The Cyber Law Regime in India

Subject - Cyber Laws & Rights
M. tech. 3rd Sem., ISM.
By: Prashant Vats,
M.tech., Ph.D.
INDIRA GANDHI DELHI TECHNICAL UNIVERSITY
FOR WOMEN

“Cyber Law” is a vast study
It is not the IT Act but, It includes, and is
comprised of many Acts, legislations like
Evidence, IPC & Cr.P.C.
The IT Act in itself, is a challenging study.
Understanding the difference between http &
https is beyond the comprehensive capacity for
any Lawyer.
Cyber forensic, Cyber security, Cyber law,
anatomy of cyber attacks

Law Practice
Cyber
Forensic,
FTK, EnCase,
Helix3 etc
Cyber
Security & IT
Evidence &
Investigation
Cyber Law
regime

Introduction
5
• The Information Technology Act is the Second
Law in India governing the field of
Technology.
• The First one was in the year 1885.
• That was the Indian Telegraph Act 1885

However, The first recorded
Cyber crime incident is
believed to be recorded in
the year 1820 !

• In the year 1820, Sir Joseph-Marie Jacquard, created
an automated loom.
• This device was blended with analogical technology in
the weaving of special fabrics.
• This resulted in a fear amongst Jacquard's employees
that their traditional employment and livelihood were
being threatened.
• They committed acts of sabotage to discourage
Jacquard from further use of the new technology.
• This was the first recorded cyber crime !

Because :
9
• Cyber space is a completely different sphere
of human existence.
• No regards for any Government or territory.
• To facilitate international norms.
• Cyber Law needs to be specific.
• Conventional Laws will muddle up the cyber
law structure.

Intention of the IT Act 2000
• Intention of the IT Act 2000
The Act begins with :
“An Act to provide legal recognition for
transactions carried out by means of electronic
data interchange and other means of electronic
communication, commonly referred to as
"electronic commerce", which involve the use of
alternatives to paper-based methods of
communication and storage of information, to
facilitate electronic filing of documents with the
Government agencies…”

Evolution of the Act
• Evolution of the Act
• The General Assembly of the United Nations by its resolution
A/RES/51/162, dated the 30th January, 1997 had adopted the Model Law
on E - Commerce adopted by the UNCITRAL,
• UNCITRAL Model Law on International Commercial Arbitration (1985),
with amendments as adopted in 2006. The Model Law is designed to
assist States in reforming and modernizing their laws on arbitral
procedure so as to take into account the particular features and needs of
international commercial arbitration.
• The UNCITRAL Model Law on International Commercial Arbitration was
prepared by UNCITRAL, and adopted by the United Nations Commission
on International Trade Law on 21 June 1985.
• In 2006 the model law was amended, it now includes more detailed
provisions on interim measures.
• The said resolution recommended that all member States give favourable
consideration to the said Model Law when they enact or revise their laws,
in view of the need for uniformity of the law applicable to alternatives to
paper-based methods of communication and storage of information; i.e.
amongst member nations to promote international trade and commerce
via electronic means.
• Hence, the same was adopted and enforced in India.

Cyber Law in India
• Cyber Law in India
• Aided by many other Acts and Statutes.
• 1) The Indian Penal code
• 2) The Evidence Act
• 3) the code of Criminal procedure.
• & many others

The Information Technology Act
• The Information Technology Act
• The Act can be broadly classified into 3
aspects :
IT Act 2000
Administrative Civil Issues
Criminal and
penal

IT Act of 2000
14
ADMINISTRATIVE PART :
Recognizing e-commerce
Legal enforceability and authentication of
electronic - Documents
Methodology and process.
A special adjudicating officer & Cyber Law
Appellate Tribunal
Their role and duties therein.

IT Act 2000
• The CIVIL aspect
• Runs parallel to Administrative ventures of the
IT Act.
• Describes what constitutes civil infringement
of rights.
• Prescribes civil duties

• CRIMINAL Part
• Recognizes and provides for Penal measures
against crime in cyber space, digital crimes or
crime against computer resource.
• Related issues to redress, monitor, restrict,
investigate, cyber crime is also provided
herein.
IT Act 2000

IT Act 2000
Recognizes the Cardinal Philosophy of Cyber
disputes
1 ) Computers can be abused.
2 ) Computers are weapons as well as Victims.

