A NOTES ON

THE INFORMATION
TECHNOLOGY ACT,2000

PRESENTED BY
SRI. S.SAMBASIVA REDDY
ADDL.P.P.GR-II, ASJ COURT, HUZURABAD
1. INTRODUCTION

“The world is not run by the weapons any more, or energy or money. It is run by ones zeroes-little
bits of data. It is all electrons. There is a war. It is about who controls the information. What we see
and hear, how we work, what we think.[ sneakers MCA/ UNIVERSAL,1992 ]”

India is second largest market in world for smart phone. India is at second place regarding face book
users and thirty million twitter users. Whatsapp users are around one million. It is expected that in
next one year, mobile internet users will be three hundred twenty million and total internet users shall
be five hundred million.

The present generation cannot imagine a life without the computers. Computer, internet and
e-revolution have changed the life style of the people. Today paper based communication has been
substituted by e-communication, paper based commerce by e-commerce and paper based governance
by e-governance. Accordingly we have new terminologies like cyber world, netizens, e-transaction,
e-banking, e-return and e-contracts. But this multipurpose uses of computer increased the crime which
has been spread throughout the world.

Apart from positive side of e-revolution there is seamy side also as computer and internet in the hands
of criminals has become weapon of offence. Accordingly a new branch of jurisprudence emerged to
tackle the problems of cyber crimes in cyber space i.e. Cyber Law or Cyber Space Law or Information
Technology Law or Internet Law.

The United Nations Commission Trade Law (UNCITRAL) adopted the Model Law on Electronic
Commerce in 1996 in order to bring uniformity in the law of different countries. The General
Assembly of the United Nations by Resolution dated 30th January 1997, recommended that all the
countries should give favorable considerations to this Model Law when they enact or revise their
laws.

The Ministry of Commerce Government of India created the first draft of the legislation following
these guidelines termed as “E Commerce Act 1998”. Since later a separate ministry for Information
technology came into being ,the draft was taken over by the new ministry which redrafted the
legislation as “Information Technology Bill 1999”. This draft was placed in the Parliament in
December 1999 and was passed in May 2000. After the assent of the President on June 9, 2000, the
Act was finally notified with the effect from October 17,2000.

2. AIMS & OBJECTS OF THE INFORMATION TECHNOLOGY ACT, 2000.

The preamble to the IT Act, 2000 points out a threefold objective, firstly, to provide legal recognition
for transactions carried out through electronic means, secondly, to facilitate the electronic filing of
documents with government agencies, and thirdly, to amend certain Acts, interalia, the Indian Penal
Code, 1860 Indian Evidence Act, 1872.

3. SILENT FEATURES OF INFORMATION TECHNOLOGY ACT 2000

The silent features of the Act are;
The Act gives legal recognition of Electronic Documents.
The Act gives legal recognition of Digital Signatures.
It describes and elaborates Offenses, penalties and Contraventions.
It gives outline of the Justice Dispensation Systems for cyber crimes.
The Act also provides for the constitution of the Cyber Regulations Advisory Committee, which
shall advice the government as regards any rules, or for any other purpose connected with the said act.
The said Act also proposed to amend to; The Indian Penal Code, 1860, The Indian Evidence Act,
1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act, 1934 etc...
4. THE INFORMATION TECHNOLOGY ACT
The I. T. Act is spread in total 13 chapters. There are total 90 sections, the last four sections namely
sections 91 to 94 in the I. T. Act 2000 dealt with the amendments to the Indian Penal Code 1860, The
Indian Evidence Act 1872, The Bankers‟ Books Evidence Act 1891 and the Reserve Bank of India
Act 1934 were deleted. The Act is embedded with two schedules. The First Schedule deals with
Documents or Transactions to which the Act shall not apply. The Second Schedule deals with
electronic signature or electronic authentication technique and procedure. The Third and Fourth
Schedule are omitted.

I. APPLICATION OF THE INFORMATION TECHNOLOGY ACT

As per Section 1 of The I. T. Act, the Act extends to the whole of India and except as otherwise
provided, it applies to also any offence or contravention there under committed outside India by any
person. As per sub clause (4) of Section 1, Nothing in this Act shall apply to documents or
transactions specified in First Schedule. i.e.,
a) negotiable instrument (Other than a cheque) as defined in section 13 of the Negotiable
Instruments Act, 1881;
b) a power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882;
c) a trust as defined in section 3 of the Indian Trusts Act, 1882
d) a will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 including any
other testamentary disposition
e) any contract for the sale or conveyance of immovable property or any interest in such property;
f) any such class of documents or transactions as may be notified by the Central Government

II. DEFINATIONS (Sec.2 of IT Act). The I. T. Act, 2000 provides for following definitions;

Section 2(a) Access Section 2(r) Electronic Form

Section 2(b) Addressee Section 2(s) Electronic Gazette
Section 2(c) Adjudicating Officer Section 2(t) Electronic Record
Section 2(d) Affixing Section 2(ta) Electronic Signature
Section 2(e) Appropriate Section 2(tb) Electronic Signature
Authority Certificate
Section 2(f) Asymmetric Crypto Section 2(u) Function
System
Section 2(g) Certifying Authority Section 2(ua) Indian Computer
Emergency Response
Team
Section 2(h) Certification Practice Section 2(v) Information
Statement
Section 2(ha) Communication Section 2(w) Intermediary
Device
Section 2(i) Computer Section 2(x) Key Pair
Section 2(j) Computer Network Section 2(y) Law
Section 2(k) Computer Resource Section 2(z) Licence
Section 2(l) Computer System Section 2(za) Originator
Section 2(m) Controller Section 2(zb) Prescribed
Section 2(n) Cyber Appellate Section 2(zc) Private key
Tribunal
Section 2(na) Cyber Café Section 2(zd) Public key
Section 2(nb) Cyber Security Section 2(ze) Secure system
Section 2(o) Data Section 2(zf) Security procedure
Section 2(p) Digital Signature Section 2(zg) Subscriber
Section 2(q) Digital Signature Section 2(zh) Verify
Certificate
The ITA-2000 defines many important words used in common computer parlance like ‘access’,
‘computer resource’, ‘computer system’, ‘communication device’, ‘data’, ‘information’, ’security
procedure’ etc. some important words are defined as follows.

a. Computer: ‘Computer’ means any electronic magnetic, optical or other high-speed data
processing device or system which performs logical, arithmetic, and memory functions by
manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing,
storage, computer software, or communication facilities which are connected or related to the
computer in a computer system or computer network; So is the word ‘computer system’ which means
a device or a collection of devices with input, output and storage capabilities. Interestingly, the word
‘computer’ and ‘computer system’ have been so widely defined to mean any electronic device with
data processing capability, performing computer functions like logical, arithmetic and memory
functions with input, storage and output capabilities.

Similarly the word ‘communication devices’ inserted in the ITAA-2008 has been given an inclusive
definition, taking into its coverage cell phones, personal digital assistance or such other devices used
to transmit any text, video etc like what was later being marketed as iPad or other similar devices on
Wi-fi and cellular models.

b. Digital Signature: Digital signature was defined in the ITA -2000 as “authentication of electronic
record” as per procedure laid down in Section 3.

c. Electronic Signature: Electronic signature means authentication of any electronic record by a

subscriber by means of electronic techniques specified in the schedule and includes digital signature.

Section 3 of the IT Act discussed the use of asymmetric crypto system and the use of Public Key
Infrastructure and hash function etc. This was later criticized to be technology dependent ie., relying
on the specific technology of asymmetric crypto system and the hash function generating a pair of
public and private key authentication etc. Thus Section 3 which was originally “Digital Signature”
was later renamed as “Digital Signature and Electronic Signature” in ITAA - 2008 thus introducing
technological neutrality by adoption of electronic signatures as a legally valid mode of executing
signatures. This includes digital signatures as one of the modes of signatures and is far broader in
ambit covering biometrics and other new forms of creating electronic signatures not confining the
recognition to digital signature process alone.

M/s. TCS, M/s. Safescript and M/s. MTNL are some of the digital signature certifying authorities in
India, IDRBT (Institute for Development of Research in Banking Technology – the research wing of
RBI) is the Certifying Authorities (CA) for the Indian Banking and financial sector licensed by the
Controller of Certifying Authorities, Government of India.

It is relevant to understand the meaning of digital signature (or electronic signature) here. It would be
pertinent to note that electronic signature (or the earlier digital signature) as stipulated in the Act is
NOT a digitized signature or a scanned signature. In fact, in electronic signature (or digital signature)
there is no real signature by the person, in the conventional sense of the term. Electronic signature is
not the process of storing ones signature or scanning ones signature and sending it in an electronic
communication like email. It is a process of authentication of message using the procedure laid down
in Section 3 of the Act. The other forms of authentication that is simpler to use such as biometric
based retina scanning etc can be quite useful in effective implementation of the Act.
III. DIGITAL SIGNATURE & ELECTRONIC SIGNATURE (CHAPTER- II Sec.3 & 3-A)
The term „Digital Signature‟ was defined in the old I. T. Act, 2000. This term was replaced by
„Electronic Signature‟ by the amending Act of I. T. Act, 2008. Certainly the concept of Electronic
Signature is much wider than term Digital Signature. Section 3 of the Act provides for authentication
of Electronic Records by affixing his Digital Signature. It shall be effected by the use of asymmetric
crypto system and hash function which envelop and transform the initial electronic record into another
electronic record. By the Amendment Act of 2008 Section 3(A) was embedded in the Act. The newly
added provision provides for authentication of electronic record by electronic signature or electronic
authentication technique which is, considered reliable and may be specified in the second schedule.
Sub Clause (2) provides the circumstances in which the electronic signature or electronic
authentication technique shall be considered reliable.

IV. ELECTRONIC GOVERNANCE (Chapter III sec.4 to 10A)

e-governance is a form of e-business, which involves delivery of electronic services to the public. It
also involves collaborating with business partners of the government by conducting electronic
transactions with them. It enables general public to interact with the government, through electronic
means, for getting the desired services. The main objective of e-governance is to simplify and
improve governance and enable people’s participation in governance through mail and internet. E-
governance is much more than just preparing some websites. It ranges from the use of internet for the
dissemination of plain web based information at its simplest level to services and online transactions
on the one hand and utilizing IT in the democratic process itself, i.e., election. On the other hand E-
governance is not only providing information about the various activities of the government to its
citizens and other organizations but it involves citizens to communicate with government and
participate in government decision-making.

This chapter discusses Electronic governance issues and procedures and the legal recognition to
electronic records is dealt with in detail in Section 4 followed by description of procedures on
electronic records, storage and maintenance and according recognition to the validity of contracts
formed through electronic means. Procedures relating to electronic signatures and regulatory
guidelines for certifying authorities have been laid down in the sections that follow.

V. Chapter-IV of IT Act from Sec. 11 to 13 deals with the Attribution, Acknowledgment and
dispatch of electronic records.

VI. Chapter-V of IT Act from Sec. 14 to 16 deals with Secure Electronic Records and Secure
Electronic Signatures. This chapter mainly deals with the Secure electronic record and Secure
electronic signature, Security procedures and practices.

VII. Chapter-VI of the IT Act from Sec.17 to 34 deal with Regulation of Certifying Authorities. The
regulation of Certifying Authority (CA) is a statutory function of the Controller of Certifying
Authority (CCA) and under the IT Act he has to act as administrative authority rather than quasi-
judicial body. This chapter further deals with the appointment of controller and other officers and
their functions, recognition and revocation of foreign certifying authorities, issues relating license to
issue electronic certificates and its renewal, rejection and suspension and procedure to be followed by
certifying authorities etc.,

VIII. Chapter-VII of IT Act from Sec. 35 to 39 deal with Electronic Signature Certificate,
suspension and revocation of electronic certificates etc.,

IX. Chapter-VIII of IT Act from sec. 40- 42 deals with the Subscribers. Subscriber means a person
in whose name the Electronic Signature Certificate is issued. This chapter further deals with
generating Key par, Duties of subscriber of Electronic Signature Certificate, Acceptance of Digital
Signature Certificate, Control of Private Key.
X. PENALTIES, COMPENSATION AND ADJUDICATION (CHAPTER-IX Sec.43 to 47)

i. Penalty and compensation for damage to computer, computer system, etc. (Sec.43)
If any person without permission of the owner or any other person who is in-charge of a computer,
computer system or computer network does any of the following acts then he shall be liable to pay
damages by way of compensation to the person so affected –
a. Accesses or secures access to such computer, computer system or computer network or computer
resource;
b. Downloads, copies or extracts any data, computer data base or information from such computer,
computer system or computer network including information or data held or stored in any removable
storage medium;
c. Introduces or causes to be introduced any computer contaminant or computer virus into any
computer, computer system or computer network;
d. Damages or causes to be damaged any computer, computer system or computer network, data,
computer database or any other programmes residing in such computer, computer system or computer
network;
e. Disrupts or causes disruption of any computer, computer system or computer network;
f. Denies or causes the denial of access to any person authorized to access any computer, computer
system or computer network by any means;
g. Provides any assistance to any person to facilitate access to a computer, computer system or
computer network in contravention of the provisions of this Act, rules or regulations made thereunder;
h. Charges the services availed of by a person to the account of another person by tampering with or
manipulating any computer, computer system or computer network;
i. Destroys, deletes or alters any information residing in a computer resource or diminishes its value or
utility or affects it injuriously by any means;
j. Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any
computer source code used for a computer resource with an intention to cause damage.
Explanations
‘Computer contaminant’ means any set of computer instructions that are designed –
a. To modify, destroy, record, transmit data or programme residing within a computer, computer
system or computer network; or
b. By any means to usurp the normal operation of the computer, computer system, or computer
network.

‘Computer database’ means a representation of information, knowledge, facts, concepts or

instructions in text, image, audio, video that are being prepared or have been prepared in the
formalized manner or have been produced by a computer, computer system or computer network and
are intended for use in a computer, computer system or computer network.

‘Computer virus’ means any computer instruction, information, data or programme that destroys,
damages, degrades or adversely affects the performance of a computer resource or attaches itself to
another computer resource and operates when a programme, data or instruction is executed or some
other event takes place in that computer resource.

‘Damage’ means to destroy, alter, delete, add, modify or rearrange any computer resource by any
means.

‘Computer source code’ means the listing of programmes, computer commands, design and layout
and programme analysis of computer resource in any form.

ii. Compensation for failure to protect data (Sec.43A)

Where a body corporate, possessing, dealing or handling any sensitive personal data or information in
a computer resource which it owns, controls or operates, is negligent in implementing and
maintaining reasonable security practices and procedures and thereby causes wrongful loss or
wrongful gain to any person, such body corporate shall be liable to pay damages by way of
compensation to the person so affected.
Explanations:
‘Body corporate’ means any company and includes a firm, sole proprietorship or other association of
individuals engaged in commercial or professional activities.

‘Reasonable security practices and procedures’ means security practices and procedures designed to
protect such information from unauthorized access, damage, use, modification, disclosure or
impairment, as may be specified in an agreement between the parties or as may be specified in any
law for the time being in force and in the absence of such agreement or any law, such reasonable
security practices and procedures as may be prescribed by the Central Government in consultation
with such professional bodies or associations as it may deem fit.

‘Sensitive personal data or information’ means such personal information as may be prescribed by the
Central Government in consultation with such professional bodies or associations as it may deem fit.

iii. Penalty for failure to furnish information, return etc. (Sec.44)

If any person who is required under this Act or any rules or regulations made thereunder to –
a. Furnish any document, return or report to the Controller or the Certifying Authority, fails to furnish
the same, then he shall be liable to a penalty not exceeding Rs. 1.5 lakhs for each such failure;
b. File any return or furnish any information, books or other documents within the time specified
therefor in the regulations, fails to file return or furnish the same within the time specified therefor in
the regulations, then he shall be liable to a penalty not exceeding Rs. 5,000 for every day during
which such failure continues;
c. Maintain books of account or records, fails to maintain the same, then he shall be liable to a penalty
not exceeding Rs. 10,000 for every day during which the failure continues.

iv. Residuary penalty (Sec.45)

Whoever contravenes any rules or regulations made under this Act, for the contravention of which no
penalty has been separately provided, shall be liable to pay compensation not exceeding Rs. 25,000 to
the person affected by such contravention or a penalty not exceeding Rs. 25, 000.

v. Power to adjudicate (Sec.46)

In order to decide whether any person has committed a contravention of any of the provisions of this
Act or of any rule, regulation, direction or order made there under which renders him liable to pay
penalty or compensation, then the Central Government shall appoint any officer not below the rank of
a Director to the Government of India or an equivalent officer of a State Government to be an
adjudicating officer for holding an inquiry in the manner prescribed by the Central Government.The
adjudicating officer shall exercise jurisdiction to adjudicate matters in which the claim for injury or
damage does not exceed Rs. 5 crore.

