LEGISLATIVE FRAMEWORK FOR PREVENTION AND

PROSECUTION OF CYBERCRIME IN INDIA

A DISSERTATION SUBMITTED IN PARTIAL FULLFILLMENT OF

REQUIREMENT FOR AWARD OF THE DEGREE OF BACHELOR OF
LAWS
BABASAHEB BHIMRAO AMBEDKAR
UNIVERSITY, LUCKNOW

UNDER THE SUPERVISION OF: SUBMITTED BY:

Prof. Sudarshan Verma Kishan Chaturvedi

Head Department of Law Semester X

School of Legal Studies B.B.A.LL.B (Hons.)
BBAU LUCKNOW Roll No. 196647
BATCH- 2019-2024

SUBJECT- Dissertation (Written +VIVA)

SUBJECT CODDE- LB-1001

DEPARTMENT OF LAW, SCHOOL OF LEGAL STUDIES BABASAHEB

BHIMRAO AMBEDKAR UNIVERSITY (A
Central University) LUCKNOW-226025
 DECLARATION

I, Kishan Chaturvedi, hereby declare that the Dissertation entitled “Legislative

Framework for Prevention and Prosecution of Cybercrime in India.” has been

carried out by me under the supervision of Prof. Dr. Sudarshan Verma, Department of

Law, School of Legal Studies, Babasaheb Bhimrao Ambedkar University, (A Central

University) Lucknow. The research work is an original work, and it has not been

previously submitted in part or full any other degree in this University or any other

University. My indebtedness to other works and publications has been appropriately

acknowledged at relevant places.

To the best of my knowledge this Dissertation has been submitted.

Kishan Chaturvedi

B.B.A. LL.B.(HONS.)

SEMESTER X

ROLL NO. 196647

1
 CERTIFICATE

Date- …………….

This is to state that Mr. Kishan Chaturvedi of BBA.LL.B. (Hons) X Semester, Roll No.
196647, has submitted his project work entitled “Legislative Framework for
Prevention and Prosecution of Cybercrime in India.” as a part of the partial fulfilment
of the requirement for the award of the Degree of BBA.LLB. (Hons) under my guidance
and supervision. It is also affirmed that the project submitted by him is accurate, bona
fide, and genuine, and is forwarded for evaluation.

Prof. Sudarshan Verma

(Head of Department)

Guide and Supervisor

Department of Law

B.B.A.U., Lucknow

2
 ACKNOWLEDGEMENT

Firstly, I would like to thank the God for instilling me with the potential to do this
research work and also for helping me in unknown ways in all my endeavors so far.
Secondly, I would like to express my sincere gratitude and appreciation to my respected
supervisor and guide Prof Dr. Sudarshan Verma ma'am for taking out time from her
terribly busy schedule just to help me and for driving me to look into the arguments of
the other side. It was her supervision which made this work quite balanced in its
approach. It was really a memorable experience working under her.

Lastly, thanks lie to everyone else especially my seniors Aryan Vikram Singh and
Shubham Shai and others whose name I may have missed to mention but have helped
me in some ways or the other in this work.

Yours sincerely,

Kishan Chaturvedi

Dated: 30th April’ 2024

*****

3
 LIST OF ABBREVIATIONS

AIR All India Reporter

ARPANET Advanced Research Project Agency Network

AVI Audio Video Interleave

BARC Bhabha Atomic Research Centre

BBBO Better Business Bureau Online

CD Compact Disk

CDA Communication Decency Act

CDA Communication Decency Act

CEO Chief Executive Officer

CERN European Council for Nuclear Research

CERT-In Computer Emergency Response Team- India

CII Critical Information Infrastructure

CID Crime Investigation Department

CIPA Children Internet Protection Act

CIW Cyber and Information War

CJI Chief Justice of India

CMA Communications Management Associations

Co. Company

CODEXTER Committee of Expert against Terrorism

COPA Child Online Protection Act

Cr. PC Code of Criminal Procedure

DoD Department of Defense

DG Director General

4
DSCI: Data Security Council of India

EDT: Electronic Disturbance Theatre

EMC: Electromagnetic Capacity

ERNET: Education and Research Network

ERRI: Emergency Response & Research Institute

FARC: Revolutionary Armed Forces of Colombia

FBI: Federal Bureau of Investigation

FLV: Flash Live Video

GGE: Group of Governmental Experts

GIF: Graphic Interchange Format

HC: High Court

ICANN: Internet Corporation for Assigned Names and Numbers

ICCIS: International Code of Conduct for Information Security

ICT: Information Communication Technology

IGC: Institute for Global Communications

IGNOU: Indira Gandhi National Open University

IP: Internet Protocol

IPC: Indian Penal Code

IRC: Internet Relay Chat

ISP: Internet Service Provider

IT: Information Technology

JANET: Joint Academic Network

JPEG: Joint Photographic Experts Group

LAN: Local Area Network

LOAC: Laws of Armed Conflict

LITE: Liberation Tigers of Tamil Eelam

5
MCOCA: Maharashtra Control of Organized Crime Act

MIT: Massachusetts Institute of Technology

MMS: Multimedia Messaging Services

MP3: MPEG-Audio Layer 3

MPEG: Moving Picture Expert Groups

NASA: National Aeronautics and Space Administration

NASSCOM: National Association of Software and Service Companies

NATO: North Atlantic Treaty Organization

NeGP: National e-Governance Program

NCRB: National Crime Records Bureau

NDMC: New Delhi Municipal Corporation

NFNC: National Federal Networking Council

NIB: National Information Board

NIC: National Informatics Centre

NSFNET: National Science Foundation Network

NW: Network

OAM&P: Operation, administration, maintenance, and provisioning

PCT: Patent Cooperation Treaty

PLC: Programmable Logic Controller

PPP: Public Private Partnership

R&D: Research and Development

ROI: Return on Investment

SCADA: Supervisory Control and Data Acquisition

SC: Supreme Court

SCC: Supreme Court Cases

Sec.: Section

TCP: Transmission Control Protocol

6
TV: Television

UCS: Universal Communication System

UK: United Kingdom

UN: United Nations

UNCRC: United Nations Convention on the Rights of the Child

UNGA: United Nations General Assembly

US: United States

USA: United States of America

VCD: Video Compact Disc

VCR: Video Cassette Recorder

VSAT: Very Small Aperture Terminal

WMV: Windows Media Video

WPA: Western Provident Association (Note: This abbreviation commonly

refers to Wi-Fi Protected Access in the context of wireless network
security.)

WIC: Women, Infants, and Children (Note: This abbreviation can refer to the
Special Supplemental Nutrition Program for Women, Infants, and
Children in the United States.)

WTO: World Trade Organization

WWW: World Wide Web

7
 LIST OF CASES
-
 A& M Records Inc. v. Napster Inc.

 Abhinav Gupta v. State of Haryana

 Abrams v. United States

 Acqua Minerals Ltd. v. Pramod Borse

 Aktiebolaget Volvo v. A.K. Bhuva

 Asahi Metal Indus Co. v. Superior Court

 Australian Securities and Investments Commission v. Rich and Another

 Avnish Bajaj v. State

 Avtar Singh v. State of Punjab

 Bazzee.com case

 Bennett Coleman & Co. and Ors. v. Union of India & Ors.

 Bensusan Restaurant Corp. v. King

 Bharat Bank Ltd v. Employees

 Blackmer v. United States

 Burnham v. Superior Ct. of Cal.

 Calder v. Jones

 Card service International Inc. v. Mc Gee

 Care Vent Corp. v Nobel Industries AB

 Colonel Bajwa’s case

 Commission v. Council

 CompuServe, Inc. v. Patterson

 Court on its own motion v. State

8
 EDIAS Software Int’l, L.L.C. v. BASIS Int’l Ltd.

 Ex parte Pinochet Ugarte (No. 1)

 Ex parte Pinochet Ugarte (No. 2)

 FDIC v. British-American Ins. Co.

 Federal Communications Commission v. Fox Television Stations

 Federal Trade Comm. v. Compagnie de Saint-Gobain-Pont-a-Mousson

 Gates Learjet Corp. v. Jensen

 Gehling v. St. Georges School of Medicine, Ltd.

 Grace v. MacArthur

 Hall v. LaRonde

 Hari Krishna Bhatt v. State of Uttarakhand

 Hearst Corp. v. Goldberger

 Himalayan Drug Company v. Sumit

 Humphrey v. Granite Gate Resorts, Inc.

 IDS Life Insurance Company v. Sun America, Inc.

 Infosys Technologies Ltd. v. Akhil Gupta

 Inset Systems, Inc. v Instruction Set, Inc.

 International Shoe v. Washington

 Jayesh S. Thakkar v. State of Maharashtra

 Joyce v. Director of Public Prosecutions

 Justdial v. Infomedia

 K.A. Abbas v. Union of India

9
 Kamlesh Vaswani v. Union of India & Ors.

 Kartar Singh v. State of Punjab

 Keeton v. Hustler Magazine, Inc

 Kelly v. Arriba Soft Corp.

 Maqbool Fida Husain v Raj Kumar Pandey

 McDonough v. Fallon McElligot, Inc.

 Microsoft Corporation v. Deepak Raval

 Miller v. California

 Minnesota v. Granite Gate Resorts Inc.

 Nasiruddin v. Sita Ram Aggarwal

 New York Times Co. v. Tasin

 Pen Books Pvt. Ltd. v. Padmaraj

 People’s union for civil liberties (PUCL) v. Union of India

 Pfizer Products Inc. v. Altamash Khan

 Playboy Enterprises, Inc. v Chuckleberry Publishing, Inc.

 Playboy Enterprises, Inc. v Frene

 Playboy v. Frena

 R v Bow Street

 R. v. Bow Street Metropolitan Stipendiary Magistrate, ex parte Pinochet Ugarte

 Raj Kapoor and Others v State and Others

 Ranjeet D. Udeshi v. State of Maharashtra

 Regina V. Hicklin

 Resuscitation Tech. Inc., v. Continental Health Care Corp.

 Ritu Kohli’s Case

 Roth v. United States

10
 Ruston Hornby Ltd. v. Zamindara Engineering co.

 S. Khushboo v. Kanniamal & Anr.

 Sakal Papers (P) Ltd. & Ors. v. Union of India

 Samresh Bose v. Amal Mitra

 Shreya Singhal v. Union of India

 Sinatra v. Nat’l Enquirer, Inc.

 Smith v. Hobby Lobby Stores, Inc.

 SS Lotus Case (France v. Turkey)

 State of Maharashtra v. Marwanjee F. Desai

 State v. Granite Gate Resorts, Inc.

 Tamil Nadu v. Suhas Katti

 Tata Sons v. Ghassan Yacoub and others

 Time Incorporated v. Lokesh Srivastava

 Travelocity.co.in v. ClearTrip.com

 U.K. v. Alb.

 U.S. v Thomas

 U.S. v. Watchmakers of Switzerland Info Centre

 Uma Shankar v. ICICI Bank

 United States v Gorshkov

 United States v. Aluminium Co. of America

 United States v. First Nat’l City Bank

 United States v. Romano

 United States v. Williams

 United States v. Yunis

11
 VEJF and LICRA v. Yahoo! Inc. and Yahoo! France

 Virender Kumar Satyawadi v. State of Punjab

 Whitney v. California

 X (Belgian Citizen) v. Swiss Fed. Prosecutor’s Office

 Yahoo! Inc.v. Akash Arora

 Yahoo! Inc.v. Sanjay V. Shah

 Zippo Mfg. v Zippo Dot Com, Inc

12
 TABLE OF CONTENT
DECLARATION ................................................................................................................................... 1
CERTIFICATE ..................................................................................................................................... 2
ACKNOWLEDGEMENT .................................................................................................................... 3
LIST OF ABBREVIATIONS ............................................................................................................... 4
LIST OF CASES ................................................................................................................................... 8
CHAPTER I......................................................................................................................................... 15
INTRODUCTION ............................................................................................................................... 15
1.1 STATEMENT OF PROBLEM ............................................................................................. 21
1.2 HYPOTHESIS....................................................................................................................... 21
1.3 OBJECTIVE OF THE STUDY ............................................................................................. 21
1.4 SCOPE AND LIMITATION................................................................................................. 22
1.5 SURVEY AND LITERATURE ............................................................................................ 22
1.6 RESEARCH METHDOLOGY ............................................................................................. 24
1.7 PLAN OF WORK ................................................................................................................. 25
CHAPTER II ....................................................................................................................................... 28
MEANING, CONCEPT AND HISTORY OF CYBERCRIME IN INDIA ....................................... 28
2.1 NATURE AND SCOPE OF CYBER CRIME ...................................................................... 29
2.2 CHARACTERSTICS OF CYBER CRIME .......................................................................... 31
2.3 CLASSIFICATION OF CYBER CRIME ............................................................................. 32
2.4 NEED FORREGULATION OF CYBERSPACE ................................................................. 46
2.5 NEED FOR CRIMINALISATION OF OFFENCES IN CYBESPACE ............................... 47
2.6 OFFENCES THAT NEED TO BE CRIMINALIZED .......................................................... 48
2.7 CONCLUSION ..................................................................................................................... 49
CHAPTER III...................................................................................................................................... 50
LEGISLATIVVE PROVISION AND LEGAL FRAMEWORK REGARDING CYBERCRIME IN
INDIA ................................................................................................................................................... 51
3.1 APPLICATION AND OBJECTIVE OF INFORMATION TECHNOLOGY ACT 2000..... 52
3.2 SCOPE OF THE ACT ........................................................................................................... 53
3.3 OVERVIEW OF IT ACT, 2000 ............................................................................................ 55
3.4 SALIENT FEATURES OF IT ACT 2000............................................................................. 57
3.5 SECURITY PROCEDURE ................................................................................................... 58
3.6 AUTHORITIES UNDER IT ACT, 2000 .............................................................................. 58
3.7 CONTROLLING AUTHORITIES AND THEIR APPOINTMENT .................................... 59

13
 3.8 FUNCTIONS AND POWERS OF CONTROLLER ............................................................. 60
3.9 CYBER APPELLATE TRIBUNAL ..................................................................................... 62
3.10 AMENDMENTS TO CERTAIN STATUTES...................................................................... 65
3.11 CRITICAL APPRAISAL OF THE INFORMATION TECHNOLOGY ACT, 2000 ............ 70
3.12 INFORMATION TECHNOLOGY (AMENDMENT) ACT, 2008 ....................................... 72
CHAPTER IV ...................................................................................................................................... 74
JUDICIAL PRONOUNCEMENT REGARDING CYBER CRIME .............................................. 74
4.1 CYBER JURISDICTION ...................................................................................................... 75
4.2 CYBER JURISDICTION IN INFORMATION TECHNOLOGY ACT,2000 ...................... 77
4.3 JUDICIAL RESPONSE TO COMBAT CYBER CRIMES .................................................. 82
4.4 CONCLUSION ..................................................................................................................... 93
CHAPTER V ....................................................................................................................................... 96
CONLUSION AND SUGGESTIONS ................................................................................................ 96
5.1 CONCLUSION ........................................................................................................................... 97
5.2 SUGGESTIONS.......................................................................................................................... 99
BIBLIOGRAPHY ............................................................................................................................. 105

14
 CHAPTER I
INTRODUCTION

15
 CHAPTER- I
INTRODUCTION
In the 21st century, Information Technology has become ubiquitous, influencing people
worldwide. Its emergence has revolutionized our communication patterns almost instantly.
This technology has permeated every aspect of human existence, leading us from a
reliance on paper to a predominantly digital world. Today, computers play a crucial role in
safeguarding various forms of sensitive data, including political, social, economic, and
personal information, and ultimately benefiting society. Through the integration of
computers, the internet, and networking, we're establishing unprecedented levels of
precision, effectiveness, and speed across all domains. This convergence fosters
productivity, fosters creativity, and fosters innovation.

Information technology essentially combines computers, the internet, and networking

technology. The convergence of computer networks and telecommunications, facilitated
by digital advancements, has given rise to a shared realm known as Cyberspace or the
Virtual World. Cyberspace hosts a plethora of human activities conducted through the
internet, making it a bustling hub for netizens engaged in communication, commerce,
advertising, banking, education, research, and entertainment. Virtually every aspect of
human endeavor has been impacted by the advent of information technology. Computer
usage is proliferating rapidly, akin to the spread of a virus, with millions of users
connecting to the internet daily.

The swift expansion of internet and computer technology worldwide has bestowed
numerous benefits upon humanity. However, it has also evolved into a realm where
various illicit activities thrive, contravening legal statutes. Increasingly, the internet serves
as a platform for transnational crimes, encompassing activities like pornography,
gambling, human organ trafficking, illicit drug trade, hacking, copyright infringement,
terrorism, privacy violations, money laundering, fraud, software piracy, and corporate
espionage, among others.

The concept of cybercrime represents a modern facet of criminal activity in today's

world. It pertains to unlawful actions carried out through computers, the internet, or
computer networks, either knowingly or intentionally. Cybercrime encompasses
offenses.
16
committed within the virtual realm of cyberspace, including activities that are illegal or
prohibited. This term combines "cyber," which signifies the virtual world comprising
computers, the internet, networks, data processing, global communication, and
informational space, with "crime," a longstanding social, economic, and political
phenomenon inherent to human society. Crime constitutes a violation of legal norms,
punishable by law. As per Lord Atkin “the Criminal quality of an act cannot be discovered
by reference to any standard but one; is the act prohibited with penal consequences”1.

Hence, cybercrime is defined as any illicit activity where a computer serves as

either the instrument used as the target of the crime, or both. According to Dr. Debarati
Halder and Dr. K. Jaishankar, cybercrimes encompass various forms of unlawful actions
conducted in the digital realm: “Offences that are committed against individuals or groups
of individuals with a criminal motive to intentionally harm the reputation of the victim or
cause physical or mental harm, or loss, to the victim directly or indirectly, using modern
telecommunication networks such as Internet (Chat rooms, emails, notice boards and
groups) and mobile phones (SMS/MMS)”2

Cybercrime stands out as one of the newest and most intricate challenges in the
digital landscape. It can be described as a category of offenses where the broader category
is traditional crime, and the computer serves as either the target or perpetrator of the
criminal activity 3. As Pawan Duggal, the leading Supreme Court lawyer says, “Any
criminal activity that uses a computer either as an instrumentality, target or a means for
perpetuating further crimes comes within the ambit of cybercrime.”

Cybercrime encompasses any illicit activity where a computer serves as the

primary tool for its execution. The U.S. Department of Justice extends this definition to
encompass illegal acts that involve the storage of evidence on computers. This broadening
scope of cybercrimes includes offenses facilitated by computers, such as network breaches
and the spread of computer viruses. Additionally, it covers computer-based adaptations of
traditional crimes, including identity theft, cyber-stalking, online bullying, and cyber
terrorism.

1
Proprietary Articles Trade Association v. A.G. for Canada. (1932)
2
https://en.wikipedia.org/wiki/Cybercrime (Accessed on 17th April 2024)
3
CYBER CRIME by Parthasarathi Pati, http://www.naavi.org/pati/pati_cybercrimes_dec03.htm (Accessed
on 17th April, 2024)

17
 “Well, the new medium which has suddenly confronted humanity does not
distinguish between good and evil, between national and international, between just and
unjust, but it only provides a platform for the activities which take place in human society.
Law as the regulator of human behavior has made an entry into the cyberspace and is
trying to cope with its manifold challenges.” 4
Cybercriminals are reaping substantial
profits through various means, including damaging or sabotaging computers, stealing
valuable information via network breaches, or engaging in other illicit activities on the
internet. These activities often yield significant financial gains for the perpetrators.

Under Indian law, cybercrime must be deliberate and intentional, resulting in harm
to individuals or property. The Information Technology (IT) Act serves as the foundation
for e-commerce in India, focusing on promoting e-governance and e-commerce
opportunities while also emphasizing the importance of cyber security.

Given the increasing prevalence of cybercrimes due to widespread computer and

internet usage, there is an urgent need for robust cyber laws to combat these threats
effectively. Since cybercrime is a global issue, collaboration on an international scale is
essential to address this menace comprehensively. Although the term "cybercrime" is not
explicitly defined in the Information Technology Act of 2000, the Act addresses various
offenses and criminal activities conducted over the internet, with corresponding penalties
outlined in the Indian Penal Code of 1860 and other relevant legislations. Consequently,
cybercrime can be understood as the intersection of traditional crime and computer
technology.

As a saying in criminology goes – “a crime will happen where and only when the
opportunity avails itself.” Until recently, we were aware of only traditional types of crimes
like murder, rape, theft, extortion, robbery, dacoity etc. But now with the development and
advancement of science and technology there came into existence machines like
computers and facilities like internet. The internet has opened up a whole new virtual
heaven for the people good and bad, clever and naive to enter and interact with lot of
diverse cultures and sub-cultures, geography and demographics being no bar. The very
same virtues of internet when gone in wrong hands or when exploited by people with dirty.

4
Justice T. Ch. Surya Rao, “Cyber Laws – Challenges for the 21st Century”, Andhra Law Times, 2004, p.
24

18
minds and malicious intentions, make it a virtual hell. Stories of copyright theft, hacking
and cracking, virus attacks and plain hoaxes etc. have mounted up in the last few years.”5.

One of the critical issues in the virtual world is the matter of jurisdiction, which is
the authority of a court to hear a case and resolve a dispute within a sovereign territory
Jurisdiction issue in Cyber space is most complex issue. Like climate change issues, one
country in itself cannot have prevention and control mechanism to deal with the problem
of internet crimes without cooperation from other nations. The major international
organizations, like the OECD, APEC, ITU, G-8 and the commonwealth nation model law
on cybercrime, are taking important steps to curb the cybercrime through joint
cooperation’s and drafting a model law which will be standard through all over the world.
However, many countries still provide safe heaven to the cyber criminals as they have
different values regarding piracy and espionage, or they have their social problems. We
need to be more aware about the jurisdiction issues of cybercrime and its impact on the
world’s economy as cybercrime is the subject matter of every country’s jurisdiction. The
need of the hour is to resolve the issue of jurisdiction as it becomes so easy to commit a
cybercrime in one jurisdiction and hide in another to get away with crime. To deal with the
cybercrime globally most countries including India have enacted Laws related to
Information Technology, these laws be named as cyber law or information technology
laws. The researcher has made efforts to discuss this problem extensively and the efforts
taken by nation and international organization to deal with transnational cybercrime.

