IPR-Module 5

• Information Technology Act and Punishments-

Introduction to IT Act 2000- Amendments on IT Act -
Violation of the right of privacy in cyberspace/internet-
punishment for violation of privacy, breach of
confidentiality and privacy under IT act- Terrorism on
cyberspace Overview of cybercrimes-offences by
intermediaries- offences related to protected system-
offences of misrepresentation- punishment for Abetment
and Attempt to commit offences under the IT act.
IT Act 2000
• Since the beginning of civilization, man has always been
motivated by the need to make progress and better the existing
technologies. This has led to tremendous development and
progress which has been a launching pad for further
developments. Of all the significant advances made by mankind
from the beginning till date, probably the most important of them
is the development of Internet.
• However, the rapid evolution of Internet has also raised numerous
legal issues and questions. As the scenario continues to be still
not clear, countries throughout the world are resorting to different
approaches towards controlling, regulating and facilitating
electronic communication and commerce.
• The Parliament of India has passed its first Cyberlaw, the
Information Technology Act, 2000 which provides the legal
infrastructure for E-commerce in India.
• Enacted on 17th May 2000.
• India is 12th nation in the world to adopt cyber laws
• IT Act is based on Model law on e-commerce adopted by
UNCITRAL
Objectives of the IT Act
• To provide legal recognition for transactions:-
Carried out by means of electronic data interchange, and
other means of electronic communication, commonly
referred to as "electronic commerce“
To facilitate electronic filing of documents with Government
agencies and E-Payments
To amend the Indian Penal Code, Indian Evidence Act,1872,
the Banker’s Books Evidence Act 1891, Reserve Bank of
India Act ,1934.
• The IT Act, 2000 consists of 94 Sections in 13 Chapters and
Four Schedules provides for a legal framework for
evidentiary value of electronic record and computer crimes
which are of technological nature.
• The law is applicable to :
• Extends to whole of India and also applies to any offence or
contravention there under committed outside India by any
person {section 1 (2)} read with Section 75- Act applies to
offence or contravention committed outside India by any
person irrespective of his nationality, if such act involves a
computer, computer system or network located in India
• Section 2 (1) (a) –”Access” means gaining entry into ,
instructing or communicating with the logical, arithmetic or
memory function resources of a computer, computer
resource or network.
Definitions – as per section 2
• "computer" means electronic, magnetic, optical or other
high-speed data processing device or system which performs
logical, arithmetic and memory functions by manipulations
of electronic, magnetic or optical impulses, and includes all
input, output, processing, storage, computer software or
communication facilities which are connected or relates to
the computer in a computer system or computer network;
• "computer network" means the inter-connection of one or
more computers through-
(i) the use of satellite, microwave, terrestrial lime or other
communication media; and
(ii) terminals or a complex consisting of two or more
interconnected computers whether or not the interconnection
is continuously maintained;
• "computer system" means a device or collection of devices,
including input and output support devices and excluding
calculators which are not programmable and capable being
used in conjunction with external files which contain
computer programs, electronic instructions, input data and
output data that performs logic, arithmetic, data storage and
retrieval, communication control and other functions;
• "data" means a representation of information, knowledge,
facts, concepts or instruction which are being prepared or
have been prepared in a formalised manner, and is intended
to be processed, is being processed or has been processed in
a computer system or computer network, and may be in any
form (including computer printouts magnetic or optical
storage media, punched cards, punched tapes) or stored
internally in the memory of the computer.
•
• "electronic record" means date, record or date generated, image
or sound stored, received or sent in an electronic form or micro
film or computer generated micro fiche;
• “secure system” means computer hardware, software, and
procedure that-
(a) are reasonably secure from unauthorized access and misuse;
(b) provide a reasonable level of reliability and correct operation;
(c) are reasonably suited to performing the intended function; and
(d) adhere to generally accepted security procedures
• “security procedure” means the security procedure prescribed by
the Central Government under the IT Act, 2000.
• secure electronic record – where any security procedure has been
applied to an electronic record at a specific point of time, then
such record shall be deemed to be a secure electronic record from
such point of time to the time of verification
• Computer wrongs includes both civil wrongs and crimes.
• ‘Cyber crimes’ is used in a generic sense which tends to
cover all kinds of civil and criminal wrongs related to a
computer.
• However, the phrase ‘cyber crimes’ has two limitations to it:
(a) ‘cyber’ generally tends to convey the feeling of ‘internet’
or being ‘online’ and hence, does not cover other computer
related activities;
(b) ‘crimes’ restricts the application of the phrase to criminal
wrongs. It would not include civil wrongs .