However, where the claim for injury or damage exceeds Rs. 5 crore then the jurisdiction would vest
with the competent court.

The adjudicating officer shall give the accused a reasonable opportunity for making representation in
the matter. If, after inquiry, he is satisfied that the person has committed the contravention then he
may impose such penalty or award such compensation as he thinks fit.

The person to be appointed as adjudicating officer shall possess such experience in the field of
Information Technology and legal or judicial experience as may be prescribed by the Central
Government.

Where more than one adjudicating officers are appointed, then the Central Government shall specify
the matters and places with respect to which such officers shall exercise their jurisdiction.
Every adjudicating officer shall have the powers of a civil court which are conferred on the Cyber
Appellate Tribunal u/s 58 (2) and –
a. All proceedings before it shall be deemed to be judicial proceedings within the meaning of Sections
193 and 228 of the Indian Penal Code, 1860;
b. Shall be deemed to be a civil court for the purposes of Sections 345 and 346 of the Code of
Criminal Procedure, 1973;
c. Shall be deemed to be a civil court for purposes of Order XXI of the Civil Procedure Code, 1908.

Factors to be taken into account by the adjudicating officer (Sec.47)

While adjudging the quantum of compensation, the adjudicating officer shall have due regard to the
following factors, namely –
a. The amount of gain of unfair advantage, wherever quantifiable, made as a result of the default;
b. The amount of loss caused to any person as a result of the default;
c. The repetitive nature of the default.

XI. Chapter X from Sec. 48 to 64 deals with Establishment of Cyber Appellate Tribunal,
Composition of Cyber Appellate Tribunal, Qualification for appointment as Chairperson and
Members of Cyber Appellate Tribunal, Term of office, conditions of service, etc., of Chairperson and
Members, Salary, allowances and other terms and conditions of service of Chairperson and Members,
Power of superintendence, direction, Distribution of business among Benches, Power of Chairperson
to transfer cases, Filling up of vacancies, Resignation and removal, Staff of the Cyber Appellate
Tribunal, Appeal to Cyber Appellate Tribunal and Limitation period for filing an appeal etc., Sec. 61
of IT Act makes it clear that No civil court shall have jurisdiction to entertain any suit or proceeding
in respect of any matter which an adjudicating officer appointed under this Act or the Cyber Appellate
Tribunal constituted under this Act is empowered by this Act to determine and no injunction shall be
granted by any court or other authority in respect of any action taken or to be taken in pursuance of
any power conferred by this Act. This Act further deals with Appeal to high court and Compounding
of contraventions.

XII. Chapter XI of IT Act from Sec. 65 to 78 deal with the Offences.

1. Tampering with computer source documents (Sec.65)

Any person who knowingly or intentionally conceals, destroys or alters, or causes another to conceal,
destroy or alter any computer source code used for a computer, computer program, computer system
or computer network, when the computer source code is required to be kept or maintained by law for
the time being in force, shall be punishable with imprisonment up to 3 years or with fine which may
extend up to Rs. 2 lakh or with both.
The ‘computer source code’ means the listing of programmes, computer commands, design and layout
and programme analysis of computer resource in any form.

2. Computer related offences (Sec.66)

Any person who, dishonestly or fraudulently, does any act referred to in Section 43, shall be
punishable with imprisonment for a term which may extend to 3 years or with fine which may extend
to Rs. 5 lakh or with both
The words ‘dishonestly’ and ‘fraudulently’ shall have the same meaning assigned to them in the
Indian Penal Code.

3. Punishment for sending offensive messages through communication service, etc. (Sec.66A)
Any person who, by means of a computer resource or a communication device, sends –
a. Any information that is grossly offensive or has a menacing character; or
b. Any information which he knows to be false, but for the purpose of causing annoyance,
inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will,
persistently by making use of such computer resource or a communication device; or
c. Any electronic mail or electronic mail message for the purpose of causing annoyance or
inconvenience or to deceive or to mislead the addressee or recipient about the origin of such
messages, shall be punishable with imprisonment for a term which may extend to 3 years and with
fine.
The ‘communication device’ means cell phones, personal digital assistance or combination of both or
any other device used to communicate, send or transmit any text, video, audio or image.

4. Punishment for dishonestly receiving stolen computer resource or communication device

(Sec.66B)
Any person who, dishonestly received or retains any stolen computer resource or communication
device knowing or having reason to believe the same to be stolen computer resource or
communication device, shall be punished with imprisonment of either description for a term which
may extend to 3 years or with fine which may extend to Rs. 1 lakh or with both.

5. Punishment for identity theft (Sec.66C)

Any person who, fraudulently or dishonestly makes use of the electronic signature, password, or any
other unique identification feature of any other person, shall be punished with imprisonment of either
description for a term which may extend to 3 years and shall also be liable to fine which may extend
to Rs. 1 lakh.

6. Punishment for cheating by personation by using computer resource (Sec.66D)

Any person who, by means for any communication device or computer resource cheats by
personating, shall be punished with imprisonment of either description for a term which may extend
to 3 years and shall also be liable to fine which may extend to Rs. 1 lakh.

7. Punishment for violation of privacy (Sec.66E)

Any person who, intentionally or knowingly captures, publishes or transmits the image of a private
area of any person without his or her consent, under circumstances violating the privacy of that
person, shall be punished with imprisonment which may extend to 3 years or with fine not exceeding
Rs. 2 lakh, or with both.
‘Transmit’ means to electronically send a visual image with the intent that it be viewed by a person
or persons.
‘Capture’ with respect to an image, means to videotape, photograph, film or record by any means.
‘Private area’ means the naked or undergarment clad genitals, pubic area, buttocks or female breast.
‘Publishes’ means reproduction in the printed or electronic form and making it available for public.

8. Punishment for Cyber Terrorism (Sec.66F)

A person commits the offence of cyber terrorism if he,
(i). with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the
people or any section of the people –
a. denies or causes the denial of access to any person authorized to access computer resource; or
b. attempts to penetrate or access a computer resource without authorization or by exceeding
authorized access; or
c. introduces or causes to introduce any computer contaminant;
and by means of such conduct causes or is likely to cause death or injuries to persons, or damage to or
destruction of property, or knowing that it is likely to cause damage or destruction of supplies or
services essential to the life of the community, or adversely affect the critical information
infrastructure specified u/s 70
(ii). Knowingly or intentionally accesses or penetrates a computer resource without authorization or
exceeding authorized access, and by means of such conduct obtains access to information, data or
computer database that is restricted for reasons of the security of the State or foreign relations, or any
restricted information, data or computer database, with reasons to believe that such information, data
or computer database so obtained may be used to cause or likely to cause injury to the interests of the
sovereignty and integrity of India, the security of the State, friendly relations with foreign States,
public order, decency or morality, or in relation to contempt of court, defamation or incitement to an
offence, or to the advantage of any foreign nation, group of individuals or otherwise.
Whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment
which may extend to imprisonment for life.

9. Punishment for publishing or transmitting obscene material in electronic form (Sec.67)

Any person who, publishes or transmits or causes to be published or transmitted in the electronic
form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to
tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to
read, see or hear the matter contained or embodied in it, shall be punished on first conviction with
imprisonment of either description for a term which may extend to 3 years and with fine which may
extend to Rs. 5 lakh and in the event of second or subsequent conviction with imprisonment of either
description for a term which may extend to 5 years and also with fine which may extend to Rs. 10
lakh.

10. Punishment for publishing or transmitting of material containing sexually explicit act etc. in
electronic form (Sec.67A)
Any person who, publishes or transmits or causes to be published or transmitted in the electronic form
any material which contains sexually explicit act or conduct, shall be punished on first conviction
with imprisonment of either description for a term which may extend to 5 years and with fine which
may extend to Rs. 10 lakh, and in the event of second or subsequent conviction with imprisonment of
either description for a term which may extend to 7 years and also with fine which may extend to Rs.
10 lakh.

11. Punishment for publishing or transmitting of material depicting children in sexually explicit
act etc. in electronic form (Sec.67B)
Any person who,
a. Publishes or transmits or causes to be published or transmitted material in any electronic form
which depicts children engaged in sexually explicit act or conduct; or
b. Creates text or digital images, collects, seeks, browses, downloads, advertises, promotes, exchanges
or distributes material in any electronic form depicting children in obscene or indecent or sexually
explicit manner; or
c. Cultivates, entices or induces children to online relationship with one or more children for and on
sexually explicit act or in a manner that may offend a reasonable adult on the computer resource; or
d. Facilitates abusing children online; or
e. Records in any electronic form own abuse or that of others pertaining to sexually explicit act with
children, shall be punished on first conviction with imprisonment of either description for a term
which may extend to 5 years and with fine which may extend to Rs. 10 lakh and in the event of
second or subsequent conviction with imprisonment of either description for a term which may extend
to 7 years and also with fine which may extend to Rs. 10 lakh.
However, these provisions does not extend to any book, pamphlet, paper, writing, drawing, painting
representation or figure in electronic form –
a. The publication of which is proved to be justified as being for the public good on the ground that
such book, pamphlet, paper, writing, drawing, painting representation or figure is in the interest of
science, literature, art or learning or other objects of general concern; or
b. which is kept or used for bona fide heritage or religious purposes.

12. Preservation and retention of information by intermediaries (Sec.67C)

Intermediary shall preserve and retain such information as may be specified for such duration and in
such manner and format as the Central Government may prescribe. Any intermediary who
intentionally or knowingly contravenes the above duty shall be punished with imprisonment for a
term which may extend to 3 years and also be liable to fine.

13. Power of Controller to give directions (Sec.68)

The Controller may, by order, direct a Certifying Authority or any employee of such Authority to take
such measures or cease carrying on of such activities as specified in the order if those are necessary to
ensure compliance with the provisions of IT Act, 2000, rules or any regulations made thereunder.
Any person, who intentionally or knowingly fails to comply with any abovementioned order, shall be
guilty of an offence and shall be liable on conviction to imprisonment for a term not exceeding 2
years or a fine not exceeding Rs. 1 lakh or both.

14. Power to issue directions for interception or monitoring or decryption of any information
through any computer resource (Sec.69)
Where the Central Government or a State Government or any of its officers specially authorized by
the Central Government or the State Government, is satisfied that it is necessary or expedient to do so
in the interest of the sovereignty or integrity of India, defence of India, security of the State, friendly
relations with foreign States or public order or for preventing incitement to the commission of any
cognizable offence relating to above or for investigation of any offence, then it may by an order,
direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be
intercepted or monitored or decrypted any information generated, transmitted, received or stored in
any computer resource.The procedure and safeguards subject to which such interception or
monitoring or decryption may be carried out, shall be such as may be prescribed.
The subscriber or intermediary or any person in-charge of the computer resource shall, when called
upon by any agency, extend all facilities and technical assistance to –
a. Provide access to or secure access to the computer resource generating, transmitting, receiving or
storing such information; or
b. Intercept, monitor or decrypt the information; or
c. Provide information stored in the computer resource.
The subscriber or intermediary or any person who fails to assist such agency shall be punished with
imprisonment for a term which may extend to 7 years and shall also be liable to fine.

15. Power to issue directions for blocking for public access of any information through any
computer resource (Sec.69A)
Where the Central Government or any of its officers specially authorized by it in this behalf is
satisfied that it is necessary or expedient to do so, in the interest of sovereignty or integrity of India,
defence of India, security of the State, friendly relations with foreign States or public order or for
preventing incitement to the commission of any cognizable offence relating to above, then it may, by
order, direct any agency of the Government or intermediary to block for access by the public or cause
to be blocked for access by the public any information generated, transmitted, received, stored or
hosted in any computer resource.
The procedure and safeguards subject to which such blocking for access by the public may be carried
out shall be such as may be prescribed.
The intermediary who fails to comply with such direction shall be punished with imprisonment for a
term which may extend to 7 years and shall also be liable to fine.

16. Power to authorize to monitor and collect traffic data or information through any computer
resource for cyber security (Sec.69B)
To enhance cyber security and for identification, analysis and prevention of intrusion or spread of
computer contaminant in the country, the Central Government may by notification in the Official
Gazette, authorize any agency of the Government to monitor and collect traffic data or information
generated, transmitted, received or stored in any computer resource.
The intermediary or any person-in-charge of the computer resource, when called upon by such
agency, shall provide technical assistance and extend all facilities to such agency to enable online
access or to secure and provide online access to the computer resource generating, transmitting,
receiving or storing such traffic data or information.

The procedure and safeguard for monitoring and collecting traffic data or information, shall be such
as may be prescribed.

Any intermediary who intentionally or knowingly contravenes the above said duty shall be punished
with imprisonment for a term which may extend to 3 years and shall also be liable to fine.
17. Protected system (Sec.70)
The appropriate Government may, by notification in the Official Gazette, declare any computer
resource which directly or indirectly affects the facility of Critical Information Infrastructure, to be a
protected system.
‘Critical Information Infrastructure’ means the computer resource, the incapacitation or destruction
of which, shall have debilitating impact on national security, economy, public health or safety.

The appropriate Government may, by order in writing, authorize the persons to access such protected
systems.

Any person who secures access or attempts to secure access to a protected system in contravention of
the above provisions shall be punished with imprisonment of either description for a term which may
extend to 10 years and shall also be liable to fine.

The Central Government shall prescribe the information security practices and procedures for such
protected system.

18. National nodal agency (Sec.70A)

The Central Government may, by notification in the Official Gazette, designate any organization of
the Government as the national nodal agency in respect of the Critical Information Infrastructure
Protection.
Such designated national nodal agency shall be responsible for all measures including Research and
Development relating to protection of Critical Information Infrastructure. Further, such agency shall
perform its functions and duties in the prescribed manner.

19. Indian Computer Emergency Response Team to serve as national agency for incident
response (Sec.70B)
The Central Government shall, by notification in the Official Gazette, appoint an agency of the
Government to be called the Indian Computer Emergency Response Team.
The Central Government shall provide such agency with a Director-General and such other officers
and employees as may be prescribed.
The salary and allowances and terms and conditions of the Director-General and other officers and
employees shall be such as may be prescribed.
The Indian Computer Emergency Response Team shall serve as the national agency for performing
the following functions in the area of cyber security –
a. Collection, analysis and dissemination of information on cyber incidents;
b. Forecast and alerts of cyber security incidents;
c. Emergency measures for handling cyber security incidents;
d. Coordination of cyber incidents response activities;
e. Issuing guidelines, advisories, vulnerability notes and whitepapers relating to information security
practices, procedures, prevention, response and reporting of cyber incidents;
f. Such other functions relating to cyber security as may be prescribed.

The manner of performing functions and duties of the agency shall be such as may be prescribed. For
performing its functions, the agency may call for information and give directions to the service
providers, intermediaries, data centers, body corporate and any other person. Any service provider,
intermediaries, data centers, body corporate or person who fails to provide the information called for
or comply with the direction shall be punishable with imprisonment for a term which may extend to 1
year or with fine which may extend to Rs. 1 lakh or with both. However, no court shall take
cognizance of any offence except on a complaint made by an officer authorized in this behalf by the
agency.

20. Penalty for misrepresentation (Sec.71)

Any person who makes any misrepresentation to, or suppresses any material fact from the Controller
or the Certifying Authority for obtaining any licence or Electronic Signature Certificate shall be
punished with imprisonment for a term which may extend to 2 years or with fine which may extend to
Rs. 1 lakh or with both.

