cybera acks against their systems.
Demand for Payment: The perpetrator demands a ransom or payment from the vic m in
exchange for preven ng or stopping the threatened harm. This payment is o en requested in
cryptocurrencies to maintain anonymity.
Means of Communica on: The communica on between the perpetrator and the vic m
usually takes place through email, instant messaging, or other online channels to maintain
anonymity.
Phishing: Phishing is a form of cybercrime that involves tricking individuals into revealing their
sensi ve informa on, such as usernames, passwords, credit card details, or personal
iden fica on, by posing as a trustworthy en ty. Phishing a acks typically occur through the
following methods:
Decep ve Emails: The perpetrator sends emails that appear to be from a legi mate
organiza on, such as a bank or an online service provider, asking the recipient to provide their
personal informa on or click on malicious links.
Fake Websites: The perpetrator creates fraudulent websites that closely resemble legi mate
websites, aiming to trick users into entering their confiden al informa on.
Phone Calls and SMS: Phishing a acks can also occur through phone calls or text messages,
where the perpetrator impersonates a trusted en ty and tries to extract sensi ve informa on.
The stolen informa on is then used for various illicit purposes, such as iden ty the , financial
fraud, or unauthorized access to accounts
Cyber Terrorism
Cyberterrorism refers to the use of cyber-based tools and techniques by individuals, groups,
or organiza ons to carry out acts of terrorism or promote terroris c ac vi es. It involves
leveraging computer networks, digital systems, and the internet to launch a acks with the
inten on of causing fear, disrup on, destruc on, or harm to individuals, governments, or
cri cal infrastructures. Here are some key aspects of cyber terrorism:
Targets: Cyber terrorists may target a wide range of en es, including government agencies,
military organiza ons, financial ins tu ons, transporta on systems, u li es, healthcare
facili es, and other cri cal infrastructure sectors. The objec ve is to create panic, disrupt
essen al services, or cause significant economic and social damage.
Methods: Cyber terrorists employ various techniques to carry out their a acks, including:
Network A acks: They may launch distributed denial-of-service (DDoS) a acks, which flood
target networks or websites with excessive traffic, rendering them inaccessible.
Data Breaches: Cyber terrorists may aim to steal sensi ve informa on, such as classified data,
intellectual property, or personally iden fiable informa on, to compromise na onal security
or harm individuals.
Malware and Hacking: They u lize malware, viruses, worms, or hacking techniques to gain
unauthorized access to systems, manipulate data, or disrupt opera ons.
Social Engineering: Cyber terrorists may employ social engineering tac cs, such as phishing
emails, to trick individuals into revealing sensi ve informa on or clicking on malicious links.
Consequences: Cyber terrorist a acks can have significant consequences, including financial
losses, damage to cri cal infrastructure, compromise of na onal security, disrup on of
essen al services, and loss of lives.
Interna onal Coopera on: Given the global nature of cyber terrorism, interna onal
coopera on and collabora on among na ons, law enforcement agencies, and cybersecurity
organiza ons are crucial for preven ng, inves ga ng, and responding to cyber terrorist
ac vi es. Organiza ons such as the United Na ons (UN) and Interpol play a vital role in
facilita ng interna onal coopera on in comba ng cyber terrorism.
Viola on of Privacy on Internet - Data Protec on and Privacy.
Viola on of privacy on the internet refers to unauthorized access, use, or disclosure of
personal informa on or online ac vi es without the individual's consent. It encompasses
various ac ons that infringe upon an individual's right to privacy in the digital realm. Here are
some aspects related to data protec on and privacy on the internet:
Personal Data Collec on: Many online pla orms and services collect personal data from
users, such as names, email addresses, phone numbers, browsing history, loca on
informa on, and social media ac vi es. Viola on of privacy occurs when this data is collected
without proper consent
Data Breaches: Data breaches refer to incidents where unauthorized individuals gain access
to personal data stored by organiza ons or service providers. These breaches can result in
sensi ve informa on being exposed, poten ally leading to iden ty the , financial fraud, or
other harmful consequences.