The IT ACT 2000 endeavors to modernize outdated laws and establish mechanisms
to address cybercrimes. Such legislation is crucial for enabling secure online transactions,
specifically by credit cards, without apprehensions of misuse. It further provides a
necessary legal framework to ensure that electronic records are not disregarded solely on
the basis of their digital form, thus ensuring their validity, enforceability, and legal effect.
With the increasing reliance on electronic records for transactions and communications,
the Act empowers government departments to embrace digital formats for official
documentation, including filing, creation, and retention. Additionally, it provides
provisions for the identification and beginning of electronic data through digital
signatures.

5
S.K. Verma, “Controlling the Internet Crimes”, CBI Bulletin, August 2001, p. 17

19
 From an e-commerce perspective in India, the IT ACT 2000 presents numerous
aspects. Firstly, it legitimizes email as an admissible form of communication in legal
proceedings. Companies now can engage in e-commerce, utilizing the legal structure
ensured by the Act. Digital signatures are accorded legal validity and authorization,
facilitating secure online transactions. Furthermore, the Act permits corporate entities to
operate as Certifying Authorities for issuing Digital Signature Certificates, promoting trust
and security in online interactions. It also paves the way for e-governance by allowing
government notifications to be issued online. Moreover, the Act enables companies to
electronically file various documents with government offices, authorities, or agencies,
streamlining administrative processes6.

Despite the specifications of the Information Technology ACT, 2000, several

significant challenges remained unaddressed. To address these challenges, the Information
Technology Amendment Bill 2006 was introduced. This amendment seeks to amend the
IT ACT in various ways:

(a) To ensure technological neutrality in the authentication of electronic records.

(b) To provide safeguards for the protection of personal information. (c) To alter the name
and composition of the appellate tribunal. (d) To limit the liability of intermediaries. (e) To
establish an examiner of electronic evidence.

Furthermore, the bill proposes that the publication or transmission of offensive or

pornographic material in electronic form be deemed an offense. Additionally, amendments
to the Indian Penal Code, 1860, are included to introduce new offenses such as identity
theft and the unauthorized recording or transmission of nude images of individuals7.

In today's world, stringent laws are imperative to combat cybercrime effectively,

necessitating amendments to our existing cyber laws to address contemporary challenges.
Cybercrimes represent a burgeoning category of offenses in India, propelled by
widespread internet usage. The Government of India has taken proactive measures to
ensure that every police station equipped to handle cybercrimes is staffed with officers
proficient in cyber law and information technology. Additionally, efforts have been made
to establish cyber cells in every district dedicated to addressing cybercrimes. The

6
An Introduction to cybercrime and cyber law” by professor R.K. Chaubey, Kamal Law House, ed.2012
7
http://www.prsindia.org/billtrack/the-information-technology-amendment-bill-2006-86/ (Accessed on
17th April,2024)

20
 introduction of the concept of E-FIR by several state governments allows for the reporting
of crimes electronically. Moreover, police stations are equipped with computers directly
linked to police headquarters, facilitating expedited investigations. However, to enhance
the efficacy of investigations, there is a need to improve judicial sensitivity and
knowledge. The government has initiated steps to educate both the police force and district
judiciary on cybercrime intricacies. It's essential to familiarize investigators and judges to
the complexities of the cybercrime landscape.

The purpose of this thesis is to comprehensively examine the landscape of

cybercrimes, encompassing their scope, nature, perpetrators, and the legal framework
aimed at mitigating these offenses. This research endeavor will provide a holistic overview
of governmental initiatives undertaken at both national and international levels to combat
cybercrimes, as well as identify future actions required to address these challenges
effectively. Additionally, the thesis will undertake a rigorous analysis of the Information
Technology Act, 2000, and its subsequent amendment in 2008, evaluating their strengths,
weaknesses, and inadequacies. Furthermore, it will explore potential strategies and
solutions to overcome the limitations identified in these legislative measures.

1.1 STATEMENT OF PROBLEM

The study aims to address the multifaceted challenges posed by cybercrimes in
contemporary society. Specifically, it seeks to investigate the evolution and proliferation
of cybercrimes, analyze the complexities associated with addressing such offenses,
examine the principles of jurisdiction in cyber law, evaluate the adequacy of existing
legislative frameworks, assess international efforts to combat cyber threats, explore the
feasibility of establishing a uniform global law, identify deficiencies in current legislation,
and propose reforms and remedial measures for the prevention and control of cybercrimes
1.2 HYPOTHESIS
Despite the enactment of legislative measures such as the Information Technology Act
2000 and its subsequent amendments, the current legislative framework for cybercrime
prevention and prosecution in India exhibits inadequacies in effectively addressing the
evolving nature and complexities of cyber threats. Through comprehensive analysis and
evaluation, this thesis aims to demonstrate that reformative measures, including
amendments to existing laws and the establishment of robust enforcement mechanisms,

21
 are imperative for enhancing cybercrime prevention and prosecution capabilities in India.
Additionally, it is hypothesized that international collaboration and adoption of best
practices in cybercrime legislation could significantly contribute to bolstering India's cyber
security posture and mitigating the risks posed by cyber threats.
1.3 OBJECTIVE OF THE STUDY
The main objectives of the present study are outlined as follows:
1. To trace the origins and evolution of cybercrimes.
2. To identify and analyze the challenges encountered in addressing cybercrimes.
3. To examine the principles of jurisdiction in cyber offenses and evaluate the measures
implemented by international organizations and countries collectively to combat
cybercrime.
4. To assess the adequacy of the IT ACT 2000 in addressing the challenges faced by
activities in cyberspace.
5. To investigate international initiatives aimed at mitigating cyber threats.
6. To explore the feasibility of establishing a uniform global law to address cybercrime.
7. To identify deficiencies in existing legislation pertaining to cybercrimes.
8. To propose reforms and remedial measures for the prevention and control of cybercrimes.

1.4 SCOPE AND LIMITATION

Study holds significance both academically and practically. Academically, it delves into
the nuanced judicial approach necessary for addressing the complexities of cybercrimes.
Practically, it illuminates the efficacy of judicial responses in safeguarding individuals
from various cyber offenses. The study's findings are derived from an assessment of
existing laws and the identification of requisite measures to confront present and future
cyber law challenges globally, informed by legislative and judicial perspectives in the
research domain. Its primary objective is to evaluate cyber laws on a global scale and
interpret them in light of contemporary needs. Furthermore, the research endeavors to
explore the feasibility of establishing a uniform law to combat the menace of cybercrime.
The practical significance of this work lies in its potential to clarify ambiguities
surrounding cyber laws for policy-making institutions, enabling them to enact specific
legislation tailored to cybercrime prevention and prosecution.

1.5 SURVEY AND LITERATURE

22
 A crucial aspect of undertaking a thesis on an important topic, especially in law, involves
thorough consultation of reputable books, articles, and, significantly, legal judgments
rendered by the country's Supreme Court. Initiating research begins with reviewing
existing literature on the subject matter. By identifying the research problem, one can seek
answers within the existing literature, which not only enhances understanding of the topic
but also aids in formulating the research methodology. A wealth of resources, including
books, monographs, reports, research papers, and articles, are available on the prevention
and control of cybercrimes, providing valuable insights and perspectives for scholarly
inquiry.

8
In his book "An Introduction to Cyber Crime and Cyber Law," Prof. (Dr.) R.K.
Chaubey underscores the significance of the 'right to privacy' in the contemporary
information and communication era. He points out that technological advancement has
enabled potential intruders to eavesdrop on private conversations, granting cyber criminals
the means to violate individuals' privacy. The author provides a comprehensive
exploration of cyber law, covering various aspects such as cyber forensics, digital
investigation, and emerging cybercrimes, including those perpetrated through mobile
phones. Furthermore, Prof. Chaubey delves into the intricate issue of jurisdiction,
extensively analyzing both international and national laws and proposing potential
solutions to address longstanding jurisdictional challenges in cybercrime cases.
Additionally, he delves into the topic of intermediary liability in detail and sheds light on
crimes related to intellectual property rights.

In her book "Cyber Crimes,"9 Dr. Talat Fatima brings attention to the unique challenges
encountered by legislatures worldwide in establishing liability for cybercrimes, with a
particular focus on the Information Technology Act, 2000.

In his book "A Practical Approach to Cyber Laws,"10 K. Mani Advocate explores the
necessary amendments needed in existing legislation to streamline e-commerce in the
information technology era. The author emphasizes the importance of amending various
regulations, particularly the Indian Evidence Act, to address potential misuse arising from
transactions and other dealings conducted through electronic mediums. Highlighting the

8
Prof. R.K. Chaubey, “An Introduction to Cyber Crime and Cyber law”, Kamal Law House, 2012
9
Dr. Talat Fatima, “Cyber Crimes”, Eastern Book Company, 2011
10
K. Mani, “A practical approach to cyber laws”, Kamal Publishers, 2012.

23
 urgency of updating existing laws, the author delves into recent case laws extensively to
provide practical insights and guidance.

In his book "Cyber Laws,"11 Justice Yatindra Singh explores the realm of intellectual
property rights, including trademarks, copyrights, and patents, within the cyberspace
domain. Drawing from judgments rendered in landmark cases such as the Napster Case12
and Sony PlayStation Case13, the author analyzes instances of copyright infringement.
Additionally, Justice Singh provides detailed explanations on various aspects including e-
commerce, taxation, and privacy concerns.

In his book "Cyber Crimes, Electronic Evidence and Investigation: Legal

Issues,”14Vivek Sood Advocate addresses the myriad challenges and legal complexities
associated with cybercrimes, which pose significant hurdles for criminal justice systems
worldwide. These challenges include jurisdictional issues, cross-border investigations,
evidence collection, and ultimately the prosecution of offenders. The book provides
extensive coverage of these issues, particularly within the framework of the Information
Technology Act, 2000, and its amended version, the IT Amendment Act, 2008.

In his book "Information Technology: Law and Practice,15" Vakul Sharma Advocate
provides a comprehensive examination of the Information Technology Act, 2000,
supplemented by the latest case laws. In addition to elucidating the intricacies of the Act,
the author delves into the global perspective of cyber jurisdiction, shedding light on
international considerations. Furthermore, Vakul Sharma explores the delicate balance
between freedom of speech and expression in the online realm, addressing pertinent legal
issues. The book also offers insights into intellectual property rights in the electronic
medium, discussing relevant Indian laws and their implications.

In his book "Cyber Laws and Information Technology, 16 " Dr. Jyoti Rattan offers
foundational understanding of the technical and legal complexities surrounding cyber law.
The author provides insights into various aspects of cyber law, aiming to equip readers
with a basic understanding of the subject. Additionally, Dr. Rattan identifies and discusses.

11
Justice Yatindra Singh, “Cyber Laws”, Universal Law Publishing co., 2007
12
A & M Records Inc v. Napster Inc, 114 F. Supp 2d 896(N.D. Cal 2000)
13
Kabushiki Kaisha Sony Computer Entertaining v. Stevens, 2002 FCA 906
14
Vivek Sood, “Cyber Crimes, Electronic Evidence & Investigation, Legal Issues”, Nabhi Publication, 1st
Revised Edition, 2010.
15
Vakul Sharma, Information Technology: Law and Practice, Universal Law Publication Co., 2015
16
Dr. Jyoti Rattan, Cyber Law and Information Technology, 5th Edition, Bharat Law House Pvt. Ltd., 2015

24
 grey areas within the Information Technology Act, 2000, emphasizing the need for
governmental attention and potential amendments to address these gaps.

1.6 RESEARCH METHDOLOGY

The current study adopts a doctrinal approach and draws upon both primary and secondary
sources. Primary sources encompass substantive and procedural legislation, including the
Information Technology Act 2000, the Information Technology Amendment Act 2008, the
Indian Penal Code 1860, the Criminal Procedure Code 1973, the Indian Evidence Act
1872, laws pertaining to Intellectual Property Rights, the Right to Information Act 2005,
the Negotiable Instrument Act 1882, the Reserve Bank of India Act 1934, and the Bankers
Books Evidence Act 1891. Secondary sources comprise crime reports, journals, books,
case laws, and internet surveys. The study's findings are rooted in statutory provisions and
case law from Indian and foreign courts. Notably, recent judgments from the apex court,
such as the repeal of section 66A of the IT ACT 2000, are discussed. Given the extensive
and continually evolving nature of the subject, a representative selection of cases from the
United Kingdom, the United States of America, and India has been included to address all
significant aspects of the chosen problem.

1.7 PLAN OF WORK

Chapter I serves as an introduction to the study, outlining the problem statement within
the realm of cybercrimes. It elucidates the concept of cybercrime and provides definitions
as per legal frameworks, along with insights from notable figures in the field of cyber law.
Additionally, the chapter delineates the methodology adopted for the study and offers an
overview of relevant literature in the area.

Chapter II delves into the realm of cybercrime and its classification, offering an in-depth
analysis of renowned authors' and jurists' definitions of cybercrimes. The researcher
meticulously explores the nature, scope, characteristics, essential elements, and
classification of cybercrimes on a global scale, shedding light on the factors contributing
to their occurrence. Moreover, the chapter delves into major cybercrimes such as cyber
pornography, cyberstalking, cyber terrorism, hacking, theft of personal data, and financial
cybercrimes.

25
 Furthermore, the researcher provides a comprehensive overview of the judicial
approach to cybercrimes in foreign countries and India, drawing on case laws to illustrate
key points. Through this examination, the chapter offers valuable insights into the
evolving landscape of cybercrimes and the legal responses to combat them, both
internationally and within India.

In Chapter III, the focus shifts to the statutory provisions governing cybercrime in India,
providing a comprehensive examination of the Information Technology Act of 2000 and
its subsequent amendment in 2008. The researcher meticulously analyzes other relevant
acts dealing with cyber offenses in India, aiming to offer a thorough understanding of the
legal framework surrounding cybercrimes.

The chapter delves into the specific cyber offenses covered under the IT ACT,
exploring measures for their prevention, compensation, and adjudication. By highlighting
the objectives behind the enactment of this legislation by the Government of India, the
researcher aims to elucidate the underlying goals and intentions driving the legal
framework for addressing cybercrimes in the country. Through a detailed study of
statutory provisions, the chapter seeks to provide clarity on the legal landscape and
mechanisms for combating cyber offenses in India.

In Chapter IV, the researcher delves into the complex issues surrounding jurisdiction in
the cyber world, shedding light on the challenges posed by municipal and international
law. The chapter elucidates the intricacies of jurisdictional issues encountered in
addressing cybercrime, covering concepts such as prescriptive, enforcement, territorial,
and extraterritorial jurisdiction.

The researcher examines whether cyber offenses fall under extraditable offenses
and explores the approaches of the US, Europe, and India regarding personal jurisdiction
in cyber offenses. Furthermore, the chapter emphasizes the necessity of uniform laws to
effectively navigate the concept of jurisdiction in the cyber world. By addressing these
crucial issues, the researcher aims to provide insights into the multifaceted nature of
jurisdictional challenges in combating cybercrime and underscores the importance of
cohesive legal frameworks to address them.

In Chapter V, the researcher presents conclusions and suggestions based on an in-depth

analysis of cyber legislation in India. The chapter highlights the shortcomings of existing.

26
cyber laws and proposes measures to prevent and control cybercrime effectively,
particularly within the Indian context.

Specific attention is given to cybercrime in the Indian scenario, with

recommendations aimed at enhancing cybercrime control measures. Suggestions are
provided to improve existing laws and enhance preparedness within the police and
judiciary to combat cybercrime effectively.

The chapter underscores the importance of comprehensive analysis and

understanding of cybercrimes and relevant cyber laws across various countries, with a
primary focus on the Indian landscape. Through these conclusions and suggestions, the
researcher aims to contribute to the ongoing efforts to address cybercrime and strengthen
legal frameworks to combat it effectively in India.

*****

27
 CHAPTER II

MEANING, CONCEPT AND HISTORY

OF CYBERCRIME IN INDIA

28
 CHAPTER II
MEANING, CONCEPT AND HISTORY OF CYBERCRIME IN
INDIA

Cybercrime is a relatively recent form of criminal activity that occurs via computers, the
internet, or other technologies recognized by the Information Technology Act. It has
become increasingly prevalent in modern India, posing significant challenges to society
and government alike. Perpetrators of cybercrimes not only cause substantial losses but
also possess the ability to conceal their identities effectively. Technically skilled
individuals engage in a variety of illegal activities over the internet, making cybercrime a
pervasive issue.

Broadly interpreted, cybercrime encompasses any illicit activity where a computer or the
internet serves as either a tool or target, or both. While some judicial interpretations of
cybercrime exist in Indian court judgments, the term itself remains undefined by
legislation enacted by the Indian Legislature. This uncontrollable menace is due to the
exploitation of society's increasing reliance on computers in daily life activity. The rapid
expansion of computer usage and associated technologies has become an indispensable
aspect of modern living, offering unparalleled convenience but also harboring dark
aspects.

Despite the numerous benefits of the internet, it also harbors a host of negative facets.
Cybercrime manifests in various forms, including cyber-stalking, cyber-terrorism, e-mail
spoofing, e-mail bombing, etc. Additionally, conventional crimes may switch to
cybercrimes when committed in conjunction with computers or internet mediums.

2.1 NATURE AND SCOPE OF CYBER CRIME

Crime is influenced by societal factors. Despite efforts, it's impossible to envision a

society devoid of cybercrime. In fact, if we struggle to reduce crime to an acceptable level
in the physical world, addressing it in the virtual realm seems even more challenging,
given its intangibility, persistence, and lesser legal control. Over time, the characteristics,
extent, and definition of crime evolved within a community. The fact that a crime-free
society c a n e x i s t is unrealistic, as crime is inherent to society and reflects its
nature.
29
Consequently, the type of crime observed is intricately linked to the characteristics of that
society.

The intricacy of a society dictates the intricacy of the crime it breeds. To comprehend
crime within a society, it's imperative to examine all the factors that shape and fuel it.
This includes understanding the socio-economic and political framework of society, as
well as identifying potential remedies to mitigate it. Additionally, when studying the
nature and extent of crime, the preventive and corrective actions implemented by
authorities to manage criminal and delinquent behavior within the community are also
considered.

Technological progress has introduced fresh socio-economic and political challenges

in society. Rather than aiding the state in managing these issues, it has generated new,
intricate situations that are challenging to comprehend and even harder to address within
the framework of existing laws. The governmental apparatus lacks sufficient resources
and expertise to effectively tackle modern crime.

Over the past three to four decades, computers have exceeded expectations in
transforming modern society. They have not only enhanced convenience but have also
greatly facilitated social, economic, and cultural interconnectedness across various
regions of the world. Computer technology enables access to global information and
communication from the comfort of one's own space, breaking down traditional barriers
of time and distance. However, alongside these remarkable benefits, the widespread use
of computers has also introduced jurisdictional challenges within legal systems.

Determining jurisdiction in transnational internet transactions poses significant

challenges. Courts faced considerable ambiguity when addressing questions of
jurisdictional law, struggling to determine the appropriate forum for cases involving
cybercrime. Unlike the physical world, the borderless nature of cyberspace complicates
matters, making it exceedingly difficult to control cybercrime. Local law enforcement
agencies often lack the capacity to effectively address transnational crimes like
cybercrime. Additionally, existing laws applicable to territorial jurisdictions are often
inadequate to regulate cybercrime due to its distinct nature compared to traditional forms
of crime.

30
 The global scale of cybercrime has indeed posed significant challenges in handling
and addressing it. While the evolution of internet technology has offered numerous
advantages and fueled rapid growth, but it has also bestowed criminals with opportunities
to commit criminal activities with minimal risk of detection. Cyberspace has become a
breeding ground for deviant behavior in society. The concept of cybercrime has gained
momentum, presenting a significant threat to global society. As human society becomes
increasingly dependent on technology, it becomes more vulnerable to cybercrime.

As cybercrime transcends national borders, relying solely on nationwide approaches

to crime generalization is no longer feasible. Our comprehension and regulation of
cybercrime must extend beyond national boundaries to an international level. It's
imperative to successfully protect society from the ubiquitous menace of cybercrime by
passing new legislation and establishing international preventive and defence systems.
We cannot successfully tackle this threat known as "Cyber Crime" unless we work
together on a global scale and make coordinated efforts.

Thus, the international community and its institutions face a serious challenge from
the threat of cyberterrorism. Terrorist groups use technology to incite hatred among the
public, find new recruits for their militant groups, and train them through instructional
materials. Additionally, they establish websites providing guidance on weapon usage and
bomb-making techniques.

2.2 CHARACTERSTICS OF CYBER CRIME

The nature of cybercrime differs significantly from traditional forms of crime, especially
with the rapid expansion of Internet technology. This shift has brought unprecedented
attention to cybercrime compared to its traditional counterparts. Therefore, it is essential
to thoroughly analyze the unique characteristics of cybercrime.

Specialized Knowledge: Perpetrating cybercrimes demands a high level of technical

expertise. Those involved typically possess advanced education and a profound grasp of
internet and computer operations, presenting significant challenges for law enforcement
in apprehending them.

Geographical Boundaries: Within cyberspace, traditional geographic constraints

dissolve. Cyber criminals can strike from anywhere globally, reaching targets in
distant.

31
 locations with ease. For instance, a hacker based in India can infiltrate systems located in
the United States, highlighting the borderless nature of cybercrime.

Virtual Environment: Cybercrime unfolds exclusively within the virtual realm, with
perpetrators physically outside of it. Every aspect of their illicit activity, from planning to
execution, occurs online, complicating efforts to trace and capture them.

Evidence Collection - Gathering evidence of cybercrime and presenting it in a court of

law poses significant challenges due to the nature of such crimes. Cybercriminals often
exploit multiple jurisdictions during their activities and operate from locations where they
cannot be easily traced.

Scale of Crime - Cybercrime has the capacity to cause unimaginable harm and loss of
life. Offenses such as cyber terrorism and cyber pornography have far-reaching
consequences, capable of swiftly destroying websites and pilfering sensitive data from
companies.

2.3 CLASSIFICATION OF CYBER CRIME

The researcher delves into instances where computers or technology serve as instruments
for illicit activities. These activities typically entail a reinterpretation or adaptation of
traditional crimes through the use of information technology. Below is a compilation of
prevalent cybercrimes, ranging from widely observed to less common occurrences, which
will be further discussed-

1. Cyber Pornography

The term "Pornography" originates from the Greek words "Porne" and "Graphein," which
respectively mean "prostitute" and "to write," referring to any form of art or literature
addressing sexual themes.1 Defining pornography proves challenging, lacking a universal
legal definition due to variations in customs and traditions across countries. While
considered legal in some nations, it is illegal and subject to punishment in others.