• The Information Technology Act, divides various computer-
related wrongs into computer torts and computer crimes.
• Computer torts lead to penalty and compensation whereas
computer crimes lead to imprisonment, fine and confiscation.
 Cybercrime provisions under IT Act,2000
Offences & Relevant Sections under IT Act

Tampering with Computer source documents Sec.65

Hacking with Computer systems, Data alteration Sec.66
Publishing obscene information Sec.67
Un-authorized access to protected system Sec.70
Breach of Confidentiality and Privacy Sec.72
Publishing false digital signature certificates Sec.73
 Types of cyber crimes
• Cyber terrorism
• Cyber pornography Crime
against
• Defamation Government

• Cyber stalking (section 509 IPC)

• Sale of illegal articles-narcotics, weapons, wildlife
• Online gambling Crime
against
• Intellectual Property crimes- software piracy, copyright persons
infringement, trademarks violations, theft of computer
source code
• Email spoofing
Crime
• Forgery against
property
• Phising
• Credit card frauds
• Every crime tried in court has two factors:
• the actus reus, the actual criminal act, and
• mens rea, the intent to commit that act.
• Prosecutors must prove that both of these conditions existed to
win a conviction.
• Mens rea is a legal phrase used to describe the mental state a
person must be in while committing a crime for it to be
intentional.
• It can refer to a general intent to break the law or a specific, premeditated
plan to commit a particular offense.
• To convict an accused person of a wrong doing, a criminal prosecutor
must show beyond any reasonable doubt that the suspect actively and
knowingly participated in a crime that harmed another person or their
property.
• Actus reus is commonly defined as a criminal act that was the
result of voluntary bodily movement.
• This describes a physical activity that harms another person or damages
property.
• Anything from a physical assault or murder to the destruction of public
property would qualify as an actus reus.
• The exception to actus reus is when the criminal actions are involuntary.
 Amendments to IT Act 2000
• An amendment is a change or an addition to the terms of a
contract, a law, a document, or a government regulatory filing.
• It is an addition or correction that leaves the original document
substantially intact.
• Amending the Constitution of India is the process of making
changes to the nation's fundamental law or supreme law.
• The procedure of amendment in the constitution is laid down in Article
368 of the Constitution of India.
• With the passage of time, as technology developed further and
new methods of committing crime using Internet & computers
surfaced, the need was felt to amend the IT Act,2000 to insert
new kinds of cyber offences and plug in other loopholes that
posed hurdles in the effective enforcement of the IT Act,2000.
• This led to the passage of the IT( Amendment) Act, 2008 which
was made effective from 27 October 2009. The IT (Amendment)
Act,2008 has brought marked changes in the IT Act,2000 on
several counts.
• https://www.meity.gov.in/content/information-technology-act-2000
(1) Electronic signatures introduced
• With the passage of the IT ( Amendment) Act,2008 India has
become technologically neutral due to adoption of electronic
signatures as a legally valid mode of executing signatures .
• This includes digital signatures as one of the modes of signatures
and is far broader in ambit covering biometrics and other new
forms of creating electronic signatures.
(2) Corporate responsibility introduced in S. 43A
• The corporate responsibility for data protection is incorporated in
S 43A in the amended IT Act, 2000 whereby corporate bodies
handling sensitive personal information or data in a computer
resource are under an obligation to ensure adoption of ‘reasonable
security practices’ to maintain its secrecy, failing which they may
be liable to pay damages.
• Also, there is no limit to the amount of compensation that may be
awarded by virtue of this section. This section must be read with
Section 85 of the IT Act,2000 whereby all persons responsible to
the company for conduct of its business shall be held guilty
incase offence was committed by a company unless no
knowledge or due diligence to prevent the contravention is
proved.
(3) Critique on amended section 43 of IT Act
• The amended Act provides the distinction between
‘contravention’ and ‘offence’ by introduction of the element
of mens rea for an offence (s 43 for contraventions and s 66
of the Act for offences).
• It is pertinent to note that no ceiling limit for compensation is
prescribed under s 43 of the Amendment Act, 2008 which
was one crore rupees in the IT Act.
• The removal of the ceiling limit can be misused or abused
particularly seen in instances where company files frivolous
claims against its ex-employee who may have joined a
competitor firm without breaching its employment contract.
(4) Important definitions added
• Two very important definitions are added to the IT Act through IT
Amendment Act,2008- Section 2(ha)- “Communication device” and
Section 2 (w)-“intermediary”.