21. Penalty for breach of confidentiality and privacy (Sec.72)

If any person who, in pursuance of any of the powers conferred under this Act, rules or regulations
made thereunder, has secured access to any electronic record, 383 book, register, correspondence,
information, document or other material without the consent of the person concerned and discloses
such electronic record, book, register, correspondence, information, document or other material to any
other person shall be punished with imprisonment for a term which may extend to 2 years or with fine
which may extend to Rs. 1 lakh or with both.

22. Punishment for disclosure of information in breach of lawful contract (Sec.72A)

Any person including an intermediary who, while providing services under the terms of lawful
contract, has secured access to any material containing personal information about another person,
with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses
without the consent of the person concerned or in breach of a lawful contract, such material to any
other person, shall be punished with imprisonment for a term which may extend to 3 years or with
fine which may extend to Rs. 5 lakh or with both.

23. Penalty for publishing Electronic Signature Certificate false in certain particulars (Sec.73)
No person shall publish an Electronic Signature Certificate or otherwise make it available to any other
person with the knowledge that –
a. The Certifying Authority listed in the certificate has not issued it; or
b. The subscriber listed in the certificate has not accepted it; or
c. The certificate has been revoked or suspended,
unless such publication is for the purpose of verifying a electronic signature created prior to such
suspension or revocation.
Any person who contravenes above provisions shall be punished with imprisonment for a term which
may extend to 2 years or with fine which may extend to Rs. 1 lakh or with both.

24. Publication for fraudulent purpose (Sec.74)

Any person, who knowingly creates, publishes or otherwise makes available an Electronic Signature
Certificate for any fraudulent or unlawful purpose shall be punished with imprisonment for a term
which may extend to 2 years or with fine which may extend to Rs. 1 lakh or with both.

25. Act to apply for offence or contravention committed outside India (Sec.75)
The provisions of this Act shall apply also to any offence or contravention committed outside India by
any person irrespective of his nationality.
However, for such liability the act or conduct constituting the offence or contravention should involve
a computer, computer system or computer network located in India.

26. Confiscation (Sec.76)

Any computer, computer system, floppies, compact disks, tape drives or any other accessories related
thereto, in respect of which any provision of this Act, rules, orders or regulations made thereunder has
been or is being contravened, shall be liable to confiscation.

However, where it is established to the satisfaction of the court adjudicating the confiscation that the
person in whose possession, power or control of any such computer, computer system, floppies,
compact disks, tape drives or any other accessories relating thereto is found, is not responsible for the
contravention of the provisions of this Act, rules, orders or regulations made thereunder, then the
court may, instead of making an order for confiscation of such computer, computer system, floppies,
compact disks, tape drives or any other accessories related thereto, make such other order authorized
by this Act against the person contravening the provisions of this Act, rules, orders or regulations
made thereunder as it may think fit.
27. Compensation, penalties or confiscation not to interfere with other punishment (Sec.77)
No compensation awarded, penalty imposed or confiscation made under this Act shall prevent the
award of compensation or imposition of any other penalty or punishment under any other law for the
time being in force.

28. Compounding of offences ((Sec.77A)

A court of competent jurisdiction may compound offences, except the offences for which the
punishment for life or imprisonment for a term exceeding 3 years has been provided, under this
Act.240 However, the court shall not compound such offence where the accused is, by reason of his
previous conviction, liable to either enhanced punishment or to a punishment of different kind.
Further, the court shall not compound any offence where such offence affects the socio-economic
conditions of the country or has been committed against a child below the age of 18 years or a
woman.
The person accused of an offence under this Act may file an application for compounding in the court
in which offence is pending for trial and the provisions of Sections 265 B and 265 C of the Code of
Criminal Procedure, 1973 shall apply.

29. Offences with 3 years imprisonment to be bailable (Sec.77B)

Notwithstanding anything contained in the Code of Criminal Procedure, 1973, the offence punishable
with imprisonment of 3 years and above shall be cognizable and the offence punishable with
imprisonment of 3 years shall be bailable.

30. Power to investigate offences (Sec.78)

Notwithstanding anything contained in the Code of Criminal Procedure, 1973, a police officer not
below the rank of Inspector shall investigate any offence under this Act.

XIII. Chapter XII section 79 of IT Act deal with Intermediaries and their bein not liable in certain
cases.

XIV. EXAMINER OR ELECTRONIC EVIDENCE (CHAPTER XIIA Sec. 79-A)

A
Central Government to notify Examiner of Electronic Evidence. (Sec.79A)
TheCentral Government may, for the purposes of providing expert opinion on electronic form
evidence before any court or other authority specify, by notification in the Official Gazette, any
Department, body or agency of the Central Government or a State Government as an Examiner of
Electronic Evidence.
Explanation.—For the purpose of this section, “electronic form evidence” means any information of
probative value that is either stored or transmitted in electronic form and includes computer evidence,
digital audio, digital video, cell phone, digital fax machines.

XV. MISCELLANEOUS (CHAPTER XIII Sec.80 to 90)

(0
i. Power of police officer and other officers to enter, search, etc. (Sec.80)
(1) Notwithstanding
anything contained in the Code of Criminal Procedure, 1973 (2 of 1974), any police officer, not below
the rank of a Inspector, or any other officer of the Central Government or a State Government
authorised by the Central Government in this behalf may enter any public place and search and arrest
without warrant any person found therein who is reasonably suspected or having committed or of
committing or of being about to commit any offence under this Act.
Explanation.—For the purposes of this sub-section, the expression “public place” includes any public
conveyance, any hotel, any shop or any other place intended for use by, or accessible to the public.
(2) Where any person is arrested under sub-section (1) by an officer other than a police officer, such
officer shall, without unnecessary delay, take or send the person arrested before a magistrate having
jurisdiction in the case or before the officer-in-charge of a police station.
 (3) The provisions of the Code of Criminal Procedure, 1973 (2 of 1974) shall, subject to the,
provisions of this section, apply, so far as may be, in relation to any entry, search or arrest, made
under this section. 81

ii. Act to have overriding effect. (Sec.81)

—The provisions of this Act shall have effect notwithstanding anything inconsistent therewith
contained in any other law for the time being in force.
Provided that nothing contained in this Act shall restrict any person from exercising any right
conferred under the Copyright Act, 14 of 1957 or the Patents Act, 39 of 1970.] 81A

iii. Application of the Act to electronic cheque and truncated cheque. (Sec.81A)
(1) The provisions of this Act, for the time being in force, shall apply to, or in relation to, electronic
cheques and the truncated cheques subject to such modifications and amendments as may be
necessary for carrying out the purposes of the Negotiable Instruments Act, 1881 (26 of 1881) by the
Central Government, in consultation with the Reserve Bank of India, by notification in the Official
Gazette.
(2) Every notification made by the Central Government under sub-section (1) shall be laid, as soon as
may be after it is made, before each House of Parliament, while it is in session, for a total period of
thirty days which may be comprised in one session or in two or more successive sessions, and if,
before the expiry of the session immediately following the session or the successive sessions
aforesaid, both Houses agree in making any modification in the notification or both Houses agree that
the notification should not be made, the notification shall thereafter have effect only in such modified
form or be of no effect, as the case may be; so, however, that any such modification or annulment
shall be without prejudice to the validity of anything previously done under that notification.
Explanation.—For the purposes of this Act, the expression “electronic cheque” and “truncated
cheque” shall have the same meaning as assigned to them in section 6 of the Negotiable Instruments
Act, 1881 (26 of 1881)]. 82

The other sections of this chapter deal with as follows:

Chairperson, Members, Officers and employees to be public servants.(Sec.82),
Power to give directions. (Sec.83)
Protection of action taken in good faith. (Sec.84)
Modes or methods for encryption. (Sec.84A)
Punishment for abetment of offence. (Sec.84B)
Punishment for abetment to commit offence. (Sec.84C)
Offences by companies. (Sec.85)
Removal of difficulties. (Sec.86)
Power of Central Government to make rules. (Sec.87)
Constitution of Advisory Committee. (Sec.88)
Power of Controller to make regulations. (Sec.89
Power of state Government to make rules. (Sec.90)

XVI. FIRST SCHEDULE

[See sub-section (4) of section 1]
As per this first schedule following are the documents or transactions to which the Act shall not
Apply;
1. Negotiable Instrument (Other than a cheque) as defined in section 13 of the Negotiable Instruments
Act, 1881;
2. A power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882;
3. A trust as defined in section 3 of the Indian Trusts Act, 1882;
4. A will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 including any other
testamentary disposition;
5. Any contract for the sale or conveyance of immovable property or any interest in such property;
6. Any such class of documents or transactions as may be notified by the Central Government
5. POSITIVE ASPECTS OF INFORMATION TECHNOLOGY ACT, 2000.

Prior to the enactment of the IT Act, 2000 even an e-mail was not accepted under the prevailing
statutes of India as an accepted legal form of communication and as evidence in a court of law. But
the IT Act, 2000 changed this scenario by legal recognition of the electronic format. Indeed, the IT
Act, 2000 is a step forward.

From the perspective of the corporate sector, companies shall be able to carry out electronic
commerce using the legal infrastructure provided by the IT Act, 2000. Till the coming into effect of
the Indian Cyber law, the growth of electronic commerce was impeded in our country basically
because there was no legal infrastructure to regulate commercial transactions online.

Corporate will now be able to use digital signatures to carry out their transactions online. These digital
signatures have been given legal validity and sanction under the IT Act, 2000.

In today’s scenario, information is stored by the companies on their respective computer system, apart
from maintaining a back up. Under the IT Act, 2000, it shall now be possible for corporate to have a
statutory remedy if any one breaks into their computer systems or networks and causes damages or
copies data. The remedy provided by the IT Act, 2000 is in the form of monetary damages, by the
way of compensation, not exceeding Rs. 1, 00, 00,000.

IT Act, 2000 has defined various cyber crimes which includes hacking and damage to the computer
code. Prior to the coming into effect of the Indian Cyber law, the corporate were helpless as there was
no legal redress for such issues. But the IT Act, 2000 changes the scene altogether.

6. IMPORTANT RULES & NOTIFICATIONS OF IT ACT 2000

A)The Information Technology (Reasonable security practices and procedures and sensitive personal
data or information) Rules, 2011 These rules are regarding sensitive personal data or information and
are applicable to the body corporate or any person located within India. It basically requires entities
holding sensitive personal information of users to maintain certain specified security standards.

B) The Information Technology (Electronic Service Delivery) Rules, 2011 These rules provide for
creation of a system of electronic delivery of services. Under the Electronic Service Delivery Rules
the government can specify certain services, such as applications, certificates, licenses etc, to be
delivered electronically.

C) The Information Technology (Intermediaries Guidelines) Rules, 2011. These rules provide the
rights and responsibilities of internet intermediaries in India. If the Internet intermediaries follow
these rules and exercise proper cyber due diligence, they are entitled to a “safe harbour protection”.
Otherwise, they are liable for various acts or omission occurring at their respective platforms once the
matter has been brought to their notice.

D) The Information Technology (Guidelines For Cyber Cafe) Rules, 2011. According to these
guidelines, cyber cafes should register themselves with an appropriate government agency, and
provide services to users only after establishing their identity. It also deals with maintenance of
records of such identity as well as log of sites visited, among others.

E) The Cyber Appellate Tribunal (Salary, Allowances And Other Terms And Conditions Of Service
Of Chairperson And Members) Rules, 2009. These rules provide for the salary, allowances and terms
of service of the Chairperson and members of the Cyber Appellate Tribunal.

F) The Cyber Appellate Tribunal (Procedure For Investigation Of Misbehavior Or Incapacity Of

Chairperson And Members) Rules, 2009. These rules provide for the procedure for investigation of
misbehavior or incapacity of the Chairperson and members of the Cyber Appellate Tribunal.
G) The Information Technology (Procedure And Safeguards For Blocking For Access Of Information
By Public), 2009. The rules provide for the designation of an officer of the Central Government for
the purpose of issuing direction for blocking for access by the public any information generated,
transmitted, received, stored or hosted in any computer resource. It provides the procedure and the
safeguards to be followed by the designated officer.

H) The Information Technology (Procedure And Safeguards For Interception, Monitoring And
Decryption Of Information) Rules, 2009. These rules explain the procedure and safeguards subject to
which such interception or monitoring or decryption may be carried out.

I) The Information Technology (Procedure And Safeguard For Monitoring And Collecting Traffic
Data Or Information) Rules, 2009 It contains the procedure for aggregate monitoring of
communications and the procedural safeguards to be observed in them.

J) The Information Technology (Use Of Electronic Records And Digital Signatures) Rules, 2004.
These rules deal with the manner and format in which the electronic records should be filed, created
or issued. It also states the manner or method of payment of any fees or charges for filing or creating
any electronic record.

K) The Information Technology (Security Procedure) Rules, 2004. These rules prescribe the
provisions relating to secure digital signatures and secure electronic records.

L) The Information Technology (Other Standards) Rules, 2003. The rules deal with the standards to
be observed by the Controller to ensure that the secrecy and security of the digital signatures are
assured.

M) The Information Technology (Certifying Authority) Regulations, 2001.The regulation details the
technical standards and procedures to be used by a Certifying Authority.

N) Information Technology (Certifying Authorities) Rules, 2000. This rule deals with licensing of
Certifying authorities and the procedures that need to be complied by them. It also prescribed the
eligibility, appointment and working of Certifying Authorities.

7. CYBER CRIME
Cyber crime means any criminal activity in which a computer or network is the source, tool or target
or place of crime. The Cambridge English Dictionary defines cyber crimes as crimes committed with
the use of computers or relating to computers, especially through internet. Crimes involving use of
information or usage of electronic means in furtherance of crime are covered under the scope of cyber
crime.

It is the darker side of technology. The term „Cyber Crime’ finds no mention either in The
Information Technology Act 2000 or in any legislation of the Country. Cyber Crime is not different
than the traditional crime. The only difference is that in Cyber Crime the computer technology is
involved. This can be explained by following instance;

Traditional Theft : A thief enters in B‟s house and steals an object kept in the house. Hacking : A
Cyber Criminal sitting in his own house, through his computer hacks the computer of B and steals the
data saved in B‟s computer without physically touching the computer or entering in B‟s house.

As per government National Crime Bureau report, there were 9,600 cases reported in year 2014.
Unofficial sources indicate that it is beyond 3 lacs.

Cyber Crimes may be committed against persons, property and government. The common types of
cyber crimes may be discussed under the following heads.
1. Hacking - A hacker is an unauthorized user who attempts to or gains access to an information
system. Hacking is a crime even if there is no visible damage to the system, since it is an invasion in
to the privacy of data. There are different classes of Hackers.

a) White Hat Hackers - They believe that information sharing is good, and that it is their duty to share
their expertise by facilitating access to information. However there are some white hat hackers who
are just “joy riding" on computer systems.

b) Black Hat Hackers - They cause damage after intrusion. They may steal or modify data or insert
viruses or worms which damage the system. They are also called ‘crackers’.

c) Grey Hat Hackers - Typically ethical but occasionally violates hacker ethics Hackers will hack into
networks, stand-alone computers and software. Network hackers try to gain unauthorized access to
private computer networks just for challenge, curiosity, and distribution of information. Crackers
perform unauthorized intrusion with damage like stealing or changing of information or inserting
malware (viruses or worms)

d) Ethical Hackers- will be used to know the roots of the cyber crimes by the investigations
department authorized by government to detect and prevent the cyber crimes.

2. Cyber Stalking - This crime involves use of internet to harass someone. The behavior includes
false accusations, threats etc. Normally, majority of cyber stalkers are men and the majority of victims
are women.

3. Spamming - Spamming is sending of unsolicited bulk and commercial messages over the internet.
Although irritating to most email users, it is not illegal unless it causes damage such as overloading
network and disrupting service to subscribers or creates .negative impact on consumer attitudes
towards Internet Service Provider.

4. Cyber Pornography - Women and children are victims of sexual exploitation through internet.
Pedophiles use the internet to send photos of illegal child pornography to targeted children so as to
attract children to such funs. Later they are sexually exploited for gains.

5. Phishing - It is a criminally fraudulent process of acquiring sensitive information such as

username, passwords and credit card details by disguising as a trustworthy entity in an electronic
communication.

