This research paper aims to present the drawbacks and inefficiencies of the I.T. Act, 2000, and the amendment of 2008 and further suggests solutions to overcome these fallacies. Cyber law in India solely revolves around the I.T. Act, of 2000 despite the fact that there is a bulk of offenses and infrastructural additions are required to be incorporated. Apart from this, the legislation itself was previously amended long back in 2008 under which significant changes were welcomed but this doesn't change the fact that since 2008 till date technology has lifted itself to the next level.

Offenses like corporate espionage and fraudulent transfer of funds have eaten up the general public, the I.T. Act, of 2000 doesn't specify any specialized infrastructure for the same or for international transactions. With skyrocketing cyber terrorism, we need to advance our cyber security infrastructure and have to proliferate its awareness at the grass root level.

In addition to this, section 66(A) of the IT Amendment Act,2008 need to be relooked into, which would be a step worth appreciation by the general public. The comparative study with USA is a hard-hitting reality which shows that we are far behind them in terms of specificity, infrastructure and preventive measures in the digital arena. Privacy has been a major concern since the beginning of last decade.

With the new Digital India Scheme banking services are mostly carried out through digital medium and we have already precedented several unauthorized breaches into these networks which is indeed alarming. This topic is of utmost priority and need to be addressed before it's too late.

Introduction
Today we are all succumbed to the internet world. With rising internet speed, man prefers virtual transactions over physical transactions. Nonetheless, government schemes such as Digital India Program promoted the use of digital payments, and it's the biggest cyber threat. No, doubt the internet has turned into a boon in disasters like COVID-19, but looking the other way around, offenses and crimes concerning the internet are skyrocketing. For which it's a matter of utmost priority to know the law governing cybersecurity.

Do we have efficient adjudicatory bodies and procedures to carve out cybercrimes? Information Technology Act, 2000 was the first Act in India to govern digital transactions in the country through recognizing digital records and digital signature. Prior to the I.T. Act of 2000, there were seldom legislations to recognize e-commerce and digital document, for instance, Evidence Act which recognizes only paper-based physical records and oral testimony. I.T. Act, 2000 is the backbone of cybersecurity infrastructure in the nation, but to the surprise of all, the term "cybercrime" has not been defined anywhere under the legislation.

Here comes the question "what is cybercrime?" it can be defined as crimes in which a computer is instrumentalized; in simpler words, "use of a computer to commit any crime over a virtual mode is termed as a cybercrime." There are diverse cybercrimes based on the mode and manner of commission.

I.T. Act, 2000 defines the following types of crimes (1):

1. Hacking
2. Denial of Service
3. Virus Dissemination
4. Credit Card Fraud
5. Phishing
6. Cyber Stalking

"As per the information maintained, since its inception, 3,17,439 cybercrime incidents and 5,771 FIRs have been registered till February 28, 2021, in the nation which includes, 21,562 cybercrime incidents and 87 F.I.R.s in Karnataka and 50,806 cybercrime incidents and 534 FIRs in Maharashtra"(2)

Looking at the above figure gives us the benefit of the doubt on the regulation and adjudication of cybercrimes in India. To understand the fallacies of Cyber laws and regulatory bodies in the nation, we need to look into the history behind the creation of this infrastructure.

1. History
   Elevation in the working pattern of humans has always made them ambitious regarding advancement in the field of technology. The use of technology as a mode of communication has made the internet an indispensable part of our lives. At the same time, it is disadvantageous if handed over to the wrong hands, which would be more dangerous than physical crimes or any war.
   
   Crime is no longer compact to the physical environment but has gained access to the digital platform as cybercrime.
   
   A model law on Electronic Commerce was brought by the united commission on international trade law in 1996; this effort, for the first time, led to uniformity in the laws of different countries. In January 1997, the general assembly of united nations, through a resolution, commended that all states should contemplate this model law when they enact or revise their laws. The information technology act 2000 is also in accordance with the model law.
   
   The Indian parliament on 15th may 2000 passed the I.T. Act 2000, which was approved by the then-president in June 2000 and was enforced on October 17, 2000. Ministry of commerce drafted the first draft known as the E-commerce act 1998, which was redrafted as the technology bill 1999; all the other Act was amended (Indian Penal Code, The Indian evidence act, the Bankers Book Evidence Act, and the reserve bank of India act) after enactment of I.T. Act 2000.
   
   The provision in the I.T. Act is not only applicable in India but is also applicable to offenses committed overseas. For offenses committed outside India, section 12 and section 75 of the I.T. Act is applicable. Later various amendments were made by the government in the year 2006, and the final draft was of Information Technology (Amendment) act 2008; the major changes were made in section 43 of the Act. It added two sub-clauses to escalate the scope of contraventions in section 43 and to help victims of such crimes by providing them remedies.
   
