Cyber Crimes in India

CYBER CRIMES IN
INDIA
R. Muralidharan
[email protected]
1
ROADMAP
•
•
•
•
•
•
•
•
•
•
•
•
INTRODUCTION
COVENTIONAL VS. CYBER CRIME
JURISDICTION
REASONS, MODES , CLASSIFICATION AND HAZARDS
PORNOGRAPHY
LAWS IN INDIA
ADJUDICATION, PENALTIES AND COMPENSATION
UNDER IPC
CASE LAWS
LATEST DEVELOPMENT
RECOMMENDATIONS
CONCLUSION
2
CYBER CRIMES
3
INTRODUCTION contd…
Genesis
• Back in 1990 less than 100,000 people logged on to
the net worldwide, now it has crossed 500 million.
Crime is no longer limited to space, time or a group of
people.
• Criminals often used unauthorized access to subvert
security systems as they modified data for financial
gain or destroyed data out of vendetta.
• As telecommunication spread, programmers started
writing malicious software, including self-replicating
programs, to interfere with sensitive and confidential
data stored on personal computers.
• The genesis of every cyber crime is available in the
general criminal law of that country i.e. in The IPC,
4
1860 in case of India.
INTRODUCTION contd…
Definitions
• The term ‘cyber crime’ is a misnomer. This term
has nowhere been defined in any statute /Act
passed or enacted by the Indian Parliament.
• Generically Cybercrimes are unlawful acts wherein
the computer is either a tool or a target or both.
• Cybercrime transgresses national boundaries so
perhaps international organizations should be
looked at for providing a standard definition of
cybercrime which is otherwise difficult.
5
INTRODUCTION contd…
Definitions
• Definition by The United Nations
 Cybercrime in narrow sense (computer crime): Any
illegal behavior directed by means of electronic
operations that targets the security of computer
systems and the data processed by them.
 Cybercrime in a broader sense (computer-related
crime): Any illegal behavior committed by means
of, or in relation to, a computer system or network,
including such crimes as illegal possession [and]
offering or distributing information by means of a
computer system or network.
6
CONVENTIONAL CRIME VS. CYBER CRIME contd…
• Both include conduct whether act or omission,
which cause breach of rules of law and
counterbalanced by the sanction of the state.
• Cyber crime may be said to be those species, of
which, genus is the conventional crime.
• The demarcation lies in the involvement of the
virtual cyber medium which is sine qua non in
cases of cyber crime.
• Criminal law of the country has to be overhauled to
tackle Cybercrime.
7
CONVENTIONAL CRIME VS. CYBER CRIME contd...
• The advent of cyber crime has exploded many of
the prevailing hypotheses in criminal law. Some of
them are enumerated as under:
 The offender is normally an illiterate without
skills, who depends more on the body than the
brains, often wielding weapons.
 The criminal has a motive for the crime and often
leaves a lot of evidence which would make crime
detection possible for a trained investigator.
8
CONVENTIONAL CRIME VS. CYBER CRIME contd…
 As for the victims, most are men, who traditionally
are the persons controlling the property or
exercising power.
 The victims of the offences are clearly identifiable.
 In terms of damage, damage to the victim is
localized and can easily be quantified and
compensated.
Cyber crimes have proved all the above hypotheses
wrong.
9
Jurisdiction
•
•
•
•
Active Nationality Principle
Passive Nationality Principle
Territoriality Principle
Sovereign Integrity Principle
10
Jurisdiction
• COMPUSERVE Inc. Vs Patterson (1996)
• Facts: Patterson from Texas entered in to an
agreement with COMPUSERVE that permitted
the use of the services of COMPUSERVE in
the making and selling of an internet navigation
product. When COMPUSERVE later marketed
its own internet navigation software, IP dispute
arouse and the COMPUSERVE filed a
declaratory suit to clear its name as a possible
infringer.
11
Jurisdiction
• There was a question regarding the jurisdiction
• Patterson had an electronic contract with
COMPUSERVE which was governed by Ohio
laws.