6. Software Piracy - It is an illegal reproduction and distribution of software for business or personal
use. This is considered to be a type of infringement of copy right and a violation of a license
agreement. Since the unauthorized user is not a party to the license agreement it is difficult to find out
remedies.

7. Corporate Espionage - It means theft of trade secrets through illegal means such as wire taps or
illegal intrusions.

8. Money Laundering - It means moving of illegally acquired cash through financial and other
systems so that it appears to be legally acquired. eg. Transport cash to a country having less stringent
banking regulations and move it back by way of loans the interest of which can be deducted from his
taxes. This is possible prior to computer and internet technology, electronic transfers have made it
easier and more successful.
9. Embezzlement - Unlawful misappropriation of money, property or any other thing of value that
has been entrusted to the offender’s care, custody or control is called embezzlement. Internet facilities
are misused to commit this crime.

10. Password Sniffers - Password sniffers are programmes that monitor and record the name and
password of network users as they log in, jeopardizing security at a site. Whoever installs the sniffer
can impersonate an authorized user and log in to access on restricted documents.

11. Spoofing - It is the act of disguising one computer to electronically “look” like another compute,
in order to gain access to a system that would be normally is restricted. Spoofing was used to access
valuable information stored in a computer belonging to security expert Tsutomu Shimomura.

12. Credit Card Fraud - In U.S.A. half a billion dollars have been lost annually by consumers who
have credit cards and calling card numbers. These are stolen from on-line databases.

13. Web Jacking - The term refers to forceful taking of control of a web site by cracking the
password.

14. Cyber terrorism - The use of computer resources to intimidate or coerce government, the civilian
population or any segment thereof in furtherance of political or social objectives is called cyber
terrorism. Individuals and groups quite often try to exploit anonymous character of the internet to
threaten governments and terrorize the citizens of the country.

8. ELECTRONIC EVIDENCE

Today, virtually every crime has an electronic component in terms of computers and electronic
technology being used to facilitate the crime. Computers or cell phones used in crimes may contain a
host of evidence related to the crime, whether it is a conventional crime or a terrorist act.

The type of evidence that we are dealing with has been variously described as 'electronic evidence',
'digital evidence' or 'computer evidence'.

A) Definitions of digital evidence

Digital evidence include 'Information of probative value stored or transmitted in binary form; and
'Information stored or transmitted in binary form that may be relied on in court. While the term
'digital' is too wide, as we have seen the use of 'binary' is too restrictive, because it only describes one
form of data. Electronic evidence : data (comprising the output of analogue devices or data in digital
format) that is manipulated, stored or communicated by any man-made device, computer or computer
system or transmitted over a communication system, that has the potential to make the factual account
of either party more probable or less probable than it would be without the evidence.

This definition has three elements. First, it is intended to include all forms of evidence that is created,
manipulated or stored in a product that can, in its widest meaning, be considered a computer,
excluding for the time being the human brain.
Second, it aims to include the various forms of devices by which data can be stored or transmitted,
including analogue devices that produce an output. Ideally, this definition will include any form of
device, whether it is a computer as we presently understand the meaning of a computer; telephone
systems, wireless telecommunications systems and networks, such as the Internet; and computer
systems that are embedded into a device, such as mobile telephones, smart cards and navigation
systems.
The third element restricts the data to information that is relevant to the process by which a dispute,
whatever the nature of the disagreement, is decided by an adjudicator, whatever the form and level the
adjudication takes. This part of the definition includes one aspect of admissibility – relevance only –
but does not use 'admissibility' in itself as a defining criteria, because some evidence will be
admissible but excluded by the adjudicator within the remit of their authority, or inadmissible for
reasons that have nothing to do with the nature of the evidence – for instance because of the way it
was collected. The last criteria, however, restricts the definition of electronic evidence to those items
offered by the parties as part of the fact finding process.

Electronic documents are easy to manipulate: they can be copied, altered, up-dated, deleted (deleted
does not mean expunged) or intercepted.

B) Meaning of some technical terms :

The first hindrance while dealing with electronic evidence is to understand the meaning of some
technical terms frequently used in technological world. It is every important to understand the
function of machine and its operating procedure.

i. THE COMPUTER :
The term 'computer' is often used generically to describe almost any form of processing unit.
However, not all devices are appropriately termed a computer. For the purposes of this text, a
computer can be defined in terms of a set of characteristics that illustrate how it functions. This
account is sometimes called an input-processing-output model :
(a) It receives an input of some sort, by way of a local file, mouse, keyboard or through a
communication channel (such as a network connection).
(b) It processes the information.
(c) It produces an output to a local file or a printer, for instances.
(d) It must be able to store information.
(e) It must be able to control what it does.

ii. DATA STORAGE :

The increasingly varied ways of storing computer data and the variety of storage contexts means that
locating relevant data as prospective evidence may not be a simple matter. Data may be stored locally
to a computing device, such as on the hard disk, DVD or CD-ROM, but may also be stored on
removable storage devices such as flash drives, memory sticks, or micro memory devices (as
commonly found in smart phones). Of concern to many digital investigators is the difficulty inherent
in locating and obtaining access to data legally that is stored remotely from an individual's computer,
such as on a remote network or 'cloud' facility.

iii. DATA FORMATS :

Computer data may be broadly classified into binary data, where the information is handled as a
number represented in binary form, and text data, including alpha, numeric and punctuation data. Text
can be entered into the computer by a range of methods :
(a) The typing of letters, numbers and punctuation, mainly when using the keyboard.
(b) Scanning a page with an image scanner and converting the image into data by using optical
character recognition ('OCR') software.
(c) Using a bar code. The bar code represents alphanumeric data. The bar code is read with an optical
device called a wand. The scanned code is converted into binary signals, enabling a bar code
translation component to read the data.
(d) Reading the magnetic stripe on the back of a credit card.
(e) Voice data, where a person speaks into a microphone capable of recording the sounds. This form
of data, as well as video data, is encoded in binary form.
(f) Recent developments in software and signal processing mean that speech to text is a further
possibility. In this instance, the user speaks into a microphone that is connected to the computer and a
dedicated software application analyses the input signal and converts this to a textual representation of
the spoken words. Internet applications such as email and the World Wide Web often manage the
encoding and conversion of data from one format to another in order to facilitate easy network
transfer and convenience of presentation to the user.
iv. COMPUTER STORED AND COMPUTER GENERATED:
Computer-stored evidence includes documents and other records that were created by a human being
and that just happen to be stored in electronic form. Examples include word processing files, e-mail
messages, and Internet chat room messages. This kind of evidence may raise both authentication and
hearsay issues. Computer- generated evidence consists of the direct output of computer programs.
Examples include the login record of an Internet Service Provider, automated telephone call records,
and automatic teller receipts. These records do raise authentication issues but are not properly
regarded as hearsay because they are not the statement of a person. Finally, some records may contain
a combination of computer-stored and computer-generated evidence. For example, a financial
spreadsheet contains both the input data that originated from a person and the output of the computer
program. Such evidence therefore presents both kinds of issues. Another category of evidence,
computer-generated evidence prepared for trial, also presents distinct issues, and is discussed below.

v. METADATA :
Metadata is, essentially, data about data. In electronic documents, metadata tends to be information
that is hidden from the replication of the text as viewed on a screen. Physical documents can be
subject to intensive scrutiny, and the data contained on the document can be analysed in great detail.

C) Types of evidence available on a computer :

A digital evidence specialist can make a range of digital evidence available from a computer. This
section provides an outline of some types of evidence that can be gleaned.

i. FILES AND LOGS :

A wide range of application software is used on a computer, including programs that enable a user to
prepare spreadsheets, databases, text documents, graphic files, multimedia and presentations. The files
themselves include digital evidence, as do system logs. A great deal of data can be retrieved,
depending on the method of storage, the media it is stored on and how the device manages data
storage.

ii. DOCUMENTS AND FILES CREATED OR MODIFIED BY THE USER :

Files containing text can be searched for keywords; forensic tools can then be used to view the
'metadata' : that is, the data that describes or interprets the meaning of data. The metadata can include
information such as the storage location of the file on the disk, the last user to modify the file, and the
date and time the file was originally created.

iii. SYSTEM AND PROGRAM FILES :

A system file in computing is a critical computer file without which a computer system may not
operate correctly. These files may come as part of the operating system, a third-party device driver or
other sources. Specific example of system files include the files with .sys filename extension in MS-
DOS and Windows, the System suitcase on Mac OS and the files located in sys, the root folder of the
Linux file system, sysfs. Program Files is the directory name of a standard folder in Microsoft
Windows operating systems in which applications that are not part of the operating system are
conventionally installed. Typically, each application installed under the 'Program Files' directory will
have a subdirectory for its application-specific resources.

iv. TEMPORARY FILES AND CACHE FILES :

When a computer connects to the Internet, a range of information is recorded and retained in different
locations, including a list of the websites that have been visited. Temporary files of websites that have
been visited are stored in cache folders.

v. DELETED FILES :
File systems keep a record of where data are located on a disk. The way data are stored will differ,
depending on the operating software and the architecture of the method used to allocate blocks of
storage for files. In simple terms, the location of data on a disk is controlled by a file system.
vi. NETWORKS :
Gone are the days when most computers stood alone on a desk. The majority of computers are now
connected, or are intermittently connected, to some form of network. The trials left by the assortment
of logs and files in computers can produce digital evidence in abundance, including use of email,
connecting to the Internet and viewing websites, and the transfer of files between computers. Other
sources of digital evidence can be obtained from server.

Types of network -
(a) Internet - The Internet is a global system of interconnected computer networks that use the Internet
protocol suite (TCP/IP) to link several billion devices worldwide. It is a network of networks that
consists of millions of private, public, academic, business, and government networks of local to global
scope, linked by a broad array of electronic, wireless, and optical networking technologies. The
Internet carries an extensive range of information resources and services, such as the inter-linked
hypertext documents and applications of the World Wide Web (WWW), electronic mail, telephony,
and peer-to-peer networks for file sharing.

(b) Corporate intranets - An intranet, usually run by a large organisation, is a network that is based on
the Internet protocols. In Principle, an intranet is only available to members, employees or others with
authorisation to enter it and use the information contained on the intranet.
(c) Wireless networking - Wireless networking is also known as Wi-Fi meaning wireless fidelity.
(d) Cellular networks - The technology that enables devices to transfer data between a computer and a
cellular telephone, and between cellular telephones, is developing rapidly.
(e) Dial-up - Occasionally, computers are still connected to the Internet by means of the traditional
copper telephone line.

vii. DATA DESTRUCTION :

Data destruction is the most obvious and most widely discussed anti-forensics measure, and has
created a considerable legal and technological debate. Unlike a physical object or piece of paper that
can be destroyed effectively, it is much more difficult to obliterate a document in electronic format.
All a user does when they click the 'delete' icon on a computer is, in general terms, remove the pointer
to the data. The document or data remains, and it is possible to retrieve this data in certain
circumstances, even if it is partly overwritten.

viii. FALSIFYING DATA :

Tampering with evidence is not new. An early example of erasing part of a tape recording and re-
recording part of a conversation occurred. Such attempts to adduce fraudulent evidence before a court
are rare, but increasing. However, it is conceivable, given the ease with which electronic data is so
easily manipulated and altered, that attempts will be made in the future to falsify and alter documents
before a trial takes place.

ix. HIDING DATA :

Tampering with and destroying data work best when the criminal no longer needs the data. For
possession crimes such as the possession of illegal images, this is not possible. Hiding the data rather
than destroying or altering it therefore, becomes an important objective. Cryptography is the best
known anti-forensic method to hide data from third parties.

D. Guidelines for handling digital evidence :

As with any other form of evidence, there are a number of discreet elements that accompany the
collection and handling of digital evidence.

Step 1. Identifying digital evidence :

Evidence discovered in digital format may be the first sign that something is wrong. For instance, a
security administrator to a bank might consider an investigation may be needed where the intrusion
detection system sets off an alarm, or where the email logs indicate that a particular member of staff is
receiving an excessive number of emails during a day or over an extended period. In such a case, the
source and reliability of the information needs to be assessed, which requires an investigation into the
facts.

Step 2. Gathering digital evidence :

Once it has been established that it is necessary to seize or gather evidence in digital format, a further
set of procedures should be in place to guide the digital evidence specialist in respect to the scene
itself, including the identification and seizure of the evidence if necessary. It is important not to
permit anybody to disturb the hardware or the network, or work on a computer that is liable to being
seized and retained, and it is admissible that the police officers that are engaged in searching for
digital evidence should be properly trained. Data can be deleted on a remote server or cloud storage
before it can be secured.
There are two fundamental principles in relation to copying digital evidence that a digital evidence
specialist should be aware of :
(a) The process of making the image should not alter the original evidence. This means that the
appropriate steps should be taken to ensure that the process used to take the image should not write
any data to the original medium.
(b) The process of copying data should produce an exact copy of the original. Such a reproduction
should allow the specialist to investigate the files in the way they that existed on the original medium.

Step 3. Preserving digital evidence :

Digital evidence in particular needs to be validated if it is to have any probative value. A digital
evidence specialist will invariably copy the contents of a number of disks or storage devices, in both
criminal and civil matters. To prove the digital evidence has not been altered, it is necessary to put in
place checks and balances to prove the duplicate evidence in digital format has not been altered since
it was copied. The method used to prove the integrity of data at the time the evidence was collected is
known as an electronic fingerprint. The electronic fingerprint uses a cryptographic technique that is
capable of being associated with a single file, a floppy disk or the entire contents of a hard drive. As
digital evidence is copied, so a digital evidence specialist should use software tools that are relevant to
the task.

Step 4. The chain of custody :

However, the chain of custody, in both civil and criminal matters, should be considered very carefully
in respect to digital evidence. The reason or taking particular care with digital evidence is because it is
easy to alter. It is necessary to demonstrate the integrity of the evidence and to show it cannot have
been tampered with after being seized or copied. There is another reason for being meticulous about
ensuring the chain of evidence is correctly recorded. In a case involving a number of items of
hardware and more than one computer, it will be necessary to ensure there is a clear link between the
hardware and the digital evidence copied from the hardware. In this respect, the record should address
such issues s who collected the evidence; how and where it was collected; the name of the person who
took possession of the evidence; how and where it was stored; the protection afforded to the evidence
while in storage; and the names of the people that removed the evidence from storage, including the
reasons for removing the evidence from storage.

Step 5. Transporting and storing digital evidence :

Consideration should be given to the methods by which any hardware and digital evidence is
transported and stored. Computers need to be protected from accidentally booting up; consideration
should be taken to ensure that hardware is clearly marked to prevent people from using the equipment
unwittingly; and loose hard drives, modems, keyboards and other such materials should be placed in
anti-static or aerated bags. Storage conditions should be appropriate. Hardware and digital evidence
should be protected from dirt, humidity, fluids, extremes of temperature and strong magnetic fields. It
is possible for data to be rendered unreadable if the storage media upon which the digital evidence is
contained are stored in a damp office or overheated vehicle during the summer.

E. Analysis of digital evidence :

digital evidence specialist is not only required to obtain and copy digital evidence that has a high
probative value, but must also provide an analysis of the evidence. The analysis of the evidence will
involve reviewing the text of the data, and the attributes of the data. This exercise may also include,
but will not be limited to, looking for and recovering deleted files, and other data that may be hidden
on the disk, checking logs for activity and checking unallocated and slack space for residual data.
Failure to assess the digital evidence can lead to false assumptions.

F. TOOLS :
A digital evidence specialist will not only, ideally, require an in-depth knowledge of the operating
system they are to investigate, but they will also need to use a number of proprietary tools in the
performance of their investigation and analysis of digital evidence. The types of took they use will
depend on the operating system (Windows, Unix, Macintosh) they are required to look at, and
whether they are investigating a network, hand held devices, embedded systems or wireless networks.

G. COPYING THE HARD DRIVE :

Before entering a computer, it is essential that the investigator is familiar with the underlying
operating systems, files systems and applications. By understanding the file systems, the digital
evidence specialist will be aware of how information is arranged, which in turn enables them to
determine where information can be hidden, and how such information can be recovered and
analysed. In order to establish answers to questions such as : 'who might have had access to a
computer or system'; 'which files they would have been able to look at', and 'whether it was possible
for an unauthorised outsider to obtain access to the computer from the Internet', the digital evidence
specialist should understand the nature of user accounts and profiles, and the control mechanism that
determines which files a user is permitted to gain access to once they are logged on to a system.

