CHAPTER- I

INTRODUCTION
1.1 General
“However nowadays Crime wave is measured in minutes and hours rather
than in months and years.1 The globe is being recreated in the image of a global
community thanks to the new electronic interdependence. 2 If you know the enemy
and know yourself you need not fear the results of a hundred battles. If you only
know yourself and not the enemy, every victory will be followed by a defeat. You
will lose every war if you don't know yourself or your opponent.”3

Crime is eternal; it has existed since the dawn of civilization and will
continue to exist indefinitely. Criminals will modify their tactics as long as
society improves its safeguards. 4 Since man's fall, crime and criminality have
been associated with him. Crime is elusive, and it always tries to hide in the face
of progress. Depending on the nature and scope of the crime, many countries have
implemented different ways to combat it. 5 Because the link of family was
significantly stronger than that of the community, the injured party and his
kindred may avenge the injustice through private vengeance and self-redress prior
to the 10th century, and resort to legal remedies was considered merely an
optional alternative to self-redress.6

At the time, the wrongdoer was required to compensate the victim, with the
amount of compensation determined by the severity of the wrongdoing and the
victim's social rank. In comparison to present times, the law did not compel the
regulation of social connections in the early days. During the 12th and 13th
centuries the Early English society included only those acts as crimes if
committed against the state or the religion not others. During the early societies,
there was no distinction between the law of crime and the law of torts, and these
communities solely followed the law of wrongs. When an offence is committed in
1
D.S. Wall, Cyber Crime: The Transformation of Crime in the Information Age, 2007, p. 3.
2
Marshall Herbert MeLuhan, “The Promise of Global Networks”, Annual Review of Institute for
Information Studies, 1999, p. 6.
3
Sun Tzu and Col. John M. Fabry, Cybercrime, Cyber Terrorism and Network Warfare: The Next
Generation of Concerns for Users of Networked Information Systems, 1999, p. 161.
4
Anwar M.S. Masadeh, Combating Cyber Crimes- Legislative Approach- A Comparative Study,
p.6, available at: http://www.almeezan.qa/ReferenceFiles.aspx?id=54&type=doc&language=en
(visited on March 21, 2017).
5
Aghatise E. Joseph, “Cyber Crime Definition”, Cyber Crime Research Centre (Last modified on
June 28, 2006), available at: http://www.scribd.com/document/195552552/Cybercrime-Definition
(visited on Feb. 22. 2017).
6
Amita Verma, Cyber Crimes & Law, 2009, p. 34.
1
modern legal systems, the law is applied immediately regardless of the wishes of
the victimized party, but in early cultures, the law was initiated only when both
parties agreed to submit to the judgments. During the 18th century, also known as
the "miracle reorientation" period in criminology, it was thought that only the
wrongdoer could confess criminal responsibility for his conduct, and that no one
else, even external agents, had any involvement. with it. At that time it was clear
that the concept of crime is interlinked with social policy of that time.

Because of the differences in social conditions in different countries, the

incidence of crime in western countries is significantly higher than in India. 7

Crime is on the rise as a result of modernization, urbanisation,

industrialization, scientific and technological progress, and civilisation.

The scientist is well-versed in the approach for locating criminals who are
engaged in illicit activity and avoiding notice because the chance of being caught
is reduced.

Following this, there was an increased need for a fresh strategy to crime
and criminals in order to battle the new situations and criminals. In criminology,
it has been rightly said that a crime will happen where and only when the
opportunity avails itself. Before this we were known only about the traditional
types of crimes like murder, rape, theft, extortion, robbery, dacoity etc. But now
with the development and advancement of science and technology i.e. computers
and internet facilities, new types of crimes exist like hacking, cyber pornography
etc.

The internet has transformed the entire planet into a global village. It has
established a virtual world with no boundaries, allowing people to improve both
personal and professional interactions beyond national boundaries. The rise of
globalisation has had a significant impact on the socioeconomic and cultural
aspects of society. Human civilization has benefited from cyberspace. Internet has
connected people around the globe. 8 It is a powerful tool for development,
paradoxically it is a double edged sword providing opportunities for government
business industry etc. to develop and operate reaching the international landscape
at the same time equipping the greed motivated individuals with risk free

7
N.V. Paranjape, Criminology and Penology, 2007, p. 4.
8
Tanaya Saha and Akanchs Srivastava, “Indian Women at Risk in the Cyber Space: A Conceptual
Model of Reasons of victimization, International Journal of Cyber Criminology, vol. 8 No. 1,
Jan.- June, 2014, pp. 57-58, available at: http://www.cybercrimejournal.com/ sahasrivastavatalijcc
2014 vol8issue1.pdf (visited on March 6, 2017).
2
opportunities of committing crime.9

Cyber Space is the virtual space in which all Information Technology

mediated communication and activity take place. Cyberspace can't be pinpointed
in space. It's made up of intangible items like your website, blog, social media
profiles, email accounts, personal information, and online reputation. Cyberspace
can be compared to a worldwide electronic community with real-time
communication and no physical boundaries. 10 Cyber world is the world without
specific boundaries where people with a keyboard and mouse by single click can
visit whole world, can speak with any one they wish, can see anyone they wish,
even thousands of miles away, they can have online discussion with each other,
exchange their views, sell and purchase things, access banking facilities, create
information and exchange information online.11 This is another problem in cyber
space of not having the specific location.

The Information Revolution has produced a period of dramatic and

profound change throughout the world. This change is marked by rapidly
advancing computing power, increasingly pervasive network technologies, and
the escalating need to share information, to learn, and to act quickly. 12 There is
also the recent change in our education system, types of working, manufacturing
system, sales, marketing, shopping turns into online, monetary transactions,
tourism, entertainment, medical facilities etc. due to rapid growth of online
system through internet and new technology at national and international level.
This is called as a revolution which means the emergence of new cultures and
societies in cyber space which is not bounded by any geography or time. But
indirectly this leads to increasing the gap between the existing societies and
technology based societies at the information age.

Today, the time is that the security of our nation, the viability of our
economy and the health of our citizen is relied on infrastructures for
communication, finance, energy distribution, and transportation which completely
depend on networked information systems. The challenge posed by crimes
initiated or committed through the online environment is not so much their
identification as the nature of the environment in which they are committed.
9
Mohammad Talib and Virginiah Sekgwathe, “E-Crime: An Analytical Study and Possible Ways
to Combat”, International Journal of Applied Information Systems, vol. 2, No. 2, May, 2012, p. 1,
available at: http://research.ijais.org/volume2/number2/ijais12-450261.pdf (visited on March 21,
2017).
10
Anirudh Rastogi, Cyber Law- Law of Information Technology and Internet, 2014, p. 2.
11
M. Dasgupta, Cyber Crime in India- A Comparative Study, 2009, p. 1.
12
Supra note 3.
3
Cyber criminals can operate from anywhere in the world, targeting large groups
of people or businesses across international borders, and the scale and volume of
the crimes, as well as the technical difficulty of identifying the perpetrators and
the need to work internationally to bring them to justice, all pose challenges.

Based on the premise that law enforcement struggles to operate in the

online world, the internet provides new opportunities for cyber criminals and
allows aspiring criminals to enter the environment.

Computers are incapable of committing crimes. 13 As the use of computers

grew in popularity, so did the growth of technology, and the term "cyber" became
increasingly familiar to the public. The evolution of information technology (IT)
gave rise to the cyber space, in which the internet gives all individuals with equal
access to any information, data storage, analysis, and other services using high
technology.14 Cyberspace the new frontier, is the common heritage of mankind
but unfortunately some peoples misuse the common heritage and therefore,
cyberspace is also a new frontier of different type of crimes.15 These attacks do
not target a physical body, but rather a person's or company's virtual body.

Computer crime, also known as cyber crime, e-crime, hi-tech crime, or

electronic crime, refers to criminal conduct involving a computer or network as
the source, tool, target, or location of the crime, as well as classic crimes
involving computers, such as child pornography and Internet fraud. There is also
‘Computer Crime' in addition to cybercrime.

Criminals' use of computers for communication and document or data

storage is referred to as ‘computer-assisted crime.' 16 Cybercrime is "international"
or "transnational" – there are ‘no cyber-borders between countries'.17

In India, the legal framework for cyber world was found in the form E-
Commerce Act, 1998. After this, a need was felt of having the basic law which
covers all the areas of cyber world then in May, 2000 the Parliament of India
passed the Information Technology Act, 2000 with the objective to combat cyber
crimes and to provide a legal framework for e-commerce transactions. In India
13
Donn B. Parker, “Automated Crime in Cyber Crime”, International Conference Course Book,
1997.
14
Farooq Ahmad, Cyber Law in India- Law on Internet, 2008, p. 367.
15
Veer Singh and B.B. Parsoon, “Cyber Crimes and the Need for National and International
Legal Control Regimes”, PULR, vol. 44, 2002, p. 39.
16
D. Latha, Jurisdiction Issues in Cybercrimes, Law Weekly Journal, vol.4, 2008, p. 85,
available at www.scconline.com, (visited on July 25, 2015).
17
Guillaume Lovet Fortinet, “Fighting Cybercrime: Technical, Juridical and Ethical Challenges”,
Virus Bulletin Conference, 2009.
4
this was the very first cyber legislation which is specifically deals with
cybercrimes. It deals with the various types of offences which is done in the
electronic form or concerning with computers, computer systems, computer
networks. This Act amends many provisions of our existing laws i.e. Indian Penal
Code, 1860; the Indian Evidence Act, 1872; the Bankers Book Evidence Act,
1891 and the Reserve Bank of India Act, 1934.

The Information Technology Act, 2000 has been proved to be a highly

controversial piece of legislation. The Act has gotten a lot of flak from the legal
community and the general public in its sixteen years of existence. It is said to
have a slew of defects, shortcomings, and perils, ranging from ineffectiveness in
combating cybercrime to arbitrary restrictions on residents' civil liberties. 18 The
Information Technology Act has been in place in India since 2000 to combat
cybercrime, but the problem is that it is still more on paper than in practise since
attorneys, police officers, prosecutors, and judges are unable to comprehend its
extremely technical terminology.19 It was enacted as the basic law for the
cyberspace transactions in India but due to some weaknesses it was amended in
the year 2008 with the insertion and substitution of new section and sub clauses
etc.

