Module_3

MODULE 3

REGULATION BY INFORMATION TECHNOLOGY ACT

I. Introduction

Since the advent of civilization, man has always been motivated by the need to
make progress and enhance the existing technologies. This has led to some path
breaking developments and progress, which has been a launching pad for further
developments. Of all the significant advances made by mankind from the
beginning till date, probably the most important of them is the development of
Internet.

Nevertheless, it is also to be borne in mind that this rapid evolution of Internet has
also raised copious legal issues and questions. In this certificate programme, we
will discuss some of the issues that are pertaining to social network and social
media vis a vis the Information Technology Act.

The current era is undoubtedly the Age of Technology and one of the most
complex and effective technologies is social media. Social media at its core is an
instrument for communication that has become a vital element of daily life of
people of all ages. According to researches done, social media accounts for 22
percent of time spent on the Internet,1 one in four people above the age group of 65
years and older who are considered not so much tech savvy are now active on

1 “Social networks blogs now account for one in every four and half minutes online”, on June 15th, 2010,
available on <http://blog.nielsen.com/nielsenwire/global/social-media-accounts-for-22-percent-of-time-
online/>

1

social media websites.2 By June, 2012, Facebook claimed to have 955 million
monthly active users worldwide.3

Like any other type of organization, law enforcement agencies are now searching
for ways to use social media as a means to disseminate information to the masses.
The Police agencies in larger cities are now realized that their communities expect
them to have an online presence on platforms such as Twitter, Facebook, and
YouTube.

United Nations Commission on International Trade Law in 1996 framed the Model
Law on Electronic Commerce. The United Nations General Assembly adopted the
United Nations Commission on International Trade Law [UNCITRAL] Model
Law on E-Commerce through a Resolution4 passed on 30 January 1997. This
resolution recommended that all States give favorable consideration to the said
Model Law when they enact or revise their laws, in view of the need for uniformity
of the law applicable to alternatives to paper-based methods of communication and
storage of information.

The Government of India through the Ministry of Commerce wing formed the first
draft of the legislation following these guidelines. This initial draft legislation was
termed as the “E Commerce Act of 1998”. But later, because of the projects and
new ventures and transactions coming into the field, the government devised a
separate ministry for the same kind of transactions, which was called the Ministry
of Information and Technology. They took up the task and revamping the draft and

2 Joshua Norman, “Boomers Joining Social Media at Record Rate”, on November 16, 2010, available on:
<www.cbsnews.com/stories/2010/11/15/national/main7055992.shtml>
3 “Facebook: Newsroom” available on: <http://newsroom.fb.com/content/default.aspx?NewsAreaId=22.>
4 General Assembly Resolution 51/162 of 16 December 1996

2

started drafting of a new legislation. This legislation piece was called the
Information Technology Bill of 1999, which was later passed in 2000.

II. The UNCITRAL model law: backdrop

The decision made by UNCITRAL to formulate model legislation on e-commerce
was a response to the verity that in a number of nations, the current legislations
governing communication and storage of information is insufficient or obsolete
because it does not ponder upon the use of electronic commerce. Failure on the
part of the countries to include e-commerce within its legislations gives birth to
uncertainty of legal nature and castes a suspicious shadow on the validity of
information presented in a form other than a traditional paper document. As a
result of all this, international trade faces obstacles.

The rationale behind the Model law was to offer National legislators a set of
internationally acknowledged rules and norms as to how such legal impediments
could be removed, and how a more secure legal environment may be shaped for
electronic commerce.

The Model law attempts to permit States to adapt their domestic legislation to
developments in communications technology applicable to trade law without
necessitating the wholesale removal of the paper-based requirements themselves or
disturbing the legal concepts and approaches underlying those requirements. The
Model law thus relies, on a new approach known as the ‘functional equivalent’
approach which is based on an analysis of the purposes and functions of the
traditional paper - based requirement with a view of determining how those
purposes or functions could be fulfilled through electronic commerce techniques.