Tracking and Profiling: Online tracking techniques, such as cookies, web beacons, and device
fingerprin ng, are used to monitor individuals' online ac vi es. This informa on is o en used
for profiling and targeted adver sing. Privacy viola ons occur when individuals are not
adequately informed about the extent of tracking or when tracking is conducted without
consent.
Government Surveillance: State surveillance programs, both domes c and interna onal, can
infringe upon individuals' privacy rights. Mass surveillance ac vi es, warrantless data
collec on, or the monitoring of communica on channels without proper legal oversight can
be seen as privacy viola ons.
Online Harassment and Doxing: Online harassment involves the use of personal informa on
obtained without consent to in midate, harass, or threaten individuals. Doxing refers to the
public disclosure of private or sensi ve informa on with the intent to harm or harass
someone. Both prac ces violate privacy rights and can have severe emo onal and
psychological effects.
Lack of Data Lack Protec on Laws: Inadequate or non-existent data protec on laws in certain
jurisdic ons can contribute to privacy viola ons. Without robust legal frameworks and
enforcement mechanisms, individuals may be more vulnerable to data misuse or abuse.
To address privacy viola ons on the internet, many countries have implemented data
protec on laws and regula ons. These laws aim to safeguard individuals' privacy rights, define
how personal data should be collected and processed, and establish penal es for viola ons.
Organiza ons are increasingly expected to be transparent about their data collec on
prac ces, provide clear privacy policies, and obtain informed consent from users.
Individuals can also take steps to protect their privacy online, such as using strong passwords,
enabling two-factor authen ca on, being cau ous about sharing personal informa on,
u lizing privacy-enhancing browser extensions or virtual private networks (VPNs), and
regularly reviewing and adjus ng privacy se ngs on online pla orms.
Indian Copyright Law on the Internet
Broadly, the legal regime governing copyright protec on on the internet is the Copyright Act
1957, IT Act 2000. While Sec 14 of the copyright act elucidates on the various rights accrued
upon a copyright owner, in case of literary works, ar s c works, computer programs or
databases, cinematographic film, or even a music recording, Sec 51 of the Act deals with
infringement of copyright. Within the scope of databases, original databases are also covered,
which include various original digital works and websites. Further, the scope of the defini on
of communica on to the public under sec on 2(ff) of the act, could be extended to
communica on on the content of a website, even deep linking.
Copyright Infringement Online
As discussed above, the features of the digital pla orm have a bearing on copyright and its
protec on, mainly due to the ease of access and replica on. While reproduc on in the older
mes was restricted to physical copies, because of online reproduc on and easy download
me, it is possible to make mul ple copies thus allowing for easy distribu on of the protected
work without the permission of the copyright holder. This ease of transmission without having
to compromise on the quality has made the occurrence a common one. The most common
infringements have been pertaining to websites. Designing and developing the quality of a
website can be a tedious and me-consuming task but replica ng it takes half the me, which
puts them at risk of copyright infringement. Common mischievous prac ces on the internet
are linking, in-lining, and framing.
Linking is, simply put a connec on between two files on the internet, either different or from
the same file but of different parts. Linking in its essence is not a wrongful prac ce; in fact, it
is the sine qua non of the internet which essen ally makes it a worldwide “web”. However,
deep linking, where a subordinate link is a ached to bypass the need to access the main page
of the linked website impacts the revenue of the page. It is in a sense stealing the traffic of the
linked website to defeat the intended way of naviga on of the website.
Since it is just a URL, it is not copyrightable and neither does it amount to an infringement.
But the content present in the link, the crea ve content is essen ally being copied by this
prac ce. And what makes it even more problema c is when permission to deep link has not
been taken. With in-line linking, graphic files are copied to form the composite page with
different graphic files linking different websites. Both these prac ces, when put to the test of
Sec on 14 and 51 could amount to infringement and are covered under the protec on.