The United State of America enacted several Federal and State laws for
the protection of computer, computer system and computer network from various
forms of cyber crimes i.e. Computer Fraud and Abuse Act, 1986; Data Protection
Act, 1998; Patriot Act, 2001; Child Pornography Prevention Act, 1996 and the
Child Online Protection Act, 1998; Communication Decency Act, 1996; CAN-
SPAM Act, 2003; Anti-Cyber Squatting Consumer Protection Act in 1999 etc.
but still cyber crimes are happening day-by-day and United States is considered
as the birth place of these crimes.

The United Kingdom has also enacted several legislations for combating
the cyber crimes like Data Protection Act, 1984; Access to Personal Files Act
1987, Copyright (Computer Software) Amendment Act 1985, Interception of
Communications Act 1985, Local Government (Access to Information) Act 1985,
and Electronic Communication Act 2000. But the problem of cyber crime is not
18
“Supreme Court of India: To Hear Eight IT Act Related Cases on 11 th April 2014- SFLC”,
available at: http://www.medianama.com/2014/03/223-supreme-court-of-india-to-hear-eight-it-
act-related-cases- on-11th-april-2014-sflc/ (visited on June 29, 2016).
19
Samiksha Godara, “Prevention and Control of Cyber Crimes in India: Problems, Issues and
Strategies”, A Thesis submitted to Maharishi Dayanand University, April 1, 2013, p. 2, available
at: http://shodhganga.inflibnet.ac.in/bitstream/10603/7829/12/12_chapter%203.pdf (visited on
May 20, 2016).
5
resolved yet in spite of lots of legislation.

Because cybercrime and cyber attacks, as well as remotely directed

attacks, influence our daily lives, no government, public or private sector
organisation can afford to ignore them. E-crime necessitates the regulation of
cyberspace in order to establish impartial, in-depth investigation of the
phenomenon, as well as cyber justice and deterrent. 20 It is growing by the day
because to a lack of internationally harmonised legislation, penalties, rising
knowledge and expertise of cyber criminals, law enforcement agencies, judges,
legislators, prosecutors, academia, and, most importantly, victims' inability to
report such crimes seriously.

1.2 Review of Literature

The review of the existing literature is the preliminary step for starting the
work on research problem which helps in understanding the different aspects of a
concept and avoids repetition. Because after identifying the research problem, it is
necessary to take guidance from the existing literature on the subject for getting
the answers from these for your research questions. A researcher can easily
formulate the research methodology with the help of it. A researcher can make the
clarity of a concept with the help or guidance taken from the number of books,
monograms, reports, research papers or articles etc. which are concerned with
their research topic. The literature available on the particular subject reveals that
there is a number of research work done by the former researcher and also shows
their works impact on society. The literature studies on the cyber crime tried to
find out the reason behind the commission of the crime and the possible method
or modes for controlling them for the sake of society. Here an attempt has been
made to review the literature of some authors.

1. Dr. Amita Verma in her book “Cyber Crimes & Law”21 has discussed
every concept which is related to cyber crimes like cyber space, computer,
internet, information technology etc. She has comprehensively mentioned
the early concept of crime, its elements and now the status of crime which
is emerged as cyber crime, its nature, essential elements, scope,
characteristics, different basis of classifications etc. because she mentioned
it in her book as the new species of crime. According to her cybercrime
has recently become a catchy term for a group of security issues in
cyberspace. She has also stated that cyber crime is the deadliest epidemic
20
Supra note 9.
21
Dr. Amita Verma, Cyber Crimes & Law (Central Law House Publications, Allahabad, 2009).
6
 confronting our planet in this millennium.

While discussing about the globalization and information technology she

has stated that the evolution of the present information age has changed the
human perspective from ‘Think Globally, Act Locally’ to ‘Think Locally, Act
Globally’.22 She acknowledges in the preface of her book that the change is the
law of nature and whatever happens, happens for the best. So there is a need of an
idea doing best to optimize cyberspace use while minimizing this new species of
crime. Also need to have a clearly defined plan, a blueprint of the future of cyber
world.

She has classified cyber crimes on different basis i.e. victims of cyber
crimes includes cyber pornography, cyber stalking, cyber harassment, cyber
defamation etc.; computer as a target or tool includes cyber fraud, theft, sabotage
of computer, cyber hacking etc.; based on cyber offenders, cyber crime done
against various groups like industry, institution, business, government entity,
trade, military and intelligence agency etc.; civil or criminal liability and also
based on role played by the computers. According to her hackers, phreaks,
information merchants and mercenaries, terrorists, extremists and deviants are the
cyber offenders.

She has also discussed the role of judiciary at national and international
level for combating the growth of these types of computer related crimes. She has
also elaborately explained the legislative approach towards the emerging national
and international control regimes and status of civil or criminal liability of these
crimes in the contemporary time period. She has mentioned the challenges faced
by criminal justice system due to the origin of this new species of crime in
modern time.

After stating all the relevant provisions of law, at the end she has made
some suggestions, if implemented effectively and in a coordinated manner, it
would go a long way to make this scientific wonder of all ages sustainable not
only for this generation but also for many more generations to come.23

2. Dr. M. Dasgupta in his book “Cyber Crime in India: A Comparative

Study”24 has made the comparative study of laws relating to various types
of cyber crime i.e. hacking, cyber fraud, cyber pornography and cyber

22
Id, p. 8.
23
Id, p. 464.
24
Dr. M. Dasgupta, Cyber Crime in India: A Comparative Study (Eastern Law House Pvt. Ltd.,
Kolkata, 2009).
7
 terrorism in India with the laws applicable in United States and United
Kingdom. He has also defined the concept of crime, cyber crime, its
nature, elements, characteristics and classifications etc. He has
acknowledged in the preface of his book that cyber crime is one of the
emerging branches of law which is becoming socially relevant at a rapid
pace as it is the result of boom in information technology whose impact is
all pervasive and with far reaching consequences in different fields.

He has also elaborately discussed the various theories of criminal

behaviour in cyber space and growing menace of cyber crimes. In his book, he
has also precisely explained the historical development of cyber crimes starting
with the evolution of computer and all the phases of its growth with the suitable
case laws. He has made an attempt to critically analyse these types of cyber
crimes and also mentioned the national and international initiatives to prevent and
control these crimes. He has also tried to explain the legislative and judiciary
response towards these types of crimes at national and international level.

While discussing about the nature and commenting on the scope of cyber
crimes, he has stated that “it is very essential to emphasise that the world is not
run by weapons anymore, or energy, or money. It is run by ones and zeros….little
bits of data….it is all electrons. There’s a war out here, a world war. It is not
about who has the most bullets. It is about who controls the information- what we
see and hear, how we work, what we think etc. It’s all about information”25

According to him it is very complex task to classify cyber crime because it

is the new spectacle of crime with ever increasing and ever growing phenomenon.
He classified it into several ways i.e. computer is the target as well as the victim;
computer is incidental to other crime; crimes associated with the prevalence of
computers.

After discussing the relevant provisions of law, he has made some

suggestions which have been put forth for consideration and may be helpful for
students, research scholars, academicians and other members of legal fraternity.
He stated that if all the suggestions made by him are implemented and security
measures are adopted, we can hope with Rabindranath Tagore for a “cyber world
where the mind is without fear…..”26 Above all, with honesty of purpose and
commitment to the cause he suggested to each of us to say with Sukanta
Bhattacharya,
25
Id, p. 8.
26
Id, p. 226.
8
 “I Know I will have to go, yet as long as I live, I shall stake my life to clear the
world’s refuse, I shall make this world habitable for this child, To the new-born
this is my firm promise.”27

3. Dr. Talat Fatima in her book “Cyber Crimes”28 has explained all the
concepts relating to cyber space and cyber crimes starting from the history
of telegraph to telephone to computers. She has also traced the concept of
crime from primitive to information society. In her study, she has
discussed the traditional and modern approach to crime and its elements.
She has stated cybercrimes as a deviance from traditional crimes. She has
also highlighted the evolution of criminal law, criminal justice system,
cyber crimes and taxonomy of cybercrimes. She has exhaustively
discussed the meaning, concept, nature, characteristics, scope, classifications
and other related concept of cyber crimes. According to her cyber crimes
are the crimes unknown to the legal world prior to the birth of the internet
and include not only acts which are employed to commit traditional crimes
using the net but also those crimes which are committed thoroughly and
exclusively using internet.29

While emphasizing on the global development of cybercrimes she stated

that “crime wave is now measured in hours and minutes rather than in months
and years.” 30In her study she has only mentioned the pure cyber crimes with the
comparative study of laws of United States and United Kingdom with India. She
has evaluated the laws of US and UK as these are the two nations who for
centuries are both technologically and legally well equipped and have been the
first ones in the field as mentioned in the preface of her book. She has also
explored the ways and means to frame a basic infrastructure to punishing the
cyber criminals because India is still without a comprehensive law on cyber
crimes.

She acknowledges in the preface of her book that the her work is inspired
by writers like Chris Reed, Ian Walden, Margaret J. Radian, Don Parker, Graham
J.H. Smith, Y. Akdeniz, D.S. Wall etc. She has analysed the legal complexities
which arise due to presence of an array of foreign components on the entire cyber
crime scene. She has also analysed the vulnerabilities in the transient regime of
the cybercrimes as these elusive crimes present unprecedented challenges to the
27
Ibid.
28
Dr. Talat Fatima, Cyber Crimes, (Eastern Book Company, Lucknow, 2011).
29
Id, p. 91.
30
Id, p. 78.
9
legal world. She has also critically pointed out the jurisdictional issues and legal
liability in cyberspace. Her book covers the latest topics i.e. SMS Spoofing,
hacking by Trojan Horse, Logic Bomb, threat to privacy by Cookies, Web bug,
very-chip, WoZNet chip, spyware and adware etc.

After analysing systematically at the end she has suggested that crime
knows no frontiers. The criminal has no sense of patriotism, humanism or
jurisprudence. But the crime of the modern age being borderless, the accusatorial
laws have to take international character.31 She has mainly made suggestions in
the area of substantive criminal law and in the procedural law. She has also
suggested the preventive and enforcement strategies for dealing with these types
of crimes.

