Module_3

Module 3 – INFORMATION TECHNOLOGY ACT

I. Introduction

Since the advent of civilization, man has always been motivated by the need to make
progress and enhance the existing technologies. This has led to some path breaking
developments and progress, which has been a launching pad for further developments. Of all
the significant advances made by mankind from the beginning till date, probably the most
important of them is the development of Internet.

Nevertheless, it is also to be borne in mind that this rapid evolution of Internet has also
raised copious legal issues and questions. In this certificate programme, we will discuss some of
the issues that are pertaining to social network and social media vis a vis the Information
Technology Act.

The current era is undoubtedly the Age of Technology and one of the most complex and
effective technologies is social media. Social media at its core is an instrument for
communication that has become a vital element of daily life of people of all ages. According to
researches done, social media accounts for 22 percent of time spent on the Internet,1 one in
four people above the age group of 65 years and older who are considered not so much tech
savvy are now active on social media websites.2 By June, 2012, Facebook claimed to have 955
million monthly active users worldwide.3

Like any other type of organization, law enforcement agencies are now searching for
ways to use social media as a means to disseminate information to the masses. The Police
agencies in larger cities are now realized that their communities expect them to have an online
presence on platforms such as Twitter, Facebook, and YouTube.

United Nations Commission on International Trade Law in 1996 framed the Model Law
on Electronic Commerce. The United Nations General Assembly adopted the United Nations
Commission on International Trade Law (UNCITRAL) Model Law on E-Commerce through a
Resolution4 passed on 30 January 1997. This resolution recommended that all States give
favorable consideration to the said Model Law when they enact or revise their laws, in view of


1 “Social networks blogs now account for one in every four and half minutes online”, on June 15th, 2010,
available on <http://blog.nielsen.com/nielsenwire/global/social-media-accounts-for-22-percent-of-time-
online/>
2 Joshua Norman, “Boomers Joining Social Media at Record Rate”, on November 16, 2010, available on:
<www.cbsnews.com/stories/2010/11/15/national/main7055992.shtml>
3 “Facebook: Newsroom” available on: <http://newsroom.fb.com/content/default.aspx?NewsAreaId=22.>
4 General Assembly Resolution 51/162 of 16 December 1996

1

the need for uniformity of the law applicable to alternatives to paper-based methods of
communication and storage of information.

The Government of India through the Ministry of Commerce wing formed the first draft
of the legislation following these guidelines. This initial draft legislation was termed as the “E
Commerce Act of 1998”. But later, because of the projects and new ventures and transactions
coming into the field, the government devised a separate ministry for the same kind of
transactions, which was called the Ministry of Information and Technology. They took up the
task and revamping the draft and started drafting of a new legislation. This legislation piece was
called the Information Technology Bill of 1999, which was later passed in 2000.


II. The UNCITRAL model law: backdrop

The decision made by UNCITRAL to formulate model legislation on e-commerce was a
response to the verity that in a number of nations, the current legislations governing
communication and storage of information is insufficient or obsolete because it does not
ponder upon the use of electronic commerce. Failure on the part of the countries to include e-
commerce within its legislations gives birth to uncertainty of legal nature and castes a
suspicious shadow on the validity of information presented in a form other than a traditional
paper document. As a result of all this, international trade faces obstacles.

The rationale behind the Model law was to offer National legislators a set of
internationally acknowledged rules and norms as to how such legal impediments could be
removed, and how a more secure legal environment may be shaped for electronic commerce.

The Model law attempts to permit States to adapt their domestic legislation to
developments in communications technology applicable to trade law without necessitating the
wholesale removal of the paper-based requirements themselves or disturbing the legal
concepts and approaches underlying those requirements. The Model law thus relies, on a new
approach known as the ‘functional equivalent’ approach which is based on an analysis of the
purposes and functions of the traditional paper - based requirement with a view of determining
how those purposes or functions could be fulfilled through electronic commerce techniques.




III. Information Technology Act 2000

2

The object of The Information Technology Act, 20005 as stated in its preamble is to
provide legal recognition for the transactions carried out by means of electronic data
interchange and other means of electronic data communications.

The IT Act, as originally enacted, was suffering from various loopholes and lacunas.
These “Grey Areas” were excusable since this was the first time such laws were introduced in
India and every law needs some time to mature and grow. It was understood that over a period
of time it would grow and further amendments would be introduced to make it compatible
with the International standards.