Who is held liable for Copyright Infringement?
While authors can sue for infringement online within the provisions of the Copyright Act, the
tricky part with enforcement on the internet is the problem of ascertaining liability. In an
internet transac on, where data or copyrighted content is transferred without prior
permission, there are three par es involved. Firstly, there is the originator, the individual who
generates, stores, or transmits content online. End users are the person who receives such
electronic message or content and is the person intended by the originator to receive the
record. Finally, there are intermediaries, whose stores receive or transmit informa on on
behalf of someone else or at the behest of another individual, and depending on their
func on intermediaries can be classified into Auc on intermediaries, Payment intermediaries,
and Internet Service Providers (ISP). ISP is an organiza on that offers individuals access to the
internet and its services.
To understand who incurs liability, it is essen al to know what ac on cons tutes such
infringement. Under the Copyright Act, the exclusive rights of the owner include a
reproduc on of the work, issuance of copies, and communica on to the public. Therefore,
any viola on of these rights amounts to infringement, alongside the distribu on of
copyrighted work causing prejudice to the copyright owner. Let us understand the liability of
every party of the transac on individually.
Liability of the Originator: This is dependent on the knowledge of the originator. If the
originator was aware that the work was copyrighted, he becomes the main culprit since he
had the knowledge and commi ed the infringement. Ignorance of the existence of copyright
is a valid Défense in this instance. However, proving guilt or prior knowledge or iden fying the
guilty par es can prove to be exceedingly difficult due to the number of internet users.
Liability of the End-user: Depending on whether the end-user just reproduced the work, or
further published it, his liability varies. For reproduc on, however, the end-user can avoid
liability on the Défense of private use, which is an excep on to copyrighted work. Even with
an end-user, knowledge is essen al for placing liability. If the end-user is under the belief that
there was implied consent of the copyright owner due to its existence on a public pla orm,
the user may not be held liable for infringement.
Liability of the ISP: The liability of an intermediary is dependent on the role they play in the
transmission. ISPs are generally classified as content providers, playing a significant role in the
reproduc on, transfer, and communica on of the material thus making them very much
liable. And because of the inherent difficul es of iden fying individual guilty users, copyright
owners also find it easy to place the blame on ISPs, however, these ISPs are only passive
carriers, and holding them responsible for the illegal ac vi es of their users is not a just or
legal prac ce. Drawing a similar interpreta on of sec on 51, ISPs can be held liable only when
they knew about the copyright or its breach. Further, under Sec on 63, any person abe ng
the infringement is criminally liable, another factor that determines the liability of an ISP. In
corrobora on with this, the IT act states that a network service provider (ISP) would not be
held liable for third party ac ons if the offense has been commi ed without its
knowledge. Therefore, prudently an ISP can escape liability in copyright infringement if it can
prove a lack of knowledge and exercise of due diligence.
Fair Use Défense
Fair use is an affirma ve Défense that can be raised in response to claims by a copyright owner
that a person is infringing a copyright. Fair use permits a party to use a copyrighted work
without the copyright owner’s permission for purposes such as cri cism, comment, news
repor ng, teaching, scholarship, or research. But copyright law does establish four factors
that must be considered in deciding whether a use cons tutes a fair use. These factors are:
Factor 1: The Purpose and Character of the Use
The first factor mostly focuses on whether the use is commercial or non-commercial and
whether the use is transforma ve. If a use is commercial, it is less likely to be fair use and if it
is non-commercial, it is more likely to be fair use. Transforma ve uses are those that add
something new, with a further purpose or different character, and do not subs tute for the
original use of the work. If the use is transforma ve, it is more likely to be fair use and if it is
not transforma ve it is less likely to be fair use.
