CERTIFICATION OF THE MONTH LAUNCHED! AVAIL FLAT 30% Discount on Selenium Certification - Use Coupon GROW30
+011 4734 4723[email protected]

IT Act

Go back to Tutorial

Cyber Crime is not defined in Information Technology Act 2000 or in the I.T Amendment Act 2008 or in any other legislation in India. In fact, it cannot be too. Offence or crime has been dealt with elaborately listing various acts and the punishments for each, under the Indian Penal Code, 1860 and quite a few other legislations too. Hence, to define cyber crime, we can say, it is just a combination of crime and computer. To put it in simple terms ‘any offence or crime in which a computer is used is a cyber crime’. Interestingly even a petty offence like stealing or pick-pocket can be brought within the broader purview of cyber crime if the basic data or aid to such an offence is a computer or information stored in a computer used (or misused) by the fraudster. The I.T. Act defines a computer, computer network, data, information and all other necessary ingredients that form part of a cyber crime, about which we will now be discussing in detail.

In a cyber crime, computer or the data itself the target or the object of offence or a tool in committing some other offence, providing the necessary inputs for that offence All such acts of crime will come under the broader definition of cyber crime.

Mid 90’s saw an impetus in globalization and computerization, with more and more nations computerizing their governance, and e-commerce seeing an enormous growth. Until then, most of international trade and transactions were done through documents being transmitted through post and by telex only. Evidences and records, until then, were predominantly paper evidences and paper records or other forms of hard-copies only. With much of international trade being done through electronic communication and with email gaining momentum, an urgent and Imminent need was felt for recognizing electronic records ie the data what is stored in a computer or an external storage attached thereto. The United Nations Commission on International Trade Law(UNCITRAL) adopted the Model Law on e-commerce in 1996. The General Assembly of United Nations passed a resolution in January 1997 inter alia, recommending all States in the UN to give favourable considerations to the said Model Law, which provides for recognition to electronic records and according it the same treatment like a paper communication and record.

It is against this background the Government of India enacted its Information Technology Act 2000 with the objectives as follows, stated in the preface to the Act itself. “to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as “electronic commerce”, which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers’ Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.”

The Information Technology Act, 2000, was thus passed as the ActNo.21 of 2000, got President Assent on 9 June and was made effective from 17 October 2000. The Act essentially deals with the following issues:

  • Legal Recognition of Electronic Documents
  • Legal Recognition of Digital Signatures
  • Offenses and Contraventions
  • Justice Dispensation
  • Systems for cyber crimes.

Amendment Act 2008

Being the first legislation in the nation on technology, computers and e-commerce and e-communication, the Act was the subject of extensive debates, elaborate reviews and detailed criticisms, with one arm of the industry criticizing some sections of the Act to be draconian and other stating it is too diluted and lenient. There were some conspicuous omissions too resulting in the investigators relying more and more on the time-tested (one and half century-old) Indian Penal Code even in technology based cases with the I.T. Act also being referred in the process and the reliance more on IPC rather on the ITA

Thus the need for an amendment – a detailed one – was felt for the I.T. Act almost from the year 2003-04 itself. Major industry bodies were consulted and advisory groups were formed to go into the perceived lacunae in the I.T. Act and comparing it with similar legislations in other nations and to suggest recommendations. Such recommendations were analysed and subsequently taken up as a comprehensive Amendment Act and after considerable administrative procedures, the consolidated amendment called the Information Technology Amendment Act 2008 was placed in the Parliament and passed without much debate, towards the end of 2008 (by which time the Mumbai terrorist attack of 26 November 2008 had taken place). This Amendment Act got the President assent on 5 Feb 2009 and was made effective from 27 October 2009. Some of the notable features of the ITAA are as follows:

  • Focussing on data privacy
  • Focussing on Information Security
  • Defining cyber café
  • Making digital signature technology neutral
  • Defining reasonable security practices to be followed by c
  • Redefining the role of intermediaries
  • Recognising the role of Indian Computer Emergency Response Team
  • Inclusion of some additional cyber crimes like child pornography and cyber terrorism
  • authorizing an Inspector to investigate cyber offences (as against the DSP earlier)

Structure

The Act totally has 13 chapters and 90 sections (the last four sections namely sections 91 to 94 in the ITA 2000 dealt with the amendments to the four Acts namely the Indian Penal Code 1860, The Indian Evidence Act 1872, The Bankers’ Books Evidence Act 1891 and the Reserve Bank of India Act 1934). The Act begins with preliminary and definitions and from thereon the chapters that follow deal with authentication of electronic records, digital signatures, electronic signatures etc.

Elaborate procedures for certifying authorities (for digital certificates as per IT Act -2000 and since replaced by electronic signatures in the ITAA -2008) have been spelt out. The civil offence of data theft and the process of adjudication and appellate procedures have been described. Then the Act goes on to define and describe some of the well-known cyber crimes and lays down the punishments therefore. Then the concept of due diligence, role of intermediaries and some miscellaneous provisions have been described.

Rules and procedures mentioned in the Act have also been laid down in a phased manner, with the latest one on the definition of private and sensitive personal data and the role of intermediaries, due diligence etc., being defined as recently as April 2011.

Applicability

The Act extends to the whole of India and except as otherwise provided, it applies to also any offence or contravention there under committed outside India by any person. There are some specific exclusion to the Act (ie where it is not applicable) as detailed in the First Schedule, stated below:

  1. a) negotiable instrument (Other than a cheque) as defined in Section 13 of the Negotiable Instruments Act, 1881;
  2. b) a power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882;
  3. c) a trust as defined in section 3 of the Indian Trusts Act, 1882
  4. d) a will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 including any other testamentary disposition
  5. e) any contract for the sale or conveyance of immovable property or any interest in such property;
  6. f) any such class of documents or transactions as may be notified by the Central Government.

Penalty and Compensation For Damage

Section 43 – Penalty and Compensation for damage to computer, computer system

This section is the first major and significant legislative step in India to combat the issue of data theft. The IT industry has for long been clamouring for a legislation in India to address the crime of data theft, just like physical theft or larceny of goods and commodities. This Section addresses the civil offence of theft of data. If any person without permission of the owner or any other person who is in charge of a computer, accesses or downloads, copies or extracts any data or introduces any computer contaminant like virus or damages or disrupts any computer or denies access to a computer to an authorised user or tampers etc…he shall be liable to pay damages to the person so affected. Earlier in the ITA -2000 the maximum damages under this head was Rs.1 crore, which (the ceiling) was since removed in the ITAA 2008.

