CYBER LAW

Need For Cyber Law:

The computer, Internet and its dot com progeny has left every single statute toothless.
Computers, internet and cyberspace- together known as information technology have posed
hitherto unknown problems in jurisprudence. It has shown inadequacy of law while dealing with
the information technology itself and also with the changes induced by the information
technology in our lives and business. On the one hand increasing traffic of e-commerce forces
legislature to redefine legal parameters. On the other hand cyber criminals are making quick
bucks through the new medium of cyberspace. The task adjudicating the rival claims and
bringing the cyber criminals to book is lawfully met only if the cyber space activities are proved
in court of law.

 To regulate Cyber Crimes: As the user of cyberspace grows increasingly diverse and
the range of online interaction expands, there is expansion in the cyber crimes i.e.
breach of online contracts, perpetration of online torts and crimes etc. Due to these
consequences there was need to adopt a strict law by the cyber space authority to regulate
criminal activities relating to cyber and to provide better administration of justice to the
victim of cyber crime.

i. The use of internet particularly for the distribution of obscene, indecent and
pornographic content and the relative ease with which the same may be
accessed calls for strict regulation.
ii. The increasing business transaction from tangible assets to intangible assets
like Intellectual Property has converted Cyberspace from being a mere info
space into important commercial space. Cyber Laws are needed to protect
intellectual property rights online .
iii. Money laundering becomes much simpler through the use of net. The person
may use a name and an electronic address, but there are no mechanisms to
prove the association of a person with an identity so that a person can be
restricted to a single identity or identity can be restricted to a single person.
Therefore Cyberspace needs to be regulated to curb this phenomenon.
 For Data Protection: The major area of concern where some sort of regulation is
desirable is data protection and data privacy so that industry, public administrators,
netizens, and academics can have confidence as on-line user.
 To regulate Electronic Transactions: The cyber laws have a major impact for e-
businesses and the new economy in India. We need a law so that people can perform
purchase transactions over the Net through credit cards without fear of misuse.
 To Promote E-Governance
  Internet has emerged as the „media of the people‟ as the internet spreads fast there were
changes in the press environment that was centered on mass media. Unlike as in the
established press, there is no editor in the Internet. People themselves produce and
circulate what they want to say and this direct way of communication on internet has
caused many social debates.

Cyber Crime
It can be defined as ―unlawful acts wherein the computer is either a tool or target or both‖. Any
crime with the help of computer or telecommunication technology can be called a cyber crime.

i. The computer as a Target:-using a computer to attack other computers. e.g. Hacking,

Virus/Worm attacks, DOS attack etc.
ii. The computer as a weapon:-using a computer to commit real world crimes. eg. Cyber
Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography.

Categories of Cyber Crime

1. Cyber Crimes against Persons:

 Harassment via E-Mails: It is very common type of harassment through sending letters,
attachments of files & folders i.e. via e-mails. At present harassment is common as usage
of social sites i.e. Facebook, Twitter etc. increasing day by day.
 Cyber-Stalking: Cyber stalking involves following a person‘s movements across the
Internet by posting messages (sometimes threatening) on the bulletin boards frequented
by the victim, entering the chat-rooms frequented by the victim, constantly bombarding
the victim with emails etc. It means expressed or implied a physical threat that creates
fear through the use to computer technology such as internet, e-mail, phones, text
messages, webcam, websites or videos.
 Dissemination of Obscene Material: It includes Indecent exposure/ Pornography
(basically child pornography), hosting of web site containing these prohibited materials.
These obscene matters may cause harm to the mind of the adolescent and tend to deprave
or corrupt their mind.
 Defamation: It is an act of imputing any person with intent to lower down the dignity of
the person by hacking his mail account and sending some mails with using vulgar
language to unknown persons mail account.
 Hacking: It means unauthorized control/access over computer system and act of hacking
completely destroys the whole data as well as computer programmes. Hackers usually
hacks telecommunication and mobile network.
  Cracking: It is amongst the gravest cyber crimes known till date. A stranger breaks into
your computer systems without your knowledge and consent and tampers with your
precious confidential data and information.
 E-Mail Spoofing: A spoofed e-mail may be said to be one, which misrepresents its
origin. It shows it‘s origin to be different from which actually it originates.
 SMS Spoofing: Spoofing is a blocking through spam which means the unwanted
uninvited messages. Here a offender steals identity of another in the form of mobile
phone number and sending SMS via internet and receiver gets the SMS from the mobile
phone number of the victim. It is very serious cyber crime against any individual.
 E-commerce/ Investment Frauds:-
 Sales and Investment frauds: An offering that uses false or fraudulent claims to solicit
investments or loans, or that provides for the purchase, use, or trade of forged or
counterfeit securities.
 Merchandise or services that were purchased or contracted by individuals online are
never delivered.
 The fraud attributable to the misrepresentation of a product advertised for sale through an
Internet auction site or the non-delivery of products purchased through an Internet
auction site.
 Investors are enticed to invest in a fraudulent scheme by the promises of abnormally high
profits.
 Banking/Credit card Related crimes:-
 In the corporate world, Internet hackers are continually looking for opportunities to
compromise a company‘s security in order to gain access to confidential banking and
financial information.
 Use of stolen card information or fake credit/debit cards are common.
 Bank employee can grab money using programs to deduce small amount of money from
all customer accounts and adding it to own account also called as salami.

2. Crimes Against Person‟s Property:

As there is rapid growth in the international trade where businesses and consumers are
increasingly using computers to create, transmit and to store information in the electronic form
instead of traditional paper documents. There are certain offences which affects person‘s
property which are as follows:

 Intellectual Property Crimes: Intellectual property consists of a bundle of rights. Any

unlawful act by which the owner is deprived completely or partially of his rights is an
offence.
 i. The common form of IPR violation may be said to be software piracy,
infringement of copyright, trademark, patents, designs and service mark violation,
theft of computer source code, etc.
ii. Cyber Squatting- Domain names are also trademarks and protected by ICANN‘s
domain dispute resolution policy and also under trademark laws. Cyber Squatters
register domain name identical to popular service provider‘s domain so as to
attract their users and get benefit from it.

