This research paper aims to present the drawbacks and inefficiencies of the
I.T. Act, 2000, and the amendment of 2008 and further suggests solutions to
overcome these fallacies. Cyber law in India solely revolves around the I.T.
Act, of 2000 despite the fact that there is a bulk of offenses and
infrastructural additions are required to be incorporated. Apart from this, the
legislation itself was previously amended long back in 2008 under which
significant changes were welcomed but this doesn't change the fact that since
2008 till date technology has lifted itself to the next level.
Offenses like corporate espionage and fraudulent transfer of funds have eaten up
the general public, the I.T. Act, of 2000 doesn't specify any specialized
infrastructure for the same or for international transactions. With skyrocketing
cyber terrorism, we need to advance our cyber security infrastructure and have
to proliferate its awareness at the grass root level.
In addition to this, section 66(A) of the IT Amendment Act,2008 need to be
relooked into, which would be a step worth appreciation by the general public.
The comparative study with USA is a hard-hitting reality which shows that we are
far behind them in terms of specificity, infrastructure and preventive measures
in the digital arena. Privacy has been a major concern since the beginning of
With the new Digital India Scheme banking services are mostly carried out
through digital medium and we have already precedented several unauthorized
breaches into these networks which is indeed alarming. This topic is of utmost
priority and need to be addressed before it's too late.
Today we are all succumbed to the internet world. With rising internet speed,
man prefers virtual transactions over physical transactions. Nonetheless,
government schemes such as Digital India Program promoted the use of digital
payments, and it's the biggest cyber threat. No, doubt the internet has turned
into a boon in disasters like COVID-19, but looking the other way around,
offenses and crimes concerning the internet are skyrocketing. For which it's a
matter of utmost priority to know the law governing cybersecurity.
Do we have efficient adjudicatory bodies and procedures to carve out cybercrimes?
Information Technology Act, 2000 was the first Act in India to govern digital
transactions in the country through recognizing digital records and digital
signature. Prior to the I.T. Act of 2000, there were seldom legislations to
recognize e-commerce and digital document, for instance, Evidence Act which
recognizes only paper-based physical records and oral testimony. I.T. Act, 2000
is the backbone of cybersecurity infrastructure in the nation, but to the
surprise of all, the term "cybercrime" has not been defined anywhere under the
Here comes the question "what is cybercrime?" it can be defined as crimes in
which a computer is instrumentalized; in simpler words, "use of a computer to
commit any crime over a virtual mode is termed as a cybercrime." There are
diverse cybercrimes based on the mode and manner of commission.
I.T. Act, 2000 defines the following types of crimes (1):
- Denial of Service
- Virus Dissemination
- Credit Card Fraud
- Cyber Stalking
"As per the information maintained, since its inception, 3,17,439 cybercrime
incidents and 5,771 FIRs have been registered till February 28, 2021, in the
nation which includes, 21,562 cybercrime incidents and 87 F.I.R.s in Karnataka
and 50,806 cybercrime incidents and 534 FIRs in Maharashtra"(2)
Looking at the above figure gives us the benefit of the doubt on the regulation
and adjudication of cybercrimes in India. To understand the fallacies of Cyber
laws and regulatory bodies in the nation, we need to look into the history
behind the creation of this infrastructure.
Elevation in the working pattern of humans has always made them ambitious
regarding advancement in the field of technology. The use of technology as a
mode of communication has made the internet an indispensable part of our lives.
At the same time, it is disadvantageous if handed over to the wrong hands, which
would be more dangerous than physical crimes or any war.
Crime is no longer compact to the physical environment but has gained access to
the digital platform as cybercrime.
A model law on Electronic Commerce was brought by the united commission on
international trade law in 1996; this effort, for the first time, led to
uniformity in the laws of different countries. In January 1997, the general
assembly of united nations, through a resolution, commended that all states
should contemplate this model law when they enact or revise their laws. The
information technology act 2000 is also in accordance with the model law.
The Indian parliament on 15th may 2000 passed the I.T. Act 2000, which was
approved by the then-president in June 2000 and was enforced on October 17,
2000. Ministry of commerce drafted the first draft known as the E-commerce act
1998, which was redrafted as the technology bill 1999; all the other Act was
amended (Indian Penal Code, The Indian evidence act, the Bankers Book Evidence
Act, and the reserve bank of India act) after enactment of I.T. Act 2000.
The provision in the I.T. Act is not only applicable in India but is also
applicable to offenses committed overseas. For offenses committed outside India,
section 12 and section 75 of the I.T. Act is applicable. Later various
amendments were made by the government in the year 2006, and the final draft was
of Information Technology (Amendment) act 2008; the major changes were made in
section 43 of the Act. It added two sub-clauses to escalate the scope of
contraventions in section 43 and to help victims of such crimes by providing
Although section 43(3) was amended and changes were made for the betterment of
people, yet there are many sections of the Act that require certain changes, and
makers should address them and make the required amendments.