The essence of this Section is civil liability. Criminality in the offence of data theft is being separately dealt with later under Sections 65 and 66. Writing a virus program or spreading a virus mail, a bot, a Trojan or any other malware in a computer network or causing a Denial of Service Attack in a server will all come under this Section and attract civil liability by way of compensation. Under this Section, words like Computer Virus, Compute Contaminant, Computer database and Source Code are all described and defined.

Questions like the employees’ liability in an organisation which is sued against for data theft or such offences and the amount of responsibility of the employer or the owner and the concept of due diligence were all debated in the first few years of ITA -2000 in court litigations like the bazee.com case and other cases. Subsequently need was felt for defining the corporate liability for data protection and information security at the corporate level was given a serious look.

Thus the new Section 43-A dealing with compensation for failure to protect data was introduced in the ITAA -2008. This is another watershed in the area of data protection especially at the corporate level. As per this Section, where a body corporate is negligent in implementing reasonable security practices and thereby causes wrongful loss or gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected. The Section further explains the phrase ‘body corporate’ and quite significantly the phrases ‘reasonable security practices and procedures’ and ‘sensitive personal data or information’.

Thus the corporate responsibility for data protection is greatly emphasized by inserting Section 43A whereby corporates are under an obligation to ensure adoption of reasonable security practices. Further what is sensitive personal data has since been clarified by the central government vide its Notification dated 11 April 2011 giving the list of all such data which includes password, details of bank accounts or card details, medical records etc. After this notification, the IT industry in the nation including tech-savvy and widely technology-based banking and other sectors became suddenly aware of the responsibility of data protection and a general awareness increased on what is data privacy and what is the role of top management and the Information Security Department in organisations in ensuring data protection, especially while handling the customers’ and other third party data.

If any person without permission of the owner or any other person who is in-charge of a computer, computer system or computer network;

(a) accesses or secures access to such computer, computer system or computer network or computer resource

(b) downloads, copies or extracts any data, computer data, computer database or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;

(c) introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network

(d)damages or causes to be damaged any computer, computer system or computer network, data, computer database, or any other programmers residing in such computer, computer system or computer network

(e) disrupts or causes disruption of any computer, computer system, or computer network;

(f) denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means

(g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made there under, (h) charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network,

(h) charges the services availed of by a person to the account of another person by tampering with or manipulating any computer of a computer, computer system or computer network

(i) destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means,

(j) Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage, he shall be liable to pay damages by way of compensation to the person so affected.

The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules have since been notified by the Government of India, Dept of I.T. on 11 April 2011. Any body corporate or a person on its behalf shall be considered to have complied with reasonable security practices and procedures, if they have implemented such security practices and standards and have a comprehensive documented information security programme and information security policies containing managerial, technical, operational and physical security control measures commensurate with the information assets being protected with the nature of business. In the event of an information security breach, the body corporate or a person on its behalf shall be required to demonstrate, as and when called upon to do so by the agency mandated under the law, that they have implemented security control measures as per their documented information security programme and information security policies. The international Standard IS/ISO/IEC 27001 on “Information Technology – Security Techniques – Information Security Management System – Requirements” is one such standard referred to in sub-rule (1).

In view of the foregoing, it has now become a major compliance issue on the part of not only IT companies but also those in the Banking and Financial Sector especially those banks with huge computerised operations dealing with public data and depending heavily on technology. In times of a litigation or any security breach resulting in a claim of compensation of financial loss amount or damages, it would be the huge responsibility on the part of those body corporate to prove that that said “Reasonable Security Practices and Procedures” were actually in place and all the steps mentioned in the Rules passed in April 2011 stated above, have been taken.

The issue has wider ramifications especially in the case of a cloud computing scenario (the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server, with the services managed by the provider sold on demand, for the amount of time used) where more and more organisations handle the data of others and the information is stored elsewhere and not in the owners’ system. Possibly, more debates will emanate on the question of information owners vis a vis the information container and the information custodians and the Service Level Agreements of all parties involved will assume a greater significance.

Compensation for failure to protect data – Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation, not exceeding five crore rupees, to the person so affected.

Penalty for failure to furnish information or return – .If any person who is required under this Act or any rules or regulations made there under to

(a) furnish any document, return or report to the Controller or the Certifying Authority, fails to furnish the same, he shall be liable to a penalty not exceeding one lakh and fifty thousand rupees for each such failure;

(b) file any return or furnish any information, books or other documents within the time specified therefore in the regulations, fails to file return or furnish the same within the time specified therefore in the regulations, he shall be liable to a penalty not exceeding five thousand rupees for every day during which such failure continues

(c) Maintain books of account or records, fails to maintain the same, he shall be liable to a penalty not exceeding ten thousand rupees for every day during which the failure continues.

Adjudication

Having dealt with civil offences, the Act then goes on to describe civil remedy to such offences in the form of adjudication without having to resort to the procedure of filing a complaint with the police or other investigating agencies. Adjudication powers and procedures have been elaborately laid down in Sections 46 and thereafter. The Central Government may appoint any officer not below the rank of a director to the Government of India or a state Government as the adjudicator. The I.T. Secretary in any state is normally the nominated Adjudicator for all civil offences arising out of data thefts and resultant losses in the particular state. If at all one section can be criticized to be absolutely lacking in popularity in the IT Act, it is this provision. In the first ten years of existence of the ITA, there have been only a very few applications made in the nation, that too in the major metros almost all of which are under different stages of judicial process and adjudications have been obtained in possibly less than five cases. The first adjudication obtained under this provision was in Chennai, Tamil Nadu, in a case involving ICICI Bank in which the bank was told to compensate the applicant with the amount wrongfully debited in Internet Banking, along with cost and damages. in April 2010.

There is an appellate procedure under this process and the composition of Cyber Appellate Tribunal at the national level, has also been described in the Act. Every adjudicating officer has the powers of a civil court and the Cyber Appellate Tribunal has the powers vested in a civil court under the Code of Civil Procedure.