The nature of cyber laws is such that we have to take into consideration any new
development-taking place in the future. Since the Internet is boundary less, any person sitting
in an alien territory can do havoc with the computer system of India. It is for this reason that,
there was a need to “anticipate” future threats well in advance. Thus, a “futuristic aspect” of
the law had to be considered.

This Act was enacted with a sole purpose to ensure legal recognition of e-commerce
within India. Due to this, most provisions are mainly concerned with establishing digital
certification processes within the country.

Cyber crime as a term was not defined in the act. It only delved with few instances of
computer related crime. These acts as defined under Chapter XI of the Act are: -

i. Illegal access, introduction of virus, denial of services, causing damage and manipulating
computer accounts - Section 43

ii. Tampering, destroying and concealing computer code - Section 65
iii. Acts of hacking leading to wrongful loss or damage - Section 66
iv. Acts related to publishing, transmission or causing Publication of obscene/ lascivious in

nature - section 67
The Act offered the legal framework so that information was not denied legal effect,
validity or enforceability, solely on the ground that it is in the form of electronic records. In view
of the growth in transactions and communications carried out through electronic records, the
Act empowered the government departments to accept filings, creating and retaining the
official documents in the digital format. The Act also proposed a legal framework for the
authentication and origin of electronic records / communications through digital signature.

Ø A few highlights of the Information Technology Act, 2000 are: -

3
5 “Information Technology Act, 2000”, available at:
< http://eprocure.gov.in/cppp/sites/default/files/eproc/itact2000.pdf>

1. Chapter II of the Act stipulates that any subscriber can authenticate an electronic
record by affixing his digital signature. It also states that a person can verify an
electronic record by use of a public key of the subscriber.

2. Chapter III of the Act talks about Electronic Governance and states that, where
any law provides that information or any other matter shall be in writing or in
the typewritten or printed form, then, notwithstanding anything contained in
such law, such requirement shall be deemed to have been satisfied if such
information or matter is – rendered or made available in an electronic form; and
accessible so as to be usable for a subsequent reference. This chapter also gives
legal recognition to Digital Signatures.

3. Chapter VII of the Act states the scheme of things relating to Digital Signature
Certificates

4. Chapter VIII of the Act states the various duties of the subscribers.
5. Chapter IX of the said Act talks about penalties and adjudication for various

offences. The penalties for damage to computer, computer systems etc. has
been fixed as damages by way of compensation not exceeding Rs. 1,00,00,000 to
affected persons.
The Act talks of appointment of any officers not below the rank of a Director to the
Government of India or an equivalent officer of state government as an Adjudicating Officer
who shall adjudicate whether any person has made a contravention of any of the provisions of
the said Act or rules framed there under. The said Adjudicating Officer has been given the
powers of a Civil Court.
1. Chapter X of the Act talks of the establishment of the Cyber Regulations
Appellate Tribunal. This tribunal is an appellate body where appeals against the
orders passed by the Adjudicating Officers, shall be preferred. This tribunal shall
consist of one person only (referred to as the Residing Officer) to be appointed,
by notification, by the Central Government
2. Chapter XI of the Act talks about various offences and the said offences shall be
investigated only by a Police Officer not below the rank of the Deputy
Superintendent of Police. These offences include tampering with computer
source documents, publishing of information, which is obscene in electronic
form, and hacking
3. Chapter XII of the IT Act talks about the liability of the network service providers.






4

IV. Information Technology Amendment Act 2008
In 2007, the Standing Committee had recommended that the entire menace of cyber

terrorism needed to be addressed with a strong hand. After examining the said
recommendations, the Central Government brought the Information Technology Amendment
Bill, 2008, which got passed by both the houses of Parliament.

The IT Amendment Act 20086 brings about various sweeping changes in the existing
Cyber law, which has removed various practical difficulties of the IT Act, 2000.


Ø Avnish Bajaj vs. State7
An internet website carried a listing which offered for sale a video clip, shot on a

mobile phone, of two children of a school in Delhi indulging in an explicitly sexual act.
The petitioner (Avnish Bajaj), was the Managing Director of the company that

owned the website at the relevant point in time, asked the Court to annul his criminal
prosecution for the offences of making available for sale and causing to be published an
obscene product within the meaning of Section 292 Indian Penal Code and Section 67 of
the Information Technology Act 2000.

