You are on page 1of 37

Legal Aspects of Business

Information Technology Act rather than giving Information & Technology gives rise to more Cyber Crimes


Information Technology Act 2000 & Cyber Crimes

Master of Management Studies Semester II (DIV-A)

Group- 1
Roll No. 01 03 05 07 09 11 13 15 17 19 Sanket Jog Deep Gala Vrushal Sangvekar Rajshekhar C.K Prachi Pharande Satish Sirpuram Dhirajkumar Gite Sushant Abhyankar Chaitra Poojary Group Members Ganesh Gite

Objective of the Project: To find out the scope of the Act To find out loop holes in IT Act 2000 The current scenario Scope for Improvement
2|Page Information Technology Act 2000 & Cyber Crimes

Sr. No 1 2 3 4 5 6 Particulars Introduction: Information Technology Information Technology Act 2000 Information Technology (Amendment) Act, 2008 Cyber Crime Types of Cyber Crime National Association of Software and Service Companies (NASSCOM) 7 8 9 10 Facts & Figures Case Study Conclusion Bibliography & Webliography 23 29 34 37 Page No. 4 5 7 15 16 21


Information Technology Act 2000 & Cyber Crimes

Information Technology
Information technology (IT) is the application of computers and telecommunications equipment to store, retrieve, transmit and manipulate data, often in the context of a business or other enterprise. The term is commonly used as a synonym for computers and computer networks, but it also encompasses other information distribution technologies such as television and telephones. Several industries are associated with information technology, such as computer hardware, software, electronics, semiconductors, internet, telecom equipment, and e-commerce and computer services. Today's businesses rely more heavily on technology than ever before. From improved telecommunications to online payment options, most modern businesses could not function as effectively or efficiently without technology. Even the ability to accept credit or debit card payments at retail stores requires a complex system of bank exchanges and telecommunications in order to operate smoothly and reliably.

Need of Information Technology Act 2000:

Society is developing along with time. Technical development is associated with social development. The criminals have changed their attitude in type of crimes according to development of modern technology. For the welfare and development of society laws must be changed accordingly. So that we may check restrict the new methods of crimes and can balance our society. Therefore, with the development of society, the law is also developed accordingly. Now the Era is changing and modern era is the era of cyber. In modern time computer, internet, mobile etc. play an important role in society. From house to market you will find that our economy is dependent on these instruments. Every where you will find their use in every sphere of life. The crime also takes places through these means of communication for example: Hacking Cracking, credit card fraud, data theft etc. are the new means of crime in modern time. So many legal issue and question have arising with the invention of internet .Indian Parliament have passed IT act, to control the cyber crime & regulating e-commerce.


Information Technology Act 2000 & Cyber Crimes

Information Technology Act 2000

Connectivity via the Internet has greatly abridged geographical distances and made communication even more rapid. While activities in this limitless new universe are increasing incessantly, laws must be formulated to monitor these activities. Some countries have been rather vigilant and formed some laws governing the net. In order to keep pace with the changing generation, the Indian Parliament passed the much awaited Information Technology Act, 2000. However, even after it has been passed, a debate over certain controversial issues continues. A large portion of the industrial community seems to be dissatisfied with certain aspects of the Act. But on the whole, it is a step in the right direction for India.

The objectives of the Information Technology Act 2000: 1. It is objective of I.T. Act 2000 to give legal recognition to any transaction which is done by electronic way or use of internet.

2. To give legal recognition to digital signature for accepting any agreement via computer.

3. To provide facility of filling document online relating to school admission or registration in employment exchange.

4. According to I.T. Act 2000, any company can store their data in electronic storage.

5. To stop computer crime and protect privacy of internet users.

6. To give legal recognition for keeping books of accounts by bankers and other companies in electronic form.


Information Technology Act 2000 & Cyber Crimes

The scope of the Information Technology Act 2000: Every electronic information is under the scope of I.T. Act 2000 but following electronic transaction is not under I.T. Act 2000: 1. Information technology act 2000 is not applicable on the attestation for creating trust via electronic way. Physical attestation is must. 2. I.T. Act 2000 is not applicable on the attestation for making will of any body. Physical attestation by two witnesses is must. 3. A contract of sale of any immovable property. 4. Attestation for giving power of attorney of property is not possible via electronic record.

Advantages of I.T. Act 2000: 1. Helpful to promote e-commerce: Email is valid Digital signature is valid. Payment via credit card is valid. Online contract is valid Above all things validity in eye of Indian law is very necessary. After making IT act 2000, all above things are valid and these things are very helpful to promote e-commerce in India.