 Cyber Vandalism: Vandalism means deliberately destroying or damaging property of

another. Thus cyber vandalism means destroying or damaging the data when a network
service is stopped or disrupted. It may include within its purview any kind of physical
harm done to the computer of any person. These acts may take the form of the theft of a
computer, some part of a computer or a peripheral attached to the computer.
 Transmitting Harmful Programs: Viruses are programs that attach themselves to a
computer or a file and then circulate themselves to other files and to other computers on a
network. They usually affect the data on a computer, either by altering or deleting it.
Worm attacks plays major role in affecting the computerize system of the individuals.
 Unauthorised computer Trespass: It means to access someone‘s computer without the
right authorization of the owner and does not disturb, alter, misuse, or damage data or
system by using wireless internet connection.
 Siphoning of Funds from financial institutions

3. Cybercrimes Against Government:

There are certain offences done by group of persons intending to threaten the international
governments by using internet facilities. It includes:

 Cyber Terrorism: is the convergence of terrorism and cyber space. It is generally

understood to mean unlawful attacks and threats of attacks against computers, networks,
and information stored therein when done to intimidate or coerce a government or its
people in furtherance of political or social objectives. The common form of these terrorist
attacks on the Internet is by distributed denial of service attacks, hate websites and hate e-
mails, attacks on sensitive computer networks etc. Cyber terrorism activities endanger the
sovereignty and integrity of the nation.

Recent activities of ISIS in Middle East and series of videos released by them are
potential cyber terrors. They are using Cyber space for their propaganda and for
influencing vulnerable people to join ISIS. It is threat to the world and the way they are
growing needs global cooperation to check them before they create havoc.
  Cyber Warfare: It refers to politically motivated hacking to conduct sabotage and
espionage. It is a form of information warfare sometimes seen as analogous to
conventional warfare although this analogy is controversial for both its accuracy and its
political motivation. Cyber warfare attacks can disable official websites and networks,
disrupt or disable essential services, steal or alter classified data, and cripple financial
systems.

Tit-for-tat attacks look set to become the norm as the countries of the region secure up
their cyber space. Despite intense investigations by anti-virus companies, the origins of
the malware have remained largely in the realm of speculation and inference. It can have
unpredictable repercussions on civil and military infrastructures.

 Distribution of pirated software: It means distributing pirated software from one

computer to another intending to destroy the data and official records of the government.
 Possession of Unauthorized Information: It is very easy to access any information by
the terrorists with the aid of internet and to possess that information for political,
religious, social, ideological objectives.

4. Cybercrimes Against Society at large:

An unlawful act done with the intention of causing harm to the cyberspace will affect large
number of persons. These offences include:

 Child Pornography: It involves the use of computer networks to create, distribute, or

access materials that sexually exploit underage children. It also includes activities
concerning indecent exposure and obscenity.
 Cyber Trafficking: It may be trafficking in drugs, human beings, arms weapons etc.
which affects large number of persons.
 Online Gambling: Online fraud and cheating is one of the most lucrative businesses that
are growing today in the cyber space. There are many cases that have come to light are
those pertaining to credit card crimes, contractual crimes, offering jobs, etc.

Cyber Laws in India

While the Information Technology Act is the most significant Act addressing conduct in
cyberspace in India, there are a whole lot of other Acts that would apply to govern and regulate
conduct and transactions in cyberspace.
 Take for instance online contracts. Apart from the relevant provisions of the IT Act, the
Indian Contract Act, the Sale of Goods Act, 1930 etc. would be relevant to determine the
legality of such contracts.
 Further the provisions of the Competition Act, 2002 or in case of unfair trade practices,
the Consumer Protection Act 1986, would also be relevant.
 Protection of intellectual property available on the Internet is one of the greatest
challenges of the day. Be it books, films, music, computer software, inventions, formulas,
recipes, everything is available on the net. Protection of copyrights trademarks online
would entail the invocation of the Indian Copyright Act and, the Trade Marks Act.
 As far as illegal activities on the net are concerned, apart from specific provisions in the
IT Act that penalizes them, a whole gamut of other Acts would govern them. For instance
in case of an Internet fraud, based on the nature of the fraud perpetrated, Acts such as the
Companies Act, 1956.
 Thus it can be inferred that while the IT Act is the quintessential Act regulating conduct
on the Internet based on the facts of a case or the nature of a transaction, several other
Acts may be applicable. Therefore, cyber laws includes the whole set of legislation that
can be applied to determine conduct on the Internet.

Information Technology Act, 2000

 The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) is the
primary law in India dealing with cybercrime and electronic commerce.
 It is based on the United Nations Model Law on Electronic Commerce
1996 (UNCITRAL Model) recommended by the General Assembly of United Nations
by a resolution dated 30 January 1997.
 The IT Act, 2000 gives the legal framework so that information is not denied legal effect
solely on the ground that it is the form of electronic records.
 The Act seeks to protect this advancement in technology by defining crimes, prescribing
punishments, laying down procedures for investigation and forming regulatory
authorities.
 The Act now allows Government to issue notification on the web thus heralding e-
governance.
 The Act enables the companies to file any form, application or any other document with
any office, authority, body or agency owned or controlled by the appropriate Government
in electronic form by means of such electronic form as may be prescribed by the
appropriate Government.
 The IT Act also addresses the important issues of security, which are so critical to the
success of electronic transactions. The Act has given a legal definition to the concept of
secure digital signatures that would be required to have been passed through a system of
a security procedure, as stipulated by the Government at a later date.
 Important Sections

Section 3: Authentication of Electronic Records

It specifically stipulates that any subscriber may authenticate an electronic record by affixing his
digital signature. It further states that any person can verify an electronic record by use of a
public key of the subscriber.

