Saturday, June 23, 2012

Evolution of Indian Cyber Law from 2000 to 2012

The below article is written by Monica Mishra.
Introduction :-  
  “The internet interprets the US congress  as  system damage and route around it”                                                                                          Jeanne DeVoto.[1]    

hand cuff arrested keyboard computer amendment of it act 2000, e-mail laws, indian evidence act, information technology, it act 2008, monica mishra legal awareness, offences, The Evolution of Indian Cyber Law from 2000 to 2012 Computer crime, or cybercrime, refers to any crime that involves a computer and network.[2] The computer may have been used in the commission of a crime, or it may be the target.[3] Net crime refers to criminal exploitation of the Internet.[4] Cybercrimes are
defined as :- "Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm to the victim directly or indirectly, using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS)"[5]. Such crimes may threaten a nation’s security and financial health. Issues surrounding this type of crime have become high-profile, particularly those surrounding cracking, copyright infringement, child pornography, and child grooming. There are  problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.   (Image taken from here.)

                  In simple way we can say that cyber crime is unlawful acts wherein the computer is either a tool or a target or both .Cyber crimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code. The abuse of computers has also given birth to a gamut of new age crimes that are addressed by the Information Technology Act, 2000.

      Cyber crimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code. The abuse of computers has also given birth to a gamut of new age crimes that are addressed by the Information Technology Act, 2000.
   We can categorized cyber crimes in two ways they are :-
1. The Computer as a Target :- using a computer to attack other computers.
e.g.  Hacking, Virus/Worm attacks, DOS[6] attack etc.
2.The computer as a weapon :- using a computer to commit real world crimes.
e.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography etc.
Cyber Crime regulated by Cyber Laws or Internet Laws.

 Part I
(a)                  Evolution of cyber law :-  
Rohas  Nagpal is the founder President of Asian School of Cyber Laws[7]. he advises Governments and corporate around the world in cyber crime investigation and cyber law related issues. He has assisted the Government of India in drafting rules and regulations under the Information Technology Act, 2000.
 The first recorded cyber crime took place in the year 1820! That is not surprising considering the fact that the abacus, which is thought to be the earliest form of a computer, has been around since
3500 B.C. in India, Japan and China. The era of modern computers, however, began with the analytical engine of Charles Babbage. In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear amongst Jacquard's employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of the new technology. This is the first recorded cyber crime! Today, computers have come a long way with neural networks and nanocomputing promising to turn every atom in a glass of water into a computer capable of performing a billion operations per second. In a day and age when everything from microwave ovens and refrigerators to nuclear power plants are being run on computers, cyber crime has assumed rather sinister implications. Cyber crime can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief. The abuse of computers has also given birth to a gamut of new age crimes such as hacking, web defacement, cyber stalking, web caking etc.
A simple yet powerful definition of cyber crime would be either a tool of “unlawful acts wherein the computer is either a tool or target or both”.  The term computer used in this definition does not only mean the conventional desktop or laptop computer. It includes Personal Digital Assistants (PDA), cell phones, sophisticated watches, cars and a host of gadgets.
(b)                  Technical Aspects
Technological advancements have created new possibilities for criminal activity, in particular the criminal misuse of information technologies such as :-

Ø  Unauthorized access & Hacking:-
Access means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network.Unauthorized access would therefore mean any kind of access without the permission of either the rightful owner or the person in charge of a computer, computer system or computer network.

b. Trojan Attack:-
Internet Trojan Horse attack coming out of computer ipad
Internet Trojan Horse
The program that act like something useful but do the things that are quiet damping. The programs of this kind are called as Trojans. The name Trojan Horse is popular .Trojans come in two parts, a Client part and a Server part. When the victim (unknowingly) runs the server on its machine, the attacker will then use the Client to connect to the Server and start using the trojan.TCP/IP protocol is the usual protocol type used for communications, but some functions of the trojans use the UDP protocol as well. (Image taken from here.)

c. Virus and Worm attack:-
A program that has capability to infect other programs and make copies of itself and spread into other programs is called virus. programs that multiply like viruses but spread from computer to computer are called as worms.

d. E-mail & IRC related crimes:-
1. Email spoofing
Email spoofing refers to email that appears to have been originated from one source when it was actually sent from another source.

