INFORMATION

TECHNOLOGY ACT-2000
1.Introduction & definitions
2. Digital Signature and Certificates
3. E-Commerce & E- Governance
4. Duties of Subscriber
5. Penalties and adjudication
6. Cyber Crime
7. Amendments to the Act

IT Act, 2000

Enacted on 17th May 2000- India is 12th nation

in the world to adopt cyber laws

IT Act is based on Model law on e-commerce

adopted by UNCITRAL

Objectives of the IT
Act
To provide legal recognition for transactions:

Carried out by means of electronic data interchange, and

other means of electronic communication, commonly
referred to as "electronic commerce

To

facilitate

electronic

filing

of

documents

with

Government agencies and E-Payments

To amend the Indian Penal Code, Indian Evidence

Act,1872,

the

Bankers

Books

1891,Reserve Bank of India Act ,1934

Evidence

Act

Extent of application

Extends to whole of India and also applies to any

offence or contravention there under committed
outside India by any person {section 1 (2)} read
with Section 75- Act applies to offence or
contravention committed outside India by any
person irrespective of his nationality, if such act
involves

computer, computer

network located in India

system

or

Definitions ( section 2)

Access: "access" with its grammatical variations and

cognate expressions means gaining entry into, instructing
or communicating with the logical, arithmetical, or
memory function resources of a computer, computer
system or computer network;

Addresee; "addressee" means a person who is intended

by the originator to receive the electronic record but does
not include any intermediary;

Certifying Authority: Certifying Authority"

means a person who has been granted a
licence to issue a Digital Signature
Certificate under section 24;

Subscriber: "subscriber" means a person

in whose name the Digital Signature
Certificate is issued.

"computer network" means the interconnection of one or more computers through(i) the use of satellite, microwave, terrestrial
line or other communication media; and
(ii) terminals or a complex consisting of two or
more interconnected computers whether or
not the interconnection is continuously
maintained

"computer system" means a device or

collection of devices, including input and output
support devices and excluding calculators which
are not programmable and capable being used
in conjunction with external files which contain
computer programmes, electronic instructions,
input data and output data that performs logic,
arithmetic, data storage and retrieval,
communication control and other functions;

"computer resource" means computer,

computer system, computer network,
data,computer data base or software;

"Controller" means the Controller of

Certifying Authorities appointed under subsection (l) of section 17;

"data" means a representation of information,

knowledge, facts, concepts or instruction which are
being prepared or have been prepared in a
formalized manner, and is intended to be processed,
is being processed or has been processed in a
computer system or computer network, and may be
in any form (including computer printouts magnetic or
optical storage media, punched cards, punched
tapes) or stored internally in the memory of the
computer.

"Digital Signature Certificate" means a Digital

Signature Certificate issued under subsection
(4) of section 35;

"electronic form" with reference to information

means any information generated, sent,
received or stored in media, magnetic, optical,
computer memory, micro film, computer
generated micro fiche or similar device.

"electronic record" means data, record or data

generated, image or sound stored, received or sent in an
electronic form or micro film or computer generated micro
fiche;

"originator" means a person who sends, generates, stores

or transmits any electronic message or causes any electronic
message to be sent, generated, stored or
transmitted to any other person but does not include
an intermediary;

DIGITAL SIGNATURE
&
DIGITAL SIGNATURE
CERTIFICATE

SECTION 5 LEGAL RECOGNITION OF DIGITAL SIGNATURES

Where any law provides that information or any other matter shall be
authenticated by affixing the signature or any document shall be signed or bear
the signature of any person then, notwithstanding anything contained in such
law, such requirement shall be deemed to have been satisfied, if such
information or matter is authenticated by means of digital signature affixed in
such manner as may be prescribed by the Central Government.
SECTION 15 SECURE DIGITAL SIGNATURE.
If, by application of a security procedure agreed to by the parties concerned, it
can be verified that a digital signature, at the time it was affixed, was
unique to the subscriber affixing it
capable of identifying such subscriber
created in a manner or using a means under the exclusive control of the
subscriber and is linked to the electronic record to which it relates in such a
manner that if the electronic record was altered the digital signature would be
invalidated,
then such digital signature shall be deemed to be a secure digital signature.