3

III. Information Technology Act 2000

The object of The Information Technology Act, 20005 as stated in its preamble is
to provide legal recognition for the transactions carried out by means of electronic
data interchange and other means of electronic data communications.

The IT Act, as originally enacted, was suffering from various loopholes and
lacunas. These “Grey Areas” were excusable since this was the first time such laws
were introduced in India and every law needs some time to mature and grow. It
was understood that over a period of time it would grow and further amendments
would be introduced to make it compatible with the International standards.

The nature of cyber laws is such that we have to take into consideration any new
development-taking place in the future. Since the Internet is boundary less, any
person sitting in an alien territory can do havoc with the computer system of India.
It is for this reason that, there was a need to “anticipate” future threats well in
advance. Thus, a “futuristic aspect” of the law had to be considered.

This Act was enacted with a sole purpose to ensure legal recognition of e-
commerce within India. Due to this, most provisions are mainly concerned with
establishing digital certification processes within the country.

Cyber crime as a term was not defined in the act. It only delved with few instances
of computer related crime. These acts as defined under Chapter XI of the Act are: -

i. Illegal access, introduction of virus, denial of services, causing damage and
manipulating computer accounts - Section 43

ii. Tampering, destroying and concealing computer code - Section 65

5 “Information Technology Act, 2000”, available at:
< http://eprocure.gov.in/cppp/sites/default/files/eproc/itact2000.pdf>

4

iii. Acts of hacking leading to wrongful loss or damage - Section 66
iv. Acts related to publishing, transmission or causing Publication of obscene/

lascivious in nature - section 67

The Act offered the legal framework so that information was not denied legal
effect, validity or enforceability, solely on the ground that it is in the form of
electronic records. In view of the growth in transactions and communications
carried out through electronic records, the Act empowered the government
departments to accept filings, creating and retaining the official documents in the
digital format. The Act also proposed a legal framework for the authentication and
origin of electronic records / communications through digital signature.

Ø A few highlights of the Information Technology Act, 2000 are: -
1. Chapter II of the Act stipulates that any subscriber can authenticate an
electronic record by affixing his digital signature. It also states that a
person can verify an electronic record by use of a public key of the
subscriber.
2. Chapter III of the Act talks about Electronic Governance and states
that, where any law provides that information or any other matter shall
be in writing or in the typewritten or printed form, then,
notwithstanding anything contained in such law, such requirement
shall be deemed to have been satisfied if such information or matter is
– rendered or made available in an electronic form; and accessible so
as to be usable for a subsequent reference. This chapter also gives
legal recognition to Digital Signatures.

5

3. Chapter VII of the Act states the scheme of things relating to Digital
Signature Certificates

4. Chapter VIII of the Act states the various duties of the subscribers.
5. Chapter IX of the said Act talks about penalties and adjudication for

various offences. The penalties for damage to computer, computer
systems etc. has been fixed as damages by way of compensation not
exceeding Rs. 1,00,00,000 to affected persons.

The Act talks of appointment of any officers not below the rank of a Director to the
Government of India or an equivalent officer of state government as an
Adjudicating Officer who shall adjudicate whether any person has made a
contravention of any of the provisions of the said Act or rules framed there under.
The said Adjudicating Officer has been given the powers of a Civil Court.

1. Chapter X of the Act talks of the establishment of the Cyber
Regulations Appellate Tribunal. This tribunal is an appellate body
where appeals against the orders passed by the Adjudicating Officers,
shall be preferred. This tribunal shall consist of one person only
[referred to as the Residing Officer] to be appointed, by notification,
by the Central Government

2. Chapter XI of the Act talks about various offences and the said
offences shall be investigated only by a Police Officer not below the
rank of the Deputy Superintendent of Police. These offences include
tampering with computer source documents, publishing of
information, which is obscene in electronic form, and hacking

3. Chapter XII of the IT Act talks about the liability of the network
service providers.

6

IV. Information Technology Amendment Act 2008

In 2007, the Standing Committee had recommended that the entire menace of
cyber terrorism needed to be addressed with a strong hand. After examining the
said recommendations, the Central Government brought the Information
Technology Amendment Bill, 2008, which got passed by both the houses of
Parliament.