2. Email Spamming
Email "spamming" refers to sending email to thousands and thousands of users - similar to a chain letter. (Image taken from here.)

3. Sending malicious codes through email
E-mails are used to send viruses, Trojans etc through emails as an attachment or by sending a link of website which on visiting downloads malicious code.

4. Email bombing
E-mail "bombing" is characterized by abusers repeatedly sending an identical email message to a particular address.
5. Sending threatening emails
6. Defamatory emails
7. Email frauds
8. IRC related.  Three main ways to attack IRC are: a."verbalâ⦣8218;?Ŧ#8220; .attacks, b.clone attacks, and c.flood attacks.
(c)  Cyber law India[8]  :-  INDIA PASSES ITS FIRST CYBERLAW WITH  DRACONIAN POWERS  by , SHRI PAVAN DUGGAL, CYBERLAW CONSULTANT, PRESIDENT, CYBERLAWS.NET member, MAC, ICANN[9].  Before the ICANN , The government of united states controlled the domain name system of internet [10]. The original mandate ICANN came from the united state government, spanning the presidential administration of both Bill CLINTON and and George W. Bush. On January 30, 1998 The national telecommunication and information administration (NTIA), an agency of the U.S.  department of commerce , issued for comment ,” A Proposal to Improve the Technical Management of Internet Names and Addresses." The proposed rule making, or "Green Paper", was published in the Federal Register on February 20, 1998, providing opportunity for public comment NTIA received more than 650 comments as of March 23, 1998, when the comment period closed. The Green Paper proposed certain actions designed to privatize the management of Internet names and addresses in a manner that allows for the development of robust competition and facilitates global participation in Internet management. The Green Paper proposed for discussion a variety of issues relating to DNS[11] management including private sector creation of a new not-for-profit corporation (the "new corporation") managed by a globally and functionally representative Board of Directors ICANN was formed in response to this policy The IANA[12] function currently exists under an agreement with the U.S. Department of Commerce ICANN was incorporated in California on September 30,1998.[13]

The Parliament of India has passed its first Cyber law, the Information Technology Act, 2000 which not only provides the legal infrastructure for  E-commerce in India but also at the same time, gives draconian powers to the Police to enter and search, without any warrant , any public place  for  the  purpose  of nabbing cyber criminals and preventing cyber crime.                                          
The good features of the said IT Act are that  it  legally recognizes email as  a valid form of  communication in India.  Also acceptance in a electronic  form  of any offer, culminating into an electronic contract ,has also been declared legal and enforceable. The new act has recognized digital  signature for the first time in Indian law . The said new law has also granted a hierarchy of infrastructure consisting of a Controller for   certifying authorities, Adjudicating Officers and Cyber Appellate  TribunalThe  most  distressing part of the new IT Act 2000 is its absolute trampling  of cyber liberties and freedom. A police officer of the rank a Deputy superintendent of Police has  been  granted  unheard of powers in Cyber law  history to do almost anything for the purpose of nabbing a cyber criminal. The said unrestricted power given to police officer is in the form of an absolute discretion given to the police officer to enter and search any  public place and arrest any person without  warrant  who is  "reasonably suspected" of having committed or of committing a cyber crime  or if he is  about  to commit a cyber crime. The discretion of the police officer further extends to defining as to who is going to be "reasonably suspected"  of a  cybercrime.  Also, the  Indian Cyber law talks of the arrest of any person who is about to commit a cyber crime. It is indeed alien to Cyber law jurisprudence as to how any police officer is going to decide as to whether a person is about to commit  a cybercrime.  Also, the  requirements of cyberspace are very different from the actual world. Most of the times, it is difficult to  decide  till  the  last  moment  as  to  whether  any  cybercrime  is   about   to   be committed. To top it all, the IT Act,  2000  gives immunity to the  Central Government  and   its officials including police  from any suit, prosecution and other legal proceedings for any act done in good faith in pursuance of the provisions of  the Act. Effectively , this rules out any remedy for  any  person who is made a target of abuse and misuse of discretion by the police.