He also raises questions concerning the criminal liability of directors for the
offences attributable to a company, both under the IPC as well as the IT Act, particularly
when such company is not arraigned as an accused.

The Delhi High Court stated that the IPC does not recognize the concept of automatic
criminal liability attached to the director where the company is not made an accused.
The Court noted that with regard to Sec. 67, which contains the substantive offense for
publishing pornography, the Court reasoned that since it had a deeming provision for
corporate liability under Sec. 81, the trial with regard to this charge could proceed.

Supreme Court’s Decision

The Avnish Bajaj case was the first high profile case on intermediary law before
the Supreme Court. The Supreme Court of India, in Aneeta Hada vs M/S Godfather
Travels8 decided the Special Leave Petition filed by Avnish Bajaj, for quashing a criminal
case against him relating to a pornographic MMS posted for sale on the Baize website,
of which he was the CEO at the time.

As BIPL (Base Internet Private Limited), was never arraigned as an accused. The
limited issue, which the appeal in the Supreme Court came to be concerned with, is the


6 “The IT Amendment Act, 2008”, available on:
<http://deity.gov.in/sites/upload_files/dit/files/downloads/itact2000/it_amendment_act2008.pdf>
7 Avnish Bajaj v State (N.C.T.) of Delhi (2005) 3 Comp LJ 364 (Del)
8 Aneeta Hada vs M/S Godfather Travels AIR2012SC2795, 2012(3)ALT(Cri)44

5

finding of the High Court on deemed criminal liability, i.e. whether an official of a
company can be made an accused without the company itself being made an accused.

While deciding the case, the Court went through its previous judgment in State
of Madras v. C.V Parekh9 and held that the 3 bench judgment in C.V. Parekh is the
correct proposition of law inasmuch when the principal offence has been alleged against
a company and it is not made an accused then the directors and the employees to
whom the vicarious liability cannot be tried.

Interestingly much of the analysis of the court was based on interpretation of
Sections 141 and 142 of the Negotiable Instruments Act, which is then supplanted to
Sec. 85 of the IT Act. This was possible because these provisions were mutatis mutandis
or similarly worded.

The IT Act amends certain provisions of the IPC as well. But Parliament has
chosen not to make any amendment to incorporate such a provision in the IPC. The
Court has to therefore proceed with the law, as it exists, particularly since it is a penal
statute, which admits of strict construction.

The Court held that the case against the petitioner of the offence under Sections
292 and 294 IPC is quashed and the prosecution under Section 67 read with Section 85
of the IT Act will continue.


Ø Google India Pvt. Ltd. Vs. M/S. Visaka Industries Limited10

The complainant (M/S Visaka Industries Limited) is in business of manufacturing
and selling of Asbestos cement sheets and allied products. Accused-1 (Gopala Krishna)
is a Coordinator of a group which is hosted by Accused-2 (Google).

Gopala Krishna published articles in the said group which contained defamatory
statements against the complainant and they were available in the form of articles for
worldwide audience.

It was contended that under Section 79 of the Information Technology Act, the
actions of Google Inc. (an intermediary), which is a service provider providing platform
for users to upload their content, does not amount to publication in law and
consequently the question of holding such intermediaries liable for defamation should
not arise.

The provision exempts network service provider from liability, but only on proof
that the offence or contravention was committed without their knowledge or that they
had exercised all due diligence to prevent the commission of such an offence or
contravention.

In this case, complainant had issued notice to the petitioner about dissemination
of defamatory material and unlawful activity on the part of the petitioner -1 through
their medium. The petitioner did not do anything to block the said material or to stop


9 State Of Madras vs C.V. Parekh And Anr AIR 1971 SC 447, 1971 CriLJ 418, (1970) 3 SCC 491
10 Google India Pvt. Ltd. Vs. M/S. Visaka Industries Limited MANU/AP/0209/2011

6

dissemination of the unlawful and objectionable material. Therefore, the petitioner-2
(Google) could not claim any exemption either under Section 79 of the IT Act.


V. Changes made under the IT Amendment Act, 2008:-

The following changes were made to the IT Act, 2000 by the amendment act:-
1. Liability of body corporate towards Sensitive Personal Data

New amendment had brought in changes in section 43 of IT Act 2000 under
which any body corporate which deals with sensitive personal information did not have
adequate control resulting in wrongful loss or wrongful gain to any person liable to pay
damages of Rest. five cores to that person.