The IT Amendment Act 20086 brings about various sweeping changes in the
existing Cyber law, which has removed various practical difficulties of the IT Act,
2000.

Ø Avnish Bajaj vs. State7
An internet website carried a listing which offered for sale a video clip, shot
on a mobile phone, of two children of a school in Delhi indulging in an
explicitly sexual act.

The petitioner [Avnish Bajaj], was the Managing Director of the company
that owned the website at the relevant point in time, asked the Court to annul
his criminal prosecution for the offences of making available for sale and
causing to be published an obscene product within the meaning of Section
292 Indian Penal Code and Section 67 of the Information Technology Act
2000.

6 “The IT Amendment Act, 2008”, available on:
<http://deity.gov.in/sites/upload_files/dit/files/downloads/itact2000/it_amendment_act2008.pdf>
7 Avnish Bajaj v State [N.C.T.] of Delhi [2005] 3 Comp LJ 364 [Del]

7

He also raises questions concerning the criminal liability of directors for the
offences attributable to a company, both under the IPC as well as the IT Act,
particularly when such company is not arraigned as an accused.

The Delhi High Court stated that the IPC does not recognize the concept of
automatic criminal liability attached to the director where the company is not
made an accused. The Court noted that with regard to Sec. 67, which
contains the substantive offense for publishing pornography, the Court
reasoned that since it had a deeming provision for corporate liability under
Sec. 81, the trial with regard to this charge could proceed.

Supreme Court’s Decision
The Avnish Bajaj case was the first high profile case on intermediary law
before the Supreme Court. The Supreme Court of India, in Aneeta Hada vs
M/S Godfather Travels8 decided the Special Leave Petition filed by Avnish
Bajaj, for quashing a criminal case against him relating to a pornographic
MMS posted for sale on the Baize website, of which he was the CEO at the
time.

As BIPL [Base Internet Private Limited], was never arraigned as an accused.
The limited issue, which the appeal in the Supreme Court came to be
concerned with, is the finding of the High Court on deemed criminal
liability, i.e. whether an official of a company can be made an accused
without the company itself being made an accused.

8 Aneeta Hada vs M/S Godfather Travels AIR2012SC2795, 2012[3]ALT[Cri]44

8

While deciding the case, the Court went through its previous judgment in
State of Madras v. C.V Parekh9 and held that the 3 bench judgment in C.V.
Parekh is the correct proposition of law inasmuch when the principal offence
has been alleged against a company and it is not made an accused then the
directors and the employees to whom the vicarious liability cannot be tried.

Interestingly much of the analysis of the court was based on interpretation of
Sections 141 and 142 of the Negotiable Instruments Act, which is then
supplanted to Sec. 85 of the IT Act. This was possible because these
provisions were mutatis mutandis or similarly worded.
The IT Act amends certain provisions of the IPC as well. But Parliament has
chosen not to make any amendment to incorporate such a provision in the
IPC. The Court has to therefore proceed with the law, as it exists,
particularly since it is a penal statute, which admits of strict construction.

The Court held that the case against the petitioner of the offence under
Sections 292 and 294 IPC is quashed and the prosecution under Section 67
read with Section 85 of the IT Act will continue.

Ø Google India Pvt. Ltd. Vs. M/S. Visaka Industries Limited10
The complainant [M/S Visaka Industries Limited] is in business of
manufacturing and selling of Asbestos cement sheets and allied products.

9 State Of Madras vs C.V. Parekh And Anr AIR 1971 SC 447, 1971 CriLJ 418, [1970] 3 SCC 491
10 Google India Pvt. Ltd. Vs. M/S. Visaka Industries Limited MANU/AP/0209/2011

9

Accused-1 [Gopala Krishna] is a Coordinator of a group which is hosted by
Accused-2 [Google].

Gopala Krishna published articles in the said group which contained
defamatory statements against the complainant and they were available in
the form of articles for worldwide audience.