2. Enhance the corporate business: After issuing digital signature, certificate by Certifying authority, now Indian corporate business can enhance.

3. Filling online forms: After providing facility, filling online forms for different purposes has become so easy.

4. High penalty for cyber crime: Law has power to penalize for doing any cyber crime. After making of this law, nos. of cyber crime has reduced.
6|Page Information Technology Act 2000 & Cyber Crimes

Limitations of I.T. Act 2000: Infringement of copyright has not been included in this law. No protection for domain names. The act is not applicable on the power of attorney, trusts and will. Act is silent on taxation. No, provision of payment of stamp duty on electronic documents.

Chapter II Digital Signature (Information Technology Act 2000) Section-3 Authentication of electronic records: 1. Subject to the provisions of this section, any subscriber may authenticate an electronic record by affixing his digital signature. 2. The authentication of the electronic record shall be effected by the use of asymmetric crypto system and hash function which envelop and transform the initial electronic record into another electronic record. 3. Any person by the use of a public key of the subscriber can verify the electronic record. 4. The private key and the public key are unique to the subscriber and constitute a functioning key pair. Explanation: Any contract which is done by subscriber. If he signs the electronic agreement by digital signature. Then it will be valid. In case bank, the verification of digital signature can be on the basis of key pair.

Electronic signatures introduced [IT (Amendment) Act, 2008] India has become technologically neutral due to adoption of electronic signatures as a legally valid mode of executing signatures. This includes digital signatures as one of the modes of signatures and is far broader in ambit covering biometrics and other new forms of creating electronic signatures. This is a positive change as India has different segments people and all may not be technologically adept to understand and use the digital signatures. Therefore, allowing forms of authentication that are simpler to use such as retina scanning can be quite useful in effective implementation of the Act.
7|Page Information Technology Act 2000 & Cyber Crimes

Chapter III Electronic Governance (Information Technology Act 2000)

Section-4 Legal recognition of electronic records: Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is(a) rendered or made available in an electronic form; and (b) accessible so as to be usable for a subsequent reference. Explanation: It explains in detail that all electronic records of government are acceptable unless any other law has any rules regarding written or printed record.

Chapter IV Attribution, Acknowledgement and Dispatch of Electronic records (Information Technology Act 2000)

Section-11 Attribution of electronic records: An electronic record shall be attributed to the originator, (a) if it was sent by the originator himself; (b) by a person who had the authority to act on behalf of the originator in respect of that electronic record; or (c) by an information system programmed by or on behalf of the originator to operate automatically.

Section-12 Acknowledge of receipt: (1) Where the originator has not agreed with the addressee that the acknowledgement of receipt of electronic record be given in a particular form or by a particular method, an acknowledgement may be given by: (a) any communication by the addressee, automated or otherwise; or (b) any conduct of the addressee, sufficient to indicate to the originator that the electronic record has been received.
8|Page Information Technology Act 2000 & Cyber Crimes

Explanation: It deals with receipts or acknowledgement of any electronic record. Every electronic record has any proof that is called receipt and it should be in the hand who records electronic way. For Example: While booking ticket on IRCTC website, once the transaction is done we get a confirmation on mobile or email with details of ticket booked and its a form of electronic receipts or acknowledgement.

Chapter V Secure Electronic records and secure digital signatures (Information Technology Act 2000)

Section-14 Secure electronic record: Where any security procedure has been applied to an electronic record at a specific point of time, then such record shall be deemed to be a secure electronic record from such point of time to the time of verification.

Section-15 Secure digital signature: If, by application of a security procedure agreed to by the parties concerned, it can be verified that a digital signature, at the time it was affixed, was: (a) unique to the subscriber affixing it; (b) capable of identifying such subscriber; (c) created in a manner or using a means under the exclusive control of the subscriber and is linked to the electronic record to which related in such a manner that if the electronic record was altered the digital signature would be invalidated, then such digital signature shall be deemed to be a secure digital signature. Explanation: It enables powers to organization for securing the electronic records and secure digital signature. They can secure by applying any new verification system.


Information Technology Act 2000 & Cyber Crimes

Chapter VIII Duties of Subscribers (Information Technology Act 2000)

Section-43 Penalty for damage to computer, computer system, etc: If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network, - accesses or secures access to such computer, computer system or computer network downloads, copies or extracts any data, computer data base information from such computer, computer system or computer network including information or data held or stored in any removable storage medium. Introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network; damages or causes to be damaged and computer, computer system or computer network, data, computer database or any other programmes residing in such computer, computer system or computer network; disrupts or causes disruption of any computer, computer system or computer network; denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means; provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder; charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system or compute network he shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected.