   Although section 43(3) was amended and changes were made for the betterment of people, yet there are many sections of the Act that require certain changes, and makers should address them and make the required amendments.
    
2. Objectives of IT Act, 2000
   Objectives of the I.T. Act, 2000 can be revised from the preamble of the statute. Here are the objectives of the Act:
   
   1. To promote legal recognition to all or any digital transaction done through electronic exchange of information or e-commerce;
   2. Legalizing digital signature for sanctioning any data that demand legal recognition;
   3. Allows electronic filing of a document with the government agencies;
   4. Recognition transfer of funds through electronic means between banks and money establishments;
   5. Facilitate banks for keeping banks of account in electronic form. (Proof Act,1891 Bank of India Act 1934)

However, the amendment of 2008 was fabricated with the intention of wiping out the backdrops of the legislation.

Features Of Information Technology (Amendment) Act, 2008

After Presidential assent in February 2009, this amendment came into force.

Following are the cornerstones of the I.T. Amendment Act:

• Liability of corporate body possessing, dealing or handling any personal information or data, if commit any wrongful gain or wrongful loss of such information
  
  Under section 43(A) of this amendment, any corporate body, including a firm or association indulged in commercial or professional activity, is liable to pay damages to the person whose sensitive personal information is lost or the company wrongfully use such information to gain any profit by sharing such details.
   
• Spam and Fishing
  There is no express provision for these offenses, but it is an interpretation implied through section 66 (A). Any person who sends offensive, menacing information or sends false information with the intention of causing annoyance, danger, inconvenience, insult, injury, etc., is punished with an imprisonment of three years and a fine.
   
• Liability for retention of any stolen computer resources or communication devices
  
  Section 66(B) of Information Technology amendment Act 2008 penalizes a person who dishonestly receives or retains any stolen computer resources or communication devices with imprisonment of three years or fine which tunes up to 1 lakh rupees or with both.(4)
   
• Dishonest use of Digital signature
  Albeit the concept of digital signature was introduced long back in 2000, but punishment with regards to the misuse of such signature came only after the amendment of 2008, seems like a huge drawback. Any person who dishonestly uses someone else's digital signature can be awarded with an imprisonment of three years or with a fine that may extend to one lakh rupees under Section 66(C).
   
• Cheating
  Section 66(D) of I.T. Amendment Act 2008 lays down punishment for cheating through computer resources. For the commission of same, a person can be punished with an imprisonment of three years or with a fine that may extend to one lakh rupee.
   
• Cyber Terrorism
  When the term terrorism is used, it's obvious that such an act is against the unity, integrity, and security of India. When such an act is carried out through a digital medium, it's known as cyber terrorism. Under 66 (F) of I.T. amendment Act, 2008 a cyber-terrorism includes:
  
  • Denial to a person authorized to access one's computer resource;
  • Breaching into a computer resource without authorization or exceeding authorized access;
  • Introducing any computer contaminant as a consequence causing injury to the user to destroying any property through such Act;
  • Knowingly or intentionally penetrates or accesses a computer resource without authorization or exceeding authorized access, and by means of such conduct obtains access to information, data or computer database that is restricted for reasons of the security of the State or foreign relations; or any restricted information, data or computer database, with reasons to believe that such information, data or computer database so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offense, or to the advantage of any foreign nation, group of individuals or otherwise, commits the offense of cyber terrorism(4).

Child Pornography
Section 67(B) was a major reform in India. Child pornography in any manner attracts section 67(B) of I.T. Amendment, Act. Publishing, Sharing, creating a digital image, browsing, downloading any digital content that depicts children in an obscene and sexually explicit manner are penalized under the same. In addition, to the above mentioned, enticing children to establish sexual relation with other through online mode or abusing a child through online mode also comes under the ambit of Section 67(B). For any such act, a person is liable and can be imprisoned for a term not less than five years or fine up to ten lakh rupees and in the event of subsequent commission imprisonment not less than seven years and fine which may extend to ten lakh rupees.

Government's power to monitor and surveillance
Section 69 vest the government with a wide range of power to put a check on Cyber terrorism. But the conditions are such a step can only be taken for shielding national security and foreign relation. Also, through this section government may block any site which it apprehends to be dangerous. In case if the intermediary fails to assist, the agency referred under subsection one can be punished with imprisonment of seven years or a fine. Prior to the amendment, there was no provision for a fine in the abovementioned cases.

Investigation Officer
As per section 78 of I.T. Act 2000, an officer not below the rank of Inspector shall investigate any offense under this Act. Prior to the amendment, the rank was not below Deputy superintendent of police which was inefficient in nature due to the limited number and burden of work. This replacement was an act of excellence and was a step towards progress. Every major city has its cyber-crime cells to tackle the cases related to hacking, spamming, cyberstalking, and other cyber-crimes. The issue is that people don't report the case if they are a victim of cyber-crime because of a lack of proper knowledge or awareness.