Cyber pornography, in essence, involves using the internet to create, display,

distribute, import, or publish pornographic or obscene materials. The rise of cyberspace
has significantly shifted the landscape of pornography, replacing traditional forms with

1
http://blog.ipleaders.in/cyber-pornography-law-in-india-the-grey-law-decoded/ (Accessed on 17th April 2024)

32
 digital content. Pornography lacks a consistent legal definition, as its interpretation varies
based on societal norms and values regarding explicit content.

The lack of a clear definition for pornography stems from the absence of uniform
cultural and ethical standards worldwide, as well as the absence of consistent legal
frameworks governing its definition. The notions of obscenity and pornography differ
across countries and evolve over time. While related, obscenity and pornography are
distinct concepts. Material banned in some nations may be permissible elsewhere. In the
context of Indian law, the term pornography remains undefined and largely unaddressed.

In contemporary society, the allure of sexuality is a powerful marketing tool, proving

exceptionally lucrative. Indeed, the current pornography sector dwarfs the size of any
individual company or conglomerate globally. The emergence of the internet has marked
a significant turning point for the porn industry, providing an ideal platform for
disseminating pornographic content worldwide. According to the internet filter review
report of 2010, there are 4.2 million websites offering porn content to the world. 68
million daily search engine requests are made and 72 million worldwide users visit adult
sites per month. 42.7 percent of total users who use internet watch pornographic material
over the internet.2

In the pre-internet era, DVDs and videotapes were the primary mediums for
distributing pornography. However, with the advent of the internet accessible to the
general public, it quickly became the predominant platform for accessing pornography
from the comfort of one's home. Individuals who might feel peer pressure or
embarrassment in obtaining pornographic material now have easy access to pictures and
videos online. The proliferation of pornography websites offering various media formats,
including live webcam access, has further expanded access to explicit content.

“Information technology has revolutionized the creation and distribution of

pornographic material through the internet. Such material can now be disseminated
globally within seconds, eliminating the geographical barriers that once hindered the
spread of foreign publications into local territories.”3.

2. Child Pornography

In today's modern world, children, especially adolescents, are inclined to explore various
aspects of the information highway. With easy access to computers and the internet at

2 http://internet-filter-review.toptenreviews.com/internet-pornography-statistics.html (Accessed on 17th April 2024)

3 Gorman, L. and Maclean, D. Media and Society in the Twentieth Century, Blackwell publishing, 2003.
33
 home, these technologies have become integral to their education. However, this access
also exposes them to potential dangers online. Curiosity about sexuality and explicit
material is common among children, and their unrestricted exploration of the internet may
lead them into risky situations. Unfortunately, parents often lack sufficient control over
their children's online activities, leaving them vulnerable to exploitation by sex offenders.
Children, at their tender age, may not fully comprehend the dangers posed by these
interactions. Abusers, particularly pedophiles, exploit the internet extensively to sexually
abuse children worldwide. In India, where internet access is increasingly widespread,
children are becoming susceptible victims to cybercrime.

In the physical world, parents are often aware of potential dangers and can educate
their children about them, providing simple guidelines to avoid or address problems.
However, when it comes to cybercrime or internet-related crimes, many parents
themselves lack knowledge about the risks posed by various online services. This
knowledge gap allows pedophiles to take advantage of children's naivety, luring them in,
gaining their trust, and then exploiting them. Without proper guidance from parents or
teachers regarding online safety and discerning right from wrong on the internet, children
are left vulnerable to such exploitation.

The Information Technology Act, 2000 initially lacked specific provisions addressing
child pornography. However, later amendments introduced Section 67B4, which has been
inserted in IT ACT, 2008. 5
It stipulates, any individual “Whoever,- (a) publishes or
transmits or causes to be published or transmitted material in any electronic form which
depicts children engaged in sexually explicit act or conduct or, (b) creates text or digital
images, collects, seeks, browses, downloads, advertises, promotes, exchanges or
distributes material in any electronic form depicting children in obscene or indecent or
sexually explicit manner or (c) cultivates, entices or induces children to online
relationship with one or more children for and on sexually explicit act or in a manner
that may offend a reasonable adult on the computer resource or (d) facilitates abusing
children online or (e) records in any electronic form own abuse or that of others
pertaining to sexually explicit act with children, shall be punished on first conviction with
imprisonment of either description for a term which may extend to five years and with a
fine which may extend to ten lakh rupees and in the event of second or subsequent

4
Information Technology Act, 2000, S. 67B
5
Information Technology Amendment Act 2008, Act 10of 2009

34
 conviction with imprisonment of either description for a term which may extend to seven
years and also with fine which may extend to ten lakh rupees:”

“Provided that the provisions of section 67, section 67A and this section does not
extend to any book, pamphlet, paper, writing, drawing, painting, representation or figure
in electronic form- (i) The publication of which is proved to be justified as being for the
public good on the ground that such book, pamphlet, paper writing, drawing, painting,
representation or figure is in the interest of science, literature, art or learning or other
objects of general concern; or (ii) which is kept or used for Bonafede heritage or
religious purpose.”

“Explanation: For the purposes of this section, "children" means a person who has
not completed the age of 18 years.”6.

Lt. Col. Jagmohan Balbir Singh was recently taken into custody by the Crime Branch
police's Cyber Cell for allegedly posting pornographic photographs and videos of children
on websites catering to minors. Lt. Col. Singh faces charges under Section 67B of the
Information Technology Act, which pertains to the punishment for publishing or
transmitting material depicting children in sexually explicit acts in electronic form. The
investigation was initiated after German police detected suspicious activity originating
from Mumbai on a server located in the United States. The German authorities reported
their findings to Interpol, which then relayed the information to the Central Bureau of
Investigation (CBI) in Delhi and subsequently to the Mumbai Crime Branch. The Cyber
Cell traced the server activity to the Internet Protocol (IP) address belonging to Lt. Col.
Singh. Following this discovery, he was arrested from his residence and charged under
Section 292 of the Indian Penal Code (IPC) and Section 67B of the Information
Technology Act, 2000.7

3. Cyber Stalking

Stalking generally refers to the behavior of harassing or threatening another person. Cyber
stalking extends this behavior into the online realm, utilizing information technology for
its execution. In cyber stalking, the internet, email, chat rooms, and other online platforms
are employed to stalk an individual.

6
Information Technology Act, 2000, S. 67B
7
http://www.thehindu.com/todays-paper/army-officer-held-for-childpornography/article763433.ece (Accessed
on 17th April 2024)

35
 Wikipedia defines cyber stalking as the use of the Internet or other electronic means to
harass or harass someone, a group, or an organization. This may involve false accusations
or statements of fact (such as defamation), monitoring, making threats, identity theft,
damaging data or equipment, soliciting minors for sex, or gathering information for the
purpose of harassment.8

Stalking is characterized by a series of actions that are often legal when considered
individually. However, when viewed as a whole, they constitute a pattern of behavior
intended to harass or threaten someone. There is no single, accepted definition of
cyberstalking, and it can differ depending on the jurisdiction. In the words of Lamber
Royakkersi-

“Cyber stalking is the repeatedly harassing or threatening of an individual via the

internet or other electronic means of communication. A cyber stalker is someone with
amorous and/or sexual motives who constantly harasses someone else electronically: via
the bulletin board, chats box, email, spam, fax, buzzer or voice-mail. Stalking generally
involves the constant harassment or threatening of someone else: following a person,
appearing at someone’s house or workplace, making harassing phone calls, leaving
written messages or objects, or vandalizing someone’s property. Because the stalking
activities are so diverse and have to be seen in their connection it is difficult to give a
precise description of stalking.”9

Cyber stalking, devoid of physical contact, appeals to offenders for its conveniences,
such as easy communication, access to personal information, and anonymity. Perpetrators
can harass victims from any location globally by posting derogatory comments or sharing
personal details on social platforms, prompting unwarranted messages or calls to the
victim. The expansive reach of the internet allows offenders to easily access personal
data, rendering individuals susceptible to cyber stalking.10

In today's interconnected world, the internet has become an integral aspect of both
personal and professional life. The seamless communication facilitated by the internet
enables offenders or individuals seeking revenge to malign victims by sending offensive
emails. Contrary to the misconception that cyber stalking is less harmful than physical
stalking due to its lack of physical contact, it can be equally damaging. As the internet

8
http://www.thehindu.com/todays-paper/tp-national/prevent-access-to-child-pornographycentre-
told/article8287151.ece (Accessed on 17th April 2024)
9
http://www.sociosite.org/cyberstalking_en.php (Accessed on 10Th February 2016)
10
S. K. Verma, Raman Mittal, Legal Dimension of Cyberspace, Indian Law Institute, New Delhi.

36
 becomes increasingly integrated into our lives, stalkers exploit its communication ease
and access to personal information. While a stalker may hesitate to confront a victim in
person or over the phone, they may readily resort to sending harassing or threatening
electronic communications. Just as with physical stalking, online harassment and threats
can escalate to more serious behaviors, including physical violence.11

Stalking disproportionately affects women and children, with women often facing
threats, vandalism, and physical assaults in the real world, which are mirrored in cyber
stalking incidents. Obscene content exacerbates the threats and harassment experienced
by victims. While men also fall prey to stalking, the incidence is lower compared to
females. Children, particularly, are vulnerable to adult predators and pedophiles online.
Victims of cyber stalking typically have limited knowledge of internet services and
applications.

Stalkers often exhibit traits of paranoia and low self-esteem, although motivations
vary. Some stalkers seek revenge, others derive pleasure from harassment, while some
engage in mischief. The characteristics of stalkers vary from one individual to another.12

Cyber stalking manifests in three primary forms:

 Stalking by Email: This is the most common form, where the offender directly sends
threatening or harassing emails to the victim. Hate speech, obscene content,
pornographic material, and threats are frequently used in these communications.

 Internet stalking: This type of cyberstalking is conducted worldwide. Instead of

invading the victim's personal space, the perpetrator uses the internet to publicly
harass them. They might upload altered images of the victim online, provide bogus
information about the victim on different websites, and publish the victim's phone
numbers and email addresses on pornographic websites.

 Computer stalking: In this type of stalking, the perpetrator, who is typically a

competent technologist, takes over the victim's computer as soon as it boots up. With
a high degree of technical expertise, the stalker gains access to the victim's computer
address. To avoid being stalked further, the victim's sole option is to unplug the
computer and change their current internet address.

11
Ibid.
12
Verma Amita, ‘Cyber Crimes & Law’, Central Law Publication, p-157-158 also available at
http://www.legalindia.com/cyber-stalking-the-impact-of-its-legislative-provisions-in-india/ (Accessed on 17th
April 2024)

37
 4. Cyber Terrorism
Since terrorist attacks against people have increased dramatically over the past ten
years, the problem of terrorism has grown more complex in the modern period.
Everyone has been impacted by the horrific acts of terrorism, from common people to
entire nations. After the Cold War ended, the threat of terrorism has become a major
international concern. Terrorism is a serious threat and a source of innumerable deaths
globally, in spite of the efforts of state agencies.

Both domestically and internationally, a great deal of countermeasures have been put
in place, although they have frequently fallen short of successfully stopping terrorist
acts. A large number of these actions have their roots in conventional methods, which
might work well against conventional types of terrorism. However, amidst the
upheaval that brought household names and industry giants Technology did not
waver, even to their knees. In actuality, technology has subtly developed into an
essential business enabler, but its importance is occasionally undervalued.

A new chapter in the realm of information warfare has emerged in a sinister guise:
cyber-terrorism. Cyber-terrorism involves highly targeted actions aimed at causing
terror, presenting a growing threat capable of inflicting significant harm. While we
often associate terrorism with loss of life, it's crucial not to underestimate the impact
of cyber-terrorism in terms of intimidation or coercion.13

5. Cracking

Cracking is regarded as one of the most serious cybercrimes. It is argued that cracking
undermines people's confidence in information technology and the Internet. Cracking
into a computer system has been portrayed as a threat necessitating stringent laws to
serve as deterrents. However, such a general portrayal is somewhat flawed.

13
Dr. Sirohi M. N., Cyber Terrorism and Information Warfare, Alpha Editions Delhi

38
 Cracking a computer simply means gaining unauthorized access to it. Illegally accessing
someone else's computer constitutes cracking. Unauthorized entry into another person's
computer is also considered cracking, akin to phone-tapping. Crackers identify
vulnerabilities in the target computer program and exploit them to gain access. Anti-
cracking tools like Firewall technology and intrusion detection systems serve as
preventive measures to safeguard computers from being cracked. Firewall acts as a
barrier against cracking, while intrusion detection systems also attempt to identify the
source of cracking.

6. Viruses14

Computer contamination and viruses have a lengthy history. The concept of self-
replicating programs was initially conceived in 1949. By 1981, the emergence of Apple
Viruses 1, 2, and 3 on Apple II operating systems, disseminated primarily through pirated
computer games, marked a notable milestone. In 1987, the 'Lehigh' virus infiltrated
'command.com' computer files, followed by the notorious 'Jerusalem' virus in 1988,
notorious for activating every Friday the 13th, targeting both '.exe' and '.com' files, and
erasing programs executed on that day. Symantec's introduction of 'Norton Anti-virus' in
1990 signified a significant step as one of the pioneering anti-virus programs from a
major corporation. By 1992, the discovery of 1300 viruses, representing a 420% increase
from December 1990, highlighted the escalating threat. This was also the year of the
creation of the 'Dark Avenger Mutation Engine' (DAME), a toolkit facilitating the
transformation of viruses into polymorphic variants. In 1994, the 'Good Times' email
hoax propagated fear within the computer community, warning of a destructive virus
capable of wiping entire hard drives through a seemingly harmless email titled "Good
Times." Subsequently, 'Word Concept' emerged as a prominent virus in 1995, spreading
through Microsoft Word documents. The year 1996 witnessed the infiltration of the
'Baza,' 'Leroux,' and 'Staog' viruses affecting Windows 95, Excel, and Linux, respectively.
1998 marked the emergence of 'Strange Brew,' the first virus to infect Java files, and the

14
A computer virus is a program or piece of code that is loaded onto your computer without your knowledge
and runs against your wishes. Viruses can also replicate themselves. All computer viruses are man-made. A
simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple
virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more
dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.

39
 rapid spread of the 'Chernobyl' virus via '.exe' files, known for its destructive nature
targeting not only files but also the computer chips of infected systems.15

In 1999, the 'Melissa' virus wreaked havoc by infecting approximately one million
computers. Concurrently, 'Bubble Boy' made its debut as the first worm not reliant on the
recipient opening an attachment for infection; it initiated its destructive actions as soon as
the email was opened. 'Tristate' emerged as the inaugural multi-program macro virus in
the same year, capable of infiltrating Word, Excel, and PowerPoint files. The turn of the
millennium witnessed the infamous 'Love Bug,' also dubbed the 'I LOVE YOU' virus,
proliferating through the Outlook program. This malicious entity, arriving as an
attachment, not only deleted various file types, including 'MP3,' 'MP2,' and 'JPG,' but also
transmitted usernames and passwords to the virus author. Additionally,
'W97M.Resume.A,' akin to the Melissa virus, infected Outlook and propagated itself.
Differing from its predecessors, 'Stages' concealed itself within an attachment
masquerading with a false '.txt' extension, deceiving recipients into opening it.
Furthermore, the year 2000 marked the onset of 'distributed denial-of-service' attacks,
resulting in the temporary outage of major websites like 'Yahoo,' 'eBay,' and 'Amazon' for
several hours.

Computer viruses are ubiquitous, akin to the common cold. Regardless of the
precautions taken, every computer, including those owned by prominent figures like Mr.
Bill Gates, the creator of Microsoft, is susceptible to encountering a computer virus
eventually. Similar to how dust and insects find their way into homes despite preventive
measures, computer viruses can infiltrate systems through corrupted CDs, floppies, or pen
drives, or via the Internet, where they propagate much like airborne viruses causing
common colds, viral fevers, or more severe ailments.

According to Section 43-(c) of the I.T. Act, 2000, individuals who introduce or
facilitate the introduction of any computer contaminant or computer virus into a
computer, computer system, or computer network without the owner's permission may
face a monetary liability of up to one crore rupees. A "computer virus" is defined as any
computer instruction, information, data, or program that causes destruction, damage,
degradation, or adverse effects on the performance of a computer resource, or attaches
itself to another computer resource and activates when a program,

15
http://www.infoplease.com/ipa/A0872842.html (Accessed on 17th April 2024)

40
 data, or instruction is executed or when certain events occur in that computer resource.
On the other hand, a "computer contaminant" refers to any set of computer instructions
designed to modify, destroy, record, or transmit data or programs within a computer,
computer system, or computer network, or disrupt the normal operation of the computer,
computer system, or computer network through any means.

Section 43 imposes strict liability on individuals who introduce any computer virus or
contaminant. This includes clause (c), which specifically addresses the violation of
introducing or causing the introduction of such contaminants or viruses into any
computer. Moreover, all infractions outlined in Section 43, including clause (c), have
been classified as criminal offenses.16 Thus, deliberately injecting or facilitating the
injection of a computer virus or contaminant into someone else's computer would be
deemed a criminal act, carrying a penalty of imprisonment for a maximum of two years.

7. Finance Related Cyber Crime

Price Waterhouse Coopers, a leading organization in economic crime surveys, defines

economic crime in the cyber world as offenses perpetrated using computers and the
internet. This encompasses activities such as disseminating viruses, unlawfully
downloading files, engaging in phishing and pharming, and illicitly obtaining personal
information like bank account details. It's considered a cybercrime only if computers and
the internet play a central role in the offense, rather than merely an incidental one.17

According to the findings of the Economic Crime in India survey within the Global
Economic Crime Survey 2011, internet usage in India has seen significant growth. Recent
data from the Telecom Regulatory Authority of India (TRAI) indicates a staggering 354
million internet subscribers. While this expansion in internet access offers various
opportunities for cyber citizens across entertainment and education sectors, it has also led
to an increase in cybercrime. This new generation of technologically adept fraudsters
presents a fresh set of challenges. Alarmingly, 24% of respondents who reported
economic crime had experienced cybercrime within the past year. This statistic
underscores the substantial risk posed by cybercrime to organizations. Against the
backdrop of recent cybercrime incidents involving multinational corporations and

16
Sec. 66 of the I.T. Act, 2000 as amended by the I.T. (Amendment) Act, 2008
17
As defined in the Global Economic Crime Survey 2011 by PwC in conjunction with our survey academic
partner, Professor Peter Sommer

41
 financial institutions, more organizations are falling victim to cyber-attacks. One potential
explanation for this surge in cybercrime could be attributed to the growing volume of e-
business, coupled with increased internet and e-commerce penetration.

When compared to traditional crimes, cybercrime has lower risks and more potential
benefits, which makes it an alluring proposition for offenders. For example, in an external
cybercrime, a fraudster remotely compromises a financial institution in order to steal
money or personal information. Compared to someone who physically steals assets from
an organization, the perpetrator faces less danger. With cybercrime, the fraudster operates
from a distance, reducing the likelihood of being apprehended. Law enforcement agencies
encounter challenges in prosecuting cybercriminals due to their disparate locations and
jurisdictions. Moreover, perpetrators can re-engage in criminal activities with relatively
little fear of detection, further complicating efforts to combat cybercrime.18

Financial cybercrime encompasses a range of offenses, including cheating, credit card

fraud, money laundering, forgery, and online investment fraud. These transgressions are
subject to punishment under both the Indian Penal Code (IPC) and the Information
Technology (IT) Act. A notable instance involved a major bank in India falling victim to
a fraud amounting to 1.39 crores, resulting from the manipulation of computer records
pertaining to debit and credit accounts. While numerous cases of computer-related fraud
have been successfully prosecuted under prevailing criminal legislation, addressing these
crimes has sometimes demanded amendments to accommodate the intricacies of new
technologies. Applying conventional criminal concepts to acts involving intangible
information has presented challenges, prompting revisions to existing definitions to
effectively combat cybercrimes.

8. Phishing and Vishing

Phishing, a form of social engineering in computing, involves fraudulent attempts to

obtain sensitive information like passwords and credit card details by posing as a
trustworthy entity in official electronic communications such as emails or instant
messages.19 The term "phishing" originates from the use of increasingly sophisticated
tactics to "fish" for users' financial information and passwords. Typically, phishing

18
Economic Crime in India: an ever-increasing phenomenon, Global Economic Crime Survey 2011, India, Price
Waterhouse Coopers, 2011. also available at https://www.pwc.in/assets/pdfs/publications-2011/economic-
crime-survey-2011-indiareport.pdf (Retrieved on 17th April, 2024 )
19
Lance James, “Phishing Exposed”, Elsevier 2005

42
 involves sending an email falsely claiming to be from reputable organizations, aiming to
deceive users into divulging private information for identity theft. The email typically
directs users to a website where they are prompted to update personal details such as
passwords, credit card numbers, social security numbers, and bank account information,
which the legitimate organization already possesses. However, the website is fraudulent
and designed solely to steal the user's information.

The aim of phishing is to deceive individuals into sharing sensitive information such
as credit card details, passwords, and bank account numbers under the guise of interacting
with a legitimate organization. However, unwittingly, they end up disclosing this
information to a fraudulent website or entity, resulting in financial theft.

Vishing operates similarly to phishing, leveraging social engineering techniques and

Voice over IP (VoIP) to extract personal and financial information from the public for
monetary gain. The term "vishing" combines "voice" and "phishing." Vishing exploits the
public's trust in traditional landline telephone services, which are typically associated
with known physical locations and bill-payers. Victims often remain unaware that VoIP
allows for caller ID spoofing, sophisticated automated systems, and anonymity for the bill
payer. Vishing is commonly employed to illicitly obtain credit card numbers and other
data used in identity theft schemes from unsuspecting individuals.20

21
In a significant ruling in India, in the case of Uma Shankar v. ICICI Bank, the
Adjudicator of Tamil Nadu awarded a payment of Rs 12.85 lakhs to a petitioner who
claimed fraudulent withdrawal from their ICICI Bank account. The bank argued that the
issue was due to customer negligence and thus fell outside the adjudicator's jurisdiction.
However, the Adjudicator determined that an offense was indeed committed under the
Information Technology Act (ITA) of 2000, squarely falling within the adjudicator's
purview. The honourable adjudicator agreed with the petitioner's assertion that the bank
had failed to exercise due diligence, making it liable under Section 85 of the Act to
compensate the petitioner.