Definition of a Computer
 Section 2 of the Act defines :
 (i)"computer" means any electronic magnetic, optical or other high-speed data
processing device or system which performs logical, arithmetic, and memory
functions by manipulations of electronic, magnetic or optical impulses, and
includes all input, output, processing, storage, computer software, or
communication facilities which are connected or related to the computer in a
computer system or computer network.
 (j) "computer network" means the interconnection of one or more computers
through—
○ (i) the use of satellite, microwave, terrestrial line
○ or other communication media; and
○ (ii) terminals or a complex consisting of two or more interconnected
computers whether or not the interconnection is continuously maintained;
 (k) "computer resource" means computer, computer system, computer network,
data, computer data base or software;
 (l) "computer system" means a device or collection of devices, including input and
output support devices and excluding calculators which are not programmable
and capable of being used in conjunction with external files, which contain
computer programmes, electronic instructions, input data and output data, that
performs logic, arithmetic, data storage and retrieval, communication control and
other functions;

The new amendment also defines :
• The new amendment also defines :
• Cyber Café (s 2 (na))
• Electronic signature (apart from DSC)
• Communication devices. (s 2 (ha))
• Cyber security (s 2 (nb))
• Indian CERT (s 70 B (1))

• Section 4- Legal recognition of
Electronic Records
• If any information is required in printed or
written form under any law the Information
provided in electronic form, which is accessible so
as to be usable for subsequent use, shall be
deemed to satisfy the requirement of presenting
the document in writing or printed form.
• A general provision for recognizing electronic
documents

• Section 4- Legal recognition of Electronic
Records
• If any information is required in printed or written form under
any law the Information provided in electronic form, which is
accessible so as to be usable for subsequent use, shall be
deemed to satisfy the requirement of presenting the document
in writing or printed form.
• A general provision for recognizing electronic documents
• Sections 5, 6, 7, 8, 9 & 10.
 5 - Legal recognition of electronic signatures
 6 - Use of e-Records & signatures in Government & Its Agencies
 7 and 7 (a)- Retention of Electronic Records & audits
 8 - Publications of rules and regulations in the e-Gazette.
 9 - no right to claim and insist on electronic documents
 10 – Central Govt retains the power to make rules w.r.t. e-
Signatures (type, manner, format & process)

• Sections 11, 12 – Receipt & Ack.
• Sec. 11 – discuss about the attributor(sender) of
electronic record i.e. sender himself, or by a
person authorised by the other, or by an auto
response duly programmed on behalf of the
other
• Sec. 12 – discuss receipt for acknowledgement
where nothing has been stipulated
• Any communication from addressee/automated or
otherwise.
• Any conduct of the addressee that proves sufficiently.
– However conditions may be imposed by the attributor
via e mail footer and statements therein

IT Act –overview of other relevant
admin. provisions
Sec. 16 Central Government to prescribe security
procedures !!!
Sec 17-34 Appointment and Regulation of Controller and
certifying authority
Sec 35 to 39 Obtaining Digital Signature Certificate
Sec 40 to 42 Duties of Subscriber of DSC- exercise due care to
retain the private key

• Administrative character
• Sec 44 : penalty for failure to furnish
information, return etc…
• Appointment and functions of Adjudicating
officer
• Powers and functioning of the Cyber Law
Appellate Tribunal
• Sec 61 : Civil Court excluded from jurisdiction.
• Sec 46 & 2(1)(c) : Adjudicating officer.

