1. Cyber crimes in India have increased significantly, with a 200% rise in Delhi and various online fraud cases reported. 2. The Information Technology Act, 2000 aims to provide legal recognition for electronic transactions and digital signatures to facilitate electronic governance and commerce. 3. The Act defines cyber crimes such as hacking and publishing obscene content online, and prescribes penalties such as imprisonment and fines.

1. INFORMATION TECHNOLOGY ACT
2000

2. CYBER CRIMES IN INDIA
Cyber fraud complaints in Delhi so far in 2023 increased by 200% over the past
one year. Over 24,000 complaints were registered with the Delhi Police till June
this year.Crooks are exploiting loopholes in online systems for sending and
receiving money, the use of which has gone up in recent years, police said.
78% of Indian organisations experienced a ransomware attack in 2021, with 80%
of those attacks resulting in the encryption of data. In comparison, the average
percentage of attacks was 66%, with the average encryption rate at 65%.
Bengalureans lost ₹470 crore in cyber crimes in 2023
The cases include a variety of online frauds, like online job fraud, debit or credit
card fraud, gift fraud, loan app fraud, bitcoin cases, sextortion, data theft,
matrimonial fraud, card skimming, email spoofing, lottery fraud, online gaming
fraud, and SIM cloning.

3. CYBER CRIMES ACROSS THE GLOBE
Russia’s invasion of Ukraine has had a massive impact on the cyber threat
landscape. Since the start of the war, Russian-based phishing attacks
against email addresses of European and US-based businesses have
increased 8-fold.
During the height of the pandemic, phishing incidents rose by 220%.
2021 saw nearly 1 billion emails exposed, affecting 1 in 5 internet users.
The countries with the 5 highest scores on the NSCI are:Greece (96.10)
Lithuania (93.51)
Belgium (93.51)
Estonia (93.51)
Czech Republic (92.21)

4. HISTORY
• In order to keep pace with the changing generation
the Indian Parliament passed Information
Technology (IT) Act, 2000. The IT Act has been
conceptualised on the United Nations Commission
on International Trade Law (UNCITRAL) Model
Law

5. OBJECTIVES OF THE ACT
The Act aims at providing legal recognition for:
• transactions carried out by means of electronic data
interchange and other means of electronic communications
commonly referred to as "electronic commerce”.
• digital signatures for the authentication of any information or
matters requiring legal authentication
• Facilitate the electronic filing of documents with Government
agencies and also departments
• Facilitate the electronic storage of data
• Give legal sanction and also facilitate the electronic transfer of
funds between banks and financial institutions

6. COMPUTER
“Computer” means by electronic magnetic, optical or other highspeed
data processing device or system which performs logical, arithmetic, and
memory functions by manipulations of electronic, magnetic, or optical
impulses, and includes all input, output, processing, storage, computer
software, or communications facilities which are connected/related to the
computer in a computer system or computer network.
ELECTRONIC RECORD:-
‘Electronic record means data, record or data generated, image or sound
stored, received or sent in an electronic form or microfilm or computer
generated micro fiche.
ORIGINATOR
‘Originator’ means a person who sends, generates, stores or transmits
any electronic message or causes any electronic message to be sent,
generated, stored or transmitted to any other person but does not include
an intermediary.

7. COMPUTER DATA BASE
Computer data base means a representation of
information, knowledge, facts, concepts or
instructions in text, image, audio, video are
prepared or being prepared or produced by a
computer, computer system or computer
network and are intended for use in a
computer, computer system or computer
network;

8. • COMPUTER VIRUS
“Computer virus" means any computer
instruction, information, data or programme that
destroys, damages, degrades or adversely affects
the performance of a computer resource or
attaches itself to another computer resource and
operates when a programme, data or instruction is
executed or some other event takes place in that
computer resource

9. NETWORK SERVICES PROVIDERS / ISP
• Network services providers shall not be liable
under this Act for any third party information or
data made available, if they prove that the
offence or contravention was committed without
their knowledge or that they had exercised all
due diligence to prevent such offence.

10. • Network service provider means an
intermediary:
• Third party information means any information
dealt with by network service provider in his
capacity as intermediary

11. DIGITAL SIGNATURES
• A digital signature means an authentication of any
electronic record by a subscriber by means of an
electronic method or procedure. Thus a subscriber can
authenticate an electronic record by affixing his digital
signature.
• The Act has adopted the Public Key Infrastructure (PKI)
for securing electronic transactions.
• A private key is used to create a digital signature whereas
a public key is used to verify the digital signature and
electronic record.

12. Digital signature is created through following distinct steps:
1. Electronic record is converted into a message digest by using a
mathematical function known as ‘hash function’, which digitally
freezes the electronic record, thus ensuring the integrity of the
content of the intended communication contained in the electronic
record.
2. The identity of the person affixing the digital signature is
authenticated through the use of a private key which attaches itself
to the message digest and which can be verified by any person
who has the public key corresponding to such private key. This will
enable any person to verify whether the electronic record is
retained intact or has been tampered with.
3. Any subscriber may authenticate an electronic record by affixing
his digital signature. The authentication of the electronic record
shall be effected by transform the initial electronic record into
another electronic record. 4. Any person by the use of a public key
of subscriber can verify the electronic record. The private key and
public key are unique to the subscriber and constitute a functioning
key pair.

