DEFINOTION

Cybercrime is criminal activity done using

computers and the Internet. This includes
anything from downloading illegal music files
to stealing millions of dollars from online bank
accounts. Cybercrime also includes nonmonetary offenses, such as creating and
distributing viruses on other computers or
posting confidential business information on
the Internet.
Perhaps the most prominent form of
cybercrime is identity theft, in which criminals
use the Internet to steal personal information
from other users. Two of the most common
ways this is done is throughphishing and pharming. Both of these
methods lure users to fake websites (that appear to be legitimate), where
they
are
asked
to
enter
personal
information.
This
includes login information, such as usernames and passwords, phone
numbers, addresses, credit card numbers, bank account numbers, and
other information criminals can use to "steal" another person's identity.
For this reason, it is smart to always check the URL or Web address of a
site to make sure it is legitimate before entering your personal
information.
Because cybercrime covers such a broad scope of criminal activity, the
examples above are only a few of the thousands of crimes that are
considered cybercrimes. While computers and the Internet have made
our lives easier in many ways, it is unfortunate that people also use these
technologies to take advantage of others. Therefore, it is smart to protect
yourself by using antivirus and spyware blocking software and being
careful where you enter your personal information.

WHAT IS CYBERCRIME?
The internet in India is growing rapidly. It has given rise to new
opportunities in every field we can think of be it entertainment,
business, sports or education. There are two sides to a coin. Internet also
has its own disadvantages. One of the major disadvantages is
Cybercrime illegal activitiy committed on the internet. The internet,
along with its advantages, has also exposed us to security risks that come
with connecting to a large network. Computers today are being misused
for illegal activities like e-mail espionage, credit card fraud, spams,
software piracy and so on, which invade our privacy and offend our
senses. Criminal activities in the cyberspace are on the rise. Here we
publish an article by Nandini Ramprasad in series for the benefit of our
netizens.
"The modern thief can steal more with a computer than with a gun.
Tomorrow's terrorist may be able to do more damage with a keyboard
than with a bomb".
National Research Council, "Computers at Risk", 1991.
What is this Cyber crime? We read about it in newspapers very often.
Let's look at the dictionary definition of Cybercrime: "It is a criminal
activity committed on the internet. This is a broad term that describes
everything from electronic cracking to denial of service attacks that
cause electronic commerce sites to lose money".
Mr. Pavan Duggal, who is the President of cyberlaws.net and consultant,
in a report has clearly defined the various categories and types of
cybercrimes.
Cybercrimes can be basically divided into 3 major categories:
1. Cybercrimes against persons.
2. Cybercrimes against property.
3. Cybercrimes against government.
2

Cybercrimes committed against persons include various crimes like

transmission of child-pornography, harassment of any one with the use
of a computer such as e-mail. The trafficking, distribution, posting, and
dissemination of obscene material including pornography and indecent
exposure, constitutes one of the most important Cybercrimes known
today. The potential harm of such a crime to humanity can hardly be
amplified. This is one Cybercrime which threatens to undermine the
growth of the younger generation as also leave irreparable scars and
injury on the younger generation, if not controlled.
A minor girl in Ahmedabad was lured to a private place through
cyberchat by a man, who, along with his friends, attempted to gangrape
her. As some passersby heard her cry, she was rescued.
Another example wherein the damage was not done to a person but to
the masses is the case of the Melissa virus. The Melissa virus first
appeared on the internet in March of 1999. It spread rapidly throughout
computer systems in the United States and Europe. It is estimated that
the virus caused 80 million dollars in damages to computers worldwide.
In the United States alone, the virus made its way through 1.2 million
computers in one-fifth of the country's largest businesses. David Smith
pleaded guilty on Dec. 9, 1999 to state and federal charges associated
with his creation of the Melissa virus. There are numerous examples of
such computer viruses few of them being "Melissa" and "love bug".
Cyberharassment is a distinct Cybercrime. Various kinds of harassment
can and do occur in cyberspace, or through the use of cyberspace.
Harassment can be sexual, racial, religious, or other. Persons
perpetuating such harassment are also guilty of cybercrimes.
Cyberharassment as a crime also brings us to another related area of
violation of privacy of citizens. Violation of privacy of online citizens is
a Cybercrime of a grave nature. No one likes any other person invading

the invaluable and extremely touchy area of his or her own privacy
which the medium of internet grants to the citizen.
The second category of Cyber-crimes is that of Cybercrimes against all
forms of property. These crimes include computer vandalism
(destruction of others' property), transmission of harmful programmes.
A Mumbai-based upstart engineering company lost a say and much
money in the business when the rival company, an industry major, stole
the technical database from their computers with the help of a corporate
cyberspy.
The third category of Cyber-crimes relate to Cybercrimes against
Government. Cyberterrorism is one distinct kind of crime in this
category. The growth of internet has shown that the medium of
Cyberspace is being used by individuals and groups to threaten the
international governments as also to terrorise the citizens of a country.
This crime manifests itself into terrorism when an individual "cracks"
into a government or military maintained website.
In a report of expressindia. com, it was said that internet was becoming a
boon for the terrorist organisations. According to Mr. A.K. Gupta,
Deputy Director (Co-ordination), CBI, terrorist outfits are increasingly
using internet to communicate and move funds. "Lashker-e-Toiba is
collecting contributions online from its sympathisers all over the world.
During the investigation of the Red Fort shootout in Dec. 2000, the
accused Ashfaq Ahmed of this terrorist group revealed that the militants
are making extensive use of the internet to communicate with the
operatives and the sympathisers and also using the medium for intrabank transfer of funds".
Cracking is amongst the gravest Cyber-crimes known till date. It is a
dreadful feeling to know that a stranger has broken into your computer
systems without your knowledge and consent and has tampered with
precious confidential data and information.

Coupled with this the actuality is that no computer system in the world is
cracking proof. It is unanimously agreed that any and every system in
the world can be cracked. The recent denial of service attacks seen over
the popular commercial sites like E-bay, Yahoo, Amazon and others are a
new category of Cyber-crimes which are slowly emerging as being
extremely dangerous.

Unauthorised access
Using one's own programming abilities as also various progra-mmes
with malicious intent to gain unauthorised access to a computer or
network are very serious crimes. Similarly, the creation and
dissemination of harmful computer programmes which do irreparable
damage to computer systems is another kind of Cybercrime. Software
piracy is also another distinct kind of Cybercrime which is perpetuated
by many people online who distribute illegal and unauthorised pirated
copies
of
software.
Professionals who involve in these cybercrimes are called crackers and it
is found that many of such professionals are still in their teens. A report
written near the start of the Information Age warned that America's
computers were at risk from crackers. It said that computers that "control
(our) power delivery, communications, aviation and financial services
(and) store vital information, from medical re-cords to business plans, to
criminal records", were vulnerable from many sources, including
deliberate attack.

"Script-kiddies"
Crackers do more than just spoiling websites. Novices, who are called
"script-kiddies" in their circles, gain "root" access to a computer system,
giving them the same power over a system as an administrator such as
the power to modify features. They cause damage by planting viruses.
The Parliament of India passed its first Cyberlaw, the Information
Technology Act in 2000. It not only provides the legal infrastructure for
5

E-commerce in India but also at the same time, gives draconian powers
to the Police to enter and search, without any warrant, any public place
for the purpose of nabbing cybercriminals and preventing cybercrime.
Also, the Indian Cyberlaw talks of the arrest of any person who is about
to commit a cybercrime.
The Act defines five cyber-crimes damage to computer source code,
hacking, publishing electronic information whi-ch is lascivious or
prurient, br-each of confidentiality and pu-blishing false digital signatures. The Act also specifies that cybercrimes can only be investigated by
an official holding no less a rank than that of Dy. Superintendent of
Police (Dy.SP).
The Act simply says "Notwi-thstanding anything contained in any other
law for the time being in force, any Police Officer not below the rank of
Dy.SP may enter, search and arrest any person without search warrant in
any public place who he thinks is committing or about to commit a
cybercrime".
It is common that many systems operators do not share information
when they are victimis-ed by crackers. They don't contact law
enforcement officers when their computer systems are invaded,
preferring instead to fix the damage and take action to keep crackers
from gaining access again with as little public attention as possible.
According to Sundari Nanda, SP, CBI, "most of the times the victims do
not complain, may be because they are aware of the extent of the crime
committed against them, or as in the case of business houses, they don't
want to confess their system is not secure".
As the research shows, computer crime poses a real threat. Those who
believe otherwise simply have not been awakened by the massive losses
and setbacks experienced by companies worldwide. Money and
intellectual property have been stolen, corporate operations impeded,
and jobs lost as a result of computer crime.

Similarly, information systems in government and business alike have

been compromised. The economic impact of computer crime is
staggering.

CYBER AND CYBER CRIME

"Cyber" is a prefix used to describe a person,
thing, or idea as part of the computer and
information age. Taken from kybernetes,
Greek for "steersman" or "governor," it was
first used in cybernetics, a word coined by
Norbert Wiener and his colleagues. Common
usages include cyberculture, cyberpunk, and
cyberspace.
Parents, teachers, non-profits, government,
and industry have been working hard to
protect kids online. However, we also need
to think about protecting the Internet from
kids who might abuse it.
The Department of Justice categorizes computer crime in three ways:
1. The computer as a target - attacking the computers of others
(spreading viruses is an example).
2. The computer as a weapon - using a computer to commit
"traditional crime" that we see in the physical world (such as fraud
or illegal gambling).
3. The computer as an accessory - using a computer as a "fancy
filing cabinet" to store illegal or stolen information.
Reports of alleged computer crime have been a hot news item of late.
Especially alarming is the realization that many of the masterminds
behind these criminal acts are mere kids. In fact, children no longer need
to be highly skilled in order to execute cyber crimes. "Hacker tools" are
easily available on the Net and, once downloaded, can be used by even
novice computer users. This greatly expands the population of possible
wrongdoers. Children (and in some cases - their parents) often think that
shutting down or defacing Web sites or releasing network viruses are
amusing pranks. Kids might not even realize that what they are doing is
illegal. Still other kids might find themselves hanging out online with
skilled hackers who share hacking tools with them and encourage them
to do inappropriate things online. Unfortunately, some of these kids don't
8

realize that they are committing crimes until it is too late. Even more
distressing and difficult to combat is the fact that some in the media
portray the computer criminal as a modern day Robin Hood. Nothing
could be further from the truth.
So what are cyber crimes? Can the law enforcement authorities find
criminals online? How can you create context for your children to
understand what cyber crimes are? The following information (and areas
throughout the site) will help familiarize you with unethical and illegal
online behavior. Additionally, to learn more about cyber crime, visit the
Department of Justice Computer Crime & Intellectual Property Section's
website at www.cybercrime.gov. The Computer Emergency Response
Team (CERT) at www.cert.org and the National Infrastructure
Protection Center at the FBI at www.infragard.net provides regularly
updated information and descriptions of cyber crimes.

HISTORY ABOUT CYBER LAW

The Parliament of India has passed its first Cyberlaw, the
Information Technology Act, 2000 which not only provides the legal
infrastructure for E-commerce in India but also at the same time, gives
draconian powers to thePolice to enter and search, without any
warrant,any public place for the purpose of nabbing cyber criminals
and preventing cyber crime.
The good features of the said IT Act are that it legally recognizes email
as a valid form of communication in India. Also acceptance in a
electronic form of any offer, culminating into an electronic contract,has
also been declared legal and enforceable. The new act has recognized
digital signature for the first time in Indian law.The said new law has
also granted a hierarchy of infrastructure consisting of a Controller for
certifying authorities, Adjudicating Officers and Cyber Appellate
Tribunal.
The most distressing part of the new IT Act 2000 is its absolute
trampling of cyber liberties and freedom. A police officer of the rank a
Deputy superintendent of Police has been granted unheard of powers
in Cyberlaw history to do almost anything for the purpose of nabbing a
cyber criminal. The said unrestricted power given to police officer is in
the form of an absolute discretion given to the police officer to enter and
search any public place and arrest any person without warrant who is
"reasonably
suspected" of having committed or of committing a cyber crime or if he
is about to commit a cyber crime. The discretion of the police officer
further extends to defining as to who is going to be "reasonably
suspected" of a cybercrime. Also, the Indian Cyberlaw talks of the
arrest of any person who is about to commit a cybercrime. It is indeed
alien to Cyberlaw jurisprudence as to how any policeofficer is going to
decide as to whether a person is about to commit a cybercrime. Also,
the requirements ofcyberspace are very different from the actual world.
Most of the times, it is difficult to decide till the last moment as to
whether any cybercrime is about to be committed.