• He had also sent email to COMPUSERVE from
Ohio. The court in Ohio therefore assumed
jurisdiction on the ground of doctrine of minimum
contacts
12
Lotus Case
• There was a collision in international waters in
which a French ship and a Turkish ship was
involved.
• Turkey arrested the French ship Captain and
sought to prosecute him
• French government contended that since the
collision occurred in International waters, the
“Flag State” alone could exercise jurisdiction and
that the Turks must hand them over
13
Lotus Case
• The PCIJ rejected the French contention.
• In the past the Flag State had normally exercised
jurisdiction. The convenience of the state, as
manifested in the uniform state practice over
300 years cannot take away the right of a victim
state to exercise jurisdiction as and when the
State feels that its interest is affected.
• The Court held that there cannot be any such
adverse presumptions on sovereignty.
14
BENSUSAN VS KING(1996)
• The Doctrine of minimum contacts cannot be
stretched too far.
• If the contact is of de minimus non curat lex, the
Court would not exercise jurisdiction over a
dispute without considering the nature of nexus
between the situs and the forum.
15
BENSUSAN VS KING(1996)
• Facts: King posted a “Site” in the World Wide
Web to promote his club. The website was
located on a computer server at Missouri and
contained an advertisement logo that was
allegedly substantially similar to the logo used by
Bensusan. King moved the court to dismiss the
case for the lack of jurisdiction
• The Court decided that the facts did not merit
the assumption of personal jurisdiction to decide
the case.
16
REASONS FOR CYBER CRIMES
• The reasons for the vulnerability of
computers may be said to be:
 Capacity to store data in comparatively
small space
 Easy to access
 Complex
 Negligence
 Loss of evidence
17
MODE OF COMMITTING CYBER CRIME
•
•
•
•
•
•
•
•
•
•
•
Hacking
Theft of information contained in electronic form
Email bombing:
Data diddling
Salami attacks
Denial of Service ( DOS)attack
Virus / worm attacks
Logic bombs
Trojan attacks
Internet time thefts
Web jacking
18
CLASSIFICATION OF CYBER CRIMES
• Cyber Crimes against Persons:
 Harassment via E-Mails, Facebook, Twitter
 Cyber-Stalking
 Dissemination of Obscene Material
 Defamation
 Hacking
 Cracking
 E-Mail Spoofing
 SMS Spoofing
19
CLASSIFICATION OF CYBER CRIMES
 Carding
 Cheating & Fraud
 Child Pornography
 Assault by Threat
20
CLASSIFICATION OF CYBER CRIMES
• Crimes Against Person’s Property:
 Intellectual Property Crimes






Cyber Squatting
Cyber Vandalism
Hacking Computer System
Transmitting Virus
Cyber Trespass
Internet Time Thefts
21
CLASSIFICATION OF CYBER CRIMES
• Cybercrimes Against Government:




Cyber Terrorism
Cyber Warfare
Distribution of pirated software
Possession of Unauthorized Information
22
CLASSIFICATION OF CYBER CRIMES contd..
• Cybercrimes Against society at large:





Child Pornography
Cyber Trafficking
Online Gambling
Financial Crimes
Forgery
23
CYBER CRIME RELATED PROFESSIONALS
• IT or Tech Professionals : Network Engineers,
Cyber Security Software Professionals, Cyber
Forensic Experts, IT Governance Professionals,
Certified Internet Security Auditors, Ethical Hackers
etc.
• Cyber Law Experts: They handle - Patent and
Patent Infringements or other Business Cyber
crimes, Cyber Security for Identity thefts and Credit
Cards and other Financial transactions, General
Cyber Law.
• Cyber Law Implementation Professionals: EGovernance agencies, law and enforcement agencies,
cybercrime research cells and cyber forensic labs.
24
CYBER CRIMES HAZARDS: INSTANCES contd..