Factor 2: The Nature of the Copyrighted Work
The second factor considers the nature of the underlying work, specifically whether it is more
crea ve or more factual. Use of a more crea ve or imagina ve underlying work is less likely
to support a claim of fair use, while use of a factual work would be more likely to support a
fair use claim. This factor also looks at the publica on status of the copyrighted work. When
the copyrighted work is unpublished the use is less likely to be a fair use.
Factor 3: The Amount Used
The third factor considers the amount of the copyrighted work that was used compared to the
copyrighted work as a whole. Where the amount used is very small in rela on to the
copyrighted work, this factor will favour a finding of fair use, but where the amount used is
not insignificant, this factor will favour the copyright owner. This factor also considers the
qualita ve amount of the copyrighted work used. If the por on used was the “heart” of the
work, this factor will likely weigh against a finding of fair use even if that por on was otherwise
a very small amount.
Factor 4: The Effect of the Use on the Market
The fourth factor not only considers whether the defendant’s ac vi es may harm the current
market, but also considers whether the use may cause any harm to poten al markets that
could be exploited by the copyright owner if the use were to become widespread. If the use
harms the copyright owner’s current or poten al market then it will weigh against fair use.
Along with the first factor, this factor is one of the most important in the fair use analysis.
Copyright Challenges in the Cyberworld (Internet)The problems with rights
in cyberspace are increasing along with technological advancements. Copyright infringement
can have serious legal consequences, such as fines and jail me.
I.P.R. infringement is becoming more widespread and diverse as Internet and network
technologies progress. Among the major areas of I.P. rights are copyright, which the Internet
and technology have significantly impacted. The Net is necessary for many aspects of life,
including business opera ons. Therefore, giving up the Internet to handle legal problems is
not a choice.
Since their origin, copyright rules have changed in response to technological advances. For the
different par es involved in its use of the produc on of authorship, by books, art into websites
and films, these innova ons, like many others, hold both poten al and the ability to be
destruc ve. Copyright laws help to promote crea vity and innova on by incen vising people
to create original works.
Therefore, they are emphasising the copyright concerns in cyberspace in this discussion. As
more people produce content, efforts are being made to raise awareness of the difficul es in
preserving the content. Copyright is an essen al aspect of the cyber world, as it gives creators
the right to protect their digital crea ons from being copied or otherwise used without
permission.
What kinds of digital technology could have effects on copyright?
Digital data storage and distribu on of works are the techniques that are affec ng copyright
law to become more complex. The following are some of these technologies’ elements that
are significant to copyright law:
Easy dissemina on
Global digital connec ons rise has enabled the quick and widespread distribu on of digital
inven ons. Digital connec ons, such as pla orms for social media, can be used to spread
informa on to a huge number of people (However, with broadcas ng, digital content can
reach only some people at a me).
Reproducibility
When an item has been created digitally, it may be quickly, cheaply, and accurately replicated.
The quality of each copy can then be reproduced indefinitely without decreasing. In this way,
a single digital version of a book can serve millions of people.
U lisa on of Storage
Digital storage is huge, and it is only becoming more so as me goes on. More and more
material can be stored in a given quan ty of space.
Problems within cyberspace
Since the crea on of the Internet and the growth of related informa on systems, copyright
issues have become common. Infringement of copyright is widespread in cyberspace and
impacts a wide variety of digital items, not just a select few blockbusters.
Copyright holders have adopted technical measures like the Electronic Copyright
Management System (ECMS) to stop works from being copied and distributed.
Among the viola ons of copyright Plagiarism, caching and unlawful database or so ware
usage.Uploading, accessing, connec ng, peer-to-peer file transfer, infringement of copyright
on social networks, and other online ac vi es need to be protected.
Op ons for remedy in the event of a digital infringement of copyright
The copyright holder may file a lawsuit for monetary damages, restraining orders, profit from
ins tu ons, and transfer of the infringing goods when their rights are violated. Copyright
owners who believe their rights have been violated have several op ons for seeking recourse
from Indian courts. A few of these procedures involve removing and destroying all noncompliant files, including master files.