By the virtue of this Section, corporate bodies handling sensitive personal
information or data in a computer resource were under an obligation to ensure
adoption of ‘reasonable security practices’ to maintain its secrecy, failing which they
may be liable to pay damages.

This section should be read with Section 85 of the IT Act, 2000 whereby all
persons responsible to the company for conduct of its business shall be held guilty
incase offence was committed by a company. Unless no knowledge or due diligence to
prevent the contravention is proved.

Insertion of this particular provision has particular impact on the BPO Companies
that handle and have access to such sensitive information in the regular course of their
business.

This Section is hence a step in the right direction as it seeks to protect and secure
sensitive data. Section 43A of the act, indicates the procedures designed to protect
information from “unauthorized access, damage, use, modification, disclosure, or
impairment, as may be specified in an agreement between parties‟ or as may be
specified by any law for the time being in force and in absence of both, as may be
prescribed by Central Government in consultation with professional
bodies/associations. But, the law explaining the definition of “reasonable security
practices” is yet to be laid down and the Central government is yet to frame its rules
thereon.


2. Emphasis on legal validity of electronic documents

The amended Act makes efforts to reinforce the equivalence of paper based
documents to electronic documents by introducing two new Sections, namely Section
7A and 10A.

Section 7A in the amended Act makes audit of electronic documents also
obligatory wherever paper based documents are required to be audited by law.

Section 10A bestows legal validity & enforceability on contracts formed through
electronic means.

7

These provisions are inserted to clarify and strengthen the legal principle in
Section 4 of the IT Act, 2000 that electronic documents are at par with electronic
documents and e-contracts are legally recognized and acceptable in law. This is a
welcome step, as it will facilitate growth of e-commerce activity on the Internet.

The aim and objective of Section 10A is to recognize legal binding character of
online contracts. This section is in the spirit of Article 11: Formation and validity of
contracts of the UNICITRAL Model Law of e-commerce, 1996. It provides legal certainty
as to the use of contracts by electronic means. It deals not only with the issue of
contract formation but also with the form in which an offer (proposal) and an
acceptance may be expressed. It covers not merely the cases in which both the offer
and acceptance are communicated by electronic means but also cases in which only the
offer or only the acceptance (or revocation of proposals and acceptances) is
communicated electronically.

The aforesaid section is not meant to impose the use of electronic means of
communications on parties who rely on the use of paper-based communication to
conclude contracts. Thus, the said section should not be interpreted as restricting in any
way party autonomy with respect to parties not involved in the use of electronic
communication.

Legal validity of online contracts would provide legal credence to online e-
commerce activities, including buying and selling of goods (including digital goods) and
services. Even the “e-governance service” contract, which a user may enter with e-
governance service provider, will be legally binding.

This act provides a road map for use of electronic records and electronic records
(including digital signatures) in government and its agencies by promoting efficient
delivery of government services. E-governance is a step in social engineering to facilitate
transparent, speedier, responsive and non-hierarchical system of governance.


3. Introduction of virus, manipulating accounts, denial of services, hacking etc made
punishable

Section 66 of the previous act has been amended to include offences punishable
as per section 43, which has also been amended to include offences; punishment may
lead to imprisonment, which may extend to three years or with fine, which may extend
to five laky rupees or with both.

For a cyber crime to fall under section 66, one must observe whether criminal
intent (mens rea) was present or not. For example, a person who intentionally causes
circulation of a computer virus to impair the operation of computer or any program or
data, will be held responsible for the modification (impairment) of any computer, which
is infected even though he may not be responsible for the infection of any particular
machine.

Prima facie, the said person could be tried under section 43(c) or section 66 of
the act. Hence, in order to distinguish applicability of the sections, one must look into

8

the circumstances and accompanying events to reconstruct the ‘chain of events’ leading
to circulation of computer virus.

If the ‘chain of events’ points out a pre-mediated, well-planned activity then it
underlines the presence of criminal intent, (dishonestly or fraudulently) to cause
wrongful loss or damage and the section applicable would be section 66 of the act.

The intention with which an act is done is very important in determining whether
an act is done ‘dishonestly’ or ‘fraudulently’. The court must have proof of facts before
coming to the conclusion that the criminal intention existed. Any absence of ‘criminal
intention’ would still make it punishable under section 43(c) of the act.