It was contended that under Section 79 of the Information Technology Act,
the actions of Google Inc. [an intermediary], which is a service provider
providing platform for users to upload their content, does not amount to
publication in law and consequently the question of holding such
intermediaries liable for defamation should not arise.

The provision exempts network service provider from liability, but only on
proof that the offence or contravention was committed without their
knowledge or that they had exercised all due diligence to prevent the
commission of such an offence or contravention.

In this case, complainant had issued notice to the petitioner about
dissemination of defamatory material and unlawful activity on the part of the
Petitioner-1 through their medium. The petitioner did not do anything to
block the said material or to stop dissemination of the unlawful and
objectionable material. Therefore, the Petitioner-2 [Google] could not claim
any exemption either under Section 79 of the IT Act.

10

V. Changes made under the IT Amendment Act, 2008:-

The following changes were made to the IT Act, 2000 by the amendment act:-
1. Liability of body corporate towards Sensitive Personal Data

New amendment had brought in changes in section 43 of IT Act 2000 under
which any body corporate which deals with sensitive personal information
did not have adequate control resulting in wrongful loss or wrongful gain to
any person liable to pay damages of Rest. five cores to that person.

By the virtue of this Section, corporate bodies handling sensitive personal
information or data in a computer resource were under an obligation to
ensure adoption of ‘reasonable security practices’ to maintain its secrecy,
failing which they may be liable to pay damages.

This section should be read with Section 85 of the IT Act, 2000 whereby all
persons responsible to the company for conduct of its business shall be held
guilty incase offence was committed by a company. Unless no knowledge or
due diligence to prevent the contravention is proved.

Insertion of this particular provision has particular impact on the BPO
Companies that handle and have access to such sensitive information in the
regular course of their business.

This Section is hence a step in the right direction as it seeks to protect and
secure sensitive data. Section 43A of the act, indicates the procedures
designed to protect information from “unauthorized access, damage, use,
modification, disclosure, or impairment, as may be specified in an agreement

11

between parties‟ or as may be specified by any law for the time being in
force and in absence of both, as may be prescribed by Central Government
in consultation with professional bodies/associations. But, the law
explaining the definition of “reasonable security practices” is yet to be laid
down and the Central government is yet to frame its rules thereon.

2. Emphasis on legal validity of electronic documents
The amended Act makes efforts to reinforce the equivalence of paper based
documents to electronic documents by introducing two new Sections,
namely Section 7A and 10A.

Section 7A in the amended Act makes audit of electronic documents also
obligatory wherever paper-based documents are required to be audited by
law.

Section 10A bestows legal validity & enforceability on contracts formed
through electronic means.
These provisions are inserted to clarify and strengthen the legal principle in
Section 4 of the IT Act, 2000 that electronic documents are at par with
electronic documents and e-contracts are legally recognized and acceptable
in law. This is a welcome step, as it will facilitate growth of e-commerce
activity on the Internet.

The aim and objective of Section 10A is to recognize legal binding character
of online contracts. This section is in the spirit of Article 11: Formation and
validity of contracts of the UNICITRAL Model Law of e-commerce, 1996.
It provides legal certainty as to the use of contracts by electronic means. It

12

deals not only with the issue of contract formation but also with the form in
which an offer [proposal] and an acceptance may be expressed. It covers not
merely the cases in which both the offer and acceptance are communicated
by electronic means but also cases in which only the offer or only the
acceptance [or revocation of proposals and acceptances] is communicated
electronically.

The aforesaid section is not meant to impose the use of electronic means of
communications on parties who rely on the use of paper-based
communication to conclude contracts. Thus, the said section should not be
interpreted as restricting in any way party autonomy with respect to parties
not involved in the use of electronic communication.

Legal validity of online contracts would provide legal credence to online e-
commerce activities, including buying and selling of goods [including digital
goods] and services. Even the “e-governance service” contract, which a user
may enter with e-governance service provider, will be legally binding.

This act provides a road map for use of electronic records and electronic
records [including digital signatures] in government and its agencies by
promoting efficient delivery of government services. E-governance is a step
in social engineering to facilitate transparent, speedier, responsive and non-
hierarchical system of governance.