• Although cell phones and other devices used to communicate would
fall under the definition of computer in the IT Act.
• This amendment removes any ambiguity and brings within the ambit of
the Act all communication devices, cellphones, ipods or other devices
used to communicate, send or transmit any text ,video ,audio or image.
(5) Legal validity of electronic documents re-emphasized
• Two new sections Section 7A and 10A in the amended Act reinforce
the equivalence of paper based documents to electronic documents.
• Section 7A in the amended Act makes audit of electronic documents
also necessary wherever paper based documents are required to be
audited by law.
• Section 10A confers legal validity & enforceability on contracts
formed through electronic means.
• These provisions are inserted to clarify and strengthen the legal
principle in Section 4 of the IT Act,2000 that electronic documents are
at par with electronic documents and e-contracts are legally recognized
and acceptable in law.
(6) Critique on Power of Controller under the amended Act-
• Section 28 of the Act provides that the Controller or any
authorized officer shall investigate ‘any contravention of the
provisions of this Act, rules or regulations made thereunder’
• These words should be replaced with words ‘any contravention of
the provisions of this Chapter’ in light of the fact that the
amendment in Section 29 for Controllers power to access
computers and data has been curtailed by removal of words “ any
contravention of the provisions of this Act, rules or regulations
made thereunder” for insertion of words “ any contravention of the
provisions of this Chapter” .
• Also, the Controller’s power cannot mean to overlap with
Adjudicating officers who are authorized to adjudicate on cases of
contravention that fall under Section 43 or the subject matter
jurisdiction of CAT or the Police.
• Therefore , the power of Controller has to be interpreted keeping in
view the intent & objectives of the Act which can be clarified.
(7) The Role of Adjudicating officers under the amended Act-
• The Adjudicating officer ‘s power under the amended Act in
Section 46 (1A) is limited to decide claims where claim for injury
or damage does not exceed 5 crores.
• Beyond 5 crore the jurisdiction shall now vest with competent court.
• This has introduced another forum for adjudication of cyber
contraventions.
• The words ‘competent court’ also needs to be clearly defined.
• As per Section 46(2),the quantum of compensation that may be awarded
is left to the discretion of Adjudicating officers.
(8) Composition of CAT
• The amended Act has changed the composition of the Cyber
Appellate Tribunal.
• The Presiding officer alone would earlier constitute the Cyber
Regulations Appellate Tribunal which provision has now been
amended.
• The tribunal would now consist of Chairperson and such number of
members as Central Government may appoint. The qualifications for
their appointment, term of office salary , power of superintendence,
resignation and removal, filling of vacancies have been incorporated.
• The decision making process allows more objectivity with Section 52 D
that provides that the decision shall be taken by majority.
(9) New cybercrimes as offences under amended Act-
• Many cybercrimes for which no express provisions existed in the
IT Act,2000 now stand included by the IT (Amendment) Act,
2008.
• Sending of offensive or false messages (s 66A), receiving stolen
computer resource (s 66B), identity theft (s 66C), cheating by
personation (s 66D), violation of privacy (s 66E).
• A new offence of Cyber terrorism is added in Section 66 F which
prescribes punishment that may extend to imprisonment for life .
• Section 66 F covers any act committed with intent to threaten
unity, integrity, security or sovereignty of India or cause terror by
causing DoS attacks, introduction of computer contaminant,
unauthorized access to a computer resource, stealing of sensitive
information, any information likely to cause injury to interests of
sovereignty or integrity of India, the security, friendly relations
with other states, public order, decency , morality, or in relation to
contempt of court, defamation or incitement to an offence , or to
advantage of any foreign nation, group of individuals or
otherwise.
• In certain offences, such as hacking (s 66) punishment is enhanced from 3 years of
imprisonment and fine of 2 lakhs to fine of 5 lakhs.
• In S. 67, for publishing of obscene information imprisonment term has been reduced
from five years to three years (and five years for subsequent offence instead of earlier
ten years) and fine has been increased from one lakh to five lakhs (rupees ten lakhs
on subsequent conviction).
• Section 67A adds an offence of publishing material containing sexually explicit
conduct punishable with imprisonment for a term that may extend to 5 years with fine
upto ten lakhs.
• This provision was essential to curb MMS attacks and video vouyerism.
• Section 67B punishes offence of child pornography, child’s sexually explicit act or
conduct with imprisonment on first conviction for a term upto 5 years and fine upto
10 lakhs.
• This is a positive change as it makes even browsing and collecting of child
pornography a punishable offence.