Explanation: For the purposes of this section. (i) "computer contaminant" means any set of computer instructions that are designed: (a) to modify, destroy, record, transmit date or programme residing within a computer, computer system or computer network; or (b) by any means to usurp the normal operation of the computer, compute system, or computer network;

10 | P a g e

Information Technology Act 2000 & Cyber Crimes

(ii) "computer database" means a representation of information, knowledge, facts, concepts or instructions in text, image, audio, video that are being prepared or have been prepare in a formalised manner or have been produced by a computer, computer system or computer network and are intended for use in a computer, computer system or computer network; (iii) "computer virus" means any computer instruction, information, data or programme that destroys, damages, degrades adversely affects the performance of a computer resources or attaches itself to another itself to another computer resources and operates when a programme, date or instruction is executed or some other even takes place in that computer resource; (iv) "damage" means to destroy, alter, delete, add, modify or re-arrange any computer resource by any means.

[IT (Amendment) Act, 2008] A new definition has been inserted for intermediary. Intermediary with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes, but does not include a body corporate referred to in Section 43A. The damages of Rs. One Crore (approximately USD 200,000) prescribed under section 43 of the earlier Act for damage to computer, computer system etc. has been deleted and the relevant parts of the section have been substit uted by the words, he shall be liable to pay damages by way of compensation to the person so affected. A new section 43A has been inserted to protect sensitive personal data or information possessed, dealt or handled by a body corporate in a computer resource which such body corporate owns, controls or operates. If such body corporate is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, it shall be liable to pay damages by way of compensation to the person so affected.

11 | P a g e

Information Technology Act 2000 & Cyber Crimes

Chapter XI Offences (Information Technology Act 2000):

Section-65 Tampering with computer source documents: Whoever knowingly or intentionally conceals, destroy, or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both. Explanation: For the purposes of this section, "computer source code" means the listing of programmes, compute commands, design and layout and programme analysis of computer resource in any form. For Example: The person A steals the source code and sells it to a business rival of the victim B. If the person A is an employee of the victim, he would usually have direct or indirect access to the source code. A would steal a copy of the source code and hide it using a virtual or physical storage device. If A is not an employee of the B, he would hack into the victims servers to steal the source code. A would also use social engineering to get unauthorized access to the code. A would then contact potential buyers to make the sale to earn profit through illegal means or A uses it as a base to make and sell his own version of the software.

Section-66 Hacking with Computer System: (1) Whoever with the intent of cause or knowing that is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking. (2) Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.

12 | P a g e

Information Technology Act 2000 & Cyber Crimes

[IT (Amendment) Act, 2008] It includes punishment for offenses such as obscene electronic message transmissions, identity theft, cheating by impersonation using computer resource, violation of privacy and cyber terrorism. Caselet: E-banking theft: Hackers steal Rs 2.5L. (Source: TNN Feb 10, 2013, 01.42AM IST) MARGAO: An unknown cyber criminal allegedly hacked into the NRI bank account of Savio Joao Piedade Clemente from Borda, Margao, on January 29 and fraudulently withdrew 2.5 lakh from it. The fact came to light when Clemente realized that the amount was debited from his account without his knowledge or authorization. Police sources said that Clemente is a NRI account holder with the Margao branch of the Central Bank of India. Following an SMS alert received on his wife's mobile phone about the withdrawal of the said amount through e-banking, Clemente made inquiries with the bank authorities who confirmed the transaction. The manager of the NRI branch of the Central Bank of India, Ramachandra Nayak, on Saturday, lodged a complaint with the Margao police against unknown persons for defrauding their customer. Acting on the complaint, the Margao town police booked an offence against unknown accused under Sections 419 and 420 of the IPC and Sections 65 and 66 of the IT Act.

Section-67 Publishing of information which is obscene in electronic form: Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeal to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to one lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to ten years and also with fine which may extend to two lakh rupees.

13 | P a g e

Information Technology Act 2000 & Cyber Crimes

[IT (Amendment) Act, 2008] Section 67 of the old Act is amended to reduce the term of imprisonment for publishing or transmitting obscene material in electronic form to three years from five years and increase the fine thereof from Indian Rupees 100,000 (approximately USD 2000) to Indian Rupees 500,000 (approximately USD 10,000).

It deals with penal provisions in respect of offenses of publishing or transmitting of material containing sexually explicit act and child pornography in electronic form, with the obligation of an intermediary to preserve and retain such information as may be specified for such duration and in such manner and format as the central government may prescribe.