4. Phishing and Spam Laws

These concepts have not been mentioned specifically under the act, but can be
interpreted under section 66(A). Through this section, sending of menacing, annoying
messages and also misleading information about the origin of the message has become
punishable with imprisonment up to three years and fine.

It is pertinent to note that the Hon’ble Delhi High Court in a landmark judgment
in the case of National Association of Software and Service Companies vs Ajay Sood &
Others11, delivered in March, ‘05, declared `phishing’ on the internet to be an illegal act,
entailing an injunction and recovery of damages.

In order to lay down a precedent in India, the Court elaborated on the concept of
‘phishing’, in the judgment. It was stated that, phishing is a form of internet fraud where
a person pretends to be a legitimate association, such as a bank or an insurance
company in order to extract personal data from a customer such as access codes,
passwords, etc.

Court also stated, by way of an example, that typical phishing scams involve
persons who pretend to represent online banks and siphon cash from e-banking
accounts after conning consumers into handing over confidential banking details.

Telemarketers though covered under TRAI and DoT12 guidelines may also fall
under section 66A (c) of the act. Even if the telemarketers are following the TRAI
regulations and DoT guidelines, they may still be charged under section 66A(c) on
account of causing annoyance or inconvenience or to deceive or to mislead the
addressee or recipient about the origin of such messages. It is thus imperative that
telemarketers must not use anonymous addresses to send telemarketing messages.


5. Laws for Stolen Computer resource or Communication Device


11 National Association of Software and Service Companies vs Ajay Sood & Others 119 (2005) DLT 596,
2005 (30) PTC 437 Del
12 TRAI- Telecom Regulatory Authority of India

DoT- Department of Telecom

9

Section 66(B) has been introduced under the amendment act to tackle acts of
dishonestly receiving and retaining any stolen computer resource. This has also been
made punishable with three years or fine of one laky rupees or both.

Where a person has received, downloaded, copied or extracted any data,
computer database or information from such computer, computer systems or computer
network including information or data held or stored in any removable storage medium
with an intention to cause either wrongful gain or wrongful loss, it could be said
person’s act was committed dishonestly with the meaning of Section 66B read with
Section 24 of the IPC.


6. Law related to Misuse of Digital Signature

Dishonest use of somebody else’s digital signature has been made punishable
with imprisonment which may extend to three years and shall also be liable to fine with
may extend to rupees one lakh under Section 66(C) of the act.

The aforesaid section is not merely to protect the information residing in a
computer resource but to protect the authentication details of any person in the form of
electronic signatures (including digital signatures), passwords. PINs, biometric identifiers
or any such other unique identification feature.

This section treats “identity” of a person as his authenticating feature and
whoever, intending to take such an “identity” dishonestly or fraudulently, out of the
possession of any such person is committing an offence.


7. Cheating

Cheating using computer resource has been made punished with imprisonment
of either description for a term which may extend to three years and shall also be liable
to fine which may extend to one laky rupee under section 66(D) of the amendment act.


8. Law against Cyber terrorism

A new offence of Cyber terrorism is added in Section 66(F) which covers any act
committed with intent to threaten unity, integrity, security or sovereignty of India or
cause terror by causing DoS attacks, introduction of computer contaminant,
unauthorized access to a computer resource, stealing of sensitive information, any
information likely to cause injury to interests of sovereignty or integrity of India, the
security, friendly relations with other states, public order, decency, morality, or in
relation to contempt of court, defamation or incitement to an offence, or to advantage
of any foreign nation, group of individuals or otherwise.

This Section prescribes punishment that may extend to imprisonment for life.


9. Law against Child Pornography

10

Section 67(B) addresses the issue of child pornography. Through this section, any
publication or transmission of material in any electronic form which depicts children
engaged in sexually explicit act or conduct, anyone who creates, facilitates or records
these acts and images punishable with imprisonment of five years and fine which may
extend up to ten lakes in first offence and seven years and fine of ten lakh on
subsequent offence.

This is a welcome change as it makes even browsing and collecting of child
pornography a punishable offence.

In the United States, defendants have been convicted in U.S. vs. Joseph V.
Bledsoe13, U.S. vs. Phillip M. Sebolt14 and U.S. v Michael Shawn McCourt15 for knowingly
publishing a notice over the internet offering to exchange child pornography in violation
of 18 U.S.C. section 2251(d), 2252A(a)(1) and 2251(a)(2).