After discussing the procedures relating to appeals etc and the duties and powers of Cyber Appellate Tribunal, the Act moves to the actual criminal acts coming under the broader definition of cyber crimes. It would be pertinent to note that the Act only lists some of the cyber crimes, (without defining a cyber crime) and stipulates the punishments for such offences. The criminal provisions of the IT Act and those dealing with cognizable offences and criminal acts follow from Chapter IX titled “Offences”

Section 45

Residuary Penalty Whoever contravenes any rules or regulations made under this Act, for the contravention of which no penalty has been separately provided, shall be liable to pay a compensation not exceeding twenty-five thousand rupees to the person affected by such contravention or a penalty not exceeding twenty-five thousand rupees

Section 47

Factors to be taken into account by the adjudicating officer Section 47 lays down that while adjudging the quantum of compensation under this Act, an adjudicating officer shall have due regard to the following factors, namely

(a) The amount of gain of unfair advantage, wherever quantifiable, made as a result of the default;

(b) The amount of loss caused to the person as a result of the default,

(c) The repetitive nature of the default

The office of the adjudicating officer is established under Section 46 of the IT Act, which provides that the person appointed to such a post must be a government officer of a rank not below that of a Director or an equivalent rank, and must have experience both in the field of Information Technology as well as legal or judicial experience. In most cases, the appointed adjudicating officer is the Principle Secretary to the Department of Information Technology in the state. The decisions of these adjudicating officers determine the scope and meaning of several provisions of the IT Act, and are instrumental in the development of the law in this field and filling a lacuna regarding the interpretation of these important provisions, particularly in areas such as data protection and privacy.

However, despite the large number of cyber-crime cases being registered across the country, there is a lack of available judgments on the adjudication of disputes under Sections 43, 43A, 44 and 45 of the Act. Of all the states, only the websites of the Departments of Information Technology in Maharashtra,, Tamil Nadu, New Delhi, and Haryana have reported judgments or orders of the Adjudicating Officers. The adjudicating officer in Maharasthra, Rajesh Aggarwal, has done a particularly commendable job, having disposed of 51 cases under the IT Act, with 20 cases still pending.

Cyber Appellate Tribunal

The first Cyber Appellate Tribunal set up by the Central Government is located at New Delhi. Although a second branch of the Tribunal was to be set up in Bangalore, no efforts seem to have been made in this regard. Further, the position of the Chairperson of the Appellate Tribunal, has been left vacant since 2011, after the appointed Chairperson attained the age of superannuation and retired. Although judicial and technical members have been appointed at various points, the tribunal cannot hold hearings without a chairperson. A total of 17 judgments have been passed by the Cyber Appellate Tribunal prior to the retirement of the chairperson, while the backlog of cases is continuously growing.

Despite a writ petition being filed before the Karnataka High Court and the secretary of the Department of IT coming on record to state that the Chairperson would be appointed within 6 months (of September 2013), no action seems to have been taken in this regard, and the lacunae in the judicial mechanism under the IT Act continues. The proper functioning of adjudicating officers and the Cyber Appellate Tribunal is particularly necessary for the functioning of a just judicial system in light of the provisions of the Act (namely, Section 61) which bar the jurisdiction of ordinary civil courts in claims below the amount of Rs. 5 Crores, where the adjudicating officer or the CAT is empowered

According to the IT Act, 2000

  • A cyber Appellate Tribunal shall consist of one person only (hereinafter referred to as the Presiding Officer of the Cyber Appellate Tribunal) to be appointed, by notification, by the Central Government.
  • The Presiding Officer of a Cyber Appellate Tribunal shall hold office for a term of five years from the date on which he enters upon his office or until he attains the age of sixty-five years whichever is earlier.
  • The salary and allowances payable to, and the other terms and conditions of service including pension, gratuity and other retirement benefits of, the Presiding Officer of a Cyber Appellate Tribunal shall be such as may be prescribed:
  • Provided that neither the salary and allowances nor the other terms and conditions of service of the Presiding Officers shall be varied to his disadvantage after appointment.
  • If, for reason other than temporary absence, any vacancy occurs in the office of the Presiding Officer of a Cyber Appellate Tribunal, then the Central Government shall appoint another person in accordance with the provisions of this Act to fill the vacancy and the proceedings may be continued before the Cyber appellate Tribunal from the state at which the vacancy is filled.
  • The Presiding Officer of a Cyber Appellate Tribunal may, by notice in writing under his hand addressed to the Central Government, resign his office:
  • Provided that the said Presiding Officer shall, unless he is permitted by the Central Government to relinquish his office sooner, continue to hold office until the expiry of three months from the date of receipt of such notice or until a person duly appointed as his successor enters upon his office or until the expiry of his term of office, whichever is the earliest.
  • The Presiding Officer of a Cyber Appellate Tribunal shall not be removed from his office except by an order by the Central Government on the ground of proved misbehaviour or incapacity after an inquiry made by a Judge of the Supreme Court in which the Presiding Officer concerned has been informed of the charges against him and given a reasonable opportunity of being heard in respect of these charges.
  • the Central Government may, by rules, regulate the procedure for the investigation of misbehavior or incapacity of the aforesaid Presiding Office
  • No order of the Central Government appointing any person as the Presiding Officer of a Cyber Appellate Tribunal shall be called in question in any manner and no act or proceeding before a Cyber Appellate Tribunal shall be called in question in any manner on the ground merely of any defect in the constitution of Cyber Appellate Tribunal.
  • The Central Government shall provide the Cyber Appellate Tribunal with such officers and employees as that Government may think fit.
  • The officers and employees of the Cyber Appellate Tribunal shall discharge their functions under general superintendence of the Presiding Officer.
  • The salaries any allowances and other conditions of service of the officers and employees of the Cyber Appellate Tribunal shall be such as may be prescribed by the Central Government.

The Cyber Appellate Tribunal shall not be bound by the procedure laid down by the Code of Civil Procedure, 1908 (5 of 1908), but shall be guided by the principles of natural justice and, subject to the other provisions of this Act and of any rules, the Cyber Appellate Tribunal shall have powers to regulate its own procedure including the place at which it shall have its sittings.