Section-74 Publication for fraudulent purpose: Whoever knowingly creates publishes or otherwise makes available a Digital Signature Certificate for any fraudulent or unlawful purpose shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.

14 | P a g e

Information Technology Act 2000 & Cyber Crimes


In the era of cyber world as the usage of computers became more popular, there was expansion in the growth of technology as well, and the term Cyber became more familiar to the people. The evolution of Information Technology (IT) gave birth to the cyber space wherein internet provides equal opportunities to all the people to access any information, data storage, analyse etc. with the use of high technology. Due to increase in the number of cybercitizens, misuse of technology in the cyberspace was clutching up which gave birth to cyber crimes at the domestic and international level as well. Though the word Crime carries its general meaning as a legal wrong that can be followed by criminal proceedings which may result into pu nishment whereas Cyber Crime may be unlawful acts wherein the computer is either a tool or target or both. It could be hackers vandalizing your site, viewing confidential information, stealing trade secrets or intellectual property with the use of internet. It can also include denial of services and viruses attacks preventing regular traffic from reaching your site. Cyber crimes are not limited to outsiders except in case of viruses and with respect to security related cyber crimes that usually done by the employees of particular company who can easily access the password and data storage of the company for their benefits. Cyber crimes also includes criminal activities done with the use of computers which further perpetuates crimes i.e. financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail, spoofing, forgery, cyber defamation, cyber stalking, unauthorized access to Computer system, theft of information contained in the electronic form, e-mail bombing, physically damaging the computer system etc.

15 | P a g e

Information Technology Act 2000 & Cyber Crimes


Classifications of Cyber Crimes: Cyber Crimes which are growing day by day, it is very difficult to find out what is actually a cyber crime and what is the conventional crime so to come out of this confusion, cyber crimes can be classified under different categories which are as follows:

1. Cyber Crimes against Persons: There are certain offences which affect the personality of individuals can be defined as: Cyber Stalking: It means expressed or implied a physical threat that creates fear through the use to computer technology such as internet, e-mail, phones, text messages, webcam, websites or videos. Defamation: It is an act of imputing any person with intent to lower down the dignity of the person by hacking his mail account and sending some mails with using vulgar language to unknown persons mail account. Cracking: It is amongst the gravest cyber crimes known till date. It is a dreadful feeling to know that a stranger has broken into your computer systems without your knowledge and consent and has tampered with precious confidential data and information.

16 | P a g e

Information Technology Act 2000 & Cyber Crimes

Phishing: In computing, phishing is a form of social engineering, characterized by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message. For Example: Criminal sends a message via e-mail like Congratulations you have won $100,00,000 to a random persons e-mail address and thereby asks the receiver of the mail to fill in some personal details so that the money can be transferred to the receiver of the mail. The criminal also asks for some processing charges to be paid so that the amount can be transferred. Many a times the person to whom the mail has been sent pays the processing charges but does not receives the prize money mentioned in the mail. E-Mail Spoofing: A spoofed e-mail may be said to be one, which misrepresents its origin. It shows its origin to be different from which actually it originates. For example: The link might deceive a casual observer into believing that it will open a page on, whereas it actually directs the browser to a page on, using a username of Carding: It means false ATM cards i.e. Debit and Credit cards used by criminals for their monetary benefits through withdrawing money from the victims bank account. There is always unauthorized use of ATM cards in this type of cyber crimes.

17 | P a g e

Information Technology Act 2000 & Cyber Crimes

2. Crimes Against Persons Property: As there is rapid growth in the international trade where businesses and consumers are increasingly using computers to create, transmit and to store information in the electronic form instead of traditional paper documents. There are certain offences which affects persons property which is as follows: Intellectual Property Crimes: Intellectual property consists of a bundle of rights. Any unlawful act by which the owner is deprived completely or partially of his rights is an offence. The common form of IPR violation may be said to be software piracy, infringement of copyright, trademark, patents, designs and service mark violation, theft of computer source code, etc. Cyber Squatting: It means where two persons claim for the same Domain Name either by claiming that they had registered the name first on by right of using it before the other or using something similar to that previously. For example two similar names i.e. and Cyber Vandalism: Vandalism means deliberately destroying or damaging property of another. Thus cyber vandalism means destroying or damaging the data when a network service is stopped or disrupted. It may include within its purview any kind of physical harm done to the computer of any person. These acts may take the form of the theft of a computer, some part of a computer or a peripheral attached to the computer.. Cyber Trespass: It means to access someones computer without the right authorization of the owner and does not disturb, alter, misuse, or damage data or system by using wireless internet connection.