• Offences in a Gist
Sec 43 : earlier a simple civil provision
• Now a Civil, and may amount to a penal offence
u/s 66 if a fraudulent or dishonest mens rea (the
intention or knowledge of wrongdoing that
constitutes part of a crime, as opposed to the
action or conduct of the accused) is established !
• It relates to access to computer without the
permission of the computer owner
• It penalizes any sort of unauthorized access or
assistance

• Sec 43 in a nut shell
• Whoever without permission of owner of the computer
– Secures/Disrupts access of computer ..resource..network..
– Downloads, copies, extracts any data
– Introduces or causes to be introduced any viruses or
contaminant
– Damages or causes to be damaged any computer resource
• Destroy, alter, delete, add, modify or rearrange
• Change the format of a file
– Disrupts or causes disruption of any computer resource
• Preventing normal continuance of computer
• Sec 43A : Failure to protect Data

• Examples
• An employee authorized to access Word files,
accesses internet.
• A student inadvertently spreads a virus with
his USB Drive.
• A neighbor mistakenly chops off the internet
cable, expecting it to be an electric wire.

• Sec 65 : Tampering with Computer Source documents.
• Punishment – Imprisonment upto three years or fine
upto Rs 2 Lacs or both.
• Sec 66 : Penalises any contravention u/s 43 if carried
out with a fraudulent or dishonest motive
• Punishment – Imprisonment upto three years or fine
upto Rs 5 Lacs or both.
• Sec 66 A : Punishment for sending offensive messages
through communication service etc…
• Requisites : offensive or menacing or false, or for the
purpose of annoyance, inconvenience, ill will etc…
• Punishment – Imprisonment upto three years and with
fine.

• Sec 66 B : Punishment for dishonestly
receiving stolen computer/resource etc.
• Sec 66 C : Punishes identity theft (DSC,
passwords, or such unique identification.)
• Sec 66 D : Punishes personating, by means of
Computer resource.
• Sec 66 E : Punishes violation of privacy rights.
• Sec 66 F : Punishes Cyber Terrorism

• Sec 67A : Punishment for publishing or transmitting of material
containing sexually explicit act, etc.. In the electronic form.
• Punishment :
• 1st conviction-Imprisonment upto 5 years and fine upto Rs 10 Lacs.
• 2nd conviction-Imprisonment upto 7 years and fine upto Rs 10 Lacs.
• EXCEPTION
• Art, Science, literature or other interests of learning and other cases
• Sec 67B : Punishment for publishing or transmitting of material depicting
children in sexually explicit act, etc.. In the electronic form. (Readwith
other sub rules)
• Punishment :
• 1st conviction-Imprisonment upto 5 years and fine upto Rs 10 Lacs.
• 2nd conviction-Imprisonment upto 7 years and fine upto Rs 10 Lacs.
• Sec 67C : Preservation & retention of information by intermediaries.
• Punishment - Imprisonment upto three years and with fine.

• Sec 68 : Provision and punishment for
violation of orders from the Controller.
• Sec 69 : Powers of the Govt. to issue
direction for monitoring, intercepting or
decrypting any information through any
Computer Resource.
• (Basically an administrative right of the Govt. and provides for
punishment to the violator, usually intermediaries who are incharge of
such database or are service providers.)
• Sec 69 A powers for blocking of public access
• Sec 69 B power to authorize monitor and collect
traffic.

• Sec 71 : Penalty for Misrepresentation before the
Controller or the Certifying Authority
• Punishment - Imprisonment upto 2 years or fine upto Rs. 1
Lac or both.
• Sec 72 : Penalty for breach of Confidentiality & privacy, the
provision applies to those persons who are empowered
under this Act with such a database or records.
Lac or both.
• Sec 72A : Penalty for disclosure of information in breach of
Lawful Contract –(an amendment to include even the
employees of private organizations or such intermediaries
working therein)
Lac or both.

• Sec 74 : Publication of Signature or signature
certificates for fraudulent purpose.
• Punishment - Imprisonment upto 2 years or
fine upto Rs. 1 Lac or both.
• Sec 76 : provides for confiscation of any
related computer accessory, system part etc if
the same is believed to be used in any
violation of this Act or rules.

• Sec 77B: Offences punishable with
imprisonment upto 3 years to be bailable.
• Sec 78 : Power to investigate offences now
available to Inspector, earlier the onus was on
the DSP rank officer or above.