• 20% - 30% of Internet
pornography consumption is by
children of ages 12 - 17.
• MySpace is being used by
predators to meet and entice kids
online.
• Specific marketing strategies are
being used to attract children to
porn sites.
25
CYBER CRIMES HAZARDS: INSTANCES contd..
• After Pokhran II test on May 11 –
May 13, 1998, a group of hackers
called ’Milworm’ broke into Bhabha
Atomic Research Centre (BARC) site
and posted anti Indian and antinuclear messages.
• In 1999, website of Indian Science
Congress Association was defaced
and the hacker posted provocative
comments about Kashmir.
26
Pornography
• In India, watching or possessing pornographic
materials is legal. Distribution is illegal
• Prior to ITA, this was guided by Section 292
IPC. Now its also under Section 67 ITA. Section
67B ITA, deals with child pornography. Section
292 prohibits:
– Selling, renting, distributing, exhibiting or circulating
– importing, exporting or conveying
– Advertising or offering or attempting to do any act
which is an offence
27
Pornography
• 67. Publishing of information which is obscene in
electronic form.
• Whoever publishes or transmits or causes to be published in the
electronic form, any material which is lascivious or appeals to the
prurient interest or if its effect is such as to tend to deprave and
corrupt persons, shall be punished
• Punishment:
– 1st conviction: imprisonment to the extend of five years and with fine
which may extend to 1 lakh Rs.
– 2nd conviction: imprisonment to the extend of ten years and also with fine
which may extend to 2 lakh Rs.
28
Pornography
• In The People v James D Kent, 2012, the New York court of Appeal
ruled that “streaming” child pornography online is not the same
as possessing it. Hence, he was released from conviction. This is
in effect saying that watching child pornography online is not an
offence.
In India, following is prohibited with regard to porography:
– Circulation: passing of something, such as money or news, from place to
place or person to person.
– Transmission: act or process of sending a message, picture, or other
information from one location to one or more other locations by means
of radio waves, electric signals, light signals etc.
– Transfer: to make over the possession or legal title of.
29
LAWS FOR COMBATING CYBER CRIMES IN INDIA
• "INFORMATION TECHNOLOGY ACT, 2000"
[ITA- 2000]- Enacted by the Indian parliament protect
the field of e-commerce, e-governance, e-banking, to
facilitate filing of electronic records with the Government
as well as penalties and punishments in the field of cyber
crimes.
• "INFORMATIONTECHNOLOGY(AMENDME
NT) ACT, 2008"[ITAA- 2008]-Act punishes various
cyber crimes including cyber terrorism, increases the scope
and applicability of ITA-2000 by incorporating changes like
increasing the scope of “ communication devices”,
replacing section 43 with section 66, naming “hacking” as
“data theft”, making “digital signatures” valid etc.
30
LAWS FOR COMBATING CYBER CRIMES contd…
The Indian Penal Code 1860
The Indian Evidence Act 1872
The Banker’s Book Evidence Act 1891
The Reserve Bank of India Act 1934
Information Technology (Procedure and
Safeguards for Interception, Monitoring and
Decryption of Information) Rules, 2009
• Information Technology (Procedure and Safeguard
for Monitoring and Collecting Traffic Data or
Information) Rules, 2009
•
•
•
•
•
31
LAWS FOR COMBATTING CYBER CRIMES contd…
• Information
Technology
(Procedure
and
Safeguards for Blocking for Access of Information
by Public) Rules, 2009
• The Cyber Appellate Tribunal (Salary, Allowances
and Other Terms and Conditions of Service of
Chairperson and Members) Rules, 2009
• Cyber Appellate Tribunal (Procedure for
Investigation of Misbehavior or Incapacity of
Chairperson and Members) Rules, 2009
32
ITAA-2008 ACT: SPOTLIGHT
• Eight new cyber offenses added viz:
1. Sending offensive messages through a computer or
mobile
phone
(Section
66A)(Anti-Thackeray
Facebook row and FIR against Taslima for Twitter
comment)
computer
resource
or
2. Receiving
stolen
communication device (Section 66B)
3. Punishment for identity theft (Section 66C)
4. Punishment for cheating by personation using
computer resource (Section 66D)
5. Punishment for violating privacy or video voyeurism
(Section 66E)
6. Cyber Terrorism (Section 66F)
7. Publishing or transmitting material in electronic form
containing sexually explicit act (Section 67A)
33
ITAA-2008 ACT: SPOTLIGHT contd…
• Section 43: Require corporates to maintain reasonable
security practices, and procedures as to sensitive personal
data or information.