Drawbacks Of It Act, 2000 And Amendment Of 2008

Every major city has its cyber-crime cells to tackle the cases related to hacking, spamming, cyber-stalking, and other cyber-crimes. The issue is that people don't report the case if they are a victim of cyber-crime because of a lack of proper knowledge or awareness.

1. The major loophole in the I.T. Act is its effective execution; the Act does not encompass action that infringes any law or other offenses that come under the preview of this Act, certain aspects related to technological advancement are also not included under the Information (Amendment) Act 2008. The Act does not contain provisions to deal with cases related to online defamation. Although some are of the opinion that section 66A of the Act is related to the offense of sending offensive communication, the section does not include the word defamation in it. The section brings worth punishment in the form of imprisonment to the offender. According to Dr. T. Bhattacharya, "unless the word of the statute makes an act criminal shall not be constructed, criminal." Supreme court in March 2015 took down section 66A of the I.T. Act in Shreya Singhal V. Union of India A.I.R. 2015 SC 1523 because Section 66A of the Act as violating the fundamental right of freedom of speech and expression.
    
2. Privacy is another aspect that requires the attention of lawmakers, but in reality, there is no mention of this issue in any law or enactment. The legislature, while enacting the I.T. Act 2000, to a great extent overlooked the issue of privacy of personally identifiable information. Although section 72 of the I.T. Act, 2000 provides certain provisions for the same. However, the horizon of the section has been narrowed, and it does not cover every aspect related to privacy in this cyber world. The I.T. Act also lacks a common technological facet that is required while investigating a case of cybercrime. One such is Internet Protocol Address or, in short, I.P. Address. Through the I.P. address, the geographical location of such person can be traced, as when the user visits the website, the I.P. address of the user is recorded by the server of the website (Report of Privacy Rights Clearing House 2013). An I.P. address acts as the digital footprint of the user. The web server uses cookies to track the action of the user also track the sites browsed by the browser. As a result, the user gets numerous customized displays, advertisements including many mails containing junk files. Likewise, other malicious techniques are used to gain the private information of the user. For instance, various malware is used to acquire the personal information of the browser, such as Global unique Identifiers, web bugs, etc. All these digital activities, which could hamper the personal information of millions of people, are not covered under the Information Technology Act 2000.
    
3. Another limitation is absences in clarity of offenses for which other legislations are referred. For instance, the Indian penal Code 1860 is used when any offense of cheating has been committed by any person by using computer resources. If a comparison is made between section 66D of Information Technology 2000 and the Indian penal Code,1860, one notable distinction is that prior one does not include Men's rea as an element to constitute the offense of cheating by a person using computer resource, but in later one men's rea is an element to constitute an offense of cheating by using computer resources. The report of the Working group of R.B.I. on electronic banking shows an amendment made in section 66D of I.T. Act,2000 includes the offense cheating by personation, but the Act fails 152 to include punishment for the offense of phishing. Other aspects of cybercrime are online fraud which includes investment and business opportunities, online auctions, credit card issuing scandal, etc. are not covered under Information Technology Act,2000.
   
   An offense committed through an online platform requires the presence of actus reus and men's rea as require in a crime committed in a physical environment. Actus reus is committing an offense, and men's rea means an intention to commit an offense which may include intention planning and so on. To determine the presence of men's rea in hacking is to check whether the offender was aware of such offense at the time of commission. On the part of the hacker, there must be the intention to direct any computer or a particular computer to access the required information. In such cases, it is very difficult to prove whether the intention was present or not.
    
4. I.T. (Amendment) Act,2008 does not include a provision that ensures protection of data of the user while using net banking. It's high time when the lawmakers take some urgent steps to conserve and protect the data of individuals, which are being handled by various banks and companies.
    
5. The I.T. (Amendment) Act, 2008 also fails to address offenses related to identity theft. Another lacuna in the I.T. Act, 2000 is the absence of provisions for development of infrastructure to defend cyber-attack from external sources. Mechanism to control cyber-attack must be included under I.T. Act,2000. It is also silent in antitrust issues.
    
6. Provisions related to proper intellectual property protection of electronic information and data are also not present in I.T. Act,2000. Issues related to copyright, trademark, and patents have been neglected and overlooked by lawmakers.

What can we learn from the U.S.A.?
Cybercrimes are not limited to India; in fact, India was one of the later suffered countries from digital crimes. Cybercrimes have deep roots in the U.S.A.; hence the federal government is taking all the required steps to eradicate these issues. In fact, studying the cyber laws of a developed country can pull us close to the solutions of crime using modern tech we may face in the near future.