The banks are being held accountable under the longstanding banking principle that
"Forgery cannot be held against the customer, however clever or undetectable the forgery

20
Dr. B. Muthukumaran, “Cyber Crime Scenario in India” Criminal Investigation Department Review-
January2008
21
Cyber appeal No. 1/2010
43
 is." Additionally, banks are accused of disregarding the laws outlined in the IT ACT of
2000 and the guidelines established by the Reserve Bank of India (RBI) by failing to
utilize digital signatures for authenticating internet transactions. This alleged negligence
places them under scrutiny according to Sections 79 and 85, making them liable for any
offenses linked to computers owned by the bank. Recently, Bank of India set a precedent
by accepting liability for a phishing incident in a case filed in Bengaluru and reimbursing
the victimized customer for the fraudulent amount, along with interest.

9. Data Diddling

Data diddling refers to the manipulation of data either before or during its entry into a
computer system. Essentially, it involves altering information from its intended input
state, whether by individuals entering data manually, viruses that tamper with data,
programmers of databases or applications, or any other party involved in the process of
storing information in a computer file. The perpetrator can be anyone participating in
various stages of data handling, such as creation, recording, encoding, examination,
verification, conversion, or transmission. This method represents one of the simplest ways
to perpetrate a computer-related crime, as it often requires minimal computer skills.
However, despite its simplicity, the consequences of data diddling can be significant in
terms of costs and potential damage.22

Electricity companies in India often fall victim to this type of crime, as illustrated by
the NDMC Electricity Billing Fraud Case in 1996. In this case, the computer network
managed the receipt and accounting of electricity bills for the NDMC in Delhi. The
responsibility for collecting money, computerized accounting, record maintenance, and
bank remittances was entrusted solely to a private contractor who was a computer
professional. Exploiting his access, the contractor misappropriated a significant amount of
funds by manipulating data files to indicate lower receipts and bank remittances than
what actually occurred.23

10. E-mail Bombing

In internet usage, an email bomb constitutes a type of net abuse where vast quantities of
emails are sent to an address with the intent of flooding the mailbox or overpowering the

22
Full Guide on Cyber Crimes in India, INDIA FORENSIC, Available at
https://indiaforensic.com/compcrime1.html (Accessed on 17th April 2024)
23
Supra Note 45

44
server. Mail bombing refers to the action of deploying an email bomb, a term that shares its
name with the act of sending actual exploding devices. Sometimes, mail bombing is executed
by supplying the victim's email address to numerous spammers. In the Russian internet
community, the term "mail bomb" takes on another meaning, where it denotes a form of
denial-of-service attack aimed at disrupting a computer system.24

E-mail bombing entails sending an extensive volume of emails to the victim, resulting in
the victim's individual email account (in the case of an individual) or mail servers (in the case
of a company or email service provider) crashing. An example of this occurred when a
foreigner, who had resided in Shimla, India for nearly thirty years, sought to participate in a
scheme introduced by the Shimla Housing Board to purchase land at reduced rates. Upon his
application being rejected due to the scheme being exclusively available to Indian citizens, he
sought revenge. Subsequently, he inundated the Shimla Housing Board with thousands of
emails, persistently sending them until their servers crashed. E-mail bombing is characterized
by abusers repeatedly sending emails to a specific address at a particular victim site. Often,
these emails are large and composed of meaningless data, designed to consume additional
system and network resources. Additionally, multiple accounts at the target site may be
abused, exacerbating the impact of the denial of service.25

E-mail spamming represents a variation of bombing, involving the dissemination of

emails to hundreds or thousands of users. The impact of e-mail spamming can be amplified if
recipients respond to the email, leading all original addresses to receive the reply as well.
Additionally, e-mail spamming may occur inadvertently, such as when sending a message to
mailing lists without realizing that the list expands to include thousands of users.

11. Salami Attacks:

A salami attack refers to a series of minor data-security breaches that, when combined, result
in a larger attack. For instance, in a banking fraud scenario, where an employee embezzles a
small sum of money from numerous accounts, it can be categorized as a salami attack. 26
Crimes involving salami attacks are typically challenging to detect and trace, and they are
commonly employed for financial crimes. The key strategy in these attacks is to make
alterations so inconsequential that they go unnoticed in individual instances. For example, a

24
Atul Jain (ed.), Cyber Crime: Issues Threats and Management, Isha Books, 2005.
25
ibid
26
Rohas Nagpal: Cyber Crime and Corporate Liability, first print 2008, published by Walters Kluwer (India)
pvt. Ltd. New Delhi, p-180.

45
bank employee might implant a program into the bank's servers that deducts a small amount
of money (such as Rs. 5) each month from every customer's account. Individually, these
unauthorized debits may go unnoticed by account holders, but collectively, the bank
employee stands to significantly profit every month.27

The term "salami attack" is derived from two possible interpretations. Some security
specialists suggest that it refers to slicing the data thinly, akin to slicing salami into thin
pieces. Others argue that it signifies building up a significant object or amount from tiny
scraps, resembling the process of constructing a salami from small slices or pieces.28

2.4 NEED FORREGULATION OF CYBERSPACE

A compelling starting point for an illuminated argument on the criminalization of

activities in cyberspace revolves around the regulation of these activities and the
associated questions regarding their desirability, necessity, and feasibility. The rhetoric of
cyber libertarians, who advocate for self-regulation of the internet, challenges the
perceived need for any form of regulation, such as territorial boundaries, real
relationships, and notions of property. They firmly assert that cyberspace can be regulated
through the establishment of institutions and mechanisms for governing conduct within
cyberspace. This regulation, they argue, can be achieved through the formulation of
community-based rules that are created, decreed, and enforced by its participants, without
requiring state intervention.

On the other hand, proponents of government regulation emphasize the inadequacy of a

purely self-regulatory system in addressing instances of serious criminal activity. They
argue that self-regulation may be insufficient to effectively combat grievous criminality
in cyberspace. These advocates advocate for government intervention and regulation to
provide a more robust framework for addressing cybercrime and protecting the interests
of individuals and organizations operating in the digital realm.

27
Aderucci, Scott. Salami Fraud http://www.allnet/CID/attack/papers/Salami.html
28
Supra Note 49 at p-175.

46
 Examining the arguments presented by both sides offers an academic forum to
explore the criminalization of activities in cyberspace and to delve into the specifics of
offenses introduced by the amendment.29

The core principle of the self-regulation theory asserts that the absence of government
involvement in regulatory mechanisms does not lead to cyberanarchy. It argues against
applying geographically based legal regulations to activities in cyberspace, suggesting
that cyberspace participants are better equipped than the government to devise a
comprehensive set of rules that are cost-effective and practical to enforce. This idealistic
viewpoint is often supported by moral considerations expressed by participants of
cyberspace who vehemently oppose being regulated by government mandates. They
assert the independence of the space they have created from government control.30

2.5 NEED FOR CRIMINALISATION OF OFFENCES IN

CYBESPACE

To emphasize the limitations of self-regulation or the contentions presented by

opposing viewpoints on this issue would be to advocate for governmental intervention to
criminalize cyber offenses. This stance finds support among numerous scholars who
highlight the seriousness of online crimes such as pedophilia, cyber fraud, data theft,
impersonation, and cyber terrorism. Traditional self-regulation typically involves
expulsion from online communities, which may seem lenient compared to state-imposed
criminal sanctions aimed at deterring destructive behaviors in cyberspace. With the
internet deeply integrated into mainstream society and serving as a primary platform for
electronic commerce, the need for governmental regulation is undeniable. One persuasive
argument for criminalizing online misconduct is its departure from conventional territorial
crime norms.

The ease of learning how to commit cybercrimes, their relatively low resource
requirements compared to the potential harm they can inflict, the ability to
perpetrate.

29
Amlan Mohanty: New Crimes under the Information Technology (Amendment) Act, the Indian journal of
Law and Technology, volume 7, 2011.
30
John Perry Barlow, A Declaration of the Independence of Cyberspace, ELECTRONIC FRONTIER FOUNDATION

47
them from jurisdictions where one is not physically present, and the ambiguity surrounding their
31
legality underscore the importance, indeed the necessity, of criminalizing such behavior.
Therefore, the unavoidable conclusion is that some level of state intervention is imperative to
regulate cyberspace.32

2.6 OFFENCES THAT NEED TO BE CRIMINALIZED

Analyzing the novel offences introduced by the IT (Amendment) Act in comparison to

cyber conduct earmarked for criminalization by global statutes and conventions would
assist in evaluating the suitability and stringency of the new provisions within the Indian
context. Principally, domestic legislation should aim to penalize four main categories of
conduct:

1. Offenses against the confidentiality, integrity, and availability of computer data and
systems.

2. Computer-related offenses intended to defraud.

3. Offenses related to objectionable content.

4. Offenses related to copyright and related rights infringement.

Understanding why these particular forms of conduct are criminalised in different

jurisdictions is essential to developing a jurisprudential understanding of cybercrimes and
critically assessing the nature of offences imposed by the amendment and their
effectiveness. Additionally, it is essential to grasp the spectrum of unlawful conduct
involving computers.33

In situations involving the first, second, and fourth categories of behavior, private
individuals might not have the resources to identify and address offenders, thereby
requiring governmental intervention and the implementation of criminal consequences. It
is essential to criminalize actions falling under the third classification, as they constitute
offenses that significantly disturb societal values and jeopardize public morality.

31
MACCONELL INTERNATIONAL, CYBER CRIME... AND PUNISHMENT? ARCHAIC LAWS
THREATEN GLOBAL INFORMATION, (World Information Technology and Services Alliance, 2000),
http://www.witsa.org/papers/McConnell-cybercrime.pdf (last visited December 1, 2009)
32
David S. Wall, Cybercrimes: New Wine, No Bottles? in INVISIBLE CRIMES: THEIR VICTIMS AND
THEIR REGULATION ( Pam Davies, Peter Francis &Victor Jupp eds.,1999).
33
European Convention on Cybercrime, Guidelines for member states, 2001,
http://conventions.coe.int/Treaty/EN/Treaties/Html/185.htmL

48
2.7 CONCLUSION

Cybercrime operates with remarkable efficiency, capable of causing immediate impact

within mere seconds or minutes, whether through website hacking or fraudulent activities.
It transcends geographical limitations, boundaries, and distances, allowing cyber
criminals to execute nefarious activities from remote locations with ease. For instance, a
cybercriminal based on the moon could hack computers in Delhi or perpetrate cyber
fraud by transferring funds from a bank in New York to their account in Sydney.

The potential harm inflicted by cybercrime is of unimaginable magnitude. It can swiftly

dismantle websites constructed with substantial investments or breach highly sensitive
areas like a country's defense system. The economic repercussions of cybercrime can be
severe, capable of instigating financial upheavals. Consequently, cybercrime is an
attractive endeavor due to its profitability.

The accessibility of tools to commit cybercrimes further exacerbates the situation, with
such weapons readily available on CDs and the internet. Operating within cyberspace
renders cyber criminals nearly invisible, making their detection and apprehension
challenging.

The elusive nature of cyber criminals contributes to a remarkably low degree of risk
associated with cybercriminal activities compared to traditional crimes like murder, rape,
and kidnapping. This disparity underscores the unique challenges posed by cybercrime in
terms of enforcement and prevention.

49
****

50
 CHAPTER III
LEGISLATIVVE PROVISION AND LEGAL
FRAMEWORK REGARDING CYBERCRIME
IN INDIA

50
 CHAPTER III
LEGISLATIVVE PROVISION AND LEGAL FRAMEWORK
REGARDING CYBERCRIME IN INDIA
The United Nations Commission on International Trade Law (UNCITRAL) was established
1
in December 1996 by a resolution of the General Assembly of the United Nations to
streamline, harmonize, and unify international trade law. Recognizing shortcomings and
impediments affecting trade, UNCITRAL developed a draft "Model Law" to address these
issues. After extensive debate and examination of proposals, the Model Law was finalized
and adopted at UNCITRAL's 605th meeting on June 12, 19962. Subsequently, the General
Assembly passed a resolution3 based on the report of the 6th committee4, leading to the
creation of the Model Law on electronic commerce. This Model Law aimed to facilitate
electronic commerce in a manner acceptable to states with diverse legal, social, and economic
systems, promoting smooth international economic relations.

India promptly aligned itself with this initiative, and in October 20005, the Indian Parliament
enacted the Information Technology Act, 2000, modelled after UNCITRAL's Model Law on
6
electronic commerce. This legislative action demonstrated the Indian government's
commitment to establishing India as an IT superpower by 2008. Importantly, the Information
Technology Act, 2000, incorporated the principles of the UNCITRAL Model Law and also
amended several existing laws, including the Indian Penal Code 1860, the Indian Evidence
Act 1872, the Banker's Books Evidence Act 1891, and the Reserve Bank of India Act 1934.
The Act facilitated international trade and provided alternatives to paper-based methods of
communication and information storage, aligning with UNCITRAL's Model Law on

1
The UN General Assembly by its resolution 2205 (XXI) of 17 December, 1966 created United Nations
Commission on International Trade Law (UNCITRAL) with a mandate to further the progressive harmonization
and unification of the law of international trade and in that respect to bear in mind the interests of all people, in
particular those of developing countries, in the extensive development of international trade by adopting
different Model Laws
2
The history of the UNCITRAL Model Law on Electronic Commerce has been liberally taken from the history
and background of the Model Law, available at: http://www.uncitral.org/pdf/english/texts/general/12-57491-
Guide-to-UNCITRAL-e.pdf
3
The history of the UNCITRAL Model Law on Electronic Commerce has been liberally taken from the history
and background of the Model Law, available at: http://www.uncitral.org/pdf/english/texts/general/12-57491-
Guide-to-UNCITRAL-e.pdf
4
Report of the Sixth Committee (A/51/628) 16 December 1996
5
(See Ministry of Information Technology, Government of India, available at: http://www.deity.gov.in) was
formed in 1999 burdened with the enormous duty of making India an IT superpower by 2008.
6
Passed by the Parliament on May 2000 and received the assent of the President on 9th June, 2000, published
in the Gazette of India, Extraordinary, Pt. II, Sec. 1, dated 9th June, 2000

51
electronic commerce. Furthermore, the Act aimed to meet both international obligations and
national and municipal requirements in the field of Information Technology.

The legislative intent behind the enactment of the Information Technology Act, 2000, was
twofold: to address national and municipal perspectives on information technology while also
7
adopting an international perspective in line with the UNCITRAL Model Law. This
approach ensured that the Act promoted efficient delivery of government services through
reliable electronic records while remaining compatible with international standards and
obligations.

3.1 APPLICATION AND OBJECTIVE OF INFORMATION

TECHNOLOGY ACT 2000
The 'Statement of Objects and Reasons' of the IT ACT, 2000 encapsulates the primary
objectives and rationale behind its enactment. It serves as a comprehensive source to
elucidate the purpose and motivations underlying the legislation-

The advent of new communication systems and digital technology has brought about
significant transformations in our way of life. A revolution is underway in the realm of
business transactions, with businesses and consumers increasingly relying on computers
to create, transmit, and store information electronically, rather than through traditional
paper documents. Electronic information storage offers numerous advantages—it is cost-
effective, easier to manage, retrieve, and allows for quicker communication.

Despite the awareness of these benefits, there exists reluctance among individuals to
engage in electronic transactions due to the absence of a suitable legal framework. The
primary obstacles hindering the facilitation of electronic commerce and governance are
the requirements concerning writing and signature for legal recognition. Current legal
provisions often presume the existence of paper-based records and documents, as well as
signatures. The traditional Law of Evidence is rooted in paper-based records and oral
testimony, which poses challenges for adapting to the electronic commerce landscape.

As electronic commerce obviates the necessity for paper-based transactions, there is an

urgent need for legal reforms to facilitate e-commerce effectively. International trade via

7
Madanmohan Rao, India’s IT ACT, 2000 follows the UNCITRAL’s Model Law on ECommerce, available at:
http://www.isoc.org/oti/articles/0200/rao.html.

52
 e-commerce has experienced rapid growth in recent years, prompting many countries to
transition from traditional paper-based commerce to electronic commerce.8

The primary objective of the Act appears to be twofold: to enhance governance and
facilitate commerce by establishing infrastructural support for the creation, promotion,
and utilization of digital signatures, as well as to enable the use of electronic records.
Furthermore, the Act seeks to transition from a paper-based system to an electronic
system, where communication and data storage occur predominantly through electronic
media rather than on paper.9

To achieve these aims, the Act establishes a statutory mechanism for the creation and
utilization of digital signatures within the country. This entails the establishment of an
institution responsible for issuing Digital Signature Certificates and verifying them for
use in e-commerce and e-governance initiatives.10 Additionally, the Act recognizes the
importance of electronic records in facilitating e-governance and accordingly provides
provisions for their use.

In addressing concerns related to cybercrimes, the Act also includes provisions for the
punishment of certain computer-related offenses, aiming to counteract illegal activities in
cyberspace. Moreover, the Act facilitates electronic fund transfers, further streamlining
and modernizing financial transactions in the digital age.

3.2 SCOPE OF THE ACT

The Act was enacted on October 17, 2000, and it applies throughout India, including the
State of Jammu and Kashmir. Additionally, it extends its jurisdiction to cover offenses or
contraventions committed outside India by individuals of any nationality, provided that
the act or contravention involves a computer, computer system, or computer network

8
Devashish Bharuka, “Purview of the Information Technology ACT, 2000
9
Ibid, the Statement of Objects and Reasons of the IT ACT, 2000 says, “There is a need for bringing in suitable
amendments in the existing laws in our country to facilitate e-commerce. It is, therefore, proposed to provide for
legal recognition of electronic records and digital signatures. This will enable the conclusion of contracts and the
creation of rights and obligations through the electronic medium. It is also proposed to provide for a regulatory
regime to supervise the Certifying Authorities issuing Digital Signature Certificates, To prevent the possible
misuse arising out of transactions and other dealings concluded over the electronic medium, it is also proposed
to create civil and criminal liabilities for contravention of the provisions of the proposed legislation.” It further
says, “With a view to facilitate Electronic Governance, it is proposed to provide for the use and acceptance of
electronic records and digital signatures in the government offices and its agencies. This will make the citizens
interaction with the governmental offices hassle free.
10
E-governance in India, Express Computers, 31st Jan 2005.

53
 located within India.11 This provision for extraterritorial jurisdiction is common and is
also present in the IT-specific legislation of other jurisdictions.12 Its inclusion is
necessitated by the borderless nature of the Internet. However, the effectiveness of these
provisions relies on mutual cooperation among enforcement authorities and
governments.13

The IT ACT incorporates provisions for the legal recognition of electronic records and
the authentication and retention of digital signatures. It grants legal recognition to
records, files, or documents retained in electronic form. Additionally, public institutions
and government departments are authorized to issue electronic licenses and permits,
thereby facilitating electronic governance.

The Act establishes a legal framework for the establishment of a public key
infrastructure, addressing the appointment, powers, and functions of the Controller of
Certifying Authorities, as well as outlining the duties of subscribers. It also imposes
penalties for offenses such as tampering with computer source documents, hacking, and
the publication of obscene information.

Furthermore, the Act provides for the establishment of special tribunals, namely the
Cyber Regulation Appellate Tribunal, to adjudicate matters related to cyber regulations
and offenses. These provisions collectively aim to regulate and govern electronic
transactions and activities in the digital realm.

One notable aspect of the Act is that courts, when interpreting it, must consider that
while the focus is on paperless communication, the Act is not intended to alter
fundamental doctrines and requirements of paper-based communication unless expressly
provided for within the Act. The model law represents a compromise between paper-
based documentation and electronic communication, allowing states to adapt their
domestic legislations to advancements in communication technology applicable to trade
law without necessitating the wholesale removal of paper-based requirements or
disturbing the legal concepts underlying those requirements.

11
See Sections 1(2) and 75 of the IT ACT, 2000.
12
See Section 4 of the British Computer Misuse Act, 1997 and Section 9 of the Malaysian Computer Crimes
Act, 1997 and Section 8 of the Singapore Computer Misuse (Amendment) Act, 1998
13
See, Indira Carr; India Joins the Cyber-race: Information Technology Act, 2000 (2000) Int. T.L.R. 122 at p.
123.

54
 Furthermore, the model law mandates states to exclude any transaction from the Act if
deemed necessary. For instance, certain special contracts or instruments, such as bills of
lading, have become firmly established in mercantile customs, and their manifestation in
paper form has become integral to their character. Therefore, the Act acknowledges the
importance of preserving traditional paper-based requirements in certain contexts while
facilitating the transition to electronic communication in others14.

3.3 OVERVIEW OF IT ACT, 2000

The Information Technology Act of 2000 was put into effect to provide legal
acknowledgment to transactions carried out via electronic data interchange and other
electronic communication forms, commonly referred to as "electronic commerce." This
encompasses the use of electronic methods for communication and storing information,
thereby enabling the electronic submission of documents to government bodies.
Furthermore, the Act aims to set up a legal structure to confer legal authenticity to all
electronic records and activities conducted through electronic mediums. According to the
Act, unless explicitly stated otherwise, acceptance of a contract may be conveyed
through electronic communication, which shall be legally valid and enforceable.15

Furthermore, the IT ACT, 2000 also endeavors to establish the legal infrastructure
necessary for e-commerce in India. Cyber laws have a significant impact on e-businesses
and the emerging digital economy in the country. Thus, it is crucial to comprehend the
various perspectives of the IT ACT, 2000 and the provisions it offers. By updating
outdated laws and introducing measures to combat cybercrimes, the Act aims to provide
a conducive environment for online transactions. Such laws are essential to instill
confidence among users to engage in purchase transactions over the internet using credit
cards without fear of misuse. The Act provides the essential legal framework to ensure
that information conveyed through electronic records is not denied legal effect, validity,
or enforceability solely because of its electronic format.16

Given the surge in transactions and communications conducted through electronic

records, the Act aims to empower government departments to accept the filing, creation,
and retention of official documents in digital format. Additionally, the Act introduces a

14
Supra Note 58
15
ibid
16
See Chapter III of the I. T. Act, 2000

55
 legal framework for the authentication and origin of electronic records/communications
through digital signatures.17

From the perspective of e-commerce in India, the IT ACT 2000 and its provisions
offer several benefits. Firstly, these provisions enable e-businesses to utilize email as a
valid and legal form of communication, admissible in court. Companies can now engage
in electronic commerce using the legal framework established by the Act. Moreover,
digital signatures are granted legal validity and endorsement under the Act. This paves
the way for corporate entities to venture into the business of issuing Digital Signature
Certificates as Certifying Authorities. Furthermore, the Act permits the government to
issue notifications online, marking a significant step towards e-governance.18

The ACT empowers companies to submit various forms, applications, or documents

electronically to any office, authority, body, or agency owned or controlled by the
appropriate Government, utilizing the electronic format prescribed by the relevant
Government. Additionally, the IT ACT addresses crucial security concerns essential for
the effectiveness of electronic transactions. It provides a legal definition for secure digital
signatures, specifying that they must undergo a prescribed security procedure established
by the Government at a later stage.