18 | P a g e

Information Technology Act 2000 & Cyber Crimes

3. Cybercrimes Against Government: There are certain offences done by group of persons intending to threaten the international governments by using internet facilities. It includes: Cyber Terrorism: Cyber terrorism is a major burning issue in the domestic as well as global concern. The common form of these terrorist attacks on the Internet is by distributed denial of service attacks, hate websites and hate e-mails, attacks on sensitive computer networks etc. Cyber terrorism activities endanger the sovereignty and integrity of the nation. Cyber Warfare: It refers to politically motivated hacking to conduct sabotage and espionage. It is a form of information warfare sometimes seen as analogous to conventional warfare although this analogy is controversial for both its accuracy and its political motivation. Distribution of pirated software: It means distributing pirated software from one computer to another intending to destroy the data and official records of the government.

19 | P a g e

Information Technology Act 2000 & Cyber Crimes

4. Cybercrimes Against Society at large: An unlawful act done with the intention of causing harm to the cyberspace will affect large number of persons. These offences include: Child Pornography: It involves the use of computer networks to create, distribute, or access materials that sexually exploit underage children. It also includes activities concerning indecent exposure and obscenity. Cyber Trafficking: It may be trafficking in drugs, human beings, arms weapons etc. which affects large number of persons. Trafficking in the cyberspace is also a gravest crime. Online Gambling: Online fraud and cheating is one of the most lucrative businesses that are growing today in the cyber space. There are many cases that have come to light are those pertaining to credit card crimes, contractual crimes, offering jobs, etc. Financial Crimes: This type of offence is common as there is rapid growth in the users of networking sites and phone networking where culprit will try to attack by sending bogus mails or messages through internet. Ex: Using credit cards by obtaining password illegally. Forgery: It means to deceive large number of persons by sending threatening mails as online business transactions are becoming the habitual need of todays life style.

20 | P a g e

Information Technology Act 2000 & Cyber Crimes


NASSCOM is India's National Association of Software and Service Companies, the premier trade body and the chamber of commerce of the IT software and services industry in India. NASSCOM is a global trade body with over 1350 members, of which over 250 are global companies from the US, UK, EU, Japan and China. NASSCOM's member companies are in the business of software development, software services, software products, IT-enabled/BPO services and e-commerce. NASSCOM was set up to facilitate business and trade in software and services and to encourage advancement of research in software technology. It is a not-for-profit organization, registered under the Societies Act, 1860.

NASSCOM has been the strongest proponent of global free trade in India. NASSCOM is committed to work proactively to encourage its members to adopt world class management practices, build and uphold highest quality standards and become globally competitive.

In India and around the world, NASSCOM members are participants in the new global economy and are reputed for their cutting-edge business practices and social initiatives.

NASSCOM's Vision: NASSCOM's vision is to establish India as the 21st century's software powerhouse and position the country as the global sourcing hub for software and services.

21 | P a g e

Information Technology Act 2000 & Cyber Crimes

Aims and Objectives:

The primary objective of NASSCOM is to act as a catalyst for the growth of the software driven IT industry in India. Other goals include facilitation of trade and business in software and services, encouragement and advancement of research, propagation of education and employment, enabling the growth of the Indian economy and provide compelling business benefits to global economies by global sourcing.

NASSCOM also endeavors to leverage IT and narrow the digital divide in India and enable her citizens to enjoy the benefits of IT. It also boosts the process of Innovation; IT workforce development and enhance cyber security.

NASSCOM is achieving its objectives by following a seven fold strategy: Partner with Government of India and State Governments in formulating IT policies and legislation. Partner with global stakeholders for promoting the industry in global markets. Strive for a thought leadership position and deliver world-class research and strategic inputs for the industry and its stakeholders. Encourage members to uphold world class quality standards. Strive to uphold Intellectual Property Rights of its members. Strengthen the brand equity of India as a premier global sourcing destination. Expand the quantity and quality of the talent pool in India.

Continuous engagement with all member companies and stakeholders to devise strategies
to achieve shared aspirations for the industry and the country.

22 | P a g e

Information Technology Act 2000 & Cyber Crimes

Facts and Figures Cybercrime hit 42 million Indians in 2011, cost $8 billion: Norton

The annual Norton Cyber Crime report estimates that India suffered losses of approximately $8 billion due to cyber crime in 2011. Globally, the loss is estimated at $110 billion. The report, which is the result of one of the world's largest consumer cyber crime studies, estimates that 42 million Indians have become victims of cyber attacks in the past 12 months.