H. VIEWING THE DATA :

When the digital evidence has been copied, the data can be viewed physically or logically. To view
data physically, such as the files and the properties associated with them, it is necessary to view the
directory through a tool.

I. RECOVERING DATA :
Increasing numbers of people delete the contents of their hard drives in computers in anticipation of
legal action or after legal action has begun. There are several techniques that can be used to recover
data that has been deleted. This can be done manually or using tools, depending on the complexity of
the problem faced.

J. PASSWORDS AND ENCRYPTION :

A number of tools are available that are capable of removing passwords, and bypassing or recovering
them. Some tools are available to guess passwords if the encryption keys are small enough, and where
it is not possible to defeat a password, it is sometimes possible to search for unencrypted versions of
the data in other areas of the hard disk.

K. Challenges to the authenticity of electronic evidence can include :

1. a claim that the records were altered, manipulated or damaged between the time they were created
and the time they appear in court as evidence;
2. the reliability of the computer program that generated the record ;may be questioned;
3. the identity of the author may be in dispute: for instance, the person responsible for writing a letter
in the form of a word processing file, SMS or email may dispute they wrote the text, or sufficient
evidence has not been adduced to demonstrate the nexus between the evidence and the person
responsible for writing the communication;
4. the evidence from a social networking website might be questioned as to its reliability;
5. it might be agreed that an act was carried out and recorded, but at issue might be that the party
introducing the evidence has failed to prove that where others might have access to a device (such as a
mobile telephone), there was no proof to show that the message was directed to a particular person;
6. whether the person alleged to have used their PIN, password or clicked the 'I accept' icon was the
person that actually carried out the action.
7. The data on local area networks, and whether there is a need to obtain an image of the complete
network, if this is possible. If an image of each computer comprising the network is taken, the issue
with networked computers is to demonstrate who had access to which computers at what time, and
whether this access is audited. The security mechanisms in place on the network will be an important
consideration when proving authenticity.
8. Data from the Internet is also subject to problems, because reliance may be placed on data obtained
from remote computers, the computer of an investigator, and perhaps intercepted evidence. With the
increased use of cloud computing where data is stored on 'server farms', accessible via the Internet,
obtaining a copy of the data may be subject to contractual restrictions, or the data may be stored in
another jurisdiction, which in turn may mean it will be necessary to take local legal advice in relation
to the obtaining of the data.
9. Where data is being updated constantly, such as transactional data-bases, or websites that are
continually updated, this poses problems, as the relevant evidence is point-in-time, which may be
extremely difficult to obtain.
10.Authentication of information on social media sites presents its own unique set of issues. Firstly, it
can be difficult to establish the author of the document, because social media sites often have a
number people writing to the one page. Secondly, proving the identity of an author can be difficult,
since it is still possible to create an internet profile without having to prove identity.

Points to be considered which may help in dealing with electronic evidence :

The above said challenges can be dealt after some general investigative questions are answered. These
are important questions regarding a crime involving computers and electronic evidence, which can be
kept in mind while dealing with such evidences. They are as follows:
A. Use or operating part of machine :
Where is the computer's electronic media (compact disks, floppy disks, thumb drives, etc) stored?
When and where was the computer obtained? Was it new or used?
Who has access to the computer hardware and software?
If other people have access to the computer, hardware or software can they access everything on
the computer or only certain files, folders or programs?
How many people use the computer? Who are they and for how many times ?
Whose fingerprints might be found on the electronic media?
B. About User :
What are the user names on the computers? And What programs are used by each computer user?
What is the level of computer experience of each computer user?
Does the computer require a user name and password? What are they?
C. Connection to the net
How does the computer have access to the Internet (DSL, Cable, Dial-Up, LAN, etc)?
Does the victim or suspect have an e-mail account? Who is the service provider (Yahoo, AOL,
Gmail, Hotmail, etc)? And what is the email address ?
Which e-mail client (program) does the suspect or victim use?
Does the victim or suspect remotely access their computer (can they get into their computer when
away from the office or home)?
Do any of the users use on-line or remote storage?
D. Deleting data
Have any programs been used to “clean” the computer?
Does the computer contain encryption software or hard drive wiping utilities?
What is the chronology of the access or changes in the data?
E. Investigative Authority
Who has investigated the incident and what actions have been taken to identify, collect, preserve, or
analyze the data and the devices involved?
Who handled the evidence?
Document the name and job function (e.g., layperson versus qualified personnel) of each individual
who handled the digital evidence. More than one person could be involved in this process.
 Identify everyone who had control of the digital evidence after it was examined and before it was
given to law enforcement.
How was the digital evidence collected and stored?
Identify any tools or methods used to collect the digital evidence.
Determine who had access to the digital evidence after it was collected (anyone with access to the
evidence should be considered part of the chain of custody). Account for all storage of data as well.
When was the evidence collected? Document the date and time when the evidence was collected
(including a reference to time zone if necessary).

9. IMPORTANT CYBER CRIMES REPORTED IN INDIA

i. Hyderabad’s Rs. 20 Crore Data Conversation Fraud :…….

Mr. C. Suresh, the Managing Director of Vinsri Infotech and owner of the website InfoTech Pvt. Ltd.
had started his business in 1997 of data conversion, to give data entry works, to provide services for
data entry, medical transcription, management and e-Books etc. In January 2002, he fraudulently
received Rs. 2.5 lakh non-refundable deposits from each of the clients giving false promise to give
data entry work and in February 2003, when cheques issued to his clients by him were not cleared
rather dishonored because funds were not available; his clients started demanding either refund of
their deposited amount or clearance of their bills and to provide work. But Mr. C. Suresh, the accused
was silent. Therefore, his clients went to police and lodged separate complaints. Then he was arrested
from Secundrabad on the charge of cyber fraud i.e. about Rs. 20 crore data conversion fraud.

ii. Bangalore Cyber Fraud Case

The Sutra Solutions with 42 branch offices were working as Call Centre and had taken more than 400
students and others promising them to give jobs after few months. They were taken as trainees. The
Sutra collected from trainees Rs. 6,000 as customer support and Rs. 25,000 for technical support; total
Rs. 1.2 crore from all. After depositing the said money some of the trainees identified that the Sutra’s
website named www.sutrasolutions.com was going down, they were not paying building rent and
telephone rents were due. Thereafter the victims lodged complaints against the company. Ajay Shah
(CEO) had been absconding and police arrested Mr. Raju Krishnamurthy on the charge of cyber fraud
though thereafter he was released on bail.

iii. Pune Cyber Fraud Case

About 16 accused were arrested in the incident of Pune cyber fraud. Young employees of BPO
industry Mphasis – Msource were the accused. They defrauded the United States based Citibank
customers of more than Rs. 1.5 crore, including damage to data. John Varghese, a 31 years young was
the master mind of the story. The accused were authorized to access the confidential information of
Citibank account holders as the bank was the e-banking service providers. The accused accessed
password/PINs information from about 5 account holders. Thereafter the culprits have started their
operation by sending and diverting e-mails of e-banking funds transactions. The victims were only
receiving about funds transfer nothing else. One of the victims then lodged complaint to the Citibank
and then Citibank alerted the Mumbai and New York City Investigative Services about the same.
Mumbai Citigroup immediately reached recipient banks in Pune and alerted the Pune Police’s Cyber
Crime Cell to trap the cyber fraud. The accused were caught red-handed while they were about to
check the fund transfer in a Rupees Co-operative Bank, Pune. The accused were charged u/s 65, 66,
71 and 72 of the IT Act, 2000 and u/s 420, 465, 467 and 671 of the IPC, 1860.
iv. Karan Bahree’s Case
The sting operation of the British Tabloid through their newspaper ‘The Sun’ seemed Indian BPO
industries very cloudy in the end of June 2005. On 24th June 2005, a Journalist of ‘The Sun’
newspaper expressed that he had obtained account numbers, secret passwords, credit card details etc.
of almost 1000 British Bank customers from Karan Bahree, the employee of a BPO firm at Gurgaon
by paying 3 pounds. This 24 years old Mr. Karan Bahree was employed only before 3 months of the
incident on probation as a Junior content writer with infinity e-search. He did not have authority to
access those confidential information said by his employer. Subsequently, Karan was fired from the
job. Karan delivered a Compact Disk (CD) to Mr. Oliver who was from the UK as the undercover
reporter of British Tabloid Newspaper.But, no complaint has been registered to control and punish
this culprit with the economic offence wing of the Delhi Police. Karan Bahree’s case was dealt with
u/s 43 (b), 65, 66, 72 and 74 of the IT Act, 2000. After Karan Bahree’s case in June-July 2005, Prime
Minister Dr. Manmohan Singh directed NASSCOM to amend and adopt more effective Data
Protection Laws, security measures and to increase penalties for cyber crimes in superhighway with
the tune of the UK, the USA and to adopt International standard of security system to prevent these
instances in future. Dr. Singh said that “Indian professionals have built for themselves an enviable
global reputation through hard work, dedication and commitment, and the occasional misguided acts
of some individuals should not be allowed to damage the high reputation of all professionals.

v. Lottery Fraud and Cyber Squatter

Most of the times we receive electronic mails information that we are going to win or we won a prize
in a lottery. To receive lottery money the recipients of letters or e-mails naturally sent their reply. As
they will send reply again they will receive another e-mail asking information about bank accounts,
mode of transactions they prefer and other confidential information. They do charge money as
processing fee before that fund transfer. But that prize in lottery to recipient’s accounts never
happened and on the other hand his confidential information, bank accounts etc. may be misused or
abused for commission of other crimes.

vii. West Bengal Cyber Fraud Case

The Kolkata Police raided about 792 online lottery units and 7 district units on 19th December 2004.
The State Finance Department sought police force on 17th December to control violation of the
Lotteries Regulation Act, 1998. The Police seized about 472 electronic lottery devices in Kolkata and
investigated that most of them do not have trade licenses.

viii. HSBC, Bangalore Cyber Fraud Case

The accused who was a resident of Bangalore joined HSBC on 12th December 2005 producing forged
certificates. He had links with terrorist groups and the underworld groups. He was arrested on charges
of data theft and cyber fraud. He committed data theft to illegally transfer money from account of a
multinational and the UK based Bank’s customers. HSBC Electronic Data Processing India Pvt. Ltd.,
Bangalore was the Bank’s BPO arm. They had lodged a complaint with the Cyber Crime Police
Station (CCPS) against that cyber fraud. The crime was so dangerous in nature that the HSBC’s
technical team from Hyderabad as well as Interpol section of police department became involved to
investigate and control it.

ix. Kolkata Cyber Fraud Case Sulagna Roy,

a 23 years old NIFT educated call centre employee committed cyber fraud through calcuttaweb.com.
Her nature of work was selling dish TV to US client. During her work she collected credit card
information of those clients and then started purchasing more than 52 items worth Rs. 1.8 lakh
($,4,000) by using laptop internet and cyber cafes internet, these items were including jewellery,
sarees, chocolate, air-conditioner etc. The calcuttaweb.com provided details of purchases to Detective
Department and CID at Kolkata. She only earned Rs. 8,000 monthly but was buying that valuable
thing. She was arrested and charged with fraud and cheating. She confessed that she did it for fun but
not to commit any intentional crime.

x. Cyber Fraud traced by Detective Department of Mumbai

The owner of Mumbai based e-portal NS Shop-mart named ‘Sidhartha’ was arrested in the month of
September 2006. Sidhartha committed cyber fraud and e-commerce cheating with Supriyo Roy of
Barasat at West Bengal. Through http://www.rediff.com Supriyo Roy had purchased an LCD monitor
and paid Rs, 15,000 in favour of Sidhartha. But, the LCD was never delivered to Supriyo, rather a
cartoon stuffed with paper reached his home a few days later. The police found Sidhartha’s portal
from rediff.com and brought him back to Kolkata after arresting him from Dadar, Mumbai.
xi. Nigerian Scam in Delhi
Recently, the Special Operation Squad of the Delhi Police Crime Branch cracked Nigerian gang in
Delhi which was involved in cyber fraud. They used to send fake mails through internet, which
appeared to be genuine mails sent by banks to their customers, and used to ask their customer ID, e-
banking ID, account number, and password etc. thereafter, they used to transfer the money in these
customer’s account to their own account.

xii. Abdul Kadir’s Case

The Special Task Force of U.P arrested 2 persons allegedly involved in internet fraud and cheating
people of hefty amount. They used to trap their clients by sending them e-mails luring them in the
name of their selection for a lottery prize of $ 2 b. They also demanded money from the parties in the
name of courier and VAT charges and doing insurance prior to transferring their prize amount.

xiii. Air Force Bal Bharti School Case,

A student of the Air Force Bal Bharti School, Lodhi Road, New Delhi was arrested by the Delhi
Police in April 2001. The alleged accused was then a class XII student who created a pornographic
website as revenge of being teased by classmates and teachers. He listed in that website the names of
his 12 school mate girls and teachers in sexually explicit manner. He was then suspended by the
School Authorities though the juvenile court allowed his bail prayer. However, he was charged u/s 67
of the Information Technology Act 2000, and sections 292, 293, 294 of the IPC and the Indecent
Representation of Women Act.

xiv. Tamil Nadu v. Suhas Katti,

This was the first case of the Cyber Crime Cell Chennai. The defendant was charged for annoying,
obscene and defamatory message in the yahoo message group relating to a divorcee woman. The
accused at first opened a false account in the name of the victim and then sent her information through
e-mails. It annoyed the victim because she had to face harrowing calls. The victim filed a complaint
about the fact before police. The Chennai police traced the accused at Mumbai and arrested him
immediately after few days. It was found out by the police that the accused was victim’s family
friend, known to her and wanted to marry her. But she did not marry the accused. However, she
married another one who ended it in divorce later on. After her divorce the accused again became
very crazy about her and started contacting her but she refused for the same. Then the accused started
harassing her through internet. The charge sheet was filed against the accused u/s 469 and 509 of the
IPC, 1860 and section 67 of the IT Act, 2000. On the basis of the expert witness the court held that the
crime is conclusively proved and the accused was convicted and sentenced to undergo rigorous
imprisonment for 2 years and to pay Rs. 500 fine u/s 469 of the IPC i.e. forgery for the purpose of
harming reputation; for the offence u/s 509 of the IPC i.e. word, gesture or act intended to insult the
modesty of a woman with 1 year simple imprisonment and Rs. 500 fine; and for the offence u/s 67 of
the IT Act, 2000 with 2 years rigorous imprisonment and Rs. 4000 fine. The court held that all these
sentences must run concurrently.

xv. Bhubaneswar Case

The Xavier Institute of Management lodged a cyber crime complaint with the police in December
2004 that students and staff of these institutions are getting numerous obscene e-mails. Not only
those, the students were afraid of online threatening, hacking and spamming. Police appointed
technical experts to investigate and examine the whole technological matters. At first these indecent e-
mails were considered by them as spam mails. Gradually, the students and staff were being over
flooded with obscene mails and continuous sexual harassment through internet.

xvi. Delhi Police School and Multimedia Message Service (MMS) Clip Case,
A Delhi Public School boy allegedly filmed his girlfriend in an act of oral sex with him on his cell
phone camera which is to be called as MMS clip. This video clip was then forwarded by him to his
friends, and then his friends sent it to others. Gradually, within a minute it was available to almost all
users and even it was available for small price to the roadside vendors. The clip was copied to VCD
(Video Compact Disk) for sale and distribution. One IIT Kharagpur student named Ravi Raj put that
MMS clip of 2.37 minutes for auction on the Baazee.com which was India’s top auction website and
owned by e-Bay. The Delhi police arrested DPS student, Mr. Ravi Ray Singh and the portal’s CEO,
Mr. Avnish Bajaj. The counsel for the boy contended that the charge against his client is totally false
and it is very difficult to prove who was that particular person because there was no visual of his face
in the clip and he prayed for bail u/s 12 of the Juvenile Justice Act, 2000 though he was arrested u/s
293, 294, 201 of the IPC, 1860 and Section 67 of the IT Act, 2000. Thus, Delhi Public School scandal
was not only the issue of child pornography but also MMS clip in cyberspace. In MMS Clip of School
Girl in Orkut Case, a class XII student was arrested by the cyber crime cell of the Noida police and
the arrested student had confessed that he along with his friends created the picture of a girl,
circulated among friends and created a fake profile of that school girl in Orkut website. He was
arrested under the IPC, the Indecent Representation of Women Act and Section 67 of the IT Act,
2000. The victim girl was in clinical depression since she saw her profile in website which was posted
by her school mates.

