Cybercrime And The Information Technology Act
With the advent of technology and e-commerce, we have come across various means and modes to easily achieve what we require with the mere click of a button, be it house hunting or buying grocery. Increase in the use of computers has led to the expansion and growth of information technology, as a result of which people were introduced to the...
With the advent of technology and
e-commerce, we have come across
various means and modes to easily
achieve what we require with the mere
click of a button, be it house hunting
or buying grocery. Increase in the use of computers
has led to the expansion and growth of information
technology, as a result of which people were introduced
to the "Internet". However, as Internet became the
most preferred mode for transactions, accessing data,
information storage, research, and so on, it also led to
various cybercrimes which were a result of misuse of
technology and cyberspace.
Cybercrimes may be broadly described as crimes
committed through the misuse of computers and
Internet where a computer can be used as a tool or
target. Examples of a computer being used as a target
are Hacking, transmitting a virus, and so on. Similarly,
examples of a computer being used as a tool are credit
card fraud, cyber terrorism, and intellectual property
crimes.
Importance of cyber security
As rightly said by Fred Langa,
"Just as drivers who share the road must also share
responsibility for safety, we all now share the same global
network, and thus must regard computer security as a
necessary social responsibility. To me, anyone unwilling
to take simple security precautions is a major, active part
of the problem."
Initially, there was no statutory law in India that
regulated cyberspace. With ever-increasing cybercrimes,
it was important to have preventive action and necessary
statutory laws, rules, and regulations in place for the
protection of society at large against such crimes.
Hence, the Parliament passed the
"INFORMATION
TECHNOLOGY ACT, 2000"
in India, which governs cyber
laws (including e-commerce and e-banking) and provides
punishments and penalties for cybercrimes. This Act was
further amended in 2008
("IT Act").
The main objective of the IT Act provided in the preface
is "to provide legal recognition for transactions carried
out by means of electronic data interchange and other
means of electronic communication, commonly referred
to as 'electronic commerce', which involve the use of
alternatives to paper-based methods of communication
and storage of information, to facilitate electronic filing
of documents with the government agencies and further
to amend the Indian Penal Code; the Indian Evidence
Act, 1872; the Bankers' Books Evidence Act, 1891; and
the Reserve Bank of India Act, 1934 and for matters
connected therewith or incidental thereto."
Some important provisions in the IT Act governing
precautionary measures taken for the prevention of
cybercrimes are covered under chapters IX, X, and XI.
Chapter IX of the IT Act specifies penalties and adjudication
pertaining to various offenses, such as penalties for damage
to computers, computer systems, compensation for failure
to protect data, penalty for failure to furnish information,
return, residuary penalty, and so on. This chapter further
provides the power to adjudicate to an officer appointed by
the central government not below the rank of a Director to
the Government of India or an equivalent officer of the state
government.
Chapter X provides for the establishment of the Cyber
Appellate Tribunal (CAT). An aggrieved person can make
an appeal against the orders of the adjudicating officer as
aforesaid to the CAT. Furthermore, any person aggrieved by
any decision or order of this tribunal may file an appeal to
a high court on any question of fact or law arising out of
such order.
Chapter XI of the Act provides punishments for various
offenses, such as tampering with computer source
documents, offenses related to computers, identity
theft, cyber terrorism, and so on. These offenses shall be
investigated only by a police officer not below the rank of
the Deputy Superintendent of Police.
A landmark judgment was given by the Supreme Court of
India in Shreya Singhal vs. Union of India, wherein the
validity of various provisions of the IT Act was considered,
particularly the constitutional validity of Section 66A of
the IT Act. Section 66A of the IT Act provides punishment
for sending offensive messages through communication
services and is reproduced as follows:
"Any person who sends, by means of a computer resource or
a communication device,
(a)
any information that is grossly offensive or has
menacing character, or
(b)
any information which he knows to be false, but for the
purpose of causing annoyance, inconvenience, danger,
obstruction, insult, injury, criminal intimidation,
enmity, hatred, or ill will, persistently by making use of
such computer resource or a communication device,
(c)
any electronic mail or electronic mail message for the
purpose of causing annoyance or inconvenience or to
deceive or to mislead the addressee or recipient about
the origin of such messages shall be punishable with
imprisonment for a term which may extend to three
years and with a fine.
Explanation:- For the purposes of the section, term
"Electronic mail" and "Electronic Mail Message" means a
message or information created or transmitted or received
on a computer, computer system, computer resource, or
communication device including attachments in text,
image, audio, video, and any other electronic record, which
may be transmitted with the message.
The Supreme Court struck down Section 66A as
unconstitutional being violative of Article 19(1) of the
Constitution. However, the court upheld the validity of:
(i)
Section 69A of the IT Act pertaining to the power to
issue directions for blocking for public access of any
information through any computer resource,
(ii)
Information Technology (Procedure & Safeguards for
Blocking for Access of Information by Public) Rules
2009, and
(iii) Section 79 of the IT Act relating to intermediary liability
subject to a caveat that intermediaries in India will take
action only on court order or on order of governmental
agency considering that deciding the legality of millions
of requests made will not be feasible.
In another landmark judgment given in
Ansar P.V. vs. P.K.
Basheer & Ors.
, it was held that the general law relating
to secondary evidence is not applicable to electronic
evidence by a three-judge bench in the Supreme Court and
the parliamentary attack case (State vs. Navjot Sandhu
alias Afsan Guru (2005) 11 SCC 600) was overruled to the
extent pertaining to electronic record. Generalia specialibus
non derogant, special law will always prevail over general
law. Any documentary evidence by way of an electronic
record can only be proved in accordance with the procedure
provided under Section 65B of the Evidence Act.
The bench explained the position of law by holding that
"An electronic record by way of secondary evidence shall
not be admitted in evidence unless the requirements under
Section 65B are satisfied. Thus, in the case of CD, VCD,
chip etc., the same shall be accompanied by the certificate
in terms of Section 65B obtained at the time of taking the
document, without which the secondary evidence pertaining
to the electronic record is inadmissible."
Some measures that can be used for preventing cybercrime
include the prevention of the disclosure of personal
information via email or otherwise, prevention of the
disclosure of confidential debit/credit card details to
unsecured sites, and installation of an updated anti-virus
in place. Furthermore, lawmakers should modify old laws
or bring in new laws and regulations to ensure that legal
safeguards against cybercrime are kept abreast and updated
with the developing and emerging phases of technology.
One cannot predict the future, especially in the case of
cyberspace, considering the ever-evolving and growing
technological development worldwide. An increase in
information technology is directly proportional to an
increase in crimes pertaining to cyberspace, and it is
important that adequate safeguards are in place to ensure
proper usage of technology for legal and moral purposes or
to benefit the society at large.
Disclaimer
– The views herein are those of the author and not of the Wockhardt group.