The Information Technology Act, 2000--demystified with reference to cybercrimes.

Kaur, Rajinder ; Aggarwal, Rashmi

INTRODUCTION

There is no definition of crime however it is objectively related to the society. Different theories from prehistoric times on crime fail to give reason for crime. Crime is basically the mirror of society and different factors like urbanisation, poverty, gender discrimination, corruption, illiteracy, psychological behaviour, density of population, heterogeneous culture etc; plays a crucial role in the same. With the advent of communication technology the sphere, nature and impact of the crime is also changing.

The issue of crime control in present globalised environment of computer networks is complicated. This was identified in The Tenth United Nations Congress on the prevention of Crime and the Treatment of offenders at Vienna, 10th-17th April, 2000. The forum identified three major reasons:

(a) The electronic environment generates different set of criminal tendencies. Hence, investigation of these crimes requires specific expertise, scientific investigating procedures and legal empowerment which may not be available to law enforcement authorities of the State concerned;

(b) International computer networks operate in open cyber scape. These spaces are open environments that enable users to act beyond the physical, geographical borders of the State. However, because of jurisdictional issues the inspective endeavors of law enforcement specialists are restricted to the territory of their own State. This leaves for an urgent need of intensified international cooperation that can monitor, control and regulate the cybercrime in open computer networks;

(c) The governing laws and applicable laws for open structures of international computer networks create a prospect of choosing the legal environment which enables them to choice the user friendly cohorts. These users generally choose a country where certain forms of behaviour capable of being executed in an electronic environment, have not been criminalized. This can entice a criminal activity by delinquents from other States. These activities would otherwise have been criminal acts under their domestic law. These states are termed as "data havens", i.e. the States where no one prioritises on reduction or prevention of misuse of computer and has no effective procedural laws which may either impede or can deterrent the efforts of other countries to control crime in computer networks.

The forum further created two sub-categories of cyber crime:

(i) Cybercrime in a constricted sense: these are computer crimes wherein any illegal behaviour directed by means of electronic operations, targets the security of computer systems or the data processed by it;

(ii) Cybercrime in a comprehensive sense: these are computer related crimes wherein any illegal behaviour committed by means of, or in relation to, a computer system or network. Such crimes include illegal possession, offering or distributing information by means of a computer system or network.

Cybercrimes in India

In India the Information Technology (IT) Act 2000, was enacted with the main objective of providing an e-governance environment leading to legal recognition for online transactions carried out by means of electronic communication. These transactions are referred as e-commerce and provided best alternative to paper-based methods of communication and archiving of information. This lead to e-governance initiatives i.e. electronic filing of documents with the Government agencies.

The cyber space is also used as a medium to commit various offences some of which are redressed under Information Technology Act, 2000 and but some still remain unaddressed.

Data relating to Cases Registered under the Information Technology Act, 2000 from 20072012 in India

There were total of 2,876 cases registered in 2012 as compared to 1791 cases during the previous year (2011) thereby reporting an increase of 60.6% in 2012 over 2011 under the Information Technology Act, 2000. Out of 16.5% of the cases i.e. 471 out of 2876 were reported in from Maharashtra followed by Andhra Pradesh (429), Karnataka (412), Kerala (269) and Uttar Pradesh (205).

In total, about 50.1% i.e. 1,440 cases of the total 2876 cases registered under IT Act 2000 were related to loss/ damage to computer resource/utility reported under hacking with computer systems and 612 persons were arrested for committing such offences during 2012. Further, there were 589 cases of obscene publications/ transmission in electronic form during the year 2012 wherein 497 persons were arrested.

The Information Technology Act, 2000

India has been proactive in recognising the problem of cybercrime and has enacted the Information Technology Act, 20001 for the same. The same received the assent of the President on 9th June, 2000. The act envisaged achieving the following objectives--

* Providing legal recognition to "electronic commerce" transactions. These were defined as those transactions which were carried out by means of electronic data interchange and other means of electronic communication.

