Crimes in Cyberspace: Right to

Privacy and Other Issues

August 7, 2014 by admin Leave a Comment

By Mohak Rana NMIMS, School of Law, Mumbai

Editors Note: The present era is marked by two things: heavy

reliance on technology and virtual space. But behind the interfusion
of these two there exists a world of potent threat and risks. These
threats and risks are very much latent in nature and mostly the one
committing it or the one upon whom it is committed are extremely
difficult to be identified. For instance in crimes like cyber phishing,
where a user shares his credentials to a disguised trustworthy site
but subsequently becomes a victim of fraud. The pace with which
such crimes are evolving is very striving yet a country like India
lacks far behind when it comes to laws and rules regulating cyber
world. Much to our surprise there is no definition of cyber crimes in
India. Although we have come up with IT Act, 2000 and the
subsequent amendment to it in 2008 yet we are not able to cover
the complete ambit of cyber crimes. Like a very crucial issue of right
to privacy. It has almost no relevance when the cyber crimes in India
are investigated. This only shows the imbalance between age old
procedure adopted in India and the advancement which Indian
society has made. However liability can also be found under criminal
and tort law which has maintained their coordination with the
procedural part.

INTRODUCTION
When a man is denied the right to live the life he believes in, he
has no choice but to become an outlaw.

Nelson Mandela

What does crime mean?

Crime, in modern times this term doesnt have any universally

accepted definition, but one can define crime, also called an offence
as an act harmful not only to some individual, but also to the
community or the state also known as public wrong. Such acts are
forbidden and punishable by law. What is a criminal offence is
defined by criminal law of each country. While many countries have
a crime catalogue known as the criminal code however in some
common law countries no such comprehensive statute exists.
The state has the power to severely restrict ones liberty for
committing a crime. Modern societies therefore adopt and adhere a
criminal procedure during the investigation and trial of the offence
and only if found guilty, the offender may be sentenced to various
punishments, such as life imprisonment or in some jurisdictions like
in India even death.

To be classified as a crime, the act of doing something bad also

called as actus reus must be usually accompanied by the intention
to do something bad i.e. mens rea, with certain exceptions like strict
liability.

What is cyber crime?

Cyber crime is any criminal activity in which a computer or network

is the source, target or tool or place of crime. According to The
Cambridge English Dictionary cyber crimes are the crimes
committed with the use of computers or relating to computers,
especially through the internet. Crimes which involve use of
information or usage of electronic means in furtherance of crime are
covered under the ambit of cyber crime. Cyber space crimes may be
committed against persons, property, government and society at
large.

The common types of cyber crimes are:-

1. Hacking An unauthorized user who attempts to or gains

access to an information system is known as hacker. Hacking
is a cyber crime even if there is no visible damage to the
system, because it is an invasion in to the privacy of data.

There are 3 different classes of Hackers.

a) White Hat Hackers They are those hackers who believe that
information sharing is good, and that it is their duty to share their
expertise by facilitating access to information. However there are
some white hat hackers who are just joy riding on computer
systems.

b) Black Hat Hackers Black hat hackers cause damage after

intrusion. They may steal or modify data or insert viruses or worms
which damage the system. They are also known as crackers.

c) Grey Hat Hackers These type of hackers are typically ethical

but occasionally they can violate the hacker ethics. They will hack
into networks, stand-alone computers and software. Network
hackers try to gain unauthorized access to private computer
networks just for challenge, curiosity, and distribution of
information.
2. Cyber Stalking Cyber stalking involves use of internet to harass
someone. The behavior includes false accusations, threats etc.
Normally, majority of cyber stalkers are men and the majority of
victims are women.

3. Spamming Spamming is sending of unsolicited bulk and

commercial messages over the internet. Although irritating to most
email users, it is not illegal unless it causes damage such as
overloading network and disrupting service to subscribers or creates
negative impact on consumer attitudes towards Internet Service
Provider.

4. Cyber Pornography With the increasing approach of internet

to the people, there is also a increase in the victimization of Women
and children for sexual exploitation through internet. Pedophiles (a
person 16 years of age or older who is primarily or exclusively
sexually attracted to children who have not begun puberty) use the
internet to send photos of illegal child pornography to targeted
children so as to attract children to such funs and later they are
sexually exploited for gains.

5. Cyber Phishing It is a criminally fraudulent process in which

cyber criminal acquires sensitive information such as username,
passwords and credit card details by disguising as a trustworthy
entity in an electronic communication.

6. Software Piracy It is an illegal reproduction and distribution of

software for business or personal use. This is considered to be a
type of infringement of copy right and a violation of a license
agreement. Since the unauthorized user is not a party to the license
agreement it is difficult to find out remedies. There are numerous
cases of software piracy. Infact according to one report New Delhis
Nehru market is the Asias largest market where one can easily find
pirated software.

7. Corporate Espionage It means theft of trade secrets through

illegal means such as wire taps or illegal intrusions.

8. Money Laundering Money laundering basically means the

moving of illegally acquired cash through financial and other
systems so that it appears to be legally acquired. This is possible
prior to computer and internet technology and now times electronic
transfers have made it easier and more successful.

9. Embezzlement - Internet facilities are misused to commit this

crime. It is the unlawful misappropriation of money, property or any
other thing of value that has been entrusted to the offenders care,
custody or control.
10. Password Sniffers These are programs that monitor and
record the name and password of network users as they log in,
jeopardizing security at a site. Whoever installs the sniffer can
impersonate an authorized user and log in to access on restricted
documents.

11. Spoofing Spoofing is the act of disguising one computer to

electronically look like another compute, in order to gain access to
a system that would be normally is restricted.

12. Credit Card Fraud In U.S.A. half a billion dollars have been
lost annually by consumers who have credit cards and calling card
numbers. These are stolen from on-line databases. In present world
this cyber crime is emerged as a major threat as numerous cases
had been filed in almost every major developed and developing
country.

13. Web Jacking The term refers to forceful taking of control of a

web site by cracking the password.