Diagram showing how a simple digital signature is applied and then verified

PENALTIES, COMPENSATION
AND ADJUDICATION SECTIONS

SECTION 43 PENALTY FOR DAMAGE TO COMPUTER

If any person without permission of the owner or any other person who is in charge of a
computer, computer system or computer network,
accesses or secures access to such computer, computer system or computer network;
downloads, copies or extracts any data, computer data base or information from such computer,
computer system or computer network including information or data held or stored in any removable
storage medium
introduces or causes to be introduced any computer contaminant or computer virus into any
computer, computer system or computer network
damages or causes to be damaged any computer, computer system or computer network, data,
computer data base or any other programmes residing in such computer, computer system or
computer network;
disrupts or causes disruption of any computer, computer system or computer network; denies or
causes the denial of access to any person authorised to access any computer, computer system or
computer network by any means
provides any assistance to any person to facilitate access to a computer, computer system or
computer network in contravention of the provisions of this Act, rules or regulations made there
under
charges the services availed of by a person to the account of another person by tampering with
or manipulating any computer, computer system, or computer network
he shall be liable to pay damages by way of compensation not exceeding one crore rupees to the
person so affected

Related Case:
Mphasis BPO Fraud: 2005In December 2004, four call centre employees,
working at an outsourcing facility operated by MphasiS in India, obtained PIN
codes from four customers of MphasiS client, Citi Group. These employees
were not authorized to obtain the PINs. In association with others, the call
centre employees opened new accounts at Indian banks using false
identities. Within two months, they used the PINs and account information
gleaned during their employment at MphasiS to transfer money from the bank
accounts of CitiGroup customers to the new accounts at Indian banks.
By April 2005, the Indian police had tipped off to the scam by a U.S. bank,
and quickly identified the individuals involved in the scam. Arrests were made
when those individuals attempted to withdraw cash from the falsified
accounts, $426,000 was stolen; the amount recovered was $230,000.
Verdict: Court held that Section 43(a) was applicable here due to the nature
of unauthorized access involved to commit transactions

Section 43A Compensation for failure to protect data

Where a body corporate, possessing, dealing or handling any sensitive personal data
or information in a computer resource which it owns, controls or operates, is negligent
in implementing and maintaining reasonable security practices and procedures and
thereby causes wrongful loss or wrongful gain to any person, such body corporate
shall be liable to pay damages by way of compensation, not exceeding five crore
rupees, to the person so affected.
Section 44 Penalty for failure to furnish information or return, etc.
If any person who is required under this Act or any rules or regulations made there
under to
i.
ii.

iii.

Furnish any document, return or report to the Controller or the Certifying Authority, fails to
furnish the same, he shall be liable to a penalty not exceeding one lakh and fifty thousand
rupees for each such failure
File any return or furnish any information, books or other documents within the time
specified therefore in the regulations, fails to file return or furnish the same within the time
specified therefore in the regulations, he shall be liable to a penalty not exceeding five
thousand rupees for every day during which such failure continues
Maintain books of account or records, fails to maintain the same, he shall be liable to a
penalty not exceeding ten thousand rupees for every day during which the failure continues.

Section 45 Residuary Penalty

Whoever contravenes any rules or regulations made under this Act, for the
contravention of which no penalty has been separately provided, shall be liable
to pay a compensation not exceeding twenty-five thousand rupees to the
person affected by such contravention or a penalty not exceeding twenty-five
thousand rupees.
Section 47 Factors to be taken into account by the adjudicating officer
Section 47 lays down that while adjudging the quantum of compensation
under this Act, an adjudicating officer shall have due regard to the following
factors, namely :
The amount of gain of unfair advantage, wherever quantifiable, made as a
result of the default;
The amount of loss caused to the person as a result of the default,
The repetitive nature of the default.