Section 4: of the Act provides for legal recognition of Electronic Records.

Section 5: details the legal recognition of Digital Signatures.

Section 6: Use of electronic records and digital signatures in Government and its agencies.

Section 10.: Power to make rules by Central Government in respect of digital signature
The Central Government may, for the purposes of this Act, by rules, prescribe-
 the type of digital signature.
 the manner and format in which the digital signature shall be affixed.
 the manner or procedure which facilitates identification of the person affixing the digital
signature.
 control processes and procedures to ensure adequate integrity, security and confidentiality of
electronic records or payments, and
 any other matter which is necessary to give legal effect to digital signatures.

Section 43 and Section 44 provide for Penalties (Chapter IX of I.T. Act,2000)

Section 43 : Penalty for damage to computer, computer system, etc.

whoever does any act of destroys, deletes, alters and disrupts or causes disruption of any
computer with the intention of damaging of the whole data of the computer system without the
permission of the owner of the computer, shall be liable to pay fine upto 1crore to the person so
affected by way of remedy.

Section 44: Penalty for failure to furnish information return, etc.

If any person who is required under this Act or any rules or regulations made thereunder to-
 furnish any document, return or report to the Controller or the Certifying Authority fails to
furnish the same, he shall be liable to a penalty not exceeding one lakh and fifty thousand rupees
for each such failure.
 file any return or furnish any information, books or other documents within the time specified, he
shall be liable to a penalty not exceeding five thousand rupees for every day during which such
failure continues.
 Section 46: Power to Adjudicate:
 whether any person has committed a contravention of any of the provisions of this Act or of any
rule, regulation, direction or order made thereunder the Central Government shall, appoint any
officer not below the rank of a Director to the Government of India or an equivalent officer of a
State Government to be an adjudicating officer for holding an inquiry in the manner prescribed
by the Central Government

Chapter X:The Cyber Regulations Appellate Tribunal (Section 48-64)

Section 48: provides for Establishment of Cyber Appellate Tribunal

Section 49: Composition of Cyber Appellate Tribunal

A Cyber Appellate Tribunal shall consist of one person only (hereinafter referred to as the
Residing Officer of the Cyber Appellate Tribunal) to be appointed, by notification, by the
Central Government.

Section 50: Qualifications for appointment as Presiding Officer of the Cyber Appellate Tribunal
A person shall not be qualified for appointment as the Presiding Officer of a Cyber Appellate
Tribunal unless he -
 is, or has been. or is qualified to be, a Judge of a High Court, or
 is or has been a member of the Indian Legal Service and is holding or has held a post in Grade I
of that Service for at least three years.

Section 51: Term of office :5 yrs/65 yrs

Section 52: provides that Salary, allowances and other terms and conditions of service of
Presiding Officer shall be varied to his disadvantage after appointment.

Section 58: Procedure and powers of the Cyber Appellate Tribunal

(1) The Cyber Appellate Tribunal shall not be bound by the procedure laid down by the Code of
civil Procedure, 1908 but shall be guided by the principles of natural justice
(2) The Cyber Appellate Tribunal shall have, for the purposes of discharging its functions under
this Act, the same powers as are vested in a civil court under the Code of Civil Procedure, 1908,
while trying a suit, in respect of the following matters, namely:—
(a) summoning and enforcing the attendance of any person and examining him on oath;
(b) requiring the discovery and production of documents or other electronic records;
(c) receiving evidence on affidavits;
(d) issuing commissions for the examination of witnesses or documents;
(e) reviewing its decisions;
(f) dismissing an application for default or deciding it ex pane;
(g) any other matter which may be prescribed.

Section 61: Civil court not to have jurisdiction

Section 62: Appeal to High Court

Any person aggrieved by any decision or order of the Cyber Appellate Tribunal may file an
appeal to the High Court within sixty days from the date of communication of the decision or
order of the Cyber Appellate Tribunal to him on any question of fact or law arising out of such
order.

Chapter XI- Offences

The Indian Penal Code does not use the term ‗cyber crime‘ at any point even after its amendment
by the IT Act, 2000. On the contrary, The Act has a separate chapter XI entitled ―Offences‖ in
which various cyber crimes have been declared as penal offences punishable with imprisonment
and fine. The offences covered under Chapter XI of the Indian Information Technology Act,
2000 include:
(i) Tampering with the computer source code or computer source documents- Section 65
(ii) Hacking of computer system - Section 66
(iii) Publishing of information which is obscene in electronic form- Section 67
(iv) Failure to decrypt information if the same is necessary in the interest of the sovereignty or
integrity of India. - Section 68
(v) Securing access or attempting to secure access to a protected system.- Section 70
(vi) Mis-Representation while obtaining, any license to act as a Certifying Authority or a digital
signature certificate. - Section 71
(vii) Breach of confidentiality and privacy. - Section 72
(viii) Publication of digital signature certificates which are false in certain particulars- Section 73
(ix) Publication of digital signature certificates for fraudulent purposes. - Section 74

Section 81: Act to have overriding effect

The provisions of this Act shall have effect notwithstanding anything inconsistent therewith
contained in any other law for the time being in force.

Section 88: provides for the constitution of the Cyber Regulations Advisory Committee, which
shall advice the government as regards any rules, or for any other purpose connected with the
said act.

Section 91-94: The Act proposes to amend the Indian Penal Code, 1860, the Indian Evidence
Act, 1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act, 1934 to
make them in tune with the provisions of the IT Act.
 IT Amendment Act 2008
The Amendment was created to address issues that the original bill failed to cover and to
accommodate further development of IT and related security concerns since the original law was
passed.

Changes in the Amendment include:

 redefining terms such as "communication device" to reflect current use;

 validating electronic signatures and contracts;

 making the owner of a given IP address responsible for content accessed or distributed
through it; and

 making corporations responsible for implementing effective data security practices and
liable for breaches.

