Cybercrime And The Information Technology Act

With the advent of technology and

e-commerce, we have come across

various means and modes to easily

achieve what we require with the mere

click of a button, be it house hunting

or buying grocery. Increase in the use of computers

has led to the expansion and growth of information

technology, as a result of which people were introduced

to the "Internet". However, as Internet became the

most preferred mode for transactions, accessing data,

information storage, research, and so on, it also led to

various cybercrimes which were a result of misuse of

technology and cyberspace.

Cybercrimes may be broadly described as crimes

committed through the misuse of computers and

Internet where a computer can be used as a tool or

target. Examples of a computer being used as a target

are Hacking, transmitting a virus, and so on. Similarly,

examples of a computer being used as a tool are credit

card fraud, cyber terrorism, and intellectual property

crimes.

Importance of cyber security

As rightly said by Fred Langa,

"Just as drivers who share the road must also share

responsibility for safety, we all now share the same global

network, and thus must regard computer security as a

necessary social responsibility. To me, anyone unwilling

to take simple security precautions is a major, active part

of the problem."

Initially, there was no statutory law in India that

regulated cyberspace. With ever-increasing cybercrimes,

it was important to have preventive action and necessary

statutory laws, rules, and regulations in place for the

protection of society at large against such crimes.

Hence, the Parliament passed the

"INFORMATION

TECHNOLOGY ACT, 2000"

in India, which governs cyber

laws (including e-commerce and e-banking) and provides

punishments and penalties for cybercrimes. This Act was

further amended in 2008

("IT Act").

The main objective of the IT Act provided in the preface

is "to provide legal recognition for transactions carried

out by means of electronic data interchange and other

means of electronic communication, commonly referred

to as 'electronic commerce', which involve the use of

alternatives to paper-based methods of communication

and storage of information, to facilitate electronic filing

of documents with the government agencies and further

to amend the Indian Penal Code; the Indian Evidence

Act, 1872; the Bankers' Books Evidence Act, 1891; and

the Reserve Bank of India Act, 1934 and for matters

connected therewith or incidental thereto."

Some important provisions in the IT Act governing

precautionary measures taken for the prevention of

cybercrimes are covered under chapters IX, X, and XI.

Chapter IX of the IT Act specifies penalties and adjudication

pertaining to various offenses, such as penalties for damage

to computers, computer systems, compensation for failure

to protect data, penalty for failure to furnish information,

return, residuary penalty, and so on. This chapter further

provides the power to adjudicate to an officer appointed by

the central government not below the rank of a Director to

the Government of India or an equivalent officer of the state

government.

Chapter X provides for the establishment of the Cyber

Appellate Tribunal (CAT). An aggrieved person can make

an appeal against the orders of the adjudicating officer as

aforesaid to the CAT. Furthermore, any person aggrieved by

any decision or order of this tribunal may file an appeal to

a high court on any question of fact or law arising out of

such order.

Chapter XI of the Act provides punishments for various

offenses, such as tampering with computer source

documents, offenses related to computers, identity

theft, cyber terrorism, and so on. These offenses shall be

investigated only by a police officer not below the rank of

the Deputy Superintendent of Police.

A landmark judgment was given by the Supreme Court of

India in Shreya Singhal vs. Union of India, wherein the

validity of various provisions of the IT Act was considered,

particularly the constitutional validity of Section 66A of

the IT Act. Section 66A of the IT Act provides punishment

for sending offensive messages through communication

services and is reproduced as follows:

"Any person who sends, by means of a computer resource or

a communication device,

(a)

any information that is grossly offensive or has

menacing character, or

(b)

any information which he knows to be false, but for the

purpose of causing annoyance, inconvenience, danger,

obstruction, insult, injury, criminal intimidation,

enmity, hatred, or ill will, persistently by making use of

such computer resource or a communication device,

(c)

any electronic mail or electronic mail message for the

purpose of causing annoyance or inconvenience or to

deceive or to mislead the addressee or recipient about

the origin of such messages shall be punishable with

imprisonment for a term which may extend to three

years and with a fine.

Explanation:- For the purposes of the section, term

"Electronic mail" and "Electronic Mail Message" means a

message or information created or transmitted or received

on a computer, computer system, computer resource, or

communication device including attachments in text,

image, audio, video, and any other electronic record, which

may be transmitted with the message.

The Supreme Court struck down Section 66A as

unconstitutional being violative of Article 19(1) of the

Constitution. However, the court upheld the validity of:

(i)

Section 69A of the IT Act pertaining to the power to

issue directions for blocking for public access of any

information through any computer resource,

(ii)

Information Technology (Procedure & Safeguards for

Blocking for Access of Information by Public) Rules

2009, and

(iii) Section 79 of the IT Act relating to intermediary liability

subject to a caveat that intermediaries in India will take

action only on court order or on order of governmental

agency considering that deciding the legality of millions

of requests made will not be feasible.

In another landmark judgment given in

Ansar P.V. vs. P.K.

Basheer & Ors.

, it was held that the general law relating

to secondary evidence is not applicable to electronic

evidence by a three-judge bench in the Supreme Court and

the parliamentary attack case (State vs. Navjot Sandhu

alias Afsan Guru (2005) 11 SCC 600) was overruled to the

extent pertaining to electronic record. Generalia specialibus

non derogant, special law will always prevail over general

law. Any documentary evidence by way of an electronic

record can only be proved in accordance with the procedure

provided under Section 65B of the Evidence Act.

The bench explained the position of law by holding that

"An electronic record by way of secondary evidence shall

not be admitted in evidence unless the requirements under

Section 65B are satisfied. Thus, in the case of CD, VCD,

chip etc., the same shall be accompanied by the certificate

in terms of Section 65B obtained at the time of taking the

document, without which the secondary evidence pertaining

to the electronic record is inadmissible."

Some measures that can be used for preventing cybercrime

include the prevention of the disclosure of personal

information via email or otherwise, prevention of the

disclosure of confidential debit/credit card details to

unsecured sites, and installation of an updated anti-virus

in place. Furthermore, lawmakers should modify old laws

or bring in new laws and regulations to ensure that legal

safeguards against cybercrime are kept abreast and updated

with the developing and emerging phases of technology.

One cannot predict the future, especially in the case of

cyberspace, considering the ever-evolving and growing

technological development worldwide. An increase in

information technology is directly proportional to an

increase in crimes pertaining to cyberspace, and it is

important that adequate safeguards are in place to ensure

proper usage of technology for legal and moral purposes or

to benefit the society at large.

Disclaimer

– The views herein are those of the author and not of the Wockhardt group.