SECTION 61 CIVIL COURT NOT TO HAVE JURISDICTION

No court shall have jurisdiction to entertain any suit or proceeding in respect of any
matter which an adjudicating officer appointed under this Act or the Cyber Appellate
Tribunal constituted under this Act is empowered by or under this Act to determine and
no injunction shall be granted by any court or other authority in respect of any action
taken or to be taken in pursuance of any power conferred by or under this Act.

SECTION 62 APPEAL TO HIGH COURT.

Any person aggrieved by any decision or order of the Cyber Appellate Tribunal may
file an appeal to the High Court within sixty days from the date of communication of the
decision or order of the Cyber Appellate Tribunal to him on any question of fact or law
arising out of such order
Provided that the High Court may, if it is satisfied that the appellant was prevented by
sufficient cause from filing the appeal within the said period, allow it to be filed within a
further period not exceeding sixty days.

SECTION 63 COMPOUNDING OF CONTRAVENTIONS

It states that any contraventions under this Act either before or after the institution
of adjudication proceedings, be compounded by the Controller or such other officer
as may be specially authorised by him in this behalf or by the adjudicating officer,
as the case may be, subject to such conditions as the Controller or such other
officer or the adjudicating officer may impose.
SECTION 64 RECOVERY OF PENALTY
A penalty imposed under this Act, if it is not paid, shall be recovered as an arrear
of land revenue and the licence or the Digital Signature Certificate, as the case
may be, shall be suspended till the penalty is paid

OFFENSES SECTIONS

Cybercrime provisions under IT Act,2000

Tampering with Computer source documents
Hacking with Computer systems, Data alteration
Publishing obscene information
Un-authorized access to protected system
Breach of Confidentiality and Privacy
Publishing false digital signature certificates

Sec.65
Sec.66
Sec.67
Sec.70
Sec.72
Sec.73

SECTION 65
TAMPERING WITH COMPUTER SOURCE DOCUMENTS
Whoever knowingly or intentionally conceals, destroys or alters or
intentionally or knowingly causes another to conceal, destroy or alter
any computer source code used for a computer, computer programme,
computer system or computer network, when the computer source code
is required to be kept or maintained by law for the time being in force,
shall be punishable with imprisonment up to three years, or with fine
which may extend up to two Lakh rupees, or with both.
Related Case : Syed Asifuddin and Ors. Vs. The State of Andhra
PradeshIn this case, Tata Indicom employees were arrested for
manipulation of the electronic 32- bit number (ESN) programmed into
cell phones theft were exclusively franchised to Reliance Infocomm.
Verdict: Court held that tampering with source code invokes Section 65
of the Information Technology Act. - See more at:
http://niiconsulting.com/checkmate/2014/06/it-act-2000-penaltiesoffences-with-case-studies/#sthash.ZTssNLPR.dpuf

SECTION 66 HACKING WITH COMPUTER SYSTEM

Whoever with the intent to cause or knowing that he is likely to cause wrongful
loss or damage to the public or any person destroys or deletes or alters any
information residing in a computer resource or diminishes its value or utility or
affects it injuriously by any means, commits hacking.
Whoever commits hacking shall be punished with imprisonment up to three
years, or with fine which may extend up to two Lakh rupees, or with both.

Related Case: Kumar v/s Whiteley In this case the accused gained
unauthorized access to the Joint Academic Network (JANET) and deleted,
added files and changed the passwords to deny access to the authorized
users.Investigations had revealed that Kumar was logging on to the BSNL
broadband Internet connection as if he was the authorized genuine user and
made alteration in the computer database pertaining to broadband Internet
user accounts of the subscribers.The CBI had registered a cyber crime case
against Kumar and carried out investigations on the basis of a complaint by
the Press Information Bureau, Chennai, which detected the unauthorised use
of broadband Internet. The complaint also stated that the subscribers had
incurred a loss of Rs 38,248 due to Kumars wrongful act. He used to hack
sites from Bangalore, Chennai and other cities too, they said.
Verdict: The Additional Chief Metropolitan Magistrate, Egmore, Chennai,
sentenced N G Arun Kumar, the techie from Bangalore to undergo a rigorous
imprisonment for one year with a fine of Rs 5,000 under section 420 IPC
(cheating) and Section 66 of IT Act (Computer related Offense). - See more
at: http://niiconsulting.com/checkmate/2014/06/it-act-2000-penaltiesoffences-with-case-studies/#sthash.ZTssNLPR.dpuf