4. Justice Yatindra Singh in his book “Cyber Laws”32 has mentioned the
meaning, concept, nature and importance of intellectual property rights i.e.
trademarks, copyrights, patents etc. on cyber space. According to him,
intellectual property rights refer to the property that is a creation of the
mind

i.e. inventions, literary and artistic works, symbols, names, images and designs
used in commerce.33

In his book, he has properly analysed the cyber laws in order to sort out the
legal issues by explaining the science behind the new emerging technology. He
has mentioned the concept of digital signature, electronic signature and all the
relevant provisions relating to it including with procedure of authentication and
recognition of it. He has also through light on the electronic governance with
relevant provisions given under the Information Technology Act, 2000 as
amended by Amendment Act, 2008. He analysed that the internet has brought

a new class of persons known as intermediaries, who provides the physical

facilities to transmit or route the information. He has also mentioned all the cyber
offences recognised and punishable under Information Technology Act, 2000 as
amended by Amendment Act, 2008.

While discussing about the online infringement of intellectual property

rights, he has critically analysed the judgements of Napster Case. 34 He has also
discussed the US Supreme Court’s decision in ‘Re Bilski Case’ because of the
31
Id, p. 515.
32
Justice Yatindra Singh, Cyber Laws, (Universal Law Publishing Co. Pvt. Ltd., 2010).
33
Id, p. 45.
34
A & M Records Inc. v. Napster Inc., (2000) 114 F Supp 2d 896 (N.D. Cal).
10
ongoing debate regarding the law for patentability of the computer software.

Considering the fact that most of the software companies enter into the
‘Invention and Proprietary Information Agreement (IPIA)’ with their employees,
he has also added the new chapter in his book and explained it with all relevant
provisions.

5. Vakul Sharma in his book “Information Technology: Law and

Practice”35 has discussed the role of information technology in practice
and cyber laws relating to it. He has discussed all the concepts with
examples which make his work more interesting and comprehensible. In
his book he has made a systematic study on the issue of jurisdiction in
cyber space and all the offences punishable under IT Act. For this he has
discussed the various principles like territorial principle, nationality,
protective principle, passive personality principle, effects principle and
universality principle for the purpose of understanding and deciding the
issue of jurisdiction on international level.

He has stressed on the controversial issue of extradition of cyber criminals

and personal jurisdiction regarding cyber crimes. He has made a great attempt by
interpretation to find out the true intention of legislature behind the passing of Act
by referring and applying the Supreme Court Judgements for better understanding
the various provisions relating to cyber crimes.

He has critically analysed and pointed out the powers and functions of the
cyber Regulatory Appellate Tribunal, Controller of Certifying Authorities,
Adjudicating Officers and Police officers under the Information Technology Act.

6. Dr. Jyoti Rattan in her book “Cyber Laws & Information

Technology”36 has discussed all relevant concepts relating to cyber crimes
starting from the evolution of computer including its generation, types,
components, characteristics, advantages, disadvantages and emergence of
information technology including internet, networks, and cyber space. She
has also through light on the concept of netizens. She has discussed all the
concepts with examples which make her work more interesting and
comprehensible. In her book she has made a systematic study on the issue
of jurisdiction in cyber space at national and international level both for

35
Vakul Sharma, Information Technology: Law and Practice, (Universal Law Publication, Co.,
Delhi, 2010).
36
Dr. Jyoti Rattan, Cyber Laws & Information Technology (Bharat Law House Pvt. Ltd., New
Delhi, 2014).
11
 civil and criminal cases.

According to her, the use of a computer to carry out any conventional

criminal act is called as cyber crimes. Cyber crimes are basically aimed at stealing
the computer, damaging information or stealing information. She has classified
cyber crimes into six categories, firstly, based on old or new crimes committed on
computers; secondly, based on the victim of cyber crime; thirdly, based on nature
of cyber crime; fourthly, based on the role of computers; fifthly, based on source
and motive; sixthly, based on criminal activities.

She has mentioned the concept, importance and issues of intellectual

property rights i.e. trademarks, copyrights, patents and domain name dispute on
cyber space or digital medium. She has mentioned the concept of digital
signature, electronic signature and all the relevant provisions relating to it
including with procedure of authentication and recognition of it. She has also
through light on the electronic governance with relevant provisions given under
the Information Technology Act, 2000 as amended by Amendment Act, 2008. She
has also mentioned all the cyber offences recognised and punishable under
Information Technology Act, 2000 as amended by Amendment Act, 2008 and
also suggest for preventing the growth of these types of crime existing in the
society. She has also discussed all the grey areas of the Information Technology
Act, 2000.

7. Dr. Krishan Pal Malik in his book “Computer Information

Technology Law”37 has generally introduced the term computer and the
information technology law and provides statistics relating to the computer
and the information technology crimes reported across the country and
persons arrested for violation thereof. He has also explained all the basic
concepts in computer starting from origin to development of computers,
types, components etc. He has also made an attempt to describe the
fundamentals of internet including origin, history, types, cyber space etc.
He has also explained the objects and reasons of introducing Information
Technology Act in 2000 and amendments in 2008 covering with the law
relating to electronic signature, e-governance etc.

According to him cyber crime is not a single crime but a classification of

crimes, where use of the computer system is the prime element. He pointed out
37
Dr. Krishan Pal Malik, Computer Information Technology Law (Allahabad Law Agency,
Faridabad, 2010).
12
that the abuse of computers has also given birth to a gamut of new age crimes that
are addressed by the Information Technology Act, 2000. His study also covers all
the relevant legal provisions pertaining to investigation and adjudication of these
types of crime.

8. David S. Wall in his book “Cybercrime: The Transformation of Crime

in the Information Age”38 has discussed the facts for the transformation
of the concept of crime to cyber crime in the information age. He has
defined and classified the concept of cyber crime. He acknowledged in the
preface of his book that it is a very hard task to describe cyber crime as the
subject changes rapidly. According to him, cyber crime is not merely a
technology based behaviour but also but also by social and legal values
and economic drivers.

He has pointed out that the discussion about the cyber crime has been
dominated by the media and the politicians who often act without knowing about
the nature of such crimes. He stressed on the introduction of new laws for the
satisfaction of corporate and State needs. In his work, he provides all the relevant
material and the scientific framework for the analysis of his research problem.

He has excellently distinguished the generations of cyber crime. He

discussed in the first generation that cyber crime is committed by using the
computers and in second generation it is committed by using networks. In his
work he has classified cyber crimes in three categories i.e. firstly, offences related
to the integrity of the computer system; secondly, offences assisted by computers;
thirdly, offences focused upon the content of computers. According to him,
crackers, spammers and script kiddies are the cyber criminals who spread the
malicious software for hijack computers and earn money.

9. S.K. Verma and Raman Mittal in their book “Legal Dimensions of

Cyber Space”39 has discussed the meaning, types, characteristics and
components and contaminants of computers; concept of internet, its
history and development, merits, limitations etc. They have made a
comprehensive study on cyberspace i.e. computer, internet and cyber
crimes. They have systematically discussed the legal dimensions of all the
terms relating to cyber space. They suggested that we don’t need only to
be computer literate but also need to understand the huge number of issues
38
David S. Wall, Cybercrime: The Transformation of Crime in the Information Age (Polity
Press, Cambridge, U.K, 2007).
39
S.K. Verma and Raman Mittal, Legal Dimensions of Cyber Space (Indian Law Institute
Publication, 2004).
13
 that makes us dependant on computers.

While emphasizing on the importance of the computers and internet in day

to day life they have mentioned that “today it touches and influence almost every
aspect of our lives. We are in the information age and computers are the driving
force. We hardly do any activity that is not in some way dependent on
computers.”40 While commenting on the interlink of human-conflicts-law, they
have stated that where humans are, crime and conflict of interests cannot be far
behind, further, where arime and conflict of interests are, law must necessarily
march in order to take, control and regulate.41

10. Rodney D. Ryder in his book “Guide to Cyber Laws (Information

Technology Act, 2000, E-Commerce, Data Protection and the
Internet)42 has comprehensively discussed the provisions of the
Information Technology Act, 2000 which is further amended in 2008.
That’s why his book named as a guide to cyber laws which includes all the
provisions relating to information technology, e-commerce, data protection
and the internet with special reference to Information Technology Act,
2000. He has stated some weaknesses of the above said Act and also
suggested some measures for removing such weaknesses and curing the
offences relating to information technology, e-commerce, data and the
internet which we have called as cyber crimes.

He has properly analysed all the relevant provisions of cyber laws in order
to sort out the legal issues by explaining the science behind the new emerging
technology. He has mentioned the concept of digital signature, electronic
signature and all the relevant provisions relating to it including with procedure of
authentication and recognition of it. He has also through light on the electronic
governance with relevant provisions given under the Information Technology
Act, 2000 as amended by Amendment Act, 2008. He has also mentioned all the
cyber offences recognised and punishable under Information Technology Act,
2000 as amended by Amendment Act, 2008.

11. R.K. Chaubey in his book “An Introduction to Cyber Crime and
Cyber Law”43 has introduced the cyber crime including its meaning,
40
Id, p. 18.
41
Id, p. 2.
42
Rodney D. Ryder, Guide to Cyber Laws (Information Technology Act, 2000, E-Commerce,
Data Protection and the Internet), Wadhwa Publication, (2001)
43
R.K. Chaubey, An Introduction to Cyber Crime and Cyber Law, Kamal Law House Publication,
(2009)
14
 concept, nature, characteristics, various classifications etc. He has
discussed all the relevant provisions of cyber law dealing with cyber
crimes in cyber age. According to him, cyber crime is a latest type of
crime which affects the huge number of peoples in cyber age. He has
pointed out that it is increasing day-by-day as a greater challenge for law
investigators, law makers, law protectors and law researchers in the cyber
age. He has stressed on the concept of privacy and suggested for adopting
the privacy policies by websites at national and international level.

While emphasizing on the significance of right to privacy in digital age, he

has stated that the new technologies have enhanced the possibilities of invasion
into the privacy of individuals and provided new tools in the hands of
eavesdroppers. Thus, individual privacy is at greater stake than ever before.

Computers and the internet can be used to amass huge amount of data
regarding people, profile it in various ways, modify it and deal with it in a manner
which could violate individual’s privacy.44

12. Dr. Farooq Ahmed in his book “Cyber Law in India”45 has explained
the concepts of computer, internet with its evolutionary history. He has
discussed all relevant concepts pertaining to cyber crimes. He has
classified the cyber crimes on the basis of nature and purposes of the
offence and broadly grouped into three categories depending upon the
target of the crime. It may be against person, property or Government.

