IT ACT 2000

NEED FOR CYBER LAWS

• Due to the anonymous nature of the Internet, it is
possible to engage into a variety of criminal activities
with impunity and people with intelligence, have been
grossly misusing this aspect of the Internet to
perpetuate criminal activities in cyberspace.
• Increase in the number of e-transactions and e-
contracts
• Also the number of users are increasing rapidly.
 Background
• Cyber law is a system of law and regulation for the
cyber space. Simply speaking, cyber law is a generic
term which refers to all the legal and regulatory
aspects of internet and the world wide web.
• The cyber law of India is defined under IT Act.
• Based on the UN UNCITRAL “Model Law on
Electronic Commerce” adopted by General Assembly
in 1997
• India became the 12th nation in the world to enact a
Cyber law.
 IT Act, 2000
• The Indian Parliament enacted the Act
called the Information Technology Act,
2000, which is effective from October 17,
2000.
• This Act is based on the Resolution
A/RES/51/162 adopted by the General
Assembly of the United Nations on 30th
January, 1997 regarding the Model Law on
Electronic Commerce earlier adopted by
the UN Commission on International Trade
Law (UNCITRAL) in its twenty-ninth session.
 IT Amendment Act, 2008
• This Act may be called the Information Technology Act, 2000.
[As Amended by Information technology (Amendment) Act
2008]. Information Technology (Amendment) Bill 2006 was
amended by Information Technology Act Amendment Bill 2008
and in the process, the underlying Act was renamed as
Information Technology (Amendment) Act 2008 herein after
referred to as ITAA 2008.
• Information Technology Act 2000 was amended on December
2008 as the IT (Amendment) Act, 2008 and notified for
implementation from 27th October 2009.
 IT Act 2000 Objectives
 Legal Recognition for E-Commerce - Carried out by
means of electronic data interchange, and other
means of electronic communication, commonly
referred to as "electronic commerce“
 Digital Signatures and Regulatory Regime.
 Electronic Documents at par with paper documents
 E-Governance - To facilitate electronic filing of
documents with Government agencies and E-
Payments
 Electronic Filing of Documents
 IT Act 2000 Objectives (cont..)
 Amend certain Acts
 Indian Penal Code,
 Indian Evidence Act,1872,
 the Banker’s Books Evidence Act 1891,
 Reserve Bank of India Act ,1934
 Define Civil wrongs, Offences, punishments
 Iinvestigation, Adjudication
 Appellate Regime
 IT ACT, 2000 – ENABLES

• Legal recognition of digital signature is at par

with the handwritten signature
• Electronic Communication by means of
reliable electronic record
• Acceptance of contract expressed by
electronic means
• Electronic filing of documents
• Retention of documents in electronic form
 Extent of application
• Extends to whole of India and also applies to any offence
or contravention there under committed outside India by
any person {section 1 (2)} read with Section 75

• Section 75 - Act applies to offence or contravention

committed outside India by any person irrespective of his
nationality, if such act involves a computer, computer
system or network located in India

• The Act contains 90 sections, divided in 13 chapters

and 4 schedules.
Sec (4):Excluded from the purview of the IT Act
a) a negotiable instrument (other than a cheque) as defined
in section 13 of the Negotiable Instruments Act, 1881;
b) a power-of-attorney as defined in section 1A of the
Powers-of-Attorney Act, 1882;
c) a trust as defined in section 3 of the Indian Trusts Act,
1882;
d) a will as defined in clause (h) of section 2 of the Indian
Succession Act, 1925 including any other testamentary
disposition
e) any contract for the sale or conveyance of immovable
property or any interest in such property;
f) any such class of documents or transactions as may be
notified by the Central Government
 Chapters in the Act
No. Title Description
1. Preliminary Definitions of terms used in the rest of the document