The Norton Cyber Crime Report 2012 also says that 66 per cent of net-connected Indian adults have been victims of cybercrime in their lifetime. The report says more that globally there are more that 1,15,000 victims of cybercrime every day that is 80 victims per minute. The average daily financial cost per victim is $192, up from $163 last year. David Hall, Regional Consumer Product Marketing Manager, Asia Pacific, Norton By Symantec, said cyber criminals are constantly evolving and are now focusing their energies on popular social networking platforms.

"Their success is also fuelled by our love for free mobile apps and our unfounded trust of links posted by friends on social networks," he said. Hall says most people make themselves and their friends vulnerable due to their tendency to overshare personal information and links. No wonder then that a fifth of social network users have reported that their accounts have been hacked into.

In India, 32 per cent of online adults have been victims of social or mobile cyber crime in the past year - 22 per cent of all social network users have been attacked in some way with 15 per cent becoming links of scams and fake links. Still, Norton estimates that 14 per cent of social network users don't check links before sharing them with others. On the bright side, 57 per cent of Indian social network users have a security tool to protect against threats on these platforms, this is more than the global number of 44 per cent.
23 | P a g e Information Technology Act 2000 & Cyber Crimes

Only 56 per cent online adults in India understand the risk of cyber crime and know how to protect them. And 67 per cent of them realise they have been attacked only when their computer crashes or slows down, says the report. This could be because a similar number of people don't know that malware can actually work in the background stealing your valuable information. The report found that a fourth of online users still don't use a strong password or change it at regular intervals.

24 | P a g e

Information Technology Act 2000 & Cyber Crimes

25 | P a g e

Information Technology Act 2000 & Cyber Crimes

Source: _Cybercrime_Report_Master_FINAL_050912.pdf

26 | P a g e

Information Technology Act 2000 & Cyber Crimes


27 | P a g e

Information Technology Act 2000 & Cyber Crimes

28 | P a g e

Information Technology Act 2000 & Cyber Crimes

Case Study

1. Pune Citibank Mphasis Call Center Fraud: US $3,50,000 from accounts of four US customers were dishonestly transferred to bogus accounts. This will give a lot of ammunition to those lobbying against outsourcing in US. Such cases happen all over the world but when it happens in India it are a serious matter and we cannot ignore it. It is a case of sourcing engineering. Some employees gained the confidence of the customer and obtained their PIN numbers to commit fraud. They got these under the guise of helping the customers out of difficult situations. Highest security prevails in the call centres in India as they know that they will lose their business. There was not as much of breach of security but of sourcing engineering.

The call center employees are checked when they go in and out so they cannot copy down numbers and therefore they could not have noted these down. They must have remembered these numbers, gone out immediately to a cyber caf and accessed the Citibank accounts of the customers. All accounts were opened in Pune and the customers complained that the money from their accounts was transferred to Pune accounts and thats how the criminals were traced. Police has been able to prove the honesty of the call centre and has frozen the accounts where the money was transferred.

There is need for a strict background check of the call center executives. However, best of background checks cannot eliminate the bad elements from coming in and breaching security. We must still ensure such checks when a person is hired. There is need for a national ID and a national data base where a name can be referred to. In this case preliminary investigations do not reveal that the criminals had any crime history. Customer education is very important so customers do not get taken for a ride. Most banks are guilt of not doing this.

29 | P a g e

Information Technology Act 2000 & Cyber Crimes

2. case: CEO of was arrested in December 2004 because a CD with objectionable material was being sold on the website. The CD was also being sold in the markets in Delhi. The Mumbai city police and the Delhi Police got into action. The CEO was later released on bail. This opened up the question as to what kind of distinction do we draw between Internet Service Provider and Content Provider. The burden rests on the accused that he was the Service Provider and not the Content Provider. It also raises a lot of issues regarding how the police should handle the cyber crime cases and a lot of education is required.

The case against and its CEO Avnish Bajaj under section 67 of ITA 2000 was a watershed event in the Cyber Law history in India. The case involved posting of an obscene video for auction on the website by a student of IIT Kharagpur. The case had opened a good debate on the application of section 292 of IPC, in the incident along with Section 67 of ITA 2000, the requirement of "Due Diligence" under Section 85 of the ITA 2000 etc. The case had also attracted attention since the IT industry lead by FICCI as well as some of the political forces came strongly in favour of the influential and allegedly conspired to change the laws to get them exonerated through the proposed amendment to ITA 2000. However, despite their sincere effort to implement the amendments, the effort was frustrated by a timely action by the Parliamentary Committee which pointed out many of the inadequacies of the proposal and sent the ITA 2000 Amendment Bill back to the drawing board.