14. Cyber terrorism The use of computer resources to intimidate

or coerce government, the civilian population or any segment
thereof in furtherance of political or social objectives is called cyber
terrorism. Individuals and groups quite often try to exploit
anonymous character of the internet to threaten governments and
terrorize the citizens of the country. [1]

EVOLUTION & PRESENT DEVELOPMENT

Cyber bullies can hide behind a mask of anonymity online, and do
not need direct physical access to their victims to do unimaginable
harm. -Anna Maria Chavez

Crime is both a social as well as a economic phenomenon. Its history

is as old as human society. Many books right from the pre-historic
days, and mythological stories have spoken about crimes committed
by individuals be it against another individual like ordinary theft and
burglary or against the nation like spying, treason etc. Kautilyas
Arthashastra which is written around 350 BC, considered to be an
authentic administrative treatise in India, discusses the various
crimes, security initiatives to be taken by the rulers, possible crimes
in a state etc. and also advocates punishment for the list of some
stipulated offences. Different kinds of punishments have been
prescribed for listed offences and the concept of restoration of loss
to the victims has also been discussed in it.

Crime in any form adversely affects all the members of the society.
In developing economies, cyber crime has increased at rapid strides,
due to the rapid diffusion of the Internet and the digitization of
economic activities. Thanks to the huge penetration of technology in
almost all walks of society right from corporate governance and
state administration, up to the lowest level of petty shop keepers
computerizing their billing system, we find computers and other
electronic devices pervading the human life. The penetration is so
deep that man cannot spend a day without computers or a mobile.
Snatching some ones mobile will tantamount to dumping one in
solitary confinement!

Internet is the fastest technique on earth that one can find these
days and for everything it is the best solution that people consider
looking into. It has all the benefits and advantages like
communication, advertisement, online movie and songs downloads,
emailing, instant messaging and searching out the concerns and
issues there are plenty of things that internet has got wrong as well.
There are different kinds of internet scams and frauds that are
happening and one needs to be very careful. This is something that
has been bothering individuals and organizations ever since internet
was introduced and many a time, simple things could make you a
victim even when you are unaware of it.

It is rightly said that technological development in every area is

likely to cause drastic effects in every walk of life. The scientific and
technological advancement, especially in the field of communication
and information have created havoc thus, opening new vistas for
the human beings including the criminals. Todays crime reports
reveal that many cyber crimes are committed by assistance of
internet and cell phones. On the other hand, legislatures have been
compelled to frame exclusive enactments to deal with crimes
committed with the help of concerned device. If one is to believe
newspaper reports, many scandals such as C.D. rackets were busted
by the police. It is other side of revolution in the field of information
and technology. Under the Information Technology Act, 2000, there
is a apparatus defined as computer which means Any electronic
magnetic, optical or other high speed data processing device or
system which performs logical arithmetical and memory functions
by manipulations of electronic magnetic or optical impulses and all
input, output, processing storage, computer software, or
communication facilities which are connected and related to the
computer in a computer system or computer network. [2]

Development of Cyber Crime:-

Cyber Crime is neither defined in the IT Act 2000 nor in the I.T.
Amendment Act 2008 nor in any other legislation in India. To define
cyber crime, we can say, it is just a combination of crime and
computer. To put it in simple terms any offence or crime in which a
computer is used is a cyber crime. Interestingly even a petty
offence like stealing or pick-pocket can be brought within the
broader purview of cyber crime if the basic data or aid to such an
offence is a computer or information stored in a computer used (or
misused) by the fraudster. It could be hackers vandalizing ones site,
viewing confidential information or stealing trade secrets or
intellectual property with the use of internet. It can also include
denial of services and viruses attacks preventing regular traffic
from reaching your site.

Cyber crimes also includes criminal activities done with the use of
computers which further perpetuates crimes i.e. financial crimes,
sale of illegal articles, pornography, online gambling, intellectual
property crime, e-mail, spoofing, forgery, cyber defamation, cyber
stalking, unauthorized access to Computer system, theft of
information contained in the electronic form, e-mail bombing,
physically damaging the computer system etc. In a cyber crime,
computer or the data itself is the target or the object of offence or a
tool in committing some other offence, providing the necessary
inputs for that offence. All such acts of crime will come under the
broader definition of cyber crime.

In the past, cybercrime has been committed by individuals or small

groups of individuals. However, we are now seeing an emerging
trend with traditional organized crime syndicates and criminally
minded technology professionals working together and pooling their
resources and expertise.

This approach has been very effective for the criminals involved. In
2007 and 2008 the cost of cybercrime worldwide was estimated at
approximately USD 8 billion. As for corporate cyber espionage,
cyber criminals have stolen intellectual property from businesses
worldwide worth up to USD 1 trillion.

Categories of Cyber Crimes

Cyber crimes can be classified into following different categories:

i) Crimes Against Persons:

Harassment via E-Mails: Harassment through sending letters,

attachments of files & folders i.e. via e-mails. At present
harassment is common as usage of social sites i.e. Orkut,
hangout, zapak, Facebook, Twitter etc. increasing day by day.

Cracking: It is amongst the gravest cyber crimes known till

date. In this a cyber criminal broke into your computer
systems without your knowledge and consent and Tampere
with your precious confidential data and information.
 Cyber-Stalking: It means expressed or implied a physical
threat that creates fear through the use to computer
technology such as internet, e-mail, phones, text messages,
webcam, websites or videos.

Hacking: It means unauthorized control/access over computer

system and act of hacking completely destroys the whole data
as well as computer program. Hackers usually hacks
telecommunication and mobile network.

Dissemination of Obscene Material: It includes Indecent

exposure/ Pornography (basically child pornography), hosting
of web site containing these prohibited materials. These
obscene matters may cause harm to the mind of the
adolescent and tend to deprave or corrupt their mind. This can
create a huge blunder in the society.

SMS Spoofing: Spoofing is a blocking through spam which

means the unwanted uninvited messages. Here a offender
steals identity of another in the form of mobile phone number
and sending SMS via internet and receiver gets the SMS from
the mobile phone number of the victim.