2. Digital Signature Very brief authorization for use of digital signatures

for electronic records
3. Electronic Provides for the legal recognition of electronic
Governance records – especially by Govt. agencies
4. Attribution, Discusses when an electronic message shall be
Acknowledgement, considered to be “sent” and when it will be
and Despatch of considered to be “received”
Electronic Records
5. Secure Electronic Discusses (a bit vaguely) what is considered as
Records and Secure “secure” electronic records and digital signatures
Digital Signatures
6. Regulation of Discusses who can be appointed as a CA, and what
Certifying Authorities their responsibilities and authorities are
 Chapters in the Act
No. Title Description
7. Digital Signature Who can issue Digital Certificates, and what they
Certificates should contain and rules for revocation
8. Duties of Subscribers Generation or acceptance of the key pair, and
reasonable care for securely using it
9. Penalties and Examples : Penalties for damage to computer
Adjudication systems – Rs. 1 crore
Failure to furnish information – Rs. 1,50,000
Failure to maintain records – Rs. 10,000 per day
Residuary penalty – Rs. 25,000
10. Cyber Regulations Establishment, composition and powers of a Cyber
Appellate Tribunal Appellate Tribunal to adjudicate in matters related to
this Act.

11. Offences Tampering with computer source documents – 3

years imprisonment, or fine of Rs. 2 lakhs or both
Hacking with computer system – as above
Publishing of obscene information – as above
 Chapters in the Act

No. Title Description

12. Network Service If offence committed without his knowledge or due
Providers not to be diligence was exercised.
Liable in Certain Cases
13. Miscellaneous Power of police officer
Offences by companies (imp)
Power of Central and State Governments
 Schedules in the Act
• The First Schedule – Amendments to the Indian Penal Code,
1860
• Primarily related to changes of the word “document” to
“document and electronic record”
• The Second Schedule – Amendment to the Indian Evidence
Act, 1872
• Admissibility of electronic evidence
• The Third Schedule – Amendment to the Banker’s Book
Evidence Act, 1891
• Definition of “banker’s books” expanded to include
electronic records i.e. legal sanctity for books of accounts
maintained in electronic form
• The Fourth Schedule – Amendment to the RBI Act, 1934
• Regulation of fund transfer through electronic means
Cyber Laws: The Concept of Cyber Contravention and
Cyber Offences

The Information Technology Act, 2000 is a regulating

Act as it regulates cyber crimes. As stated above,
cyber crime is a collective term encompassing both
‘cyber contraventions’ and ‘cyber offences’. The Act
not only demarcates contraventions from offences,
but also provides a separate redressal mechanism for
both.
 Cyber Contraventions

A mere unauthorized access to a computer, computer

system or computer network may amount to cyber
contravention
Cyber Offences

It is the specific criminal violation that resulted from

the unauthorized access to a computer, computer
system or computer network or computer resource
that has to be taken into consideration
 The classification of cyber contraventions and cyber
offences is as follows

Cyber Contraventions Cyber Offences

Covered under Sections 43 (a) to (h) of the Covered under [Section 65-74] of the Act,
Act, this deals with illegal access to this deals with serious cyber crimes related
computer system or network. to computer system and network.
May result in civil prosecution May result in criminal prosecution
The punishment may range from payment May result in criminal prosecution and the
of compensation or penalty. offender may be punished with
imprisonment or heavy fine.
Power to investigate any contravention lies Power to investigate any offence lies with
with the Adjudicating Officer, Controller or the police officer not below the rank of
any officer authorized by him DSP
 Civil Wrongs under IT Act = Cyber Contraventions
Chapter IX of IT Act, Section 43
If any person without permission of the owner or any other person
who is incharge of a computer, computer system or computer
network

a) Accesses or secures access to such computer, computer system

or computer network or computer resource (ITAA2008)
b) downloads, copies or extracts any data, computer data base or
information from such computer, computer system or
computer network including information or data held or stored
in any removable storage medium;
c) introduces or causes to be introduced any computer
contaminant or computer virus into any computer, computer
system or computer network;
 Chapter IX of IT Act, Section 43