(2) The Cyber Appellate Tribunal shall have, for the purposes of discharging its functions under this Act, the same powers as are vested in a civil court under the Code of Civil Procedure, 1908 (5 of 1908), while trying a suit, in respect of the following matters, namely

(a) summoning and enforcing the attendance of any person and examining him on oath;

(b) requiring the discovery and production of documents or other electronic records;

(c) receiving evidence on affidavits;

(d) issuing commissions for the examination of witnesses or documents;

(e) reviewing its decisions;

(f) dismissing an application for default or deciding it ex parte;

(g) any other matter which may be prescribed.

(3) Every proceeding before the Cyber Appellate Tribunal shall be deemed to be a judicial proceeding within the meaning of section 193 and 228, and for the purposes of section 196 of the Indian Penal Code(45 of 1860) and the Cyber Appellate Tribunal shall be deemed to be a civil court for the purposes of section 195 and Chapter XXVI of the Code of Criminal Procedure, 1973 (2 of 1974).

The provisions of the Limitation Act, 12963f (36 of 1963), shall, as far as may be, apply to an appeal made to the Cyber Appellate Tribunal.

Appeal to High Court – Any person aggrieved by any decision or order of the Cyber Appellate Tribunal may file an appeal to the High Court within sixty days from the date of communication of the decision or order of the Cyber Appellate Tribunal to him on any question of fact or law arising out of such order:

Provided that the High Court may, if it is satisfied that the appellant was prevented by sufficient cause from filing the appeal within the said period, allow it to filed within a further period not exceeding sixty days.

Compounding of Contraventions

  • Any contravention under this Chapter may, either before or after the institution of adjudication proceedings, be compounded by the Controller or such other officer as may be specially authorized by him in this behalf or by the adjudicating officer, as the case may be, subject to such conditions as the Controller or such other officer or the adjudicating officer, as the case may be, subject to such conditions as the Controller or such other officer or the adjudicating officer may specify.
  • Provided that such sum shall not, in any case, exceed the maximum amount of the penalty which may be imposed under this Act for the contravention so compounded.
  • Nothing in sub-section (1) shall apply to a person who commits the same or similar contravention within a period of three years form the date on which the first contravention, committed, by him, was compounded.

Explanation: For the purposes of this sub-section, any second or subsequent contravention committed after the expiry of a period of three years from the date on which the contravention was previously compounded shall be deemed to be a first contravention.

  • Where any contravention has been compounded under sub-section(I), no proceeding or further proceeding, or further proceeding, as the case may be, shall be taken against the person guilty of such contravention in respect of the contravention so compounded.

Recovery of penalty – A penalty imposed under this Act, if it is not paid shall be recovered as an arrear of land revenue and the licence or the Digital Signature Certificate, as the case may be, shall be suspended till the penalty is paid.

Offences under IT Act

Section 65 – Tampering with source documents is dealt with under this section. Concealing, destroying, altering any computer source code when the same is required to be kept or maintained by law is an offence punishable with three years imprisonment or two lakh rupees or with both. Fabrication of an electronic record or committing forgery by way of interpolations in CD produced as evidence in a court (Bhim Sen Garg vs State of Rajasthan and others, 2006, Cri LJ, 3463, Raj 2411) attract punishment under this Section. Computer source code under this Section refers to the listing of programs, computer commands, design and layout etc in any form.

Section 66 – Computer related offences are dealt with under this Section. Data theft stated in Section 43 is referred to in this Section. Whereas it was a plain and simple civil offence with the remedy of compensation and damages only, in that Section, here it is the same act but with a criminal intention thus making it a criminal offence. The act of data theft or the offence stated in Section 43 if done dishonestly or fraudulently becomes a punishable offence under this Section and attracts imprisonment upto three years or a fine of five lakh rupees or both. Earlier hacking was defined in Sec 66 and it was an offence.

The word ‘hacking’ was earlier called a crime in this Section and at the same time, courses on ‘ethical hacking’ were also taught academically. This led to an anomalous situation of people asking how an illegal activity be taught academically with a word ‘ethical’ prefixed to it. Then can there be training programs, for instance, on “Ethical burglary”, “Ethical Assault” etc say for courses on physical defence? This tricky situation was put an end to, by the ITAA when it re-phrased the Section 66 by mapping it with the civil liability of Section 43 and removing the word ‘Hacking’. However the act of hacking is still certainly an offence as per this Section, though some experts interpret ‘hacking’ as generally for good purposes (obviously to facilitate naming of the courses as ethical hacking) and ‘cracking’ for illegal purposes. It would be relevant to note that the technology involved in both is the same and the act is the same, whereas in ‘hacking’ the owner’s consent is obtained or assumed and the latter act ‘cracking’ is perceived to be an offence.

As per the ITAA, Section 66 is now a widened one with a list of offences as follows:

66A Sending offensive messages thro communication service, causing annoyance etc through an electronic communication or sending an email to mislead or deceive the recipient about the origin of such messages (commonly known as IP or email spoofing) are all covered here. Punishment for these acts is imprisonment upto three years or fine.

66B Dishonestly receiving stolen computer resource or communication device with punishment upto three years or one lakh rupees as fine or both.

66C Electronic signature or other identity theft like using others’ password or electronic signature etc. Punishment is three years imprisonment or fine of one lakh rupees or both.

66D Cheating by personation using computer resource or a communication device shall be punished with imprisonment of either description for a term which extend to three years and shall also be liable to fine which may extend to one lakh rupee.

66E Privacy violation – Publishing or transmitting private area of any person without his or her consent etc. Punishment is three years imprisonment or two lakh rupees fine or both.

66F Cyber terrorism – Intent to threaten the unity, integrity, security or sovereignty of the nation and denying access to any person authorized to access the computer resource or attempting to penetrate or access a computer resource without authorization. Acts of causing a computer contaminant (like virus or Trojan Horse or other spyware or malware) likely to cause death or injuries to persons or damage to or destruction of property etc. come under this Section. Punishment is life imprisonment.

It may be observed that all acts under S.66 are cognizable and non-bailable offences. Intention or the knowledge to cause wrongful loss to others ie the existence of criminal intention and the evil mind ie concept of destruction, deletion, alteration or diminishing in value or utility of data are all the major ingredients to bring any act under this Section.