• Sec 79 : Exemption of Intermediaries and
service providers if they establish that they
have exercised due diligence on their part.
• An abusive provision for the ISP’s but often
helpful !

 The 2009 notification makes it an offence to even abet
or attempt a cyber crime, earlier unsuccessful
criminals always escaped by virtue of this grey area.
 Sec 84 B : Punishment for Abetment
 Same punishment as prescribed for the offence
 Sec 84 C :Punishment for attempt
 A maximum of one-half of the term of imprisonment
provided for the offence, or with fine as prescribed for
the offence or with both.
 Sec 90: State Govt. has powers to make allied rules.

The Indian Penal Code
Vis-à-vis
The Cyber Crime

Relevant application of IPC etc…
Sending threatening
messages by email
Sec 503 IPC
Sending defamatory
messages by email
Sec 499, 500 IPC
Forging electronic
records
Sec 463, 470, 471 IPC
Bogus websites, cyber
frauds
Sec 420 IPC
Email spoofing Sec 416, 417, 463 IPC
Online sale of Drugs NDPS Act
Web - Jacking Sec. 383 IPC
Online sale of Arms Arms Act

The Evidence Act
• The Evidence Act
• Evidence Act may be divided in four questions.
• Question 1 What is the Evidence given of?
• Answer 1 of Facts ("Issue of Facts" or "Relevant Facts")
• Question 2 How the Evidence of such Facts are Given
• Answer 2 The Evidence of Such Facts is Given Either by way of "Oral
Evidence" or "Documentary Evidence'
• Question 3 On whom does the Burden of proof lie?
• Answer 3 "Burden of Proof"(of particular fact) or "Onus of proof" (to
prove whole case) lies on the Prosecution incharge
• Question 4 What are the Evaluation of the Facts.
• Answer 4 The Evaluation is "Prove" or "Presumption"(of prove); The
fact is either 'proved','disproved', or 'Not proved'; or there may be
presumption that proof of facts "may presume', 'shall presume', or
'conclusive proof'.
• Filing an FIR is easy, but not chargesheet.
• Digital evidence is extremely volatile & difficult to preserve.
• Indian criminal justice system requires guilt to be proved beyond
reasonable doubt.

Evidence Act w.r.t. IT Act
The major highlight of the Evidence Act in view
of the IT Act 2000 is that it recognises electronic
evidence.
Sec 65 is the most important provision dealing
with specific provision on digital evidence.
Sec 65B provides for a detailed process for the
analysis of the digital evidence in question.
Sec 65 B (4) requires a certificate from the
examiner of digital evidence

Evidence Act w.r.t IT Act
• The Govt. shall notify who is the gazetted
examiner for Digital evidence u/s 79 A of the
IT Act.
• The same provision is exclusive, it excludes all
other Cyber Forensic experts from entering
this field u/s 45 of the Evidence Act.

Encase/FTK
• Encase is a online software toolkit is traditionally used
in forensics to recover evidence from seized hard
drives.
• Encase allows the investigator to conduct in depth
analysis of user files to collect evidence such as
documents, pictures, internet history and Windows
Registry information. The company also
offers EnCase training and certification.
• Forensic Toolkit, or FTK, is a computer forensics
software made by AccessData. It scans a hard drive
looking for various information. It can, for example,
locate deleted emails and scan a disk for text strings to
use them as a password dictionary to crack
encryption.

Is digital evidence binding upon courts ?
• Is EnCase/FTK approved by Central govt. for
this purpose?
• Is e-mail/sms admissible as evidence?
• Is data retrieved from remote servers
acceptable?