d) damages or causes to be damaged any computer, computer

system or computer network, data, computer database or any
other programs residing in such computer, computer system or
computer network;
e) disrupts or causes disruption of any computer, computer
system or computer network
f) denies or causes the denial of access to any person authorised
to access any computer, computer system or computer
network by any means;
g) provides any assistance to any person to facilitate access to a
computer, computer system or computer network in
contravention of the provisions of this Act
 Chapter IX of IT Act, Section 43

h) charges the services availed of by a person to the account of

another person by tampering with or manipulating any
computer, computer system, or computer network,
i) destroys, deletes or alters any information residing in a
computer resource or diminishes its value or utility or affects it
injuriously by any means (Inserted vide ITAA - 2008)
j) Steals, conceals, destroys or alters or causes any person to
steal, conceal, destroy or alter any computer source code used
for a computer resource (Inserted vide ITAA 2008)
 Section 65 of IT Act
65. Tampering with computer source documents
– Whoever knowingly or intentionally conceals, destroy, or
alter any computer source code used for a computer,
computer program, computer system or computer network,
– Or knowingly causes another to conceal, destroy or alter any
computer source code used for a computer, computer
programme, computer system or computer network,
• when the computer source code is required to be kept or
maintained by law for the time being in force,
• shall be punishable with imprisonment up to three years, or
with fine which may extend up to two lakh rupees, or with
both.
 Section 66 of IT Act
Computer Related Offences (Substituted vide ITAA
2008)
– If any person, dishonestly, or fraudulently, does any act
referred to in section 43, he shall be punishable with
imprisonment for a term which may extend to two three
years or with fine which may extend to five lakh rupees or
with both.
Mens Rea = As an element of criminal responsibility, a guilty
mind; a guilty or wrongful purpose; a criminal intent

‘With the intent to cause, or knowing that the act is likely to

cause wrongful loss or damage’
Case - Kumar Vs Whiteley – Deny access to authorized users
 Section 66A of IT Act
66-A Punishment for sending offensive messages through
communication service, etc. ( Introduced vide ITAA 2008)
• Any person who sends, by means of a computer resource or a
communication device,-
a) any information that is grossly offensive or has menacing
character
b) any information which he knows to be false, but for the purpose
of causing annoyance, inconvenience, danger, obstruction, insult,
injury, criminal intimidation, enmity, hatred, or ill will,
persistently makes by making use of such computer resource
c) Any electronic mail message for the purpose of causing
annoyance or inconvenience or to deceive or to mislead the
addressee or recipient about the origin of such messages
• shall be punishable with imprisonment up to three years
 Section 66A of IT Act
66-A Punishment for sending offensive messages through
communication service, etc. ( Introduced vide ITAA 2008)

Cases
• Email to blow up Andheri railway station
• Profile of former President of India posted
• Jadavpur University professor – Ambikesh Mahapatra
• Bal Thackeray’s Funeral
Don’t register FIR u/s 66-A of IT Act
IN THE SUPREME COURT OF INDIA
CRIMINAL/CIVIL ORIGINAL JURISDICTION
WRIT PETITION (CRIMINAL) NO.167 OF 2012

SHREYA SINGHAL … PETITIONER

VERSUS
UNION OF INDIA … RESPONDENT

ORDER DATED 24.03.2015

Section 66A of the Information Technology Act, 2000 is

struck down in its entirety being violative of Article
19(1)(a) and not saved under Article 19(2)
 Is Ethical Hacking an offence under the Act ?

• The Act does not distinguish between hacking and

ethical hacking. Both Hacking & ethical hacking could
be treated as computer related offences as
articulated under section 66 of IT Act
 Section 66B of IT Act
66-B Punishment for dishonestly receiving stolen computer
resource or communication device (Inserted Vide ITA 2008)

• Whoever dishonestly receives or retains any stolen computer

resource or communication device knowing or having reason
to believe the same to be stolen computer resource or
communication device,

• shall be punished with imprisonment of either description for

a term which may extend to three years or with fine which
may extend to rupees one lakh or with both.
 Section 66C of IT Act
66-C Punishment for identity theft. (Inserted Vide ITA 2008)

• Whoever, fraudulently or dishonestly make use of the

electronic signature, password or any other unique
identification feature of any other person,

• shall be punished with imprisonment of either description for

a term which may extend to three years and shall also be
liable to fine which may extend to rupees one lakh.