Under the IT ACT, 2000, corporations now have legal recourse if their computer
systems or networks are breached, resulting in damages or data theft. This remedy takes
the form of monetary compensation, capped at Rs. 1 crore19.

The Information Technology Act, 2000 underwent significant amendments through

the Information Technology (Amendment) Act, 2008, which introduced several new
cybercrimes into the legislation. Following these amendments, the IT ACT, 2000
encompasses a wide array of offenses, making it comparable to the Indian Penal Code,
1860. Thus, the IT ACT, 2000 can be regarded as a quasi-penal statute, emphasizing its
punitive nature.20

17
2 See Chapter II, III, IV, V, VII of the I. T. Act, 2000
18
ibid
19
See Section 43 of the IT ACT, 2000
20
Information Technology Amendment Act, 2008 (ITAA, 2008) (Act no. 10 of 2009)

56
 Given the profound impact of penal statutes on personal liberties, it becomes crucial
to subject the various offenses defined by the law to critical scrutiny. They must be
assessed for their reasonableness, necessity, and societal and individual implications.

3.4 SALIENT FEATURES OF IT ACT, 2000

 Key features of the Act include:

 Enabling government departments to accept, create, and retain official documents in
digital format, alongside establishing a legal framework for the authentication and
origin of electronic records/communications through digital signatures.
 Granting legal recognition to email as a valid form of communication in India,
allowing it to be used as evidence in court proceedings.
 Addressing digital signatures and records, acknowledging their legal validity and
suitability as evidence in legal proceedings, while also facilitating e-governance
through online government notifications.
 Mandating companies to file documents as per prescribed guidelines at government-
owned or controlled offices, authorities, bodies, or agencies.
 Providing statutory remedies for corporations in cases involving crimes like
unauthorized access to their computer systems, network breaches, or data tampering.
 Establishing territorial jurisdiction for Adjudicating Officers for cybercrimes and the
Cyber Regulation Appellate Tribunal.
 Setting guidelines for providing internet services under license on a non-exclusive
basis.
 Signifying a significant step in India's information technology legislation, aligning it
with other countries like the US, Singapore, France, Malaysia, and Japan, thereby
becoming the 12th country globally to enact such laws..

57
 3.5 SECURITY PROCEDURE21
The security procedure relates to safeguarding electronic records and signatures.
Section 14 stipulates that once a security procedure is applied to an electronic record,
it will be deemed secure from that point until verification. Section 15 emphasizes the
requirement of implementing a security procedure for electronic signatures to be
considered secure. Section 16 grants the Central Government the authority to
establish security procedures for secure electronic records and signatures.

3.6 AUTHORITIES UNDER IT ACT, 2000

22
The IT ACT, 2000 aims to bolster electronic transactions and ensure the security of
electronic signatures by establishing a robust legal framework. This framework is designed to
foster trust in online interactions, primarily through the establishment of a public key
infrastructure (PKI) characterized by a hierarchy of authorities.

Certifying Authorities23 (CAs) play a pivotal role in the PKI24, serving as the linchpin
that connects subscribers to the controlling authority. Originally conceived as Trusted Third
Parties (TTPs), CAs are primarily responsible for managing cryptographic keys, verifying the
identities of transaction parties, and providing authenticity to electronic signatures. Electronic
certificates, signed with the CA's private key, serve as reliable endorsements of electronic
messages and public keys.25

 A Certifying Authority assumes several key responsibilities, including:

 Thoroughly identifying individuals applying for key certificates.
 Validating the legal status of applicants.
 Confirming the association of a public signature key with a verified individual
through a signature key certificate.
 Ensuring continuous online access to signature key certificates with the owner's
consent.

21
Section 13, sub-section 5 of the Information Technology Act, 2000.
22
Chapter VI of the Information Technology Act, 2000.
23
Section 2(g) of the IT ACT, 2000: ―Certifying Authority‖ means a person who has been granted a license to
issue an Electronic Signature Certificate under section 24 of the IT ACT.
24
PKI stands for Public Key Infrastructure
25
Nandan Kamath, ―Understanding Digital Signature‖ in Law Relating to Computers, Internet & ECommerce,
Chap 4 (2nd Edn. Universal Law Publishing, 2005) 125.

58
  Implementing measures to safeguard the confidentiality of private signature keys.

Therefore, to ensure that a public key corresponds to a real individual, one must rely on an
identity certificate issued by a trusted Certification Authority (CA). The IT ACT has
integrated Certifying Authorities into the PKI and has placed them under the supervision of
Controlling Authorities. Given the pivotal role of Certifying Authorities in the PKI, it is
essential to establish their position as reliable entities. To achieve this, Certifying Authorities
must possess the following attributes:

 Independence and freedom from unnecessary restrictions.

 Robust internal security measures.
 Maintenance of viability and stability over time to meet evidentiary needs.
 Implementation of contingency plans.
 Expertise and proficiency in encryption and decryption technology.
 Protection of their own private key.
 Establishment of effective revocation procedures.
 Insurance coverage.
 Collaboration with foreign certification authorities.
 Rigorous personnel selection and dependable management practices.

Hence, it is evident that the IT ACT has comprehensively equipped Certifying Authorities to
fulfil their responsibilities effectively.26

3.7 CONTROLLING AUTHORITIES AND THEIR APPOINTMENT

Section 17 of the IT ACT grants authority to the Central Government to appoint a Controller
of Certifying Authorities along with Deputy Controllers, Assistant Controllers, and other
personnel as deemed necessary.27 Such appointments are to be formally announced in the
Official Gazette. Positioned at the apex of the PKI hierarchy, the Controller operates under
the overall supervision and directives of the Central Government concerning functions
outlined in the IT ACT. Likewise, Deputy Controllers, Assistant Controllers, and other staff
fall under the Controller's general oversight and management.28

26
Talat Fatima: Cybercrimes, Eastern Book Company, Ist Edn. 2011, p-472
27
S. 17 amended by the IT (Amendment) Act, 2008 (10 of 2009) by which the words ―other officers and
employees‖ has been inserted.
28
Section 17(1)(2)) of the Information Technology Act, 2000

59
The qualifications, experience requirements, and terms of service for the Controller, Deputy
Controllers, and Assistant Controllers are to be determined by regulations prescribed by the
Central Government. The main office of the Controller is to be established at a location
specified by the Central Government, and branch offices, if any, will be designated through
notification by the Central Government. Additionally, the office of the Controller is mandated
to possess an official seal.29

3.8 FUNCTIONS AND POWERS OF CONTROLLER

The Controller holds the authority to empower Certifying Authorities by granting them
licenses to issue Electronic Signature Certificates. They maintain supervisory control over the
activities of these Authorities. The IT ACT outlines various functions of the Controller as
follows:

The Controller's functions, outlined in the IT ACT, include:30

 Supervising Certifying Authorities' activities.

 Certifying public keys of Certifying Authorities.

 Establishing standards for Certifying Authorities.

 Prescribing qualifications and experiences for Certifying Authorities' employees.

 Specifying conditions for Certifying Authorities' business conduct.

 Defining the content of advertisements for Electronic Signature Certificates.

 Specifying the form and content of Electronic Signature Certificates.31

 Prescribing the form and manner of maintaining accounts by Certifying Authorities.

 Specifying terms and conditions for auditor appointments and remuneration

 The Controller facilitates the establishment of electronic systems by Certifying

Authorities and regulates such systems.

29
Section 17(3)(4)(5) of the Information Technology Act, 2000.
30
Section 18 of the Information Technology Act, 2000
31
Cl. (f) of S. 18 has been amended by the IT (Amendment) Act, 2008 and the word ―digital‖ has been
replaced by the term ―electronic‖

60
  • He outlines the procedures for Certifying Authorities to interact with subscribers.
 • The Controller intervenes to resolve conflicts of interest between Certifying
Authorities and subscribers.
 • The Controller defines the responsibilities of Certifying Authorities.
 • He oversees a publicly accessible database containing disclosure records for every
Certifying Authority.

The Controller's functions primarily relate to Certifying Authorities. It's worth noting that
the Controller's role as the repository of all Digital Signature Certificates, as per Section 20 of
the unamended Act, has been omitted by the IT (Amendment) Act, 2008.32

The Controller of Certifying Authorities serves as the principal administrator and oversees
the activities of Certifying Authorities. In addition to various functions, the Controller has
extensive powers to ensure compliance and efficient operations under the IT ACT.

 Power to recognize foreign Certifying Authorities.

 Authority to issue licenses for Electronic Signature Certificates.

 Ability to renew licenses.

 Authority to grant or deny licenses.

 Ability to suspend or revoke licenses.

 Authority to publish notices of suspension or revocation of licenses.

 Ability to delegate tasks.

 Authority to investigate contraventions, including powers such as:

 Discovery and production of evidence.

 Search and seizure.

 Requisition of books of account.

32
By virtue of S. 13 of the IT (Amendment) Act, 2008, S. 20 of the principal Act shall be omitted.

61
  Request for information.

 Conducting surveys.

 Control over certain information.

 Inspection of company registers.

 Ability to access computers and data.

 Power to issue directions.

 Authority to decrypt information.

In order to accomplish the goals of the IT Act, the Controller also has the authority to create
regulations that are compliant with the Act's guidelines. Furthermore, for each Certifying
Authority, Cross Certifying Authority, and Foreign Certifying Authority, the Controller keeps
a database of disclosure records.

3.9 CYBER APPELLATE TRIBUNAL

The IT ACT establishes a judicial body known as the Cyber Appellate Tribunal (CAT) to
handle matters arising within the Act. This tribunal serves as both a fact-finding and appellate
authority. 33 The Cyber Regulation Appellate Tribunal (CAT) is exclusively responsible for
adjudicating violations of the IT ACT and prosecuting cybercrimes. Operating akin to a court,
the CAT holds similar powers to a civil court under the Civil Procedure Code, 1908,
including the ability to recall records, examine witnesses, and issue summons and warrants.
Appeals from the CAT are routed to the appropriate High Court, positioning the tribunal
between the adjudicating officer and the High Court. As cyber cases, whether civil or
criminal, present relatively novel legal challenges, the CAT assumes a pivotal role in
navigating these complexities.

 Given the global nature of cybercrimes, the Cyber Appellate Tribunal (CAT)
addresses jurisdictional issues that arise due to their trans-border nature.

 With cybercrimes often involving multiple national laws, the CAT also considers
matters of private international law when adjudicating cases.

33
Talat Fatima: Cybercrimes, Eastern Book Company, Ist Edn. 2011, p-474

62
  The CAT is specifically tasked with handling cyber transactions, encompassing online
commerce, IT ACT violations, and cybercrimes, necessitating interpretation and
development of cyber laws, intellectual property laws, and traditional penal laws.

 Balancing the interests of the government and internet users, the CAT aims to prevent
cyber contraventions, combat cyber fraud, crimes, and even terrorism, thereby
contributing significantly to a more accessible and technology-driven adjudication
process.34

A. POWERS OF CYBER APPELLATE TRIBUNAL (CAT)

The Cyber Appellate Tribunal (CAT) is endowed with extensive powers akin to those
vested in a civil court under the Civil Procedure Code, 1908, which include:35.

 Summoning and examining any individual under oath.

 Requiring the discovery and production of documents or electronic records.

 Accepting evidence provided in affidavit form.

 Issuing commissions for the examination of witnesses or documents.

 Reviewing its own decisions.

 Dismissing an application for default or deciding it ex-parte.

 Addressing any other matters as may be prescribed.

This empowers the CAT to effectively address issues arising from electronic activities
online and contraventions of the IT ACT itself.

B. CONSTITUTION OF CAT

The Central Government, through notification, will establish one or more appellate tribunals,
known as the Cyber Appellate Tribunal. These notifications will specify the matters and
locations over which the Tribunal can exercise its jurisdiction.36

34
K.G. Balakrishnan, Hon‘ble Chief Justice of India while inaugurating a Cyber Tribunal in Delhi on 27-7-2009.
35
Section 58(2) of the Information Technology Act, 2000
36
Section 48 of the Information Technology Act, 2000.

63
 C. COMPOSITION OF CAT

The Cyber Appellate Tribunal (CAT) will be composed of a chairperson and a specified
number of other members, as appointed by the Central Government through notification
in the Official Gazette. The selection of both the chairperson and members will involve
consultation with the Chief Justice of India.37

Here's the breakdown of the composition of the CAT as established under the amendment
Act:

 Chairperson: The chairperson, appointed by the Central Government in consultation

with the Chief Justice of India, must possess qualifications equivalent to that of a
High Court Judge. However, the existing Presiding Officer appointed under the IT
ACT will continue to serve as the chairperson of the current CAT. The Central
Government will consult the Chief Justice of India in the selection process.

 Other Members: The Central Government will specify the number of additional
members of the Tribunal. These members will be drawn from the following
categories:38.

 Technical Members: Individuals with specialized knowledge and professional

experience in information technology, telecommunications, management, or
consumer affairs. They will be appointed by the Central Government.39

 Ordinary Members: Individuals serving in the Central or State Government who

have held the position of Additional Secretary for at least one year, or the position of
Joint Secretary to the Government of India, or an equivalent post in the Central or
State Government for at least seven years.40

 Judicial Members: These members will be appointed by the Central Government

from among individuals who are or have been members of the Indian Legal Service.
They must have held the position of Additional Secretary for at least one year and a
Grade I post in that capacity for a period of at least five years.41

37
Section 49 of the Information Technology Act, 2000.
38
Section 50(1) of the Information Technology Act, 2000.
39
Section 50(2) of the Information Technology Act, 2000.
40
ibid
41
S. 50(3) of the Information Technology Act, 2000.

64
  Oath: Before assuming office, the chairperson and all members will take an oath of
office and secrecy, as prescribed in Form I and II, respectively, under Rule 12 of the
CAT (Salary, Allowances and Other Terms and Conditions of Service of Chairperson
and Members) Rules, 2009.42

 Support Staff: The Central Government will appoint officers and employees as
necessary to assist the chairperson. The salaries, allowances, and other terms and
conditions of service for this staff will be determined by the Central Government.43

3.10 AMENDMENTS TO CERTAIN STATUTES

The Information Technology Act, 2000, aims to enhance the acceptance and utilization of
electronic documents, evidence, and fund transfers. To achieve this, it has brought about
amendments to several key legislations, including the Indian Penal Code, 1860,44 the Indian
Evidence Act, 1872,45 the Bankers‘ Books Evidence Act, 189146, and the Reserve Bank of
India Act, 1934,47 through the First, Second, Third, and Fourth Schedules respectively. These
amendments have established and legalized electronic records and documents.

The Act facilitates the use of electronic records within government departments and agencies,
thereby promoting electronic governance. Moreover, it includes provisions aimed at
facilitating electronic contracts, covering aspects such as attribution, acknowledgment, and
dispatch of electronic records.48

A. INDIAN PENAL CODE, 1860

It's noteworthy that the Information Technology Act, 2000 introduced amendments to several
provisions of the Indian Penal Code, 1860. This was facilitated by section 91 of the
Information Technology Act, 2000, which brought about changes in the Indian Penal Code,
primarily focusing on offenses relating to documents. The objective was to include.

42
Rules made by the Central Government in exercise of power under S. 87 read with S. 52 of the IT ACT and in
supersession of Cyber Regulations Appellate Tribunal (Salary, Allowances & Other Terms and Condition of
Service of Presiding Officer and Members) Rules, 2003 vide G.S.R. 778(E), Notification, New Delhi, 27-10-
2009, Ministry of Communications & Information Technology (Department of Information Technology)
43
Section 56 of the Information Technology Act, 2000.
44
S. 91 of the Information Technology Act, 2000
45
S. 92 of the Information Technology Act, 2000.
46
S. 93 of the Information Technology Act, 2000
47
S. 94 of the Information Technology Act, 2000.
48
S.K. Verma and Raman Mittal: Legal Dimensions of Cyberspace, Indian Law Institute, 2004, New Delhi. P-
378.

65
"Electronic record" in these provisions, thereby extending the scope of offenses which were
previously paper-based to now also encompass electronic formats.

The amendments to the IPC can be broadly categorized as follows:

Definition: The insertion of Section 29A introduced the definition of "electronic record" as
understood by section 2(1)(t) of the IT ACT, 2000, into the IPC. "Electronic record"49 refers
to data, records, images, or sounds stored, received, or sent in electronic form, microfilm, or
computer-generated microfiche. Consequently, all offenses related to documents now include
offenses related to electronic records, especially those committed through the internet or
cyberspace.

Offenses by or relating to public servants50: Section 167 addresses offenses committed by

public servants, specifically framing incorrect documents with the intent to cause injury.
Following the amendment by the IT ACT, 2000, this section now also encompasses
electronic records within the term "document." The crux of the offense lies in the intention of
the public servant to cause injury to any person by deviating from their duty.51

Chapter 10 of the Indian Penal Code focuses on contempt of the lawful authority of public
servants, aiming to uphold obedience and respect for their lawful authority. The amendments
introduced in this chapter primarily revolve around the inclusion of "electronic record"
alongside "document," thus equalizing offenses committed through both paper-based and
paperless means. Sections 17252, 17353, and 17554 have undergone amendments to ensure that
actions previously considered offenses when done via paper-based documents remain
offenses when carried out electronically.

Among these amendments:

55 56
Offense relating to evidence: Sections 192 and 204 , concerning offenses of false
evidence and offenses against public justice, have been amended to broaden their scope to

49
According to section 2(1)(t) of the IT ACT, 2000
50
Section 167, Indian Penal Code, 1860.
51
Amended Section -167(IPC) : Public servant framing incorrect document with intent to cause injury.
52
S.172 of the Indian Penal Code: Absconding to avoid service to summons or other proceedings.
53
S.173 of the Indian Penal Code: Preventing service of summons or other proceeding or preventing
publication thereof.
54
S.175 of the Indian Penal Code: Omission to procedure document to public servant by person legally bound to
product it.
55
S.192 of the Indian Penal Code: fabricating false evidence.
56
S. 204 of the Indian Penal Code: Destruction of document or electronic record to prevent its production as
evidence.

66
include fabricating false electronic evidence and punishing the destruction of electronic
records under section 204.

Offenses in relation to documents: The majority of amendments in the Indian Penal Code
(IPC) focus on Chapter 18, which addresses offenses related to documents. These
amendments extend the scope of document-based offenses to include electronic records.
Notably, forgery under section 463 now encompasses forgery committed through electronic
records. Additionally, section 464 now covers the dishonest or fraudulent affixation of digital
signatures on electronic records, aligning with the definition provided in section 2(1)(d) of
the Act. Sections 466, 468, 470, 471, and 474 have also been revised to address forgery
through electronic records and the affixation of digital signatures.

Specifically, an amendment to section 474 affects only the first part of the section, which
deals with the possession of forged documents described in section 466, with the intent to use
them fraudulently or dishonestly as genuine. The second part of section 474, relating to
documents described in section 467, remains unchanged. This selective amendment is due to
the nature of the documents described in section 467, such as wills, which fall outside the
scope of the IT ACT, 2000, as per section 1(4)(d). Therefore, amendments to section 474
concerning offenses related to wills are unnecessary.

Additional changes within this Chapter relate to the criminal act of counterfeiting devices or
marks utilized for authenticating documents and the falsification of documents. These
revisions extend the scope of these sections to include electronic records, ensuring their
relevance in the digital era.57

Amendment in IPC, 1860 in the ITAA, 2008

There have been significant amendments to the Indian Penal Code, 1860, introduced by the
Information Technology (Amendment) Act, 2008:

Amendment in section 4:

 Addition of clause (3) to section 4, addressing offenses committed by individuals

outside India but targeting computer resources within India.

57
S.K. Verma and Raman Mittal: Legal Dimensions of Cyberspace, Indian Law Institute, 2004, New Delhi. P-
378.

67
  Modification of the Explanation section, clarifying that the term "offense"
encompasses actions conducted beyond Indian borders that would be punishable if
carried out within India, and defining "computer resource" in alignment with the
Information Technology Act, 2000.

Amendment of section 40:58

 Inclusion of additional clauses (118, 119, and 10) in section 40.

Amendment of section 118:

 Replacement of the phrase "voluntarily conceals, by an act or illegal omission, the

existence of a design" with "voluntarily conceals by any act or omission or by the use
of encryption or any other information hiding tool, the existence of a design" in
section 118.

Amendment of section 464:

 Substitution of the term "digital signature" with "electronic signature" wherever it

appears in Section 464.

B. AMENDMENT IN INDIAN EVIDNCE ACT, 1872

The law of evidence serves as lex fori that governs the courts, forming an integral part of
59
procedural law. The Indian Evidence Act, 1872, establishes the procedural rules for
presenting evidence in court proceedings. With the advent of electronic evidence, the nature
of evidence presentation has evolved. In most cases involving electronic records, it's common
for a copy of the original record to be exhibited as evidence, rather than presenting the
60
original itself. Recognizing the unique characteristics of digital evidence, the Indian
Evidence Act, 1872, underwent amendments under Section 92 of the Information Technology
Act, 2000. These amendments can be summarized under the following headings:

Amendments allowing evidence in electronic format:

58
After the figure ―117‖ in clause (2), in section 40
59
Suresh T. Vishwanathan: The Indian cyber laws( module 6- The Evidence Aspect of cyber law), Edn. IInd
2001, p-67, Bharat Law House New Delhi
60
Rohas Nagpal: Cyber Crime and Corporate Liability, first print 2008, published by Walters Kluwer (India)
pvt. Ltd. New Delhi, p-23.