Assault by Threat: it refers to threatening a person with fear

for their lives or lives of their families through the use of a
computer network i.e. E-mail, videos or phones.

Page jacking: when a user, click on a certain link and an

unexpected website gets opened through that link then the
ser is said to be pagejacked. This happens when someone
steals part of a real website and uses it in a fake site. If they
use enough of the real site, Internet search engines can be
tricked into listing the fake site and people will visit it
accidentally. Unfortunately one cannot prevent page jacking
but only can deal with it.

Advance fee scams: An advance fee scam is fairly easy to

identify as you will be asked for money or goods upfront in
return for giving you credit or money later. These advance fee
scams can seem convincing and have taken in many people.

Defamation: It is an act of imputing any person with intent to

lower down the dignity of the person by hacking his mail
account and sending some mails with using vulgar language
to unknown persons mail account.

E-Mail Spoofing: A spoofed e-mail may be said to be one,

which misrepresents its origin. It shows its origin to be
different from which actually it originates.
 Child Pornography: It involves the use of computer networks to
create, distribute, or access materials that sexually exploit
underage children.

Carding: It means false ATM cards i.e. Debit and Credit cards
used by criminals for their monetary benefits through
withdrawing money from the victims bank account mala-
fidely. There is always unauthorized use of ATM cards in this
type of cyber crimes.

Cheating & Fraud: It means the person who is doing the act of
cyber crime i.e. stealing password and data storage has done
it with having guilty mind which leads to fraud and cheating.

ii) Crimes Against Persons Property:

As a result of rapid growth in the international trade where

businesses and consumers are increasingly using computers to
create, transmit and to store information in the electronic form
instead of traditional paper documents there are some of the
offences which affect persons property:

Intellectual Property Crimes: Any unlawful act by which the

owner is deprived completely or partially of his rights is an
offence. The common form of IPR violation may be said to be
software piracy, infringement of copyright, trademark,
patents, designs and service mark violation, theft of computer
source code, etc.

Cybersquatting: It means where two persons claim for the

same Domain Name either by claiming that they had
registered the name first on by right of using it before the
other or using something similar to that previously. For
example two similar names i.e.
www.yahoo.comand www.yaahoo.com.

Cyber Vandalism: Vandalism means deliberately destroying or

damaging property of another. Hence cyber vandalism means
destroying or damaging the data when a network service is
stopped or disrupted. It may include within its purview any
kind of physical harm done to the computer of any person.
These acts may take the form of the theft of a computer,
some part of a computer or a peripheral attached to the
computer.

Hacking Computer System: Due to the hacking activity there

will be loss of data as well as computer. Also research
especially indicates that those attacks were not mainly
 intended for financial gain too and to diminish the reputation
of particular person or company.

Transmitting Virus: Viruses are programs that attach

themselves to a computer or a file and then circulate
themselves to other files and to other computers on a
network. They usually affect the data on a computer, either by
altering or deleting it. Worm attacks plays major role in
affecting the computerize system of the individuals.

Cyber Trespass: It means to access someones computer

without the right authorization of the owner and does not
disturb, alter, misuse, or damage data or system by using
wireless internet connection.

Internet Time Thefts: Basically, Internet time theft comes

under hacking. It is the use by an unauthorized person, of the
Internet hours paid for by another person. The person who
gets access to someone elses IP user ID and password, either
by hacking or by gaining access to it by illegal means, uses it
to access the Internet without the other persons knowledge.
You can identify time theft if your Internet time has to be
recharged often, despite infrequent usage.

iii) Cyber Crimes Against Government:

There are certain offences done by group of persons intending to

threaten the international governments by using internet facilities:

Cyber Terrorism: Cyber terrorism is a major burning issue in

the domestic as well as global concern. The common form of
these terrorist attacks on the Internet is by distributed denial
of service attacks, hate websites and hate e-mails, attacks on
sensitive computer networks etc. Cyber terrorism activities
endanger the sovereignty and integrity of the nation.

Cyber Warfare: It refers to politically motivated hacking to

conduct sabotage and espionage. It is a form of information
warfare sometimes seen as analogous to conventional warfare
although this analogy is controversial for both its accuracy
and its political motivation.

Distribution of pirated software: It means distributing pirated

software from one computer to another intending to destroy
the data and official records of the government.-25

Possession of Unauthorized Information: It is very easy to

access any information by the terrorists with the aid of
 internet and to possess that information for political, religious,
social, ideological objectives.

iv) Cybercrimes Against Society at large:

An unlawful act done with the intention of causing harm to the

cyberspace will affect large number of persons:

Child Pornography: It involves the use of computer networks to

create, distribute, or access materials that sexually exploit
underage children. It also includes activities concerning
indecent exposure and obscenity.

Cyber Trafficking: It may be trafficking in drugs, human

beings, arms weapons etc. which affects large number of
persons. Trafficking in the cyberspace is also a gravest crime.

Online Gambling: Online fraud and cheating is one of the most

lucrative businesses that are growing today in the cyber
space. There are many cases that have come to light are
those pertaining to credit card crimes, contractual crimes,
offering jobs, etc. [3]

Financial Crimes: This type of offence is common as there is

rapid growth in the users of networking sites and phone
networking where culprit will try to attack by sending bogus
mails or messages through internet. Ex: Using credit cards by
obtaining password illegally. [4]

Forgery: It means to deceive large number of persons by

sending threatening mails as online business transactions are
becoming the habitual need of todays life style. [5]

NEED FOR CYBER LAWS

Information technology has spread throughout the world. As the
user of cyberspace grows increasingly diverse and the range of
online interaction expands, there is expansion in the cyber crimes
i.e. breach of online contracts, perpetration of online torts and
crimes etc. Due to the consequences there was need to adopt a
strict law by the cyber space authority to regulate criminal activities
relating to cyber and to provide better administration of justice to
the victim of cyber crime. In the modern cyber technology world it is
very much necessary to regulate cyber crimes and most importantly
cyber law should be made stricter in the case of cyber terrorism and
hackers.
Cyber law, it is a term that encapsulates the legal issues related to
use of communicative, transactional, and distributive aspects of
networked information devices and technologies. It is less a distinct
field of law than property or contract law, as it is a domain covering
many areas of law and regulation. IT Law is a set of recent legal
enactments, currently in existence in several countries, which
governs the process and dissemination of information digitally.
These legal enactments cover a broad gamut of different aspects
relating to computer software, protection of computer software,
access and control of digital information, privacy, security, internet
access and usage, and electronic commerce. These laws have been
described as paper laws for paperless environment.