xvii. Dr. L. Prakash Case the accused, an orthopedic surgeon along with his 3 staff was arrested for
making cyber pornographic images of his clients forcefully and putting up pornographic images of
those women patients on the internet. The Fast Track Court sentenced accused with life imprisonment
and other 3 co-accused with 7 years rigorous imprisonment. MMS Clip in Krishna Nagar, West
Bengal Case a former boyfriend aged about 22 of victim was alleged to have circulated nude pictures
of a first-year College girl from his mobile phone after he got married with another girl. The girl and
her sister had decided not to go to University even for examinations and not to face neighbors. The
entire family was in ridiculous situation that they even could not step out of house due to taunts about
those pictures. Father of alleged accused was an affluent bell metal trader. He was arrested on the as
victim’s father’s complaint though alleged accused was roaming freely. The Officer-in-Charge of
police station said that “during their affair, accused had taken video clips on his mobile phone which
he circulated among youths in the locality. He also said that the boy’s father knew and encouraged the
same that was the cause of his arrest.

xviii. Ritu Kohli case One Mrs. Ritu Kohli complained to the police against the a person who was
using her identity to chat over the Internet at the website www.mirc.com, mostly in the Delhi channel
for four consecutive days. Mrs. Kohli further complained that the person was chatting on the Net,
using her name and giving her address and was talking obscene language. The same person was also
deliberately giving her telephone number to other chatters encouraging them to call Ritu Kohli at odd
hours. Consequently, Mrs Kohli received almost 40 calls in three days mostly at odd hours from as far
away as Kuwait, Cochin, Bombay and Ahmedabad. The said calls created havoc in the personal life
and mental peace of Ritu Kohli who decided to report the matter. The IP addresses were traced and
the police investigated the entire matter and ultimately arrested Manish Kathuria on the said
complaint. Manish apparently pleaded guilty and was arrested. A case was registered under section
509, of the Indian Penal Code (IPC).

Avnish Bajaj Vs. State (N.C.T.) of Delhi

Avnish Bajaj – CEO of Baazee.com, a customer-to-customer website, which facilitates the online sale
of property. Baazee.com receives commission from such sales and also generates revenue from
advertisements carried on its web pages. An obscene MMS clipping was listed for sale on Baazee.com
on 27th 109 November, 2004 in the name of “DPS Girl having fun”. Some copies of the clipping were
sold through Baazee.com and the seller received the money for the sale. Avnish Bajaj was arrested
under section 67 of the Information Technology Act, 2000. The arguments of the defendant were that
- Section 67 of the Information Technology Act relates to publication of obscene material. It does not
relate to transmission of such material. On coming to learn of the illegal character of the sale,
remedial steps were taken within 38 hours, since the intervening period was a weekend. The court
granted bail to Mr. Bajaj subject to furnishing two sureties of Rs. 1 lakh each. The court ordered Mr.
Bajaj to surrender his passport and not to leave India without the permission of the Court. The court
also ordered Mr. Bajaj to participate and assist in the investigation.
Syed Asifuddin and Ors. V. The State of AP. & Anr., 2005CriLJ4314
Tata Indicom employees were arrested for manipulation of the electronic 32-bit number (ESN)
programmed into cell phones that were exclusively franchised to Reliance Infocomm. The court held
that such manipulation amounted to tampering with computer source code as envisaged by section 65
of the Information Technology Act, 2000. Reliance Infocomm launched a scheme under which a cell
phone subscriber was given a digital handset worth Rs. 10,500/- as well as service bundle for 3 years
with an initial payment of Rs. 3350/- and monthly outflow of Rs. 600/-. The subscriber was also
provided a 1 year warranty and 3 year insurance on the handset. The condition was that the handset
was technologically locked so that it would only work with the Reliance Infocomm services. If the
customer wanted to leave Reliance services, he would have to pay some charges including the true
price of the handset. Since the handset was of a high quality, the market response to the scheme was
phenomenal. Unidentified persons contacted Reliance customers with an offer to change to a lower
priced Tata Indicom scheme. As part of the deal, their phone would be technologically "unlocked" so
that the exclusive Reliance handsets could be used for the Tata Indicom service. Reliance officials
came to know about this "unlocking" by Tata employees and lodged a First Information Report (FIR)
under various provisions of the Indian Penal Code, Information Technology Act and the Copyright
Act. The police then raided some offices of Tata Indicom in Andhra Pradesh and arrested a few Tata
Tele Services Limited officials for reprogramming the Reliance handsets. These arrested persons
approached the High Court requesting the court to quash the FIR on the grounds that their acts did not
violate the said legal provisions. Some of the issues raised by the defence in the case were - It is
always open for the subscriber to change from one service provider to the other service provider; The
subscriber who wants to change from Tata Indicom always takes his handset, to other service
providers to get service connected and to give up Tata services; The handsets brought to Tata by
Reliance subscribers are capable of accommodating two separate lines and can be activated on
principal assignment mobile ( NAM 1 or NAM 2). The mere activation of NAM 1 or NAM 2 by Tata
in relation to a handset brought to it by a Reliance subscriber does not amount to any crime; A
telephone handset is neither a computer nor a computer system containing a computer programmed;
there is no law in force which requires the maintenance of "computer source code". Hence section 65
of the Information Technology Act does not apply. Following were the observations of the Court –
1. As per section 2 of the Information Technology Act, any electronic, magnetic or optical device
used for storage of information received through satellite, microwave or other communication media
and the devices which are programmable and capable of retrieving any information by manipulations
of electronic, magnetic or optical impulses is a computer which can be used as computer system in a
computer network.
2. The instructions or programmed given to computer in a language known to the computer are not
seen by the users of the computer/consumers of computer functions. This is known as source code in
computer parlance.
3. ESN and SID come within the definition of "computer source code" under section 65 of the
Information Technology Act.
4. When ESN is altered, the offence under Section 65 of Information Technology Act is attracted
because every service provider has to maintain its own SID code and also give a customer specific
number to each instrument used to avail the services provided.

10. IMPORTANT JUDGMENTS ON IT ACT.

1. ADMISSIBILITY OF ELECTRONIC-EVIDENCE
i. State v. Mohd. Afzal (2003) SCCONLINE DEL 935; 2003 (0) Supreme(Del) 1027;

The Division Bench of Delhi High Court held that in The last few years of the 20th Century saw rapid
strides in the field of information and technology. The expanding horizon of science and technology
threw new challenges for the ones who had to deal with proof of facts in disputes where advanced
techniques in technology was used and brought in aid. Storage, processing and transmission of data on
magnetic and silicon medium became cost effective and easy to handle. Conventional means of
records and data processing became out dated. Law had to respond and gallop with the technical
advancement. He who sleeps when the sun rises, misses the beauty of the dawn. Law did not sleep
when the dawn of Information and Technology broke on the horizon. World over, statutes were
enacted. Rules relating to admissibility of electronic evidence and its proof were incorporated.”

New Sections 65A and 65B are introduced to the Evidence Act under the Second Schedule to the IT
Act. Section 5 of the Evidence Act provides that evidence can be given regarding only facts that are at
issue or of relevance. Section 136 empowers a judge to decide on the admissibility of the evidence.
New provision Section 65A provides that the contents of electronic records may be proved in
accordance with the provisions of Section 65B. Section 65B provides that notwithstanding anything
contained in the Evidence Act, any information contained in an electronic record (ie, the contents of a
document or communication printed on paper that has been stored, recorded and copied in optical or
magnetic media produced by a computer (‘computer output’)), is deemed to be a document and is
admissible in evidence without further proof of the original’s production, provided that the conditions
set out in Section 65B(2) to (5) are satisfied.

ii. Anvar P.V v. P.K.Basheer & Ors 2015 0 AIR(SC) 180

The Hon’ble Supre Court dealt the conditions for admissibility of electronic evidence. The Hon’ble
Supreme court stated the rules relating to application of law of evidence for admitting electronic
evidence. The Hon’ble Court said, “The evidence relating to electronic record, as noted herein before,
being a special provision, the general law on secondary evidence under Section 63 read with Section
65 of the Evidence Act shall yield to the same. Generally specially non derogant, special law will
always prevail over the general law. It appears, the court omitted to take note of Sections 59 and 65A
dealing with the admissibility of electronic record. Sections 63 and 65 have no application in the case
of secondary evidence by way of electronic record; the same is wholly governed by Sections 65A and
65B. To that extent, the statement of law on admissibility of secondary evidence pertaining to
electronic record, as stated by this court in Navjot Sandhu case, does not lay down the correct legal
position. It requires to be overruled and we do so. An electronic record by way of secondary evidence
shall not be admitted in evidence unless the requirements under Section 65B are satisfied. Thus, in the
case of CD, VCD, chip, etc., the same shall be accompanied by the certificate in terms of Section 65B
obtained at the time of taking the document, without which, the secondary evidence pertaining to that
electronic record, is inadmissible.”

iii. Ajmal Kasab case, (2012) 9 SCC 1; As we saw in the Ajmal Kasab case, terrorists these days
plan all their activities either face-to-face, or through software. Being able to produce transcripts of
internet transactions helped the prosecution case a great deal in proving the guilt of the accused.
iv. State (NCT of Delhi) v. Navjot Sandhu @ Afsan Guru AIR 2005 SC 3820
The links between the slain terrorists and the masterminds of the attack were established only through
phone call transcripts obtained from the mobile service providers.

v. Sivakumar v. State by The Inspector of Police, 2015 0 Supreme(Mad) 2585

The Hon’ble High Court of Madras laid down that without confronting with the witnesses of
electronic evidence, the evidence cannot be appreciated and analyzed. The relevant extracts of the
judgment is as follow:“..In its impugned judgment the trial Court had referred to the electronic
evidence based vide the reports of Forensic Scientists P.Ws.13 and 15. It is alleged that the accused
was bent upon sexually abusing his daughter/P.W.1. There was secret arrangement as between P.Ws.1
and 2 and P.W.2’s brother P.W.14 Charles to record the Cell phone conversation between the accused
and P.W.1 which would expose the sexual advances made by the accused towards P.W.1. PARA : 27
To establish the said aspect, P.Ws.13, 15, M.Os.1 to 4 C.Ds., Cell phone and analysis reports Ex.P11
to P13 have been marked. The trial Court in its judgment referred to them electronic evidence and
also reproduced the transcription of the Cell phone conversation stated to have been transpired
between P.W.1 and the accused and used them as incriminating evidence to convict the accused.
PARA : 28 In this case, P.W.1 the alleged victim girl was examined before the trial Court on
19.3.2013. She turned hostile. She had disowned her complaint. P.W.14 Charles was examined on
19.9.2013. He also turned hostile. Only thereafter on 30.9.2013, P.W.15 Forensic Scientist who
compared and analysed the Cell phone conversation stated to have taken place between P.W.1 and the
accused containing incriminating information has been examined. Thus, there was no occasion to
confront P.Ws.1 and P.W.14 with the said electronic evidence. That part, accused have to be furnished
with the said Forensic report, cassettes and the transcription of the conversation stated to have taken
place between the accused and P.W.1 through Cell phones. PARA : 29 It is pertinent to note that
neither P.W.1 nor P.W.14 were confronted with the said electronic evidence. Only after confronting
them viz., P.W.1 and 14 with the said electronic evidence especially when they have turned hostile
such evidence can be appreciated and analyzed. This is an import aspect to be observed. However, it
was overlooked by the trial Court. Thus, there is no fair trial. In such circumstances, the conclusion
arrived at by the trial Court becomes faulty and vitiated.”

vi. KUNDAN SINGH vs. THE STATE [2015 0 Supreme(Del) 3285]

The appellant challenged his conviction under Section 201 and 404 IPC. On examination of the call
detail records (CDRs, for short) and after examining the video footage of the ATM of the ICICI Bank
at Saket from where money was withdrawn using the ATM card of the deceased, the present appellant
was arrested. The evidence and materials collected during the police investigation including the
recoveries made at the behest of the appellant form the core evidence of the prosecution case. On
examination of the call detail records (CDRs, for short) and after examining the video footage of the
ATM of the ICICI Bank at Saket from where money was withdrawn using the ATM card of the
deceased, the present appellant was arrested. The evidence and materials collected during the police
investigation including the recoveries made at the behest of the appellant form the core evidence of
the prosecution case.

vii. Abdul Rahaman Kunji vs. The State of West Bengal MANU/WB/0828/ 2014 The Hon’ble
High Court of Calcutta while deciding the admissibility of email held that an email downloaded and
printed from the email account of the person can be proved by virtue of Section 65B r/w Section 88A
of Evidence Act. The testimony of the witness to carry out such procedure to download and print the
same is sufficient to prove the electronic communication.

viii. Jagdeo Singh vs. The State and Ors. MANU/DE/0376/2015 In the recent judgment pronounced
by Hon’ble High Court of Delhi, while dealing with the admissibility of intercepted telephone call in a
CD and CDR which were without a certificate u/s 65B Evidence Act, the court observed that the
secondary electronic evidence without certificate u/s 65B Evidence Act is inadmissible and cannot be
looked into by the court for any purpose whatsoever.

ix. Sanjaysinh Ramrao Chavan vs. Dattatray Gulabrao Phalke MANU/SC/0040/ 2015 Relying
upon the judgment of Anvar P.V., while considering the admissibility of transcription of recorded
conversation in a case where the recording has been translated, the Supreme Court held that as the
voice recorder had itself not subjected to analysis, there is no point in placing reliance on the
translated version. Without source, there is no authenticity for the translation. Source and authenticity
are the two key factors for electronic evidence.

x. Som Prakash vs.State Of Delhi AIR 1974 SC 989 1974 Cri. LJ 784
In this case Supreme Court has rightly observed that “in our technological age nothing more primitive
can be conceived of than denying discoveries and nothing cruder can retard forensic efficiency than
swearing by traditional oral evidence only thereby discouraging the liberal use of scientific aids to
prove guilt.” Statutory changes are needed to develop more fully a problem solving approach to
criminal trials and to deal with heavy workload on the investigators and judges.

xi. SIL Import, USA vs. Exim Aides Exporters, Bangalore (1999) 4 SCC 567. In yet another
decision in which use of available technology has been given a real boost, the Supreme Court held
that “Technological advancement like fascimile, Internet, e-mail, etc. were in swift progress even
before the Bill for the Amendment Act was discussed by Parliament. So when Parliament
contemplated notice in writing to be given we cannot overlook the fact that Parliament was aware of
modern devices and equipment already in vogue.”
2. ADMISSIBILITY OF ELECTRONICALLY RECORDED CONVERSATION

In R.M Malkani vs. State of Maharastra AIR 1973 SC 157

Held : this court made it clear that electronically recorded conversation is admissible in evidence, if
the conversation is relevant to the matter in issue and the voice is identified and the accuracy of the
recorded conversation is proved by eliminating the possibility of erasure, addition or manipulation.
This Court further held that a contemporaneous electronic recording of a relevant conversation is a
relevant fact comparable to a photograph of a relevant incident and is admissible as evidence under
Section 8 of the Act. There is therefore no doubt that such electronic record can be received as
evidence.

3. ADMISSIBILITY OF INTERCEPTED TELEPHONE CALLS

State (NCT of Delhi) v Navjot Sandhu AIR 2005 SC 3820

It was Held that an appeal against conviction following the attack on Parliament on December 13
2001, in which five heavily armed persons entered the Parliament House Complex and killed nine
people, including eight security personnel and one gardener, and injured 16 people, including 13
security men. This case dealt with the proof and admissibility of mobile telephone call records. While
considering the appeal against the accused for attacking Parliament, a submission was made on behalf
of the accused that no reliance could be placed on the mobile telephone call records, because the
prosecution had failed to produce the relevant certificate under Section 65B (4) of the Evidence Act.
The Supreme Court concluded that a cross-examination of the competent witness acquainted with the
functioning of the computer during the relevant time and the manner in which the printouts of the call
records were taken was sufficient to prove the call records.