3. Introduction of virus, manipulating accounts, denial of services, hacking
etc made punishable

13

Section 66 of the previous act has been amended to include offences
punishable as per section 43, which has also been amended to include
offences; punishment may lead to imprisonment, which may extend to three
years or with fine, which may extend to five laky rupees or with both.

For a cyber crime to fall under section 66, one must observe whether
criminal intent [mens rea] was present or not. For example, a person who
intentionally causes circulation of a computer virus to impair the operation
of computer or any program or data, will be held responsible for the
modification [impairment] of any computer, which is infected even though
he may not be responsible for the infection of any particular machine.

Prima facie, the said person could be tried under section 43[c] or section 66
of the act. Hence, in order to distinguish applicability of the sections, one
must look into the circumstances and accompanying events to reconstruct
the ‘chain of events’ leading to circulation of computer virus.

If the ‘chain of events’ points out a pre-mediated, well-planned activity then
it underlines the presence of criminal intent, [dishonestly or fraudulently] to
cause wrongful loss or damage and the section applicable would be section
66 of the act.

The intention with which an act is done is very important in determining
whether an act is done ‘dishonestly’ or ‘fraudulently’. The court must have
proof of facts before coming to the conclusion that the criminal intention
existed. Any absence of ‘criminal intention’ would still make it punishable
under section 43[c] of the act.

14

4. Phishing and Spam Laws
These concepts have not been mentioned specifically under the act, but can
be interpreted under section 66[A]. Through this section, sending of
menacing, annoying messages and also misleading information about the
origin of the message has become punishable with imprisonment up to three
years and fine.

It is pertinent to note that the Hon’ble Delhi High Court in a landmark
judgment in the case of National Association of Software and Service
Companies vs Ajay Sood & Others11, delivered in March, ‘05, declared
`phishing’ on the internet to be an illegal act, entailing an injunction and
recovery of damages.

In order to lay down a precedent in India, the Court elaborated on the
concept of ‘phishing’, in the judgment. It was stated that, phishing is a form
of internet fraud where a person pretends to be a legitimate association, such
as a bank or an insurance company in order to extract personal data from a
customer such as access codes, passwords, etc.

Court also stated, by way of an example, that typical phishing scams involve
persons who pretend to represent online banks and siphon cash from e-
banking accounts after conning consumers into handing over confidential
banking details.

11 National Association of Software and Service Companies vs Ajay Sood & Others 119 [2005] DLT 596,
2005 [30] PTC 437 Del

15

Telemarketers though covered under TRAI and DoT12 guidelines may also
fall under section 66A [c] of the act. Even if the telemarketers are following
the TRAI regulations and DoT guidelines, they may still be charged under
section 66A[c] on account of causing annoyance or inconvenience or to
deceive or to mislead the addressee or recipient about the origin of such
messages. It is thus imperative that telemarketers must not use anonymous
addresses to send telemarketing messages.

Please note: Section 66A has been struck down by Supreme Court’s Order
dated 24th March, 2015 in the Shreya Singhal vs. Union of India13.

5. Laws for Stolen Computer resource or Communication Device

Section 66[B] has been introduced under the amendment act to tackle acts of
dishonestly receiving and retaining any stolen computer resource. This has
also been made punishable with three years or fine of one laky rupees or
both.

Where a person has received, downloaded, copied or extracted any data,
computer database or information from such computer, computer systems or
computer network including information or data held or stored in any
removable storage medium with an intention to cause either wrongful gain
or wrongful loss, it could be said person’s act was committed dishonestly
with the meaning of Section 66B read with Section 24 of the IPC.

12 TRAI- Telecom Regulatory Authority of India
DoT- Department of Telecom

13 Shreya Singhal vs. Union of India, AIR 2015 SC 1523.

16

6. Law related to Misuse of Digital Signature
Dishonest use of somebody else’s digital signature has been made
punishable with imprisonment which may extend to three years and shall
also be liable to fine with may extend to rupees one lakh under Section
66[C] of the act.