The Copyright Law of India 1957 gives op ons if anyone breaks the right of others:
Criminal Remedies (Acc. to Sec ons 63 and 63B),
Civil Remedies (Acc. To Sec ons 54–62),
Administra ve Remedies are the three types of remedies available-The Act provides
the following legal op ons to someone who has been wronged, given below

Restric ons

Damages

Account Conversion

Injunc on

Destruc on of Infringing Copies
As technology changes, copyright has undergone various changes. Copyrights are currently
successfully used in cyberspace due to the expansion of the Internet. There are fresh
possibili es with possible hazards when establishing copyright on the Internet. Threats o en
exceed benefits. Cyberspace requires stricter regula ons to safeguard copyright.
Cyberspace issues at the present
Copyright viola ons have become common with the rise of the Internet and the growth of
related informa on technologies. Copyright infringement affects many digital products and is
not limited to a few hits; they are omnipresent in cyberspace. The hazards to Intellectual
Property Rights (I.P.R.) on the Internet are numerous, and major infringement of copyright is
just the edge of the iceberg. The development of and World Wide Web has led to the
establishment of cyberspace, a wild and lawless environment that creates serious copyright
problems. To prevent works from being duplicated and distributed, copyright owners have
created technical safeguards such as the Electronic Copyright Management.



ISP(Internet service provider)
the internet services providers. In the simplest terms, to be an intermediary is to be like a
conduit for the passage of any informa on/communica on. They act like aggregators between
those who wanted to generate and spread informa on and those who wanted to consume
informa on There was a need to regulate and control the informa on on the internet, and
since it was difficult to keep track of individuals worldwide, it was done through the source
that acted as a medium to aggregate this connec vity, the ISP’s, the internet service
providers.
The issue of online copyright infringement liability for the ISP’s thus became prevalent since
the use of the internet started to expand rapidly. The impera ve ques on that arises here is
to what extent are ISPs responsible for the third-party material put on the internet by users
of their facili es?
Because of the hurdles and constraints on keeping track and catching hold of individuals on a
worldwide level, because of geo-cultural, geopoli cal and simply inability of copyright and
intellectual property owners to seek infringement damages against those who misappropriate
their intellectual or digital proper es, the internet service providers have become an
accessible mule to address this problem, namely since they allow the internet or data pirates
to exist, for which reason the content owners find it righteous to sue the ISP’s for their data
infringement because the ISP’s naturally are in a posi on to control and secure the internet
through plausible policing.
In this paper, we explore the role of the ISP’s communica on on the internet, their various
approaches for determining the liability of the ISP’s for eg. the horizontal approach, the nonhorizontal approach and explain the liability of ISPs for copyright infringement under
the Copyright Act, 1957, and the Informa on Technology Act, 2000.
ISP’s role in communica on on the internet
ISP is the gateway or an aggregator that provides the network infrastructure, in common
parlance, a bandwidth (road network) which gives people access to navigate through the
world wide web and access data and informa on on one end, and on the other, they give
hos ng and website building and other such services for the supply of data and content. Other
than ISP’s various par es are involved in offering solu ons for crea ng, storing, hos ng,
delivering and accessing informa on and content from the content creator to the content
consumers such as blogging sites, cloud pla orms, hos ng servers, database servers, etc. at
the end of the day all the informa on gets stored in a server and is accessed from that server
through the internet. In common parlance, the server is an address where one seeks to access
the informa on through the highway and road network which is provided by the ISP through
the internet and bandwidth, to be able to navigate and access the informa on stored on these
servers. The various intermediaries that host, store, process data and data services are all
connected to the content providers on one end and the consumers on the other through the
ISP’s which are the road network that enables the transport of informa on and people (albeit
virtually) between one point to another.