10

To top it all, the IT Act, 2000 gives immunity to the Central

Government and its officials including police from any suit,
prosecution and other legal proceedings for any act done in good faith in
pursuance of the provisions of the Act.Effectively,this rules out any
remedy for any person who is made a target of abuse and misuse of
discretion by the police.
Just in case you felt that this was all, you are mistaken. The Indian law
makes itself applicable to not only the whole of India but also to any
contravention or offence committed outside India by any person of
any nationality throughout the world. Internet is about abolishing
boundaries and not about creating them. The said new law opens up a
pandora's box for conflict of jurisdiction.
The said Indian law further takes immovable property out of the ambit
of electronic commerce as immovable property is excluded from the
applicability of the act.
&! nbsp
The Government of India further claims immunity from judicial review
in its power of appointing the Presiding Officer of theCyber Appellate
Tribunal ,a feature unknown to Indian jurisprudence. Further, it hits at
the root of established procedure of law.
Another surprising feature of the new Indian law is that it begins by
granting a legal infrastructure for e-commerce without touching anything
on other important legal issues for the corporate sector like Intellectual
Property Rights, Domain Names, Internet Policy, Linking or Disclaimer.
Another clauseof the new law takes a contrary stand from emerging
global cyberlaw trends relating to liability of Internet Service
Providers for third party data and information. Contrary to global
trends, ISPs as a matter of principle are made liable for third party data
and information made available by them through their service.
However, only in two exceptional cases, the ISP is not liable if the ISP
proves that he had no knowledge of the commission of any
offence or contravention of the provisions of the Act or if the ISP proves
that he acted with due diligence to prevent the commission of any

11

offence or contravention of the provisions of the Act. Both the two

exceptions are extremely loosely defined and the same shall become
one more tool of harassment of companies in the hands of the
authorities.
The biggest concern about the new Indian Cyberlaw relates to its
implementation. The said Act does not lay down parameters for its
implementation. Also when Internet penetration in India is extremely
low and Government and Police Officials, in general are not at all,
computer savvy, the new Indian Cyberlaw raises more questions than
it answers them.

12

CATEGORIZE CYBER CRIMES

In Simple way we can say that cyber crime is unlawful acts wherein the
computer is either a tool or a target or both
Cyber crimes can involve criminal activities that are traditional in
nature, such as theft, fraud, forgery, defamation and mischief, all of
which are subject to the Indian Penal Code. The abuse of computers
has also given birth to a gamut of new age crimes that are addressed
by the Information Technology Act, 2000.

We can categorize Cyber crimes in two ways

The Computer as a Target :-using a computer to attack other computers.
e.g. Hacking, Virus/Worm attacks, DOS attack etc.
The computer as a weapon :-using a computer to commit real world
crimes.
e.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds,
Pornography etc.
Cyber Crime regulated by Cyber Laws or Internet Laws.

Technical Aspects
Technological advancements have created new possibilities for criminal
activity, in particular the criminal misuse of information technologies
such as

a. Unauthorized access & Hacking:Access means gaining entry into, instructing or communicating with the
logical, arithmetical, or memory function resources of a computer,
computer system or computer network.
13

Unauthorized access would therefore mean any kind of access without

the permission of either the rightful owner or the person in charge of a
computer, computer system or computer network.
Every act committed towards breaking into a computer and/or network is
hacking. Hackers write or use ready-made computer programs to attack
the target computer. They possess the desire to destruct and they get the
kick out of such destruction. Some hackers hack for personal monetary
gains, such as to stealing the credit card information, transferring money
from various bank accounts to their own account followed by
withdrawal of money.
By hacking web server taking control on another persons website called
as web hijacking

b. Trojan Attack:The program that act like something useful but do the things that are
quiet damping. The programs of this kind are called as Trojans.
The name Trojan Horse is popular.
Trojans come in two parts, a Client part and a Server part. When the
victim (unknowingly) runs the server on its machine, the attacker will
then use the Client to connect to the Server and start using the trojan.
TCP/IP protocol is the usual protocol type used for communications, but
some functions of the trojans use the UDP protocol as well.

c. Virus and Worm attack:A program that has capability to infect other programs and make copies
of itself and spread into other programs is called virus.
Programs that multiply like viruses but spread from computer to
computer are called as worms.
d. E-mail & IRC related crimes:1. Email spoofing

14

Email spoofing refers to email that appears to have been originated from
one source when it was actually sent from another source. Please Read

2. Email Spamming
Email "spamming" refers to sending email to thousands and thousands
of users - similar to a chain letter.
3 Sending malicious codes through email
E-mails are used to send viruses, Trojans etc through emails as an
attachment or by sending a link of website which on visiting downloads
malicious code.

4. Email bombing
E-mail "bombing" is characterized by abusers repeatedly sending an
identical email message to a particular address.
5. Sending threatening emails
6. Defamatory emails
7. Email frauds
8. IRC related
Three main ways to attack IRC are: "verbal8218;?#8220; attacks,
clone attacks, and flood attacks.

e. Denial of Service attacks:Flooding a computer resource with more requests than it can handle.
This causes the resource to crash thereby denying access of service to
authorized users.

There are three basic types of attack:

a. Consumption of scarce, limited, or non-renewable resources like NW
bandwith, RAM, CPU time. Even power, cool air, or water can affect.

15

b. Destruction or Alteration of Configuration Information

c. Physical Destruction or Alteration of Network Components
e. Pornography:The literal mining of the term 'Pornography' is describing or showing
sexual acts in order to cause sexual excitement through books, films,
etc.
This would include pornographic websites; pornographic material
produced using computers and use of internet to download and transmit
pornographic videos, pictures, photos, writings etc.
Adult entertainment is largest industry on internet.There are more than
420 million individual pornographic webpages today.
Research shows that 50% of the web-sites containing potentially illegal
contents relating to child abuse were Pay-Per-View. This indicates that
abusive images of children over Internet have been highly
commercialized.
Pornography delivered over mobile phones is now a burgeoning
business, driven by the increase in sophisticated services that deliver
video clips and streaming video, in addition to text and images.

Effects of Pornography
Research has shown that pornography and its messages are involved in
shaping attitudes and encouraging behavior that can harm individual
users and their families.
Pornography is often viewed in secret, which creates deception within
marriages that can lead to divorce in some cases.
In addition, pornography promotes the allure of adultery, prostitution and
unreal expectations that can result in dangerous promiscuous behavior.
Some of the common, but false messages sent by sexualized culture.

16

Sex with anyone, under any circumstances, any way it is desired, is

beneficial and does not have negative consequences.
Women have one value - to meet the sexual demands of men.
Marriage and children are obstacles to sexual fulfillment.
Everyone is involved in promiscuous sexual activity, infidelity and
premarital sex.
Pornography Addiction
Dr. Victor Cline, an expert on Sexual Addiction, found that there is a
four-step progression among many who consume pornography.
1.Addiction: Pornography provides a powerful sexual stimulant or
aphrodisiac effect, followed by sexual release, most often through
masturbation.
2.Escalation: Over time addicts require more explicit and deviant
material to meet their sexual "needs."
3.Desensitization: What was first perceived as gross, shocking and
disturbing, in time becomes common and acceptable.
4.Acting out sexually: There is an increasing tendency to act out
behaviors viewed in pornography.
g. Forgery:Counterfeit currency notes, postage and revenue stamps, mark sheets etc
can be forged using sophisticated computers, printers and scanners.
Also impersonate another person is considered forgery.
h. IPR Violations:These include software piracy, copyright infringement, trademarks
violations, theft of computer source code, patent violations. etc.

17

Cyber Squatting- Domain names are also trademarks and protected by

ICANNs domain dispute resolution policy and also under trademark
laws.
Cyber Squatters registers domain name identical to popular service
providers domain so as to attract their users and get benefit from it.

i. Cyber Terrorism:Targeted attacks on military installations, power plants, air traffic

control, banks, trail traffic control, telecommunication networks are the
most likely targets. Others like police, medical, fire and rescue systems
etc.
Cyberterrorism is an attractive option for modern terrorists for several
reasons.
1.It is cheaper than traditional terrorist methods.
2.Cyberterrorism is more anonymous than traditional terrorist methods.
3.The variety and number of targets are enormous.
4.Cyberterrorism can be conducted remotely, a feature that isespecially
appealing to terrorists.
5.Cyberterrorism has the potential to affect directly a larger number of
people.

j. Banking/Credit card Related crimes:In the corporate world, Internet hackers are continually looking for
opportunities to compromise a companys security in order to gain
access to confidential banking and financial information.
Use of stolen card information or fake credit/debit cards are common.
Bank employee can grab money using programs to deduce small amount
of money from all customer accounts and adding it to own account also
called as salami.

18

k. E-commerce/ Investment Frauds:Sales and Investment frauds. An offering that uses false or fraudulent
claims to solicit investments or loans, or that provides for the purchase,
use, or trade of forged or counterfeit securities.
Merchandise or services that were purchased or contracted by
individuals online are never delivered.
The fraud attributable to the misrepresentation of a product advertised
for sale through an Internet auction site or the non-delivery of products
purchased through an Internet auction site.
Investors are enticed to invest in this fraudulent scheme by the promises
of abnormally high profits.

l. Sale of illegal articles:This would include trade of narcotics, weapons and wildlife etc., by
posting information on websites, auction websites, and bulletin boards or
simply by using email communication.
Research shows that number of people employed in this criminal area.
Daily peoples receiving so many emails with offer of banned or illegal
products for sale.

m. Online gambling:There are millions of websites hosted on servers abroad, that offer online
gambling. In fact, it is believed that many of these websites are actually
fronts for money laundering.

n. Defamation: Defamation can be understood as the intentional infringement of another

person's right to his good name.
Cyber Defamation occurs when defamation takes place with the help of
computers and / or the Internet. E.g. someone publishes defamatory
matter about someone on a website or sends e-mails containing
19

defamatory information to all of that person's friends. Information posted

to a bulletin board can be accessed by anyone. This means that anyone
can place
Cyber defamation is also called as Cyber smearing.

Cyber Stacking:Cyber stalking involves following a persons movements across the

Internet by posting messages (sometimes threatening) on the bulletin
boards frequented by the victim, entering the chat-rooms frequented by
the victim, constantly bombarding the victim with emails etc.
In general, the harasser intends to cause emotional distress and has no
legitimate purpose to his communications.

p. Pedophiles:Also there are persons who intentionally prey upon children. Specially
with a teen they will let the teen know that fully understand the feelings
towards adult and in particular teen parents.
They earns teens trust and gradually seduce them into sexual or indecent
acts.
Pedophiles lure the children by distributing pornographic material, then
they try to meet them for sex or to take their nude photographs including
their engagement in sexual positions.

q. Identity Theft :Identity theft is the fastest growing crime in countries like America.
Identity theft occurs when someone appropriates another's personal
information without their knowledge to commit theft or fraud.
Identity theft is a vehicle for perpetrating other types of fraud schemes.