66A
Sending offensive messages thro communication service, causing annoyance etc
through an electronic communication or sending an email to mislead or deceive the
recipient about the origin of such messages (commonly known as IP or email
spoofing) are all covered here. Punishment for these acts is imprisonment upto three
years or fine.

Relevant Case #1: Fake profile of President posted by imposter On September

9, 2010, the imposter made a fake profile in the name of the Honble President
Pratibha Devi Patil. A complaint was made from Additional Controller, President
Household, President Secretariat regarding the four fake profiles created in the
name of Honble President on social networking website, Facebook. The said
complaint stated that president house has nothing to do with the facebook and
the fake profile is misleading the general public. The First Information Report
Under Sections 469 IPC and 66A Information Technology Act, 2000 was
registered based on the said complaint at the police station, Economic
Offences Wing, the elite wing of Delhi Police which specializes in investigating
economic crimes including cyber offences.
Relevant Case #2: Bomb Hoax mail In 2009, a 15-year-old Bangalore
teenager was arrested by the cyber crime investigation cell (CCIC) of the city
crime branch for allegedly sending a hoax e-mail to a private news channel. In
the e-mail, he claimed to have planted five bombs in Mumbai, challenging the
police to find them before it was too late. At around 1p.m. on May 25, the news

66B Dishonestly receiving stolen computer resource or communication device with

punishment upto three years or one Lakh rupees as fine or both.
66C Electronic signature or other identity theft like using others password or electronic
signature etc. Punishment is three years imprisonment or fine of one lakh rupees or
both.
Relevant cases for sec 66C:
1. The CEO of an identity theft protection company, Lifelock, Todd Daviss social
security number was exposed by Matt Lauer on NBCs Today Show. Davis identity
was used to obtain a $500 cash advance loan.
2. Li Ming, a graduate student at West Chester University of Pennsylvania faked his
own death, complete with a forged obituary in his local paper. Nine months later, Li
attempted to obtain a new drivers license with the intention of applying for new credit
cards eventually. - See more at: http://niiconsulting.com/checkmate/2014/06/it-act2000-penalties-offences-with-case-studies/#sthash.ZTssNLPR.dpuf

66D Cheating by impersonation using computer resource or a communication device

shall be punished with imprisonment of either description for a term which extend to
three years and shall also be liable to fine which may extend to one Lakh rupee.
Relevant Case: Sandeep Vaghese v/s State of Kerala A complaint filed by the representative of a
Company, which was engaged in the business of trading and distribution of petrochemicals in India
and overseas, a crime was registered against nine persons, alleging offenses under Sections 65,
66, 66A, C and D of the Information Technology Act along with Sections 419 and 420 of the Indian
Penal Code. The company has a web-site in the name and and style `www.jaypolychem.com but,
another web site `www.jayplychem.org was set up in the internet by first accused Samdeep
Varghese @ Sam, (who was dismissed from the company) in conspiracy with other accused,
including Preeti and Charanjeet Singh, who are the sister and brother-in-law of `Sam
Defamatory and malicious matters about the company and its directors were made available in that
website. The accused sister and brother-in-law were based in Cochin and they had been acting in
collusion known and unknown persons, who have collectively cheated the company and committed
acts of forgery, impersonation etc
Two of the accused, Amardeep Singh and Rahul had visited Delhi and Cochin. The first accused
and others sent e-mails from fake e-mail accounts of many of the customers, suppliers, Bank etc. to
malign the name and image of the Company and its Directors.
The defamation campaign run by all the said persons named above has caused immense damage
to the name and reputation of the Company. The Company suffered losses of several crores of
Rupees from producers, suppliers and customers and were unable to do business. - See more at:
http://niiconsulting.com/checkmate/2014/06/it-act-2000-penalties-offences-with-casestudies/#sthash.ZTssNLPR.dpuf

66E Privacy violation Publishing or transmitting private area of any person without his
or her consent etc. Punishment is three years imprisonment or two lakh rupees fine or
both.