Section 67 deals with publishing or transmitting obscene material in electronic form. The earlier Section in ITA was later widened as per ITAA 2008 in which child pornography and retention of records by intermediaries were all included.

Publishing or transmitting obscene material in electronic form is dealt with here. Whoever publishes or transmits any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely to read the matter contained in it, shall be punished with first conviction for a term upto three years and fine of five lakh rupees and in second conviction for a term of five years and fine of ten lakh rupees or both.

Section 67 – A deals with publishing or transmitting of material containing sexually explicit act in electronic form. Contents of Section 67 when combined with the material containing sexually explicit material attract penalty under this Section.

Section 67B – Child Pornography has been exclusively dealt under it. Depicting children engaged in sexually explicit act, creating text or digital images or advertising or promoting such material depicting children in obscene or indecent manner etc or facilitating abusing children online or inducing children to online relationship with one or more children etc come under this Section. ‘Children’ means persons who have not completed 18 years of age, for the purpose of this Section. Punishment for the first conviction is imprisonment for a maximum of five years and fine of ten lakh rupees and in the event of subsequent conviction with imprisonment of seven years and fine of ten lakh rupees.

Section 69 – It empowers the Government or agencies as stipulated in the Section, to intercept, monitor or decrypt any information generated, transmitted, received or stored in any computer resource, subject to compliance of procedure as laid down here. This power can be exercised if the Central Government or the State Government, as the case may be, is satisfied that it is necessary or expedient in the interest of sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence. In any such case too, the necessary procedure as may be prescribed, is to be followed and the reasons for taking such action are to be recorded in writing, by order, directing any agency of the appropriate Government. The subscriber or intermediary shall extend all facilities and technical assistance when called upon to do so.

Section 69A – It was inserted in the ITAA, vests with the Central Government or any of its officers with the powers to issue directions for blocking for public access of any information through any computer resource, under the same circumstances as mentioned above. Section 69B discusses the power to authorise to monitor and collect traffic data or information through any computer resource.

Cyber Crimes Offence By Intermediaries

Liability of intermediaries and the concept of Due Diligence has been discussed in Section 79. As per this, intermediary shall not be liable for any third party information hosted by him, if his function is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted or if he does not initiate the transmission, select the receiver of the transmission and select or modify the information contained in the transmission and if he observes due diligence and follows the guidelines prescribed by the Central Government. This concept of due diligence is also much being debated. Due Diligence was first discussed as an immediate fallout of the famous bazee.com case in New Delhi, when the NRI CEO of the company was arrested for making the MMS clipping with objectionable obscene material depicting school children was made available in the public domain website owned by him, for sale (and later the CD was sold).

The larger issue being discussed at that time was how far is the content provider responsible and how far the Internet Service Provider and what is due diligence which as the CEO of the company, he should have exercised. After passage of the ITAA and the introduction of ‘reasonable security practices and procedures’ and the responsibility of body corporate as seen earlier in Section 43A, and to set at rest some confusion on the significance of due diligence and what constitutes due diligence, the DIT came out with a set of rules titled Information Technology (Intermediaries Guidelines) Rules on 11 April 2011. As per this,

“the intermediary, on whose computer system the information is stored or hosted or published, upon obtaining knowledge by itself or been brought to actual knowledge by an affected person in writing or through email signed with electronic signature about any such information as mentioned in sub-rule (2) above, shall act within thirty six hours and where applicable, work with user or owner of such information to disable such information that is in contravention of sub-rule (2). Further the intermediary shall preserve such information and associated records for at least ninety days for investigation purposes…..”

In essence, an intermediary shall be liable for any contravention of law committed by any user unless the Intermediary can prove that he has exercised due diligence and has not conspired or abetted in the act of criminality.

Power of the Controller

  • The Controller may, by order, direct a Certifying Authority or any employee of such Authority to take such measures or cease carrying on such activities as specified in the order if those are necessary to ensure compliance with the provisions of this Act, rules or any regulations made there under.
  • Any person who fails to comply with any order under sub-section (1) shall be guilty of an offence and shall be liable on conviction to imprisonment for a term not exceeding three years or to a fine not exceeding two lakh rupees or to both

Directions for Monitoring of Information

  • If the Controller is satisfied that it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence, for reasons to be recorded in writing, by order, direct any agency of the Government to intercept any information transmitted through any computer resource.
  • The subscriber or any person in charge of the computer resource shall, when called upon by any agency which has been directed under sub-section (1), extend all facilities and technical assistance to decrypt the information.
  • The subscriber or any person who fails to assist the agency referred to in sub-section (2) shall be punished with an imprisonment for a term which may extend to seven years.

Protected System

  • The appropriate Government may, by notification in the Official Gazette, declare that any computer, computer system or computer network to be a protected system.
  • The appropriate Government may, by order in writing, authorise the persons who are authorised to access protected systems notified under sub-section.
  • Any person who secures access or attempts to secure access to a protected system in contravention of the provisions of this section shall be punished with imprisonment of either description for a term which may extend to ten years and shall also be liable to fine.

Misrepresentation

Whoever makes any misrepresentation, to, or suppresses any material fact from, the Controller or the Certifying Authority for obtaining any license or Digital Signature Certificate, as the case may be, shall be punished with imprisonment for a terms which may extend to two years, or with fine which may extend to one lakh rupees, or with both.

Electronic Signature Certificate With False Particulars

  • No person shall publish a Digital Signature Certificate or otherwise make it available to any other person with the knowledge that-
  • the Certifying Authority listed in the certificate has not issued it; or
  • the subscriber listed in the certificate has not accepted it; or
  • the certificate has been revoked or suspended, unless such publication is for the purposes of verifying a digital signature created prior to such suspension or revocation.
  • Any person who contravenes the provisions of sub-section (1) shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.

Confiscation

Any computer, computer system, floppies, compact disks, tape drives or nay other accessories related thereto, in respect of the if which any provision of this Act, rule, orders or regulations made there under has been or is being contravened, shall be liable to confiscation:

Provided that where it is established to the satisfaction of the court adjudicating the confiscation that the person in whose possession, power or control of any such computer, computer system, floppies, compact disks, tape drives or any other accessories relating thereto is found is not responsible for the contravention of the provisions of this Act, rules, orders or regulations made there under, the court may, instead of making an order for confiscation of such computer, computer system, floppies, compact disks, tape drives or any other accessories related thereto, make such other order authorised by this Act against the person contravening of the provisions of this Act, rules, orders or regulations made there under as it may think fit.