- Objectives of IT Act, 2000
Objectives of the I.T. Act, 2000 can be revised from the preamble of the
statute. Here are the objectives of the Act:
- To promote legal recognition to all or any digital transaction done
through electronic exchange of information or e-commerce;
- Legalizing digital signature for sanctioning any data that demand legal
- Allows electronic filing of a document with the government agencies;
- Recognition transfer of funds through electronic means between banks and
- Facilitate banks for keeping banks of account in electronic form. (Proof
Act,1891 Bank of India Act 1934)
However, the amendment of 2008 was fabricated with the intention of wiping out
the backdrops of the legislation.
Features Of Information Technology (Amendment) Act, 2008
After Presidential assent in February 2009, this amendment came into force.
Following are the cornerstones of the I.T. Amendment Act:
- Liability of corporate body possessing, dealing or handling any personal
information or data, if commit any wrongful gain or wrongful loss of such
Under section 43(A) of this amendment, any corporate body, including a firm or
association indulged in commercial or professional activity, is liable to pay
damages to the person whose sensitive personal information is lost or the
company wrongfully use such information to gain any profit by sharing such
- Spam and Fishing
There is no express provision for these offenses, but it is an interpretation
implied through section 66 (A). Any person who sends offensive, menacing
information or sends false information with the intention of causing annoyance,
danger, inconvenience, insult, injury, etc., is punished with an imprisonment of
three years and a fine.
- Liability for retention of any stolen computer resources or
Section 66(B) of Information Technology amendment Act 2008 penalizes a person
who dishonestly receives or retains any stolen computer resources or
communication devices with imprisonment of three years or fine which tunes up to
1 lakh rupees or with both.(4)
- Dishonest use of Digital signature
Albeit the concept of digital signature was introduced long back in 2000, but
punishment with regards to the misuse of such signature came only after the
amendment of 2008, seems like a huge drawback. Any person who dishonestly uses
someone else's digital signature can be awarded with an imprisonment of three
years or with a fine that may extend to one lakh rupees under Section 66(C).
Section 66(D) of I.T. Amendment Act 2008 lays down punishment for cheating
through computer resources. For the commission of same, a person can be punished
with an imprisonment of three years or with a fine that may extend to one lakh
- Cyber Terrorism
When the term terrorism is used, it's obvious that such an act is against the
unity, integrity, and security of India. When such an act is carried out through
a digital medium, it's known as cyber terrorism. Under 66 (F) of I.T. amendment
Act, 2008 a cyber-terrorism includes:
- Denial to a person authorized to access one's computer resource;
- Breaching into a computer resource without authorization or exceeding
- Introducing any computer contaminant as a consequence causing injury to
the user to destroying any property through such Act;
- Knowingly or intentionally penetrates or accesses a computer resource
without authorization or exceeding authorized access, and by means of such
conduct obtains access to information, data or computer database that is
restricted for reasons of the security of the State or foreign relations; or
any restricted information, data or computer database, with reasons to
believe that such information, data or computer database so obtained may be
used to cause or likely to cause injury to the interests of the sovereignty
and integrity of India, the security of the State, friendly relations with
foreign States, public order, decency or morality, or in relation to
contempt of court, defamation or incitement to an offense, or to the
advantage of any foreign nation, group of individuals or otherwise, commits
the offense of cyber terrorism(4).
Section 67(B) was a major reform in India. Child pornography in any manner
attracts section 67(B) of I.T. Amendment, Act. Publishing, Sharing, creating a
digital image, browsing, downloading any digital content that depicts children
in an obscene and sexually explicit manner are penalized under the same. In
addition, to the above mentioned, enticing children to establish sexual relation
with other through online mode or abusing a child through online mode also comes
under the ambit of Section 67(B). For any such act, a person is liable and can
be imprisoned for a term not less than five years or fine up to ten lakh rupees
and in the event of subsequent commission imprisonment not less than seven years
and fine which may extend to ten lakh rupees.
Government's power to monitor and surveillance
Section 69 vest the government with a wide range of power to put a check on
Cyber terrorism. But the conditions are such a step can only be taken for
shielding national security and foreign relation. Also, through this section
government may block any site which it apprehends to be dangerous. In case if
the intermediary fails to assist, the agency referred under subsection one can
be punished with imprisonment of seven years or a fine. Prior to the amendment,
there was no provision for a fine in the abovementioned cases.