• Punishment for disclosure of information in breach of lawful contract under sec 72 is
increased from 2 yrs upto 5 yrs and from one lakh to 5 lakh or both.
• This will deter the commission of such crime.
• By virtue off Section 84 B person who abets a cybercrime will be punished with
punishment provided for that offence under the Act.
• This provision will play a deterrent role and prevent commission of conspiracy linked
cybercrimes. Also, punishment for attempt to commit offences is given under Section
84 c which will be punishable with one half of the term of imprisonment prescribed
for that offence or such fine as provided or both.
10) Section 67 C to play a significant role in cyber crime
prosecution
• Section 67 C brings a very significant change in the IT
Act,2000 .
• According to this section, intermediaries shall be bound to
preserve and retain such information as may be prescribed by
the Central government and for such duration and format as
it may prescribe.
• Any intermediary that contravenes this provision
intentionally or knowingly shall be liable on conviction for
imprisonment for a term not exceeding 2 yrs or fine not
exceeding one lac or both.
• Many cybercrime cases cannot be solved due to lack of
evidence and in many cases this is due to the fact that ISP
failed to preserve the record pertaining to relevant time .This
provision is very helpful in collection of evidence that can
prove indispensable in cybercrime cases.
11) Section 69- Power of the controller to intercept amended
• Section 69 that deals with power of Controller to intercept
information being transmitted through a computer resource when
necessary in national interest is amended by Section 69.
• In fact the power vests now with the Central Government or State
Government that empowers it to appoint for reasons in writing,
any agency to intercept, monitor or decrypt any information
generated , transmitted , received or stored in any computer
resource .
• This power is to be exercised under great caution and only when
it is satisfied that it is necessary or expedient to do so in interests
of sovereignty, or integrity of India, defence of India, security of
the State , friendly relations with foreign states or public order or
for preventing incitement to the commission of any cognizable
offence relating to above or for investigation of any offence .
• The procedure and safeguards to exercise this power are laid out
by the Information Technology (procedure and safeguards for
interception , monitoring and decryption of Information ) Rules,
2009 .
12) Power to block unlawful websites should be exercised with
caution
• Section 69A has been inserted in the IT Act by the amendments in
2008 and gives power to Central government or any authorized
officer to direct any agency or intermediary(for reasons recorded
in writing ) to block websites in special circumstances as
applicable in Section 69.
• Under this Section the grounds on which such blocking is
possible are quite wide.
• In this respect, the Information Technology (Procedure and
Safeguards for Blocking for Access of Information by Public )
Rules, 2009 were passed vide GSR 781(E) dated 27 Oct 2009
whereby websites promoting hate content, slander, defamation,
promoting gambling, racism, violence and terrorism,
pornography, violent sex can reasonably be blocked. The rules
also allow the blocking of websites by a court order.
• It further provides for review committee to review the decision to
block websites.
13) Section 69B added to confer Power to collect, monitor traffic data
• As a result of the amendments in 2008 , Section 69 B confers on the
Central government power to appoint any agency to monitor and
collect traffic data or information generated ,transmitted, received, or
stored in any computer resource in order to enhance its cyber security
and for identification, analysis, and prevention of intrusion or spread of
computer contaminant in the country .
• The Information Technology (procedure and safeguard for monitoring
and collecting traffic data or information ) Rules, 2009 have been laid
down to monitor and collect the traffic data or information for cyber
security purposes under Section 69B .
• It places responsibility to maintain confidentiality on intermediaries,
provides for prohibition of monitoring or collection of data without
authorization.
• This prescribes stringent permissions required to exercise the powers
under this Section which are fully justified as abuse of this power can
infringe the right to privacy of netizens.
• It also provides for review of its decisions and destruction of records.
• The intermediary that fails to extend cooperation in this respect is
punishable offence with a term which may extend to 3 yrs and
imposition of fine.
14) Significance of the term “Critical Information Infrastructure ”
• Section 70 has a very important definition added by the IT
(amendment) Act,2008.
• The explanation to Section 70 defines what is “critical information
infrastructure” .
• It encompasses the computer resource the destruction of which not only has an
adverse impact on defence of India but also economy, public health or safety.
• This is very significant step as today our IT infrastructure may also be used to
manage certain services offered to public at large, destruction of which may
directly affect public health and safety .
• Hence, their protection is equally important as is the maintaining of security and
sovereignty of India.
• By virtue of Section 70 A and B Indian CERT has been appointed as
the National nodal agency for critical information infrastructure
protection.
• The CERT shall play an indispensable role in maintaining cyber
securiy within the country.