20

r. Data diddling:Data diddling involves changing data prior or during input into a
computer.
In other words, information is changed from the way it should be entered
by a person typing in the data, a virus that changes data, the programmer
of the database or application, or anyone else involved in the process of
having information stored in a computer file.
It also include automatic changing the financial information for some
time before processing and then restoring original information.

s. Theft of Internet Hours:Unauthorized use of Internet hours paid for by another person.
By gaining access to an organisation's telephone switchboard (PBX)
individuals or criminal organizations can obtain access to dial-in/dial-out
circuits and then make their own calls or sell call time to third parties.
Additional forms of service theft include capturing 'calling card' details
and on-selling calls charged to the calling card account, and
counterfeiting or illicit reprogramming of stored value telephone cards.

t. Theft of computer system (Hardware):This type of offence involves the theft of a computer, some part(s) of a
computer or a peripheral attached to the computer.

u. Physically damaging a computer system:Physically damaging a computer or its peripheralseither by shock, fire or
excess electric supply etc.

v. Breach of Privacy and Confidentiality

Privacy

21

Privacy refers to the right of an individual/s to determine when, how and

to what extent his or her personal data will be shared with others.
Breach of privacy means unauthorized use or distribution or disclosure
of personal information like medical records, sexual preferences,
financial status etc.

Confidentiality
It means non disclosure of information to unauthorized or unwanted
persons.
In addition to Personal information some other type of information
which useful for business and leakage of such information to other
persons may cause damage to business or person, such information
should be protected.
Generally for protecting secrecy of such information, parties while
sharing information forms an agreement about he procedure of handling
of information and to not to disclose such information to third parties or
use it in such a way that it will be disclosed to third parties.
Many times party or their employees leak such valuable information for
monitory gains and causes breach of contract of confidentiality.
Special techniques such as Social Engineering are commonly used to
obtain confidential information.

22

INTERNET LAW
Other Constitutional Concerns Raised By Intellectual Property
Cybercrimes
Legislation aimed at fighting intellectual property cybercrimes (IP
cybercrimes) has become quite extensive, which is legally justifiable
considering the significance of these threats. However, this legislation
also raises numerous constitutional and civil liberties concerns in the
United States and other democratic governments.
As indicated in the summary entitled Another Fine Line: Civil Liberties
and the Digital Millennium Copyright Act, the implementation of the
Digital Millennium Copyright Act (DMCA) was necessary to prevent
copyright infringement, and for the development of e-commerce.
However, despite its positive effects, civil liberties organizations have
widely criticized it. Similarly, other legislations aimed at fighting
cybercrimes have raised significant constitutional issues. For instance,
the Uniting and Strengthening America by Providing Appropriate Tools
Required to Intercept and Obstruct Terrorism Act of 2001 (PATRIOT
Act), which was enacted six weeks after the September 11, 2001 events,
raises important online privacy concerns. According to civil liberties
organizations, many other measures and legislations, such as the
monitoring of the use of the Internet by companies and the international
Cybercrime Convention, which were designed as powerful tools against
cybercrime, also represent a threat to constitutional rights. These
legislations have generated much controversy, regarding the importance
of individual freedom versus security, or the importance of surveillance
needs versus the preservation of civil liberties.
What are Some of the Main Concerns of Civil Liberties Organizations?
One of these concerns is that legislation against cybercrime, which
includes many provisions aimed at fighting cyberterrorism, is turning the
United States into a full-fledged surveillance society. According to civil
liberties organizations such as the American Civil Liberties Union
(ACLU,) this risk is increased by the tremendous explosion in
surveillance-enabling technologies, combined with the ongoing
weakening in legal restraints that protect privacy. The PATRIOT Act is
one of the legislations actively opposed by civil liberties organizations.

23

Other Acts that are more specifically aimed at fighting IP cybercrimes

are harshly criticized as well.
What Constitutional Rights are at Stake?
According to civil liberties organizations, the legislations aimed at
fighting cybercrime, in general, and IP cybercrimes, in particular,
threaten constitutional rights including the following:
Fourth Amendment, i.e., freedom from unreasonable searches and
seizures.
Fifth Amendment, i.e., no person to be deprived of life, liberty or
property without due process of law.
Fourteenth Amendment, i.e., all persons (citizens and non-citizens)
within the U.S. are entitled to due process and the equal protection of the
laws.
What Provisions of the PATRIOT Act are viewed as a Threat to Civil
Liberties?
The PATRIOT Act, which was developed as an anti-terrorism legislation
in response to the September 11, 2001 attacks, is a very complex law
that gives new anti-privacy powers to domestic law enforcement and
international intelligence agencies. Civil Liberties groups argue that the
PATRIOT Act introduced significant changes to existing surveillance
laws. Some of the most criticized provisions of the PATRIOT Act are the
following:
The provision that expands the ability of law enforcement to conduct
secret searches, gives them wide powers of phone and Internet
surveillance, and access to highly personal medical, financial, mental
health, and students records with minimal judicial oversight.
The provision that allows FBI agents to investigate American citizens
for criminal matters without probable cause of crime if they say it is for
intelligence purposes.
The provision that permits non-citizens to be jailed based on mere
suspicion and to be denied re-admission to the U.S. for engaging in free
speech. Suspects convicted of no crime may be detained indefinitely in
six month increments without meaningful judicial review.
What is the Controversy Regarding the Monitoring of the Internet by
Private Organizations?
24

Organizations that have a website and/or whose employees use the

Internet face considerable risks of being sued if one of their employees
commit an IP cybercrime. Considering these risks, many organizations
have implemented Internet monitoring devices. These devices seem to
infringe upon employees right to privacy, which includes protection
against intrusion into seclusion. However, the courts that have dealt
with the issue have refused to find invasion of privacy. For instance, in
Smyth v. The Pillsbury Co., an employee sued his company for wrongful
termination after he was fired because he had written e-mails critical of
management. The court determined that Smyth did not have a reasonable
expectation of privacy in his e-mails, despite the companys promises,
and could not claim that he was fired in violation of any public policy.
Likewise, in McLaren v. Microsoft Corp., the court found that the e-mail
messages contained on the company computer are not the employees
personal property, but are merely an inherent part of the office
environment. The court concluded that the companys interest in
preventing inappropriate and unprofessional comments, or even illegal
activity, over its e-mail system outweighs the employees claimed
privacy interest in those communications. Thus, the case law clearly
supports the notion that workplace e-mail and Internet access belong to
the employer, and that the employee does not have a reasonable
expectation of privacy.
What are the Risks Associated with the Cybercrime Convention?
The Convention on Cybercrime was approved by the Council of Europe
on Nov. 23, 2001. The main objective of the Convention is to pursue a
common criminal policy aimed at the protection of society against
cybercrime, especially by adopting appropriate legislation and fostering
international cooperation. The Convention requires countries that ratify
it to adopt similar criminal laws on hacking, infringements of copyright,
computer-related fraud, and child pornography. It also contains a series
of powers and procedures such as the search of computer networks and
interception, and requires cross-border law enforcement cooperation in
searches and seizures and extradition. Because the U.S. participated in
the Conventions elaboration, they had the right to become parties to the
Convention by ratifying, which the U.S. did. Several Civil Liberties
groups, including the ACLU opposed the ratification of the Convention.
Their arguments included the following:

25

 The Convention lacks privacy and civil liberties protections specific

provisions.
The Convention lacks a dual criminality requirement for U.S.
cooperation with foreign police. The absence of a dual criminality
requirement could for instance force American law enforcement to
cooperate with investigations of activities that are illegal abroad but
perfectly legal in the U.S. As a result, American law enforcement
agencies might be forced to cooperate with foreign authorities in
conducting surveillance on American citizens who have committed no
crime under U.S. law.
The Convention gives police invasive new surveillance powers. It
would for instance require the U.S. to authorize the use of devices like
Internet-tapping surveillance system for intercepting the content of
communications.

26

CYBER CRIMES AND CYBER

TERRORISM:
Is the Internet the new Wild Wild West?
There can be no one exhaustive
definition
about
Cybercrime.
However, any activities which
basically offend human sensibilities,
can also be included in its ambit. Child
Pornography
on
the
Internet
constitutes one serious Cybercrime.
Similarly, online pedophiles, using
internet to induce minor children into
sex, are as much Cyber criminals as any other.
Cyber terrorism is the premeditated, politically motivated attack against
information, computer systems, computer programs, and data which
result in violence against property, government and people at large.
In the era of globalization: the use of steganography[1] as a means for
communicating the terrorist design online Red Fort case, E-mail
threats in Taj Mahal Case, Supreme Court E mail Threat Case. The use
of internet to plan and carry out the terrorists acts of September 11th
World Trade Center attack, reflects the present condition and provides
the answer to the question that Is the internet the new Wild Wild West?

Forms of Cyber Terrorism:

(I) Privacy violation:
The law of privacy is the recognition of the individual's right to be let
alone and to have his personal space inviolate. The right to privacy as an
independent and distinctive concept originated in the field of Tort law,
under which a new cause of action for damages resulting from unlawful
invasion of privacy was recognized. In recent times, however, this right
has acquired a constitutional status, the violation of which attracts both
civil as well as criminal consequences under the respective laws. The
27

intensity and complexity of life have rendered necessary some retreat

from the world. Man under the refining influence of culture, has become
sensitive to publicity, so that solitude and privacy have become essential
to the individual. Modern enterprise and invention have, through
invasions upon his privacy, subjected him to mental pain and distress, far
greater than could be inflicted by mere bodily injury. Right to privacy is
a part of the right to life and personal liberty enshrined under Article 21
of the Constitution of India. With the advent of information technology
the traditional concept of right to privacy has taken new dimensions,
which require a different legal outlook. To meet this challenge recourse
of Information Technology Act, 2000 can be taken.
The various provisions of the Act aptly protect the online privacy rights
of the citizens. Certain acts have been categorized as offences and
contraventions, which have tendency to intrude with the privacy rights of
the citizens.

(II) Secret information appropriation and data theft:

The information technology can be misused for appropriating the
valuable Government secrets and data of private individuals and the
Government and its agencies. A computer network owned by the
Government may contain valuable information concerning defense and
other top secrets, which the Government will not wish to share
otherwise. The same can be targeted by the terrorists to facilitate their
activities, including destruction of property. It must be noted that the
definition of property is not restricted to moveables or immoveables
alone.
In R.K. Dalmia v Delhi Administration the Supreme Court held that the
word "property" is used in the I.P.C in a much wider sense than the
expression "movable property". There is no good reason to restrict the
meaning of the word "property" to moveable property only, when it is
used without any qualification. Whether the offence defined in a
particular section of IPC can be committed in respect of any particular
kind of property, will depend not on the interpretation of the word
"property" but on the fact whether that particular kind of property can be
subject to the acts covered by that section.

(III) Demolition of e-governance base:

28

The aim of e-governance is to make the interaction of the citizens with

the government offices hassle free and to share information in a free and
transparent manner. It further makes the right to information a
meaningful reality. In a democracy, people govern themselves and they
cannot govern themselves properly unless they are aware of social,
political, economic and other issues confronting them. To enable them to
make a proper judgment on those issues, they must have the benefit of a
range of opinions on those issues. Right to receive and impart
information is implicit in free speech. This, right to receive information
is, however, not absolute but is subject to reasonable restrictions which
may be imposed by the Government in public interest.

(IV) Distributed denial of services attack:

The cyber terrorists may also use the method of distributed denial of
services (DDOS) to overburden the Government and its agencies
electronic bases. This is made possible by first infecting several
unprotected computers by way of virus attacks and then taking control of
them. Once control is obtained, they can be manipulated from any
locality by the terrorists. These infected computers are then made to send
information or demand in such a large number that the server of the
victim collapses. Further, due to this unnecessary Internet traffic the
legitimate traffic is prohibited from reaching the Government or its
agencies computers. This results in immense pecuniary and strategic loss
to the government and its agencies.
It must be noted that thousands of compromised computers can be used
to simultaneously attack a single host, thus making its electronic
existence invisible to the genuine and legitimate citizens and end users.
The law in this regard is crystal clear.