Compounding of Offences

  • A Court of competent jurisdiction may compound offences other than offences for which the punishment for life or imprisonment for a term exceeding three years has been provided under this Act.
  • Provided that the Court shall not compound such offence where the accused is by reason of his previous conviction, liable to either enhanced punishment or to a punishment of a different kind.
  • Provided further that the Court shall not compound any offence where such offence affects the socio-economic conditions of the country or has been committed against a child below the age of 18 years or a woman.
  • The person accused of an offence under this act may file an application for compounding in the court in which offence is pending for trial and the provisions of section 265 B and 265C of Code of Criminal Procedures, 1973 shall apply.

Offences By Companies

  • Where a person committing a contravention of any of the provisions of this Act or of any rule, direction or order made there under is a company, every person who, at the time the contravention was committed, was in charge of, and was responsible to, the company for the conduct of business of the company as well as the company, shall be guilty of the contravention and shall be liable to be proceeded against and punished accordingly:

Provided that nothing contained in this sub-section shall render any such person liable to punishment if he proves that the contravention took place without his knowledge or that he exercised all due diligence to prevent such contravention.

  • Notwithstanding anything contained in sub-section (1), where a contravention of any of the provisions of this Act or of any rule, direction or order made there under has been committed by a company and it is proved that the contravention has taken place with the consent or connivance of, or is attributable to any neglect on the part of, any director, manager, secretary or other officer of the company, such director, manager, secretary or other officer shall also be deemed to be guilty of the contravention and shall be liable to be proceeded against and punished accordingly.

Explanation.-For the purposes of this section-

(a) “company” means and body corporate and includes a firm or other association of individuals; and

(b) “directors”, in relation to a firm, means a partner in the firm

Power of the Police

Notwithstanding anything contained in the Code of Criminal Procedure, 1973 any police officer, not below the rank of a Deputy Superintendent of Police or any other officer of the Central Government or a State

Government auithorised by the Central Government in this behalf may enter any public place and search and the Central Government in this behalf may enter any public place and search and arrest without warrant any person found therein who is reasonably suspected of having committed or of committing or of being about to commit any offence under this Act.

Explanation:- For the purposes of this sub-section, the expression “public place” includes any public conveyance, any hotel, any shop or any other place intended for use by, or accessible to the public.

  • Where any person is arrested under sub-section (1) by an officer other than a police officer, such officer shall, without unnecessary delay, take or sent the person arrest before a magistrate having jurisdiction in the case or before the officer-in-charge of a police station.
  • The provisions of the Code of Criminal Procedure, 1973 shall, subject to the provisions of this section, apply, so far as may be, in relation to any entry, search or arrest, made under this section.

Protection of Action taken in Good Faith

No suit, prosecution or other legal proceeding shall lie against the Central Government, the State government, the Controller or any person acting on behalf of him, the Presiding Officer , adjudicating officers and the staff of the Cyber Appellate Tribunal for anything which is in good faith done or intended to be done in pursuance of this Act or any rule, regulation or order made there under.

IT Act Amendments

A major amendment was made in 2008. It introduced the Section 66A which penalised sending of “offensive messages”. It also introduced the Section 69, which gave authorities the power of “interception or monitoring or decryption of any information through any computer resource”. It also introduced penalties for child porn, cyber terrorism and voyeurism. It was passed on 22 December 2008 which any debate in Lok Sabha. The next day it was passed by the Rajya Sabha. It was signed by the President of 5 February 2009

Indian Evidence Act

The Indian Evidence Act, originally passed in India by the Imperial Legislative Council in 1872, during the British Raj, contains a set of rules and allied issues governing admissibility of evidence in the Indian courts of law.

Amendments to The Indian Evidence Act, 1872

1. In section 3,-

(a) in the definition of “Evidence’, for the words “all document produced for the inspection of the Court”, the words “all documents including electronic records produced for the inspection of the Court” shall be substituted ;

(b) after the definition of “India, the following shall be inserted, namely:-

2. ‘the expressions “Certifying Authority”, digital signature”, “Digital Signature Certificate”, “electronic form”, “electronic records”, “information”, “secure electronic record”, “secure digital signature” and “subscriber’ shall have the meanings respectively assigned to them in the Information Technology Act, 2000.

3. IN section 17, for the words “oral or documentary,” words “oral or documentary or contained in electronic form’ shall be substituted.

4. After section 22, the following section shall be inserted, namely:- “22A”. When oral admission as to contents of electronic records are relevant.-

Oral admission as to contents of electronic records are not relevant, unless the genuineness of the electronic record produced is in question”.

5. In section 34, for the words “Entries in the books of account”, the words “Entries in the books of account, including those maintained in an electronic form” shall be substituted

6. For section 39, the following section shall be substituted, namely:- “39. What evidence to be given when statement forms part of a conversation, documents, electronic record, book or series of letters or papers.-When any statement of which evidence is given forms part of longer statement, or of a conversation or part of an isolated documents, or is contained in a document which forms part of a book, or is contained in part of electronic record or of a connected series of letters or papers, evidence shall be given of so much and no more of the statement, conversation, document, electronic record, book or series of letters or papers as the Court considers necessary in that particular case to the full understanding of the nature and effect of the statement, and of the circumstances under which it was made.”

7. After section 47, the following section shall be inserted, namely:- “47A. Opinion as to digital signature when relevant.- When the court has to form an opinion as to the digital signature of any person, the opinion of the Certifying Authority which has issued the digital signature Certificate is a relevant fact”

8. In section 59, for the words “contents of documents “the words” contents of documents or electronic records” shall be substituted.

9. After section 65, the following shall be inserted, namely:- “65A. Special provisions as to evidence relating to electronic record.-the contents of electronic records may be proved in accordance with the provisions of section 65B.