 It also introduced penalties for child porn, cyber terrorism and voyeurism.

 Some new Offences were added:

i. 66B: Punishment for dishonestly receiving stolen computer resource or

communication device

ii. 66C: Punishment for identity theft.

iii. 66D: Punishment for cheating by personation by using computer resource

iv. 66E: Punishment for violation of privacy

v. 66F: Punishment for cyber terrorism

vi. 67A: Punishment for publishing or transmitting of material containing sexually

explicit act,etc. in electronic form
 vii. 67B: Punishment for publishing or transmitting of material depicting children in
sexually explicit act, etc. in electronic form

Section 66A

Section 66 A: Punishment for sending offensive messages through communication service, etc.
Any person who sends, by means of a computer resource or a communication device,-

a) any information that is grossly offensive or has menacing character; or

b) any information which he knows to be false, but for the purpose of causing annoyance,
inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill
will, persistently makes by making use of such computer resource or a communication device,

c) any electronic mail or electronic mail message for the purpose of causing annoyance or
inconvenience or to deceive or to mislead the addressee or recipient about the origin of such
messages shall be punishable with imprisonment for a term which may extend to three years and
with fine.

Problem with Section 66A:

The vagueness about what is ―offensive‖. The word has a very wide connotation, and is open to
distinctive, varied interpretations. It is subjective, and what may be innocuous for one person,
may lead to a complaint from someone else and, consequently, an arrest under Section 66A if the
police prima facie accepts the latter person‘s view.

Controversy Regarding Section 66A:

The first petition came up in the court following the arrest of two girls in Maharashtra by Thane
Police in November 2012 over a Facebook post. The girls had made comments on the shutdown
of Mumbai for the funeral of Shiv Sena chief Bal Thackeray. The arrests triggered outrage from
all quarters over the manner in which the cyber law was used.

Ground for challenging Section 66A:

While the objective behind the 2008 amendment was to prevent the misuse of information
technology, particularly through social media, Section 66A comes with extremely wide
parameters, which allow whimsical interpretations by law enforcement agencies. Most of the
terms used in the section have not been specifically defined under the Act. The petitions have
argued that it is a potential tool to gag legitimate free speech online, and to curtail freedom of
speech and expression guaranteed under the Constitution, going far beyond the ambit of
―reasonable restrictions‖ on that freedom.

Supreme Court Judgment:

 The Supreme Court has scrapped the Section in “Shreya Singhal vs. Union of India” as
it was seen as a major infringement of the freedom of speech online because it allowed
the arrest of a person for posting offensive content.

 Section 66A of the Information Technology Act, has been declared unconstitutional.

 Supreme Court described the law as "vague in its entirety," as it encroaches upon "the
public's right to know.”

Section 69 A: Power to issue directions for blocking for public access of any information
through any computer resource

(1) Where the Central Government or any of its officer specially authorized by it in this behalf is
satisfied that it is necessary or expedient so to do in the interest of sovereignty and integrity of
India, defense of India, security of the State, friendly relations with foreign states or public order
or for preventing incitement to the commission of any cognizable offence relating to above, it
may subject to the provisions of sub-sections

(2) for reasons to be recorded in writing, by order direct any agency of the Government or
intermediary to block access by the public or cause to be blocked for access by public any
information generated, transmitted, received, stored or hosted in any computer resource.

70 B: Indian Computer Emergency Response Team to serve as national agency for incident
response

 The Central Government shall appoint an agency of the government to be called the
Indian Computer Emergency Response Team.

 The Indian Computer Emergency Response Team shall serve as the national agency for
performing the following functions in the area of Cyber Security,-
  (a) collection, analysis and dissemination of information on cyber incidents (b) forecast
and alerts of cyber security incidents

 (c) emergency measures for handling cyber security incidents

 (d) Coordination of cyber incidents response activities

 (e) issue guidelines, advisories, vulnerability notes and white papers relating to
information security practices, procedures, prevention, response and reporting of cyber
incidents

 (f) such other functions relating to cyber security as may be prescribed

Criticism of the Amendment:

 The Amendment has been criticized for decreasing the penalties for some cybercrimes
and for lacking sufficient safeguards to protect the civil rights of individuals.

 Section 66A which penalised sending of "offensive messages. It has been declared
unconstiyutional by the Supreme Court.

 Section 69A authorizes the Indian government to intercept, monitor, decrypt and block
data at its discretion. The Act has provided Indian government with the power of
surveillance, monitoring and blocking data traffic. The new powers under the amendment
act tend to give Indian government a texture and color of being a surveillance state.

Advantages of IT Act, 2000(Amended in 2008)

 The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber
crimes.
 The Act offers the much-needed legal framework so that information is not denied legal
effect, validity or enforceability, solely on the ground that it is in the form of electronic
records.
 In view of the growth in transactions and communications carried out through electronic
records, the Act seeks to empower government departments to accept filing, creating and
retention of official documents in the digital format.
 The Act has also proposed a legal framework for the authentication and origin of
electronic records / communications through digital signature.
  From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain
many positive aspects.
i. Firstly, the implications of these provisions for the e-businesses would be that
email would now be a valid and legal form of communication in our country that
can be duly produced and approved in a court of law.
ii. Companies shall now be able to carry out electronic commerce using the legal
infrastructure provided by the Act.
iii. Digital signatures have been given legal validity and sanction in the Act.

CYBER EVIDENCE

The subject of Cyber evidence is still at nascent stage in India. Till date Indian Evidence Act,
1872 is only law available in India regulating the proof and admissibility of evidence in court of
law. Information technology Act, 2000 (for brevity ‗I.T. Act‘) has been enacted to regulate cyber
activities in India.For upgrading the law to meet to cyber challenge, I.T. Act has amended Indian
Evidence Act, 1872 and introduced some new provisions governing relevance, admissibility, and
proof of cyber evidence.