(V) Network damage and disruptions:

The main aim of cyber terrorist activities is to cause networks damage
and their disruptions. This activity may divert the attention of the
security agencies for the time being thus giving the terrorists extra time
and makes their task comparatively easier. This process may involve a
combination of computer tampering, virus attacks, hacking, etc.

29

Information Technology Act, 2000 deals with the cyber crime problems.
It has some positive as well as negative aspects.

Positive Aspects of the IT Act, 2000

1. Prior to the enactment of the IT Act, 2000 even an e-mail was not
accepted under the prevailing statutes of India as an accepted legal form
of communication and as evidence in a court of law. But the IT Act,
2000 changed this scenario by legal recognition of the electronic format.
Indeed, the IT Act, 2000 is a step forward.
2. From the perspective of the corporate sector, companies shall be able
to carry out electronic commerce using the legal infrastructure provided
by the IT Act, 2000. Till the coming into effect of the Indian Cyber law,
the growth of electronic commerce was impeded in our country basically
because there was no legal infrastructure to regulate commercial
transactions online.
3. Corporate will now be able to use digital signatures to carry out their
transactions online. These digital signatures have been given legal
validity and sanction under the IT Act, 2000.
4. In todays scenario, information is stored by the companies on their
respective computer system, apart from maintaining a back up. Under
the IT Act, 2000, it shall now be possible for corporate to have a
statutory remedy if any one breaks into their computer systems or
networks and causes damages or copies data. The remedy provided by
the IT Act, 2000 is in the form of monetary damages, by the way of
compensation, not exceeding Rs. 1, 00, 00,000.
5. IT Act, 2000 has defined various cyber crimes which includes hacking
and damage to the computer code. Prior to the coming into effect of the
Indian Cyber law, the corporate were helpless as there was no legal
redress for such issues. But the IT Act, 2000 changes the scene
altogether.

The Grey Areas of the IT Act, 2000:

1. The IT Act, 2000 is likely to cause a conflict of jurisdiction.

30

2. Electronic commerce is based on the system of domain names. The IT

Act, 2000 does not even touch the issues relating to domain names. Even
domain names have not been defined and the rights and liabilities of
domain name owners do not find any mention in the law.
3. The IT Act, 2000 does not deal with any issues concerning the
protection of Intellectual Property Rights I the context of the online
environment. Contentious yet very important issues concerning online
copyrights, trademarks and patents have been left untouched by the law,
thereby leaving many loopholes.
4. As the cyber law is growing, so are the new forms and manifestations
of cyber crimes. The offences defined in the IT Act, 2000 are by no
means exhaustive. However, the drafting of the relevant provisions of
the IT Act, 2000 makes it appear as if the offences detailed therein are
the only cyber offences possible and existing. The IT Act, 2000 does not
cove various kinds of cyber crimes and Internet related crimes. These
Include:a) Theft of Internet hours
b) Cyber theft
c) Cyber stalking
d) Cyber harassment
e) Cyber defamation
f) Cyber fraud
g) Misuse of credit card numbers
h) Chat room abuse
5. The IT Act, 2000 has not tackled several vital issues pertaining to ecommerce sphere like privacy and content regulation to name a few.
Privacy issues have not been touched at all.
6. Another grey area of the IT Act is that the same does not touch upon
any anti- trust issues.
7. The most serious concern about the Indian Cyber law relates to its
implementation. The IT Act, 2000 does not lay down parameters for its
implementation. Also, when internet penetration in India is extremely
low and government and police officials, in general are not very
computer savvy, the new Indian cyber law raises more questions than it

31

CYBER CRIMES AND GENERAL

PRINCIPLES
As the new millennium dawned, the computer has gained popularity in
every aspect of our lives. This includes the use of computers by persons
involved in the commission of crimes. Today, computers play a major
role in almost every crime that is committed. Every crime that is
committed is not necessarily a computer crime, but it does mean that law
enforcement must become much more computer literate just to be able to
keep up with the criminal element. According to Donn Parker , For the
first time in human history, computers and automated processes make it
possible to possess, not just commit, a crime. Today, criminals can pass a
complete crime in software from one to another, each improving or
adapting it to his or her own needs.
The first recorded cyber crime took place in the year 1820. The era of
modern computers, however, began with the analytical engine of Charles
Babbage. Cyber crime is an evil having its origin in the growing
dependence on computers in modern life. In a day and age when
everything from microwave ovens and refrigerators to nuclear power
plants is being run on computers, cyber crime has assumed rather
threatening implications.
The majority of what are termed cyber-crimes is really violations of
longstanding criminal law, perpetrated through the use of computers or
information networks. The problems of crime using computers will
rarely require the creation of new substantive criminal law; rather, they
suggest need for better and more effective means of international
cooperation to enforce existing laws.
On the other hand, there are new and serious problems posed by attacks
against computers and information systems, such as malicious hacking,
dissemination of viruses, and denial-of-service attacks. Such attacks
should be effectively prohibited, wherever they may originate. At the
same time, it is to be remembered that often the most effective way to
counter such attacks is to quickly deploy technical countermeasures;
therefore, to the extent that well-meaning but overbroad criminal
regulations diminish the technical edge of legitimate information

32

security research and engineering, they could have the unintended

consequence of actually undermining information security.
What is a Computer Crime?
a. Criminals Can Operate Anonymously Over the Computer Networks.
b. Hackers Invade Privacy.
c. Hackers Destroy "Property" in the Form of Computer Files or
Records.
d. Hackers Injure Other Computer Users by Destroying Information
Systems.
e. Computer Pirates Steal Intellectual Property.
Definition of Cyber Crime
Defining cyber crimes, as "acts that are punishable by the Information
Technology Act" would be unsuitable as the Indian Penal Code also
covers many cyber crimes, such as email spoofing and cyber defamation,
sending threatening emails etc. A simple yet sturdy definition of cyber
crime would be "unlawful acts wherein the computer is either a tool or a
target or both".

33

CLASSIFICATION
CRIMES:

OF

CYBER

The Information Technology Act deals with the following cyber crimes
along with others:
o Tampering with computer source documents
o Hacking
o Publishing of information, which is obscene in electronic form
o Child Pornography
o Accessing protected system
o Breach of confidentiality and privacy
Cyber crimes other than those mentioned under the IT Act
o Cyber Stalking
o Cyber squatting
o Data Diddling
o Cyber Defamation
o Trojan Attack
o Forgery
o Financial crimes
o Internet time theft
o Virus/worm attack
o E-mail spoofing
o Email bombing
o Salami attack
o Web Jacking
Cyber crime and cyber terrorism are both crimes of the cyber world. The
difference between the two however is with regard to the motive and the
intention of the perpetrator.
While a cyber crime can be described simply as an unlawful act wherein
the computer is either a tool or a target or both, cyber terrorism deserves
a more detailed definition. One can define cyber terrorism as a
premeditated use of disruptive activities or the threat thereof, in cyber
space, with the intention to further social, ideological, religious, political
or similar objectives, or to intimidate any person in furtherance of such
objectives.
34

CYBER CRIMINALS
Any person who commits an illegal act with a
guilty intention or commits a crime is called an
offender or a criminal. In this context, any
person who commits a Cyber Crime is known as
a Cyber Criminal. The Cyber Criminals may be
children and adolescents aged b/w 6-18 years,
they may be organized hackers, may be
professional hackers or crackers, discontented
employees, cheaters or even psychic persons.

a. Kids & Teenagers (age group 9-16 etc.)

This is really difficult to believe but it is true. Most amateur hackers and
cyber criminals are teenagers. To them, who have just begun to
understand what appears to be a lot about computers, it is a matter of
pride to have hacked into a computer system or a website. There is also
that little issue of appearing really smart among friends. These young
rebels may also commit cyber crimes without really knowing that they
are doing anything wrong.
According to the BBC , Teen hackers have gone from simply trying to
make a name for them selves to actually working their way into a life of
crime from the computer angle. According to Kevin Hogan , One of the
biggest changes of 2004 was the waning influence of the boy hackers
keen to make a name by writing a fast-spreading virus. Although teenage
virus writers will still play around with malicious code, 2004 saw a
significant rise in criminal use of malicious programs. The financial
incentives were driving criminal use of technology.
Another reason for the increase in number of teenage offenders in cyber
crimes are that many of the offenders who are mainly young college
students are unaware of its seriousness. Recently the Chennai city police
have arrested an engineering college student from Tamil Nadu for
sending unsolicited message to a chartered accountant. The boy is now
released on bail. So counseling session for college students has to be

35

launched to educate them on the gravity and consequences emanating

from such crimes.
In September, 2005, A Massachusetts teenager pleaded guilty in federal
court in Boston for a string of hacking crimes reported to include the
February compromise of online information broker Lexis Nexis and
socialite Paris Hilton's T-Mobile cellular phone account. The US Court
noted that the number of teenage hackers is on the rise and only the
lowest 1 percent of hackers is caught.
In the above instance, the judge imposed a sentence of 11 months'
detention in a juvenile facility. If he had been an adult, he would have
faced charges of three counts of making bomb threats against a person or
property, three counts of causing damage to a protected computer
system, two counts of wire fraud, one count of aggravated identity theft
and one count of obtaining information from a protected computer in
furtherance of a criminal act. This is clearly a deviation from the
traditional principles of criminal law.

b. Organized hacktivists
Hacktivists are hackers with a particular (mostly political) motive. In
other cases this reason can be social activism, religious activism, etc.
The attacks on approximately 200 prominent Indian websites by a group
of hackers known as Pakistani Cyber Warriors are a good example of
political hacktivists at work.

c. Disgruntled employees
One can hardly believe how spiteful displeased employees can become.
Till now they had the option of going on strike against their bosses.
Now, with the increase independence on computers and the automation
of processes, it is easier for disgruntled employees to do more harm to
their employers by committing computer related crimes, which can bring
entire systems down.

d. Professional hackers (Corporate espionage)

Extensive computerization has resulted in business organizations storing
all their information in electronic form. Rival organizations employ
36

hackers to steal industrial secrets and other information that could be

beneficial to them. The temptation to use professional hackers for
industrial espionage also stems from the fact that physical presence
required to gain access to important documents is rendered needless if
hacking can retrieve those.

CRIMINAL LAW
PRINCIPLES

GENERAL

According to criminal law, certain persons are excluded from criminal

liability for their actions, if at the relevant time; they had not reached an
age of criminal responsibility. After reaching the initial age, there may be
levels of responsibility dictated by age and the type of offense allegedly
committed.
Governments enact laws to label certain types of activity as wrongful or
illegal. Behavior of a more antisocial nature can be stigmatized in a more
positive way to show society's disapproval through the use of the word
37

criminal. In this context, laws tend to use the phrase, "age of criminal
responsibility"
in
two
different
ways:
1. As a definition of the process for dealing with alleged offenders, the
range of ages specifies the exemption of a child from the adult system of
prosecution and punishment. Most states develop special juvenile justice
systems in parallel to the adult criminal justice system. Children are
diverted into this system when they have committed what would have
been an offense in an adult.
2. As the physical capacity of a child to commit a crime. Hence, children
are deemed incapable of committing some sexual or other acts requiring
abilities of a more mature quality.
The age of majority is the threshold of adulthood as it is conceptualized
in law. It is the chronological moment when children legally assume
majority control over their persons and their actions and decisions,
thereby terminating the legal control and legal responsibilities of their
parents
over
and
for
them.
But in the cyber world it is not possible to follow these traditional
principles of criminal law to fix liability. Statistics reveal that in the
cyber world, most of the offenders are those who are under the age of
majority. Therefore, some other mechanism has to be evolved to deal
with cyber criminals.