68
 i. Within section 3: (a) The definition of 'Evidence' now includes "all documents,
including electronic records, produced for the inspection of the Court," replacing the
previous wording. (b) Following the definition of "India," additional expressions such
as "Certifying Authority," "digital signature," "Digital Signature Certificate," and
others have been included with meanings aligned to those defined in the Information
Technology Act, 2000.
ii. Section 17 of the Evidence Act, which defines admission, has been expanded to
encompass statements in electronic form. 61
62
iii. Sections 34 and 3563 have been modified to incorporate documents maintained
electronically and electronic records, respectively.
iv. Amendments to Section 39, which pertains to evidence involving conversations,
documents, books, or series of letters or papers, now encompass 'electronic records'
within its scope.
v. Section 59 previously allowed for all facts to be proven by oral evidence except for
the contents of documents. With the amendment, all facts can now be proven orally
except for the contents of documents or electronic records. Consequently, the contents
of an electronic record cannot be proven by oral evidence.
64
vi. Section 131 has been amended to include any individual in possession of an
electronic record. This amendment appears to primarily introduce the concept of
evidence through electronic records.

Amendment of the Indian Evidence Act, 1872 in ITAA, 2008:

Amendment of the Indian Evidence Act, 1872 in ITAA, 2008:Amendment of the Indian
Evidence Act, 1872 in ITAA, 2008:

Amendment of section 3: Within section 3 of the Indian Evidence Act, 1872, concerning the
interpretation clause, the final paragraph will now replace occurrences of "digital signature"
and "Digital Signature Certificate" with "electronic signature" and "Electronic Signature
Certificate," respectively.

61
S. 17 of the Indian Evidence Act: An admission is a statement. Oral or documentary or contained in electronic
form, which suggests any inferences as to any fact in issue or relevant fact, and which is made by any of the
persons, and under the circumstances, hereinafter mentioned.
62
S. 34 of the Indian Evidence Act: Entries in books of account when relevant
63
S. 35 of the Indian Evidence Act: Relevancy of entry in public record, made in performance of duty.
64
S. 131 of the Evidence Act: Production of document or electronic records which another person, having
possession, could refuse to produce.

69
Insertion of new section 45A: A novel addition, section 45A, specifies that in any legal
proceeding where the court requires forming an opinion on matters related to information
transmitted or stored in a computer resource or any other electronic or digital form, the
perspective of the Examiner of Electronic Evidence referred to in section 79A of the
Information Technology Act, 2000, is pertinent. It is clarified that for this provision, an
Examiner of Electronic Evidence is recognized as an expert.

Amendment of section 47A: Changes in section 47A involve a. Substituting instances of

"digital signature" with "electronic signature." b. Replacing occurrences of "Digital Signature
Certificate" with "Electronic Signature Certificate."

Amendment of section 67A: All mentions of "digital signature" in section 67A have been
replaced with "electronic signature."

Amendment of section 85A: Section 85A now replaces occurrences of "digital signature" with
"electronic signature" wherever the former appears.

Amendment of section 85A: Within section 85A, the term "digital signature" will be replaced
with "electronic signature" at both occurrences.

Amendment of section 85B: Section 85B is amended to substitute instances of "digital

signature" with "electronic signature" throughout.

Amendment of section 85C: Section 85C sees the replacement of "Digital Signature
Certificate" with "Electronic Signature Certificate" throughout the section.

Amendment of section 90A: In section 90A, the term "digital signature" will be substituted
with "electronic signature" at both occurrences.

3.11 CRITICAL APPRAISAL OF THE INFORMATION

TECHNOLOGY ACT, 2000

The introduction of the IT ACT, 2000 was certainly a positive development given the
absence of legislation tailored to the complexities of the digital landscape. However, its
implementation has revealed certain shortcomings. Critics have raised several concerns:

70
 1. The Act was hurriedly passed without sufficient public discourse, hindering its
effectiveness. Experts argue that its rushed enactment by parliament, without adequate
public debate, has contributed to its deficiencies.65

2. The Act's main focus on facilitating e-commerce, as stated in its preamble and
objectives, rather than regulating cybercrime, has left it ill-equipped to effectively
address cybercriminal activities. This narrow focus has been identified as a significant
weakness in dealing with cybercrime cases.

In summary, while the IT ACT, 2000 represented a significant step forward in adapting the
legal framework to the digital era, its limitations underscore the need for comprehensive and
carefully considered legislation to tackle the evolving challenges of cyberspace.

a. Instances of cyber torts like cyber stalking, cyber harassment, and cyber nuisance have
highlighted the inadequacies of the IT ACT, 2000 in addressing such offenses. Moreover,
there is a growing concern that emerging forms of cybercrime require attention and legal
provisions to address them effectively.

b. The existing provisions related to cybercrime in the IT ACT, 2000 are perceived as
insufficient and incomplete. There is a pressing need for dedicated legislation specifically
targeting cybercrime to complement the Indian Penal Code (IPC). While proponents of
relying solely on the IPC argue that it has proven effective over time, the evolving nature of
cybercrime and cyberspace demands specialized legal frameworks.

c. Ambiguity in the definitions provided within the Act poses challenges for interpretation
and application, particularly in cases of hacking and dissemination of lascivious or obscene
material. Clearer definitions are essential to prevent misinterpretation and ensure consistent
application by the judiciary.

d. A global approach to cyber law is necessary to effectively combat cybercrime, given its
transnational nature. The lack of uniformity in cyber laws across different jurisdictions
complicates efforts to address cyber threats comprehensively.

e. Inadequate awareness among the public about their rights and legal protections under the
IT ACT, 2000 contributes to its limited success. Many cases of cybercrime go unreported due

65
Rohas Nagpal: Cyber Crime and Corporate Liability, first print 2008, published by Walters Kluwer (India)
pvt. Ltd. New Delhi, p-23.

71
to this lack of awareness, highlighting the importance of educating the public about their
rights and legal recourse. For example, legal interventions such as the Delhi High Court's
action against the sale of pirated software demonstrate the potential for legal remedies to
address cybercrime when individuals are aware of their rights.

f. The issue of jurisdiction remains contentious in cases of cybercrime due to the borderless
nature of cyberspace. The traditional territorial concept of jurisdiction becomes increasingly
obsolete as cyber activities transcend geographical boundaries. The IT ACT of 2000 lacks
clear provisions addressing jurisdictional challenges in cybercrime cases, necessitating the
exploration of new dispute resolution methods.

g. While section 75 of the IT ACT addresses extraterritorial jurisdiction, its effectiveness

depends on the recognition and cooperation of competent authorities outside their respective
jurisdictions. Establishing measures for the exchange of information and evidence between
law enforcement agencies is crucial for enhancing the efficacy of extraterritorial operations in
combating cybercrime.

h. Building a proficient cybercrime enforcement team is imperative due to the technical

expertise required to investigate and prevent high-tech cyber offenses. The government's
initiative to establish cybercrime cells in major cities and the Cyber Crime Investigation Cell
(CCIC) of the CBI is commendable. However, the IT ACT of 2000 lacks provisions
addressing the formation and training of specialized cybercrime units.

i. The judiciary needs to adapt to the complexities of cybercrime by fostering a cadre of

cyber-savvy judges. Judges well-versed in cyber law and technology play a pivotal role in
interpreting and applying laws effectively in the digital age. The Kerala High Court's
acceptance of a Public Interest Litigation (PIL) submitted via email exemplifies the
judiciary's responsiveness to technological advancements and underscores the importance of
cyber-savvy judicial officers.66

3.12 INFORMATION TECHNOLOGY (AMENDMENT) ACT, 2008

As technology continued to advance, new methods of committing crimes through the internet
and computers emerged, necessitating amendments to the IT ACT, 2000. The rise of new
forms of cybercrimes in India presented a challenge to lawmakers, who were confronted with

66
S.K. Verma and Raman Mittal: Legal Dimensions of Cyberspace, Indian Law Institute, 2004, New Delhi. P-
378.

72
the difficult choice of either significantly amending the existing law to strengthen it or
witnessing its flagrant violation by cybercriminals and others.67

Acknowledging the immediacy of the situation, the Lower House of Parliament introduced
the Information Technology Amendment Bill, 2006 on December 15, 2006. This draft
underwent examination by an Expert Committee, which suggested numerous alterations.
Growing concerns regarding the rise of cybercrimes, both domestically and internationally,
led legislators to forward the issue to the Standing Committee of Parliament. The objective
was to seek suggestions for necessary modifications to improve the effectiveness of the
legislation and ensure its compliance with India's international commitments as a prominent
IT hub.

Several years elapsed before the amendments were ratified. The Information Technology
(Amendment) Bill, 2006 underwent further revisions through the Information Technology
(Amendment) Bill, 2008. Consequently, the base Act was renamed the Information
Technology (Amendment) Act, 2008. This modification was approved by the Lower House
on December 22, 2008, and by the Upper House on December 23, 2008.

Following this, the government introduced various regulations to complement the amended
Act. These encompassed the Cyber Appellate Tribunal (Salary, Allowances and other Terms
and Conditions of Service of Chairperson and Members) Rules, 2009; the Cyber Appellate
Tribunal (Procedure for Investigation of Misbehavior in Capacity of Chairperson and
Members) Rules, 2009; the Information Technology (Procedure and Safeguards for
Interception, Monitoring and Decryption of Information) Rules, 2009; the Information
Technology (Procedure and Safeguards for Blocking for Access of Information by Public)
Rules, 2009; the Information Technology (Procedure and Safeguards for Monitoring and
Collecting Traffic Data or Information) Rules, 2009; and the Information Technology
(Guidelines for Cyber Café) Rules, 2011.

****

67
Information Technology (Amendment) Act, 2008 w.e.f. 27-10-2009

73
 CHAPTER IV
JUDICIAL PRONOUNCEMENT REGARDING
CYBER CRIME

74
 CHAPTER IV
JUDCIAL PRONOUNCEMENR REGARDING CYBERCRIME
The advent of the Internet has propelled cyber law into a prominent legal sphere,
encompassing various critical aspects. This domain covers a broad spectrum of subjects
including cybercrime, electronic commerce, freedom of expression, intellectual property
rights, jurisdictional matters, and privacy rights. Cybercrime, for instance, encompasses
activities like credit card fraud, unauthorized computer access, child pornography, software
piracy, and cyber stalking. Electronic commerce involves encryption and data security to
facilitate online transactions. Issues of freedom of expression include concerns such as
defamation, obscenity, and digital censorship. Intellectual property rights extend to areas like
copyright protection, software licensing, and trademark safeguarding. Jurisdictional matters
revolve around determining authorities responsible for regulating cyberspace. Additionally,
privacy rights entail protecting data and ensuring Internet privacy.

Persistent challenges remain within cyber law, particularly concerning cybercrime and
jurisdiction. Notably, the jurisprudential landscape surrounding cybercrime is relatively
limited, lacking comprehensive statutory frameworks. Consequently, policymakers and legal
practitioners navigating cybercrime are often constrained to relying on the limited and
sometimes ill-fitting statutes and case1 precedents available. Regarding cyber jurisdiction,
significant ambiguity surrounds the determination of which governing body possesses
authority over online activities. Courts have sporadically addressed this issue, typically
resorting to long-arm statutes and principles of personal jurisdiction. However, the scarcity of
cyber jurisdiction cases further exacerbates the challenge, leaving legal professionals with
insufficient legal precedent for guidance

4.1 CYBER JURISDICTION

The term "jurisdiction" denotes the authority vested in a court to adjudicate a case and
provide a resolution to a dispute. Essentially, the court's ability to render a decision or issue a
decree hinges on its jurisdiction. Given the borderless nature of the legal landscape in e-

1
Stewart Biegel, The Emerging and Specialized Law of the Digital Revolution, Los Angele Daily Journal, Jan. 25,
1996

75
commerce, cyber jurisdiction encompasses all interactions accessible to individuals with
internet connectivity.2

Cyber jurisdiction law entails determining whether a specific activity occurring in cyberspace
falls under the purview of the laws governing the state or country where the website is
hosted, the laws of the state where the Internet Service Provider (ISP) operates, the laws of
the state where the user is situated, or a combination of these jurisdictions.

The Internet presents a multi-jurisdictional scenario due to the ease with which users can
access websites from anywhere in the world. From the user's standpoint, state and national
3
borders may seem essentially transparent. However, for courts tasked with determining
jurisdiction, this situation poses significant challenges. In the case of Zippo Manufacturing
Co. v. Zippo Dot Com Inc.,4 the court highlighted the emergence of a global revolution and
acknowledged that the development of legal frameworks concerning the permissible scope of
personal jurisdiction based on internet usage is still in its nascent stages.

The evolving law of jurisdiction faces the challenge of determining which jurisdiction
governs a specific event in cyberspace. This involves considering whether it falls under the
laws of the state or country where the website operates5, where the internet service provider is
based, where the user is located, or conceivably all of these jurisdictions. Some commentators
advocate for treating cyberspace as a distinct jurisdiction.6 However, this perspective has not
found support from the courts or been addressed by lawmakers in practice.

Cyber jurisdiction matters have traditionally been addressed mainly in civil courts.
However, with cases like U.S. v. Thomas7 and Minnesota v. Granite Gate Resorts Inc.,
8
criminal courts have also started to consider cyber jurisdiction issues.

2
Ferrera G.R.: Cyber Law: Text and Cases (2001, Ohio) p.4
3
David Post, Anarchy, State, and the Internet: An Essay on Law-Making in Cyberspace, 1995 J. Online L. art. 3,
Para. 36
4
USDC, Western District of Pennsylvania, 1997 952 F. Supp. 1119,
5
David R. Johnson and David Post, Law and Borders—The Rise of Law in Cyberspace, 48 Stanford L.Rev. 1357,
1367 (May 1996)
6
ibid
7
74 F. 3d 701 (6th Cir. 1996) (USA)
8
.568 N.W. 2d 715 (Minn. App. 1997); aff‘d 576N.W.2d 747 (Minn. 1998)

76
 4.2 CYBER JURISDICTION IN INFORMATION TECHNOLOGY
ACT,2000

The law extends its reach even further, applying to any violation or contravention of its
provisions committed by anyone, regardless of their location in the world. Through this
provision, the law asserts jurisdiction over individuals who violate The Information
Technology Act, 2000 beyond the territorial confines of India. Perhaps, this provision finds
justification in the distinct character of cyberspace, which transcends geographical
boundaries.

The Information Technology Act, 2000 explicitly states that unless otherwise specified, the
Act applies to any offense or contravention committed outside India by any individual,
regardless of their nationality.9 However, it's clarified that the Act only applies to offenses or
contraventions committed outside India if the actions or conduct constituting the offense or
contravention involve a computer, computer system, or computer network located in India.10
The clause "act or conduct constituting the offense or contravention involves a computer,
computer system, or computer network located in India" is pivotal in determining the
jurisdiction of the IT ACT regarding actions committed beyond India's borders. To establish
jurisdiction over actions constituting an offense or contravention under the IT ACT
committed outside India, it is necessary to demonstrate that these actions involve a computer,
computer system, or computer network located in India.

For instance, if a website containing pornographic material is created in the US, the IT ACT
wouldn't automatically have jurisdiction to address the site unless the creation, maintenance,
or operation of the site involves a computer, computer system, or computer network located
in India. However, if the website utilizes a server or any other computer network situated in
India, the IT ACT would then assume jurisdiction to address the website under section 67 of
the IT ACT.

Another example showcasing the jurisdiction of the IT ACT occurs when an individual from
the US hacks into a computer system or network in India. In such instances, section 66 of the
IT ACT would be enforced to prosecute the offender for hacking, as their actions involve a
computer located in India. Similarly, if an individual from any part of the world

9
Sec. 1(2) of IT ACT, 2000
10
Sec. 75 of IT ACT, 2000

77
introduces a virus into a computer system situated in India, they would be liable under Section
43(c) of the IT ACT. Consequently, they would be obligated to pay damages as compensation,
capped at Rs. 1 crore, to the victim.
Section 75 of the IT ACT exclusively pertains to offenses or violations outlined within its
provisions and does not extend to offenses under other statutes such as the Indian Penal Code,
1860. Jurisdiction concerning other cybercrimes, such as those covered by the Indian Penal
Code, 1860, is determined by the regulations stipulated in the Criminal Procedure Code, 1973.
The underlying principle of jurisdiction remains consistent across both the IT Act11 and the
Criminal Procedure Code, 1973, albeit expressed differently.

According to the Criminal Procedure Code, 1973, the fundamental legal tenet regarding
jurisdiction dictates that each offense should ordinarily be investigated and adjudicated by a
court situated within the geographic area where the offense occurred.12 These jurisdictional
principles are applicable not only during court trials but also in police investigations. In cases
where an offense transpires across multiple locations or persists over time in more than one
local jurisdiction, the court with jurisdiction over any of the affected areas may conduct the
inquiry or trial. Similarly, if uncertainty arises regarding the precise location of the offense
among several areas,13 the court with jurisdiction over any of the potentially implicated areas
may conduct the inquiry or trial.14

In scenarios where an act constitutes an offense due to actions taken and their resulting
consequences, the offense may be investigated or adjudicated by a court situated within the
geographic area where the act occurred or where the consequence ensued15. For instance, in
cases of defamation, either the court where the defamatory email was sent from or the court
where it was published or received, if different, holds jurisdiction to conduct the inquiry and
trial.

Another example is when, as a result of misrepresentation by individual A via email from

location X, property is delivered at location Y. In this scenario, A can face trial for the offense
of cheating either at location X or Y. Similarly, if an individual in Bombay perpetrates

11
Sec. 1(2) r/w Sec. 75 of IT ACT, 2000
12
Sec. 177 of Cr. P.C., 1973
13
Sec. 178 of Cr. P.C., 1973
14
Sec. 178(a) of Cr. P.C., 1973
15
Sec. 179 of Cr. P.C., 1977

78
hacking of a computer system situated in Delhi, they may be subject to trial in either Bombay
or Delhi.

If an act constitutes an offense due to its connection with another act that is also an
offense, or would be an offense if the perpetrator were capable of committing it, the first
offense may be investigated or tried by a court within the local jurisdiction where either of
the acts occurred. For example, if there is a case involving the manufacture of substandard
fertilizer in location16 X, which is then marketed through e-commerce at location Y, legal
proceedings can be initiated at either of these locations. This is because the marketing of the
substandard fertilizers is an offense in relation to the substandard manufacture.

Certain specified offenses are mandated by law to be investigated or tried in specific

locations. For example, offenses such as criminal misappropriation or criminal breach of trust
may be investigated or tried by a court within the local jurisdiction where the offense
occurred or where any part of the property involved in the offense was received, retained, or
required to be returned or accounted for by the accused person.17

For instance, if an employee of a company based in Delhi uses the internet banking
facility of the company's bank in Bombay to transfer funds to his account in Calcutta, the
case of misappropriation could be prosecuted in Delhi, Bombay, or Calcutta. Delhi or
Bombay would be appropriate jurisdictions as the offense was partially committed there,
while Calcutta would also be appropriate as it is where the money was received and retained.

Furthermore, the law stipulates that in cases involving cheating, if deception occurs
through letters or telecommunication messages, the inquiry or trial may be conducted by any
18
court within the jurisdiction where such letters or messages were sent or received.
Additionally, any offense involving cheating and dishonestly inducing the delivery of
property may be investigated or tried by a court with jurisdiction over the place where the
deceived person delivered the property or where the accused person received it.19

In a scenario where two or more courts assume jurisdiction over the same offense and a
dispute arises regarding which court has the authority to inquire into or try the offense, this
matter will be resolved by the High Court overseeing the jurisdictions of both such courts.

16
Sec. 180 of Cr. P.C., 1973
17
Sec. 181 of Cr. P.C., 1973
18
Sec. 182 of Cr. P.C., 1973
19
Sec. 182 of Cr. P.C., 1973

79
20
However, if the courts in question are not under the jurisdiction of the same High Court, the
determination of jurisdiction will be made by the High Court in whose appellate criminal
jurisdiction the proceedings were initially initiated.21

All further legal actions pertaining to that offence will be discontinued in such cases. The
complainant has the option of selecting which court to file a case in case there are many
courts with jurisdiction over the same offence. Of course, the complainant will choose the
forum that works best for them and the accused is least convenient for them.

The legal principles regarding jurisdiction, as delineated in the Criminal Procedure Code,
1973, and Section 75 of the IT ACT, 2000, as previously discussed, provide clear and
comprehensive guidelines applicable to various scenarios commonly encountered in
cybercrime cases. The inherently global nature of the internet often results in cybercrimes
transcending geographical boundaries. Unlike traditional crimes such as rape, murder, and
kidnapping, where both the perpetrator and the victim are typically in the same physical
location, cybercrimes frequently involve two or more distinct locations. One location pertains
to where the cybercriminal perpetrates the crime, such as through hacking, while the other
location is where the victim's computer, system, or network suffers the harm.

Furthermore, cybercriminals tend to operate anonymously and take measures to conceal

their identities and operational whereabouts. The internet's allowance for anonymity
exacerbates the challenge of identifying and apprehending cybercriminals. Consequently, in
practical terms, determining jurisdiction over cybercrimes often hinges on the location where
the victim experiences harm, whether directly, such as through fraud, or indirectly, such as
damage inflicted on their computer or network.

Judicial Trends in India

Prior to the enactment and enforcement of the Information Technology Act, 2000, on
October 17, 2000, Indian case law concerning the jurisdiction of courts in cyberspace was
nonexistent. However, the rapid development of information technology as a more expedient
and efficient mode of communication in the new millennium has brought about unforeseen
consequences, including the emergence of cybercrimes that require adjudication by the
courts.

20
Sec. 186 (a) of Cr. P.C., 1973
21
Sec. 186 (b) of Cr. P.C., 1973

80
In the case of P.R. Transport Agency v. Union of India and Others22, the issue of court
jurisdiction arose concerning a contract made via email between parties residing in various
locations. Bharat Cooking Coal Ltd. (BCCL) conducted an e-auction for coal, wherein the
plaintiff, P.R. Transport Agency, successfully bid for 40,000 metric tons of coal from Dobari
colliery. BCCL communicated the acceptance of the bid via email on July 19, 2005.
Subsequently, the plaintiff deposited the amount of 81.12 lakhs through a cheque in favor of
BCCL, which was accepted and encashed. However, BCCL failed to deliver the coal to the
plaintiff and instead notified them via email that the e-auction had been canceled "due to
some technical and unavoidable reasons." It was later discovered by the plaintiff that the e-
auction was cancelled because another bidder had submitted a higher bid, which had not been
considered earlier due to a flaw in the computer system or its programming.