• Section 43A: A body corporate shall be liable to pay
compensation if it is negligent in implementing “reasonable
security precautions” with respect to “sensitive personal
data”. The liability would arise if the negligence leads to a
wrongful loss or wrongful gain to a person.
• Section 69 & 69A : Empowers the state to issue directions
for interception, monitoring, decryption of any information
through any computer resource; and for blocking websites
in the interest of national security, and friendly relations
with foreign states.
• Section 69B : Empowers the government to authorize to
monitor, collect traffic data or information through any
computer resource for cyber security.
34
ITAA-2008 ACT: SPOTLIGHT contd…
• Section 72A: A person including an intermediary is
held liable if he discloses “personal information” which
he accessed while providing services under a contract.
The liability arises if the disclosure was made with an
intention to cause or knowing that he is likely to cause
wrongful loss or wrongful gain to a person.
• Section 66E: Defends privacy and now one cannot
publish or transmit nude photo of a person without
his/her permission.
• Section 77A: Compounding of offenses has been
incorporated under this newly introduced section, but
the second conviction is not compoundable and it also
not compoundable where such offence affects the
socio-economic conditions of the country or has been
committed against a child below the age of 18 years or a
woman.
35
ITAA-2008 ACT: SPOTLIGHT contd…
• Offences made bailable, less stringent: Now most
of the offences are considered “Cognizable” but
“Bailable” and “Compoundable”. Now offences,
punishable with imprisonment of more than three years
are only non bailable.
• Abetment of the offences under the act is also made
punishable with the punishment provided for the
offence committed in pursuance of such under IT AA,
2008.
• The level of investigation has been brought down to
the level of inspector from that of DSP.
36
ITAA-2008 ACT: SPOTLIGHT contd…
• Offence of hacking only if with dishonest or
fraudulent intention: Now, the hacking of computer
is covered u/s 66 IT Act only if it is done dishonestly
or fraudulently as defined under the IPC. If it is not
done dishonestly or fraudulently, it would be covered
under Section 43 which is civil in nature. Thus, the
moment one commits hacking, he would be either
criminally liable or face civil liability.
37
ADJUDICATION
• Section 46 - Section 64 deals with adjudication.
• The I.T. Secretary in any state is normally the
nominated Adjudicator for all civil offences arising out
of data thefts and resultant losses in the particular state.
• There is an appellate procedure under this process and
the composition of Cyber Appellate Tribunal at the
national level, has also been described in the Act.
• Every adjudicating officer has the powers of a civil
court and the Cyber Appellate Tribunal has the powers
vested in a civil court under the Code of Civil
Procedure.
38
PENALTIES & COMPENASTION
• Section 75 of the ITAA-2008 in accordance
with the IPC makes the provisions of the Act
applicable to any offense committed outside of
India only if the act or conduct constituting
offense located in India.
• Tampering with Computer Source Documents
(Section 65): Punishable with imprisonment up
to three years, or with fine which may extend up
to two lakh rupees, or with both.
39
PENALTIES & COMPENASTION contd…
• Computer Related Offences (Section 66): If
any person, dishonestly, or fraudulently, does
any act referred to in section 43, he shall be
punishable with imprisonment for a term which
may extend to three years or with fine which
may extend to five lakh rupees or with both.
• Punishment for cyber terrorism (Section
66F): Punishable with imprisonment which may
extend to imprisonment for life.