The aforesaid section is not merely to protect the information residing in a
computer resource but to protect the authentication details of any person in
the form of electronic signatures [including digital signatures], passwords.
PINs, biometric identifiers or any such other unique identification feature.

This section treats “identity” of a person as his authenticating feature and
whoever, intending to take such an “identity” dishonestly or fraudulently,
out of the possession of any such person is committing an offence.

7. Cheating
Cheating using computer resource has been made punished with
imprisonment of either description for a term which may extend to three
years and shall also be liable to fine which may extend to one laky rupee
under section 66[D] of the amendment act.

8. Law against Cyber terrorism
A new offence of Cyber terrorism is added in Section 66[F] which covers
any act committed with intent to threaten unity, integrity, security or
sovereignty of India or cause terror by causing DoS attacks, introduction of

17

computer contaminant, unauthorized access to a computer resource, stealing
of sensitive information, any information likely to cause injury to interests of
sovereignty or integrity of India, the security, friendly relations with other
states, public order, decency, morality, or in relation to contempt of court,
defamation or incitement to an offence, or to advantage of any foreign
nation, group of individuals or otherwise.

This Section prescribes punishment that may extend to imprisonment for
life.
9. Law against Child Pornography
Section 67[B] addresses the issue of child pornography. Through this
section, any publication or transmission of material in any electronic form
which depicts children engaged in sexually explicit act or conduct, anyone
who creates, facilitates or records these acts and images punishable with
imprisonment of five years and fine which may extend up to ten lakes in first
offence and seven years and fine of ten lakh on subsequent offence.

This is a welcome change as it makes even browsing and collecting of child
pornography a punishable offence.

In the United States, defendants have been convicted in U.S. vs. Joseph V.
Bledsoe14, U.S. vs. Phillip M. Sebolt15 and U.S. v Michael Shawn McCourt16
for knowingly publishing a notice over the internet offering to exchange

14 04-4276, 177 Fed. Appx. 311
15 04-2588, 460 F.3d 910
16 06-1018, 468 F.3d 1088.

18

child pornography in violation of 18 U.S.C. section 2251[d], 2252A[a][1]
and 2251[a][2].

10.Intermediary’s liability and collection of evidence
Intermediaries have been made liable to retain information in any format that
Central government prescribes. Under Section 69[4] of the act,
intermediaries are liable to seven years of imprisonment and fine if the act
which affects national sovereignty.

It is also pertinent to note the provision of Section 67[C] brings a very
significant change in the IT Act, 2000. According to this section,
intermediaries shall be bound to preserve and retain such information as may
be prescribed by the Central government and for such duration and format as
it may prescribe.

Any intermediary that contravenes this provision intentionally or knowingly
shall be liable on conviction for imprisonment for a term not exceeding 2
years or fine not exceeding one lakh or both.

Many cybercrime cases cannot be solved due to lack of evidence and in
many cases this is due to the fact that ISP failed to preserve the record
pertaining to relevant time. This provision is very helpful in collection of
evidence that can prove indispensable in cybercrime cases.

11.Law for Surveillance, Interception and Monitoring of data

19

Sections 69 of IT Act 2008, includes interception and monitoring of data.
This not only empowers government to monitor any traffic but also block
any site through any intermediary.

Any failure on part of the intermediary is punishable by seven years and
fine. Earlier the provision did not mention any fine.

This Section also deals with power of Controller to intercept information
being transmitted through a computer resource when necessary in national
interest.

Now, the power vests with the Central Government or State Government
that empowers it to appoint any agency to intercept, monitor or decrypt any
information generated, transmitted, received or stored in any computer
resource. This power is to be exercised under great caution and only when it
is satisfied that it is necessary or expedient to do so in interests of
sovereignty, or integrity of India, defense of India, security of the State,
friendly relations with foreign states or public order or for preventing
incitement to the commission of any cognizable offence relating to above or
for investigation of any offence.