IT legislation in India: Mid 90s saw an impetus in globalization

and computerization, with more and more nations computerizing
their governance, and e-commerce seeing an enormous growth.
Previously, most of international trade and transactions were done
through documents being transmitted through post and by telex
only. Evidences and records, until then, were predominantly paper
evidences and paper records or other forms of hard-copies only.
With much of international trade being done through electronic
communication and with email gaining momentum, an urgent and
imminent need was felt for recognizing electronic records i.e. The
data what is stored in a computer or an external storage attached
thereto. The United Nations Commission on International Trade Law
(UNCITRAL) adopted the Model Law on e-commerce in 1996. The
General Assembly of United Nations passed a resolution in January
1997 inter alia, recommending all States in the UN to give favorable
considerations to the said Model Law, which provides for recognition
to electronic records and according it the same treatment like a
paper communication and record.

Objectives of I.T. legislation in India: It is against this

background the Government of India enacted its Information
Technology Act 2000 with the objectives as follows, stated in the
preface to the Act itself. to provide legal recognition for
transactions carried out by means of electronic data interchange
and other means of electronic communication, commonly referred
to as electronic commerce, which involve the use of alternatives
to paper-based methods of communication and storage of
information, to facilitate electronic filing of documents with the
Government agencies and further to amend the Indian Penal Code,
the Indian Evidence Act, 1872, the Bankers Books Evidence Act,
1891 and the Reserve Bank of India Act, 1934 and for matters
connected therewith or incidental thereto.

The Information Technology Act, 2000, was thus passed as the Act
No.21 of 2000, got Presidents assent on 9 June and was made
effective from 17 October 2000.
The Act essentially deals with the following issues:

Legal Recognition of Electronic Documents

Legal Recognition of Digital Signatures

Offenses and Contraventions

Justice Dispensation Systems for cyber crimes. [6]

Amendment Act 2008: Being the first legislation in the nation on

technology, computers and ecommerce and e-communication, the
Act was the subject of extensive debates, elaborate reviews and
detailed criticisms, with one arm of the industry criticizing some
sections of the Act to be draconian and other stating it is too diluted
and lenient. There were some conspicuous omissions too resulting in
the investigators relying more and more on the time-tested (one
and half century-old) Indian Penal Code even in technology based
cases with the I.T. Act also being referred in the process and the
reliance more on IPC rather on the ITA.

Thus the need for an amendment a detailed one was felt for the
I.T. Act almost from the year 2003-04 themselves. Major industry
bodies were consulted and advisory groups were formed to go into
the perceived lacunae in the I.T. Act and comparing it with similar
legislations in other nations and to suggest recommendations. Such
recommendations were analyzed and subsequently taken up as a
comprehensive Amendment Act and after considerable
administrative procedures; the consolidated amendment called the
Information Technology Amendment Act 2008 was placed in the
Parliament and passed without much debate, towards the end of
2008. This

Amendment Act got the President assent on 5 Feb 2009 and was
made effective from 27 October 2009.

Some of the notable features of the ITAA are as follows:

Focusing on data privacy

Focusing on Information Security

Defining cyber caf

Making digital signature technology neutral

Defining reasonable security practices to be followed by

corporate
 Redefining the role of intermediaries

Recognizing the role of Indian Computer Emergency Response

Team

Inclusion of some additional cyber crimes like child

pornography and cyber terrorism

Authorizing an Inspector to investigate cyber offences (as

against the DSP earlier)

INDIAN PERSPECTIVE
Talking about Indian scenario of cyber space crimes and cyber space
laws, there was no statute in India for governing Cyber Laws
involving privacy issues, jurisdiction issues, intellectual property
rights issues and a number of other legal questions. With the
tendency of misusing of technology, there arisen a need of strict
statutory laws to regulate the criminal activities in the cyber world
and to protect the true sense of technology IT ACT, 2000 was
enacted by Parliament of India to protect the field of e-commerce, e-
governance, e-banking as well as penalties and punishments in the
field of cyber crimes. The above Act was further amended in the
form of IT Amendment Act, 2008. Also certain sections of IPC and as
some cyber space crime are invading right to privacy, article 21 of
Indian constitution are some governing laws for cyber space crime
which imposes various liabilities in India.

CONSTITUTIONAL LIABILITY

Hacking into someones private property or stealing some ones

intellectual work is a complete violation of his right to privacy. The
Indian constitution does not specifically provide the right to
privacy as one of the fundamental rights guaranteed to the Indian
citizens but it is protected under IPC.

Right to privacy is an important natural need of every human being

as it creates boundaries around an individual where the other
persons entry is restricted. The right to privacy prohibits
interference or intrusion in others private life. The apex court of
India has clearly affirmed in its judicial pronouncements that right to
privacy is very much a part of the fundamental right guaranteed
under article 21 of the Indian constitution.

Thus right to privacy is coming under the expended ambit of article

21 of Indian constitution. So whenever there is some cyber crime
which is related to the persons private property or its personal stuff
then the accused can be charged of violation of article 21 of Indian
constitution, and prescribed remedy can be invoked against the
accused.