* Facilitating the electronic filing of documents with the Government agencies. To further the cause of e-filling there have been number of amendments in the relevant statutes such as the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934. These are to ensure that e-documents are recognised as valid evidence for matters connected therewith or incidental thereto.

* India has also recognised the General Assembly of the United Nations resolution A/ RES/51/162, dated the 30th January, 1997 wherein the later adopted the Model Law on Electronic Commerce adopted by the United Nations Commission on International Trade Law. In the said resolution inter alia all States give favourable consideration to the said Model Law when they enact or revise their laws, in view of the need for uniformity of the law. This in order to give effect to the said resolution and to promote efficient delivery of Government services by means of reliable electronic records.

[FIGURE 2 OMITTED]

The Information Technology Act, 2000 Demystified: Study of Specific Provisions

The IT Act, 2000 provides universal jurisdiction. Section (1) of the Act provides that the act extend to the whole of India, insofar that it applies also to any offence or contravention hereunder committed outside India by any person. Further a very important provision Section 75 has been inserted in the act to punish for commission of any offence or contravention by a person outside India irrespective of his nationality if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India. (2) Though the act provides for universal jurisdiction but it seems to be impractical unless there is global initiative to execute this provision in letter and spirit.

Chapter II deals with the Digital Signature. Chapter III deals with the legal recognition of electronic records and digital signature. It also provides provisions of the use of electronic records and digital signatures in Government and its agencies. Chapter IV deals with the attribution, acknowledgement and dispatch of electronic records. Chapter V lays down the provision for secure electronic record and secure digital signature. Chapter VI lays provision relating to the regulation of certifying authorities. Chapter VII lays provision for digital signature certificates. Chapter VIII deals with the duties of subscribers.

Chapter IX deals with penalties and adjudication. It positions provision for awarding compensation or damages for certain types of computer frauds and appointment of Adjudication Officer. Chapter X lays provision for the establishment, powers, composition, qualification and term of Cyber Appellate Tribunal. Chapter XI lays provision relating to computer crimes and provides for penalties for these offences. Chapter XII lays down the provision relating to the liability of the Network Service Providers.

Chapter XII A provides Central Government to notify examiner of electronic evidence. Chapter XIII deals with the miscellaneous provision. Section 65 envisages that whoever knowingly or intentionally conceals or destroys computer source code shall be punishable with imprisonment up to three years or with fine which may extend up to two lakh rupees or with both.

Section 66 had been amended by 2008 amendment and the word hacking had been replaced by computer related offences. The 2008 amendment had added certain section dealing with the new offences which were not there in 2000 Act. Section 66A to 66F prescribes punishment for offences such as obscene electronic message transmissions, dishonestly receiving stolen computer resource or communication device, identity theft, cheating by impersonation using computer resource, violation of privacy and cyber terrorism.

The Information Technology (Amendment) Act 2008 made certain changes in Section 67 the amendment had decreased the punishment of imprisonment from five years to three years on first conviction and from ten years to five years but it has increased the fine from one lakh to five lakh on first conviction and from two lakh to ten lakh. New Section 67A introduced to punish for publishing or transmitting of material containing sexually explicit act or conduct in electronic form. (3) Against section 67 and 67A the amendment provides protection to any publication which is justified as being for public good interest of science, science, literature, art or learning or other objects of general concern; or which is kept or used for bonafide heritage or religious purposes. Though there are existing prohibitive and penal laws for punishing relating to obscene publication and its transmission in electronic form but the real problem lies in the implementation of these provisions by the law enforcement agencies.

New Section 67B has been introduced to specifically include the problem of Child Pornography. It includes punishment for publishing or transmitting of material depicting children in sexually explicit act etc., in electronic form. (4) It provides stringent punishment which i.e. imprisonment up to five years and fine up to Rs. 10 lakh on first conviction and imprisonment up to seven years and fine up to Rs. 10 lakh second or subsequent conviction. New Section 67C provides a liability on the intermediaries to preserve and retain certain records for a stated period. (5)

The increasing threat of cyber terrorism has resulted into amendment of Section 69 which empowers the Controller to intercept any information transmitted through any computer system or computer network in the interest of sovereignty and integrity of India, security of the State, friendly relation with foreign states or public order.