The procedure and safeguards to exercise this power are laid out by the
Information Technology [procedure and safeguards for interception,
monitoring and decryption of Information] Rules, 2009.

20

The subscriber or intermediary that fails to extend cooperation in this respect
can be punished with a term which may extend to 7 yrs and imposition of
fine. The element of fine did not exist in the erstwhile Section 69.

The said rules provide ample safeguards to ensure the power in this section
is diligently exercised, with due authorization procedures complied with and
not abused by any agency/intermediary including maintaining confidentiality
and rules for maintaining or destruction of such records.

12.Power to block unlawful websites
Under the purview of Section 69[A] which has been inserted in the IT Act
by the amendments in 2008 and gives authority to Central government or
any authorized officer to direct any agency or intermediary [for reasons
documented in writing] to block websites in special circumstances as
applicable in Section 69.

Under this Section, the grounds on which such blocking is possible are quite
wide. In this respect, the Information Technology [Procedure and Safeguards
for Blocking for Access of Information by Public] Rules, 2009 were passed
vide GSR 781[E] dated 27 Oct 2009 whereby websites promoting hate
content, slander, defamation, promoting gambling, racism, violence and
terrorism, pornography, violent sex can reasonably be blocked. The rules
also allow the blocking of websites by a court order. It further provides for
review committee to review the decision to block websites.

21

The intermediary that fails to extend cooperation in this respect is punishable
offence with a term which may extend to 7 yrs and imposition of fine. The
power that this Section has brought with itself is to be used with great
caution as the distinguishing line between reasonable exercise of power and
Censorship is very slender.

13.“Critical Information Infrastructure” and its significance
Section 70 of the act defines what “critical information infrastructure” is. It
covers within its ambit, the computer resource destruction of which not only
has an adverse impact on defense of India but also economy, public health or
safety.
This is very momentous step as today our IT infrastructure may also be used
to manage certain services offered to public at large, destruction of which
may directly affect public health and safety. Thus, their protection is equally
important as is the maintaining of security and sovereignty of India.

By virtue of Section 70 A and B Indian Computer Emergency Response
Team [ICERT] has been appointed as the National nodal agency for critical
information infrastructure protection. A very imperative step is
synchronization between ICERT and service providers, data centers, body
corporate, and other persons.

ICERT has multiple roles such as education, alert system, emergency
response, issuing guidelines, reporting of cyber incident amongst other
functions.

22

Failure on the part of any person to comply with its directions attracts penal
provisions such as imprisonment of term that may extend to one year and
fine of one lakh or both. It also excludes the court from taking cognizance of
any offence under this section except on a complaint made by authorized
officer of CERT to thwart exploitation of this Section.

14.Cognizance of cases
All cases which entail punishment of three years or more have been made
cognizable. Offences with three years punishment have also been made
bailable under Section 77[B].

Since the majority of cyber crime offences defined under the amended IT
Act are punishable with imprisonment of three years, the net effect of all
amendments is that a majority of these cybercrimes are bailable. This means
that the moment a cybercriminal is arrested by the police, barring a few
offences, in almost all other cyber crimes, he has to be released on bail as a
matter of right, by the police.

A cybercriminal, once released on bail, will immediately attempt at
destroying or deleting all electronic traces and trails of his having committed
any cybercrime thus, making the job of law enforcement agencies extremely
difficult.

Offences that fall under the category of non-compoundable offences:-

23

S.No. Non-Compoundable Offences Sections
I. Whether punishment for life 66F

II. Whether imprisonment term 67A, 67B, 69, 69A & 70
exceeding three years

III. Whether previous conviction, 67 [Second or subsequent

and accused liable to enhanced conviction], or punishment to a

punishment or to a punishment different kind under any of the

of a different kind sections of the act, even if, second

conviction’s of one year- the

offence will be non- compoundable

IV. Whether offence affects [i] Each and every offence will be
socio-economic conditions of taken as non-compoundable, even
the country, [ii] a child below if the conviction is of one year
the age of 18 years [iii] a
woman

15.Investigation of Offences

24

It is established law17 that while investigating the commission of a
cognizable offence the police officer is not barred from investigating any
non-cognizable offence, which may arise out of the same facts. He can
include that non-cognizable offence in the charge sheet, which he presents
for a cognizable offence.