40
PENALTIES & COMPENASTION
• Punishment for publishing or transmitting
obscene material in electronic form (Section
67): Imprisonment of either description for a
term which may extend to three years and with
fine which may extend to five lakh rupees and in
the event of a second or subsequent conviction
with imprisonment of either description for a
term which may extend to five years and also
with fine which may extend to ten lakh rupees.
41
PENALTIES & COMPENASTION
• Preservation and Retention of information by
intermediaries (Section 67C): Punished with an imprisonment
for a term which may extend to three years and shall also be
liable to fine.
• Section 43: It deals with the unauthorized access, unauthorized
downloading, virus attacks or any contaminant, causes damage,
disruption, denial of access, interference with the service availed
by a person. This section provide for a fine up to Rs. 1 Crore by
way of remedy.
• Section 85: All persons responsible to the company for conduct
of its business shall be held guilty in case offense was committed
by a company unless no knowledge or due diligence to prevent
the convention is proved.
42
CYBER OFFENSES UNDER IPC
CYBER CRIME
SECTION UNDER INDIAN
PENAL CODE, 1860 (IPC)
Sending threatening message by email
S. 506
Sending defamatory message by email
S.499
Sending a mail outraging the modesty
S.509
Forgery of electronic records
S.465
Bogus websites, cyber frauds, phishing
S.420
Email spoofing
S. 465, 419
Web-jacking
S.383
Criminal breach of trust
S.406,409
Obscenity
S.292, 293, 294
Theft of Computer Hardware
S.378, 379
43
CYBER OFFENSES UNDER IPC AND SPECIAL LAWS contd…
• Piracy - Section 51, 63, 63B, Copyright Act
• Obscenity - Indecent Representation of Women
Act, 1986
• Online sale of Drugs – NDPS Act
• Online sale of Arms – Arms Act
These Acts have been changed to make them compatible
with the Act of 2008. So that they may regulate and control
the affairs of the cyber world in an effective manner. While
framing charges the penal provisions are read with these
special provisions.
44
CASE LAWS
• Sony-sambandh.com case:
 India saw its first cybercrime conviction
recently. It all began
after a complaint was filed by Sony India Private Ltd, which runs
a website called www.sony-sambandh.com, targeting Non
Resident Indians. The website enables NRIs to send Sony
products to their friends and relatives in India after they pay for
it online.
 In May 2002, someone logged onto the website under the
identity of Barbara Campa and ordered a Sony Colour Television
set and a cordless head phone , credit card number was given
and the address where the product was supposed to be delivered
was furnished. The address was of Arif Azim, Noida.
45
CASE LAWS contd…
 The transaction closed at that, but after one and a half months
the credit card agency informed the company that this was an
unauthorized transaction as the real owner had denied having
made the purchase.
 The company lodged a complaint for online cheating at the
Central Bureau of Investigation which registered a case under
Section 418, 419 and 420 of the Indian Penal Code.
 The matter was investigated into and Arif Azim was arrested.
Investigations revealed thatArif Azim, while working at a call
centre in Noida gained access to the credit card number of an
American national which he misused on the company’s site.
 The case has shown that IPC can come in handy where ITA2000 did not cover certain categories of cyber crimes.
46
CASE LAWS contd…
• Pune Citibank MphasiS Call Center Fraud:
 US $ 3,50,000 from accounts of four US customers were
dishonestly transferred to bogus accounts.
 Some employees of the call center gained the confidence of the
customer and obtained their PIN numbers to commit fraud.
 There was not as much of breach of security but of sourcing
engineering.
 There is need for a strict background check of the call center
executives. There is need for a national ID and a national data
base where a name can be referred to.
 Customer education is very important so customers do not get
taken for a ride. Most banks are guilt of not doing this.
47
CASE LAWS contd…
• Pranav Mitra’s email spoofing fraud:
 Pranab Mitra, former executive of Gujarat Ambuja Cement posed as a
woman, Rita Basu, and created a fake e-mail ID through which he
contacted one V.R. Ninawe an Abu Dhabi businessman.