TODAYS
TOMORROWS
ANALYSTS

HACKERS

SECURITY

Frank William Abagnale, Jr. is a former check con artist, forger and
imposter who, for five years in the 1960s, passed bad checks worth more
than $2.5 million in 26 countries. During this time, he used eight aliases
even more to cash bad checks. Currently he runs Abagnale and
Associates, a financial fraud consultancy company. His life story
provided the inspiration for the feature film Catch Me if You Can.
38

An Indian teenage hacking expert who has helped global think-tanks and
police officials combat computer attackers and digital swindlers is
spurning job offers to pursue a degree at the prestigious Stanford
University. Ankit Fadia, 18 has crisscrossed India, giving lectures to
police departments, software companies, educational institutions and
government agencies on how to fight "cyber criminals" and deal with
computer viruses.
Fadia, developed his computer skills after spending long hours on the
Internet, breaking into Web sites as an "ethical hacker" and then
informing companies about their sites' vulnerability. Also, he wants to
start his own computer security firm.
Also, Not all hackers are bad. There are certain hackers whose job is to
intrude into a software system by evading or disabling security measures
and checks how vulnerable the system is to the bad hackers. Ethical
computer hacking has come of age in order to stop or pre-empt intruders
from messing around with a computer programme. Financial
transactions are the mainstay of banking operations. Banks and other
such institutions need to be extra careful of the bad hackers. Ethical
hackers do what a hacker does but only to identify the loopholes in
software programmes.

CYBER ETHICS
Ethics and morality in different circumstances connotes varied and
complex meanings. Each and everything which is opposed to public
policy, against public welfare and which may disturb public tranquility
may
be
termed
to
be
immoral
and
unethical.
In the past terms such as imperialism, colonialism, apartheid, which
were burning issues have given way to cyber crime, hacking, 'cyberethics' etc. Today in the present era there is a need to evolve a 'cyberjurisprudence' based on which 'cyber-ethics' can be evaluated and
criticized. Further there is a dire need for evolving a code of Ethics on
the Cyber-Space and discipline.

39

WHY CYBERLAW IN INDIA ?

When Internet was developed, the founding fathers of Internet hardly
had any inclination that Internet could transform itself into an all
pervading revolution which could be misused for criminal activities and
which required regulation. Today, there are many disturbing things
happening in cyberspace. Due to the anonymous nature of the Internet, it
is possible to engage into a variety of criminal activities with impunity
and people with intelligence, have been grossly misusing this aspect of
the Internet to perpetuate criminal activities in cyberspace. Hence the
need for Cyberlaws in India.

What is the importance of Cyberlaw ?

40

Cyberlaw is important because it touches almost all aspects of

transactions and activities on and concerning the Internet, the World
Wide Web and Cyberspace. Initially it may seem that Cyberlaws is a
very technical field and that it does not have any bearing to most
activities in Cyberspace. But the actual truth is that nothing could be
further than the truth. Whether we realize it or not, every action and
every reaction in Cyberspace has some legal and Cyber legal
perspectives.

Does Cyberlaw concern me ?

Yes, Cyberlaw does concern you. As the nature of Internet is changing
and this new medium is being seen as the ultimate medium ever evolved
in human history, every activity of yours in Cyberspace can and will
have a Cyberlegal perspective. From the time you register your Domain
Name, to the time you set up your web site, to the time you promote
your website, to the time when you send and receive emails , to the time
you conduct electronic commerce transactions on the said site, at every
point of time, there are various Cyberlaw issues involved. You may not
be bothered about these issues today because you may feel that they are
very distant from you and that they do not have an impact on your Cyber
activities. But sooner or later, you will have to tighten your belts and
take note of Cyberlaw for your own benefit.

Cyberlaw Awareness program

Are your electronic transactions legally binding and authentic? Are you
verifying your customers' identities to prevent identity theft? Does your
online terms and conditions have binding effect? Are you providing
appropriate information and clear steps for forming and concluding your
online transactions? How are you ensuring data protection and
information security on your web site? Are you recognising the rights of
your data subjects?
Transacting on the Internet has wide legal implications as it alters the
conventional methods of doing business. To build enduring relationships
with your online customers the legal issues of e-transactions need to be
addressed from the onset.

41

This Awareness program will cover

the basics of Internet Security basic information on Indian Cyber Law
Impact of technology aided crime Indian IT Act on covering the legal
aspects of all Online Activities Types of Internet policies required for an
Organization. Minium hardware and software, security measures
required in an organization to protect data

CYBER LAW REMEDIES

Cyber law involves legal issues and actions involving the
computer,softwares, and internet. Cyber crime has the potential
for affecting the lives of millions of Internet and computer users. It may
be that someone created a false profile of one on www.facebook.com,
young girls unwittingly getting caught in the web of e-pornography,
embezzlement of funds through e-commerce, or even your own e-mail
password being hackedanybody can be a victim of cyber crimes.

There are three kinds of cyber crimes:

Cyber crime against people, which involves harassment, stalking and
social networking crimes; cyber crime against property in the form of
hacking, damage to computer source code or spreading virus in
42

computer and crime against nations in the form of cyber war. It is against
such crimes that a cyber lawyers services are invariably required .
A statistics-check reveals that in India, some 142 cases of cyber crimes
were registered under IT Act, 2000 during 2006 and a total of 311 cases
were registered under IPC sections in 2006 (as per the report of National
Crime Records Bureau). But these figures are merely the tip of the
iceberg as typically people hesitate to get a formal complaint registered.
Moreover, India has seen only two cyber crime convictions in the last 12
years.
Even though in its nascent stages, cyber law has tremendous scope and
prospects in India. With almost 42 million Internet users in India,
companies taking to digital storage and dissemination of data, increasing
popularity of e-banking, e-commerce, e-ticketing and even egovernance, there will undoubtedly be a need for good cyber lawyers in
the future.
To become a cyber lawyer, all you need is to be a qualified lawyer, and
earn a diploma in cyber law. Although there are no UGC-approved
institutes providing courses in cyber law, there are private institutes like
Asian School of Cyber Law, Mumbai, Indian Law Institute, Delhi,
NALSAR, Hyderabad, and Indian Institute of Information Technology
(IIIT) Allahabad, offering cyber law courses.
Although you dont need to be an IT specialist, a bit of technological
bent of mind and a knack for the cyber world will only add a cherry to
the cake.
As a cyber lawyer has to inevitably deal with criminal law, intellectual
property law, commercial and civil law in his cyber law cases, it is best
to have an in-depth knowledge of these laws apart from cyber laws to
give his practice a real edge.
Though the IT Act 2000 seems adequate enough, yet, keeping pace with
the changes in a forever-in-flux field like information technology may
prove to be an onerous task. The laws do need to catch up to give more
teeth to cyber lawyers. Also, you need to be forever updated about the
changes.

43

Some experts also feel that we need to concentrate more upon training
the law enforcement agents and police departments.
All cyber crimes transcend territorial boundaries. Hidden behind the veil
of anonymity, a cyber criminal could do his work sitting right next to
you, without you even realizing it. The task of a cyber lawyer is not only
to suggest a legal cure but also to his/her prepare clients to prevent such
things from happening.

THE
INDIAN
CYBER
LAW
REQUIRES
COMPLIANCE
BY
COMPANIES / CORPORATIONS
DOING BUSINESS IN INDIA
The Indian Information Technology Act was passed in 2000 ("IT Act").
However most of the companies are still unaware of the strict provisions
of the law. The increasing use of Information and Communication
Technology has given rise to serious compliance concerns, which if
ignored may attract various civil and criminal sanctions.

44

All the companies who are related

cyber business are required to IT is mandatory to set up corporate
comply with the requirements of the compliance programs including
cyber law compliance program. If
law.
you company does not have the
In addition, all the Multinational compliance program, then contact
Companies Doing Business in India us to help you set up one for you.
and having cyber involvement are _____****_____
required to comply with the
corporate and other laws of India
including cyber law compliance.
The cyber law mandates all companies to have an information
technology security policy. This documents the architecture of the
network, the roles and responsibility of employees, security parameters
and authorization required for data access, among other things. Other
compliances that are required include relate to retention and
authentication of electronic records and security of data.
In some instances the directors and members of a company can be
personally held liable. The following provisions of the Indian
Companies Act, 1956 provide that the Members or the Directors/officers
of a company will be personally liable if:
1. A company carries on business for more than six months after the
number of its members has been reduced below seven in the case
of a public company and two in the case of a private company.
Every person who was a member of the company during the time
when it carried on business after those six months and who was
aware of this fact, shall be severally liable for all debts contracted
after six months,
2. The application money of those applicants to whom no shares has
been allotted is not repaid within 130 days of the date of issue of
the prospectus, then the Directors shall be jointly and severally
liable to repay that money with the prescribed interest ,
3. an officer of the company or any other person acts on its behalf
and enters into a contract or signs a negotiable instrument without
fully writing the name of the company, then such officer or person
shall be personally liable,

45

4. The court refuses to treat the subsidiary company as a separate

entity and instead treat it as only a branch of the holding company,
5. In the course of winding up of the company, it appears that the
business of the company has been carried on with intent to
defraud the creditors of the company or any other person or for
any fraudulent purpose, al those who were aware of such fraud
shall be personally liable without any limitation of liability.
Moreover, Indian Information Technology Act of 2000 provides for
further personal liabilities. For example, Section 85(1) of the IT Act
provides that where a person committing a contravention of any of the
provisions of this Act or of any rule, direction or order made there under
is a Company, every person who, at the time the contravention was
committed, was in charge of, and was responsible to, the company for
the conduct of business of the company as well as the company, shall be
guilty of the contravention and shall be liable to be proceeded against
and punished accordingly.
The proviso to section 85 (1) provides that such person will not be liable
for punishment if he proves that the contravention took place without his
knowledge or that he exercised all due diligence to prevent such
contravention.
Section 85(2) of the IT Act provides that where a contravention of any of
the provisions of this Act or of any rule, direction or order made there
under has been committed by a company and it is proved that the
contravention has taken place with the consent or connivance of, or is
attributable to any neglect on the part of, any director, manager, secretary
or other officer of the company, such director, manager, secretary or
other officer shall also be deemed to be guilty of the contravention and
shall be liable to be proceeded against and punished accordingly.
The explanation to section 85 provides that the expressions company
means any body corporate and includes a firm or other association of
individuals and the expression "director", in relation to a firm, means a
partner in the firm.
All the Indian companies and all foreign companies doing business in
India, either directly or indirectly, should comply with this law.

46

SECONDARY
LEGISLATION
UNDER INDIAN CYBERLAW
The great Indian elections are over and with the coming of the new
government, here comes the hope of stability. Things appear to be
progressing very fast on the legislative drafting of secondary legislation
on the Indian cyberlaw. As we know, the Indian Information Technology
Act, 2000 was amended by the Information Technology Amendment
Act,2008, which was notified on 5-2-2009.