The developments in the case are therefore of interest to observers of Cyber Law in India. Now there appears to be some development in the Case. The Delhi High Court on 28th instant reportedly allowed proceedings against Avinash Bajaj, managing director of, for allowing an auction of a pornographic video clip involving two students on his website. Proceeding under sections 67 (publishing of information which is obscene in electronic form) and 85 of the Information Technology Act, which fixes the responsibility of a person for the conduct of business of the company as well as the company is being allowed.

30 | P a g e

Information Technology Act 2000 & Cyber Crimes

However, the court appears to have quashed the criminal proceedings under sections 292 (sale of obscene books) and 294 (obscene acts and songs in public place) of the Indian Penal Code (IPC). From the point of view of this appears to be a positive development since the Company/CEO was under two main risks one from IPC and the other from ITA 2000. The proposed amendment to ITA 2000 was already addressing the issue of removing the liabilities under ITA 2000. Though this has been stalled by the Parliamentary sub-committee, it appears that the amendments are being re-introduced without all the changes proposed by the subcommittee and with retrospective effect so that it may protect in this case. Now that the focus in the litigation is entirely on the ITA risk, there is a possibility of the amendment process being expedited.

In view of the high profile nature of the Case, there is every possibility of the law being twisted or the judiciary being misled. One needs to wait and watch the developments of this landmark case. It is not clear why the charge was dropped under Sec 292. Was it because the video clipping was not considered a "Material equivalent to Paper document" covered by IPC? Was the content not deemed "obscene"? Was the act not considered "putting the obscene material into circulation"? Was there no "Receipt of Profit"? Was it not amounting to "Advertising and Promotion"?

In case the spirit of Section 4 of ITA 2000 (legal recognition of electronic documents) had been considered, it would have been difficult to reject the charges under Sec 292. If the rejection is due to an inadequate pressing of charges by the Police, there is a danger of the case turning out to be a misleading precedent. Public has to be vigilant since there is a possibility of disinterest sneaking into the prosecution after the change of guard and may result in a verdict without a thorough analysis of the legal points involved.

31 | P a g e

Information Technology Act 2000 & Cyber Crimes

3. Parliament Attack Case: Bureau of Police Research and Development at Hyderabad had handled some of the top cyber cases, including analysing and retrieving information from the laptop recovered from terrorist, who attacked Parliament. The laptop which was seized from the two terrorists, who were gunned down when Parliament was under siege on December 13 2001, was sent to Computer Forensics Division of BPRD after computer experts at Delhi failed to trace much out of its contents. The laptop contained several evidences that confirmed of the two terrorists motives, namely the sticker of the Ministry of Home that they had made on the laptop and pasted on their ambassador car to gain entry into Parliament House and the fake ID card that one of the two terrorists was carrying with a Government of India emblem and seal. The emblems (of the three lions) were carefully scanned and the seal was also craftly made along with residential address of Jammu and Kashmir. But careful detection proved that it was all forged and made on the laptop.

On 13 December 2001, five gunmen infiltrated the Parliament House in a car with Home Ministry and Parliament labels. While both the Rajya Sabha and Lok Sabha had been adjourned 40 minutes prior to the incident, many Members of Parliament (MPs) and government officials such as Home Minister LK Advani and Minister of State for Defence Harin Pathak were believed to have still been in the building at the time of the attack. (Prime Minister Atal Bihari Vajpayee and Opposition Leader Sonia Gandhi had already left). The gunmen drove their vehicle into the car of the Indian Vice President Krishan Kant (who was in the building at the time), got out, and began firing their weapons. The Vice President's guards and security personnel shot back at the terrorists and then started closing the gates of the compound. Constable Kamlesh Kumari was first to spot the terrorist squad. One gunman, wearing a suicide vest, was shot dead; the vest exploded. The other four gunmen were also killed. Five policemen, a Parliament security guard, and a gardener were killed, and 18 others were injured. The ministers and MPs escaped unhurt.

32 | P a g e

Information Technology Act 2000 & Cyber Crimes


33 | P a g e

Information Technology Act 2000 & Cyber Crimes

As we can see the incidents of cyber crimes have always followed an upward trend in spite of the amendments made. We have tried to figure out the various possible reasons as to why cyber crimes are on increasing inspite of there being high penalties and punishments. We have tried to find out the possible loopholes in the act and the system which is preventing the proper implementation of such a force full act. Cyber Law in India is in its infancy stage. A lot of efforts and initiatives are required to make it a mature legal instrument.