While emphasizing the present scenario of cyber crimes, he has stated that
“amidst the surging excitement and interest, however, runs a deep thread of
ambivalence toward connecting to the Internet. The Internet’s evil twin is the
home of Bad Guys- hackers, crackers, snackers, stalkers, phone phreaks and
other creepy web crawlers. Business fear that the Infobahn could suddenly veer
into the highway to Hell.”46

He has critically examines the provisions of the Information Technology

Act and analysed the scope of electronic commerce in the light of the Information
Technology Act and Indian Contract Act. He has also examined the interplay of
domain name disputes and Trademarks law, service provider’s liability for
44
Id, p. 108.
45
Dr. Farooq Ahmed, Cyber Law in India- Law on Internet (New Era Law Publications, Delhi,
2008)
46
Id, p. 366-367.
15
copyright infringement, defamation and pornography and cyber crimes.

13. Anirudh Rastogi in his book “Cyber Law- Law of Information

Technology and Internet”47 has explained the meaning, nature and scope
of cyber crimes and cyber offences punishable under the Information
Technology Act, 2000 as Amended by Amendment Act, 2008. According
to him, cyber crime encompasses any crime which involves any computer
system or network, where such system or network is a target of the crime,
a tool of the crime or as a repository of evidence related to crime.

The main concern of his work is to address and to point out that the scope
of the cyber crime is itself changing rapidly with the evolution of the information
technology and the scale at which it is used, or often misused. He has also
discussed the concept of intellectual property rights i.e. trademarks, copyrights,
patents and domain name dispute on cyber space.

He has mentioned the concept of digital signature, electronic signature and

all the relevant provisions relating to it including with procedure of authentication
and recognition of it. He has also through light on the electronic governance with
relevant provisions given under the Information Technology Act, 2000 as
amended by Amendment Act, 2008. He has made an attempt to analyse the cyber
laws governing the jurisdiction both in civil and criminal cases.

14. Vivek Sood in his book “Cyber Law Simplified”48 has discussed about
all the legal issues relating to cyber crimes, electronic evidence, its
relevancy, investigation procedure for dealing cyber crimes etc. He has
made the harmonious analysis of key provisions of the Information
Technology Act, 2000. He has explained all the concepts in a simple way
which would provides us the clear understanding of all the areas like
business, commerce, tax, information technology and human resources etc.

His book suggested solutions for various cyber legal problems. He has
given the suggestion for the application of various strategies to combat
cybercrimes and how to investigate these crimes. He also suggested for enhancing
the cooperation between the nation and the law enforcement agencies for bringing
the cyber criminals before law. His work successfully made an effort to facilitate
the legal planning, decision making and cyber legal compliance in the cyber
world. Moreover, he also stressed on the implementation of the extradition

Anirudh Rastogi, Cyber Law- Law of Information Technology and Internet (LexisNexis, 2014).
47

Vivek Sood, Cyber Law Simplified, (Tata Mcgraw- Hill Publishing Company Limited, New
48

Delhi, 2008).
16
treaties in the cyber age.

While discussing about the importance of technology, he has stated that

since cyber crimes are technology based, so the security technology is the best
answer to these crimes. He has also concluded that protect yourself is best mantra
against cyber crimes.

15. Dr. Vishwanath Paranjape in his book “Legal Dimensions of cyber

crimes and Preventive Laws with Special Reference to India” 49 has
stated that cyber crime is emerged as a global issue with the rapid
development of internet and computer technology. He has discussed
the various legal dimensions and Indian legislative measures for the
prevention of cyber crimes. He has comprehensively mentioned the
various conventions, conferences, summits etc. on cyber crimes held at
national and international level. His book is worked as the
comprehensive treatise on the law relating to cyber crimes and the
preventive strategies to check this global menace.

In his book he has made efforts to investigate and find out the relevant
legislation and judicial trends towards cyber crimes and cyber criminals. He has
also traced the origin of these types of crimes and its impact on the criminal
justice administration system. He has suggested that there is a need of
international cooperation between nations for curbing the cyber crimes.

16. Nandan Kamath in his book “Law relating to Computers, Internet and
E- Commerce: A Guide to Cyber Laws and the Information
Technology Act, 2000”50 has discussed about the legislative approach
towards computes, internet and e-commerce in cyber age with special
reference to Information Technology Act, 2000. According to him, the
internet has emerged as a means with immense potential which poses new
challenges in the recent times. He said that it is not surprising if any one
says that there are have been many attempts to control this crime through
the laws and regulations.

In his work he explores various aspects of cyber laws and cyber

regulations ranging from digital signatures to intellectual property concerns such
as copyright liability, rights in domain names and also ranging from cyber crime

49
Dr. Vishwanath Paranjape, Legal Dimensions of Cyber Crimes and Preventive Laws with
Special Reference to India (Central Law Agency Publication, 2010).
50
Nandan Kamath, Law relating to Computers, Internet and E-Commerce: A Guide to Cyber
Laws and the Information Technology Act, 2000 (Universal Law Publishing Co., 2009).
17
and cyber porn to the regulation of free speech on the net and the right to privacy.
He has also employed the comparative approach on the legislations.

After analysing the laws he commented on the emerging status of

electronic evidence in cyber age. He has comprehensively mentioned about the
authenticity, admissibility and production of electronic records and also discussed
about on whom the burden of proof lays in case of commission of cyber crimes.
He has suggested various medium i.e. laws and regulations for regulating and
controlling the cyber criminals.

17. Dr. Pawan Duggal in his book “Text Book on Cyber Law”51 has
comprehensively and simply discussed the emerging developments in
cyber law and its legal consequences and control mechanism for
understanding the phenomenon of cyber crime. This book covered not
only the emerging developments in cyber law but also the dark side of
Internet and World Wide Web with its consequences. He has covered all
the concepts relating to cyber crime. According to him, cyber law is a
phenomenon which is the most latest and complex in legal jurisprudence.

18. V.D. Dudeja in his book “Cyber Crime and the Law”52 has discussed
the new type of crime which has come into existence due to the use of
information technology, computer, internet and its advancement. He has
highlighted the various concepts relating to cyber crime and all the
relevant provisions of cyber laws. He has emphasized on the significance
of freedom of expression with reference to use of internet and suggested
that some reasonable restrictions can also be put on the use of computers
and internet in the interests of privacy and security purposes so that the
law can recognize the computer as a ‘weapon of offence’ as well as a
‘victim of offence.’ He has suggested various measures for the prevention
of these types of crime which are increasing day-by-day in the cyber
world.

19. Albert J. Marcellai and Robert S. Greenfield in their book “Cyber

Forensics-A Field Manual for Collecting, Examining and Processing
Evidence of Computer Crimes”53 have discussed comprehensively the
concept of cyber forensic and electronic evidence or evidence of
51
Pawan Duggal, Text Book on Cyber Law (Universal Law Publishing Pvt. Ltd., 2013).
52
V.D. Dudeja, Cyber Crime and the Law (Commonwealth Publication, 2002).
53
Albert J. Marcellai and Robert S. Greenfield in their book, Cyber Forensics-A Field Manual for
Collecting, Examining and Processing Evidence of Computer Crimes (Aurebuch Publications,
London, 2002).
18
 computer crimes with the various provisions relating its collection,
examination and its evidentiary value. They have introduced the broad
field of cyber forensics and presented the various tools and techniques
which are designed to maintain control over the organizations. In their
book, they have also provided a comprehensive, highly usable and clearly
organized resource to the issues and also provided techniques for
successfully investigating illegal activities perpetuated due to the use of
information technology. They have integrated the theory and practice to
present the policies, procedures, methodologies and legal ramifications
and implications of a cyber forensic investigation.

According to him, Cyber Forensics includes controlling measures or tips

of suspect computer and its environment by which it can operates, to mitigate its
potential exposures, chain of custody risk and to establish and follow a flowchart
for electronic evidence’s seizure. He has also provided the knowledge about
websites, organizations, hardware, and software with legislations, readings and
recommendations.

They have provided various suggestion with the help of which anyone can
understand how to identify the inappropriate use of corporate information
technology, examine computer environments to identify and gather electronic
evidence of wrongdoing, secure corporate system from further misuse, identify
individual responsible for engaging in inappropriate acts taken with or without
corporate computing system and protect and secure electronic evidence from
intentional and accidental modification or destruction. They have suggested the
essential procedures for protecting the corporate assets.

20. Peter Stephenson in his book “Investigating Computer- Related

Crime”54 has described the approach step-by-step for the better
understanding and investigating the security problems and also provided
the legal as well as technical information and computer forensics
techniques for preserving the computer security. He has discussed the
nature of cyber crime, its impact on 21st century, its investigation measures
and the difficulties encountered by public and private investigators. His
book also offered insights into collecting and preserving evidence,

interrogating witnesses and deals with issues in involving the

authorities. He has also reflects heightened focus on cyber stalking and

54
Peter Stephenson, Investigating Computer- Related Crime (CRC Press, New York, 2000).
19
 cyber crime scene assessment.

After discussing all the relevant concepts, he observed that in the

contemporary time of information technology traditional methods are not much
use for investigating and dealing with cyber crime. For combating this problem of
cyber world, he has suggested various modes, methods and techniques for its
investigation.

21. Chris Reed in his book “Internet Law Text and Materials”55 has
discussed the internet laws globally as compared to other available
materials on internet laws. His work is praised by many authors because he
uniquely examined the internet laws globally. In his book he
fundamentally analyzed those legal problems and principles which are
common to all countries. By analysed his book a researcher can easily
understand the true nature of a particular legal problem and to be able to
apply adequate legal rules to a problem.

22. D. Thomas and B.D. Loader in their book “Cyber-Crime Law

Enforcement, Security and Surveillance in the Information Age” 56 has
emphasized on the enforcement of cyber crime legislations and security
measures in the information age. In their book they have focused on the
enhanced role of law enforcement agencies in investigating the cyber
crimes. According to him proper enforcement of law in its letter and spirit
is more important than its enactment.

23. Bary C. Collin in his book “The Future of Cyber Terrorism”57 has
discussed classifications of cyber crimes but mainly stressed on cyber
terrorism. In his book he has examined the concept, history, evolution and
modes of cyber terrorism. According to him, cyber terrorism is a crime
against humanity. In his book he has also critically analysed the global
initiatives which are taken to prevent and control cyber terrorism.