Further, sections 69A and 69B had been inserted to grant power to the state to issue directions for blocking for public access of any information through any computer resource and to authorise to monitor and collect traffic data or information through any a computer resource for cyber security.

Prior to the 2008 amendment section 79 made network service providers liable for third party content only when it fails to prove that the offence was committed without his knowledge or they had exercised due diligence to prevent the commission of such offence or contravention. After amendment Section 79 is a non obstante clause. Section 79 which states that the intermediary shall not be liable for any third party information if it is only providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted or the intermediary does not initiate the transmission, select the receiver and select or modify the information contained in transmission. It provides that the intermediary shall be liable if he has conspired or abetted or induced, whether by threats or promise or otherwise in the commission of the unlawful act; Section 79(3) (a). However, it is pertinent to note that the onus to prove conspiracy has now shifted on the complainant. This may be extremely difficult for a complainant to prove.

Section 79 of the old Act which exempted intermediaries has been modified to the effect that an intermediary shall not be liable for any third party information data or communication link made available or hosted by him if; (a) the function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted; (b) the intermediary does not initiate the transmission or select the receiver of the transmission and select or modify the information contained in the transmission; (c) the intermediary observes due diligence while discharging his duties.

However, section 79 will not apply to an intermediary if the intermediary has conspired or abetted or aided or induced whether by threats or promise or otherwise in the commission of the unlawful act or upon receiving actual knowledge or on being notified that any information, data or communication link residing in or connected to a computer resource controlled by it is being used to commit an unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner. A proviso has been added to Section 81 which states that the provisions of the Act shall have overriding effect. The proviso states that nothing contained in the Act shall restrict any person from exercising any right conferred under the Copyright Act, 1957.

Though initially when the Information Technology act was enacted the primary offences under the IT Act were:

* Any reported meddling with source code;

* Any deletion, destroying or altering of any data on any computer resource with mala fide intent to cause wrongful loss or to diminish its value;

* Any publication or transition of pornographic material through a computer resource;

* Further, provisions pertaining to encryption technology, the right of the Government authorities to intercept and decrypt such data and to call upon any entity or individual to decrypt such data were also included in the IT Act certain acts affecting the integrity and sovereignty of the nation were classified as offences. (6)

The amendment of 2008 has included eight cyber offences:

1. Sending offensive messages through a computer or mobile phone (Section 66A),

2. Receiving stolen computer resource or communication device (Section 66B)

3. Punishment for identity theft (Section 66C)

4. Punishment for cheating by personation using computer resource (Section 66D)

5. Punishment for violating privacy or video voyeurism (Section 66E)

6. Cyber Terrorism (Section 66F)

7. Publishing or transmitting material in electronic form containing sexually explicit act (Section 67A),

8. Child pornography (Section 67B)

RECOMMENDATIONS

* The crimes related to cyber space are different from the crimes committed in traditional times. Though Information Technology act, 2000 provides for universal jurisdiction but it seems to be impractical without the cooperation of States at international level. In these crimes territorial restriction is not there so the approach related to curb these crimes should be transnational in nature. Need of an hour is develop global regulatory polices.

* The old traditional method of investigation fails to fit in the investigative measures in the new developed era of communication technology. The investigation measures can only prove successful if we have more computer savvy people involved in the investigative agencies. Anonymity is one of the biggest myths in the cyber world. Internet users think they cannot be identified when they chat on the internet or send e-mails under assumed names. Actually every computer in the world that is networked has an Internet Protocol (IP) number that identifies it. Whenever it logs on to a website or a chat group, or sends out a computer, it leaves behind this IP number, which is its electronic footprint. There is a need to involve more cyber professionals to tackle the problems relating to cyber space.