Nature of Cyber Evidence

 Cyber activities are conducted in virtual medium that operate through the electronic
signals. The cyber evidence in real sense is only a program of electronic signals. What
appears on monitor is programmed mechanical manipulations hence are the secondary
manifestations.
 Law of evidence deals only with three types of evidence –oral, documentary and
circumstantial evidence. Cyber evidence by its unique nature does not fit into either
category.
 It is not circumstantial evidence at all. It is not oral evidence as conceived by human
organs of senses. It is to not documentary evidence in the sense that – something written
on something. Thus it is clear that cyber evidence is unique jurisprudential challenge.

Cyber Evidence and Indian Evidence Act, 1872

Out of three types of evidence, cyber evidence is nearer to concept of documentary evidence.
Instead of enacting a new cyber evidence code, I.T. Act introduced concept of „electronic
record‟ in Indian Evidence Act, 1872 and legally attributed the characteristic of a ‗document‘ to
‗electronic record‘ as a form of documentary evidence.
 Some other consequential amendments have also been made in Indian Evidence Act,
1872. In short where ever word ‗document‘ appeared the word ‗electronic record‘ has
been appended thereto. Resultantly now all the provisions of Indian Evidence Act., 1872
relating to documents are equally applicable to electronic record.
  Under both I.T. Act, 2000 and Indian Evidence Act, 1872 the word ‗electronic record‘ is
used as against popular expression ‗Cyber Evidence‘.
 What is an Electronic Record: Indian Evidence Act has not itself defined concept
‗electronic record‘ rather adopted the definition given in Section 2(1) (t) I.T. Act that
„electronic record‟ means data, record or data generated, image or sound stored,
received or sent in an electronic form or micro film or computer generated micro
fiche. Further the expression ‗data‘ and ‗electronic form‘ have been defined in I.T. Act,
2000. In this way admissions, entries in book of account and public record, in electronic
forms become admissible.

Documentary of Cyber Evidence

A legal document is recognized by characteristics viz (1) originality (2) writing (3)
authentication (4) legal admissibility. None of these ingredients are available in cyber evidence
as such. Let us examine the legal scenario after the enforcement of I.T. Act.

(1) Originality
Electronic record is nothing but mechanical programmed output of electronic signals, which
cannot be touched, or seen. In cyber space original is always in the shape of electronic signal –
0‘s (off) and 1‘s (on). Even the original is not in human readable form. Monitor out put,
softcopies or hardcopies are manipulative reproduction. On change of software / program the
output will be different. No electronic record can be used without intervention of computer even
for the purposes of making tangible copies. Therefore, it lacks originality and can not be taken
as ‗document‘ as is commonly understood in legal parlance.
The amendment tries to remove doubts. An artificial originality is attributed to computer output
by addition of Sections 65A and 65B in Indian Evidence Act, 1872 by virtue of Section 91 and
Second Schedule of I.T. Act, 2000.
Section 65 B (1) of Indian Evidence Act mandates that Computer Output shall be admissible as
direct evidence as admissible under Indian Evidence Act, the expression Computer Output has
been defined liberally to cover every conceivable media and form. It includes:-
 Paper printed material (also called hard copies) seen in day to day use e.g. bank statement
of account, ATM receipts, Bills etc.
 Stored, recorded or copied in optical or magnetic media e.g. CD / DVD, Floppy, Pen
Drive and even detached Hard disk.
Nevertheless this acquired originality is subject to the satisfaction of conditions discussed
hereinafter under the heading ‗Legal admissibility‘.

(2) Writing
 The ‗written‘ format characterizes traditional documentary evidence. All done on
computer though appears on monitor, in written format .The same cannot be seen without
the help of computer appropriately programmed. Same input in a different computer with
 a different program will not display same result. On the other hand, writing wherever
written and wherever read will convey same meaning.
 To overcome this difficulty, I.T. Act granted legal recognition to electronic record and
henceforth electronic record will be admissible like / in place of any written, typed or
printed format regardless of the fact whether electronic record is expressly made
admissible or not. The non obstante clause in Section 4 gives it over-riding effect upon
all other laws.

(3) Authentication
 The requirement of authentication or identification is a condition precedent to
admissibility of a document in evidence. It carries a lot of importance in e- commerce
where agreements are conduced by e-mails and authenticated by digital signature.
 I. T. Act provides that any subscriber may authenticate an electronic record by affixing
this digital signature. The Section puts digital signature on the same footing as ordinary
signatures, marker initials and even thumbs impression. The non obstinate clause in
Section 3 gives it over-riding effect upon other laws prescribing to the contrary.

(4) Legal Admissibility

The best evidence rule requires that to prove the content of a writing, recording, or photograph,
the ―original‖ writing recording, or photograph shall ordinarily be produced i. e. primary
evidence. Secondary evidence is where the contents of the original are to be proved by leading
some other evidence. Electronic record challenges this very assumption since every electronic
record is an original as well as in duplicate. In other words it is primary as well as secondary
evidence at the same time. The original is in the form of electronic signals hence illegible. It can
be brought in presentable form through computer output out only. A mere printout, digital or
magnetic images of a computer-stored electronic files are not ―primary‖ for the purpose of the
best evidence rule. So this primary electronic evidence could never be produced or appreciated in
court of law.