Relevant Cases:
1. Jawaharlal Nehru University MMS scandal In a severe shock to the
prestigious and renowned institute Jawaharlal Nehru University, a
pornographic MMS clip was apparently made in the campus and transmitted
outside the university.Some media reports claimed that the two accused
students initially tried to extort money from the girl in the video but when they
failed the culprits put the video out on mobile phones, on the internet and
even sold it as a CD in the blue film market.
2. Nagpur Congress leaders son MMS scandal On January 05, 2012
Nagpur Police arrested two engineering students, one of them a son of a
Congress leader, for harassing a 16-year-old girl by circulating an MMS clip
of their sexual acts. According to the Nagpur (rural) police, the girl was in a
relationship with Mithilesh Gajbhiye, 19, son of Yashodha Dhanraj Gajbhiye,
a zila parishad member and an influential Congress leader of Saoner region
in Nagpur district.

66F Cyber terrorism Intent to threaten the unity, integrity, security or sovereignty of
the nation and denying access to any person authorized to access the computer
resource or attempting to penetrate or access a computer resource without
authorization. Acts of causing a computer contaminant (like virus or Trojan Horse or
other spyware or malware) likely to cause death or injuries to persons or damage to or
destruction of property etc. come under this Section. Punishment is life imprisonment.

Relevant Case:
The Mumbai police have registered a case of cyber terrorism
the first in the state since an amendment to the Information
Technology Actwhere a threat email was sent to the BSE and
NSE on Monday. The MRA Marg police and the Cyber Crime
Investigation Cell are jointly probing the case. The suspect has
been detained in this case.The police said an email challenging
the security agencies to prevent a terror attack was sent by one
Shahab Md with an ID sh.itaiyeb125@yahoo.in to BSEs
administrative email ID corp.relations@bseindia.com at around
10.44 am on Monday.The IP address of the sender has been
traced to Patna in Bihar. The ISP is Sify. The email ID was created

SECTION 67 PUBLISHING OF OBSCENE INFORMATION

Whoever publishes or transmits or causes to be published in the electronic form, any
material which is lascivious or appeals to the prurient interest or if its effect is such as to
tend to deprave and corrupt persons who are likely, having regard to all relevant
circumstances, to read, see or hear the matter contained or embodied in it, shall be
punished on first conviction with imprisonment of either description for a term which may
extend to five years and with fine which may extend to one lakh rupees and in the event
of a second or subsequent conviction with imprisonment of either description for a term
which may extend to ten years and also with fine which may extend to two lakh rupees.
This Section is of historical importance since the landmark judgement in what is
considered to be the first ever conviction under I.T. Act 2000 in India, was obtained in
this Section in the famous case State of Tamil Nadu vs Suhas Katti on 5 November
2004. The strength of the Section and the reliability of electronic evidences were proved
by the prosecution and conviction was brought about in this case, involving sending
obscene message in the name of a married women amounting to cyber stalking, email
spoofing and the criminal activity stated in this Section.