Following are some of the loop holes which we have tried to figure out: 1. Reporting of important matters pertaining to Cyber Law in India 2. Analysis of Cyber Law scenario in India. 3. Providing a comprehensive database for cases and incidents related to Cyber Law in India. 4. A ready reference for problems associated with Cyber Law in India, etc. Cyber Law of India that suffers from the following drawbacks: Non-inclusion of contemporary Cyber crimes and Contraventions like Phishing, Spamming, Cyber extortions, Compromised emails, Cyber Terrorism, etc. An obscure position of Freedom of speech and expression under the IT Act, 2000. Absence of Liability for illegal blocking of websites, blogs, etc. Lack of TechnoLegal compliance under the IT Act, 2000. 5. Lack of Wireless security under the IT Act, 2000. Absence of legal protection pertaining to IPRs in cyberspace. A confusion regarding Locus-standee and due diligence. Absence of Private defence in cyberspace. On dealing of issues like Cyber terrorism and private defence. E-waste in India must be taken seriously, etc. Besides these grey areas India is also facing problems of lack of Cyber Security as well as ICT Security. A techno-legal base is the need of the hour.

Unfortunately, we do not have a sound and secure ICT Security Base in India and Cyber security in India is still an ignored World. If opening of Cyber Cells and Cyber Units is Cyber Security than perhaps Indias best in the World at managing Cyber Security issues.

34 | P a g e

Information Technology Act 2000 & Cyber Crimes

The ICT Security in India is equated with face saving exercises of false claims and redundant exercises. The truth remains that ICT Security in India is a myth and not reality. The Cyber Law in India requires a dedicated and proactive approach towards ICT and Cyber Security in India. In the absence of a dedicated and sincere approach, the Cyber Law in India is going to collapse.

According to Mr Advait Sethna (Practicing Advocate at the Hon Mumbai High court) the Information Technology Act is a very effective tool which will help curb the increasing menace of cyber crimes, especially in todays time when we are moving rapidly from a paper based transaction mode to a paperless transaction mode. These days many records and transactions happen in the electronic form. It becomes extremely important to enforce a law which will legalise these forms of records. The IT Act has sought to achieve the great leap of providing these electronic records as evidences in a court of Law. According to Mr Sethna, the Act is very strong in terms of the provisions that it entails since it specifically deals with the E-Commerce transactions along with electronic Data Interchange.

However the act talks about preventing cyber crimes from happening and that is where he believes the Act isnt as effective as it is supposed to be. The reason he feels is that primarily the Act seeks to control Cyber crime, however the term Cyber crime is not defined in the act. What to include and what to exclude is something that the act doesnt mention categorically and specifically. He feels there is lot of scope for improvement in this Act. This is done by the amendments made in the Act in the year 2008. Wherein they have given the new definition of the word Cyber Cafe.

Earlier Cyber Cafes were excluded from the purview of this act. However now they have been included. Interestingly the amendments dont exactly deal with what the term cyber crime encompasses which is not right. When a law is made for preventing Cyber crimes the terms should be explained in detail and in depth. Also the Penalties and Imprisonment should be made stricter and more rigorous.

35 | P a g e

Information Technology Act 2000 & Cyber Crimes

The ITA is completely inadequate he feels when it comes to punishing the crime that directly affects the public for e.g. The attack on Taj and Oberoi Hotels. During these attacks the internet and Laptops and the electronic mediums were misused on a large scale. The Act draws its link to the IPC; however the distinction should be drawn more precisely.

The term Cyber space is expanding and so are the activities that are happening on them, the internet is fast becoming a source of livelihood as against previous years when it was just a medium to browse and search for stuff. The perceptions are becoming broader and so are the challenges. So the new challenges will force the ITA to get revamped. Newer technologies ask for better and stricter provisions in the law. An individual should first and foremost not indulge in any of the activities. Also many a times for the purpose of taking revenge people upload Objectionable content online.

Now this is a very serious crime considering the far and wide reach of the cyber space and this happens on the individual level. An individual needs to bear in mind the fact that internet is medium to get information and share information and he or she should restrict to that activity. At the same time if an individual is witnessing a crime happening in cyber space he or she should immediately lodge a complaint. There are enough mechanisms which are set up to look into these matters. There is a cyber cell and now also we have the cyber appellate tribunal. So there is strong machinery that can be used get justice and prevent cyber crimes from happening.

36 | P a g e

Information Technology Act 2000 & Cyber Crimes

Business Law book: Tejpal Sheth


37 | P a g e

Information Technology Act 2000 & Cyber Crimes