As per section 78 of I.T. Act 2000, an officer not below the rank of Inspector
shall investigate any offense under this Act. Prior to the amendment, the rank
was not below Deputy superintendent of police which was inefficient in nature
due to the limited number and burden of work. This replacement was an act of
excellence and was a step towards progress. Every major city has its cyber-crime
cells to tackle the cases related to hacking, spamming, cyberstalking, and other
cyber-crimes. The issue is that people don't report the case if they are a
victim of cyber-crime because of a lack of proper knowledge or awareness.
Drawbacks Of It Act, 2000 And Amendment Of 2008
Every major city has its cyber-crime cells to tackle the cases related to
hacking, spamming, cyber-stalking, and other cyber-crimes. The issue is that
people don't report the case if they are a victim of cyber-crime because of a
lack of proper knowledge or awareness.
What can we learn from the U.S.A.?
- The major loophole in the I.T. Act is its effective execution; the Act does
not encompass action that infringes any law or other offenses that come under
the preview of this Act, certain aspects related to technological advancement
are also not included under the Information (Amendment) Act 2008. The Act does
not contain provisions to deal with cases related to online defamation. Although
some are of the opinion that section 66A of the Act is related to the offense of
sending offensive communication, the section does not include the word
defamation in it. The section brings worth punishment in the form of
imprisonment to the offender. According to Dr. T. Bhattacharya, "unless the word
of the statute makes an act criminal shall not be constructed, criminal."
Supreme court in March 2015 took down section 66A of the I.T. Act in Shreya
Singhal V. Union of India A.I.R. 2015 SC 1523 because Section 66A of the Act as
violating the fundamental right of freedom of speech and expression.
- Privacy is another aspect that requires the attention of lawmakers, but
in reality, there is no mention of this issue in any law or enactment. The
legislature, while enacting the I.T. Act 2000, to a great extent overlooked the
issue of privacy of personally identifiable information. Although section 72 of
the I.T. Act, 2000 provides certain provisions for the same. However, the
horizon of the section has been narrowed, and it does not cover every aspect
related to privacy in this cyber world. The I.T. Act also lacks a common
technological facet that is required while investigating a case of cybercrime.
One such is Internet Protocol Address or, in short, I.P. Address. Through the
I.P. address, the geographical location of such person can be traced, as when
the user visits the website, the I.P. address of the user is recorded by the
server of the website (Report of Privacy Rights Clearing House 2013). An I.P.
to track the action of the user also track the sites browsed by the browser. As
a result, the user gets numerous customized displays, advertisements including
many mails containing junk files. Likewise, other malicious techniques are used
to gain the private information of the user. For instance, various malware is
used to acquire the personal information of the browser, such as Global unique
Identifiers, web bugs, etc. All these digital activities, which could hamper the
personal information of millions of people, are not covered under the
Information Technology Act 2000.
- Another limitation is absences in clarity of offenses for which other
legislations are referred. For instance, the Indian penal Code 1860 is used
when any offense of cheating has been committed by any person by using
computer resources. If a comparison is made between section 66D of
Information Technology 2000 and the Indian penal Code,1860, one notable
distinction is that prior one does not include Men's rea as an element to constitute the offense of cheating
by a person using computer resource, but in later one men's rea is an element to
constitute an offense of cheating by using computer resources. The report of the
Working group of R.B.I. on electronic banking shows an amendment made in section
66D of I.T. Act,2000 includes the offense cheating by personation, but the Act
fails 152 to include punishment for the offense of phishing. Other aspects of
cybercrime are online fraud which includes investment and business
opportunities, online auctions, credit card issuing scandal, etc. are not
covered under Information Technology Act,2000.
An offense committed through an online platform requires the presence of actus
reus and men's rea as require in a crime committed in a physical environment.
Actus reus is committing an offense, and men's rea means an intention to commit
an offense which may include intention planning and so on. To determine the
presence of men's rea in hacking is to check whether the offender was aware of
such offense at the time of commission. On the part of the hacker, there must be
the intention to direct any computer or a particular computer to access the
required information. In such cases, it is very difficult to prove whether the
intention was present or not.
- I.T. (Amendment) Act,2008 does not include a provision that ensures
protection of data of the user while using net banking. It's high time when the
lawmakers take some urgent steps to conserve and protect the data of
individuals, which are being handled by various banks and companies.
- The I.T. (Amendment) Act, 2008 also fails to address offenses related to
identity theft. Another lacuna in the I.T. Act, 2000 is the absence of
provisions for development of infrastructure to defend cyber-attack from
external sources. Mechanism to control cyber-attack must be included under I.T.
Act,2000. It is also silent in antitrust issues.