24. James R. Richards in his book “Transnational Criminal

Organizations, Cyber Crime and Money Laundering”58 has discussed
and stress about the phenomenon of cyber crimes, transnational
criminal organizations and money laundering in the present scenario.
55
Chris Reed, Internet Law Text and Materials (Butterworths, London, 2000).
56
D. Thomas and B.D. Loader, Cyber-Crime Law Enforcement, Security and Surveillance in the
Information Age, (Routledge Publications, London, 2000).
57
Bary C. Collin, The Future of Cyber Terrorism (University of Illinois, Chicago, 1996).
58
James R. Richards, Transnational Criminal Organizations, Cyber Crime and Money
Laundering (CRC Press, New York, 1999).
20
 In his book, he specially throws light on the cross border nature of
cyber crimes. According to him the cyber criminals treats the whole
world as one home and carry their criminal activities which have
transnational ramifications.

1.3 Research Objectives

Research objective means the aim or purpose for which we want to search
into a problem for collecting relevant information and data. To identify a research
problem is that which provides the solution because it has been rightly said that
every problem has its own solution. By this statement it is necessary here to
discuss the objective of this research. The goals of this research study are to
describe all of the major aspects of cybercrime on a national and worldwide level.
The following are the primary aims of this research:

i) to trace the history and background of the origin of cyber crimes.

ii) to describe the concept, nature, scope, characteristics and various

classification of cyber crimes.

iii) to discuss the various cyber offences punishable in India under the
Information Technology Act, 2000 and also to examine the role of
judiciary in the implementation of Information Technology Act, 2000 with
the purpose to check whether the existing legal framework has been able to
cure the problem of cyber crimes.

iv) to analyse the international legislative and judicial response towards the
cyber crimes specially deals with the United States of America and United
Kingdom.

v) to compare the Indian current status of cyber legislation with the

legislation of United States of America and United Kingdom for the
purpose of exploring the deficiencies and inadequacies of Indian cyber
laws for evolving a comprehensive protection against cyber crimes.

vi) to make suggestions for the improvement and proper implementation of

cyber laws at national and international level.

1.4 Research Design

This study's research design is based on analytic and comparative
methodologies.

The purpose of this study is to see if there are any shortcomings or gaps
21
between the cyber laws of India and the United States of America (USA) and the
United Kingdom (UK), as well as a review of judicial trends in the interpretation
of current cyber laws. The necessary information for this study was gathered from
both primary and secondary legal sources. The researcher primarily relied on the
cyber legislations of the countries studied, namely India, the United States of
America, and the United Kingdom, as well as decided case laws of the courts in
India, the United States of America, and the United Kingdom, Law Commission
Reports, and all other information available on the official websites. The
researcher also used secondary materials such as law dictionaries, legal journals,
law reviews, periodicals and newspapers, and legal theories, as well as text books
on cyber law by prominent writers from these three nations, as noted above.

Review of related literature to know the work already done by others.

➢ The analysis of case laws.

➢ Further through comparative study the researcher intends to analyze the

existing cyber laws of India, USA and UK in order to understand, explain
and draw conclusion from it and also to critically analyze it to draw the
inadequacies and to express opinion on rational basis.

1.5 Scope of the Study

The current study focuses not only on comprehending the notion of
cybercrime, but also on explaining the circumstances that lead to the formation of
these types of crimes on both a national and international level.. Understanding
the variables that contribute to cybercrime in society can aid in the development
of adequate measures to counteract these causes in the future and overcome the
situation. Comprehensive Cyber Laws, Education, Policy Making, Technical
Training, and Awareness are all ways to combat these crimes. All of the
aforementioned methods for dealing with cybercrime are either ineffective or
ineffective. This lack of work necessitates either improving existing work or
establishing new paradigms for combating cyber-attacks. The scope of the present
study covers that all the wrongful and illegal activities on the cyber space using
internet should be treated as crime and the prosecution of the offender must be
done.

1.6 Research Methodology

The present research work is based on the Doctrinal or Non-empirical
research methodology which is concerned with doctrines, legal propositions or

22
propositions by way of analysing the existing statutory provisions and case laws
by applying the reasoning power. An attempt has been made to verify the
hypothesis through legal reasoning or rational deduction by analyzing the primary
and secondary sources of law including legislations, case laws, text books on law,
commentaries and official websites etc. The present research work also factually
relies on academic writings and newspaper reports to access the impact of cyber
crimes. The purpose of using this methodology is to ascertain a legal rule for
solving the problem of cyber crimes at national and international level and to
arrive at certain conclusion and to give suggestions.

1.7 Hypothesis
Hypothesis means an idea, supposition or proposed explanation which is
made as a starting point of further investigation without any assumption of its
truth on the basis of limited evidences or reasoning power. In simple words it is a
tentative statement the validity of which is yet to be tested. It may be proven
correct or wrong because it is based on supposition which is provisionally
accepted in order to interpret certain events or phenomenon and to provide
guidance for further investigation. The hypothesis formed for the present study is
mentioned as under:

1. The implementation of existing cyber laws both at national and

International level is not proper.

2. Jurisdiction is a major issue to tackle the cyber crime at international level.

23
 CHAPTER-II
MEANING, CONCEPT AND CLASSIFICATION
OF CYBER CRIMES
2.1 Introduction
“It is critical to emphasise here that the globe is no longer ruled by
weapons, oil, or money. It is controlled by ones and zeros.... little pieces of
data.... It's all about electrons. There is a world war going on out there. It isn't a
competition to see who has the most bullets. It's about who has power over what
we see and hear, how we work, and what we think. It's all about the data.” The
film follows the use of information technology to conduct theft on the
superhighway, with information serving as the commodity. 59

Social networking services have grown in popularity since the turn of the
millennium. Many people have used these sites to express themselves, make new
acquaintances, and reconnect with old ones. 60 Unfortunately, cyber criminals
have taken use of these sites to further their nefarious goals. People have started
to spend more and more time on such networks in recent years as they have
become increasingly reliant on them. The advancement of information technology
has an impact on people's lives all around the world in the current day. Every day,
new technologies and discoveries broaden the scientific reach while also posing
new problems for scientists for legal world. With the widespread growth of these
technology leads to commission of new types of crimes today on the cyber space
and also has become matter of global concern in future.

As the use of computers grew in popularity, so did the growth of technology,

and the term "cyber" became increasingly familiar to the public. The development of
information technology (IT) gave birth to the cyber realm, where everyone has equal
access to the internet.

With the use of modern technology, any information, data storage,

analysis, and so on may be accomplished.61

These crimes are similar to a cyber-attack on a person's, a company's, or a

government's protected information.

59
M. Dasgupta, Cyber Crime in India- A Comparative Study, 2009, p.8.
60
David Decary Hetu and Carlo Morselli, “Gang Presence in Social Network Sites”, International
Journal of Cyber Criminology, vol. 5 No. 2, July- Dec., 2011, p. 876, available at: http://
www.cybercrimejournal.com/davidcarlo2011julyijcc.pdf (visited on Oct. 8, 2012).
61
Farooq Ahmad, Cyber Law in India- Law on Internet, 2008, p. 367.
24
 These attacks do not target a physical body, but rather a person's or
company's virtual body.

Technology has exploded into businesses, communities, and people's lives

during the last two decades, changing the way people communicate, study, work,
and interact. On a variety of devices such as cell phones, tablets, and computers,
people from all over the world can connect in real time. 62 A single person's photo,
video, text message, or email can be viewed by hundreds or thousands of people
in a matter of seconds and go viral.

The Internet has also evolved into a new medium for wrongdoing, such as
threatening, harassing, intimidating, and injuring others. A harmful divergence
exists between the social (norms, legislation) and environmental (computer
availability) limits of computer criminal activity, which is a direct effect of
technological lobalization.63 Despite the fact that computers and the internet have
such a large impact on people's daily lives, just a small percentage of individuals
understand what they are.64 There is a need for a systematic study that thoroughly
examines the fundamental ideas of crime, cyber crime, cyber space, and cyber
security.

Concept of Cyberspace
William Gibson coined the phrase "cyber space," which he later described
as "an evocative and basically meaningless" buzzword that could be used as a
cypher (a text transformed to disguise its meaning) for all of his cybernetic ideas.

It's now used to refer to anything having to do with computers, information

technology, the internet, and the various internet cultures. 65 Cyber Space is the
virtual space in which all Information Technology mediated communication and
activity take place. Cyberspace can't be pinpointed in space. It's made up of
intangible items like your website, blog, social media profiles, email accounts,
personal information, and online reputation. Cyberspace can be compared to a

62
Steven D. Hazelwood and Sarah Koon Magnin, “Cyber Stalking and Cyber Harassment
Legislation in the United States: A Qualitative Analysis”, International Journal of Cyber
Criminology, vol. 7 No. 2, July- Dec., 2013, p. 155, available at: http://www.cybercrimejournal.
com/haze lwoodkoonmagninijcc2013vol7issue2.pdf (visited on Dec. 19, 2014).
63
Kathryn Seigfried- Spellar, Individual Differences of Internet Child Pornography Users:
Peculiar Findings in a Community Based Study, International Journal of Cyber Criminology, vol.
7 No. 2, July- Dec., 2013, p. 141, available at: http://www.cybercrimejournal.com/seigfried
spellarijcc 2013vol7issue2.pdf (visited on Feb. 22. 2017).
64
S.C. Sharma, “Study of Techno- Legal Aspects of Cyber Crime and Cyber Law Legislations”,
Nyaya Deep, 2008, p. 86.
65
Jyoti Ratan, Cyber Laws & Information Technology, 2014, p. 48.
25
worldwide electronic community with real-time communication and no physical
boundaries.66

Individuals can communicate, exchange ideas, share information, provide

social support, do business, direct actions, produce artistic media, play games,
engage in political conversations, and more in cyberspace, which is the electronic
medium of computer networks.67

Cyberspace, the new frontier, is mankind's collective legacy, yet some

people abuse it, and as a result, cyberspace has become a new frontier for various
types of crimes.68

It's now used to refer to anything having to do with computers, information

technology, the internet, and the various internet cultures. 69 The persons involved
in cyberspace are known as netizens which comes from the association of two
words ‘Internet’ and ‘citizen’. Thus Netizens means any person who is associated
with the use of computers, information technology and the Internet.