10. Intermediary’s liability and collection of evidence

Intermediaries have been made liable to retain information in any format that
Central government prescribes. Under Section 69(4) of the act, intermediaries are liable
to seven years of imprisonment and fine if the act which affects national sovereignty.

It is also pertinent to note the provision of Section 67(C) brings a very significant
change in the IT Act, 2000. According to this section, intermediaries shall be bound to
preserve and retain such information as may be prescribed by the Central government
and for such duration and format as it may prescribe.

Any intermediary that contravenes this provision intentionally or knowingly shall
be liable on conviction for imprisonment for a term not exceeding 2 yrs or fine not
exceeding one lakh or both.

Many cybercrime cases cannot be solved due to lack of evidence and in many
cases this is due to the fact that ISP failed to preserve the record pertaining to relevant
time. This provision is very helpful in collection of evidence that can prove indispensable
in cybercrime cases.


11. Law for Surveillance, Interception and Monitoring of data

Sections 69 of IT Act 2008, includes interception and monitoring of data. This not
only empowers government to monitor any traffic but also block any site through any
intermediary.

Any failure on part of the intermediary is punishable by seven years and also
fine. Earlier the provision did not mention any fine.


13 04-4276, 177 Fed. Appx. 311
14 04-2588, 460 F.3d 910
15 06-1018, 468 F.3d 1088.

11

This Section also deals with power of Controller to intercept information being
transmitted through a computer resource when necessary in national interest.

Now, the power vests with the Central Government or State Government that
empowers it to appoint any agency to intercept, monitor or decrypt any information
generated, transmitted, received or stored in any computer resource. This power is to
be exercised under great caution and only when it is satisfied that it is necessary or
expedient to do so in interests of sovereignty, or integrity of India, defense of India,
security of the State, friendly relations with foreign states or public order or for
preventing incitement to the commission of any cognizable offence relating to above or
for investigation of any offence.

The procedure and safeguards to exercise this power are laid out by the
Information Technology (procedure and safeguards for interception, monitoring and
decryption of Information) Rules, 2009.

The subscriber or intermediary that fails to extend cooperation in this respect
can be punished with a term which may extend to 7 yrs and imposition of fine. The
element of fine did not exist in the erstwhile Section 69.

The said rules provide ample safeguards to ensure the power in this section is
diligently exercised, with due authorization procedures complied with and not abused
by any agency/intermediary including maintaining confidentiality and rules for
maintaining or destruction of such records.


12. Power to block unlawful websites

Under the purview of Section 69(A) which has been inserted in the IT Act by the
amendments in 2008 and gives authority to Central government or any authorized
officer to direct any agency or intermediary (for reasons documented in writing) to
block websites in special circumstances as applicable in Section 69.

Under this Section, the grounds on which such blocking is possible are quite
wide. In this respect, the Information Technology (Procedure and Safeguards for
Blocking for Access of Information by Public) Rules, 2009 were passed vide GSR 781(E)
dated 27 Oct 2009 whereby websites promoting hate content, slander, defamation,
promoting gambling, racism, violence and terrorism, pornography, violent sex can
reasonably be blocked. The rules also allow the blocking of websites by a court order. It
further provides for review committee to review the decision to block websites.

The intermediary that fails to extend cooperation in this respect is punishable
offence with a term which may extend to 7 yrs and imposition of fine. The power that
this Section has brought with itself is to be used with great caution as the distinguishing
line between reasonable exercise of power and Censorship is very slender.






12

13. “Critical Information Infrastructure” and its significance
Section 70 of the act defines what “critical information infrastructure” is. It
covers within its ambit, the computer resource destruction of which not only has an
adverse impact on defense of India but also economy, public health or safety.
This is very momentous step as today our IT infrastructure may also be used to
manage certain services offered to public at large, destruction of which may directly
affect public health and safety. Thus, their protection is equally important as is the
maintaining of security and sovereignty of India.
By virtue of Section 70 A and B Indian Computer Emergency Response Team
(ICERT) has been appointed as the National nodal agency for critical information
infrastructure protection. A very imperative step is synchronization between ICERT and
service providers, data centers, body corporate, and other persons.
ICERT has multiple roles such as education, alert system, emergency response,
issuing guidelines, reporting of cyber incident amongst other functions.
Failure on the part of any person to comply with its directions attracts penal
provisions such as imprisonment of term that may extend to one year and fine of one
lakh or both. It also excludes the court from taking cognizance of any offence under this

section except on a complaint made by authorized officer of CERT to thwart exploitation
of this Section.