Case in next slide

Relevant Case: This case is about posting obscene, defamatory and annoying
message about a divorcee woman in the Yahoo message group. E-mails were
forwarded to the victim for information by the accused through a false e- mail
account opened by him in the name of the victim. These postings resulted in
annoying phone calls to the lady. Based on the ladys complaint, the police
nabbed the accused. Investigation revealed that he was a known family friend
of the victim and was interested in marrying her. She was married to another
person, but that marriage ended in divorce and the accused started contacting
her once again. On her reluctance to marry him he started harassing her
through internet.
Verdict: The accused was found guilty of offences under section 469, 509 IPC
and 67 of IT Act 2000. He is convicted and sentenced for the offence as
follows:
As per 469 of IPC he has to undergo rigorous imprisonment for 2 years and
to pay fine of Rs.500/ As per 509 of IPC he is to undergo to undergo 1 year Simple imprisonment
and to pay Rs 500/ As per Section 67 of IT Act 2000, he has to undergo for 2 years and to pay
fine of Rs.4000/All sentences were to run concurrently.
The accused paid fine amount and he was lodged at Central Prison, Chennai.

67B. Child Pornography

Depicting children engaged in sexually explicit act, creating text or digital images or
advertising or promoting such material depicting children in obscene or indecent manner
etc or facilitating abusing children online or inducing children to online relationship with
one or more children etc come under this Section. Children means persons who have
not completed 18 years of age, for the purpose of this Section. Punishment for the
first conviction is imprisonment for a maximum of five years and fine of ten Lakh rupees
and in the event of subsequent conviction with imprisonment of seven years and fine of
ten lakh rupees.

Relevant Case:
Janhit Manch & Ors. v. The Union of India 10.03.2010 Public Interest
Litigation: The petition sought a blanket ban on pornographic websites.
The NGO had argued that websites displaying sexually explicit content
had an adverse influence, leading youth on a delinquent path.
- See more at: http://niiconsulting.com/checkmate/2014/06/it-act-2000penalties-offences-with-case-studies/#sthash.ZTssNLPR.dpuf
Section 67C fixes the responsibility to intermediaries that they shall preserve
and retain such information as may be specified for such duration and in such
manner as the Central Government may prescribe. Non-compliance is an

69 Powers being made available to any officer designated by either the Central or
State Government to Intercept information whether in transit or storage.
Imprisonment for 7 years and it is non bailable and non compoundable.
69 A Provides powers to a designated officer of the Central Government to Block
websites. Imprisonment for 7 years and it is non bailable and non compoundable.
69 B Provides powers to a designated officer of the Central Government to
collect traffic data from any computer resource imprisonment for 3 years and it
is bailable and compoundable.
Relevant Case: In August 2007, Lakshmana Kailash K., a techie from Bangalore was arrested on
the suspicion of having posted insulting images of Chhatrapati Shivaji, a major historical figure in
the state of Maharashtra, on the social-networking site Orkut.The police identified him based on IP
address details obtained from Google and Airtel -Lakshmanas ISP. He was brought to Pune and
detained for 50 days before it was discovered that the IP address provided by Airtel was erroneous.
The mistake was evidently due to the fact that while requesting information from Airtel, the police
had not properly specified whether the suspect had posted the content at 1:15 p.m.
Verdict: Taking cognizance of his plight from newspaper accounts, the State Human Rights
Commission subsequently ordered the company to pay Rs 2 lakh to Lakshmana as damages. The
incident highlights how minor privacy violations by ISPs and intermediaries could have impacts that
gravely undermine other basic human rights
. - See more at: http://niiconsulting.com/checkmate/2014/06/it-act-2000-penalties-offences-withcase-studies/#sthash.ZTssNLPR.dpuf

Section 70. Protected System:

(1) The appropriate Government may, by notification in the Official Gazette, declare that
any computer, computer system or computer network to be a protected system.
(2) The appropriate Government may, by order in writing, authorize the persons who are
authorized to access protected systems notified under sub-section (1).
(3) Any person who secures access or attempts to secure access to a protected system
in contravention of the provision of this section shall be punished with imprisonment of
either description for a term which may extend to ten years and shall also be liable to
fine.
SECTION 71 PENALTY FOR MISREPRESENTATION
Whoever makes any misrepresentation to, or suppresses any material fact from, the
Controller or the Certifying Authority for obtaining any licence or Digital Signature
Certificate, as the case may be, shall be punished with imprisonment for a term which
may extend to two years, or with fine which may extend to one lakh rupees, or with both.