Under Section 78 of the Act, Inspectors have been added as investigating
officers for offences defined in this act. Section 78 of the erstwhile Act is
amended to confer power to investigate offences under the Act from DSP
level to Inspector level. This will be instrumental in quicker investigation in
the cybercrime cases provided adequate tools and training is provided.

Section 80 has also been amended and power to enter and search in a public
place is now vested in any police officer not below the rank of inspector or
any authorized officer of Central Government or State Government. Such
officer is empowered to arrest without warrant a person found therein who is
reasonably suspected of having committed or of committing or being about
to commit any offence under the virtue of this Act.

However, this section may be misused easily. Unless it is reasonably
suspected that a person has committed, is committing or is about to commit
an offence, he should not be arrested without warrant. Otherwise cybercafés,
in particular could be adversely affected.

16.Sexually explicit content and its publication

17 Pravin Chandra Mody v. State of Andhra Pradesh, AIR 1965 SC 1185

25

Section 66[E] talks about acts of intentionally or knowingly capturing,
publishing or transmitting the image of a private area of any person without
his or her consent, under circumstances violating the privacy of that person,
shall be punished with imprisonment which may extend to three years or
with fine not exceeding two lakh rupees, or with both.

Under the earlier section 67 of IT Act it was punishable for first offence with
five years of imprisonment and fine of one lakh rupees. This change has
made the provision lenient and open to misinterpretation.

Section 67A adds an offence of publishing material containing sexually
explicit conduct punishable with imprisonment for a term that may extend to
5 years with fine up to ten lakh. This provision was essential to curb MMS
attacks and video voyeurism.

The aforesaid section, like section 292[1], IPC, does not make knowledge of
obscenity an ingredient of the offence. Thus to escape criminal charges, one
has to prove his lack of knowledge of publication or transmission of obscene
information in electronic form. Moreover, though publication or
transmission of obscene information maybe illegal, but mere possession,
browsing or surfing through obscene content is not an illegal activity.

Another missing link in this section has been the lack of exceptions as
detailed in section 292, IPC, i.e., the exceptions which are available on
account of public good, religious purposes, etc. may not be available if such
publication or its transmission is in the electronic form.

26

Under no circumstances any offence related to ‘obscenity in electronic form’
should be tried under section 292, IPC as section 81 of the Information
Technology Act, will have an overriding effect.18

17.Change in the composition of Cyber Appellate Tribunal [CAT]
The amended Act has brought around a change in the composition of the
Cyber Appellate Tribunal.

As per the amendment, the tribunal would now consist of Chairperson and
such number of members as Central Government may appoint. The decision
making process allows more objectivity with Section 52[D] that provides
that the decision shall be taken by majority. No order of CAT can be
challenged on ground that there existed a defect in constitution of appellate
tribunal.

The aforesaid section advocates the rule - decision by majority. This section
also refers to constitution of a larger bench. If the members of a bench
consists of two members differ in opinion on any point, it shall be the
prerogative of the chairperson to constitute such a larger bench. The larger
bench shall be headed by the chairperson and consists of members, including
those who first heard it.

18.Compliance with orders of Controller

18 Section 81of the IT [Amendment] Act states that “The provisions of this act shall have effect
notwithstanding anything inconsistent therewith contained in any other law for the time being in force”.

27

Section 68[2] which earlier made, failure to comply with the direction of
controller punishable with three years of imprisonment or fine of two lakhs
or both now has been reduced to two years punishment or fine of one lakh of
rupees or both.
In order to understand the power of the controller to give directions under
the aforesaid section, it is obligatory that apart from considering the key
provisions, like section 18 to 26, 28, 29 and 44 of the Act, one must also
follow the controller’s certification practice statement [CPS] along with
Information Technology [certifying authorities] Rules, 2000 and Information
Technology [certifying authorities] Regulations, 2001.

28