14. Cognizance of cases
All cases which entail punishment of three years or more have been made
cognizable. Offences with three years punishment have also been made bailable under
Section 77(B).
Since the majority of cyber crime offences defined under the amended IT Act are
punishable with imprisonment of three years, the net effect of all amendments is that a
majority of these cybercrimes are bailable. This means that the moment a cybercriminal
is arrested by the police, barring a few offences, in almost all other cyber crimes, he has
to be released on bail as a matter of right, by the police.
A cyber criminal, once released on bail, will immediately attempt at destroying
or deleting all electronic traces and trails of his having committed any cyber crime thus,
making the job of law enforcement agencies extremely difficult.

Offences that fall under the category of non-compoundable offences:-



S.No. Non-Compoundable Offences Sections


I. Whether punishment for life 66F



II. Whether imprisonment term 67A, 67B, 69, 69A & 70

13

exceeding three years



III. Whether previous conviction, and 67 (Second or subsequent conviction), or
accused liable to enhanced punishment to a different kind under any
punishment or to a punishment of a of the sections of the act, even if, second
different kind conviction’s of one year- the offence will
be non- compoundable




IV. Whether offence affects (i) socio- Each and every offence will be taken as
economic conditions of the country, non-compoundable, even if the
(ii) a child below the age of 18 years conviction is of one year
(iii) a woman




15. Investigation of Offences
It is established law16 that while investigating the commission of a cognizable
offence the police officer is not barred from investigating any non-cognizable offence,
which may arise out of the same facts. He can include that non-cognizable offence in the
charge sheet, which he presents for a cognizable offence.
Under Section 78 of the Act, Inspectors have been added as investigating officers
for offences defined in this act. Section 78 of the erstwhile Act is amended to confer
power to investigate offences under the Act from DSP level to Inspector level. This will
be instrumental in quicker investigation in the cybercrime cases provided adequate
tools and training is provided.
Section 80 has also been amended and power to enter and search in a public
place is now vested in any police officer not below the rank of inspector or any
authorized officer of Central Government or State Government. Such officer is
empowered to arrest without warrant a person found therein who is reasonably
suspected of having committed or of committing or being about to commit any offence
under the virtue of this Act.
However, this section may be misused easily. Unless it is reasonably suspected
that a person has committed, is committing or is about to commit an offence, he should
not be arrested without warrant. Otherwise cybercafés, in particular could be adversely

affected.


16. Sexually explicit content and its publication


16 Pravin Chandra Mody v. State of Andhra Pradesh, AIR 1965 SC 1185

14

Section 66(E) talks about acts of intentionally or knowingly capturing, publishing
or transmitting the image of a private area of any person without his or her consent,
under circumstances violating the privacy of that person, shall be punished with
imprisonment which may extend to three years or with fine not exceeding two lakh
rupees, or with both.

Under the earlier section 67 of IT Act it was punishable for first offence with five
years of imprisonment and fine of one lakh rupees. This change has made the provision
lenient and open to misinterpretation.

Section 67A adds an offence of publishing material containing sexually explicit
conduct punishable with imprisonment for a term that may extend to 5 years with fine
upto ten lakh. This provision was essential to curb MMS attacks and video voyeurism.

The aforesaid section, like section 292(1), IPC, does not make knowledge of
obscenity an ingredient of the offence. Thus to escape criminal charges, one has to
prove his lack of knowledge of publication or transmission of obscene information in
electronic form. Moreover, though publication or transmission of obscene information
maybe illegal, but mere possession, browsing or surfing through obscene content is not
an illegal activity.

Another missing link in this section has been the lack of exceptions as detailed in
section 292, IPC, i.e., the exceptions which are available on account of public good,
religious purposes, etc. may not be available if such publication or its transmission is in
the electronic form.

Under no circumstances any offence related to ‘obscenity in electronic form’
should be tried under section 292, IPC as section 81 of the Information Technology Act,
will have an overriding effect.17


17. Change in the composition of Cyber Appellate Tribunal (CAT)

The amended Act has brought around a change in the composition of the Cyber
Appellate Tribunal.