"IC3 received a record variety of complaints from the American public in 2020: 791,790, with rumoured losses exceptional $4.1 billion. This represents a sixty nine percent increase in total complaints from 2019. Business E-mail Compromise (B.E.C.) schemes continued to be the costliest: nineteen,369 complaints with associate adjusted loss of roughly $1.8 billion. Phishing scams were conjointly prominent: 241,342 complaints, with adjusted losses of over $54 million. the amount of ransomware incidents conjointly continues to rise, with 2,474 incidents rumoured in 2020"(5).

The above data shows the skyrocketing cybercrimes in the U.S.A. Unlike India, U.S.A. has specific legislations depending on the manner of crime, which is much efficient and has a high probability of detection of such crimes. For example- Economic Espionage Act, 1996 to extend the protection of trade privacies, Computer software privacy and control Act, to prohibit the influx of spyware, Fraudulent Online Identity Sanction Act, which punishes a person who has created a fake identity over any online domain, The Fair Credit Billing Act (FCBA) checks frauds in billing, i.e., unauthorized charges, etc.

Although malicious use of digital signature id punishable under I.T. (amendment) Act, 2008, since abuse of digital signature is in-adequate, criminal may find an escape route by committing crimes which aren't defined in any manner under I.T. Act such as sharing or publicizing any form of electronic communication that hampers interstate or international trade. On this aspect, Electronic Communications Privacy Act, Passed in 1986, gives a broader definition as "any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, and electromagnetic, photo-electronic or photo-optical system that affects interstate or foreign commerce(6).

"The sole section 67(B) of I.T. (amendment act), 2008 talks of punishment for child pornography which is unfair; looking at the gravity of the offense, it demands an altogether separate statute. Apart from this, the punishment shouted at the offenders is nominal. The U.S.A. has the Child Pornography Prevention Act of 1996 for the same. It levies heavy penalty for crossing state border to engage in a sexual act with a person below the age of 12; in addition to this, the Act also provides for life imprisonment if the person has previously been convicted in any state or federal offense involving sexual abuse of children. This can be an excellent amendment to I.T. (amendment) Act, 2008.

Additional Suggestions:

1. Section 59(1) of the Act defines "legal practitioner" as the only person who can represent the appellant, which in the real field seems inefficient by the fact that the I.T. act is perse technical and demands expert knowledge on the concerned subject. So instead of the statute, the cyber appellate tribunal should be vested with the power to determine who can represent the appellant.
    
2. Since we have penetrated deep into the use of cell phone and cutting edge operating systems, I.T. Act need to address crimes done through these devices such as data theft, privacy breach by bogus websites through cookies, etc.
    
3. Section 66 (A) of the Act meant to protect the fundamental right of people through putting restriction and stringent action in case of any vagueness this could have been corrected and not invalidated. A replacement of section 66 (A) with high clarity is the need of the hour. It was posing a threat to criminal sharing grossly offensive and menace in character and not for the general public.
    

Conclusion
Economy has always been the backbone of all nations. When we look into huge international transactions being penetrated by hackers, it leads to the loss of millions of dollars which can't be compensated through mere imprisonment. Therefore on these subjects, lawmakers need to frame different legislation with heavy fines or such exemplary punishments.

Awareness of Cyber laws in India could help to flatten the curve of cybercrimes. Despite 50% of internet penetration in India, the general public has no knowledge on "what grounds and factors they can file a complaint?" Through advertisements and media, this needs to be promoted.

References:

1. Priyanjali Karmakar, Types of Cyber Crime and its Causes, LEGALSERVICESINDIA (Apr 24, 2021, 2:15 PM), http://www.legalserviceindia.com/legal/article-3042--types-of-cyber-crime-and-its-causes.html
2. PTI, 3.17 lakh cybercrimes in India in just 18 months, says govt, THE HINDU (Apr 24, 2021, 2:15 PM), https://www.thehindu.com/sci-tech/technology/317-lakhs-cybercrimes-in-india-in-just-18-months-says-govt/arti cle34027225.ece
3. I.T. Act 2000
4. The Section 66 (F), I.T. (Amendment) Act 2008
5. Internet Crime Report, 2020, IC3 (Apr. 24, 2021, 2:18 PM), https://www.ic3.gov/Media/PDF/AnnualReport/ 2020_IC3Report.pdf
6. Maxim May, Federal Computer Crime Laws, SANS (Apr. 24, 2021, 2:20 PM), https://www.sans.org/readingroom/whitepapers/legal/federal-computer-crime-laws-1446

Award Winning Article Is Written By: Mr.Gaurav Saluja

Authentication No: MY313336543556-13-0523