13. The Act also gives the Central Government
powers:
a) to make rules prescribing the digital signature
b)the manner in which it shall be affixed
c) the procedure to identify the person affixing
the signature
d) the maintenance of integrity, security and
confidentiality of records or
e) payments and rules regarding any other
appropriate matters

14. POWERS OF CERTIFYING AUTHORITY
• These signatures are to be authenticated by
Certifying Authorities (CAs) appointed under the
Act. These authorities would inter alia, have the
license to issue Digital Signature Certificates (DSCs).
The applicant must have a private key that can create
a digital signature. This private key and the public
key listed on the DSC must form the functioning key
pair.

15. DIGITAL SIGNATURE CERTIFICATES
Once the subscriber has accepted the DSC, he
shall generate the key pair by applying the
security procedure. Every subscriber is under an
obligation to exercise reasonable care and
caution to retain control of the private key
corresponding to the public key listed in his
DSC. If however, the private key is
compromised, he must communicate the same
to the Certifying Authority (CA) without any
delay.

16. DESPATCH & ACKNOWLEDGEMENT- ELECTRONIC
RECORDS
• All electronic records sent by an originator, his
agent or an information system programmed by
or on his behalf are attributable to him.
• Where the originator has not agreed with the
addressee that the acknowledgement of receipt
of electronic data shall be given in a manner, the
acknowledgement may be given by any
communication by the addressee, automated or
otherwise; or any conduct of the addressee,
sufficient to indicate to the originator that the
electronic record has been received

17. DESPATCH & ACKNOWLEDGEMENT-
ELECTRONIC RECORDS
Where the originator had stipulated that it shall be
binding only on receipt of acknowledgement,
then unless acknowledgement has been received,
it shall mean that the electronic data was never
sent.

18. DESPATCH & ACKNOWLEDGEMENT-
ELECTRONIC RECORDS
Where no such stipulation was made, then the
originator may give a notice to the addressee
stating that no such acknowledgement has been
received and specifying a time by which the
acknowledgement must be received by him, if
still no acknowledgement is received, he may
after giving notice to the addressee treat the
electronic data as never sent

19. DESPATCH & ACKNOWLEDGEMENT-
ELECTRONIC RECORDS
Unless otherwise agreed the time of receipt of
electronic record shall be determined as follows:
if the addressee has designated a computer
resource for the purpose of receiving electronic
records-
▫ receipt occurs at the time when the electronic
record enters the designated computer resource; or
▫ if the electronic is sent to a resource that is not
designated, receipt occurs when it is retrieved by
the addressee

20. Penalty for damage to computer,
computer system
• “Damage" means to destroy, alter, delete,
add, modify or rearrange any computer
resource by any means

21. • Tampering with the computer source
documents. Whoever knowingly or intentionally
conceals, destroys, or alters or causes another to
do the same any computer source code used for
a computer, computer programme, computer
system or computer network, shall be
punishable with imprisonment up to three
years, or with fine upto Rs. 2 lakhs or
with both.

22. • Whoever commits hacking of the computer system
shall be punished with imprisonment up to
three years, or with fine upto Rs. 2 lakhs or
with both.
• Whoever publishes or transmits or cause to be
published any matter which is obscene, shall be
punished on first conviction with imprisonment
may extend upped five years with a fine of
upped RS. 1,00,000 (for second and
subsequent convictions, imprisonment of
upped 10 years and a fine of upped RS.
2,00,000

23. • Penalties have also been prescribed for publishing
false digital signature certificates or for use of such
certificates for fraudulent and unlawful purposes,
which is imprisonment for a term which may
extend to two years, or with fine which may
extend to Rs. 1,00,000 or with both.
• The government may notify certain computer
systems or networks as being "protected systems",
unauthorized access to which may be punishable
with imprisonment up to 10 years in addition
to a fine

24. OFFENCES BY COMPANIES
• In respect of offences by companies, in addition
to the company, every person, who at the time
the contravention was committed, was in charge
of, and was responsible to the company for the
conduct of the business of the company, shall be
guilty of the contravention, unless he proves that
the contravention took place without his
knowledge or that he exercised all due diligence
to prevent such contravention.

25. OFFENCES OUTSIDE INDIA
• The provisions of the Act shall also apply to
offences or contravention outside India, if such
offences or contravention involves a computer,
computer system or computer network located
in India.

26. CYBER REGULATIONS APPELLATE
TRIBUNAL (CRAT)
• A Cyber Regulations Appellate Tribunal (CRAT)
is to be set up for appeals from the order of any
adjudicating officer. It consists of one person
only- the Presiding Officer(Chief Justice of
India/Judge of High court)
• Every appeal must be filed within a period of
forty-five days from the date on which the
person aggrieved receives a copy of the order
made by the adjudicating officer.

27. • As per the Act a provision has been made to
appeal from the decision of the CRAT to the
High Court within sixty days of the date of
communication of the order or decision of the
CRAT .

28. POWERS OF POLICE TO SEARCH,
ARREST, ETC.
• A police officer not below the rank of Deputy
Superintendent of Police, or any other officer
authorised by the Central Government has the
power to enter any public place and arrest any
person without a warrant if he believes that a
cyber crime has been or is about to be
committed.