 Faced with difficulty, Indian Evidence Act, 1872 has been amended by Section 91 read
with Second Schedule.
 Special Sections 65A and 65 B have been added to Indian Evidence Act, 1872 to bring
electronic record on equal footing to other documentary evidence.
 The legal admissibility of computer output is subjected to production of certificate (s)
satisfying the conditions prescribed under Section 65(B) (2) and 65 (B) (4) of Indian
Evidence Act. when ever any computer output is presented in a proceeding it must
accompany certificate (s) signed by a responsible person for operation of with regard to
computer and information under consideration containing statements as to identify and
manner of production of electronic record besides identifying the device used in
production of said electronic record. The same responsible person shall also give
 certificate as to satisfaction of four conditions of Section 65B (2) which make sure that
information was fed in ordinary course of activities when computer was working
properly.
 Despite it carrying impression, Section 65 A and 65 B Indian Evidence Act is not the last
word in cyber evidence nor it can be said that the cyber evidence was not admissible
before enactment of I.T. Act 2000. Interestingly even prior to amendment of Indian
Evidence Act, the computer printouts, microfilm and facsimile copies of documents were
admissible in evidence as documents in of Section 138-C of the Custom Acts, 1962 since
July 1988 on the same conditions which are now enshrined in Section 65 B of Indian
Evidence Act.
 The audio and video tapes are information stored on magnetic media thus fall within the
definition of Computer printout. These magnetic tapes /sound recordings were already
held admissible as documentary evidence under Section 3 and also under Section 7 of
Indian Evidence Act.
Scope of Sections 65A and 65B:
 The scope of Section 65 B of Indian Evidence Act, 1872 first time came into
consideration of Hon‘ble Apex court in State (N. C. T. of Delhi) v. Navjot Sandhu @
Afsal Guru (in) famously known as ―Parliament Attack case‖. It is held that Section 65 B
does not exclude Section 65 of Indian Evidence Act, 1872. The call records of (cellular)
telephones can be proved without satisfying the conditions laid down in Section 65 B (2),
if it is otherwise admissible under Section 65 satisfying the conditions s prescribed
therein. It is clearly established that Section 65 A and 65 B is not the Bible of cyber
evidence in India.
 Thus Supreme Court has provided a wide breathing space to cyber evidence. Otherwise
an effective investigation and adjudication of cyber offences / contraventions could not
take off in India due to the complicated nature of cyber investigation, cyber certification
and undoubtedly lack of knowledge and adequate experience in cyber investigations ,
prosecutions and adjudications.
 Academically speaking the word ‗secondary evidence‘ is not used for computer outputs
and electronic record leaving it to speculation whether it is secondary evidence or not. A
careful reading of Sections 65A and 65 B shows that electronic record / computer out put
is accepted as secondary evidence in India but with a difference. It is a new species of
secondary evidence as the conditions to be fulfilled here are different than those required
for a traditional documentary evidence under Section 65 of Indian Evidence Act, 1872.
 Challenges faced by Cyber Laws against Cyber Crimes

Cyber law is a generic term, which denotes all aspects , issues and the legal consequences on the
Internet, the World Wide Web and cyber space. India is the 12th nation in the world that has
cyber legislation. The cyber laws of the country could not be regarded as sufficient and secure
enough to provide a strong platform to the country‘s e-commerce industry for which they were
meant. However, it is important to note that the law does not help in solving cyber crimes
efficiently. There are many drawbacks which prevent cyber crimes from being solved in India.
 Awareness Problems: Most people in India prefer not to report cyber crimes to the law
enforcement agencies because they fear it might invite a lot of harassment. Awareness of
people about cyber crime is still very low and so we need to take many steps to alert the
legal scenario.
 Law Enforcement Agencies-Not well Equipped: Law enforcement agencies in the
country are not well equipped and knowledgeable enough about cyber crime. They have
been facing tremendous problems while trying to cope with the challenges of emerging
cyber crimes.
 Poor Cyber Security Infrastructure:
i. Very few cities have cyber crime cells viz, under the IT Act, the relevant officer
entitled to investigate a cyber crime is deputy superintendent of police, but most
DSPs are not well equipped to fight cyber crime.
ii. There is also a lack of dedicated cyber crime courts in the country where expertise
in cyber crime can be utilized.
 Technology Challenges in Cyber Crime:
i. In the present era of advancement in technology, law enforcement agencies lack
the technology required to conduct complex computer investigations.
ii. They also lack Forensic Computer support to check computer crimes that leave
―footprints‖ on the computer as well as on the internet.
iii. Most of the prosecutors also lack the specialization to focus on the prosecution of
criminals who use computer based and Internet system as a means of committing
crimes.
 Anonymity:
i. Another problem faced by cyber crime investigators is the identification of
suspects. Occasionally, this can lead to considerable problems when the wrong
person is arrested.
ii. Digital technologies enable people to disguise their identify in a wide range of
ways making it difficult to know with certainty who was using a computer from
which illegal communications came. This problem is more prevalent in business
environment where multiple people may have access to a personal computer and
where passwords are known or shared, than in private home where it can often be
 assumed who the person was and who was using the computer because of
circumstantial evidence.
iii. On-line technologies make it relatively simple to disguise one‘s true identity, to
misrepresent one‘s identity or to make use of some one else‘s identity, e-mailing
services can be used to disguise one‘s identity when sending e-mail by stripping
them to identifying information and allocating an anonymous identifier, sometime
encrypted for added security. By using several Emailing services users can make
their communications almost impossible to follow.
This problem may be solved by the use of biometric means of identification. At present
few computers have biometric user authentication systems such as fingerprint scanner
when logging on. When they become more widespread, problems of identification may
be reduced. DNA samples which can be gathered from keyboards may be used to identity
an individual with a particular computer in some cases.

 Locating and Securing Relevant Material

Today‘s cyber investigators are faced with many problems because digital evidence is highly
fragile, bits are easier to temper than paper, can easily be altered, manipulated and destroyed. So
chain of custody of these needs to be maintained and digital evidence needs to be authenticated.

 Problems of Encryption
A difficult problem faced by cyber crime investigators is concerning the data that have been
encrypted by accused who refuse to provide the decryption key or password.