 Mitra sent an e-mail that ''she would commit suicide'' if Ninawe ended
the relationship. He also gave him ''another friend Ruchira Sengupta's''
e-mail ID which was in fact his second bogus address.
 When Ninawe mailed at the other ID he was shocked to learn that
Mitra had died and police is searching for Ninawe. Mitra extorted few
lakhs Rupees as advocate fees etc. Mitra even sent e-mails as High
court and police officials to extort more money.
 Ninawe finally came down to Mumbai to lodge a police case.
48
CASE LAWS contd…
• Chhatrapati Shivaji defamation picture case:
 An Indian posts ‘insulting images’ of respected warrior-saint Shivaji on
Google’s Orkut. Google, India handed over the IP address to the
Indian police in compliance with Indian legal process.
 The computer with that IP address is using Airtel, India as the
ISP to connect to the internet and Orkut. Airtel gives police the
name of an innocent person using a different IP address.
 An innocent Indian, Lakshmana Kailash K, is arrested in
Bangalore and thrown in jail for 3 weeks. Eventually, his
innocence is proved and he is released in Oct, 2007.
 Airtel was asked to pay a monetary compensation of 2 lakhs by
the Bombay High court (Aurangabad bench).
49
CASE LAWS contd…
• Bazee.com case (Avnish Bajaj vs. State):
 CEO of Bazee.com was arrested in December 2004 because a CD
containing MMS of a DPS, R.K. Puram girl was being sold and hosted
on the website.
 This opened up the question as to what kind of distinction do we draw
between Internet Service Provider and Content Provider.
 The burden rests on the accused that he was the Service Provider and
not the Content Provider.
 It also raises a lot of issues regarding how the police should handle the
cyber crime cases and a lot of education is required.
 CEO was held liable by the Delhi High Court under Section 67 read
with Section 85 of the IT Act recognizing the concept of an automatic
criminal liability attaching to the director where the company is an
accused.
50
CASE LAWS contd…
• State of Tamil Nadu Vs. Suhas Katti :
 The case related to posting of obscene, defamatory




and
annoying message about a divorcee woman in the yahoo message
group.
E-Mails were also forwarded to the victim for information by
the accused through a false e-mail account opened by him in the
name of the victim.
The posting of the message resulted in annoying phone calls to
the lady in the belief that she was soliciting.
Charge Sheet was filed u/s 67 of IT Act 2000, 469 and 509 IPC
Court relied upon the expert witnesses and other evidence
produced before it, including the witnesses of the Cyber Cafe
owners and came to the conclusion that the crime was
conclusively proved.
51
CASE LAWS contd…
• The Bank NSP Case:
 A management trainee of the bank was engaged to be married.
The couple exchanged many emails using the company
computers.
 After some time the two broke up and the girl created fraudulent
email ids such as “indianbarassociations” and sent emails to the
boy’s foreign clients.
 She used the bank’s computer to do this. The boy’s company
lost a large number of clients and took the bank to court.
 The bank was held liable for the emails sent using the bank’s
system.
52
CASE LAWS contd…
• Parliament attack case:
 The laptop seized contained several evidences that confirmed of
the two terrorists’ motives, namely the sticker of the Ministry of
Home that they had made on the laptop and pasted on their
ambassador car to gain entry into Parliament House and the fake
ID card that one of the two terrorists was carrying with a
Government of India emblem and seal.
 The emblems (of the three lions) were carefully scanned and the
seal was also craftly made along with residential address of
Jammu and Kashmir. But careful detection proved that it was all
forged and made on the laptop.
53
CASE LAWS contd…
• Andhra Pradesh Tax Case:
 The owner of a plastics firm was arrested and Rs 22 crore cash
was recovered from his house by sleuths of the Vigilance
Department.