47

Under the new amended provisions, Powers have been given to the
appropriate Governments to make rules and regulations to give effect to
the amended provisions.
Some draft rules under some sections have been put up for comments on
the Minsitry of Information Technology website. More rules are
expected very soon.
While the concept of secondary legislation is indeed laudable, it goes
without saying that at no point of time, can the secondary legislation
overreach the principal legislation. Some draft rules put up for public
comment run the danger of being struck down by a court of law, if
enacted, as they are not in line with the principles enshrined in the
Constitution of India.
Another major important aspect that needs to be kept in mind, while
drafting rules under Section 43A and 79 of the amended IT Act,2000 is
that the said rules are likely to impact a huge number of relevant
stakeholders.
None of these stakeholders would want to be governed by rules, to
which they themselves, have not been previously consulted.
For example, the statutory definition of an intermediary is so vast that
it incorporates within its ambit numerous businesses, verticals and
industries. Having one set of rules , governing diverse industries, is not
likely to do justice to the cause of the basic principles, that the Indian
Information Technology Act, 2000, as amended, has enshrined.
It would just be prudent to draft separate set of rules, governing separate
sets of industries, which would qualify as an intermediary. This is so as,
for example, the requirements of the business of online banking, would
be completely different from the business on webhosting or network
service providing.
Similarly, given the huge ambit of the scope and reach of Section 43A,
there is a need for a realization to be dawned that one set of rules, would
not fit all. Having one set for rules, without keeping in mind the
customized requirements of the relevant stakeholders, is likely to
negatively impact the growth of the relevant businesses, apart from not
fulfilling the intentions of the legislature.
48

EFFECTIVENESS OF CYBER LAWS

IN INDIA
Cyber crime is a generic term that refers to all criminal activities, done
using the medium of computers, internet, cyber space and World Wide
Web.1[1]

1
49

In essence Cyber Law is an attempt to apply, laws designed for the

physical world to human activities on the internet, in simple words it is a
term which refers to all the legal and regulatory aspects of the Internet
and the World Wide Web.2[2]
We are in an era of Information Technology; the advent of IT revolution
has seen the rise of an IT society with an IT culture.
In less than half a century the development of IT has been tremendous.
with its encompass being from Raja to Praja & Sovereign to Subject,
There is hardly any area which has been left untouched by IT, From
cradle to cremation IT has an important role and as a substitute to
human activities, it is deeply rooting and impacts our normal day to day
activities.
In addition to countries like the US, Singapore, France, Malaysia and
Japan. India is the twelfth nation to have cyber legislation
The internet in India is growing rapidly. It has given rise to new
opportunities in every field we can think of be it entertainment,
business, sports or education. However there are always two sides to a
coin, Cybercrime (illegal activity committed on the internet) is one of its
major disadvantages. The internet, along with its many advantages, has
also exposed us to security risks that come with connecting to a large
network , Computers today are being misused for illegal activities like email espionage, credit card fraud, spams, software piracy, in true sense
2
50

of the term it does invade our privacy and offend our senses. Criminal
activities in the cyberspace are on the rise3[3]the modern thief can steal
more with a computer than with a gun. Tomorrows terrorist may be able
to do more damage with a keyboard than with a bomb. 4[4]To further
aggravate the problem, criminals realizing the effectiveness of
computers and the internet to successfully perpetrate conventional
crimes, are increasingly resorting to using them as tools for committing
such crimes.
Even though rise of literacy in India could bring down conventional
crimes but the vulnerability of computers and the Internet could make
crimes over the medium more rampant.5[5]
Cyber crime has made a significant impact on the criminal justice system
prevalent throughout the world. Criminals, realizing the effectiveness of
computers and the Internet to successfully perpetrate conventional
crimes, are resorting to using them as tools for committing such crimes;
its effects are felt more as nations constantly endeavor to provide quicker
and more efficient services to its citizens through the use of cyber space.
Instances around the world are coming to light where computers and
other electronic tools have been used as tools to facilitate commission of
conventional crimes.
The widespread growth of cyber crime has affected nations from all
across the globe. Incidents of cyber crime have caused extensive loss to
3
4
5
51

a nations economy. Loss of business profits and disruption of

government and other services acts as a death blow and hampers the
growth of any economy.
The incidents of cyber crime can range from obscene, threatening and
defamatory emails to computer aided sabotage, source code thefts and
even attempted cyber murders thus cyber crime is a phenomenon whose
effects are felt at a global level.
Cyber criminals tend to be technically sound and hardly leave any trails
for law enforcement personnel to find out or trace their physical
location. This necessitates the use of spoofing tools to trap and
subsequently induce the suspect to give clues about his actual physical
location and thus help law enforcement personnel to ultimately
apprehend the suspect. Computer crime being a multi-billion dollar
problem, law enforcement must seek ways to prevent its drawbacks from
overshadowing the great promise that the internet brings to the computer
age. Cybercrime is a menace that has to be tackled effectively not only
by the officials but also by the users co-operating with law. The founding
fathers of internet wanted it to be a boon for the whole world and it is
upon us to keep this tool of modernization as a boon and not make it a
bane for the society.6[6]

6
52

ARE CYBER CRIMES DIFFERENT

FROM CONVENTIONAL CRIMES
Cyber crime investigation is different in many ways from the
conventional crimes and presents serious enforcement challenges. There
is no physical contact between the victim and the perpetrator of the
crime, quite often; they are situated in different countries, thousands of
miles apart. This practically rules out availability of eyewitness account.
Availability of presentable documentary evidence rapidly diminishes
over time, this as such calls for a quick incidence response.7[8]
7
53

Why do we need to fight Cyber Crimes

We all must remember that cyberspace is a common heritage of ours
which we have inherited in our life times from the benefits of ever
growing technologies.
This cyberspace is the lifeline of the entire universe and given its
irreversible position today, it is the duty of every netizen to contribute
toward making the said cyberspace free of any trouble or cybercrime.8[9]

Why Are Computers Prone To Cyber Crime

Computers, despite being such high technology devices, are extremely
vulnerable. In fact it may be easier to steal national secrets from military
computers than to steal laddoos from a mithai shop.
Lakhs of pages of written matter may be stored in CDROM, walking
out of a godown with one lakh pages would be exceedingly difficult, but
walking out of a secure location with a CD ROM containing a lakh of
pages would be much simpler.9[10]

HLA Hart in his work The Concept of Law

has said human beings are vulnerable so rule of law is required to
protect them. Applying this to the cyberspace we may say that
8
9
54

computers are vulnerable so rule of law is required to protect and

safeguard them against cyber crime.

The reasons for the vulnerability of computers are:

(1) Its Capacity to store data in comparatively small
spaces.
Computers have the unique characteristic of storing data in small space.
This facilitates removal of information through both physical as well as
virtual medium there by making data theft much easier.

(2) Capability of being easily accessible.

The problem encountered in guarding a computer system from
unauthorised access is that there exist a very high possibility of breach
not only due to human error but also due to the complex technology.
Thus by secretly Implanting logic bomb, key loggers can steal access
codes.
In addition advanced voice recorders; retina imagers play a substantial
role in fooling biometric systems and bypassing firewalls so as to get
past, many a security systems.

(3)

Complexity

of

Computer systems

enables

detection &exploitation of several Loop Holes

55

The computers work on operating systems and these operating systems

in turn are composed of millions of codes. Human mind is fallible and it
is not possible that there might not be a lapse at any stage. The cyber
criminals take advantage of these lacunas and penetrate into the
computer system.

(4) Greater Chances of Negligence in Protecting

Computer Systems
Negligence is very closely connected with human conduct. It is therefore
very probable that while protecting the computer system there might be
some negligence, which may in fact provide a cyber criminal with an
opportunity to gain access and control over the computer system.

(5) Higher Chances of losing critical Evidence

Loss of evidence is a very common & obvious problem as all the data
are routinely destroyed & further collection of data outside the territorial
extent also paralyses this system of crime investigation.

56

PRE-REQUISITES

FOR

EFFECTIVENESS OF CYBER LAWS:

The cyber law, in any country of the world, cannot be effective unless
the concerned legal system has the following three pre requisites:

(1) A sound Cyber Law regime,

(2) A sound Enforcement Machinery, and
(3) A sound Judicial System
(1) Sound Cyber Law regime: The Cyber law in India can be found in
the form of IT Act, 2000.10[11] The IT Act, as originally enacted, was
suffering from various loopholes and lacunas.

10
57

It is important to realize that we need qualitative law and not

quantitative laws. In other words, one single Act can fulfill the need of
the hour provided we give it a dedicated and futuristic treatment.
Perhaps the nature of cyber space is such that we have to take additional
precautions. Since the internet is boundary less, any person sitting in an
alien territory can do havoc with computer system of India.
In addition the Information Technology is much more advanced in other
countries. If India does not shed its traditional core that it will be
vulnerable to numerous cyber threats in future. The need of the hour is
not only to consider the contemporary standards of the countries
having developed Information Technology standards but also to
anticipate future threats well in advance.
However the big question is, whether is India following this approach?
Unfortunately, the answer is in negative. Firstly, the IT Act was deficient
in certain aspects, though that was bound to happen. However, instead of
bringing the suitable amendments, the proposed IT Act, 2000
amendments have further diluted the criminal provisions of the Act.
The national interest was ignored for the sake of commercial
expediencies. The proposed amendments have rendered the IT Act a
toothless tiger which in fact is a remedy worst than malady.

(2) A Sound Enforcement Machinery:

58

A law might have been properly enacted and may be theoretically

effective too, but it is useless unless enforced in its true letter and spirit.
The law enforcement machinery in India is not well equipped to deal
with cyber law offences and contraventions. They must be trained
appropriately and should be provided with suitable technological
support. A sound judicial system is the backbone for preserving the law
and order in a society. Thus, a sound cyber law training of the Judges
and Lawyers is the need of the hour. In short, the dream for an Ideal
Cyber Law in India requires a considerable amount of time, money
and resources. In the present state of things, it may take five more years
to appreciate its application.

(3) A Sound Judicial System:Cyber savvy judges are the need of the day. Judiciary plays a vital
role in shaping the enactment according to the order of the day.
Mr T.K.Vishwanathan, member secretary, Law Commission, has
highlighted the requirements for introducing e-courts in India. In his
article published in The Hindu he has stated if there is one area of
Governance where IT can make a huge difference to Indian public is in
the Judicial System.11[12]

11
59

THE INFORMATION &

TECHNOLOGY ACT OF 2000,
DEFINES FIVE CYBER-CRIMES
(A) damage to computer source code
(b) hacking,
(c) publishing electronic information which is lascivious or prurient
(d), breach of confidentiality and
(e) publishing false digital signatures.
Indias Information Technology Act 2000 has tried to assimilate legal
principles available in several such laws (relating to Information
Technology) enacted earlier in several other countries.12[15]

12
60

STATUTORY PROVISONS (OF

INFORMATION TECHNOLOGY
ACT 2000)
The Indian parliament considered it necessary to give effect to the
resolution by which the General Assembly adopted Model Law on
Electronic Commerce adopted by the United Nations Commission on
Trade Law. As a consequence of which the Information Technology Act
2000 was passed and enforced on 17th May 2000.the preamble of this
Act states its objective to legalise e-commerce and further amend the
Indian Penal Code 1860, the Indian Evidence Act 1872, the Bankers
Book Evidence Act1891 and the Reserve Bank of India Act 1934.
The basic purpose to incorporate the changes in these Acts is to make
them compatible with the Act of 2000. So that they may regulate and
control the affairs of the cyber world in an effective manner.
The Information Technology Act deals with the various cyber crimes in
chapters IX & XI. The important sections are Ss. 43,65,66,67. Section
43 in particular deals with the unauthorised access, unauthorised

61

downloading, virus attacks or where any contaminant, causes damage,

disruption, denial of access, interference with the service availed by a
person. Then this section provides for a fine up to Rs1 Crore as remedy.
Section 65 deals with tampering with computer source documents and
provides for imprisonment up to 3 years or fine, which may extend up to
2 years or both. Section 66 deals with hacking with computer system
and provides for imprisonment up to 3 years or fine, which may extend
up to 2 years or both. Further section 67 deals with publication of
obscene material and provides for imprisonment up to a term of 10 years
and also with fine up to Rs. 2 lakhs.
Some Key highlights of the Act are listed below:
Chapter-II of the ITAct specifically stipulates that any subscriber may
authenticate an electronic record by affixing his digital signature. It
further states that any person can verify an electronic record by use of a
public key of the subscriber.
Chapter-III of the IT Act details about Electronic Governance and
provides inter alia amongst others that where any law provides that
information or any other matter shall be in writing or in the typewritten
or printed form, then, notwithstanding anything contained in such law,
such requirement shall be deemed to have been satisfied if such
information or matter is rendered or made available in electronic form;
and is kept accessible to be used as subsequent reference.
Chapter-III of IT Act also details the legal recognition of Digital
Signatures.
Chapter-IV of the Information Technology Act: gives a scheme for
regulation of Certifying Authorities. The Act envisages a Controller of
Certifying Authorities who shall perform the function of exercising
62

supervision over the activities of the Certifying Authorities as also laying

down standards and conditions governing the Certifying Authorities as
also specifying the various forms and content of Digital Signature
Certificates. The Act recognizes the need for recognizing foreign
Certifying Authorities and it further details the various provisions for the
issue of license to issue Digital Signature Certificates.
Chapter-VII of the Act details about the scheme of things relating to
Digital Signature Certificates and duties of subscribers are also
enshrined in the Information Technology Act.
Chapter-IX of the said Act talks about penalties and adjudication
for various offences. The penalties for damage to computer, computer
systems etc. has been fixed as damages by way of compensation not
exceeding Rs. 1,00,00,000 to affected persons.
The Act talks of appointment of any officers not below the rank of a
Director to the Government of India or an equivalent officer of state
government as an Adjudicating Officer who shall adjudicate whether any
person has made a contravention of any of the provisions of the said Act
or rules framed there under. The said Adjudicating Officer has been
given the powers of a Civil Court.
Chapter-X of the Act talks of the establishment of the Cyber
Regulations Appellate Tribunal, which shall be an appellate body
where appeals against the orders passed by the Adjudicating Officers,
shall be preferred.
Chapter-XI of the Act talks about various offences which shall be
investigated only by a Police Officer not below the rank of the Deputy
Superintendent of Police. These offences include tampering with