• A very important step is coordination between CERT and service
providers, data centers, body corporates, and other persons ( Section
70B (6)).
• That will lead to effective performance of the role of CERT-IN. It has
multiple roles education ,alert system , emergency response, issuing
guidelines , reporting of cyber incident amongst other functions.
15) Important clarifications on the Act’s application & effect
• By virtue of Section 77 in the amended Act, it has been
clarified that awarding of compensation ,penalty imposed or
confiscation made under this Act shall not prevent the award
of compensation, or imposition of any other penalty or
punishment under any law for the time being in force.
• This Section can be read with Section 81 wherein it is
clarified that IT Act shall not restrict any person from
exercising any right conferred under copyright Act, 1957 or
patents Act, 1970.
16) The combined effect of Section 77 and 77 B
• By virtue of Section 77 Compounding of offences other than
offences for which imprisonment for life or punishment for a
term exceeding has been provided has been made possible.
• Section 77 B makes offences punishable with imprisonment
of three years and above as cognizable and offence
punishable with 3 years of punishment as bailable.
• Since the majority of cyber crime offences defined under the
amended IT Act are punishable with imprisonment for three
years, the net effect of all amendments is that a majority of
these cybercrimes are bailable.
• This means that the moment a cybercriminal is arrested by
the police, barring a few offences, in almost all other cyber
crimes, he has to be released on bail as a matter of right, by
the police.
• A cyber criminal, once released on bail, will immediately
attempt at destroying or deleting all electronic traces and
trails of his having committed any cyber crime. This makes
the task of law enforcement agencies extremely challenging.
• The IT( Amendment ) Act,2008 from an overall perspective
has introduced remarkable provisions and amendments that
will facilitate the effective enforcement of cyber law in India.
• India is now technologically neutral with electronic
signatures replacing the requirement of digital signatures .
• The importance of data protection in today’s information
technology age cannot be undermined and it finds place in
Section 43,43A, ,66, 72 of the IT Act,2000.
Violation of the Right of Privacy on Cyberspace/Internet
• The right to privacy as a human right has been recognized in
Art. 8 of the European Convention on Human Rights 1950
which reads as follows:
(1) Every one has the right to respect for his private and family
life, his home and his correspondence.
(2) There shall be no interference by a public authority with
the exercise of this right except such as is in accordance with
the law and is necessary in a democratic society in the interests
of national security, public safety or the economic well-being
of the country, for the prevention of disorder or crime, for the
protection of health or morals or for the protection of the
rights and freedoms of others.
• In legal parlance privacy has been known to include a
number of varied rights like to make decision for yourself,
the right to travel anonymously, the right to be left alone and
the right to control the dissemination of information about
yourself.
• The concept of privacy has been applied in so many arenas
of contemporary life including privacy of health care, to
credit reports and privacy from search and seizure that it has
come to be known as the word like 'freedom‘ and ' rights',
'privacy' connotes multiple meanings in multiple discourses".
• In the modern era when means of communication and
communication networks in cyberspace and Internet have
undergone radical changes and the violation or threat to
privacy is considered as a weapon to ensure confidentiality
of individual's human affairs.
• The Supreme Court has recognized the right to privacy as a
fundamental right, but it is not absolute.
• So far there is no statutory law on the protection of privacy in
India, but privacy has been included within the meaning of Article
21 of the Constitution of India.
• Though in a limited and narrow sense the right to privacy is
protected by the IPC yet the different facets of this right have no
comprehensive protection as such except resorting to relief under
the law of torts.
• The Supreme Court laid down the following broad principles
regarding the right to privacy:
(1) the right to privacy is implicit in the right to life and liberty
guaranteed to the citizens of this country by Art. 21. lt is a 'right to
be let alone'. A citizens has a right to safe-guard the privacy of his
own, his family, marriage, procreation, motherhood, child bearing
and education among other matters. None can publish anything
concerning the above matters without his consent...
(2) The aforesaid rule is subject to the exception that any
publication concerning the aforesaid aspects becomes objectionable
if such publication is based upon public records including courts
records. Once a matter becomes a matter of public record, the right
to privacy no longer subsists and it becomes a legitimate subject for
comment by press and media and others.
• The Supreme Court of India in People's Union for
Civil Liberties v. Union of India, has held that
telephone-tapping is a serious invasion of an
individual's privacy.
• With the growth of highly sophisticated communication
technology, the right to hold telephone conversation, in
the privacy of one's home or office, without interference,
is increasingly susceptible to abuse.
• Telephone-tapping would infract Article 21 unless it is as
permitted under the procedure established by law.