Cyber law is the part of the overall legal system that deals with the
internet, cyberspace, and their respective legal issues. Cyber law covers a
fairly broad area covering several subtopics including freedom of expression,
access to and usage of the internet, and online privacy. Generically, cyber law
is referred to as the Law of the Internet.
Cyber Law is a generic term referring to all the legal and regulatory aspects of
the internet. Everything concerned with or related to or emanating from any
legal aspects or concerning any activities of the citizens in the cyberspace
comes within the ambit of cyber laws. Cyber law covers legal issues which are
related to the use of communicative, transactional, and distributive aspects of
network information technologies and devices. It encompasses the legal,
statutory, and constitutional provisions which affect computers and networks.
History
The Information Technology Act, 2000 came into force on 17 October 2000. This
Act applies to whole of India, and its provisions also apply to any offense or
contravention, committed even outside the territorial jurisdiction of Republic
of India, by any person irrespective of his nationality. In order to attract
provisions of this Act, such an offence or contravention should involve a
computer, computer system, or computer network located in India. The IT Act 2000
provides an extraterritorial applicability to its provisions by virtue of
Section 1(2) read with Section 75. This Act has 90 Sections.
India's The Information Technology Act 2000 has tried to assimilate legal
principles available in several such laws (relating to information technology)
enacted earlier in several other countries, as also various guidelines
pertaining to information technology law. The Act gives legal validity to
electronic contracts, recognition of electronic signatures. This is a modern
legislation which makes acts like hacking, data theft, spreading of virus,
identity theft, defamation (sending offensive messages) pornography, child
pornography, cyber terrorism, a criminal offence.
The Act is supplemented by a number of rules which includes rules for cyber
cafes, electronic service delivery, data security, blocking of websites. It also
has rules for observance of due diligence by internet intermediaries (ISP's,
network service providers, cyber cafes, etc.). Any person affected by data
theft, hacking, spreading of viruses can apply for compensation from Adjudicator
appointed under Section 46 as well as file a criminal complaint. Appeal from
adjudicator lies to Cyber Appellate Tribunal.
Offences
Section 65 - Tampering with computer source documents
If a person knowingly or intentionally conceals, destroys or alters or
intentionally or knowingly causes another to conceal, destroy or alter any
computer source code used for a computer, computer programme, computer system or
computer network, when the computer source code is required to be kept or
maintained by law for the time being in force.
Penalty - Imprisonment up to three years, or/and with fine up to RS 200,000
Â
Section 66 – Hacking with computer system
If a person with the intent to cause or knowing that he is likely to cause
wrongful loss or damage to the public or any person destroys or deletes or
alters any information residing in a computer resource or diminishes its value
or utility or affects it injuriously by any means, commits hack.
Penalty - Imprisonment up to three years, or/and with fine up to RS 500,000
Section 66B - Receiving stolen computer or communication device
A person receives or retains a computer resource or communication device which
is known to be stolen or the person has reason to believe is stolen.
Penalty - Imprisonment up to three years, or/and with fine up to RS 100,000
Section 66C – Using password of another person
A person fraudulently uses the password, digital signature or other unique
identification of another person.
Penalty - Imprisonment up to three years, or/and with fine up to RS 100,000
Section 66D – Cheating using computer resource
If a person cheats someone using a computer resource or communication.
Penalty - Imprisonment up to three years, or/and with fine up to RS 100,000
Section 66E – Publishing private images of others
If a person captures, transmits or publishes images of a person's private parts
without his/her consent or knowledge.
Penalty - Imprisonment up to three years, or/and with fine up to RS 200,000
Section 66F – Act of cyber terrorism
If a person denies access to authorized personnel to a computer resource,
accesses a protected system or introduces contaminant into a system, with the
intention of threatening the unity, integrity, sovereignty or security of India,
then he commits cyber terrorism.
Penalty - Imprisonment up to life.
Section 67 - Publishing information which is obscene in e-form
If a person publishes or transmits or causes to be published in the electronic
form, any material which is lascivious or appeals to the prurient interest or if
its effect is such as to tend to deprave and corrupt persons who are likely,
having regard to all relevant circumstances, to read, see or hear the matter
contained or embodied in it.
Penalty - Imprisonment up to five years, or/and with fine up to RS 1,000,000
Section 67A - Publishing images containing sexual acts
If a person publishes or transmits images containing a sexual explicit act or
conduct.
Penalty- Imprisonment up to seven years, or/and with fine up
to RS 1,000,000
Section 67B – Publishing child porn or predating children online
If a person captures, publishes or transmits images of a child in a sexually
explicit act or conduct. If a person induces a child into a sexual act. A child
is defined as anyone under 18.