CRIMINAL LIABILITY

Criminal liability in India for cyber crimes is defined under the Indian
Penal Code (IPC). Certain Following sections of IPC deal with the
various cyber crimes:

Sending threatening messages by e-mail (Sec .503 IPC)

Word, gesture or act intended to insult the modesty of a

woman (Sec.509 IPC)

Sending defamatory messages by e-mail (Sec .499 IPC)

Bogus websites , Cyber Frauds (Sec .420 IPC)

E-mail Spoofing (Sec .463 IPC )

Making a false document (Sec.464 IPC)

Forgery for purpose of cheating (Sec.468 IPC)

Forgery for purpose of harming reputation (Sec.469 IPC)

Web-Jacking (Sec .383 IPC)

E-mail Abuse (Sec .500 IPC)

Punishment for criminal intimidation (Sec.506 IPC)

Criminal intimidation by an anonymous communication

(Sec.507 IPC)

Obscenity (Sec. 292 IPC )

Printing etc. of grossly indecent or scurrilous matter or matter

intended for blackmail (Sec.292A IPC)

Sale, etc., of obscene objects to young person (Sec .293 IPC)

Obscene acts and songs (Sec.294 IPC )

Theft of Computer Hardware (Sec. 378 )

Punishment for theft (Sec.379 )

 Other then the IPC some other piece of legislations also
imposes criminal liability on the accused and these
legislations are:-

Online Sale of Drugs (NDPS Act )

Online Sale of Arms (Arms Act )

Copyright infringement (Sec.51 of copyright act, 1957)

Any person who knowingly infringes or abets the infringement

of (Sec.63 of copyright act, 1957)

Enhanced penalty on second and subsequent convictions

(Sec.63 A of copyright act, 1957)

Knowing use of infringing copy of computer program to be an

offence (Sec.63B of copyright act, 1957)

The applications of these sections are subject to the investigating

style of investigating officer and charge sheet filed by the
investigating agency and nature of cyber crime.

In India there are number of cases filed under these IPC provisions
related to the cyber crime. According to the report of Home Ministry,
in 2012 there are 601 cases filed under the various provisions of IPC.
[7]

TORTIOUS LIABILITY

Basic liability in cyber crime is established through the principle of

neighborhood established from the case of Donoghue v. Stevenson.
But the major tortuous liability in cyber crimes is through
Information Technology Act, 2000 (as amended).

In India the Information Technology Act 2000 was passed to provide

legal recognition for transactions carried out by means of electronic
communication. The Act deals with the law relating to Digital
Contracts, Digital Property, and Digital Rights Any violation of these
laws constitutes a crime. The Act prescribes very high punishments
for such crimes. The Information Technology (amendment) Act,
2008(Act 10 of 2009), has further enhanced the punishments. Life
imprisonment and fine upto rupees ten lakhs may be given for
certain classes of cyber crimes. Compensation up to rupees five
crores can be given to affected persons if damage is done to the
computer, computer system or computer network by the
introduction of virus, denial of services etc.

The following sections are dealing with the cyber crimes:

 Penalty and Compensation for damage to computer, computer
system, etc (sec. 43 IT act)

Compensation for failure to protect data (sec. 43A IT Act)

Tampering with computer source Documents (sec. 65 IT Act)

Hacking with computer systems, Data Alteration (sec. 66 IT

Act)

Sending offensive messages through communication service,

etc (sec. 66A IT Act)

Dishonestly receiving stolen computer resource or

communication device (sec. 66B IT Act)

Identity theft (sec. 66C IT Act)

Cheating by personating by using computer resource (sec.

66D IT Act)

Violation of privacy (sec. 66E IT Act)

Cyber terrorism (sec. 66F Act)

Publishing or transmitting obscene material in electronic form

(sec. 67 IT Act)

Publishing or transmitting of material containing sexually

explicit act, etc. in electronic form (sec. 67A IT Act)

Punishment for publishing or transmitting of material

depicting children in sexually explicit act, etc. in electronic
form (sec. 67B IT Act)

Preservation and Retention of information by intermediaries

(sec.67C IT Act)

Powers to issue directions for interception or monitoring or

decryption of any information through any computer resource
(sec. 69 IT Act)

Power to issue directions for blocking for public access of any

information through any computer resource (sec. 69A IT Act)

Power to authorize to monitor and collect traffic data or

information through any computer resource for Cyber Security
(sec. 69B IT Act)
 Un-authorized access to protected system (sec. 70 IT Act)

Penalty for misrepresentation (sec. 71 IT Act)

Breach of confidentiality and privacy (sec. 72 IT Act)

Publishing False digital signature certificates (sec. 73 IT Act)

Publication for fraudulent purpose (sec. 74 IT Act)

Act to apply for offence or contraventions committed outside

India (sec. 75 IT Act)

Compensation, penalties or confiscation not to interfere with

other punishment

(sec. 77 IT Act)

Compounding of Offences (sec.77A IT Act)

Offences with three years imprisonment to be cognizable (sec.

77B IT Act)

Exemption from liability of intermediary in certain cases (sec.

79 IT Act)

Punishment for abetment of offences (sec. 84B IT Act)

Punishment for attempt to commit offences (sec. 84C IT Act)

Offences by Companies (sec. 85 IT Act)

The applications of these sections are subject to the investigating

style of investigating officer and charge sheet filed by the
investigating agency and nature of cyber crime.

In India there are number of cases filed under these IT provisions

related to the cyber crime. According to the report of Home ministry
of India, In 2012 there are 2876 cases filed under the various
provisions of IT act. [9]

ANALYSIS OF INDIAN CYBER LAWS AND

POLICING SYSTEM
Noted cyber law expert in the nation and Supreme Court advocate
Shri Pavan Duggal, While the lawmakers have to be complemented
for their admirable work removing various deficiencies in the Indian
Cyber law and making it technologically neutral, yet it appears that
there has been a major mismatch between the expectation of the
nation and the resultant effect of the amended legislation. The most
bizarre and startling aspect of the new amendments is that these
amendments seek to make the Indian cyber law a cyber crime
friendly legislation; a legislation that goes extremely soft on cyber
criminals, with a soft heart; a legislation that chooses to encourage
cyber criminals by lessening the quantum of punishment accorded
to them under the existing law; .. a legislation which makes a
majority of cybercrimes stipulated under the IT Act as bailable
offences; a legislation that is likely to pave way for India to become
the potential cyber crime capital of the world [11]

Let us not be pessimistic that the existing legislation is cyber

criminal friendly or paves the way to increase crimes. Certainly, it
does not. It is a commendable piece of legislation, a landmark first
step and a remarkable mile-stone in the technological growth of the
nation. But let us not be complacent that the existing law would
suffice. Let us remember that the criminals always go faster than
the investigators and always try to be one step ahead in technology.