* Along with the need of cyber professional investigative agency there is also need to have computer savvy judges which can help to deal with cyber crime cases. The role of the judges in today's world may be gathered by the statement--judges carve 'law is' to 'law ought to be'. Mr T. K. Vishwanathan, member secretary, Law Commission, has highlighted the requirements for introducing e-courts in India. In his article published in The Hindu he has stated "if there is one area of Governance where Information Technology can make a huge difference to Indian public is in the Judicial System".

* Prevention is always better than this simple principle plays a very important role in relation to cyber crime. There is a need to create awareness among the people using internet that how they can guard themselves while using the communication technology.

* Though the Information Technology Amendment Act, 2008 has tried to cover the important cyber crimes but there are still some of the issues which remain unaddressed. As far as domain names are concerned the judiciary is tackling the issue under the principle of passing off and trade mark infringement (7) as we fail to cover the problem under Information technology Act, 2000. The problem relating to Spamming, identity theft and Data Protection has not been specifically covered.

In India, we are good at enacting legislation but we fail in the later part i.e. implementation so this aspect needs to be thoroughly analysed as far cyber crimes are concerned because the impact of these crimes are far more serious than traditional crimes.

Caption: Figure 2: Persons Arrested Under IT Act, 2000

(1.) No. 21 OF 2000

(2) Section 75 Act to apply for offence or contraventions committed outside India:

(1) Subject to the provisions of sub-section (2), the provisions of this Act shall apply also to any offence or contravention committed outside India by any person irrespective of his nationality.

(2) For the purposes of sub-section (1), this Act shall apply to an offence or contravention committed outside India by any person if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India.

(3) Section 67A of Information Technology, 2000 provides Whoever publishes or transmits or causes to be published or transmitted in the electronic form any material which contains sexually explicit act or conduct shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees.

(4) Section 67B of Information Technology Act, 2000 provides Whoever,--

(a) publishes or transmits or causes to be published or transmitted material in any electronic form which depicts children engaged in sexually explicit act or conduct; or

(b) creates text or digital images, collects, seeks, browses, downloads, advertises, promotes, exchanges or distributes material in any electronic form depicting children in obscene or indecent or sexually explicit manner; or

(c) cultivates, entices or induces children to online relationship with one or more children for and on sexually explicit act or in a manner that may offend a reasonable adult on the computer resource; or

(d) facilitates abusing children online, or

(e) records in any electronic form own abuse or that of others pertaining to sexually explicit act with children, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees:

(5) Section 67C of Information Technology, 2000 provides (1) Intermediary shall preserve and retain such information as may be specified for such duration and in such manner and format as the Central Government may prescribe.

(2) any intermediary who intentionally or knowingly contravenes the provisions of sub-section (1) shall be punished with an imprisonment for a term which may extend to three years and also be liable to fine.

(6) N. S. Nappinai, Cyber Crime Law in India: Has Law Kept Pace with Emerging Trends? An Empirical Study Journal of International Commercial Law and Technology Vol. 5, Issue 1 (2010)

(7) Yahoo, Inc v Akash Arora 1999 PTC (19) 229 (Delhi), Rediff Communications Ltd. v Cyberbooth AIR 2000 Bom 27, Satyam Infoway Ltd. v Sifynet Solutions 2004 (6) SCC 145.

Dr. Rajinder Kaur, Assistant Professor of Law, Department of Laws, Panjab University, Chandigarh; e-mail: [email protected]

Dr. Rashmi Aggarwal, Associate Professor, IB and EES, IMT Ghaziabad, U.P, India; e-mail: [email protected]

Figure 1: Cases Registered under
Information Technology Act, 2000

Cases Registered under
Information Technology Act, 2000

2006 142
2007 217
2008 288
2009 420
2010 966
2011 1791
2012 2876

Note: Table made from bar graph.