                                                               Part II
Ø     Aims to provide the Legal infrastructure for e-commerce in India.
Ø     India’s codified cyber Law is the Information technology Act,2000 (act 21 of 2000)
Ø     Based on INCITRAL model Law on electric commerce , 1996.
Ø     IT act is divide into 13 chapter and has 94 sections.
Ø     Administration to IPC , Indian evidence Act, bankers evidence Act and RBI act have    been effected.
Ø     Legal recognition of Electronic Document.
Ø     Legal Recognition of Electronic Commerce transition.
Ø     Legal acceptance of digital signatures.
Ø     Punishment for cyber obscenity and crimes.
Ø     Establishment of Cyber regulation advisory committee and the cyber regulations  appellate tribunals.
Ø     Facilitation of electronic filing maintenance of electronic records.
Ø     To provide for Legal recognition for transaction.
Ø     Carried out by electronic data interchange and,
Ø     Other means of electronic communication commonly referred to as ” electronic commerce”, involving the use of alternatives to paper- based methods of communication and storage of information,
Ø     To facilitate electronic filing of documents with the government agencies.
Ø     To amend the Indian Penal Code, the Indian evidence act ,1872, the banker’s book evidence act ,1981 and the Reserve bank of India act,1934.
Ø     Aims to provide for the Legal framework so the legal sanctity is accorded  to all electronic records and other activities carried by electronic means.  

·  Tampering with computer source documents.
·  Hacking with computer system.
·  Publishing of information which is obscene in electronic form.
·  Not to obey the direction  of controller.
·  Directions of controller to a subscriber extend facilitate to decrypt information.
·  Intrusion into protected instrument.
·  Penal action for misrepresentation.
·  Breach of confidentiality and privacy.
·  Publishing digital signature certificate false in certain particular etc.
·  Act to apply for offence or contravention  committed outside India and
·  Confiscation.   
Legality of Email
·  E-mail will now be a valid and legal form of communication in our country.
·  Can be duly produced and proved in a court of law.
India’s strategy for prevention of computer crimes
·  Stipulating the offence which would constitute computer crimes.
·  Identification of domestic criminal law for possible amendment to meet the requirements of prevention of computer related crimes.
·  Improving international collaboration.
·  Effective prosecution under the existing criminal law.
·  Adaption and classification of OECD [14](organization of economic cooperation and development) guidelines.
·    Development of security guidelines and manuals for implementation of such guidelines.
Crimes prevention under the IT Act
·  Chapter IX provides for penalties and adjudication
·  Chapter XI provides for offence.
The object of IT Act is to protect
·   All electronic system for intrusion ;
·  Privacy of certain messages;
·  Protect the computer system for unauthorized access.
The object of IT Act is to ensure:
·  Compliance  to the provision of the act;
·  Non -publishing of obscene information;
·  Assistance in the decrypting information in the interest of state and crime control.
The act also aims at preventing misrepresentation , falsity and fraud and provides for penalty.
ü     IT ACT 2000 – overall prescriptive
  The IT Act 2000 is a first step take by the government of India towards promoting the     growth of e- commerce it is the  first historical step.[15] 


Cyber Appellate Tribunal

Ø  The name of Cyber Regulations Appellate Tribunal has been changed to Cyber Appellate Tribunal.
Ø  Cyber Appellate Tribunal has been made a multi-member entity. This will provide for more expertise for the Tribunal.

Electronic Signature

Ø  Section 2(ta) introduces the term ‘electronic signature’. Now ‘digital signature’ has been made a subset of ‘electronic signature’. In the definition of ‘electronic signature’ it has been given that it includes ‘digital signature’.
Ø  Section 3A has been introduced for electronic signature which says that a subscriber may authenticate electronic records by electronic signature. The authentication was earlier possible only by digital signature.
Ø  Section 2(tb) has been introduced to define the term ‘electronic signature certificate’. Now ‘digital signature certificate’ has been made a subset of ‘electronic signature certificate’.


Ø  Definition of ‘intermediary’ has been modified. As per the amendments in various sections now intermediaries are made more responsible and liable towards their acts. New Section 67C asks intermediaries to preserve and retain certain records for a stated period. New Section 69B is also quite stringent to intermediaries.