63

computer source documents, publishing of information, which is

obscene in electronic form, and hacking.
The Information Technology Act of 2000 also provides for the
constitution of the Cyber Regulations Advisory Committee, which
shall advice the government as regards any rules, or matters connected
with the Information technology.
The act proposes to amend the Indian Penal Code, 1860, the Indian
Evidence Act, 1872, The Bankers Books Evidence Act, 1891, The
Reserve Bank of India Act, 1934 to make them in tune with the
provisions of the IT Act.
Information Technology Act of 2000 is versatile enough to accommodate
those aspects of cyber law which should have been covered by IT Act2000 but are covered by other statutes. Thus since any IPC offence
committed with the use of Electronic Documents can be considered as
a crime with in the definition of a Written Documents. Cheating,
Conspiracy, Breach of Trust etc , thus in addition to Information
Technology Act-2000.,provisions of Indian Penal Code are also
applicable to Cyber offences
Under ITA-2000 the offence is recognized both under Section 66 and
Section 43. Accordingly, the persons involved are liable for
imprisonment and fine as well as a liability to pay damage to the victims
to the maximum extent of Rs 1 crore per victim for which the
Adjudication Process can be invoked.

64

Some of the persons who have assisted others in the commission of the
crime even though they may not be directly involved as beneficiaries
would be held liable under Section 43 of ITA-2000

A CRITICAL ANALYSIS
WHATS WRONG WITH OUR CYBER LAWS
Even though quite some time has passed since parliament passed the IT
Act, yet Indias first cyber law is still hard to implement, Cyber crime
cells in India are understaffed. Most police personnel are not familiar
with computers, so tremendous effort is required for training and
orienting them on various aspects of detection, investigation and
prosecution of cyber crimes.
Only a very few of our judges and prosecutors have adequate IT
knowledge.
There exists no provision for the police to take expert help in conducting
investigations.
to make matters worst cyber crimes in India are covered under civil
procedures, which take a longer time to deliver justice. Law must be
amended to enable it to be covered under a criminal procedure that
would make the act deliver results faster.
To make matters worse abuse of chat rooms, cyber stalking,
misappropriation and misuse of credit card numbers are just a few of the

65

many other loopholes which are still not addressed by IT Act 13[16].
When the act was announced way back in 2000, market watchers across
the world called it revolutionary. However in true sense of the term the
act has remained static while the rest of the world has changed.14[17]

CYBER CRIME CONVICTIONS &

JUDGMENTS
Case 1: First conviction in India
A complaint was filed in by Sony India Private Ltd, which runs a
website called sony-sambandh.com, targeting Non Resident Indians. The
website enables NRIs to send Sony products to their friends and relatives
in India after they pay for it online.
The company undertakes to deliver the products to the concerned
recipients. In May 2002,someone logged onto the website under the
identity of Barbara Campa and ordered a Sony Colour Television set and
a
cordless
head
phone.
A lady gave her credit card number for payment and requested that the
products be delivered to Arif Azim in Noida. The payment was duly
cleared by the credit card agency and the transaction processed. After
following the relevant procedures of due diligence and checking, the
company delivered the items to Arif Azim.
At the time of delivery, the company took digital photographs showing
the delivery being accepted by Arif Azim.
The transaction closed at that, but after one and a half months the credit
card agency informed the company that this was an unauthorized
transaction as the real owner had denied having made the purchase.
The company lodged a complaint for online cheating at the Central
Bureau of Investigation which registered a case under Section 418, 419
and 420 of the Indian Penal Code.
The matter was investigated into and Arif Azim was arrested.
Investigations revealed that Arif Azim, while working at a call centre in

13
14
66

Noida gained access to the credit card number of an American national

which he misused on the companys site.
The CBI recovered the colour television and the cordless head phone.
The accused admitted his guilt and the court of Shri Gulshan Kumar
Metropolitan Magistrate, New Delhi, convicted Arif Azim under Section
418, 419 and 420 of the Indian Penal Code this being the first time
that a cyber crime has been convicted.
The court, however, felt that as the accused was a young boy of 24 years
and a first-time convict, a lenient view needed to be taken. The court
therefore released the accused on probation for one year.

Case-2: First juvenile accused in a cyber crime case

In April 2001 a person from New Delhi complained to the crime branch
regarding the website. Amazing.com, he claimed, carried vulgar remarks
about his daughter and a few of her classmates. During the inquiry, printouts of the site were taken and proceedings initiated.
After investigation a student of Class 11 and classmate of the girl was
arrested.
The juvenile board in Nov 2003 refused to discharge the boy accused of
creating a website with vulgar remarks about his classmate.
The accuseds advocate had sought that his client be discharged on the
ground that he was not in a stable state of mind. Seeking discharge, the
advocate further said that the trial has been pending for about two years.
While rejecting the accuseds application, metropolitan magistrate
Santosh Snehi Mann said: The mental condition under which the
juvenile came into conflict with the law shall be taken into consideration
during the final order. Mann, however, dropped the sections of Indecent
Representation of Women (Prohibition) Act.
The accused would face trial under the Information Technology Act and
for intending to outrage the modesty of a woman. She held the inquiry
could not be closed on technical ground, especially when the allegations
were
not
denied
by
the
accused.

67

Case 3: First case convicted under Information

Technology Act 2000 of India
The case related to posting of obscene, defamatory and annoying
message about a divorcee woman in the yahoo message group. E-Mails
were also forwarded to the victim for information by the accused
through a false e-mail account opened by him in the name of the victim.
The posting of the message resulted in annoying phone calls to the lady
in the belief that she was soliciting.
Based on a complaint made by the victim in February 2004, the Police
traced the accused to Mumbai and arrested him within the next few
days. The accused was a known family friend of the victim and was
reportedly interested in marrying her. She however married another
person. This marriage later ended in divorce and the accused started
contacting her once again. On her reluctance to marry him, the accused
took up the harassment through the Internet.
On 24-3-2004 Charge Sheet was filed u/s 67 of IT Act 2000, 469 and
509 IPC before The Honble Addl. CMM Egmore by citing 18 witnesses
and 34 documents and material objects. The same was taken on file in
C.C.NO.4680/2004. On the prosecution side 12 witnesses were
examined and entire documents were marked.
The Defence argued that the offending mails would have been given
either by ex-husband of the complainant or the complainant her self to
implicate the accused as accused alleged to have turned down the request
of the complainant to marry her.
Further the Defence counsel argued that some of the documentary
evidence was not sustainable under Section 65 B of the Indian Evidence
Act. However, the court based on the expert witness of Naavi and other
evidence produced including the witness of the Cyber Cafe owners came
to the conclusion that the crime was conclusively proved.
The court has also held that because of the meticulous investigation
carried on by the IO, the origination of the obscene message was traced
out and the real culprit has been brought before the court of law. In this
68

case Sri S. Kothandaraman, Special Public Prosecutor appointed by the

Government conducted the case.
Honourable Sri.Arulraj, Additional Chief Metropolitan Magistrate,
Egmore, delivered the judgement on 5-11-04 as follows:
The accused is found guilty of offences under section 469, 509 IPC and
67 of IT Act 2000 and the accused is convicted and is sentenced for the
offence to undergo RI for 2 years under 469 IPC and to pay fine of
Rs.500/-and for the offence u/s 509 IPC sentenced to undergo 1 year
Simple imprisonment and to pay fine of Rs.500/- and for the offence u/s
67 of IT Act 2000 to undergo RI for 2 years and to pay fine of Rs.4000/All sentences to run concurrently.

Case 4: Father & son convicted under IT act in

Kerala
The Additional District and Sessions Court here has upheld a lower
courts verdict in the first cyber case filed in the State sentencing a
Pentecostal Church priest and his son to rigorous imprisonment in 2006.
Disposing of the appeal filed by the priest T.S. Balan and his son,
Aneesh Balan, against the order of the Chief Judicial Magistrate, on
Wednesday,
Additional District Judge T.U. Mathewkutty said it was time the
government took effective measures to check the growing trend of cyber
crimes in the State.
The court upheld the magistrates order sentencing the two to three-year
rigorous imprisonment and imposing a fine of Rs. 25,000 under Section
67 of the information technology (IT) Act; awarding six months rigorous
imprisonment under Section 120(B) of the Indian Penal Code; and
ordering one year rigorous imprisonment and imposing a fine of Rs.
10,000 under Section 469 of the code.
The court revoked the sentence under Section 66 of the IT Act.
The cyber case dates back to January-February 2002 and the priest and
his son became the first to be convicted of committing a cyber crime.
The two were found guilty of morphing, web-hosting and e-mailing nude
pictures of Pastor Abraham and his family.

69

Balan had worked with the pastor until he fell out with him and was
shown the door by the latter.
Balan joined the Sharon Pentecostal Church later.
The prosecution said the duo had morphed photographs of Abraham, his
son, Valsan Abraham, and daughter, Starla Luke, and e-mailed them
from fake mail IDs with captions.
The morphed pictures were put on the web and the accused, who edited
a local magazine called The Defender, wrote about these photos in his
publication.
Valsan received the pictures on the Internet and asked his father to file a
complaint to the police. A police party raided the house of Balan and his
son at Perumbavoor and collected evidences.
The magistrates verdict came after a four-year trial, for which the court
had to procure a computer with Internet connection and accessories.
The police had to secure the services of a computer analyst too to piece
together the evidences. Twenty-nine witnesses, including the internet
service provider and Bharat Sanchar Nigam Ltd., had to depose before
the court.

Case 5: Well-known orthopaedist in Chennai got life

Dr. L Prakash stood convicted of manipulating his patients in various
ways, forcing them to commit sex acts on camera and posting the
pictures and videos on the Internet.
The 50-year-old doctor landed in the police net in December 2001 when
a young man who had acted in one of his porn films lodged a complaint
with the police.
Apparently the doctor had promised the young man that the movie
would be circulated only in select circles abroad and had the shock of his
life when he saw himself in a porn video posted on the web.
Subsequent police investigations opened up a Pandora's box. Prakash
and his younger brother, settled in the US, had piled up close to one lakh
shots and video footages, some real and many morphed.
They reportedly minted huge money in the porn business, it was stated.

70

Fast track court judge R Radha, who convicted all the four in Feb 2008 ,
also imposed a fine of Rs 1.27 lakh on Prakash, the main accused in the
case, and Rs 2,500 each on his three associates - Saravanan, Vijayan and
Asir Gunasingh.
The Judge while awarding life term to Prakash observed that considering
the gravity of the offences committed by the main accused, maximum
punishment under the Immoral Trafficking Act (life imprisonment)
should be given to him and no leniency should be shown.
The Judge sentenced Prakash under the Immoral Trafficking Act, IPC,
Arms Act and Indecent Representation of Women (Prevention) Act
among others.