4. EXAMINATION OF WITNESS BY VIDEO CONFERENCE AND ITS ADMISABILITY

i. State of Maharashtra v Dr Praful B Desai AIR 2003 SC 2053

Held : Involved the question of whether a witness can be examined by means of a video conference.
The Supreme Court observed that video conferencing is an advancement of science and technology
which permits seeing, hearing and talking with someone who is not physically present with the same
facility and ease as if they were physically present. The legal requirement for the presence of the
witness does not mean actual physical presence. The court allowed the examination of a witness
through video conferencing and concluded that there is no reason why the examination of a witness
by video conferencing should not be an essential part of electronic evidence.
This Supreme Court decision has been followed in other high court rulings (eg, Amitabh Bagchi v
Ena Baqchi35 More recently, the High Court of Andhra Pradesh in Bodala Murali Krishna v Bodala
Prathima36 held that necessary precautions must be taken to identify the witness and ensure the
accuracy of the equipment being used. In addition, any wishing to avail itself of the facility of video
conferencing must meet the entire expense.

ii. Twentieth Century Fox Film Corporation vs. NRI Film Production Associates (P) Ltd37.
Certain condition for video-recording of evidence has been laid down:
a) Before a witness is examined in terms of the Audio-Video Link, witness is to file an affidavit or an
undertaking duly verified before a notary or a judge that the person who is shown as the witness is the
same person as who is going to depose on the screen. A copy is to be made available to the other side.
b) The person who examines the witness on the screen is also supposed to file an affidavit/
undertaking before examining the witness with a copy to the other side with regard to identification.
c) The witness has to be examined during working hours of Indian Courts. Oath is to be administered
through the media. d) The witness should not plead any inconvenience on account of time difference
between India and USA.
e) Before examination of the witness, a set of plaint, written statement and other documents must be
sent to the witness so that the witness has acquaintance with the documents and an acknowledgement
is to be filed before the Court in this regard.
f) The learned judge is to record such remarks as is material regarding the demur of the witness while
on the screen.
g) The learned judge must note the objections raised during recording of witness and to decide the
same at the time of arguments.
h) After recording the evidence, the same is to be sent to the witness and his signature is to be
obtained in the presence of a Notary Public and thereafter it forms part of the record of the suit
proceedings.
i) The visual is to be recorded and the record would be at both ends. The witness also is to be alone at
the time of visual conference and notary is to certificate to this effect.
j) The learned judge may also impose such other conditions as are necessary in a given set of facts.
k) The expenses and the arrangements are to be borne by the applicant who wants this facility.

iii. Grid Corpn. Of Orissa Ltd. vs. AES Corpn. 2002 AIR (SC) 3435
In this the Supreme Court has ruled in favour of technology and it held that “When an effective
consultation can be achieved by resort to electronic media and remote conferencing it is not necessary
that the two persons required to act in consultation with each other must necessarily sit together at one
place unless it is the requirement of law or of the ruling contract between the parties.” In this case the
contention was that the two arbitrators appointed by the parties should have met in person to appoint
the third arbitrator.

iv. Dasam Vijay Rama Rao Vs. M. Sai Sri (2015) 0 Supreme (AP) 263
Examination of witnesses through internet- in order to curb unnecessary delay in proceedings for the
presence of a person abroad. Latest technology lik e skype can be used to examine a person.

5. ADMISSIBILITY OF EVIDENCE RECORDED ON CD

i. In Jagjit Singh v State of Haryana (2006) 11 SCC 590, the speaker of the Legislative Assembly
of the State of Haryana disqualified a member for defection. When hearing the matter, the Supreme
Court considered the appreciation of digital evidence in the form of interview transcripts from the Zee
News television channel, the Aaj Tak television channel and the Haryana News of Punjab Today
television channel. The Supreme Court of India indicated the extent of the relevance of the digital
materials in Paragraph 25 of his ruling:
“The original CDs received from Zee Telefilms, the true translation into English of the transcript of
the interview conducted by the said channel and the original letter issued by Zee Telefilms and
handed over to Ashwani Kumar on his request was filed on June 23 2004. The original CDs received
from Haryana News channel along with the English translation as above and the original proceedings
of the Congress legislative party in respect of proceedings dated June 16 2004 at 11.30am in the
Committee room of Haryana Vidhan Sabha containing the signatures of three out of four independent
members were also filed.” In Paragraphs 26 and 27 the court went on to indicate that an opportunity
had been given to the parties to review the materials, which was declined. The court determined that
the electronic evidence placed on record was admissible and upheld the reliance placed by the speaker
on the recorded interview when reaching the conclusion that the voices recorded on the CD were
those of the persons taking action. The Supreme Court found no infirmity in the speaker’s reliance on
the digital evidence and the conclusions reached.

ii. Ankur Chawla vs. CBI MANU/DE/2923/ 2014 The Hon’ble High Court of Delhi, while deciding
the charges against accused in a corruption case observed that since audio and video CDs in question
are clearly inadmissible in evidence, therefore trial court has erroneously relied upon them to
conclude that a strong suspicion arises regarding petitioners criminally conspiring with co-accused to
commit the offence in question. Thus, there is no material on the basis of which, it can be reasonably
said that there is strong suspicion of the complicity of the petitioners in commission of the offence in
question.
6. ADMISSIBILITY OF INFORMATION RECORDED IN THE HARD DISC

In Dharambir vs. Central Bureau of Investigation 2008 SCC OnLine Del 336 : (2008) 102 DRJ
299 : (2008) 148 DLT 289 : ILR (2008) 2 Del 842,
The court arrived at the conclusion that when Section 65-B talks of an electronic record produced by a
computer referred to as the computer output, it would also include a hard disc in which information
was stored or was earlier stored or continues to be stored. It distinguished as there being two levels of
an electronic record. One is the hard disc which once used itself becomes an electronic record in
relation to the information regarding the changes the hard disc has been subject to and which
information is retrievable from the hard disc by using a software program. The other level of
electronic record is the active accessible information recorded in the hard disc in the form of a text
file, or sound file or a video file etc. Such information that is accessible can be converted or copied as
such to another magnetic or electronic device like a CD, pen drive etc. Even a blank hard disc which
contains no information but was once used for recording information can also be copied by producing
a cloned had or a mirror image.

7. CLOSED CIRCUIT TELEVISION (CCTV.)

i. State of M.P. v. Dharkole 2004 AIR SCW 6241

As a prelude, it will be appropriate to quote the following passage from the book “Law of Evidence”
by the celebrated author Vepa P. Sarathi (6th Edition, page 208). We quote, “The law, it is said, walks
a respectable distance behind science, but courts try to keep abreast. The criminal is quick to use
science to commit ingenious crimes, and so the police and the courts should be no less innovative; and
courts should always encourage the police to do so and admit the evidence collected by any
innovative method. The law courts can play an important role by-
(1) taking expert evidence to see whether the best scientific methods have been used,
(2) by the Judge scrutinizing the evidence carefully, and
(3) encouraging the scientists, when the evidence is reliable, by giving judicial recognition to his
methods.”
Criminal Justice Delivery System is built upon the episodic memory of witnesses and their capacity to
translate the data stored in their memory into human language, for the purpose of communication and
understanding by the Judge for rendering justice. Episodic memory is broadly described by Prof. Sen
Cheng from RUHR University, Bosch, Germany as “fairly accurate representation of personally
experienced episodes.” To put it in short, the ophthalmic and auditory senses in human beings capture
events and store them as memory in the brain. Thereafter the events can be narrated orally via a
language. That is why, perhaps Jeremy Bentham called Witnesses as “eyes and ears of Justice”.
The capability of the human mind to give its own interpretation to what the eyes saw and what the
ears heard while narrating, cannot be discounted. Universally, Courts have recognized the fact that
there are bound to be exaggerations and embellishments in oral accounts. If five people are asked to
see an event and give an account of it individually, there will not be unanimity in their versions. This
has been scientifically tested and the following passage from Laxman v. State of Maharashtra41 may
be worth extracting, “Before we discuss the evidence further, we may observe that Professor
Munsterberg, in a book called On the Witness Stand (p. 51) cited by Judge Jerome Frank in his Law
and the Modern Mind (1949 ed. p. 106), gives instances of experiments conducted by enacting sudden
unexpected pre-planned episodes before persons who were then asked to write down, soon afterwards,
what they had seen and heard. The astounding result was:
“Words were put into the mouths of men who had been silent spectators during the whole short
episode; actions were attributed to the chief participants of which not the slightest trace existed; and
essential parts of the tragic-comedy were completely eliminated from the memory of a number of
witnesses.”

ii. K. Ramajayam @ Appu v. The Inspector of Police, Maduravoyal Police Station, Chennai.
2016 0 CrLJ 1542;
Held : It is axiomatic that CCTV footage does not suffer such ills and human fragilities, and they are
indubitably superior to human testimony of facts.
iii. Kishan Tripathi @ Kishan Painter v. The State 2016 0 Supreme(Del) 780;
The Delhi High Court has discussed the law relating to admissibility of CCTV footage and
appreciation of the same. The CCTV footage is captured by the cameras and can be stored in the
computer where files are created with serial numbers, date, time and identification marks. These
identification marks/details are self generated and recorded, as a result of pre-existing software
commands. The capture of visual images on the hard disc is automatic in the sense that the video
images get stored and recorded suo-moto when the CCTV camera is on and is properly connected
with the hard disc installed in the computer. There is no need that someone must watch the CCTV
footage when it is being stored and recorded. The recording is a result of commands or instructions,
which had already been given and programmed. The original hard disc, therefore, could be the
primary and the direct evidence. Such primary or direct evidence would enjoy a unique position for
anyone who watches the said evidence would be directly viewing the primary evidence. Section 60 of
the Evidence Act states that oral evidence must be direct, i.e., with reference to the fact which can be
seen, it must be the evidence of the witness, who had seen it, with reference to the fact, which could
be heard, it must be evidence of the witness, who had heard it and if it relates to the fact, which could
be perceived by any other sense or any other manner, then it must be the evidence of the witness, who
says who had perceived it by that sense or by that manner. Read in this light, when we see the CCTV
footage, we are in the same position as that of a witness, who had seen the occurrence, though crime
had not occurred at that time when the recording was played, but earlier. When a judge watches the
CCTV footage with his own eyes as a judge gives you an insight into the real world in the past. When
the court itself watch the CCTV footage, it travels back in time to the time when the occurrence took
place and thereby has seen the occurrence in the same position as that of a witness, who would have
seen the occurrence, if he was present. There cannot be a more direct evidence. This video recording
which captures the occurrence, would be per se and mostly discerningly reliable and compellingly
conclusive evidence, unless its authenticity and genuineness is in question. Per force, we must rule out
any possibility of manipulation, fabrication or tampering. The hard-disk CCTV footage must pass the
integrity test. It is a twofold test, system integrity and record integrity. It is with this over cautious and
pensive approach, that we have to precede our consideration to CCTV footage. The Court should
accept the genuineness and authenticity of
the CCTV footage played before it, for good and sound reasons. System integrity test should be
satisfied by ocular testimonies and other independent witnesses. System while recording CCTV
footage works contemporaneously and stores data.

iv. Tomaso Bruno & another Vs State of UP 2015 1 Supreme 278; 2015 0 Supreme(SC) 48;
Supreme court held that omission to produce CC TV footage which the best evidence raises a serious
doubt about the prosecution case.

8. TAPE RECORDED EVIDENCE

i. In Ram Singh v. Col. Ram Singh 1985 Supp SCC 611 at page 657. The conditions for
admissibility of a tape-recorded statement may be stated as laid down by the court
“(1) The voice of the speaker must be duly identified by the maker of the record or by others who
recognize his voice. In other words, it manifestly follows as a logical corollary that the first condition
for the admissibility of such a statement is to identify the voice of the speaker. Where the voice has
been denied by the maker it will require very strict proof to determine whether or not it was really the
voice of the speaker.
(2) The accuracy of the tape-recorded statement has to be proved by the maker of the record by
satisfactory evidence — direct or circumstantial.
(3) Every possibility of tampering with or erasure of a part of a tape-recorded statement must be ruled
out otherwise it may render the said statement out of context and, therefore, inadmissible.
(4) The statement must be relevant according to the rules of Evidence Act.
(5) The recorded cassette must be carefully sealed and kept in safe or official custody.
(6) The voice of the speaker should be clearly audible and not lost or distorted by other sounds or
disturbances.”
ii. R.M. Malkani v. State of Maharashtra (1973) 1 SCC 471; 1973 SCC (Cri) 399: (1973) 2 SCR
417. This Court observed at page 477 “Tape recorded conversation is admissible provided first that
the conversation is relevant to the matters in issue; secondly, there is identification of the voice; and
thirdly, the accuracy of the tape-recorded conversation is proved by eliminating the possibility of
erasing the tape record. A contemporaneous tape record of a relevant conversation is a relevant fact
and is admissible under Section 8 of the Evidence Act. It is res gestae. It is also comparable to a
photograph of a relevant incident. The tape-recorded conversation is therefore a relevant fact and is
admissible under Section 7 of the Evidence Act.”

iii. Ziyauddin Barhanuddin Bukhari v. Brijmohan Ramdass Mehra (1976) 2 SCC 17

it was held by this Court that tape-records of speeches were “documents”, as defined by Section 3 of
the Evidence Act, which stood on no different footing than photographs, and that they were
admissible in evidence on satisfying the following conditions:
“(a) The voice of the person alleged to be speaking must be duly identified by the maker of the record
or by others who know it.
(b) Accuracy of what was actually recorded had to be proved by the maker of the record and
satisfactory evidence, direct or circumstantial, had to be there so as to rule out possibilities of
tampering with the record.
(c) The subject-matter recorded had to be shown to be relevant according to rules of relevancy found
in the Evidence Act.” Shamsher Singh Verma v. State of Haryana,2015 SCC OnLine SC 1242. In
view of the definition of ‘document’ in Evidence Act, and the law settled down is that the compact
disc is also a document. It is not necessary for the court to obtain admission or denial on a document
under sub-section (1) to Section 294 CrPC personally from the accused or complainant or the witness.
The endorsement of admission or denial made by the counsel for defence, on the document filed by
the prosecution or on the application/report with which same is filed, is sufficient compliance of
Section 294 CrPC. Similarly on a document filed by the defence, endorsement of admission or denial
by the public prosecutor is sufficient and defence will have to prove the document if not admitted by
the prosecution. In case it is admitted, it need not be formally proved, and can be read in evidence. In
a complaint case such an endorsement can be made by the counsel for the complainant in respect of
document filed by the defence.

iv. R.K Anand v. Registrar, Delhi High Court 2009 (10) SCALE 164.
In the interesting case of R.K Anand v. Registrar, Delhi High Court, the original electronic materials
upon which the sting operation by a journalist was based was held not needed to have been taken in
the Court custody. In that case in a sting operation a particular conversation between two persons was
recorded. Based upon the electronic tape recorded conversation played before the Court, contempt
notices came to be issued for subverting and interfering with the course of justice in a criminal trial. In
that case the copies of the original sting recordings were called for and seen by the Court. The original
microchips and the magnetic tapes were allowed to be retained in the custody of the journalist of the
TV channel. Upon the case that was an incorrect and fatal procedure, the Supreme Court considered
the rationale behind it thus: “If the recordings on the microchips were fake from the start or if the
microchips were morphed before notice was issued to the TV channel, those would come to the Court
in that condition and in that case the question whether the microchips were genuine or fake/morphed
would be another issue. But once the High Court obtained their copies there was no possibility of any
tampering with the microchips from that stage. Moreover, the High Court might have felt that the TV
channel with its well equipped studio/laboratory would be a much better place for the handling and
conservation of such electronic articles than the High Court Registry.” Consequently, holding that all
tape recorded conversation must be sealed without considering its intrinsic source or its custody with
a party would be an exercise devoid of application of mind.