The website host deploys servers where FTP’s, file transfer protocols are deployed for storing,
accessing and transpor ng files, website hos ng is done on these servers. These days cloud
compu ng offers remote storage of data that can be accessed on mul ple points. Upon
storage, on such servers and cloud servers, this data gets availed to anybody with an internet
connec on and the address to the server loca on. An access provider on the other hand
provides access to the internet. In the process, all this is happening through the network
infrastructure of the internet service provider, ISP. This network infrastructure transports this
data to the designated consumer. ISPs are aggregators who create access and network to
transport informa on exchange.
Liability of internet service provider
The liability for copyright infringement rests on three theories; direct, vicarious and
contributory infringement. Direct infringement occurs when a person violates any exclusive
right of the copyright owner. Vicarious liability arises when a person fails to prevent
infringement when he can and has a right to do so and is directly benefited by such
infringement.
In the United States, one of the Acts which provides liability for the ISPs is the Digital
Millennium Copyright Act, 1998. (DMCA) This Act governs the liability of the internet sites
and ISPs for the copyright infringement of its user. It provides a mechanism for copyright
owners to force site owners and ISPs to remove infringing material.
The following elements are part of the regime under the DMCA:
1) The online service provider [hereina er OSP] must have a designated agent to receive
no ces and it must use a public por on of its Web site for receipt of no ces;
2) The OSP must no fy the U.S. Copyright Office of the agent’s iden ty and the Copyright
Office will also maintain electronic and hard copy registries of Web site agents.
Various approaches to determine the liability of internet service providers
The scope of an ISP’s liability extends to the branch of law pertaining and rela ng to the
content and subject ma er in ques on. It could be private or personal, criminal, tort,
intellectual property like copyright, trademark, patent, etc., compe on law, consumer
protec on, etc. and thus the liability of the ISP’s has been burning, constantly evolving and
expanding. These have been done broadly through two approaches:
1. Horizontal approach
Which covers not just copyright infringement but all other areas and branches of law, where
the liability of ISP arises directly and it raises fixed liabili es irrespec ve of the content and
extent of the illegality of the content.
2. non-horizontal approach
The poten al of the liability is determined by the provisions and jurisdic ons of the law. In
this approach, the statutes determine the extent of liability, in which a case of defama on
would be covered under defama on laws, copyright infringement would be covered under
intellectual property rights law, harm to person, death and rape threats would be covered
under IPC, etc.
Copyright is dealt with preserving the efforts and performance of the intellect. The concern
of copyright is the protec on of literary and ar s c works. These consist of music, wri ngs,
the efforts of the fine arts, music, such as sculptures and pain ngs, technology-based works
such as computer programs and electronic databases.
The liability for copyright infringement rests on three theories1. direct, infringement
2.vicarious infringement
3.contributory infringement.
Direct infringement occurs when a person violates any exclusive right of the copyright owner.
Vicarious liability arises when a person fails to prevent infringement when he can and has a
right to do so and is directly benefited by such infringement. These two theories are based on
the strict liability principle and a person will be liable without any regard to his mental state
or inten on. Contributory liability arises when a person par cipates in the act of direct
infringement and has knowledge of the infringing ac vity. The ques on arises as to which
standard should be applied in order to fix the responsibility of service providers.
Provisions under the Indian Copyright Act, 1957
The Indian Copyright Act is unable to protect the unauthorized distribu on and use of work
over the internet. Infringement over the internet and piracy poses a threat to crea ve works
worldwide and thus the growth of the internet, e-commerce and the digital economy. The law
related to ISP liability is vague and ambiguous in India. The Indian Copyright Act 1957, though
amended in 1994 and 1997, doesn’t cover or even men on copyright infringements and
liability of ISPs regarding them.