65B. Admissibility of electronic records.-(1) Notwithstanding anything contained in this Act, any information contained in an electronic record which is printed on a paper, stored, recorded or copies in optical or magnetic media produced by a computer (hereinafter referred to as the computer output) shall be deemed to be also a document, if the conditions mentioned in this section are satisfied in relation to the information and computer in question and shall be admissible in any proceedings, without further proof or production of the original, as evidence of any contents of the original or of any fact stated therein of which direct evidence would be admissible.

(2) The conditions referred to in sub-section (1) in respect of a computer output shall be the following, namely:-

(a) the computer output containing the information was produced by the computer during the period over which the computer was used regularly to store or process information for the purposes of any activities regularly carried on over that period by the person having lawful control over the use of the computer;

(b) during the said period, information of the kind contained in the electronic record or of the kind from which the information so contained is derived was regularly fed into the computer in the ordinary course of the said activities;

(c) throughout the material part of the said period, the computer was operating properly or, if not; then in respect of any period in which it was not operating properly or was out of operation during that part of the period, was not such as to affect the electronic record or the accuracy of its contents;

(d) the information contained in the electronic record reproduces or is derived from such information fed into the computer in the ordinary course of the said activities.

(3) Where over any period, the function of storing or processing information for the purposes of any activities regularly carried on over that the period as mentioned in clause (a) of sub-section (2) was regularly performed by computers, whether- (a) by a combination of computers operating over that period; or

(b) by different computer operating in succession over that period; or

(c) by different combinations of computers operating in succession over that period; or

(d) in any other manner involving the successive operation over that period, in whatever order, of one or more computers and one or more combinations of computers, all the computers used for that purpose during that period shall be treated for the purposes of this section as constituting single computer, and references in this section to a computer shall be construed accordingly.

(4) In any proceedings where it is desired to give a statement in evidence by virtue of this section, a certificate doing any of the following things, that is to say-

(a) Identifying the electronic record containing the statement and describing the manner in which it was produced;

(b) giving such particulars of any device involved in the production of that electronic record as may be appropriate for the purpose of showing that the electronic record was produced by a computer;

(c) dealing with any of the matters to which the conditions mentioned in sub-section (2) relate, and purporting to be signed by a person occupying a responsible official position in relation to the operation of the relevant device or the management of the relevant activities (whichever is appropriate) shall be evidence of any matter sufficient for a matter to be stated to the best of knowledge and belief of the person stating it.

(5) For the purposes of this section,-

(a) information shall be taken to be supplied to a computer if it is supplied thereto in any appropriate form and whether it is so supplied directly or (with or without intervention) by means of any appropriate equipment;

(b) whether in the course of activities carried on by any official, information is supplied with a view to its being stored or processed for the purposes of those activities by a computer operated otherwise than in the course of those activities, that information, in duly supplied to that computer shall be taken to be supplied to it those activities;

(c) a computer output shall be taken to have been produced by a computer whether it was produced by it directly or (with or without human intervention) by means of any appropriate equipment.

Explanation.-For the purposes of this section any reference to information being derived from other information shall be a reference to its being derived there from by calculation, comparison or any other process;

10 After section 67, the following section shall be inserted , namely:- “67. Proof as to digital signature.- Except in the case of a secure digital signature, if the digital signature of any subscriber is alleged to have been affixed to an electronic record the fact that such digital signature is the digital signature of the subscriber must be proved.’

11. After section 73, the following section shall be inserted, namely:- “73A. Proof as to verification of digital signature.-In order to ascertain whether a digital signature is that of the person by whom it purports to have been affixed, the Court may direct-

(a) that person or the Controller or the Certifying Authority to produce the Digital Signature Certificate;

(b) any other person to apply the public key listed in the Digital Signature Certificate and verify the digital signature purported to have been affixed by that person.”

Explanation .-For the purposes of this section, “Controller” means the Controller appointed under sub-section (1) of section 17 of the Information Technology Act, 2000.”

12. After section 81, the following section shall be inserted, namely:- “81A. Presumption as to Gazettes in electronic forms.-The Court shall presume the genuineness of every electronic record purporting to be the Official Gazette, or purporting to be electronic record directed by any law to be kept by person, if such electronic record is kept substantially in the form required by law and is produced from proper custody.”

13. After section 85, the following sections shall be inserted, namely:- “85A. Presumption as to electronic agreements.- The court shall presume that every electronic record purporting to be an agreement containing the digital signatures of the parties was so concluded by affixing the digital signature of the parties.

“85B. Presumption as to electronic records and digital signatures.-(1) IN any proceedings involving a secure digital signature, the Court shall presume unless the contrary is proved that-

(a) the secure digital signature is affixed by subscriber with the intention of signing or approving the electronic record;

(b) except in the case of a secure electronic record or a secure digital signature, nothing in this section shall create any presumption relating to authenticity and integrity of the electronic record or any digital signature.

85C. Presumption as to Digital Signature Certificates.-The Court shall presume, unless contrary is proved, that the information listed in a Digital Signature Certificate is correct, except for information specified as subscriber information which has not been verified, if the certificate was accepted by the subscriber .”

14. After section 88, the following section shall be inserted, namely:- “88A. Presumption as to electronic messages.- The Court may presume that b electronic message forwarded by the originator through an electronic mail server to the addresses to whom the message purports to be addressed corresponds with the message as fed into his computer for transmission; but the Court shall not make any presumption as to the person by whom such message was sent.”

Explanation.-for the purposes of this section, the expression “addressee’ and “originator” shall have the same meanings respectively assigned to them in clauses (b) and (za) of sub-section (1) of section 2 of the information Technology Act, 2000.”

15. After section 90, the following section shall be inserted, namely:- “90 A. . Presumption as to electronic records five years old.-where any electronic record, purporting or proved to be five years old, is produced from any custody which the court in the particular case considers proper, the Court may presume that the digital signature which purports to be the digital signature of any particular person was so affixed by him or any person authorised by him this behalf.

Explanation.-Electronic records are said to be in proper custody if they are in the place in which, and under the care of the person with whom, they naturally be; but no custody is improper if it is proved to have had a legitimate origin, or the circumstances of the particular case are such as to render such and origin probable.

16. For section 131 the following section shall be substituted, namely:-

Production of documents or electronic records which another person, having possession, could refuse to produce.- No one shall be compelled to produce documents in his possession or electronic records under his control, which any other person would be entitled to refuse to produce if they were in his possessions or control, unless such last-mentioned person consents to their production.”