SECTION 72 PENALTY FOR BREACH OF PRIVACY

Any person who, in pursuance of any of the powers conferred under this Act, rules or
regulations made there under, has secured access to any electronic record, book,
register, correspondence, information, document or other material without the consent of
the person concerned is closes such electronic record, book, register, correspondence,
information, document or other material to any other person shall be punished with
imprisonment for a term which may extend to two years, or with fine which may extend to
one lakh rupees, or with both

Section 72A
Punishment for Disclosure of information in breach of lawful contract Any person
including an intermediary who, while providing services under the terms of lawful
contract, has secured access to any material containing personal information about
another person, with the intent to cause or knowing that he is likely to cause wrongful
loss or wrongful gain discloses, without the consent of the person concerned, or in
breach of a lawful contract, such material to any other person shall be punished with
imprisonment for a term which may extend to three years, or with a fine which may
extend to five lakh rupees, or with both
- See more at: http://niiconsulting.com/checkmate/2014/06/it-act-2000-penaltiesoffences-with-case-studies/#sthash.ZTssNLPR.dpuf

SECTION 73 - PENALTY FOR PUBLISHING FALSE DIGITAL SIGNATURE

CERTIFICATE
i.

No person shall publish a Digital Signature Certificate or otherwise make it available

to any other person with the knowledge that

. the Certifying Authority listed in the certificate has not issued it; or
. the subscriber listed in the certificate has not accepted it; or
. the certificate has been revoked or suspended, unless such publication is for the
purpose of verifying a digital signature created prior to such suspension or revocation
ii. Any person who contravenes the provisions of sub-section (1) shall be punished with
imprisonment for a term which may extend to two years, or with fine which may
extend to one Lakh rupees, or with both.
Case Laws:
1. Bennett Coleman & Co. v/s Union of India.
In this case the publication has been stated that publication means dissemination and
circulation. In the context of digital medium, the term publication includes and
transmission of information or data in electronic form

Section 74 Publication for fraudulent purpose:

Whoever knowingly creates, publishes or otherwise makes available a Electronic
Signature Certificate for any fraudulent or unlawful purpose shall be punished with
imprisonment for a term which may extend to two years, or with fine which may
extend to one lakh rupees, or with both.
Section 75 Act to apply for offence or contraventions committed outside India
i.

Subject to the provisions of sub-section (2), the provisions of this Act shall apply
also to any offence or contravention committed outside India by any person
irrespective of his nationality.
ii. For the purposes of sub-section (1), this Act shall apply to an offence or
contravention committed outside India by any person if the act or conduct
constituting the offence or contravention involves a computer, computer system or
computer network located in India
Case Laws for section 75
R v/s Governor of Brixton prison and another.
Facts: In this case the Citibank faced the wrath of a hacker on its cash management system,
resulting in illegal transfer of funds from customers account in to the accounts of the hacker, later
identified as Valdimer Levin and his accomplices. After Levin was arrested he was extradite to the
United States. One of the most important issues was jurisdictional issue, the place of origin of the
cyber crime.
Held: The Court helds that the real- time nature of the communication link between Levin and
Citibank computer meant that Levins keystrokes were actually occurring on the Citibank computer.

Section 76. Confiscation:

Any computer, computer system, floppies, compact disks, tape drives or any other
accessories related thereto, in respect of which any provisions of this Act, rules, orders
or regulations made there under has been or is being contravened, shall be liable to
confiscation
77. Penalties or confiscation not to interfere with other punishments:
No penalty imposed or confiscation made under this Act shall prevent the imposition of
any other punishment to which the person affected thereby is liable under any other law
for the time being in force.
78. Power to investigate offences:
Notwithstanding anything contained in the Code of Criminal Procedure, 1973, a police
officer not below the rank of Deputy Superintendent of Police shall investigate any
offence under this Act.