According to Webster’s Dictionary, Cyberspace is the electronic system of

interlinked networks of computers, bulletin boards, etc. that is thought of as being
a boundless environment providing access to information, interactive
communication, and, in science fiction, a form of virtual reality. 70
Cyberspace
means that ‘the notional environment in which electronic communication occurs
or virtual reality’71.

According to Chip Morningstar and F. Randall Farmer, cyberspace is

defined more by social interactions involved rather than its technical
implementation. The core characteristic is that must be an environment which
consists of many participants with the ability to affect and influence each other. In
cyberspace, the computational medium is an augmentation of the communication
channel between real people.72

2.2 Concept of Crime

Crimes have "always depended on the force, vigour, and movement of

66
Anirudh Rastogi, Cyber Law- Law of Information Technology and Internet, 2014, p. 2.
67
Supra note 7.
68
Veer Singh and B.B. Parsoon, “Cyber Crimes and the Need for National and International
Legal Control Regimes”, PULR, vol. 44, 2002, p. 39.
69
Supra note 7.
70
Krishan Pal Malik, Computer & Information Technology Law, 2010, p. 71.
71
Lawrence Gomes, “Cyber Crimes”, Criminal Law Journal, vol. 4, 2001, p. 185.
72
Available at: http://en.wikipedia.org/wiki/Cyberspace#cite_note-3 (visited on June 6, 2016).
26
public opinion from time to time, nation to country, and even within the same
country, from decade to decade," as it has been said.73

Crime is eternal; it has existed since the dawn of civilization and will
continue to exist indefinitely.

Criminals will modify their tactics as long as society improves its

safeguards.74

To better grasp the concept of crime, an attempt has been made to explain
it from the beginning to the present day.

The following are the explanations for these two time periods:

Early Concept of Crime

Since man's fall, crime and criminality have been associated with him.
Crime is elusive, and it always tries to hide in the face of progress. Depending on
the nature and scope of the crime, many countries have implemented different
ways to combat it.75 Because the link of family was significantly stronger than
that of the community, the injured party and his kindred may avenge the injustice
through private vengeance and self-redress prior to the 10th century, and resort to
legal remedies was considered merely an optional alternative to self-redress.. 76

At that time the wrongdoer was supposed to offer compensation to the

suffered person and the quantum of compensation was based on the extent of the
wrong caused and the status of the suffered person in the society. We can say that
as compare to modern time, the law did not compel in early days for regulating
the social relations. During the 12th and 13th centuries the Early English society
included only those acts as crimes

if committed against the state or the religion not others. There was no
recognition of distinction between the law of crime and torts during the early
societies and these societies only follow the law of wrongs. After entering into the
modern legal systems the law is administered at once irrespective of the wants of
the suffered party as soon as an offence is committed but in early societies the law

73
R.C. Nigam,” Law of Crimes in India”, Principles of Criminal Law, vol. 1, 1965, p. 3.
74
Anwar M. S. Masadeh, Combating Cyber Crimes –Legislative Approach– A Comparative Study,
p. 6, available at: http://www.almeezan.qa/ReferenceFiles.aspx?id=54&type=doc&language=en
(visited on March 21, 2017).
75
Aghatise E. Joseph, “Cyber Crime Definition”, Cyber Crime Research Centre (Last modified on
June 28, 2006), available at: http://www.scribd.com/document/195552552/Cybercrime-Definition
(visited on Feb. 22. 2017).
76
Amita Verma, Cyber Crimes & Law, 2009, p. 34.
27
was set into motion only when both the parties wants to submit themselves to the
judgement. During the period of 18th century also called as an era of miraculous
reorientation in criminology, it was believed that only the wrongdoer himself
could admit his criminal responsibility for his crime and no one including any
external agencies had anything to do with it. At that time it was clear that the
concept of crime is interlinked with social policy of that time.

Crime was less common in ancient society, when many aspects of human
life such as agriculture, political institutions, health services, medical science, and
basic amenities of life were still in their infancy. When it did occur, it was simple
in nature and stemmed from baser human instincts such as lust, greed, vengeance,
jealousy, and sexual drive.77 Physical force, body muscles, and intimidating tools
were also claimed to have been used in the past to perpetrate crimes..

Because of the differences in social conditions in different countries, the

incidence of crime in western countries is significantly higher than in India. 78
Crime is on the rise as a result of modernization, urbanisation, industrialization,
scientific and technological progress, and civilisation. The scientist is well-versed
in the approach for locating criminals who are engaged in criminal activities and
avoiding notice because the chance of being caught is reduced.. After this there
was the greater need for a new approach to crime and criminals so as to combat
with the new situations and criminals.

Modern Concept of Crime

The modern approach to crime is a practical one.79

Scientific progress, the industrial revolution, the refining of political

institutions, individual education and intellectual enlightenment, the relaxing of
religious control over society, and the fading of moral values have all altered the
criminal landscape in modern civilization. so in the information society.80

The law is always changing, adding new crimes to the catalogues while also
revising, adjusting, and eliminating previous ones. In the field of crime, there have
been remarkable changes.81 The evolving concept of crime depends on the progress of
human beings in society all over the world. Because a crime in one country may not
be a crime in another, and a crime at one period may not be a crime at another, and
77
Talat Fatima, Cyber Crimes, 2011, p. 61.
78
N.V. Paranjape, Criminology and Penology, 2007, p. 4.
79
Supra note 15, p. 36.
80
Supra note 19, p. 62.
81
Supra note 18, p. 36.
28
vice versa, the notion of crime takes on diverse meanings in different countries at
different times.

Because of economic development and wealth concentration, as well as

rapid advancements in mass media, traditional crimes such as murder, dacoity,
robbery, burglary, theft, prostitution, rape, and others have been transformed both
qualitatively and quantitatively, giving rise to new forms of criminality

Instead of months and years, crime waves are now recorded in hours and
minutes.82

Its unabated growth can be attributed to all of the social and economic
reasons, but it also has additional reasons, such as its ability to provide reasonable
anonymity to criminals and the insignificance of geographical borders, making
jurisdiction completely impossible to define and giving criminals a fair chance to
avoid legal action, which encourages them to go further.. Therefore, concept of
cybercrime finds its explanation in all those in other crimes with additional
features of its vastness, anonymity and lack of legal control regimes.83

Nature of Crimes
Almost all communities, in general, have some rules, beliefs, habits, and
traditions that its members implicitly accept as beneficial to their well-being and
healthy development. Anti-social behaviour is defined as a violation of these
respected norms and customs.84 Human actions that are prohibited by criminal law
and for which the state imposes a penalty are to be treated as crimes. There are
several human conducts in our society some are prohibited by moral code i.e.
immoral, some are prohibited by civil law i.e., civil wrong and some are
prohibited by criminal law i.e., crimes and those which are not prohibited by any
of these are not wrong. Therefore, crime is criminal wrong. 85 The changing nature
of the crime can be understood by the following way:

Crime can be defined as an act of public wrongdoing. Crime, according to

Blackstone, is a social wrong. He defines crime in two ways: first, it is an act
performed or omitted in violation of a public law prohibiting or commanding it;
and second, it is an act committed or omitted in violation of a public law
prohibiting or commanding it. We cannot accept this description in its totality

82
D.S. Wall, Cyber Crime: The Transformation of Crime in the Information Age, 2007, p. 3.
83
Supra note 18, pp. 36-37.
84
N.V. Paranjape, Criminology and Penology, 2009, p. 5.
85
Supra note 1, p. 6.
29
because Constitutional Law, Administrative Law, and other public law infractions
are not crimes. Second, he changes his definition to imply that a crime is a
violation of the public right obligations owed to the entire community, as a
whole.86

The foregoing definition was further modified by Stephen, the editor of

Blackstone's Commentaries, who stated, "A crime is a violation of a right,
considered in reference to the ill tendency of such violation as regards the
community at large."87 As a result, both Blackstone and Stephen emphasise that
crimes are violations of "those laws which harm the community." ‘Crime is an act
that is both prohibited by law and repugnant to society's moral feelings,' Stephen
continued..’88

In a second sense, crime might be viewed as a social wrong. According to

John Gillin, a crime is an act that has been proven to be truly damaging to society,
or that is perceived to be socially destructive by a group of individuals with the
capacity to impose their ideas, and that is prohibited by positive consequences. 89
According to Raffeale Garafalo, crime is an immoral and damaging act that is
seen as criminal by public opinion because it harms so much of the moral sense as
is represented by one or the other, of the basic altruistic sentiments of probity and
pity (honesty). Moreover, the injury must be to these sentiments not in their
superior and finer degrees, but in the average measure in which they are
possessed by a community as measure which is indispensable for the adaptation
of the individual to society.90

This is backed up by evidence. Crime, according to Sutherland, is a

symptom of social disorganisation. As a result, modern sociological
criminologists tend to regard it as a social occurrence that elicits society's
disapproval..91

In a third sense, crime can be defined as traditional wrongdoing. Crime,

according to Edwin Sutherland, is defined as illegal behaviour that violates the
law. An act is not a crime until it is prohibited by the criminal law, regardless of
its degree of immorality, reprehensibility, or obscenity. The criminal law, on the
86
William Blackstone, Commentaries on the Laws of England, vol. IV, p. 5, available at:
http://www.ijlp.in/ijlp/imageS/Volume%20-1,Issue-1(1),%20Mar-14.pdf (visited on Feb.20, 2015)
87
Kenny, Outlines of Criminal Law, 1996, p. 532.
88
Supra note 26, p. 6.
89
John Gillin, Criminology and Penology, 1945, p. 9.
90
K.N. Pillai, Principles of Criminology, 1920, p. 6.
91
Supra note 30.
30
other hand, is traditionally characterised as a set of precise rules governing human
behaviour that have been proclaimed by political authority, that apply consistently
to all members of the classes to which the laws apply, and that are enforced by the
State through punishment. The traits that set this body of laws for human
behaviour apart from others include the following:, polytonality, specificity,
uniformity and penal sanction.92

In a fourth sense, crime can be defined as a procedural error. According to

Austin, a crime is committed when the sovereign or his subordinate pursues a
wrong. A civil injury is a wrong that is pursued at the choice of the injured party
and his counsel.93 Kenny modified Austin's definition of crimes as wrongs with a
penal sanction that is not remissible by any private person, but is only remissible
by the crown, if it is remissible at all..94

Fifth, crime is defined as a legal wrong. According to Halsbury, a crime is

an unlawful act that is a public offence for which the perpetrator is liable to legal
penalty.95 According to criminal law, any human behaviour that is prohibited by
law is deemed a crime, however this does not cover all human behaviour. As a
result, it can be construed as a legal blunder. The term "offence" is defined under
Section 40 of the Indian Penal Code as "any act punishable by this code." In
India, penal law forbids and punishes all unlawful acts, conduct, or omissions that
are contrary to the law and public policy.