Appointment of National Nodal Agency and ICERT

Indian Computer Emergency Response Team: (CERT-In) is the Government organisation under Ministry of Communications and Information Technology. It is a nodal agency that deals with cyber security threats like hacking and phishing. It strengthens security-related defence of the Indian Internet domain. In March 2014, CERT reported a critical flaw in Android Jelly bean’s VPN implementation.

In December 2013, CERT reported there was a rise in the cyber attacks on Government organisations like banking and finance, oil and gas and emergency services. It issued a list of security guidelines to all critical departments.

Electronic Cheques Laws

Electronic cheques are another form of Electronic tokens. They are designed to accommodate the many individuals and entities that might prefer to pay on credit or through some mechanism other than cash. Once registered, a buyer can then contact sellers of goods and services. To complete a transaction, the buyer sends a check to the seller for a certain amount of money. These checks may be sent using Email or other Transport methods. When deposited, the cheque authorises the transfer of account balances from the account against which the cheque was drawn to the account to which the cheque was deposited.

The electronic cheques are modeled on paper checks, except that they are initiated electronically. They use digital signatures for signing and endorsing and require the use of digital certificates to authenticate the payer, the payer’s bank and bank account. They are delivered either by direct transmission using telephone lines or by public networks such as the Internet.

Benefits of electronic Cheques:

  • Well suited for clearing micro payments. Conventional cryptography of e-cheques makes them easier to process than systems based on public key cryptography (like digital cash).
  • They can serve corporate markets. Firms can use them in more cost-effective manner.
  • They create float and the availability of float is an important requirement of Commerce.

Advantages of Electronic cheques:

  • Similar to traditional cheques. This eliminates the need for customer education
  • Since Electronic cheques use conventional encryption than Public and private keys as in e-Cash, Electronic cheques are much faster.

With amendments in the Sections 6 and 1(4), coupled with the introduction of 81 A to the Negotiable Instruments Act, 1881, ECT is now legalized. After initial implementation in the national capital region, it will spread gradually across the country, though the stipulated deadline for the phased commencement is December 31, 2006. In 2002, ‘e’ is for an e-cheque. An electronic cheque. A cheque that never expires. A cheque that never bounces whether because of insufficient balance in the account or a faulty signature. A cheque the creditor doesn’t have to present physically at his bank. A cheque that enables outstation payments to be credited to the payee’s account within 2-3 days flat A cheque that transfers money at half the cost of a demand draft!

E-cheques are already operational in the US, Australia has put them on trial since November 2001 and now they are here in India.

If we look at the provisions of the ITA-2000, we observe that the requirement of Writing and Signing are easily satisfied by the recognition of electronic documents and digital signatures. The other aspects of the above definition are that the drawee should be a Banker and the sum payable and the person to whom it is payable should be Certain and the Order to pay should be unconditional. These are also possible to be satisfied by the existing provisions of the Act. But for the exclusion of the Negotiable Instruments by the ITA-2000, it appears that the system of virtual cheques would have become feasible now. However, will a virtual Cheque be ever equivalent to a Real Cheque? This, depends on the many other hidden features that the Cheque as we know today and the family of Negotiable Instruments as we know today possess.

Security Procedures followed

The Central Government shall, for the purpose of this Act, prescribe the security procedure having regard to commercial circumstances prevailing at the time when the procedure was used, including

  • The Nature Of The Transaction;
  • The Level Of Sophistication Of The Parties With Reference To Their Technological Capacity;
  • The Volume Of Similar Transactions Engaged In By Other Parties;
  • The Availability Of Alternatives Offered To But Rejected By Any Party;
  • The Cost Of Alternative Procedures; And
  • The Procedures in General Use For Similar Types Of Transaction Or Communications.

Jurisdiction

This is a major issue which is not satisfactorily addressed in the ITA or ITAA. Jurisdiction has been mentioned in Sections 46, 48, 57 and 61 in the context of adjudication process and the appellate procedure connected with and again in Section 80 and as part of the police officers’ powers to enter, search a public place for a cyber crime etc. In the context of electronic record, Section 13 (3) and (4) discuss the place of dispatch and receipt of electronic record which may be taken as jurisprudence issues.

However some fundamental issues like if the mail of someone is hacked and the accused is a resident of a city in some state coming to know of it in a different city, which police station does he go to? If he is an employee of a Multi National Company with branches throughout the world and in many metros in India and is often on tour in India and he suspects another individual say an employee of the same firm in his branch or headquarters office and informs the police that evidence could lie in the suspect’s computer system itself, where does he go to file he complaint. Often, the investigators do not accept such complaints on the grounds of jurisdiction and there are occasions that the judicial officers too have hesitated to deal with such cases. The knowledge that cyber crime is geography-agnostic, borderless, territory-free and sans all jurisdiction and frontiers and happens in ‘cloud’ or the ‘space’, has to be spread and proper training is to be given to all concerned players in the field.

Evidences

Evidences are a major concern in cyber crimes. Pat of evidences is the ‘crime scene’ issues. In cyber crime, there is no cyber crime. We cannot mark a place nor a computer nor a network, nor seize the hard-disk immediately and keep it under lock and key keep it as an exhibit taken from the crime scene.

Very often, nothing could be seen as a scene in cyber crime! The evidences, the data, the network and the related gadgets along with of course the log files and trail of events emanating or recorded in the system are actually the crime scene. While filing cases under IT Act, be it as a civil case in the adjudication process or a criminal complaint filed with the police, many often, evidences may lie in some system like the intermediaries’ computers or some times in the opponent’s computer system too. In all such cases, unless the police swing into action swiftly and seize the systems and capture the evidences, such vital evidences could be easily destroyed. In fact, if one knows that his computer is going to be seized, he would immediately go for destruction of evidences (formatting, removing the history, removing the cookies, changing the registry and user login set ups, reconfiguring the system files etc) since most of the computer history and log files are volatile in nature.

Go back to Tutorial

Share this post
[social_warfare]
Team Vskills
Cyber Law
International Cyberspace Laws

Get industry recognized certification – Contact us

keyboard_arrow_up