In this case, P.R. Transport challenged the cancellation of its contract by BCCL in the
High Court of Allahabad. BCCL contested the court's territorial jurisdiction, arguing that the
cause of action did not arise in the state of Uttar Pradesh. P.R. Transport argued that the court
had jurisdiction because they received the communication of acceptance of the tender through
email in Chandauli, U.P. After considering both arguments, the High Court ruled that in cases
of email acceptance, the data transmitted from the accountholder could be stored in the
memory of a server located anywhere and could be accessed by the addressee account-holder
from anywhere in the world. Therefore, there was no fixed point for transmission or receipt
of email. As per Section 13(3) of the Information Technology Act, 2000, an electronic
document is deemed to be received at the place where the addressee conducts their business.

The acceptance of the tender will be considered received by P.R. Transport at the location
of its business, which includes Varanasi and Chandauli, both situated in the state of Uttar
Pradesh. Therefore, the Allahabad High Court had jurisdiction to adjudicate the case. This
case decision underscores the importance of ensuring that the exercise of jurisdiction by
courts in cybercrimes adheres to principles of fairness and justice. Such considerations
typically revolve around the following factors:

To uphold a state's jurisdiction in cyberspace, legal frameworks often consider several

factors, including:

22
AIR 2006 All 23 (decided on 24.9.2006)

81
 (a) The level of deliberate intrusion or illicit activities impacting the state's affairs.

(b) The degree of conflict with the state's sovereignty.

(c) The state's interest in resolving the dispute.

(d) The state's obligation to safeguard the interests of parties and provide them with
remedies.

(e) The availability of an alternative forum for dispute resolution.

Additionally, to justify a state's jurisdiction in cyberspace, the law typically requires that
the state not only grants accessibility to the website but also engages in some form of
interaction with the victim.

4.3 JUDICIAL RESPONSE TO COMBAT CYBER CRIMES

The spread of internet culture has resulted in a great deal of online disagreements, conflicts,
and disputes because of the improper use and exploitation of computer networks for illegal
purposes. While disagreements are nothing new in human society and have always existed,
the unique character, scope, and complexity of disagreements pertaining to online
transactions are worrisome. Because of the complexities involved, which judges might not be
entirely familiar with, settling these cyber-related disputes presents a substantial problem for
the legal system.

1. Judicial response before the IT ACT in India

In the case of Sukanto Haldar v. State of West Bengal,23 the issue pertained to the
magazine "Nara Nari," which was deemed to contain obscene content. To uphold public
morality over artistic and literary expression, the court invoked section 292 of the Indian
Penal Code, 1860. As a result, the petitioner was convicted and sentenced to two months
of rigorous imprisonment, along with a fine of Rs. 200. In default of payment of the fine,
the petitioner faced an additional two weeks of rigorous imprisonment.24

In Shaw v. Director of Public Prosecutions (DPP)25 in the UK involved the distribution

of a magazine called "The Ladies Directory" in the market, which contained names,

23
AIR 1952 Cal 214.
24
M. Dasgupta: Cyber Crime in India, 2009, Eastern Law House Kolkata (Calcutta), p-163
25
(1961)2 ALL ER 44 B.

82
 addresses of prostitutes, pornographic photographs, and descriptions of their practices.
The accused was charged with distributing pornographic material in public, which was
considered an offense because it corrupted the minds of individuals and the public. The
court viewed this act as "a conspiracy to corrupt public morality."

In its judgment, the judiciary referenced several key points: (i) John Stuart Mill's
principle of "harm to others," as discussed in his book "On Liberty"; (ii) The debate
between H.L.A. Hart and Prof. Devlin regarding the enforcement of morality by law,
which emphasized the need for a balance between law and morals, as well as shared
morality; (iii) The recommendations of the Wolfenden Committee in 1957 in the UK,
which echoed J.S. Mill's principle; and (iv) The Wolfenden Committee's
recommendations suggested that as long as prostitution and homosexual activities
involved consenting adults and occurred privately without causing harm to others or
public disturbance, they should not be subject to legal intervention.

In Ranjit D. Udeshi v. State of Maharashtra,26 the Supreme Court of India closely

followed principles such as the Hicklin Test and decisions from the U.S. Court,
particularly in Roth's case. In this case, the Court declared D.H. Lawrence's "Lady
Chatterley's Lovers” an obscene publication. It distinguished between "obscenity" and
"pornography," noting that precise definitions for these terms are challenging. However,
the Court defined obscenity as any material that tends to corrupt, cause annoyance, evoke
horror, or is indecent, immoral, or with a sexual tendency. On the other hand,
"pornography" refers to material, whether in writing, pictures, or other forms, intended to
arouse sexual desire. Both obscenity and pornography were deemed contrary to public
morality and decency by the Court.27

Legislation that prohibits "obscenity" and "pornography" indeed reflects moral values.
When there is a synthesis between law and morality, it helps to strike a balance with
shared morality. This balance ensures that legal standards align with societal moral
norms, promoting a cohesive and ethical framework within the legal system.

26
AIR 1965 SC 881; (1965)2 Cr LJ 8.
27
M. Dasgupta: Cyber Crime in India, 2009, Eastern Law House Kolkata (Calcutta), p-162-163.

83
2. Judicial response in India after the Information Technology Act, 2000:

In the case of Jayesh S. Thakkar v. State of Maharashtra, on May 29, 2001, the petitioners
wrote a letter to the Chief Justice of the Bombay High Court, expressing concerns about
pornographic websites on the internet. The letter was treated as a Suo motu writ petition.
On September 26, 2001, the Division Bench of the Bombay High Court, consisting of
B.P. Singh, CJ, and Dr. D.Y. Chandrachurd, J., passed an order to appoint a committee to
suggest preventive and controlling measures to protect children from accessing
pornographic and obscene material on the internet.

The committee, after considering various public opinions through the internet and other
media, submitted its report titled "Shielding Minors from Cyber Porn: Protecting Minors
from Unsuitable Internet Material" on January 30, 2002. The report made the following
recommendations:

1. Site Blocking: The committee rejected the proposal for site blocking, deeming it
technically and legally unsound.

2. Cyber Cafes: The recommendations for cyber cafes included:

 Suggested definition of cyber cafes to be included in the rules under the

Bombay Police Act.
 Procedures for licensing cyber cafes, as none were licensed or regulated at the
time.
 Regulations requiring cyber cafe operators to demand photo identity cards
from all users.
 Restricting minors to using machines in the common open space of cyber
cafes, not in cubicles.
 Requiring machines to be fitted with software filters to prevent access to
inappropriate content.
A. Judicial Response to Curb Pornography

Pornography refers to the explicit depiction of obscene and indecent content, whether in
written form or visually, which has the potential to corrupt the minds of children and
negatively impact the moral standards of society. As such, laws strictly prohibit the
creation, publication, and circulation of such material to safeguard the moral integrity of

84
 28
society. Given the ease of dissemination through computers and the internet, it is
imperative to address the proliferation of pornography in these mediums. Cyber
pornography, defined as the use of digital technology to distribute explicit sexual content,
presents new challenges for both the legal system and the courts. Examining court
decisions can provide insight into how the law addresses incidents of cyber pornography
and the evolving nature of this crime.29

In the case of United States v. Thomas,30 a federal postal inspector based in Tennessee
downloaded pornographic content from a Bulletin Board Service (BBS) operated by an
individual in California, USA. The inspector was subsequently arrested and convicted
under federal obscenity laws for distributing pornographic material. The court established
several important legal principles in its ruling. Firstly, it clarified that GIF files, a generic
format for digital images, are not considered "intangible" under federal obscenity laws.
Secondly, it determined that the distribution of obscene material can be deemed to have
occurred knowingly, even without the defendant's specific knowledge of each individual
transmission. Additionally, the court emphasized that the standard for obscenity is
determined by the "community standards" of the location where the material is received.
In this case, the defendants' ability to control subscriptions and access to their BBS
rendered them liable for the downloading that took place in Tennessee, thus subjecting
them to jurisdiction in that state.31

In the case of Avnish Bajaj v. State (NCT Delhi),32 Baazee.com operated as an online
auction website, with Avnish Bajaj serving as its Chief Executive Officer (CEO). In
December 2004, Bajaj was arrested on charges related to the distribution of cyber
pornographic material. These charges stemmed from the sale of pornographic CDs by an
individual through the Baazee.com website, with these CDs also being sold in the Delhi
market.

The arrest resulted from a joint action by the Delhi and Mumbai police. However, Bajaj
was later granted bail by the Delhi High Court due to a lack of prima facie evidence
linking him directly or indirectly to the publication of the pornography. Additionally, it

28
Amita Verma: Cyber Crimes & Law, 2009, Ist Edn. Central law Publications, p-120)
29
J.P. Mishra: An introduction to Cyber Laws. Ist Edn: 2012 Central law Publications, p-187)
30
74 F. 3d 701 (6th Cir. 1996) (USA)
31
Farooq Ahmad: Cyber Law of India (Law on Internet), 3rd Edn. New era Law Publication, p-408.
32
(2005) 3 Comp. LJ 364 (Delhi). This case is popularly known as Baazee.com case.

85
 was found that the actual obscene content of the CDs could not be viewed on the
Baazee.com website.

During the investigation, it was revealed that Bajaj had Indian origins and had family ties
in India. Baazee.com operated as a customer website facilitating online property sales on
a commission basis. An obscene MMS’S clip titled "A DPS girl having fun" was listed
for sale on Baazee.com on November 27, 2004, and some copies of this clip were indeed
sold by the company.

In Hari Ram v. State of Rajasthan & Another,33 it was established that the law, as
clarified through a comprehensive examination of Sections 2(k), 2(l), 7A, 20, and 49 in
conjunction with Rules 12 and 98, unequivocally determines that individuals who were
under the age of 18 at the time of the commission of offenses, even prior to April 1, 2001,
would be considered juveniles. This classification applies to those who reached the age of
18 before the commencement of the Act and were serving sentences following
conviction.

B. Judiciary on Online Fraud

The term "Internet Fraud" is quite broad, yet it lacks a specific definition within the IT
ACT. It encompasses various offenses that are explicitly outlined in the IT ACT. Internet
frauds can manifest in diverse forms, making their categorization challenging. American
courts are actively engaged in addressing internet fraud cases.

The Sony.Sambandh.com Case (2002)34 marked the first conviction in a cyber-related

fraud case. This case underscored the effectiveness of applying provisions from the
Indian Penal Code to certain cybercrimes not addressed by the Information Technology
Act, 2000. Sony India Private Ltd., the complainant, operated a website called
www.sony.sambandh.com. This platform allowed non-resident Indians to purchase Sony
products online and have them delivered to their relatives and friends in India after
making online payments.

In May 2002, an individual using the identity of Ms. Barbara Campa placed an order on
the website www.sony.sambandh.com for a Sony colored TV set and cordless
headphones. The individual provided a credit card number for payment and requested the

33
Criminal Appeal No. 907 of 2009 (Arising out of S.L.P. (Crl.) No.3336 of 2006).
34
V. Paranjape, Cyber Crimes & Law, Central law Agency, 2010, p-137.

86
 products to be delivered to Arif Azim in Noida. Sony India Ltd. cleared the payment and
delivered the items to Arif Azim after conducting the necessary due diligence, including
digital photography of the delivery being accepted by Arif Azim.

Approximately one and a half months later, the credit card agency informed Sony India
Ltd. that the transaction was unauthorized and fraudulent, as the real owner of the credit
card denied making the purchase. Consequently, Sony India Ltd. filed a complaint of
online cheating with the CBI, which registered a case against Arif Azim under Sections
418, 419, and 420 of the Indian Penal Code.

During the investigation, it was revealed that Arif Azim, who worked at a call center in
Noida, had accessed the credit card number of an American national and misused it on the
company's website. The CBI recovered the colored TV and cordless headphones from
Arif Azim. Based on the evidence presented and the material before it, the court found
Arif Azim guilty of offenses under Sections 418, 419, and 420 of the IPC, convicting him
of cyber fraud and cheating.

Considering Arif Azim's young age (24 years) and that this was his first conviction, the
court ordered his release on probation for a period of one year.35

The Pune Citibank MphasiS Call Center Fraud36 involved former employees of the
BPO arm of MPhasis Ltd, MsourcE, who defrauded US customers of Citibank amounting
to Rs 1.5 crores, raising concerns about data protection. The crime was conducted
through unauthorized access to the electronic account space of the customers, firmly
falling under the domain of cybercrimes.

The Information Technology Act, 2000 (ITA-2000) is versatile enough to address aspects
of crime not explicitly covered by it but covered by other statutes. Any offense under the
Indian Penal Code (IPC) committed using electronic documents can be considered
equivalent to a crime involving written documents. Offenses such as cheating, conspiracy,
and breach of trust are therefore applicable in the Pune Citibank MphasiS Call Center
Fraud case, in addition to sections in the ITA-2000.

Under the ITA-2000, the offense is recognized under both Section 66 and Section 43. As
a result, the individuals involved are liable for imprisonment, fines, and damages to the

35
Supra Note 32
36
The Times of India, 24th April 2005. See also http://www.ecommercetimes .com/story/42112.html.

87
 victims, with the maximum extent of liability being Rs 1 crore per victim. The
adjudication process can be invoked to determine the liability and impose appropriate
penalties.

The Supreme Court's ruling in the Morgan Stanley case37 has significantly improved
business process outsourcing (BPO) by creating a global safe-deposit vault to thwart data
theft and raise India's profile as a location for outsourcing. The National Association of
Software and Services Companies (NASSCOM) announced in April 2007 the creation of
an independent self-regulatory organization (SRO) in reaction to this verdict. Setting data
security guidelines for the software sector was given to this SRO, with an emphasis on
ensuring that they complied with international best practices.

C. Judicial interpretation on Fraud regarding Credit Card

Credit card fraud encompasses various forms of theft and fraudulent activities conducted
using credit cards or similar payment methods to obtain goods or unauthorized funds.
This can involve obtaining goods without payment or accessing funds from an account
unlawfully. Credit card fraud has become a significant issue globally, with several types
of fraudulent activities reported. In the USA, common fraud reports include undelivered
services, misrepresented merchandise, auction sales, pyramid schemes, and bogus
marketing of goods, with credit card fraud being one of the most prevalent. Estimates
suggest that consumers lose hundreds of millions of dollars annually due to credit card
fraud.

In the Delhi Credit Card Fraud Case,38 a 24-year-old engineer employed at a call
center was found guilty by the Court of Metropolitan Magistrate Delhi. The engineer,
named Azim, fraudulently obtained the details of Campa's credit card, and used them to
purchase a television and a cordless phone from the Sony website. Metropolitan
Magistrate Gulshan Kumar convicted Azim for cheating under sections 418, 419, and 420
of the IPC. However, Azim was not sentenced to jail. Instead, he was required to furnish a
personal bond of Rs. 20,000 and was released on probation for a year.

37
DIT (International Taxation) Mumbai v. Morgan Stanley & Co. Inc. decided on July 9, 2007
38
Advocate, Prashant Mali: Cyber Law & Cyber Crimes, Ist Edn. 2012, Snow White Publications. P60

88
 In the Hotel Le Meridien, Pune Case,39 About thirty patrons of Hotel Le Meridien in
Pune became victims of a fraudulent credit card operation. Using the information
gathered from consumers, four people took part in the process of making replica credit
cards. One of the criminals was employed as a cashier at Hotel Le Meridien's Chingari
Restaurant. He recorded the information from credit card swipes using credit card
skimmers and readers. After then, magnetic strips were used to transfer these details onto
blank cards. They spent a total of one crore rupees across 33 cards from 27 different
banks. Higher-end cards like Gold, Titanium, Platinum, and corporate cards with larger
credit limits were the focus of the scammers. When a Citibank employee went to the hotel
and saw unauthorized charges on his credit card statement, he became aware of the scam
and subsequently filed a police complaint.

D. Judiciary on Defamation

Every individual possesses the right to maintain the integrity of their reputation. This
right to reputation is recognized as an inherent personal entitlement for every individual.
It constitutes a universal right, enforceable against the entire world. An individual's
reputation is considered their property, often esteemed as more valuable than other
material possessions.40

The Indian Penal Code, 1860 specifies that defamatory statements must be published or
communicated to constitute defamation. The Supreme Court clarified in Bennett
Coleman & Co. v. Union of India 41 that "publication" refers to dissemination and
circulation, implying that merely communicating defamatory statements to the person
defamed does not constitute publication.

In the landmark case of S.M.C. Pneumatics (India) Pvt. Ltd. v. Jogesh Kwatra42,
recognized as the first cyber defamation case in India, the High Court of Delhi assumed
jurisdiction and issued an ex-parte injunction against the defendant. The injunction
restrained the defendant, an ex-employee, from tarnishing the reputation of the corporate
entity by sending derogatory and defamatory emails to his former employers and
managing director, with the intent to malign the company's reputation both in India and
abroad. The plaintiffs argued that the defendant's actions were a clear violation of their

39
Supra Note 38
40
Dixon v. Holden, (1869) LR 7 Eq 488.
41
(1972) 2 SCC 788
42
Petition No. 1276/2001 decided by the Delhi High Court in 2003.

89
 legal rights, and his motive was retaliatory due to the termination of his employment by
the company's management. Based on the evidence presented, the defendant was found
guilty of cyber defamation, leading the High Court of Delhi to issue an ex-parte interim
injunction restraining him from sending further defamatory messages.

In Tata Sons v. Greenpeace International, Justice S. Ravindra Bhat43, in authoring

the judgment, acknowledged that while the internet possesses a broader reach and
potential for harm, traditional standards for granting injunctions in cases of libel should
still be applied. The court reasoned that these traditional standards have been well-
established, and there is no constitutional mandate empowering the court to create a
distinction in this regard.

Following this logic to the letter suggests that defamation laws would be in effect. If more
broadly applied, judges could be able to apply other well-established legal concepts
without drawing distinctions in situations where there is a legislative vacuum. This
emphasizes the idea that cyberdefamation lawsuits ought to be handled in accordance
with the same legal guidelines as traditional defamation lawsuits.

E. Judicial Response in Protection of Intellectual Property Rights:

By applying its interpretive principles to balance conventional laws with technological

innovations, the court has continuously adjusted to the rapidly changing technological
reality. New difficulties that were not previously foreseen by the legal frameworks in
place have evolved with the introduction of the internet and other digital technologies.
Unexpected to lawmakers, a number of new types of cybercrime have emerged in the new
millennium.

The courts have taken on the role of unbiased arbiters in cases involving issues pertaining
to intellectual property rights (IPR) resulting from advancements in computer science and
internet technologies. Their goal is to guarantee that justice is served and that none of the
parties to the dispute suffer unfair treatment. This strategy demonstrates the judiciary's
dedication to preserving the values of justice and equity in the face of technological
innovation.

43
HC IA 9089/2010 in CS (OS) 1407/2010.
90
 In the case of Himalaya Drug Co. v. Sumit 44 , The plaintiffs, engaged in manufacturing
and selling Ayurvedic medicinal products, had established a website under the domain
name www.himalayadrugco.com. They had dedicated considerable time, expertise, and
resources to build a database containing detailed information on over 209 herbs.

Subsequently, the plaintiffs discovered that the defendants were operating a website
replicating their entire herbal database, including introductory information and detailed
monographs for each herb. Moreover, the defendants duplicated the content in a manner
closely resembling the original format and structure found on the plaintiffs' website.

Responding to this alleged infringement, the plaintiffs initiated legal proceedings by filing
a petition with the Delhi High Court seeking an injunction. They contended that the
defendants' actions amounted to unfair competition as they operated under a similar
domain name, causing confusion and deception among consumers and the general public.

Despite receiving multiple notices, the defendants failed to appear in court, leading to the
case proceeding ex-parte against them. The Delhi High Court granted a permanent
injunction against the defendants, prohibiting them from reproducing, using, or publicly
communicating the herbal database copied from the plaintiffs.

Additionally, the court awarded punitive damages amounting to eight lakhs rupees, which
the defendants were mandated to pay to the plaintiffs as compensation for their actions.

F. Judicial Response on Cyberstalking:

Stalking, commonly understood as harassing or threatening behavior exhibited by one

individual towards another, takes on a new dimension when carried out in cyberspace,
termed cyberstalking. In cyberstalking, an individual engages in a persistent pattern of
conduct online with the intent to terrorize, embarrass, shame, molest, outrage, or frighten
the targeted person.

44
2006 (32) PTC 112 (Del).

91
In the case of People v. Alan Munn45, The defendant requested dismissal on the grounds that a
New York legislation did not specifically address internet communications. The defendant was
accused of harassing readers of an online news group with the intention of causing harm to a
police officer and their family. Under the relevant statute, communications could be made "by
telephone, telegraph, mail, or any other form or written communication." Nevertheless, because
the posting was started by phone with the network community, the judge decided that it was
covered by the Act. As a result, the judge decided that, in this particular situation, internet
conversations were covered by the Act.

The Mrs. Ritu Kholi Case46 This incident involving Mrs. Kholi serves as a significant example
of cyberstalking, shedding light on the seriousness of such occurrences in India. Mrs. Kholi
reported the matter to the Delhi Police, detailing how an unidentified individual impersonated
her online for four consecutive days. During these online interactions, the impersonator used
Mrs. Kohli’s identity, disclosed her address, employed vulgar language, and urged others to
contact her, leading to Mrs. Kohli receiving numerous unwanted calls that disrupted her
personal life and mental well-being.

Following Mrs. Kohli’s complaint, the police conducted a thorough investigation and traced the
IP addresses involved, ultimately leading to the arrest of Manish Kathuria, who later confessed
to his actions. Kathuria was charged under Section 509 of the Indian Penal Code for using
derogatory or lewd language with the intent to provoke a breach of peace, as the incident
occurred prior to the enactment of the IT ACT, 2000. Subsequently, Kathuria was released on
bail pending further legal proceedings.

G. Judicial Response on Data Theft:

The T-Mobile Data Theft Case47 marks a significant milestone in the realm of data protection.
In this landmark case, two former employees of UK mobile operator T-Mobile were ordered by
the Chester Crown Court to pay a total of $73,700 for stealing and selling customer data from
the company in 2008. This ruling stands out not only because of the record fine imposed for
data protection offenses but also because it demonstrates a shift towards the criminal courts
taking data protection more seriously.

45
Crim. Court Queens Cty., No. 98Q-052574 (USA). (Amita Verma: Cyber Crimes & Law, 2009, Ist Edn. Central
law Publications, p-349).
46
Farooq Ahmad: Cyber Law of India (Law on Internet), 3rd Edn. New era Law Publication, p-411.
47
June 2011 Chester Crown Court (UK).