For e-governance

·    Section 6A introduced to provide for appointment of Service Providers by appropriate government for e-governance services.
·         Section 7A makes audit of electronic documents mandatory wherever physical documents, records required audit. This provision will put considerable work load on the government

For National Security Purpose

·         Section 69A has been introduced to enable blocking of websites by the central government.
·         Section 69B provides powers to central government to collect traffic data from any computer resource. It could be either in transit or in storage. This move by the government was necessary for national security purpose but it may lead to abuse of power by government.
Logo of Cyber Crime Investigation Cell, Information Technology Act offences
Logo of Cyber Crime Investigation Cell


·         new sections have been introduced to cover new offences.

Section 66A – Sending offensive messages

Section 66B – Receiving a stolen computer resource

Section 66C – Identity theft

Section 66D – Cheating by personation

Section 66E – Violation of privacy, video voyeurism
Section 66F – Cyber Terrorism (Life Sentence)

·         New Sections introduced -

Section 67A – To cover material containing ‘sexually explicit act’

Section 67B – To cover child pornography
Section 67C – To make intermediaries preserve and retain certain records for a stated period. (Imprisonment 3 years and fine.)

Other Important Amendments

·         Section 1(4) in the Information Technology Act, 2000 contained a list of documents which were excluded from the applicability of the act. The list has now been moved to Schedule 1 of the ITA 2008. This move can be considered as a procedural simplification made by the amendment. A notification will be required to make additions or deletions to this list. Every notification issued in this regard shall be laid before each House of Parliament.
·         Some more new definitions added – ‘communication device’, ‘cyber café’, ‘cyber security’.
·         Compensation limit has been removed from Section 43.
·         Section 43A introduced to make body corporate liable to pay damages by way of compensation for failure to protect sensitive personal data or information. No limit has been set for compensation.
·         Changes in Section 46 have brought Civil Court below the High Court into the cyber related disputes for the first time. The powers of the Adjudicator has been limited for claims upto Rs 5 crores. For claims above Rs 5 crores Civil Court’s authority has been introduced.
·         In Section 66 ‘dishonesty’ and ‘fraudulent’ intention has been made necessary.
·         Section 72A has been introduced for data protection purpose. It provides for punishment for disclosure of information in breach of lawful contract. Imprisonment of 3 years or fine upto Rs 5 lakhs or both for cases relating to data breach has been provided.
·         Section 77A introduced to provide for compounding of offences with punishment upto 3 years.
·         The powers under Section 80 were earlier available to DSP is now available to Inspectors.
·         Section 81 has been amended to keep the primacy of Copyright and Patent Acts above ITA 2000.
·         New Section 84C introduced to make ‘an attempt to commit an offence’ punishable. The punishment will be half of the punishment meant for the offence.
·         State Governments will be exercising far more powers under the ITAA 2008 than what was envisaged under ITA 2000.

The above article is written by Monica Mishra.

Monica is pursuing her B.L.S/LL.B Degree from Government Law College, (Churchgate). She has great interest in Legal writing .Besides Legal Writing she also writes Poems on different subjects. She wants to be an I.A.S officer . She is ever ready to provide people in need with legal aid. She is also the founder of her own blog Legal Awareness.

[1] Source apparently Jeanne de voto.
[2] Moore ,R.(2005) cybercrime: Investigating high- technology computer crime ,”cleveland , mississippi : anderson publishing.
[3] Warren. G. kruse , jay G.heiser (2002). Computer forensics : incident response essentials. Addison –wesley .P.392. 
[4] David mann and mike Sutton (2011-11-06) Retrieved   2011-11-10.
[5] Halder ,D, & jaishankar ,k.(2011) cyber crime and the victimization of women :laws, rights, and regulation.  
[6]  Distributed  denial of service.
[7] Evolution of cyber crimes. “ROHAS NAGPAL” Asian school of cyber law
[9] ICANN “internet corporation for assigned names and numbers”
[10] Brito jerry , ” ICNN vs the world .” time march 5,2011, retrieved on march 6,2011  
[11] Domain name system.
[12] Internet Assigned authority.
[13] California secretary of state internet corporation assigned names and numbers accessed 2009.09.18.
[14] OECD (organization of economic corporation and development)
[15] Information courtesy kerala police.


  1. Thank you for your posting.. It helped me studying for my exams :D
    But it definitely is a knowledgeable post indeed.. Thanks a lot..

  2. Thanks for all the useful information I found on your site. I will bookmark and visit again. Your site was most helpful in my research….