 Jurisdictional Problems
i. Cyber crimes are crimes truly with have no boundary. Information technology has turned
the world into a global village. The cyber criminal have scant regard for national or local
jurisdictions.
ii. Section 75 of the Information Technology Act is Indian answer to jurisdictional blues.
This Section extends the influence of Information Technology Act, 2000 over the entire
world keeping in view the nature of cyber crimes.
iii. The salient feature of the provision is that person of any nationality can be booked under
this Act provided in the act and conduct of an offence or contravention any Indian
computer, computer system, computer network is in any way involved. So the nationality
of criminal, place of perpetration of the crime, the place of effect of crime or nationality
of the target or victim is immaterial.
iv. However, the problem is not as simple as it appears. The difficulty arises in implementing
extra-territorial jurisdiction. The problem will arise as to actual conducting of
investigation and trail.
 a. Collection of information in cyber matters requires searches and confiscation of
delicate material that needs speedy and expert handling. Assistance in such areas
is slow and half-hearted despite there being bets relations among countries.
b. An interesting question arises is; how far the police of one country is justified in
entering a computer system across the border suo moto to secure information that
is available online and is crucial to an investigation . It is very cumbersome,
lengthy and expensive.
v. The second point‘ Section 75 has potential to create problems, as an act that occurred
overseas may have no connection in India except the use of some remote computer
resource located here, this, which is quite common in internet relations, may be brought
within the purview of our laws,. How it is justifiable to start criminal proceedings against
a foreigner who has not committed any act on Indian territory?.
vi. Regarding the offences the general provisions of Code of Criminal Procedure, 1973 are
applicable. However the tardy procedures under Section 166A and 166B of the Code of
Criminal Procedure enabling investigation of crime in a foreign country would be
hopelessly out of tune with the scope of computer crime and swiftness with which the
evidence can be destroyed.
vii. Similarly, the bar of Section 188 of the Code, requiring prior permission of Central
Government to inquire into or try offences committed outside the country, appear to be
out of tune with the global nature of computer activity, which has dramatically changed
the way we work, communicate and even play.

Improvements Required in Cyber Laws

 Continuous Training of Law Enforcement Officials:
The law enforcement agencies have been facing tremendous problems while trying to
cope with the challenges of emerging cyber crime within the ambit of the Indian Penal
Code, even if a liberal interpretation of it is taken. Cyber law is indeed helpful in
addressing some cyber crimes. However, in the areas where the law does not cover some
cyber crimes which have already emerged, the law is of no assistance or help whatsoever.
There is a need for dedicated, continuous, updated training of the law enforcement
agencies.
 Law Enforcement Agencies must have enough knowledge of computer based and
Internet investigations if they have to handle these crimes effectively. Law enforcement
must seek ways to keep the drawbacks from overshadowing the computer age.
 Further, the law enforcement agencies dealing with cyber crime need to come up with an
extremely friendly image
 People need to be encouraged to report the matter to the law enforcement agencies with
full confidence and trust and without the fear of being harassed. Cyber crimes have to be
tackled effectively not only by the law officials but also by the cyber society by co-
operating with the law.
  IT department should pass certain guidelines and notifications for the protection of
computer system and should also bring out with some more strict laws to breakdown the
criminal activities relating to cyberspace.
 As Cyber Crime is the major threat to all the countries worldwide, certain steps should be
taken at the international level for preventing the cybercrime. The jurisdictional problems
shall be resolved through the international cooperation taking in view the global impact
of cyber crimes.

Preventive Measures For Cyber Crimes

Prevention is always better than cure. A netizen should take certain precautions while operating
the internet and should follow certain preventive measures for cyber crimes which can be defined
as:

 Identification of exposures through education will assist responsible companies and firms
to meet these challenges.
 One should avoid disclosing any personal information to strangers via e-mail or while
chatting.
 One must avoid sending any photograph to strangers by online as misusing of photograph
incidents increasing day by day.
 An updated Anti-virus software to guard against virus attacks should be used by all the
netizens and should also keep back up volumes so that one may not suffer data loss in
case of virus contamination.
 A person should never send his credit card number to any site that is not secured, to guard
against frauds.
 It is always the parents who have to keep a watch on the sites that your children are
accessing, to prevent any kind of harassment or depravation in children.
 Web site owners should watch traffic and check any irregularity on the site. It is the
responsibility of the web site owners to adopt some policy for preventing cyber crimes as
number of internet users are growing day by day.
 Web servers running public sites must be separately protected from internal corporate
network.

Methods For Cyber Protection

Digital Signature:

A Digital Signature is a technique by which it is possible to secure electronic information in such

a way that the originator of the information, as well as the integrity of the information, can be
verified. This procedure of guaranteeing the origin and the integrity of the information is also
called Authentication.
The authenticity of many legal, financial, and other documents is determined by the presence or
absence of an authorized handwritten signature. For a computerised message system to replace
the physical transport of paper and ink documents handwritten signatures have to be replaced by
Digital Signatures.
A digital signature is only a technique that can be used for different authentication purposes. For
an E-record, it comes functionally very close to the traditional handwritten signatures. The user
himself/ herself can generate key pair by using specific crypto software. Any person may make
an application to the Certifying Authority for issue of Digital Signature Certificate.

Encryption:

One of the most powerful and important methods for security in computer systems is to encrypt
sensitive records and messages in transit and in storage.

At present, information and data security plays a vital role in the security of the country, the
security of the corporate sector and also of every individual, working for personal benefit. The
message or data to be encrypted, also known as the plaintext, is transformed by a function that is
parameterized by a KEY. The output of the encryption process, known as the cipher text, is then
transmitted through the insecure communication channel. It is done with the help of algorithms,
few of them are- The Secret-Key Algorithm, Data Encryption Standard (DES, Public Key
Algorithms)

Security Audit:

A security audit is a systematic evaluation of the security of a company‘s information system

by measuring how well it conforms to a set of established criteria. It is to find out the
vulnerabilities that an organization is facing with its IT infrastructure. A thorough audit typically
assesses the security of the system‘s physical configuration and environment, software,
information handling processes, and user practices.