• Is EnCase/FTK approved by Central govt. for this purpose?
• Answer : It is not required, the testimony of such an evidence is viewed as a mere
opinion of the expert. Do not be confused for NIST(USA) Policy, although a standard
approval should help.
• Why does the United States need NIST?
• Founded in 1901, NIST is a non-regulatory federal agency within the U.S. Department
of Commerce. NIST's mission is to promote U.S. innovation and industrial
competitiveness by advancing measurement science, standards, and technology in
ways that enhance economic security and improve our quality of life.
• What are the five elements of the NIST cyber security framework?
• Overview. This learning module takes a deeper look at the Cybersecurity
Framework's five Functions: Identify, Protect, Detect, Respond, and Recover. The
information presented here builds upon the material introduced in the Components
of the Framework module.
• Who needs NIST compliant?
• The NIST 800-171 Mandate
NIST 800-171 requires compliance by all subcontractors working within the federal
supply chain, whether they are subcontractors working for a prime or subcontractors
working for another subcontractor.
• What is the difference between ISO and NIST?
• Both the National Institute of Standards and Technology (NIST) and the International
Organization for Standardization (ISO) have industry-leading approaches to
information security. ... ISO 27001, on the other hand, is less technical and more risk
focused for organizations of all shapes and sizes.

Is e-mail/sms admissible as evidence?
• The position of electronic documents in the form of SMS, MMS
and E-mail in India is well demonstrated under the law and the
interpretation provided in various cases.
• In State of Delhi v. Mohd. Afzal & Others, it was held that
electronic records are admissible as evidence.
• If someone challenges the accuracy of a computer evidence or
electronic record on the grounds of misuse of system or operating
failure or interpolation, then the person challenging it must prove
the same beyond reasonable doubt.
• The court observed that mere theoretical and general
apprehensions cannot make clear evidence defective and in
admissible. This case has well demonstrated the admissibility of
electronic evidence in various forms in Indian courts.

Is data retrieved from remote servers
acceptable?
• Are call recordings admissible in court in India?
• In conclusion, phone audio recording is admissible as evidence in Courts under
section 65B of the Indian Evidence Act, 1872
• Can WhatsApp chat be used as evidence in court in India?
• The I-T Act recognises electronic communication as proof in court. Legal notice
or messages sent through WhatsApp messaging app are valid
legal evidence under law, and the blue tick over the messaging app is a
valid proof that the respondent has accepted the physical copies of the
communication, said Bombay High Court.
• Is email admissible as evidence?
• Work e-mails often fall under the business records exception of hearsay.
Sending an e-mail from work does not automatically make the evidence
admissible under a business record exception of hearsay, but it could
be admissible if the contents are within the scope of employment.
• How can email be investigated and used as evidence?
• E-mail forensic analysis is used to study the source and content of e-mail message
as evidence, identifying the actual sender, recipient and date and time it was sent,
etc. to collect credible evidence to bring criminals to justice.

Is data retrieved from remote servers
acceptable?
• In the age of digitisation and increasing reliance on computerised records in
judicial proceedings, the Supreme Court has held that the requirement of a
certificate to make an electronic evidence admissible is not mandatory "wherever
interest of justice so justifies".
• The top court's clarification on section 65B of Indian Evidence Act, which deals
with admissibility of electronic evidence in court proceedings, will have an impact
on criminal trials, where an increasing number of call details records, CCTV
footage, mobile video recordings and CDs are being relied upon.
• Interpreting section 65B(4) of the Evidence Act, a bench of Justices A K Goel and U
U Lalit said the provision should be applied only when such electronic evidence is
presented by a person who is in a position to produce such certificate.
• Section 65(B) of Indian Evidence Act says that electronic records needs to be
certified by a person occupying a responsible official position for being admissible
as evidence in any court proceedings.
• The top court, while examining the issue of video recording of crime scene in the
country, dealt with the question if electronic evidence can be admissible for
reliance in judicial proceedings.
• It said that if a person is not in a position to produce such certificate the provision
of 65B should not be applied.

Need of the hour to combat
cybercrime
• To strengthen investigation mechanism by
making it a quick response cell.
• Educate the IO’s, about handling & processing,
search & seizure.
• Advanced Lab with skilled personnel.
• YOU HAVE TO join hands with IT Professionals.
• Keep upgrading.
• Remember, It’s a white collar crime.

The Cyber Law Regime in India

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to The Cyber Law Regime in India

Similar to The Cyber Law Regime in India (20)

More from Dr. Prashant Vats

More from Dr. Prashant Vats (20)

Recently uploaded

Recently uploaded (20)

The Cyber Law Regime in India