Cyber crime
Any criminal activity that uses a computer
either as an instrumentality, target or a
means for perpetuating further crimes comes
within the ambit of cyber crime

Reasons for increase are easy to access, complex, negligence

and loss of evidence.

Cybercrime can be against individuals, individual properties,

organisation and society.

Classification of cyber crime

Against Individuals:
i. Harassment via e-mails.
ii. Cyber-stalking.
iii. Dissemination of obscene material.
iv. Defamation.
v. Unauthorized control/access over computer system.
vi. Indecent exposure
vii. Email spoofing
viii. Cheating & Fraud

Against Individual Property: i. Computer vandalism.

ii. Transmitting virus.
iii. Netrespass
iv. Unauthorized control/access over
computer system.
v. Intellectual Property crimes

Against Organization: i. Unauthorized control/access over computer system

ii. Possession of unauthorized information.
iii. Cyber terrorism against the government
organization.
iv. Distribution of pirated software etc.
Against Society at large: i.
ii.
iii.
iv.
v.
vi.

Pornography (basically child pornography).

Polluting the youth through indecent exposure.
Financial crimes
Sale of illegal articles
Online gambling
Forgery

Famous Cyber Crime Cases in India

An Indian court has granted

bail to a schoolboy who
allegedly recorded a sexual
act between himself and a 16year-old girl on his mobile
phone.
The clip was later sold on
video CDs via auction site
Baazee.com, sparking the
arrest of its manager for India.

Three customer service agents of

call centre contractor MphasiS
BFL, working on the Citibank
account, gained the confidence
of four US customers and
obtained their PIN numbers and
other classified account
information. They then used
these to transfer money out of
those customers' accounts and
into the accounts of members of
their gang.

Prevention of Cyber Crime

Avoid disclosing any information pertaining to

oneself.
Use latest and up date anti virus software to
guard against virus attacks.
Keep back up volumes so that one may not
suffer data loss in case of virus contamination.
Keep a watch on the sites that children are
accessing to prevent any kind of harassment.
Use of firewalls may be beneficial.

Global
Initiatives
Five countries from three continents banding
together to fight cyber crime in a synergistic way
by sharing intelligence, swapping tools and best
practices, and strengthening and even
synchronizing their respective laws

AMMENDMENTS OF IT ACT 2008

SECTION

CHANGE

66

Dishonesty and Fraudulent intention made necessary, Without

permission of the owner of the computer has also become a condition
precedent to application of Section 66. The imprisonment term remains
the same but fine has been increased

66A

Provides cover for Cyber stalking, Spam, threat mails, Phishing mails,
SMS, etc

66C

Covers Identity theft which was not specifically covered earlier. Earlier
such offences were to be covered under Section 66 as Diminishing of
the value of information

66E

This is a new section which covers Video Voyeurism which was not
covered at all earlier

66F

Covers Cyber Terrorism and makes it punishable with imprisonment up

to life term. This may cover hacking, denial of access attacks, Port
Scanning, spreading viruses etc, if it can be linked to the object of
terrorizing people. Conspiracy is also covered under the section. The
offence would not be bailable or compoundable

67A

Covers obscenity which involves Sexually explicit. The punishment is 5

years as in the earlier act. Fine is higher.

SECTION

CHANGE

67B

This addresses child pornography and makes searching and

browsing also as offences.

67C

Requires specified data to be retained for specified periods by

Intermediaries failure of which becomes punishable with three
years imprisonment. The Intermediaries here would include
cyber cafes, ISPs, MSPs, e-auction sites etc.

69

Powers being made available to any officer designated by either

the Central or State Government to Intercept information
whether in transit or storage. Imprisonment for 7 years and it is
non bailable and non compoundable.

69A

Provides powers to a designated officer of the Central

Government to Block websites. Imprisonment for 7 years and it
is non bailable and non compoundable.

69B

Provides powers to a designated officer of the Central

Government to collect traffic data from any computer resource
imprisonment for 3 years and it is bailable and compoundable.

Thankyou