There are several loopholes in IT Act as:-

The hurry, in which the legislation was passed, without

sufficient public debate, did not really serve the desired
purpose. Experts are of the opinion that one of the reasons for
the inadequacy of the legislation has been the hurry in which
it was passed by the parliament and it is also a fact that
sufficient time was not given for public debate. But many
problems of the act were amended by the amended act of
2008. [12]

Uniform law

Mr. Vinod Kumar holds the opinion that the need of the hour is a
worldwide uniform cyber law to combat cyber crime. Cyber crime is
a global phenomenon and therefore the initiative to fight it should
come from the same level. [13]

Lack of awareness

The Act of 2000 is not achieving complete success because of the

lack of awareness among the masses about their rights. Further
most of the cases are going unreported. If only the people are
vigilant about their rights, can the law protect their rights.

Raising a cyber army-

There is a need for a well equipped task force to deal with the new
trends of hi tech crime. The government has taken a leap in this
direction by constituting cyber crime cells in all metropolitan and
other important cities. Further the establishment of the Cyber Crime
Investigation Cell (CCIC) of the Central Bureau of Investigation (CBI).

Cyber savvy bench

Cyber savvy judges are the need of the day. Judiciary plays a vital
role in shaping the enactment according to the order of the day. One
such stage, which needs appreciation, is the P.I.L., which the Kerala
High Court has accepted through an email.

Dynamic form of cyber crime

Speaking on the dynamic nature of cyber crime FBI Director Louis

Freeh has said, In short, even though we have markedly improved
our capabilities to fight cyber intrusions the problem is growing even
faster and we are falling further behind. The (de)creativity of
human mind cannot be checked by any law. Thus the only way out is
the liberal construction while applying the statutory provisions to
cyber crime cases.

Hesitation to report offences

As stated above one of the fatal drawbacks of the Act has been the
cases going unreported. One obvious reason is the non-cooperative
police force. The police are a powerful force today which can play
an instrumental role in preventing cybercrime. At the same time, it
can also end up wielding the rod and harassing innocents,
preventing them from going about their normal cyber business. For
complete realization of the provisions of this Act a cooperative
police force is required. [14]

Apart from these loopholes and problems the present form of police
system and many police officials are not familiar with the cyber
crimes and they need training to be familiar with the Modus
operandi of cyber crimes though the existing relevant act is
comprehensive legislation but from the practical point of view there
are some shortcomings in the errant form of the act. It is the need of
the hour that the efficiency of police system at all ranks should be
upgraded in terms of cyber crimes. The immoral, lethal minds of
criminals take advantages of inefficient police system.

Both bench and Bar should realize the extent of cyber crimes. They
should familiarize themselves with the intricacies of cyber law,
otherwise they would find it extremely difficult to deal with cyber
crime cases.

CYBER CRIME CASES IN INDIA

 Pune Citibank Mphasis Call Center Fraud

It is a case of sourcing engineering. US $ 3, 50,000 from City bank

accounts of four US customers were dishonestly transferred to
bogus accounts in Pune, through internet. Some employees of a call
centre gained the confidence of the

US customers and obtained their PIN numbers under the guise of

helping the customers out of difficult situations.. Later they used
these numbers to commit fraud. By April 2005, the Indian police had
tipped off to the scam by a U.S. bank, and quickly identified the
individuals involved in the scam. Arrests were made when those
individuals attempted to withdraw cash from the falsified accounts,
$426,000 was stolen; the amount recovered was $230,000.

Court held that Section 43(a) was applicable here due to the nature
of unauthorized access involved to commit transactions.

State of Tamil Nadu Vs Suhas Katti

The case related to posting of obscene, defamatory and annoying

message about a divorcee woman in the yahoo message group. E-
Mails were also forwarded to the victim for information by the
accused through a false e-mail account opened by him in the name
of the victim. The posting of the message resulted in annoying
phone calls to the lady in the belief that she was soliciting. Based
on a complaint made by the victim in February 2004, the Police
traced the accused to Mumbai and arrested him within the next few
days. This is considered as the first case in the state of Tamil Nadu,
in which the offender was convicted under section 67 of Information
Technology Act 2000 in India.

The Bank NSP Case

The Bank NSP case is the one where a management trainee of the
bank was engaged to be married. The couple exchanged many
emails using the company computers. After some time the two
broke up and the girl created fraudulent email ids such as Indian
bar associations and sent emails to the boys foreign clients. She
used the banks computer to do this. The boys company lost a large
number of clients and took the bank to court. The bank was held
liable for the emails sent using the banks system.

SMC Pneumatics (India) Pvt. Ltd. v. Jogesh Kwatra

In this case, the defendant Jogesh Kwatra being an employee of the

plaintiff company started sending derogatory, defamatory, obscene,
vulgar, filthy and abusive emails to his employers as also to
different subsidiaries of the said company all over the world with
the aim to defame the company and its Managing Director. The
Delhi High Court restrained the defendant from sending derogatory,
defamatory, obscene, vulgar, humiliating and abusive emails either
to the plaintiffs or to its sister subsidiaries all over the world
including their Managing Directors and their Sales and Marketing
departments. Further, Honble Judge also restrained the defendant
from publishing, transmitting or causing to be published any
information in the actual world as also in cyberspace which is
derogatory or defamatory or abusive of the plaintiffs. This order of
Delhi High Court assumes tremendous significance as this is for the
first time that an Indian Court assumes jurisdiction in a matter
concerning cyber defamation and grants an injunction restraining
the defendant from defaming the plaintiffs by sending defamatory
emails.