10. EVIDENCE FROM CELL PHONES, SIM CARD, CALL DATA RECORD ETC.,

As per definition of term Computers, as provided by Sec. 2(i) of the I.T. Act, mobile phones are
encompassed in the definition of a Computer. Mobile phones are been used for exchange of
information. As per Sec. 2(r) of the I. T. Act, "electronic form", with reference to information, means
any information generated, sent, received or stored in media, magnetic, optical, computer memory,
micro film, computer generated micro fiche or similar device. Thus any information shared on the
mobile phone though it may be talks, text or entry of information they are encompassed in the
purview of the I. T. Act.

i. Mohd. Arif v. State (NCT of Delhi) (2011) 13 SCC 621: (2012) 2 SCC (Cri) 766.
The Apex Court discussed the functioning of SIM card and mobile handset in order to explain how
details of calls made/received on mobile number and approximate location of a mobile user can be
ascertained on the basis of data available in computer of telecom service provider. It can be used in
determination of movement/location of a person on the basis of mobile phone possessed by him based
on the call detail records (CDR). An active mobile phone has two components i.e. the mobile
instrument and the SIM card. Every mobile instrument has a unique identification number, namely,
instrument manufactured equipment identity (for short “IMEI number”). Such SIM card could be
provided by the service providers either with cash card or post-paid card to the subscriber and once
this SIM card is activated the number is generated which is commonly known as mobile number. The
mobile service is operated through a main server computer called mobile switching centre which
handles and records each and every movement of an active mobile phone like day and time of the call,
duration of the call, calling and the called number, location of the subscriber during active call and the
unique IMEI number of the instrument used by the subscriber during an active call. This mobile
switching centre manages all this through various sub-systems or sub-stations and finally with the
help of telephone towers. These towers are actually base trans-receiver stations also known as BTS.
Such BTS covers a set of cells each of them identified by a unique cell ID. A mobile continuously
selects a cell and exchanges data and signaling traffic with the corresponding BTC. Therefore,
through a cell ID the location of the active mobile instrument can be approximated.

ii. Prashant Bharti v. State (NCT of Delhi) (2013) 9 SCC 293; (2013) 3 SCC (Cri) 920.
The complainant/prosecutrix in her first complaint dated 16-2-2007 had alleged that the appellant-
accused had called her on her phone at 8.45 p.m. and asked her to meet him at Lodhi Colony, New
Delhi. When she reached there, he drove her around in his car. He also offered her a cold drink
(Pepsi) containing a poisonous/intoxicating substance. Having consumed the cold drink, she is stated
to have felt inebriated, whereupon, he took advantage of her and started misbehaving with her, and
also touched her breasts. Insofar as the instant aspect of the matter is concerned, the presence of the
complainant/prosecutrix, as well as the appellant-accused, at the alleged place of occurrence (Lodhi
Colony, New Delhi), on the night of 15-2-2007 after 8.45 p.m., has been established to be false on the
basis of mobile phone call details of the parties concerned. The proof of the aforesaid factual matter
must be considered to be conclusive for all intents and purposes, specially, in view of the observations
made by the Supreme Court in Gajraj v. State (NCT of Delhi) [(2011) 10 SCC 675; (2012) 1 SCC
(Cri) 73] wherein it was held as under: (SCC p. 681, para 19) ..We are satisfied, that the process, by
which the appellant-accused came to be identified during the course of investigation, was legitimate
and unassailable.

iii. Societe Des Products Nestle S.A. v. Essar Industries, 2006 SCC OnLine Del 1675: (2006) 33
PTC 469.
The IMEI number of the handset, from which the appellant-accused was making calls by using a
mobile phone (SIM) registered in his name, being evidence of a conclusive nature, cannot be
overlooked on the basis of such like minor discrepancies. In fact even a serious discrepancy in oral
evidence would have had to yield to the aforesaid [authentic digital evidence which is a by-product of
machine operated electronic record having no manual interference.

iv. State (NCT of Delhi) v. Navjot Sandhu alias Afsan Guru53 ,

53 (2005) 11 SCC 600
a two-Judge Bench of this Court had an occasion to consider an issue on production of electronic
record as evidence. While considering the printouts of the computerized records of the calls pertaining
to the cell phones, it was held at Paragraph-150 as follows:
“150. According to Section 63, secondary evidence means and includes, among other things, “copies
made from the original by mechanical processes which in themselves insure the accuracy of the copy,
and copies compared with such copies”. Section 65 enables secondary evidence of the contents of a
document to be adduced if the original is of such a nature as not to be easily movable. It is not in
dispute that the information contained in the call records is stored in huge servers which cannot be
easily moved and produced in the court. That is what the High Court has also observed at para 276.
Hence, printouts taken from the computers/servers by mechanical process and certified by a
responsible official of the service-providing company can be led in evidence through a witness who
can identify the signatures of the certifying officer or otherwise speak of the facts based on his
personal knowledge. Irrespective of the compliance with the requirements of Section 65-B, which is a
provision dealing with admissibility of electronic records, there is no bar to adducing secondary
evidence under the other provisions of the Evidence Act, namely, Sections 63 and 65. It may be that
the certificate containing the details in sub-section (4) of Section 65-B is not filed in the instant case,
but that does not mean that secondary evidence cannot be given even if the law permits such evidence
to be given in the circumstances mentioned in the relevant provisions, namely, Sections 63 and 65.”

11. CYBER CRIME JURISDICTION

i. SMC Pneumatics (India) Pvt. Ltd. v. Jogesh Kwatra

55 Suit No. 1279/2001. This case is still pending. Sited from “Ascertaining Cyber Jurisdiction in
Cyber Space: Jurisprudential Understanding and A Comparative Analysis” published by AIR Journal
and available at http://www.allindiareporter.in/ articles/index.php?article=1022 and orders available
on Delhi High Court website http://www.delhihighcourt.nic.in/dhc_ case_status_list_new.asp. The
Delhi High Court assumed jurisdiction where a corporate reputation was being defamed through e-
mails. Further, the Act also provides for extension of the Code to extra-territorial offences. The
provisions of this Code apply also to any offence committed by any person in any place without and
beyond India committing offence targeting a computer resource located in India. It further defines the
word “offence” includes every act committed outside India which, if committed in India, would be
punishable under this Code

ii. The Apex Court in Modi Entertainment Network and anr v. W.S.G. Cricket Pvt. Ltd.
AIR 2003 SC 1177
Held that It is a common ground that the courts in India have power to issue anti-suit injunction to a
party over whom it has personal jurisdiction, in an appropriate case. This is because courts of equity
exercise jurisdiction in persona. However, having regard to the rule of comity, this power will be
exercised sparingly because such an injunction though directed against a person, in effect causes
interference in the exercise of jurisdiction by another court.

iii. The Supreme Court in Kusum Ingots & Alloys Limited v. Union of India and Anr (2004) 6
SCC 254. To advance the proposition that even if a small part of the cause of action arises within the
territorial jurisdiction of the High Court, the same by itself may not be considered to be a
determinative factor compelling the High Court to decide the matter on merits. In appropriate cases,
the Court may refuse to exercise its discretionary jurisdiction by invoking the doctrine of forum
convenience. The tests usually applied by American Courts for the exercise of personal jurisdiction
over non-resident defendants are (a) existence of sufficient minimum contacts with the forum state (b)
claim asserted must arise out of the contact (c) exercise of jurisdiction must be reasonable and (d)
effect test.

iv. Indian Case Laws vis-à-vis E-commerce

Unlike US Courts, courts in India are not frequently confronted with the issue of jurisdiction in matter
relating to cyber space. In Casio India Co. Ltd V. Ashita Tele Systems Pvt Ltd 2003 27 PTC 265
Delhi, Delhi High Court held that once a web site can be accessed from Delhi, it is enough to invoke
the territorial jurisdiction of the Court. It is further held in India TV Independent News Service Pvt
Ltd V. India Broadcast Live LLC 2007 35 PTC 177 Delhi, that the mere fact that a website is
accessible in a particular place may not itself be sufficient for the courts of that place to exercise
personal jurisdiction over the owners of the website. However, where the website is not merely
passive but it is interactive permitting the browsers to not only access the contents thereof but also to
subscribe to the services provided by the owners, then the position would be different.

v. National Association of Software and Service Companies vs. Ajay Sood & Others
119 (2005) DLT 596, 2005 (30) PTC 437 Del
the defendants were operating a placement agency involved in `head-hunting' and recruitment. In
order to obtain personal data which they could use for head-hunting, the defendants composed and
sent emails to third parties in NASSCOM's name. Court granted Injunction and Rs. 16 lakhs as
damages.

vi. SMC Pneumatics (India) Private Limited v. Jogesh Kwatra

Delhi High Court in SMC Pneumatics (India) Private Limited v. Jogesh Kwatra granted an injunction
and restrained the employee from sending, publishing and transmitting emails which are defamatory
or derogatory to the plaintiffs.

vii. Syed Asifuddin & Ors V State of Andhra Pradesh & another 2005 CrLJ4314 (AP)
-Employees of a Appellant mobile services company lured the customers of the above company to
alter / tamper with the special (locking) computer program / technology so that the hand-set can be
used with the competing mobile services. Held: such tampering is an offence u/s 65 of IT Act as well
as Copyright infringement u/s 63 of Copyrights Act.

Viii. Casio India Co. Limited v. Ashita Tele Systems Pvt. Limited 2003 (27) P.T.C. 265 (Del.)
(India), overruled by Banyan Tree Holding (P) Limited v. A. Murali Krishna Reddy, CS(OS)
894/2008 (High Court of Delhi, 23rd November 2009) (India). was a passing off action where the
defendant was carrying on business from Bombay. The defendant had managed to get a registration of
domain name www.casioindia.com and defendant no. 2 was the Registrar with whom the domain
name had been registered. The plaintiff, on the other hand, claimed to be a 100% subsidiary of Casio
Computer Ltd., Japan (Casio Japan), which was the registered owner of the trade mark ‘Casio’ in
India used for a large number of electronic and other products. He had registered a large number of
domain names in India like ‘CasioIndiaCompany.com’, ‘CasioIndia.org’, ‘CasioIndia.net’, etc.
Defendant No. 1 had obtained the above domain names during the time when it held a distributorship
agreement with the plaintiff. It was held by the learned single Judge after referring to the decisions in
Rediff Communication Ltd66. v. Cyber Booth and Dow Jones & Co. Inc. v. Gutnick67 that “once
access to the impugned domain name website could be had from anywhere else, the jurisdiction in
such matters cannot be confined to the territorial limits of the residence of the defendant.” According
to the learned single Judge, since a mere likelihood of deception, whereby an average person is likely
to be deceived or confused was sufficient to entertain an action for passing off, it was not at all
required to be proved that “any actual deception took place at Delhi. Accordingly, the fact that the
website of Defendant No. 1 can be accessed from Delhi is sufficient to invoke the territorial
jurisdiction of this Court.”

ix. Banyan Tree Holding (P) Limited v. A. Murali Krishna Reddy68

69 AIR 1964 Madras 527
Delhi HC overruling its prior Caiso judgment held that for the purposes of a passing off action, or an
infringement action where the plaintiff is not carrying on business within the jurisdiction of a court,
and in the absence of a long-arm statute, in order to satisfy the forum court that it has jurisdiction to
entertain the suit, the plaintiff would have to show that the defendant ‘purposefully availed’ itself of
the jurisdiction of the forum court. For this it would have to be prima facie shown that the nature of
the activity indulged in by the defendant by the use of the website was with an intention to conclude a
commercial transaction with the website user and that the specific targeting of the forum state by the
defendant resulted in an injury or harm to the plaintiff within the forum state.
x. P.R. Transport Agency Vs. Union of India (UOI)
Bharat Coking Coal Ltd (BCC) held an e-auction for coal in different lots. P.R. Transport Agency's
(PRTA) bid was accepted for 4000 metric tons of coal from Dobari Colliery. The acceptance letter
was issued on 19th July 2005 by e-mail to PRTA's e-mail address. Acting upon this acceptance,
PRTA deposited the full amount of Rs. 81.12 lakh through a cheque in favour of BCC. This cheque
was accepted and encashed by BCC. BCC did not deliver the coal to PRTA. Instead it e-mailed PRTA
saying that the sale as well as the e-auction in favour of PRTA stood cancelled "due to some technical
and unavoidable reasons". The only reason for this cancellation was that there was some other person
whose bid for the same coal was slightly higher than that of PRTA. Due to some flaw in the computer
or it’s programmed or feeding of data the higher bid had not been considered earlier. This
communication was challenged by PRTA in the High Court of Allahabad. BCC objected to the
"territorial jurisdiction" of the Court on the grounds that no part of the cause of action had arisen
within U.P. The communication of the acceptance of the tender was received by the petitioner by e-
mail at Chandauli (U.P.). Hence the contract (from which the dispute arose) was completed at
Chandauli (U.P). The completion of the contract is a part of the "cause of action'. The place where the
contract was completed by receipt of communication of acceptance is a place where 'part of cause of
action' arises. The Court observed
1. In reference to contracts made by telephone, telex or fax, the contract is complete when and where
the acceptance is received. However, this principle can apply only where the transmitting terminal and
the receiving terminal are at fixed points.
2. In case of e-mail, the data (in this case acceptance) can be transmitted from anywhere by the e-mail
account holder. It goes to the memory of a 'server' which may be located anywhere and can be
retrieved by the addressee account holder from anywhere in the world. Therefore, there is no fixed
point either of transmission or of receipt.
3. Section 13(3) of the Information Technology Act has covered this difficulty of "no fixed point
either of transmission or of receipt". According to this section "...an electronic record is deemed to be
received at the place where the addressee has his place of business."
4. The acceptance of the tender will be deemed to be received by PRTA at the places where it has
place of business. In this case it is Varanasi and Chandauli (both in U.P.)

The acceptance was received by PRTA at Chandauli / Varanasi. The contract became complete by
receipt of such acceptance. Both these places are within the territorial jurisdiction of the High Court of
Allahabad. Therefore, a part of the cause of action has arisen in U.P. and the court has territorial
jurisdiction.

12. REVIEW
New multimedia technology and internet have become part our daily life in contemporary society and
have made life easier, quicker and cheaper. Computers are not only useful for communication and
information processing but also useful for typing, editing, drawing, copying, printing, musical
purposes, microwave, door keys, remote car driving, to use as remote control, in the form of wireless,
mobile phone and so on with ever increasing utility around human society. Such tremendous utility of
Information and Communication Technology (ICT) encouraged the terrorists and other deviants in
society to use it sometimes as their tool and sometimes as targets to fulfill their ends.

Cyber terrorism is a kind of cyber threat using new technology. It is national as well as international
challenge. Warfare is one way of cyber terrorism by which one nation attacks other nations through
information way (I-way). That may be called as net war. International terrorists attack using websites
and controlling network i.e., A1-Qaida’a websites http://www.mojahedoon.net which has link with
Osama Bin Laden, attack on Indian Parliament on 13th December, 2001 by making false gate pass
from internet, 11th September, 2001 attack on WTO and Pentagon controlling network of airway,
16th December, 2005 e-mail threat to attack Indian Parliament and US consulate are examples of
cyber terrorism in India. Internet becomes a way to engage in War. That is why cyber war or net war
may be called War in the Information Way or I-Way.
For prevention and control of cyber crime the national internet security standards must be strong and
of world standard. Especially the Government agencies must choose LAN (Local Area Network) for
internal communications and they must adopt their own secret and confidential fiber method about
their activities to fight against virus, worm, denial of service attack, attack hacking in net ways which
are possible tools and modes of cyber terrorism. Other most important techniques required preventing
and control attack by terrorists in cyberspace is regular updating of antivirus software, changing
passwords and updating of operating system.

Very important need of the day is awareness, information technology education and training among
people who use net and government agencies and even who use non-governmental computer system.
The IT Act, 2000 indirectly prohibits cyber terrorism. But in this regard we need specific and clear
law with specific definition of cyber terrorism, legal provisions with specific punishments keeping
International and jurisdictional aspects in mind in the era of Global communication convergence and
mobile technology.