92
 David Turley and Darren Hames pleaded guilty to offenses under Section 55 of the Data
Protection Act. However, the fines were imposed under the Proceeds of Crime Act. Mr.
Turley was ordered to pay $45,000, while Mr. Hames was ordered to pay $28,700. Both
individuals face an 18-month prison term if they fail to pay within six months.

In India, the IT ACT of 2000, as amended by the IT (Amendment) Act of 2008, applies to
cases of data theft. Specifically, Section 43(b) read in conjunction with Section 66 of the
IT ACT is applicable. Additionally, provisions under Sections 379, 405, and 420 of the
Indian Penal Code, 1860, also apply to cases involving data theft.

In the case of Just Dial v. Infomedia 1848, the Delhi High Court granted an injunction
against Infomedia 18 Limited, a group company of TV 18, restraining them from
conducting business or providing services through their website askme.in. Just Dial,
which operates with a single national number 69999999 in 240 cities, alleged that
Infomedia 18 had copied its extensive database and was displaying the same on askme.in,
thereby infringing Just Dial's copyright in its valuable database.

The Delhi High Court, upon hearing the suit filed by Just Dial, issued an ex parte
injunction against Infomedia 18, prohibiting them from infringing Just Dial's copyright
and from operating askme.in until the next date of hearing. Additionally, the High Court
appointed commissioners to visit Infomedia 18's offices in Delhi and Mumbai to seize
and take into custody all CPUs, compact discs, floppy discs, and/or other storage media
containing any part of the commercial or business directory database belonging to Just
Dial.

4.4 CONCLUSION

The above-discussed case law analysis highlights the urgent need for a new legal viewpoint
and a practical strategy to combat cybercrimes. There is an obvious need for legal frameworks
that can successfully negotiate the complexity of e-commerce, e-banking, and e-service
regimes given the growth of international networks and the quasi-physical environment
connected with cyberspace.

Over the past two decades, there has been a noticeable shift in judicial trends regarding the
adjudication of cybercrimes. Recognizing the intangible nature of data in electronic form,
courts have moved away from rigid and literal interpretations of the law. Instead, they have

48
Prashant Mali: Cyber Law & Cyber Crimes, Ist Edn. 2012, Snow White Publications. P-16

93
embraced a more practical and flexible approach to resolving the challenges posed by cyber-
related cases while remaining faithful to the underlying legislative intent.

In light of the expanding scope of cybercrimes in India, it is imperative that not only law
enforcement agencies but also judicial officers at all levels receive proper education and
training in various technological aspects of cybercrimes. The rapid pace of technological
advancement demands that the judiciary keep up and even surpass cybercriminals in the
battle against cybercrime.

Efforts should be directed towards expediting the disposal of cyber cases within a defined
timeframe to ensure swift justice for the guilty. As the saying goes, "the threat at present is
not from the intelligence of the cybercriminals but from the ignorance and lack of will to
fight against cyber criminality." Hence, there is a critical need to enhance both awareness and
preparedness among judiciary personnel to effectively combat cybercrime.

The Information Technology Act, 2000, along with amendments made to relevant laws such
as the Indian Penal Code, the Law of Evidence, the Criminal Procedure Code, the Banker's
Book Act, and the Negotiable Instruments Act, provide the necessary legal framework for
law enforcement agencies and the judiciary to promptly apprehend cybercriminals and ensure
their prosecution. However, continual adaptation and enhancement of these legal frameworks
are essential to keep pace with the evolving nature of cyber threats.

Suggestions from cyber law experts like Mr. Pawan Duggal and Shri Prathmesh Popat
emphasize the critical need for specialized expertise in dealing with cybercrime cases. Mr.
Duggal's proposal for establishing special tribunals dedicated to handling cybercrime cases
underscores the complexity and uniqueness of these offenses. These tribunals, led by well-
equipped and professionally trained judges, would offer a focused and efficient mechanism
for adjudicating cyber-related legal matters. Specialized tribunals can help ensure that
cybercrime cases are handled with the expertise and attention they require, leading to more
effective and timely resolutions.

Secondly, Shri Popat's emphasis on the importance of computer-friendly lawyers and judges
further emphasizes the need for legal professionals who possess a deep understanding of
computer systems and their operational nuances. Given the technical complexities involved in

94
cybercrimes, having legal practitioners who are well-versed in digital technology is
essential for effectively prosecuting offenders and ensuring fair outcomes in cybercrime
cases. Judges who are knowledgeable about computer systems can better comprehend the
evidence presented in such cases and make informed decisions based on the merits of
each case.

Incorporating these suggestions into the legal system can significantly enhance the
capacity of the judiciary to address the growing challenges posed by cybercrimes. By
fostering specialization and expertise in this domain, the legal system can better protect
the rights of individuals, uphold the rule of law, and promote cyber security in the digital
age.

*****

95
 CHAPTER V
CONLUSION AND SUGGESTIONS

96
 CHAPTER V
CONCLUSION AND SUGGESTIONS
6.1 CONCLUSION

Cybercrime, being a global phenomenon, often impacts individuals located far from the scene
of the offense, whether within the same country or abroad. Consequently, addressing it
necessitates international policing efforts and active collaboration among nations. The
European Convention on Cybercrime represented a commendable initiative by establishing
guidelines for member states to combat cybercrime. It recommended measures for updating
national cyber laws to confront emerging challenges. The Convention not only addressed
substantive changes in criminal law but also emphasized the importance of procedural
considerations in law reform to align with evolving technology. While procedural hurdles
have been recognized as a significant barrier to effectively combating cybercrime, attention
must also be paid to redefining substantive laws to combat ongoing criminal activities in
cyberspace. Among various cyber offenses, the Convention identified ten specific crimes and
encouraged member states to incorporate them into their legal frameworks, along with
establishing robust mechanisms for their enforcement. However, it is regrettable that many
cyber offenses in one country are not recognized as crimes in others, complicating matters
when dealing with cross-border cybercrimes. A potential solution lies in the enactment of a
globally applicable cyber law, ensuring uniformity across nations. The essence of the issue
lies in establishing universally accepted standards for cybercrime prevention that transcend
geographical boundaries.

A global survey of cyber laws reveals that only a handful of countries have taken proactive
measures to update their legal frameworks to effectively combat cybercrime, while many
others have yet to even begin the process of drafting such laws. This disparity in approaches
among nations regarding the importance of cyber legislation presents a significant challenge
in addressing internet-based crimes, creating opportunities for cybercriminals to evade
detection and punishment. It is imperative for all nations to recognize the necessity and
urgency of raising awareness about the pervasive threat posed by cybercrimes, which fuel
illicit activities in the online realm. Cyber criminality stands as one of the most potent global

97
threats of the new millennium, necessitating the adoption of a comprehensive global strategy
for prevention.

A comprehensive global evaluation of cyber laws reveals significant disparities

among national legislations established to address cybercrime. Activities considered criminal
in one country may not be so in another, creating loopholes for cyber offenders to exploit and
evade punishment. This variation underscores the urgent need for international cybercrime
legislation universally accepted and implemented across all nations. Additionally, the
establishment of an international policing agency dedicated to combating cyber offenses is
imperative. Addressing this challenge requires collaborative and concerted efforts from
nations worldwide, emphasizing the importance of mutual cooperation in combating cyber
criminality.
In a broader context, law enforcement agencies worldwide encounter four primary
challenges when addressing cybercrimes within a network environment. These challenges
include operational, legal, technical, and jurisdictional issues, which impede the detection and
prosecution of cybercriminals online.
Operational challenges arise due to insufficient cyber forensic technology for
addressing cybercrimes, hindering the collection and preservation of evidence against
accused individuals. Traditional methods of evidence procurement are ill-suited for
cybercrime investigations, as much of the evidence exists in electronic formats. Hence, there
is an urgent need to develop suitable computer forensic mechanisms to handle cybercrime
investigations effectively.
Regarding electronic evidence, it's noteworthy that despite the facilitation of e-
commerce by digital signatures, their widespread acceptance in India has been hindered by
technical complexities. Many individuals still perceive paper-based documents as more
reliable and trustworthy than their electronic counterparts due to the tangibility of physical
documents, which serve as robust evidence in legal proceedings. However, with the
expansion of e-commerce and the legal recognition of e-contracts in business dealings, there
is a gradual shift in people's attitudes towards embracing the new e-environment and
transitioning towards paperless electronic transactions.

98
 The legal challenge posed by cybercriminal activity has evolved into a global issue in
recent decades, transcending boundaries between developed and developing countries.
Conventional legal investigation techniques for cybercrimes often prove inadequate,
particularly in cases of cross-border offenses. Compounding this issue is the absence of a
universally accepted definition of cybercrime, leading to discrepancies in its classification
from one country to another. With only about 20 countries worldwide having enacted
comprehensive cyber laws, cybercriminals can operate with relative impunity due to the lack
of sufficient legal deterrents. Effectively managing cybercrimes necessitates a legal
framework that is universally applicable across all nations and adaptable to the rapid
advancements in information technology.
Addressing technical challenges, cybercrimes such as website hacking, data theft,
espionage, distribution of explicit material, and extortion involve tracing the source of
communication, a highly intricate task. Consequently, cybercriminals can easily operate
under false identities on the internet, concealing their true identities and activities.
The jurisdictional challenge hindering the effective management of cybercrime
investigations arises from the extensive interconnectivity of computer networks and
supporting infrastructure, including telecommunications and information dissemination on
websites. Jurisdiction in this context revolves around whether a court possesses the authority
to adjudicate, encompassing personal jurisdiction over the involved parties and territorial
jurisdiction over where the crime occurred or the parties reside. In cases of cross-border
cyber disputes or crimes, determining which country's laws apply to the case at hand often
presents a significant challenge.

6.2 SUGGESTIONS:

Given the expanding scope of computer-related crimes, there is an urgent need to implement
appropriate regulatory measures and strengthen law enforcement mechanisms to address
cybercrime decisively. Even a brief delay in investigation could provide cybercriminals with
ample time to delete crucial data and evade detection, resulting in significant losses for
internet users or victims. Additionally, the unique nature of cybercrimes, where offenders and
victims seldom come into direct contact, enables criminals to operate with sophistication and
impunity. This underscores the necessity for a comprehensive, multi-faceted approach
involving coordinated efforts from all law enforcement agencies to effectively address

99
cybercrime cases. A globally accepted regulatory framework for cybercrime may offer a
viable solution to prevent and mitigate cybercriminal activities.

Preventing cybercrime necessitates the cooperation and active involvement of citizens,

institutions, industries, and the government. Therefore, an effective strategy for preventing
cybercrime involves mobilizing community participation to combat this threat. This requires
the active engagement of all those who recognize the growing incidence of cybercrime as a
potential danger to society. Additionally, individuals vulnerable to cybercrimes must take
self-protection initiatives, including acquiring adequate knowledge and awareness about the
nature and severity of these crimes. The media plays a crucial role in this endeavor by
informing the public about the potential dangers and adverse effects of cybercrimes on
victims, society, and the nation, as well as promoting safety measures to combat this
sophisticated criminal activity.

Regulatory control through effective laws is indeed a crucial measure for preventing
cybercrimes. The implementation and enforcement of these laws by relevant authorities can
help reduce the incidence of such crimes, especially when supported by active community
involvement in exposing offenders. At the domestic level, several suggestions can contribute
to preventing and decreasing cybercrimes:

1. Appointments under the IT Act, 2000: Concerns have been raised regarding the
appointments process outlined in the IT Act, particularly regarding the retiring age of
the Cyber Regulations Appellate Tribunal (CRAT) Presiding Officer and procedural
delays in appointments. According to the IT Act, the presiding officer must be a
Judge of a High Court or a member of the Indian Legal Services with at least three
years of service in a Grade I post. However, the presiding officer's term is limited to
five years from their appointment or until they reach the age of 65, whichever comes
earlier. This presents a challenge as High Court Judges retire at 62, leaving them with
only three years to serve. Given the need for time to adapt to the complexities of
cyber laws, this limited tenure undermines the effectiveness of the tribunal.

2. The Information Technology (Amendment) Act of 2008 represents a significant

step forward in addressing the escalating problem of cybercrime amidst the rapid

10
0
advancement of technology. As cybercrime reaches alarming levels, there is a pressing need
for concerted efforts to develop a universal regulatory framework aimed at preventing and
controlling these offenses.

In the Indian context, fostering information consciousness among citizens is imperative.

While the Information Technology Act of 2000, as amended in 2008, has made notable
progress in extending legal coverage to nearly all online criminal activities and enhancing
public awareness, it remains imperfect. Originally enacted to promote e-commerce in
response to globalization and economic liberalization, the Act still contains gaps. It lacks
sufficient measures to ensure security in web transactions and to prevent securities fraud and
maintain stock confidentiality in internet trading, despite the Securities Exchange Board of
India (SEBI) recognizing internet trading of securities as legally valid.

3. Need for Modernization of Existing Laws and Enactment of New Laws: The
existing penal laws in many countries were established before the advent of
computers, necessitating their modernization to address computer-related offenses
such as hacking, data theft, and software theft. Additionally, new legislation is
required to safeguard data protection and privacy in the digital age.

4. Encouragement of Cyber Crime Victims to Lodge Complaints: In many

instances of cybercrime, victims are hesitant to report the incident. Cybercrime
expert Pawan Duggal highlights that out of every 500 incidents, only around 50 are
reported, and of these, only one gets registered. Therefore, it's crucial to encourage
cybercrime victims to step forward and file complaints against perpetrators of cyber
law violations. Recently, the Delhi Police took a pioneering step by launching a
24x7 helpline for cybercrime victims in January 2008, aiming to provide support
and assistance to those affected by cyber offenses.

5. False e-mail identify registration be treated as an offence: False registration of

email identities has become a common tactic among cybercriminals to conceal their
true identities and evade detection. By providing fictitious information during email

10
1
registration, criminals can manipulate investigations and mislead authorities. However, the
lack of provisions in the Information Technology Act to address this issue has allowed
individuals to establish false email identities, potentially facilitating cybercrime.

To address this gap, the Information Technology (Amendment) Act of 2008 introduced a new
Section 66A, which makes false email identity registration with a website an offense
punishable by up to two years of imprisonment. This amendment marks a significant step
forward in the prevention and control of cybercrimes, as it aims to deter individuals from
engaging in deceptive practices online and strengthens legal measures against cybercriminal
activities.

6. Use of Encryption Technology: The use of encryption technology is crucial for

ensuring the security of data and communications, particularly in government,
semi-government, and non-governmental commercial organizations that rely
heavily on computerization for information transmission and commercial
transactions. It should be mandatory for these organizations to appoint well-trained
Information Security Officers responsible for overall computer resource protection
and held accountable for any security lapses.

Encryption technology plays a vital role in safeguarding data and communications from
unauthorized access, disclosure, or alteration. It aids in preventing cybercrime by securing
valuable confidential information across interconnected computer networks. Law
enforcement agencies should actively promote and support the adoption of robust and
recoverable encryption services to protect personal and business data from misuse or theft by
malicious actors.

In addition to encryption, steganography is another technique used to enhance network

security by obscuring information to prevent detection. It involves concealing data in a
manner that is not easily noticeable to casual observers. Firewall devices are also essential
tools for detecting and preventing intrusions into databases. These software programs
monitor data flow between computers on a network and can be configured to alert users to
attempted intrusions, thereby enhancing overall network security.

10
2
 7. Use of voice-recogniser, filter software and collar-ID for Protection against
unauthorised access: Technology, while powerful, has also facilitated cybercrime.
Therefore, as an initial step to prevent its misuse, places where computers are
commonly used for everyday activities should be equipped with safety and security
devices to deter unauthorized access. For instance, modern voice recognition
systems that rely on unique voice patterns for activation can be effectively utilized.
Additionally, anomaly detection software can identify unusual patterns of computer
use, enabling users or organizations to respond and thwart attackers. Filter software
has also proven effective in protecting against known threats. Implementing Collar-
ID technology in telecommunications as a protective measure may further aid in
combating email crimes.

8. Special Cyber Crime Investigation Cell for Hi-Tech Crimes: In response to the
increasing prevalence of hi-tech crimes, a Cyber Crime Investigation Cell was
established under the Central Bureau of Investigation (CBI) in September 1999,
which began operating on March 31, 2000. Headed by a Superintendent of Police,
this cell has nationwide jurisdiction and is empowered to investigate offenses
specified in Chapter XI of the Information Technology Act, 2000, as well as other
hi-tech crimes. Presently, there are six Cyber Crime Investigation Cells operating in
India, located in Delhi, Mumbai, Chennai, Bangalore, Hyderabad, and Kolkata.
In addition to the establishment of the Special Cyber Crime Investigation Cell by the CBI,
there has been a growing demand for the creation of Cyber Crime Police Stations by state
governments. Karnataka was the first state to set up the country's inaugural Cyber Crime
Police Station on August 30, 2001, with jurisdiction covering the entire state. Subsequently,
Cyber Police Cells were established in metropolitan cities to handle cybercrimes. These units
are staffed by specially trained police officers and computer experts who conduct
investigations as needed. However, most states lack dedicated cybercrime units, resulting in
such cases being handled by general police departments.
It is recommended that each state establish at least one Special Cyber Crime Police Station
equipped with electronic technology and staffed with trained personnel to efficiently and
expeditiously investigate cybercrimes. These specialized units should have the authority to
conduct searches of publicly accessible data or data stored in private systems, computer
equipment, disks, etc., with prior permission from

10
3
the relevant magistrate. Additionally, online platforms should be provided for lodging
complaints related to cybercrimes, facilitating prompt investigations.

*****

10
4
BIBLIOGRAPHY

105
 BIBLIOGRAPHY
BOOKS REFERRED
 Albert J. Marcellai & Roberts S. Greenfield: "Cyber-Forensics: A Field Manual for
Collecting, Examining, and Processing Evidence of Computer Crimes" (Aurebuch
Publications London, 2002)

 Amita Verma: "Cyber Crimes and Law" (Central Law Publications, 2009)

 Apar Gupta: Commentary on Information Technology Act (Wadhawa Nagpur, 2007)

 Ashish Pandey: "Cyber-Crime-Deviation and Prevention" (J.B.A. Publications, 2006)

 Asian School of Cyber Laws: "Fundamentals of Cyber Law" (ASCL, Pune, 2005)

 Atul Jain: "Cyber Crime-Issues, Threat, and Management" (Chawla Offset Press,
Delhi, 2005)

 Austiln: Jurisprudence, Lecture XXVII

 B.B. Nanda and R.K. Tiwari: "Forensic Science in India: A Vision for the 21st
Century" (Select Publishers Delhi, 2001)

 B.M. Gandhi, "Indian Penal Code," 2nd edition

 Bimal Raut: "Judicial Jurisdiction in the Transnational Cyberspace" (New Era Law
Publication, Delhi, 2004)

 Blackstone: Commentaries on the Law of England, vol.

 Brian Loader and Douglas Thomas: "Cyber-Crime Law Enforcement, Security &
Surveillance in the Information Age" (Routledge, 2000)

 Buckland John A (Ed.): "Combating Computer Crime, Forensic Science Computers

and Internet" (Academic Pub. London, 2000)

 C. Gringras: "The Laws of the Internet"

 Chopra Deepti & Merril Keith: "Cyber Cops, Cyber Criminal & Internet" (I.K.
International Pvt. Ltd. Delhi, 2002)

 Chris Reed (Ed.), "Computer Law" (3rd Edn. Oxford (Cambridge) University Press,
2003)

 D. Bainbridge: "Introduction to Computer Law," 4th Ed. (2000)

 D. S. Yadav: "Foundation of Information Technology," 3rd Ed. (New Age

International Pub. Ltd., 2007)

106
 Das J.K.: "Intellectual Property Rights" (Kamal Law House, Kolkata, 2008)

 Dewang Mehta: "Role of Police in Tackling Internet Crime" (Universal Publications,

2003)

 Dorothy E. Denning: "Information Warfare and Security" (New York, AMC Press,
1999)

 Douglas E.C. & Ralph V.D.: "Computer Networks and Internets," 4th Edition
(Prentice Hall, 2006)

 Eoghan Casey: "Digital Evidence & Computer Crime: Forensic Science, Computers
& the Internet" (Academic Press, USA, 2000)

 F. Lawrence Street, Mark P. Grant: "Law of the Internet" (LexixNexis, 2004)

 Farooq Ahmad: "Cyber Law in India: Law on Internet," 2nd Edition (Pioneer Book
Publication, Delhi, 2005)

 Ferguson N. and Schneir: "Practical Cryptography" (John Wiley & Sons New York,
2003)

 Funk & Wagnalls: "Standard Handbook"

 G.B. Roderic and N.G. Peter: "Cyber Crime: The Challenges in Asia" (Hong Kong
University Press, 2005)

 Gringrass Clive: "The Laws of Internet" (Butterworth London, 1997)

 Gupta and Aggrawal: "Cyber Laws," 1st edition, 2008 (Premier Publishing Co.)

 H.L.A Hart: "The Concept of Law"

 Halsbury’s Laws of England, 3rd Edition, Vol. 10, p. 271; Biswas: Encyclopaedic
Dictionary, 1979

 Ian J Loyd: "Information Technology Law," 3rd Edition (Butterworths, London,

2000)

 Ian Walden: "Computer Crimes & Digital Investigation" (Oxford University Press,
London, 2007)

 James R. Richards: "Transnational Criminal Organizations, Cyber-Crime & Money

Laundering" (CRC Press, New York, 1999)

 Jonathan Rosonoer: "Cyber Law, The Law of the Internet" (Butterworth London,
1999)

 Jyoti Trehan: "Crime and Money Laundering: The Indian Perspective" (Oxford
University Press London, 2004)

107
 K.D. Gaur: "Criminal Law and Criminology," 2002

 K.S. Rosenblatt: "High Technology Crime: Investigating Cases Involving Computers"

(KSK Publications San Jose CA, 1995)

 Kamal Ahmad: "The Law of Cyber-Space" (U.N. Institute of Training & Research,
2006)

JOURNALS AND PERIODICALS

 All India Reporter

 Criminal Law Journals
 Indian Bar Review
 Banaras Law Journal
 Legal News and Views
 Nyaya Deep
 Manthan Magzene
 Political Law Times
 Vidhik Sahayata Patrika, Uttaranchal

NEWSPAPERS

 The Hindu
 The Hindustan Times
 The Times of India
 Dainik Jagran, Hindi Daily
 Amar Ujala, Hindi Daily

108