Sony.Sambandh.Com Case

A complaint was filed by Sony India Private Ltd, which runs a

website called www.sonysambandh.com, targeting Non Resident
Indians. In May 2002, someone logged onto the website under the
identity of Barbara Campa and ordered a Sony Colour Television set
and a cordless head phone. She gave her credit card number for
payment and requested that the products be delivered to Arif Azim
in Noida. After one and a half months the credit card agency
informed the company that this was an unauthorized transaction as
the real owner had denied having made the purchase. The company
lodged a complaint for online cheating at the Central Bureau of
Investigation. The court convicted Arif Azim for cheating under
Section 418, 419 and 420 of the Indian Penal Code. This was the
first time that a cyber crime has been convicted. The judgment is of
immense significance for the entire nation. Besides being the first
conviction in a cyber crime matter, it has shown that the Indian
Penal Code can be effectively applied to certain categories of cyber
crimes which are not covered under the Information Technology Act
2000.

Nasscom v. Ajay Sood & Others

The plaintiff in this case was the National Association of Software

and Service Companies (Nasscom), Indias premier software
association. The defendants were operating a placement agency
involved in head-hunting and recruitment. In order to obtain
personal data, which they could use for purposes of head-hunting,
the defendants composed and sent e-mails to third parties in the
name of Nasscom. The High court recognised the trademark rights
of the plaintiff and passed an injunction restraining the defendants
from using the trade name or any other name deceptively similar to
Nasscom. According to the terms of compromise, the defendants
agreed to pay a sum of Rs1.6 million to the plaintiff as damages for
violation of the plaintiffs trademark rights. The Delhi HC stated that
even though there is no specific legislation in India to penalize
phishing, it held phishing to be an illegal act by defining it under
Indian law as a misrepresentation made in the course of trade
leading to confusion as to the source and origin of the e-mail
causing immense harm not only misused. The court held that, to
the consumer but even to the person whose name, identity or
password is act of phishing as passing off and tarnishing the
plaintiffs image.

This case achieves clear milestones: It brings the act of phishing

into the ambit of India laws even in the absence of specific
legislation; It clears the misconception that there is no damages
culture in India for violation of IP rights.

Bazee.com case

On 9 December 2004 a news item appeared with the Headline DPS

sex video at baazee.com. The news item stated: Indias biggest
online trading portal baazee.com had listed the said MMS clip under
the title DPS girls having fun with the member ID of 27877408.
CEO of the website Baazee.com was summoned by the Delhi High
Court for having allowed this clip to be listed for auction under
sections 67 and 85 of the IT Act, 2000. While Section 67 prohibits
publishing obscene information in electronic form, Section 85 allows
the prosecution of a person responsible for the business of a
company over violations. This incident caused a sudden panic
across the country and many discussions regarding the inefficiency
of the IT Act, 2000 and the need to amend it started. Also, after this
scandal, owing to debates around culpability, liability and
prosecution of material on the internet, several key judgments were
passed including banning the use of mobile phones in college and
school campuses across India.

PNB, Pune case

In the largest compensation awarded in legal adjudication of a cyber

crime dispute, Maharashtras IT secretary Rajesh Aggarwal has
ordered Punjab National Bank to pay Rs 45 lakh to Manmohan Singh
Matharu, MD of Pune-based firm Poona Auto Ancillaries. A fraudster
had transferred Rs 80.10 lakh from Matharus account in PNB, Pune
after Matharu responded to a phishing email. Matharu has been
asked to share the liability since he responded to the phishing mail.
Matharus is one of 13 e-fraud cases, all originating in Maharashtra
and with an imprint across six states, in which the states IT
secretary, serving as an adjudicating officer under the IT Act 2000,
last month passed critical orders against nine banks, four telecom
firms and two mobile recharge portals. These cases cover e-fraud
committed through illegal data access, hacking bank accounts,
cloning credit cards, issuing duplicate SIM cards and phishing,
among others.

Syed Asifuddin and Ors. Vs. The State of Andhra

Pradesh

In this case, Tata Indicom employees manipulated the electronic 32-

bit number (ESN) programmed into cell phones theft were
exclusively franchised to Reliance Infocomm. Court held that
tampering with source code invokes Section 65 of the Information
Technology Act.

Bomb Hoax mail

In 2009, a 15-year-old Bangalore teenager was arrested by the

cyber crime investigation cell (CCIC) of the city crime branch for
allegedly sending a hoax e- mail to a private news channel. In the e-
mail, he claimed to have planted five bombs in Mumbai, challenging
the police to find them before it was too late.

The Mumbai police have registered a case of cyber terrorismthe

first in the state since an amendment to the Information Technology
Actwhere a threat email was sent to the BSE and NSE on Monday.
The MRA Marg police and the Cyber Crime Investigation Cell are
jointly probing the case. The suspect has been detained in this case.

The MRA Marg police have registered forgery for purpose of

cheating, criminal intimidation cases under the IPC and a cyber-
terrorism case under the IT Act.

COMPARATIVE STUDY
As against the alone legislation ITA and ITAA in India, in many other
nations globally, there are many legislations governing e-commerce
and cyber crimes going into all the facets of cyber crimes. Data
Communication, storage, child pornography, electronic records and
data privacy have all been addressed in separate Acts and Rules
giving thrust in the particular area focused in the Act.

United States of America

USA have the Health Insurance Portability and Accountability Act

popularly known as HIPAA which inter alia, regulates all health and
insurance related records, their upkeep and maintenance and the
issues of privacy and confidentiality involved in such records.The
Sarbanes-Oxley Act (SOX) signed into law in 2002 mandated a
number of reforms to enhance corporate responsibility, enhance
financial disclosures, and combat corporate and accounting fraud.
Besides, there are a number of laws in the US both at the federal
level and at different states level like the Cable Communications
Policy Act, Childrens Internet Protection Act, and Childrens Online
Privacy Protection Act etc.

United Kingdom

In the UK, the Data Protection Act and the Privacy and Electronic
Communications Regulations etc are all regulatory legislations
already existing in the area of information security and cyber crime
prevention, besides cyber crime law passed recently in August
2011.

Similar to these countries we also have cyber crime legislations and

other rules and regulations in other nations like Australia, New
Zealand, China etc.