2.3 Fundamental Elements of Crime

With the exception of Strict Liability offences, the state must produce
proof of both actus reus and mens rea in order to convict someone of a crime. 96 In
the past, during the period of strict responsibility in Europe, the wrongdoer was
subjected to harsh punishments in order to appease the enraged deity. Later, the
divine link with the harm inflicted was replaced by the tying of human behaviour
with the harm produced, and such responsibility was extended to animals and
inanimate objects such as carts, cauldrons, timber baulks, wheels, boats, and the
like. Not only the actus reus, but also the mens rea with which the actus reus is
done, must be shown beyond a reasonable doubt before various punishments are

92
Edwin. H. Sutherland., Principles of Criminology, 1965, p. 4.
93
Austin, Lecture on Jurisprudence, 1920, pp. 249-253.
94
Supra note 29.
95
Supra note 26, pp.6-7.
96
Supra note 4, p.162.
31
imposed.97

Criminal law was simple and limited at the time, and offences were
equally simple and limited. However, by the 13th century, major offences known
as crimes had been recognised, and bot and wit were considered insufficient to
punish the guilty. The initial division between crime and tort was made as a result
of this. Moral culpability was related to criminal responsibility. The realisation of
the mental element in culpability was the catalyst for this shift in legal thinking. 98
The following are the two necessary ingredients of crime:

5.1 Actus reus in Cyber Crimes

The Latin word actus means'mental or spiritual act' 99. Actus reus is defined
as "any effect of human behaviour that the law strives to prohibit." 100
Cybercrime's actus reus is incredibly dynamic and diverse. 101 In simple terms, it
refers to the physical manifestation of human behaviour, which encompasses all
parts save the mental one. It refers to more than just an action; it also refers to the
current state of affairs.

J.C. Smith and B. Hogan considered actus reus as such result of human
conduct as the law seeks to prevent.102 Merely guilty intention is not enough to fix
the criminal liability but some act or omission on the part of doer is
necessary to complete offence.103 Actus reus in cyber crimes has become a
challenge as the entire act is committed in intangible surroundings. The
perpetrator may leave some footmarks in the machine itself though it becomes a
herculean task to prove it in the law courts as, it is required to be in physical form
or at least in such a form where it becomes admissible in evidence.104

The element of actus reus is very straightforward to identify in cyber

crimes, but it is extremely difficult to establish. When a person uses a computer
function; or accesses data stored on a computer or from a computer that has

97
Supra note 19, p.63.
98
Supra note 19, p.64.
99
Available at: https://www.merriam-webster.com/dictionary/actus (visited on April 9, 2017).
100
J. W. C. Turner, Kenny’s Outlines of Criminal Law, 1966, p. 17.
101
Samiksha Godara, “Prevention and Control of Cyber Crimes in India: Problems, Issues and
Strategies”, A Thesis submitted to Maharishi Dayanand University, April 1, 2013, p. 59, available
at: http://shodhganga.inflibnet.ac.in/bitstream/10603/7829/12/12_chapter%203.pdf (visited on
May 20, 2016).
102
J.C. Smith and B. Hogan, Criminal Law, 1988, p.103.
103
Supra note 19, pp.64-65.
104
Pretty Lather, “Cyber Crimes in India and the Legal Regime to Combat”, A Dissertation
submitted to University of Delhi, 2006, p. 15.
32
access to data stored outside; or attempts to gain access through the internet; or
passes signals through various computers, the fact of the occurrence of the act that
can be called a crime can be said to have occurred. 105 The prosecutrix's lack of
consent is a key component of the actus reus in rape proceedings. If the
prosecution fails to prove the absence of permission, the accused's actus reus will
likewise fail to prove, and the prosecution will lose. In this sense we can say
sometimes mens rea is also the part of actus reus.106

Mens rea in Cyber Crimes

“The jurisprudence of today knows that no crime can be committed unless
there is a mens rea.”107 Mens rea is the second essential element, which
constitutes crime and is often called 'a guilty mind'. This interpretation underwent
a gradual change until modern criminal law came to regard a guilty mind of some
kind or some other such mental element as always being necessary.108 Mens rea,
“guilty mind”, refers to the mal intent of the individual who committed the act. 109
The act remains the same while the state of mind makes the act ‘reus’ and hence
an offence. Almost all crimes require proof of a mental element of some sort.
Some courts have held that ‘all crime exists primarily in the mind’. Every offence
require a particular state of mind expressed in the particular provision of the law
by the words: ‘with intent’, ‘recklessly’, ‘ unlawfully’, ‘maliciously’, ‘wilfully’,
‘knowingly’, ‘fraudulently’, ‘knowing or believing’, ‘dishonestly’, ‘corruptly’,
‘allowing’ and ‘permitting’ expressing various states of mind which are different
from each other. However, intention, recklessness and knowledge are the
fundamental tenets of criminal liability.110

It is made up of a variety of mental behaviours such as intent, carelessness,

and neglect, among others. Because it is accurately argued that there cannot be
intention without foresight, the word intention is used to describe a man's state of
mind, which encompasses not only his ability to anticipate but also his
willingness to consider the prospective consequences of his actions. If a man
wishes to perform a specific act, he must have a reasonable expectation of the
outcome. There is no criminal culpability under the Common Law for any
damage or harm produced by someone acting without malice or acting in an
105
C. Gringras, The Laws of Internet, 1997, p. 216.
106
Supra note 44.
107
Supra note 15, p. 6.
108
Supra note 44, p.55.
109
Supra note 4, p. 162.
110
Supra note 19, pp. 65-66.
33
unforeseeable manner.

Mens rea has come to be recognised as an essential element of crime

except in statutory offences where liability is strict. With the advent of e-crimes,
the legal world faces the difficulty, besides many others to pinpoint mens rea in
cyber crimes.111 As essential ingredient for determining mens rea in internet
crime, on the part of the offender is that he or she must have been aware at the
time of causing the computer to perform the function that the access intended to
be secured was unauthorized. There must be, on the part of the hacker, intention
to secure access, though this intention can be directed at any computer and not at
a particular computer. Thus, the hackers need not be aware of which computer
exactly he or she was attacking.112 There are the two essential ingredients which
form the mens rea in case of hacking, firstly, the access intended to be secured
must have been unauthorized and secondly, as regarding the access there should
be awareness on the part of the hacker.

The mens rea in case of cyber crimes comprises two essential elements.
First, there must be ‘intent to secure access to any programme or data held in any
computer, computer system or computer network. Secondly, the person must
know at the time that he commits the actus reus that the access he intends to
secure is unauthorised.113 The nature of cyber crimes and the skills involved are
such that existing legal framework cannot do much to control and contain the
same. In fact, the cyberspace technology has undermined to a major extent the
traditional legal concepts like property and has impacted the rules of evidence like
burden of proof, locus standi and concepts of ‘mens rea’.114

Criminal Liability in Cyber Crimes

There are two elements of crime, one is mens rea and the other is actus
reus, according to the notion and type of crime. In crimes against the state such as
falsifying evidence, forging coins, white collar crime, and so on, just actus reus is
required to impose criminal culpability. The main premise of criminal law is that
a person cannot be convicted of a crime unless the prosecution can show it
beyond a reasonable doubt and his act or omission is banned by the law. If the
person was in a defined state of mind when the crime was done, he is accountable.
An actus reus without mens rea is also not deemed a crime, and vice versa.

111
Supra note 19, p. 67.
112
Supra note 18, p.40.
113
Vakul Sharma, Information Technology- Law & Practice, 2008, p. 135.
114
Supra note 10, pp.41-42.
34
 It is extremely difficult to prove both aspects of a crime in the case of
cybercrime. Cybercrime's actus reus is incredibly dynamic and diversified. 115 For
example, when a person uses a keyboard and mouse to operate a computer and
tries to access information on another person's computer without their knowledge,
there is an actus reus in cyberspace that the law wishes to regulate.

Cybercrimes have set in a debate as to whether a new legislation is needed

to deal with this new form of criminality. There is a school of thought that
believes that cybercrimes are not in any way dissimilar to the ordinary crimes like
trespass, larceny or conspiracy with a difference that a computer has been used as
medium or instrument for commission of crime. 116 The order school give much
credence to unique nature of the emerging technologies and unique set of
challenges, unknown to the existing criminal jurisprudence; such as nature and
scope of cybercrimes, intent and difficulty in locating the offender, jurisdiction
and enforcement. It contends that a new comprehensive legislation is needed to
deal with cybercrimes.117 To control the cybercrimes two strategies can be adopted
firstly, computer crime must be approached as both as traditional crime and
modern crimes committed through using high tech computers and secondly,
computer crime must be approached as a crime which is unique by nature for
which new legal framework is required.

2.4 Theories of Criminal Behaviour in Cyberspace

Several criminologists' theories on cyber crime have attempted to
understand criminal behaviour in cyberspace by examining the causes for which
criminals engage in delinquent behaviour in cyberspace, as well as developing
effective legal principles for the prevention and control of these types of cyber
criminal deviant behaviour.

There are three main branches of criminal science that deal with this: first,
criminology is the main branch of criminal science that deals with the causes of
crime and also whether an atomic structure, social surrounding circumstances, or
genetic history are contributory factors in crime commission. Second, Penology is
a discipline of criminal science that works with ideas of punishment, such as
preventative, rehabilitative, deterrent, reformative, therapeutic, and corrective
theories, that will be appropriate in today's societal environment to lower crime
rates. Third, criminal law is the substantive part of criminal science that defines
115
Supra note 1, p.11.
116
Watkins, “Computer Crime: Separating the Myth from Reality”, C.A. Magazine, Jan. 1981.
117
Parker, “Computer Abuse Research Update”, Computer Law Journal, vol. 2, 1980, pp. 329-52.
35
crimes and provides punishments, such as the Indian Penal Code 1860 for the
performance of wrongful acts that are prohibited by law and contrary to public
policy. The following are the numerous conceptions of criminal behaviour in
cyberspace:

Differential Association Theory This theory is founded on the idea that

modern society comprises many contradictory systems of norms and behaviours, as
stated by Edwin Sutherland in his 1947 book "Principles of Criminology." This theory
focuses on the differing notions of suitable behaviour that are a contributing element
in a variety of crimes. People develop certain behaviours via their interactions with
others, which can be criminal or sober. When people acquire illegal behaviour from
their personal groups through communication, they tend to repeat it and conduct
comparable crimes as a result.. 204
Individuals develop the values, attitudes, tactics,
and motives for criminal behaviour mostly through interaction with others,
according to this view.This theory is mostly concerned with deviant theories, as
well as how criminals learn to become criminals.