 The accused person submitted 6,000 vouchers to prove the
legitimacy of trade d but after careful scrutiny of vouchers and
contents of his computers it revealed that all of them were made
after the raids were conducted.
 It later revealed that the accused was running five businesses
under the guise of one company and used fake and computerized
vouchers to show sales records and save tax.
54
CASE LAWS contd…
• Nasscom vs. Ajay Sood & Others:
 A landmark judgment by the Delhi High Court ‘phishing’ on
the internet was declared to be an illegal act, entailing an
injunction and recovery of damages.
 Court stated that phishing is a form of internet fraud where a
person pretends to be a legitimate association, such as a bank or
an insurance company in order to extract personal data from a
customer such as access codes, passwords, etc.
 The Delhi HC stated that even though there is no specific
legislation in India to penalize phishing still the court held the
act of phishing as passing off and tarnishing the Nasscom’s
image.
55
CYBER LAW TRENDS OF INDIA 2013
• The issues that may be challenging of various stakeholders
in 2013 include legal issues of cyber security, privacy and
data protection requirements, cloud computing security and
privacy issues, e-surveillance and Internet, cyber due
diligence requirements, social media due diligence, data
privacy laws, online IP violations including copyright
violations issues, etc.
• Companies like Google, Yahoo, Microsoft, Facebook, etc are
already facing criminal prosecution under the cyber law of India
and other criminal laws. So serious is the situation that the
executives of parent companies of these companies have
been summoned to personally appear before Indian court.
56
CYBER LAW TRENDS OF INDIA 2013 contd…
• New fields like e-legal due diligence and technological legal due
diligence in India would also assume significance.
• Online pharmacies websites of India has been brought under
regulatory scanner and punishment may follow .
• SEBI would get power to monitor investor’s call records and
conduct Searches at companies suspected of wrongdoing.
• Election commission of India would scrutinize social media
platforms for model code of conduct violations.
• Indian Supreme Court has issued notice to Maharashtra
government and deity for framing cyber crimes investigation
guidelines.
57
RECOMMENDATIONS FOR THE BETTERMENT OF ITAA-2008
• The statement of object and reasons must be stretched to cover
crimes committed in the cyber space, and not limited to safeguard
electronic commerce and related communications only.
• Cyber terrorism must be broadly defined to include the usage of
cyber space and cyber communication.
• An altogether new chapter dedicated for cyber terrorism and
extremist speeches in the main legislation should be introduced.
• The act refers to on-line privacy in only two areas, namely in
sections 43 & 72, which is not sufficient.
• Provisions should be made for the Intellectual property regime,
which is the backbone of any e- commerce transaction.
• The Act is silent about the regulation of the payment gateways.
• Other related Acts should be amended accordingly to safeguard
against the atrocities of cyber crimes.
58
CONCLUSION
• Information Technology Act, 2000, itself is a comprehensive
legislation but it has had some inherent shortcomings.
• The amended act is a welcoming attempt to fill gaps in old act in
India, for instance, introducing legal recognition to electronic
signatures, data protection obligations and mechanisms,
provisions to combat emerging cyber security threats such as
cyber terrorism, identity theft, spamming, video voyeurism,
pornography on internet, and other crimes. It paved the way for
removing the implementation of the IT Act by removing certain
undesirable wordings in some sections.
• It can be expected that the lacunae in ITAA-2008 may also be
eliminated with the time as and when more problems will be
encountered by the Judiciary.
59
CONCLUSION contd…
• Successful criminal prosecution and civil litigation will require
that members of the legal community familiarize themselves with
the various hacking techniques to ensure that the perpetrators
are tried and convicted under the relevant statutes.
• It is impossible to create permanent solutions in the criminal
legislation, and it can be maintained that the legislation will
always be more or less behind the real development. In order to
keep this gap as narrow as possible, close and continuous
cooperation between the law enforcement and legislative
authorities is required, as well as active following of the technical
development. Also international cooperation is also very
significant because of the transnational nature of the IT crimes.
60
THANK YOU
61