Case 6:Juvenile found guilty for sending threatening

email
A 16 year old student from ahmedabad who threatedned to blow up
Andheri Railway station in an email message was found guilty by the
Juvenile court in Mumbai.
A private news channel received an email on 18 March 2008 claiming
sender as Dawood Ibrahim gang saying a bomb would be planted on an
unspecified train to blow it up.
The case was registered in Andheri Police station under section 506 of
IPC and transfered to cyber crime investigation cell. During
Investigation CCIC traced the cyber cafe from which the email account
was created and threatening email was sent.
Cafe owner told police about freinds which had come that day to surf the
net.Police Summoned them and found that the system which was used to
send email was accessed by only one customer. On 22nd March 08,
police arrested the boy a Class XII science student who during
interrogation said that he sent the email for fun of having his prank
flashed as breaking news on television.

Case 7:Two Nigerians sentenced 7 years RI for online

fraud
A local court in Malappuram district in Kerala sentenced two Nigerians
to five years rigorous imprisonment on July 20, 2011 in a cyber-crime
case. The two had cheated a doctor in the district of Rs 30 lakh about
71

two years ago. Johnson Nwanonyi(32) and Michel Obiorahmuozboa

(34), both hailing from Anambra state in Nigeria, were sentenced each
under sections 420(cheating)-5 years, and 468(forgery)-5 years of IPC
and section 66(D) (phishing) of Information Technology
(Amendment) Act 2008 -2 years and a fine of Rs 1.25 lakh by a Chief
Judicial Magistrate V Dileep in Manjeri in Malappuram district. The
sentence would run concurrently.
According to the charges filed by the Karipur police, the duo had
cheated the doctor Dr C C Thomas, hailing from Valluvambram in
Malappuram district after they sent an e-mail inviting application to
recover a huge sum of unclaimed money left behind by a Nigerian
businessman. They had advertised that the money, kept aside for
charitable hospital, was lying unclaimed in a bank. When the doctor
responded to the e-mail, they tricked him by asking to pay Rs 30 lakh as
processing fee. But a planned move by the police and the doctor
succeeded when the Nigerians were lured into Kerala in March 2010.
They were then arrested by the Karipur police. The strong evidence
based on which the prosecution presented the case became crucial in the
first verdict against financial fraud under the IT Act. Deputy Director for
Prosecution V C Ismayil appeared for the prosecution.

Case 8:AP High Court dismisses Google's Petition

contending being intermediary it can not be held
liable for defamation
THE HONOURABLE SRI JUSTICE SAMUDRALA
GOVINDARAJULU, AP High Court
Crl.P.No.7207 OF 2009
19-04-2011
Google India Pvt. Ltd.,
M/s.Visaka Industries Limited and another
Counsel for the Petitioner : Sri Nunepally Harinath
Counsel for the 1st Respondent: Sri N.V.Anantha Krishna
Counsel for the 2nd respondent: Public Prosecutor
:ORDER:

72

The petitioner/A-2 is accused of offences punishable under Sections

120-B, 500, 501/34 I.P.C in C.C. No.679 of 2009 on the file of XI
Additional Chief Metropolitan Magistrate, Secunderabad along with
another. The petitioner/A-2 is Google India Private Limited represented
by its Managing Director (Sales and Operations). The 1st
respondent/complainant is Visaka Industries Limited, Secunderabad
represented by its authorised signatory who is its Deputy ManagerLegal. The complainant is engaged in business of manufacturing and
selling of Asbestos cement sheets and allied products. It is alleged that
A-1 viz., Gopala Krishna is a Co-ordinator "Ban Asbestos India" a group
which is hosted by A-2 and publishes regular articles in the said group
and that on 21.11.2008 an article was published in the said group and it
was captioned as "poisoning the system; Hindustan Times" aiming at a
single manufacturer of Asbestos cement products viz., the complainant
and names of renowned politicians of the country G.Venkata Swamy and
Sonia Gandhi who have nothing to do with the ownership or
management of the complainant-company were named in that article. It
is further alleged that on 31.07.2008 another article captioned as "Visaka
Asbestos Industries making gains" and that both the above articles
contained defamatory statements against the complainant and they are
available in Cyber space in the form of articles for world wide audience.
In the complaint, details of defamatory remarks made in several other
articles published by A-1 in A-2 group are given in detail, which details
may not be necessary for the purpose of disposal of this criminal
petition.
2) It is contended by the senior counsel appearing for the petitioner/A-2
that actions of intermediaries such as Google Inc., which is a service
provider providing platform for end users to upload content, does not
amount to publication in law and consequently the question of holding
such intermediaries liable for defamation does not arise. Senior Counsel
appearing for the petitioner placed reliance on Section 79 of the
Information Technology Act, 2000 (in short, the Act) in support of this
contention.
3) Section 79 which occurs in Chapter XII of the Act originally as it
stood enacted in the year 2000 reads as follows:
"CHAPTER XII NETWORK SERVICE PROVIDERS NOT TO BE
LIABLE IN CERTAIN CASES

73

79. Network service providers not to be liable in certain cases: For the
removal of doubts, it is hereby declared that no person providing any
service as a network service provider shall be liable under this Act, rules
or regulations made thereunder for any third party information or data
made available by him if he proves that the offence or contravention was
committed without his knowledge or that he had exercised all due
diligence to prevent the commission of such offence or contravention.
Explanation. For the purposes of this section,
(a) "network service provider" means an intermediary;
(b) "third party information" means any information dealt with by a
network service provider in his capacity as an intermediary."
The said provision exempts network service providers from liability
under the Act, rules or regulations made thereunder for any third party
information or data made available by him. It did not exempt a network
service provider from liability muchless criminal liability for the
offences under other laws or more particularly under the Indian Penal
Code. Further, the above provision exempts network service provider
from liability, only on proof that the offence or contravention was
committed without his knowledge or that he had exercised all due
diligence to prevent the commission of such offence or contravention.
Proof in that regard can be let in by way of leading evidence by the
accused. Therefore, the said question is a question of fact which this
Court may not go into in this petition filed under Section 482 Cr.P.C.
4) Chapter XII of the Act including Section 79 was amended by the
Information Technology (Amendment) Act, 2008 (10 of 2009) dated
05.02.2009 with effect from 27.10.2009 by way of substituting the
following in the place of original chapter:
"CHAPTER XII INTERMEDIARIES NOT TO BE LIABLE IN
CERTAIN CASES
79. Exemption from liability of intermediary in certain cases:
(1) Notwithstanding anything contained in any law for the time being in
force but subject to the provisions of sub-sections (2) and (3), an
intermediary shall not be liable for any third party information, data, or
communciation link made available or hosted by him.
(2) The provisions of sub-section (1) shall apply if- (a) the functions of
the intermediary is limited to providing access to a communication
system over which information made available by third parties is
transmitted or temporarily stored or hosted; or
74

(b) the intermediary does not(i) initiate the transmission,

(ii) select the receiver of the transmission, and
(iii) select or modify the information contained in the transmission;
(c) the intermediary observes due diligence while discharging his duties
under this Act and also observes such other guidelines as the Central
Government may prescribe in this behalf.
(3) The provisions of Sub-section(1) shall not apply if(a) The intermediary has conspired or abetted or aided or induces
whether by threats or promise or otherwise in the commission of the
unlawful act;
(b) upon receiving actual knowledge, or on being notified by
information, data or communication link residing in or connected to a
computer resource controlled by the intermediary is being used to
commit the unlawful act, the intermediary fails to expeditiously remove
or disable access to that material on that resource without vitiating the
evidence in any manner.
Explanation.- For the purposes of this section, the expression "third party
information" means any information dealt with an intermediary in his
capacity as an intermediary."
It is only under the said amendment, non-obstenti clause was
incorporated in Section 79 keeping application of other laws outside the
purview in a fact situation covered by the said provision. Now, after the
amendment, an intermediary like a network service provider can claim
exemption from application of any other law in respect of any third party
information, data or communication link made available or hosted by
him; provided he satisfied the requirements under Sub-section (2) of
Section 79. Further, as per amended Sub- section (3) of Section 79, the
exemption under Sub-section (1) cannot be applied by any Court and
cannot be claimed by any intermediary in case the intermediary entered
into any conspiracy in respect thereof. Also, the intermediary cannot
claim exemption under Sub-section (1) in case he fails to expeditiously
remove or disable access to the objectionable material or unlawful
activity even after receiving actual knowledge thereof. In the case on
hand, in spite of the 1st respondent issuing notice bringing the petitioner
about dissemination of defamatory material and unlawful activity on the
part of A-1 through the medium of A-2, the petitioner/A-2 did not move
its little finger to block the said material or to stop dissemination of the
unlawful and objectionable material. Therefore, the petitioner/A-2

75

cannot claim any exemption either under Section 79 of the Act as it

stood originally or Section 79 of the Act after the amendment which took
effect from 27.10.2009. The present case in the lower Court was
instituted in January, 2009 relating to the offences which are being
perpetrated from 31.07.2009 onwards i.e., since long prior to the
amendment to the said provision.
5) There is no exemption of any criminal liability in respect of a
company which is a juristic person and which has no body that can be
damned or contemned. In case found guilty, the petitioner company can
be awarded with appropriate punishment though not corporal
punishment. In that view of the matter, I find no merit in this criminal
petition.
6) Accordingly, the Criminal Petition is dismissed.

76

CONCLUSION:
The new legislation which can cover all the aspects of the Cyber Crimes
should be passed so the grey areas of the law can be removed. The recent
blasts in Ahmedabad, Bangalore and Delhi reflects the threat to the
mankind by the cyber space activities against this I personally believes
that only the technology and its wide expansion can give strong fight to
the problems. The softwares are easily available for download should be
restricted by the Government by appropriate actions. New amendment
should be including to the IT Act, 2000 to make it efficient and active
against the crimes. The training and public awareness programs should
be organized in the Companies as well as in common sectors. The
number of the cyber cops in India should be increased. The jurisdiction
problem is there in the implementation part which should be removed
because the cyber criminals does not have any jurisdiction limit then
why do the laws have, after all they laws are there, to punish the criminal
but present scenario gives them the chance to escape.
The Information Technology Act 2000 was passed when the country was
facing the problem of growing cyber crimes. Since the Internet is the
medium for huge information and a large base of communications
around the world, it is necessary to take certain precautions while
operating it. Therefore, in order to prevent cyber crime it is important to
educate everyone and practice safe computing.
Following Frank William Abagnale & Robert Morris, many other
hackers are intending to make use of their skills for better purposes. This
trend continues even now where companies as their security analysts
hire the brilliant hackers. Also, there is a dire need for evolving a code of
Ethics on the Cyber-Space and discipline. In the cyberspace, following
traditional principles of criminal law to fix liability is not possible. Since
most of the cyber criminals are those who are under the age of majority,
77

some other legal framework has to be evolved to deal with them. Since
cyber world has no boundaries, it is a Herculean task to frame laws to
cover each and every aspect. But, however a balance has to be
maintained and laws be evolved so as to keep a check on cyber crimes.

REFERENCES
1. www.gahtan.com/cyberlaw - Cyber Law Encyclopedia
2. Cyber Law and Information Technology by Talwant Singh Addl. Distt.
& Sessions Judge, Delhi
3. Cyber Crimes & Real World Society By Lalitha Sridhar
5. World Information Technology And Services Alliance (Witsa)
Statement On The Council Of Europe Draft Convention On CyberCrime

78

LINK: BIBLIOGRAPHY
Link: http://www.cybercitizenship.org/crime/crime.html
Link:http://www.cyberlaws.net/cyberindia/india.htm
http://www.cyberlawsindia.n
http://www.legalserviceindia.com/article/l323-Cyber-Crimes-&Cyber-Law.html
http://www.legalserviceindia.com/article/l262-Cyber-Crimes-andGeneral-Principles.html
www.cyberlawsindia.net/cyber-india.html
http://www.divorcelawyerindia.com/updates/tag/cyber-law-remedies
http://pavanduggal.net/Blog/?p=8

79