Cyber Forensics:

Cyber Forensics is a very important ingredient in the investigation of cyber crimes. Cyber
forensics is the discovery, analysis, and reconstruction of evidence extracted from any element of
computer systems, computer networks, computer media, and computer peripherals that allow
investigators to solve a crime.
 Principal concern with computer forensics involve imaging storage media, recovering
deleted files, searching slack and free space, and preserving the collected information for
litigation purposes.
  Network forensics, is a more technically challenging aspect of cyber forensics. It gathers
digital evidence that is distributed across large-scale, complex networks.

National Cyber security Policy, 2013

In light of the growth of IT sector in the country, the National Cyber Security Policy of India
2013 was announced by Indian Government in 2013 yet its actual implementation is still
missing. As a result fields like e-governance and e-commerce are still risky and may
require cyber insurance in the near future. Its important features include:
 To build secure and resilient cyber space.
 Creating a secure cyber ecosystem, generate trust in IT transactions.
 24 x 7 National Critical Information Infrasctructure Protection Center (NCIIPC)
 Indigenous technological solutions (Chinese products and reliance on foreign software)
 Testing of ICT products and certifying them. Validated products
 Creating workforce of 500,000 professionals in the field
 Fiscal Benefits for businessman who accepts standard IT practices, etc.

Other Steps Taken by Indian Government:

 The government has conducted several awareness and training programmes on cyber
crimes for law enforcement agencies including those on the use of cyber Forensics
Software packages and the associated procedures with it to collect digital evidence from
the scene of crime.
 Special training programmes have also been conducted for the judiciary to train them on
the techno-legal aspects of cyber crimes and on the analysis of digital evidence presented
before them. Both the CBI and many state police organizations are today geared to tackle
cybercrime through specialised cyber crime cells that they have set up.
 Cyber security initiatives and projects in India are very less in numbers. Even if some
projects have been proposed, they have remained on papers only.
 The list is long but sufficient is to talk about the projects like National Critical
Information Infrastructure Protection Centre (NCIIPC) of India, National Cyber
Coordination Centre (NCCC) of India, Tri Service Cyber Command for Armed Forces of
India, Cyber Attacks Crisis Management Plan Of India, etc. None of them are
―Coordinating‖ with each other and all of them are operating in different and distinct
spheres. Recently, the National Technical Research Organization (NTRO) was entrusted
with the responsibility to protect the critical ICT infrastructures of India.
 India has already launched e-surveillance projects like National Intelligence Grid
(NATGRID), Central Monitoring System (CMS), Internet Spy System Network and
Traffic Analysis System (NETRA) of India, etc.
 National Informatics Centre (NIC) has been formed which provides network backbone,
manages IT services, e-governance initiatives of central and state governments.
 Stakeholder agencies in India
Countering cyber crimes is a coordinated effort on the part of several agencies in the Ministry of
Home Affairs and in the Ministry of Communications and Information Technology. The law
enforcement agencies such as the Central Bureau of Investigation, The Intelligence Bureau, state
police organizations and other specialised organizations such as the National Police Academy
and the Indian Computer Emergency Response Team (CERT-In) are the prominent ones who
tackle cyber crimes.
1. National Information Board (NIB)
National Information Board is an apex agency with representatives from relevant Departments
and agencies that form part of the critical minimum information infrastructure in the country.
2. National Crisis Management Committee (NCMC)
The National Crisis Management Committee (NCMC) is an apex body of Government of India
for dealing with major crisis incidents that have serious or national ramifications. It will also deal
with national crisis arising out of focused cyber-attacks.
3. National Security Council Secretariat (NSCS)
National Security Council Secretariat (NSCS) is the apex agency looking into the political,
economic, energy and strategic security concerns of India and acts as the secretariat to the NIB.
4.Department of Information Technology (DIT)
Department of Information Technology (DIT) is under the Ministry of Communications and
Information Technology, Government of India. DIT strives to make India a global leading player
in Information Technology and at the same time take the benefits of Information Technology to
every walk of life for developing an empowered and inclusive society. It is mandated with the
task of dealing with all issues related to promotion & policies in electronics & IT.
5.Department of Telecommunications (DoT)
Department of Telecommunications (DoT) under the Ministry of Communications and
Information Technology, Government of India, is responsible to coordinate with all ISPs and
service providers with respect to cyber security incidents and response actions as deemed
necessary by CERT-In and other government agencies.
6.CERT-In
It monitors Indian cyberspace and coordinates alerts and warning of imminent attacks and
detection of malicious attacks among public and private cyber users and organizations in the
country. It maintains 24×7 operations centre and has working relations/collaborations and
contacts with CERTs, all over the world; and Sectoral CERTs, public, private, academia, Internet
Service Providers and vendors of Information Technology products in the country.
7.National Information Infrastructure Protection Centre (NIIPC)
NIIPC is a designated agency to protect the critical information infrastructure in the country. It
gathers intelligence and keeps a watch on emerging and imminent cyber threats in strategic
sectors including National Defence. They would prepare threat assessment reports and facilitate
sharing of such information and analysis among members of the Intelligence, Defence and Law
enforcement agencies with a view to protecting these agencies‘ ability to collect, analyze and
disseminate intelligence.

8. The Cyber Regulations Appellate Tribunal

The Cyber Regulations Appellate Tribunal has power to entertain the cases of any person
aggrieved by the Order made by the Controller of Certifying Authority or the Adjudicating
Officer. It has been established by the Central Government under Section 48(1) of the
Information Technology Act, 2000.The body is quasi-judicial in nature.

Conclusion:

Cyber crime that has become a great threat to the cyber society, has to be tackled efficiently not
only by the law officials but also by the cyber society. The IT Act, 2000 has developed great
assistance to the cyber law prosecutors to put the cyber criminals under bars. Being co-operative
with the law, the problem could be solved to a great extent. The law enforcement agencies
dealing with cyber crimes have to be extremely cooperative with cyber society. To conclude, in
order to deal with the problem of cyber crimes, along with better legal implementation, a need
for some new laws and a proactive approach by the law enforcement agencies is needed.