Penalty- Imprisonment up to five years, or/and with fine up
to RS 1,000,000 on first conviction. Imprisonment up to seven years, or/and with
fine up to RS 1,000,000 on second conviction.
Section 67C - Failure to maintain records
Persons deemed as intermediary (such as an ISP) must maintain required records
for stipulated time. Failure is an offence.
Penalty- Imprisonment up to three years, or/and with fine.
Section 68 - Failure/refusal to comply with orders
The Controller may, by order, direct a Certifying Authority or any employee of
such Authority to take such measures or cease carrying on such activities as
specified in the order if those are necessary to ensure compliance with the
provisions of this Act, rules or any regulations made there under. Any person
who fails to comply with any such order shall be guilty of an offence.
Penalty- Imprisonment up to three years, or/and with fine up
to RS 200,000
Section 69 - Failure/refusal to decrypt data
If the Controller is satisfied that it is necessary or expedient so to do in the
interest of the sovereignty or integrity of India, the security of the State,
friendly relations with foreign States or public order or for preventing
incitement to the commission of any cognizable offence, for reasons to be
recorded in writing, by order, direct any agency of the Government to intercept
any information transmitted through any computer resource. The subscriber or any
person in charge of the computer resource shall, when called upon by any agency
which has been directed, must extend all facilities and technical assistance to
decrypt the information. The subscriber or any person who fails to assist the
agency referred is deemed to have committed a crime.
Penalty- Imprisonment up to seven years and possible fine.
Section 70 - Securing access to a protected system
The appropriate Government may, by notification in the Official Gazette, declare
that any computer, computer system or computer network to be a protected system.
The appropriate Government may, by order in writing, authorize the persons who
are authorized to access protected systems. If a person who secures access or
attempts to secure access to a protected system, then he is committing an
offence.
Penalty- Imprisonment up to ten years, or/and with fine.
Section 71 – Misrepresentation
If anyone makes any misrepresentation to, or suppresses any material fact from,
the Controller or the Certifying Authority for obtaining any license or Digital
Signature Certificate.
Penalty - Imprisonment up to three years, or/and with fine up
to RS 100,000
Criticism
Section 66A and Restriction of Free Speech
From its establishment as an amendment to the original act in 2008, Section 66A
attracted controversy over its unconstitutional nature:
Section 66A - Publishing offensive, false or threatening information
Any person who sends by any means of a computer resource any information that is
grossly offensive or has a menacing character; or any information which he knows
to be false, but for the purpose of causing annoyance, inconvenience, danger,
obstruction, insult shall be punishable with imprisonment for a term which may
extend to three years and with fine.
In December 2012, P Rajeev, a Rajya Sabha member from Kerala, tried to pass a
resolution seeking to amend the Section 66A. He was supported by D.
Bandyopadhyay, Gyan Prakash, Narendra Kumar Kashyap, Rama Chandra Khuntia and Baishnab
Charan Parida. P Rajeev pointed that cartoons and editorials allowed in
traditional media, were being censored in the new media. He also said that law
was barely debated before being passed in December 2008.
Rajeev Chandrasekhar suggested the 66A should only apply to person to person
communication pointing to a similar Section under the Indian Post Office Act,
1898. Shantaram Naik opposed any changes, saying that the misuse of law was
sufficient to warrant changes. Then Minister for Communications and Information
Technology, Kapil Sibal defended the existing law, saying that similar laws
existed in US and UK. He also said that a similar provision existed under Indian
Post Office Act, 1898. However, P Rajeev said that the UK dealt only with
communication from person to person.
Revocation by the Supreme Court
On 24 March 2015, the Supreme Court of India gave the verdict that Section 66A
is unconstitutional in entirety. The court said that Section 66A of IT Act 2000
is "arbitrarily, excessively and disproportionately invades the right of free
speech" provided under Article 19(1) of the Constitution of India. But the Court
turned down a plea to strike down Sections 69A and 79 of the Act, which deal
with the procedure and safeguards for blocking certain websites.
Strict Data Privacy Rules
The data privacy rules introduced in the Act in 2011 has been described as too
strict by some Indian and US firms. The rules require firms to obtain written
permission from customers before collecting and using their personal data. This
has affected US firms which outsource to Indian companies. However, some
companies have welcomed the strict rules, saying it will remove fears of
outsourcing to Indian companies.
Section 69 and Mandatory Decryption
The Section 69 allows intercepting any information and asks for information
decryption. To refuse decryption is an offence. The Indian Telegraph Act,
1885 allows the government to tap phones. But, according to a 1996 Supreme Court
verdict the government can tap phones only in case of a
public emergency.