As per the amendment, the tribunal would now consist of Chairperson and such
number of members as Central Government may appoint. The decision making process
allows more objectivity with Section 52(D) that provides that the decision shall be taken
by majority. No order of CAT can be challenged on ground that there existed a defect in
constitution of appellate tribunal.

The aforesaid section advocates the rule - decision by majority. This section also
refers to constitution of a larger bench. If the members of a bench consists of two
members differ in opinion on any point, it shall be the prerogative of the chairperson to


17 Section 81of the IT (Amendment) Act states that “The provisions of this act shall have effect
notwithstanding anything inconsistent therewith contained in any other law for the time being in force”.

15

constitute such a larger bench. The larger bench shall be headed by the chairperson and
consists of members, including those who first heard it.


18. Compliance with orders of Controller

Section 68(2) which earlier made, failure to comply with the direction of
controller punishable with three years of imprisonment or fine of two lakhs or both now
has been reduced to two years punishment or fine of one lakh of rupees or both.

In order to understand the power of the controller to give directions under the
aforesaid section, it is obligatory that apart from considering the key provisions, like
section 18 to 26, 28, 29 and 44 of the Act, one must also follow the controller’s
certification practice statement (CPS) along with Information Technology (certifying
authorities) Rules, 2000 and Information Technology (certifying authorities) Regulations,
2001.

VI. Comment on the Information Technology Act:-
The IT Act, 2000 was the first Act of its kind, which gave legal validity and recognition to
electronic documents and digital signatures. It attempted to change outdated laws and provide
ways to deal with cyber crimes. Such laws were needed so that people could perform purchase
transactions over the Net through credit cards without fear of misuse. The Act offered the
much-needed legal framework so that information is not denied legal effect, validity or
enforceability, solely on the ground that it is in the form of electronic records.
In view of the growth in transactions and communications carried out through
electronic records, the Act attempted to empower government departments to accept filing,
creating and retention of official documents in the digital format. The Act has also proposed a
legal framework for the authentication and origin of electronic records and communications
through digital signature.
From the perspective of e-commerce in India, the act contained many positive aspects,
like, email was now a valid and legal form of communication in our country that can be duly
produced and approved in a court of law. Companies could carry out electronic commerce
using the legal infrastructure provided by the Act.
The Act allowed the Government to issue notification on the web thus heralding e-
governance. Also, it endowed the authorities with a regulatory regime to supervise the
Certifying Authorities issuing digital signature certificates and formed civil and criminal liabilities
for contravention of the provisions of this Act.
Most important of all, it conferred the Central Government with the power to appoint
Adjudicating Authority to adjudge whether a person has committed a contravention within the
meaning of this Act and conferred on this Authority the powers vested in a civil court.

16

However, with the course of time, as technology developed further and new methods of
committing crime using Internet & computers developed, the need was felt to amend the IT
Act, 2000 to insert new kinds of cyber offences within its purview and also, to plug-in other
kinds of loopholes that posed hurdles in the effective and smooth enforcement of this Act.
Thus, as a result, the Information Technology (Amendment) Act 2008 was passed which was
made effective from 27 October 2009.

Unfortunately, the Information Technology (Amendment) Act 2008 has further “diluted”
the criminal provisions of the Act. The “national interest” was ignored for the sake of
“commercial expediencies”. A law might have been properly enacted and may be theoretically
effective too but it is useless unless enforced in its true letter and spirit. The law enforcement
machinery in India is not well equipped to deal with cyber law offences and contraventions.

The Information Technology (Amendment) Act 2008 reveals quiet emphatically the need
for carefully worded provisions and foresight in the drafting process and imagination with
respect to explanations to particular sections.

Under the 2008 Amendment Act, issues related to confidential information and data of
corporations and their adequate protection have not been adequately addressed. The law with
regards to data protection or on digital secrets is not comprehensive.

Another major failure of the proposed amendments is that they have not addressed the
issue of spam in a comprehensive manner (although it can be interpreted under Section 66(A)
of the act). Still this has not been addressed in the manner it should be considering the wastage
it causes.

Absence of an effective remedy for corporations further erodes the confidence of the
industry in the 2008 Act. The maximum damage by way of compensation stipulated by the new
cyber law amendments is Rs 5 Crores, which is a small figure and hardly provides any effective
relief to corporations, whose confidential information, which might be worth several Crores, is
stolen or misused by its employees.

17