INTERPOLS ROLE:-

INTERPOLs cybercrime programme is built around training and

operations and works to keep up with emerging threats. It aims to:

Promote the exchange of information among member countries

through regional working parties and conferences;

Deliver training courses to build and maintain professional

standards;

Coordinate and assist international operations;

Establish a global list of contact officers available around the

clock for cybercrime investigations (the list contained 134 contacts
at the end of 2012);

Assist member countries in the event of cyber-attacks or

cybercrime investigations through investigative and database
services;

Develop strategic partnerships with other international

organizations and private sector bodies;

Identify emerging threats and share this intelligence with

member countries;

Provide a secure web portal for accessing operational

information and documents.

Cyber crimes cases in other Countries

 Worm Attack: First person to be prosecuted under the
Computer and Fraud Act, 1986 was the Robert Tappan Morris
well Known as First Hacker. His worm was uncontrollable due
to which around 6000 computer machines were destroyed and
many computers were shut down until they had completely
malfunctioned. He was ultimately sentenced to three years
probation, 400 hours of community service and assessed a
fine of $10500.

Hacker Attack: A Ph.D. student of the University of Southern

California, in the year 1983, made a short programme as an
experiment that could infect computers, make copies of it,
and spread from one machine to another. A professor of his
suggested the name virus. Now that student runs a
computer security firm.

Internet Hacker: Wang Qun, alias playgirl, was arrested

making the first ever arrest of an internet hacker in China. He
was a 19 year old computing student, arrested in connection
with the alleged posting of pornographic material on the
homepages of several government-run web sites.

CONCLUSION
Cyber crime is a new form of crime that has emerged due to
computerization of various activities in an organization in a
networked environment. With the rapid growth of information
technology cyber crimes are a growing threat.

Technology has a negative aspect as it facilitates commercial

activity. Ordinarily the law keeps pace with the changes in
technology but the pace of technological developments in the
recent past, especially in the field of information and technology is
impossible to keep pace with legal system. An important concern
relates to modernizing penal laws of many countries which predate
the advent of computers. On the one hand, the existing laws have to
be change to cope with the computer related fraud such as hacking,
malicious falsification or erasure of data, software theft, software
attacks etc. and on the other, new legislation is also necessary to
ensure data protection and piracy. The need for a law on data
protection is paramount if India is to sustain investor confidence,
especially among foreign entities that send large amounts of data to
India for back-office operations. Data protection is essential for
outsourcing arrangements that entrust an Indian company with a
foreign companys confidential data or trade secrets, and/or
customers confidential and personal data.
Also in the above chapters we have talked about the Indian police
system for cyber crimes which is subjected to the improvisation, and
a new and clear specific legislation which can fight easily against
the cyber crimes. Further the proposed initiatives and amendments
by government to the IT act, which are likely to be implemented,
soon will be implemented as soon as possible. The proposed
amendments widen the liability for breach of data protection and
negligence in handling sensitive personal information. Additionally,
the Government of India, with the help of the Department of
Information Technology, is currently working on a holistic law on
data protection based on the European Union directive. Further, the
government plans to create a Common Criterion Lab, backed by
the Information Security Technical Development Council, where
intensive research in cryptography and product security can be
undertaken. As Prevention is always better than cure, a smart
internet user should take certain precautions while operating the
internet and should follow certain preventive measures for cyber
crimes, these measures can be considered as suggestions also:

A person should never send his credit card number to any site
that is not secured, to guard against frauds.

One should avoid disclosing any personal information to

strangers via e-mail or while chatting.

One must avoid sending any photograph to strangers by

online as misusing of photograph incidents increasing day by
day.

It is always the parents who have to keep a watch on the sites

that your children are accessing, to prevent any kind of
harassment or depravation in children.

Web site owners should watch traffic and check any

irregularity on the site. It is the responsibility of the web site
owners to adopt some policy for preventing cyber crimes as
number of internet users are growing day by day.

Strict statutory laws need to be passed by the Legislatures

keeping in mind the interest of netizens (cybercitizen or an
entity or person actively involved in online communities and a
user of the Internet).

Web servers running public sites must be physically

separately protected from internal corporate network.

An update Anti-virus software to guard against virus attacks

should be used by all the netizens and should also keep back
 up volumes so that one may not suffer data loss in case of
virus contamination.

It is better to use a security program by the body corporate to

control information on sites.

IT department should pass certain guidelines and notifications

for the protection of computer system and should also bring
out with some more strict laws to breakdown the criminal
activities relating to cyberspace.

As Cyber Crime is the major threat to all the countries

worldwide, certain steps should be taken at the international
level for preventing the cybercrime.

Special police task force which is expert in techno field will be

constituted.

Complete justice must be provided to the victims of cyber

crimes by way of compensatory remedy and offenders to be
punished with highest type of punishment so that it will
anticipate the criminals of cyber crime. [15]

Edited By Parul Padhi

[1] http://cybercellmumbai.gov.in accessed on 1 Dec 2013

[2] Information Technology Act, 2000A computer has multifarious

functions and it is regarded as a superman. It provides information
as well as communication by means of internet. It is the fastest
mean for input and output of transportation of informations. In
official meaning, the term internet is popularly known as world
wide web (www)

[3] http://www.legalindia.in accessed on 1 Dec 2013

[4] http://cybercellmumbai.gov.in accessed on 1 Dec 2013

[5] Ibid

[6] http://jurisonline.in accessed on 2nd Dec 2013

[7] http://www.mha.nic.in accessed on 4th Dec 2013

[8] Ibid

[90 Ibid

[10] Ibid
[11] Pawan Duggal, Is this treaty a treat? Available at
http://www.naavi.org/pati/pati_cybercrimes_dec03.htm

[12] Ibid

[13] Kumar Vinod, Winning the Battle against cyber Crimes available
at http://www.cyberriskinsuranceforum.com/content/are-we-losing-
battle-against-cyber-crime

[14] Dewang Mehta, Role of Police in Tackling Cyber Crimes

available at http://www.naavi.org/pati/pati_cybercrimes_dec03.htm

[15] Ibid