But, there is no such restriction on Section 69. On 20 December 2018,
the Ministry of Home Affairs cited Section 69 in the issue of an order
authorising ten central agencies to intercept, monitor, and decrypt “any
information generated, transmitted, received or stored in any computer.†While
some claim this to be a violation of the fundamental right to privacy, the
Ministry of Home Affairs has claimed its validity on the grounds of national
security.
Some Cases
Section 66
In February 2001, in one of the first cases, the Delhi police arrested two men
running a web-hosting company. The company had shut down a website over
non-payment of dues. The owner of the site had claimed that he had already paid
and complained to the police. The Delhi police had charged the men for hacking
under Section 66 of the IT Act and breach of trust under Section 408 of
the Indian Penal Code. The two men had to spend 6 days in Tihar jail waiting for
bail. Bhavin Turakhia, chief executive officer of directi.com, said that this
interpretation of the law would be problematic for web-hosting companies.
In February 2017, M/s Voucha Gram India Pvt. Ltd, owner of Delhi based Ecommerce
Portal www.gyftr.com made a Complaint with Hauz Khas Police Station against some
hackers from different cities accusing them for IT Act / Theft / Cheating /
Misappropriation / Criminal Conspiracy / Criminal Breach of Trust / Cyber Crime
of Hacking / Snooping / Tampering with Computer source documents and the Web
Site and extending the threats of dire consequences to employees, as a result
four hackers were arrested by South Delhi Police for Digital Shoplifting.
Section 66A
In September 2012, a freelance cartoonist Aseem Trivedi was arrested under the
Section 66A of the IT Act, Section 2 of Prevention of Insults to National Honor
Act, 1971 and for sedition under the Section 124 of the Indian Penal Code. His
cartoons depicting widespread corruption in India were considered offensive.
On 12 April 2012, a Chemistry professor from Jadavpur University, Ambikesh
Mahapatra, was arrested for sharing a cartoon of West Bengal Chief Minister Mamata
Banerjee and then Railway Minister Mukul Roy. The email was sent from the email
address of a housing society. Subrata Sengupta, the secretary of the housing
society, was also arrested. They were charged under Section 66A and B of the IT
Act, for defamation under Sections 500, for obscene gesture to a woman under
Section 509, and abetting a crime under Section 114 of the Indian Penal Code.
On 30 October 2012, a Pondicherry businessman Ravi Srinivasan was arrested under
Section 66A. He had sent tweet accusing Karti Chidambaram, son of then Finance
Minister P. Chidambaram, of corruption. Karti Chidambaram had complained to the
police.
On 19 November 2012, a 21-year-old girl was arrested from Palghar for posting a
message on Face book criticizing the shutdown in Mumbai for the funeral of Bal
Thackeray. Another 20-year-old girl was arrested for "liking" the post. They
were initially charged under Section 295A of the Indian Penal Code (hurting
religious sentiments) and Section 66A of the IT Act. Later, Section 295A was
replaced by Section 505(2) (promoting enmity between classes). A group of Shiv
Sena workers vandalised a hospital run by the uncle of one of girls. On 31
January 2013, a local court dropped all charges against the girls.
On 18 March 2015, a teenage boy was arrested from Bareilly, Uttar Pradesh, for
making a post on Facebook insulting politician Azam Khan. The post allegedly
contained hate speech against a community and was falsely attributed to Azam
Khan by the boy. He was charged under Section 66A of the IT Act, and Sections
153A (promoting enmity between different religions), 504 (intentional insult
with intent to provoke breach of peace) and 505 (public mischief) of Indian
Penal Code. After the Section 66A was repealed on 24 March, the state government
said that they would continue the prosecution under the remaining charges.
Conclusion
Computers add a new dimension to criminal law, presenting many issues for law
enforcement. At the front of law enforcement concern is the necessity to secure
adequate training to combat these crimes. This requires additional resources.
The technical sophistication needed to follow new methods surpassing traditional
methods of investigation. In some cases data are encrypted, making it difficult
for police authorities to get the contents of the information. Corporations may
fear the negative publicity that might result as a consequence of their systems
being compromised. In many cases, unauthorized computer access may go undetected
by the individual or entity whose computer system had been invaded. Though not
all the peoples are victims to cyber crimes but they are still at risk.
End-Notes:
[1.] The Information Technology Act, Author: S.R. Bhansali
[2.] Internet Law, Author: Rodney D. Ryder
[3.] Information Technology Law and Practice, Author: Vakul Sharma
[4.] International Journal of Law and Information Technology
[5.] Indian Journal of Law [Manupatra]
[6.] https://www.computerhope.com/jargon/c/cyber-law.htm
[7.] https://en.wikipedia.org/wiki/IT_law
[8.] https://www.meity.gov.in/content/cyber-laws
Written By: Prateek Singh (IMS Law College Noida, LL.B. 2nd Year)
Please Drop Your Comments