The crux of copyright infringement according to the Act is that whether a person is gaining
economic gains out of the infringement and in case of ISPs liability, the ISPs are gaining any
direct economic gains out of copyright infringement. Users however do pay ISPs for using
internet services, but they usually get away with the excuse that they did not know their acts
were in the violence of owner’s copyrights. Moreover, Sec on 63 of the copyright Act, 1957
provides for abetment regards to copyright infringements, but whether ISPs can be said to be
abe ng would again be a case to be se led in the court of law since ISPs clearly would state
no inten on as their basis to avoid legal liability.
Provisions under IT Act, 2000
Chapter XII of the Act provides for issues regarding the liability of the service providers. The
Act refers to ISPs as ‘network service providers’ and exempts them from their liability. Sec on
79 absolves the ISP’s liability if they can prove they had no knowledge about the infringement
or due diligence was exercised for preven on of such acts. The Indian posi on in liability of
service providers for copyright infringement must be made more explicit. The Act must include
sec ons that address the financial aspect of the transac on, and the rela onship between an
ISP and a third party, because this is vital to determining the iden ty of the violator. The
American concept of contributory infringement can also be incorporated into the Indian Act
so that if any person with knowledge of the infringing ac vity, induces, causes, or materially
contributes to the infringing conduct of another, the person can be made liable.
In order to be exempt from liability, the Indian Act requires the service provider to exercise
due diligence to prevent the commission of copyright infringement. The Act does not provide
the meaning of the term due diligence. If due diligence means policing each and every aspect
of the internet, it can lead to loss of privacy and can ul mately have a disastrous effect. There
is a need for a consensus on the meaning of the term due diligence because the primary
func on of ISPs is to build the internet, not to play the role of a policeman. If the behaviour
of an ISP is reasonable, then that ISP should not be held liable for each and every ac vity on
the internet as has been held by the US courts.
Various interna onal scenarios
The WIPO Copyright Treaty, 1996 first caught interna onal a en on on copyrights. The
trea es updated the Berne Conven on by incorpora ng the exis ng TRIPS provisions in its
folds and granted addi onal rights to the authors in the context of the internet. A new right
referred to as the right of communica on to the public was incorporated and the right of
distribu on was specifically spelt out. It also provided for legal remedies against the
circumven on of technological measures used by the authors to protect their work. Legal
protec on was also granted to rights management informa on systems used by the authors
while transmi ng works in a digital environment. It was further made clear that mere
provision of physical facili es for enabling or making a communica on does not itself amount
to communica on with the meaning of this provision.
Since there was no agreement to treat both temporary and permanent reproduc on as a part
of reproduc on rights in digital format, no specific provision was included in the WCT in this
regard. It was the failure of the interna onal community due to the pressure from interest
groups to reach a defini ve conclusion on the nature of the liability of service providers and
users, that le the interna onal law unse led and it was le to the respec ve Na on States
to introduce appropriate provisions in the domes c law to protect the interests of the owners.
One of the first countries to legislate on the Treaty provisions was the US through its Digital
Millennium Copyright Act (DMCA) that came into force in 1998. Before referring to the DMCA
it is necessary to refer to some of the judicial pronouncements of US Courts on the issue.
In Playboy Enterprises v. Frena, the court was called upon to determine the liability of the
electronic Bulle n Board System (BBS) operator for the acts of users who had uploaded and
downloaded the plain ff’s copyrighted photographs. The court found Frena liable for viola ng
the plain ffs right to publicly distribute and display copies of its work. The defendant
contended that he had in fact removed the photographs from the BBS when he received the
complaint and had since monitored the BBS to prevent addi onal photographs of Playboy
from being uploaded.
Internet service providers being made liable to suit for copyright infringement on the internet
Frequently in copyright infringements suits being filed for ac ons of infringement on the
internet most certainly involve the ISPs. The reason being that ISPs are far more in a superior
posi on to police, track and take ac on in cases of piracy or infringement, than an owner who
will be rather completely unaware of the whereabouts of such infringements taking place, the
ISPs would have the internet traffic data rela ng to such ac vi es that show downloads of the
infringed product.