- Provisions related to proper intellectual property protection of
electronic information and data are also not present in I.T. Act,2000. Issues related to
copyright, trademark, and patents have been neglected and overlooked by
Cybercrimes are not limited to India; in fact, India was one of the later
suffered countries from digital crimes. Cybercrimes have deep roots in the
U.S.A.; hence the federal government is taking all the required steps to
eradicate these issues. In fact, studying the cyber laws of a developed country
can pull us close to the solutions of crime using modern tech we may face in the
"IC3 received a record variety of complaints from the American public in 2020:
791,790, with rumoured losses exceptional $4.1 billion. This represents a sixty
nine percent increase in total complaints from 2019. Business E-mail Compromise
(B.E.C.) schemes continued to be the costliest: nineteen,369 complaints with
associate adjusted loss of roughly $1.8 billion. Phishing scams were conjointly
prominent: 241,342 complaints, with adjusted losses of over $54 million. the
amount of ransomware incidents conjointly continues to rise, with 2,474
incidents rumoured in 2020"(5).
The above data shows the skyrocketing cybercrimes in the U.S.A. Unlike India,
U.S.A. has specific legislations depending on the manner of crime, which is much
efficient and has a high probability of detection of such crimes. For example-
Economic Espionage Act, 1996 to extend the protection of trade privacies,
Computer software privacy and control Act, to prohibit the influx of spyware,
Fraudulent Online Identity Sanction Act, which punishes a person who has created
a fake identity over any online domain, The Fair Credit Billing Act (FCBA)
checks frauds in billing, i.e., unauthorized charges, etc.
Although malicious use of digital signature id punishable under I.T. (amendment)
Act, 2008, since abuse of digital signature is in-adequate, criminal may find an
escape route by committing crimes which aren't defined in any manner under I.T.
Act such as sharing or publicizing any form of electronic communication that
hampers interstate or international trade. On this aspect, Electronic
Communications Privacy Act, Passed in 1986, gives a broader definition as "any
transfer of signs, signals, writing, images, sounds, data, or intelligence of
any nature transmitted in whole or in part by a wire, radio, and
electromagnetic, photo-electronic or photo-optical system that affects
interstate or foreign commerce(6).
"The sole section 67(B) of I.T. (amendment act), 2008 talks of punishment for
child pornography which is unfair; looking at the gravity of the offense, it
demands an altogether separate statute. Apart from this, the punishment shouted
at the offenders is nominal. The U.S.A. has the Child Pornography Prevention Act
of 1996 for the same. It levies heavy penalty for crossing state border to
engage in a sexual act with a person below the age of 12; in addition to this,
the Act also provides for life imprisonment if the person has previously been
convicted in any state or federal offense involving sexual abuse of children.
This can be an excellent amendment to I.T. (amendment) Act, 2008.
- Section 59(1) of the Act defines "legal practitioner" as the only person
who can represent the appellant, which in the real field seems inefficient
by the fact that the I.T. act is perse technical and demands expert
knowledge on the concerned subject. So instead of the statute, the cyber
appellate tribunal should be vested with the power to determine who can
represent the appellant.
- Since we have penetrated deep into the use of cell phone and cutting
edge operating systems, I.T. Act need to address crimes done through these
devices such as data theft, privacy breach by bogus websites through
- Section 66 (A) of the Act meant to protect the fundamental right of
people through putting restriction and stringent action in case of any
vagueness this could have been corrected and not invalidated. A replacement
of section 66 (A) with high clarity is the need of the hour. It was posing a
threat to criminal sharing grossly offensive and menace in character and not
for the general public.
Economy has always been the backbone of all nations. When we look into huge
international transactions being penetrated by hackers, it leads to the loss of
millions of dollars which can't be compensated through mere imprisonment.
Therefore on these subjects, lawmakers need to frame different legislation with
heavy fines or such exemplary punishments.
Awareness of Cyber laws in India could help to flatten the curve of cybercrimes.
Despite 50% of internet penetration in India, the general public has no
knowledge on "what grounds and factors they can file a complaint?" Through
advertisements and media, this needs to be promoted.
- Priyanjali Karmakar, Types of Cyber Crime and its Causes,
LEGALSERVICESINDIA (Apr 24, 2021, 2:15 PM),
- PTI, 3.17 lakh cybercrimes in India in just 18 months, says govt, THE
HINDU (Apr 24, 2021, 2:15 PM), https://www.thehindu.com/sci-tech/technology/317-lakhs-cybercrimes-in-india-in-just-18-months-says-govt/arti
- I.T. Act 2000
- The Section 66 (F), I.T. (Amendment) Act 2008
- Internet Crime Report, 2020, IC3 (Apr. 24, 2021, 2:18 PM),
- Maxim May, Federal Computer Crime Laws, SANS (Apr. 24, 2021, 2:20 PM),
Award Winning Article Is Written By: Mr.Gaurav Saluja
Authentication No: MY313336543556-13-0523