• Case : Vinod Kaushik v Madhvika Joshi

• Fake facebook profiles
 Section 66D of IT Act
66-D Punishment for cheating by personation by using
computer resource (Inserted Vide ITA 2008)

• Whoever, by means of any communication device or

computer resource cheats by personation,
• Shall be punished with imprisonment of either
description for a term which may extend to three
years and shall also be liable to fine which may extend
to one lakh rupees.
Case : Unclaimed Money
 Section 66E of IT Act
66E. Punishment for violation of privacy. (Inserted Vide ITA
2008)
• Whoever, intentionally or knowingly captures, publishes or
transmits the image of a private area of any person without
his or her consent, under circumstances violating the privacy
of that person,
• shall be punished with imprisonment which may extend to
three years or with fine not exceeding two lakh rupees, or
with both

• Cases – MMS Scandals

• Morphing of Images
 Section 66F of IT Act
66F. Punishment for cyber terrorism
(1) Whoever,-
(A) with intent to threaten the unity, integrity, security or sovereignty of
India or to strike terror in the people or any section of the people by
(i) denying or cause the denial of access to any person authorized to
access computer resource; or
(ii) attempting to penetrate or access a computer resource without
authorisation or exceeding authorized access; or
(iii) introducing or causing to introduce any Computer Contaminant.

and by means of such conduct causes or is likely to cause death or

injuries to persons or damage to or destruction of property or disrupts
or knowing that it is likely to cause damage or disruption of supplies or
services essential to the life of the community or adversely affect the
critical information infrastructure specified under section 70, or
 Section 66F of IT Act
66F. Punishment for cyber terrorism
(B) knowingly or intentionally penetrates or accesses a computer resource
without authorisation or exceeding authorized access, and by means of such
conduct obtains access to information, data or computer database that is
restricted for reasons of the security of the State or foreign relations; or any
restricted information, data or computer database, with reasons to believe
that such information, data or computer database so obtained may be used
to cause or likely to cause injury to the interests of the sovereignty and
integrity of India, the security of the State, friendly relations with foreign
States, public order, decency or morality, or in relation to contempt of court,
defamation or incitement to an offence, or to the advantage of any foreign
nation, group of individuals or otherwise, commits the offence of cyber
terrorism.
(2) Whoever commits or conspires to commit cyber terrorism shall be
punishable with imprisonment which may extend to imprisonment for life’.
 Section 67 Of IT Act
67. Publishing of information which is obscene in electronic form.-

– Whoever publishes or transmits or causes to be published in

the electronic form, any material which is lascivious or appeals
to the prurient interest or if its effect is such as to tend to
deprave and corrupt persons who are likely to read, see or hear
the matter contained or embodied in it,
– shall be punished on first conviction with imprisonment of
either description for a term which may extend to two three
years and with fine which may extend to five lakh rupees and
in the event of a second or
– subsequent conviction with imprisonment of either
description for a term which may extend to five years and also
with fine which may extend to ten lakh rupees.
 Case
• Famous Baazee (now eBay India) CEO arrest case

– Two school kids record a pornographic clip on their mobile

phone, and share it as an MMS
– An IIT student receives the clip and posts it on Baazee.com
(the Indian arm of Ebay) for auction
– When this is discovered, the Delhi Cyber Crime Cell arrests:
• Mr. Avnish Bajaj, Director of Bazee
• The IIT student who posted the clip
• The juvenile who was in the clip
– Section 67 “Publishing of information which is obscene in
electronic form” is invoked