In the contemporary time period there are so many hi-tech society and
now-a-days it very common to see cyber criminal groups. In the year 1993, it was
rightly said by R. Blackburn that the behaviours of an individual is influenced by
peer pressures and peer attitudes. In the year 1989, the same was accepted by C.
Hollin in his work ‘Psychology and Crime: An Introduction to Criminological
Psychology’ in which he says that persons being associated with the criminals
have to be criminal and that they only have to express the favourable situation for
committing crime.

Social Learning and Bonding Theory

Social learning theory expands on Edwin Sutherland's Differential
Association Theory, which claims that criminal behaviour is learnt through
frequent contact with other criminals.

According to social learning theory, cyber criminals learn how to conduct

their crimes by first imitating others and then receiving reinforcement from those
individuals.118

Prof. Albert Bandura's study on imitation is also linked to this hypothesis..

Hirschi proposed the Social Bonding Theory, which focuses on the factors that
prevent a person from engaging in criminal activity. It explains a person's
aversion to crime by looking at their levels of attachment, commitment, and
118
Edwin Sutherland, Principles of Criminology, 1947, pp. 82-85.
36
participation, as well as their beliefs. Unfortunately, because of the temptation of
rapid money for the culprits, cybercrime is becoming acceptable as a type of
profession rather than a crime in various parts of the world. 119 According to
Rational choice theory which is based on based on a simple cost-benefit analysis
that the people himself make the basic decisions whether they can commit a crime
or not to commit. This depends on their own will not any other things.

Space Transition Theory of Cyber Crimes

This theory is developed by Jaishankar Kumar in order to explain the
causation of crimes in the cyberspace. Cyberspace presents an exciting new
frontier for criminologists. Virtual reality and computer mediated
communications challenge the traditional discourse of criminology, introducing
new forms of deviance, crime, and social control. Traditional theories such as
Social Learning Theory, Kohlberg's Moral Development Theory and Differential
Reinforcement Theory, Cohen's Strain Theory, Deindividuation Theory,
Gottfredson and Hirschi's General Theory of Crime, Routine Activities Theory,
and multiple theories have been used to try to explain cyber crimes. 120 This
hypothesis aims to describe the nature of criminal conduct in both cyberspace and
real space.121 People behave differently when they go from one space, such as
physical space, to another, such as cyber space, according to this hypothesis. The
main postulates of the theory are:

 Persons would not be able to commit a crime in physical space because of

their status and position but with their repressed criminal behavior they
have a propensity to commit crime in cyberspace

 There are various factors present on the cyberspace which provides the
offenders the choice to commit cyber crime i.e. Identity Flexibility,
Dissociative Anonymity and lack of Deterrence etc.

 The behavior of offenders which is criminal in nature

119
Christine Conradt, “Online Auction Fraud and Criminological Theories: the Adrian Ghighina
Case”,
International Journal of Cyber Criminology, vol. 6, No. 1, Jan.- June, 2012, p. 917.
available at: http://www.cybercrimejournal.com/christine2012janijcc.pdf (visited on Feb. 22.
2017)
120
Olumide, Longe, et.al., “Towards a Real Time Response Model for Policing the Cyberspace”,
2010,
p. 2 available at: http://www.iimahd.ernet.in/egov/ifip/oct2010/olumide-longe.htm (visited on
Jan.24, 2013)
121
Jai Shankar Kumar, Crimes of the Internet, 2008, p. 283-284.
37
 Intermittent ventures of offenders

 Closed society’s persons are more interested to commit crimes in

cyberspace rather than persons from open society.

 The conflict between Norms and Values of Physical Space with cyberspace

Structural-Functional Theories
The structural-functional theory's core discovery is that crime and
deviance are an unavoidable aspect of social order.

It was argued that society is an organism, a system of parts, all of which

work together to ensure the overall effectiveness and efficiency of the system.

Structural-functionalism is a consensus theory that sees society as being

founded on order, interdependence, and balance among parts in order to keep the
whole running smoothly.122 The idea emphasises on social order, which is
founded on unspoken agreements between groups and organisations, as well as
perspectives on social change as occurring in a gradual and orderly manner. This
theory also provides us insight understanding that crimes and deviance is not a
matter of a few bad peoples but it is necessary condition of good social living.

In this theory, Merton tries to highlight a strain between:

1. The cultural goals of a society

2. The legitimate or institutionalized means to achieve these goals

Routine Activity Theory

Cohen and Felson proposed the Routine Activity Theory in 1979. They
claimed that three conditions were required for a crime to occur: a motivated
criminal, a suitable target, and the absence of capable guardians. According to this
theory, crime is natural and dependent on the opportunities available. Crime will
occur if a target is not adequately safeguarded and the reward is worthwhile.
Hardened criminals, super-predators, convicted felons, and nasty people are not
required in crime.123 Crime, he claims, is just looking for an opportunity to
perpetrate. This idea informs us about the motivations for engaging in
cybercrime. By the systematic study we can get an idea that why peoples are
involving day-by-day in the commission of cyber crime.

Pratt, Holtfreter, and Reising points out that while Routine Activity
122
Supra note 62, p. 119.
123
Ibid.
38
Theory suggests that victims engaging indeviant ehavior are more likely to be
victimized victims of online auction fraud are typically involved in legitimate,
lawful ehavior at the time of victimization. Because of this, simply engaging in
procuring items from online auction sites is a high-risk behavior compared to
individuals that do not buy items via online auctions. In essences, although it is
not unlawful, the behavior of buying items through online auctions is not the
norm.124 Further, since the routine activities perspective was proposed after the
introduction of the lifestyle exposure theory and it encompasses not only the
theoretical element inherent in the lifestyle exposure theory but also two
additional elements, routine activities theory is thus perceived as an extension and
more general expression of the lifestyle exposure theory.125

Theory of Technology-Enabled Crime

McQuade reveals that understanding and maintaining relatively complex
crime is Initially quite difficult, and there is continual competition between the
criminals and law enforcement for technological advantage. As criminals do
something new and innovative, law enforcement must catch up in order to avert,
control, deter, and prevent new forms of crime. The theory provides a framework
for understanding all forms of criminality and especially those that are evolving
with computing and telecommunications technology inventions and
innovations. 126
This theory help the society by combining several categories of
criminological theories for the better understanding that the computer and
telecommunications technologies are becoming more complex and difficult and
also the preventive methods for investigation and controlling these forms of crime
on cyber space. The theory also provides for better understanding of threats posed
by emerging forms of cybercrime and also suggests the methods for criminal justice
and security measures for preventing such crimes.

According to McQuade, technology-enable crime theory encompasses that:

1. Commission of crime directly against computers and computer systems.

2. Use of this technology to commit or to facilitate the commission of

traditional crimes

124
Supra note 61, p. 915.
125
Fawn T. Ngo and Raymond Paternoster, “Cybercrime Victimization: An Examination of
Individual and Situational level Factors”, International Journal of Cyber Criminology, vol. 5, No.
1, Jan.- July, 2011, pp. 774-775, available at: http://www.cybercrimejournal.com/ngo2011ijcc.pdf
(visited on Feb. 22. 2017).
126
Supra note 64.
39
3. Bringing the unique challenges to old crimes.

2.5 Meaning and Concept of Cyber Crime

Norbert Wiener coined the term "cybernetics" in 1948 and defined it as
"the study of message as a way of managing machinery and society." It was not
until the 1980s that the term "cyber" became widely used. 127 In fact, in the twenty-
first century knowledge society, the term "cyber crime" is often used, and it is
formed by combining the words "cyber" and "crime." The term "cyber" refers to
the cyber space, also known as "virtual space," which is the informational space
represented by a computer and in which various objects or symbol images of
information can be found. As a result, it is the location where computer
programmes and data are processed.128

Cyber crimes are nothing but crimes of the real world perpetuated in the
medium of computer and hence there is no difference in defining a crime in cyber
world and real world. Only the medium of crime is different. 129 Cybercrime is
"international" or "transnational" – there are ‘no cyber-borders between
countries'.130 Computer crime, cyber crime, e-crime, hi-tech crime or electronic
crime generally refers to criminal activity where a computer or network is source,
tool, target or place of crime as well as traditional crime through the use of
computers like child pornography, Internet Fraud. In addition to cyber crime,
there is also ‘Computer supported crime’ which covers the use of computers by
criminals for communication and document or data storage.131

Cybercrime is mushrooming like a fungus. 132 In general, an act of action or

omission committed on or through or with the use of or associated with the
internet, whether directly or indirectly, that is prohibited by any legislation and
for which monetary and/or bodily penalty is provided is defined as cybercrime. 133

To put it another way, cyber crime refers to any offence or crime that

127
Norbert Weiner, “The Human Use of Human Beings: Cybernetics and Society” (1954)
referred by T.P.S. Rathore, “Cyber Terrorism and Information Technology Act, 2000”,
International Journal of Language Studies, vol.5, Aug. 2014, p. 1.
128
Supra note 7, p.215.
129
D. Latha, “Jurisdiction Issues in Cybercrimes”, Law Weekly Journal, vol.4, 2008, p. 86,
available at www.scconline.com (visited on July 25, 2015).
130
Guillaume Lovet Fortinet, “Fighting Cybercrime: Technical, Juridical and Ethical Challenges”,
Virus Bulletin Conference, 2009.
131
Supra note 71, p.85.
132
“Investigators Feel the Heat as Cyber Crimes on the Rise”, The Pioneer, February 22, 2010, p.
8.
133
Supra note 18, p.43.
40
involves the use of a computer. According to some experts, cybercrime is simply
conventional crime perpetrated by high-tech computers. Others argue that
cybercrime is a new category of crime that necessitates a comprehensive new
legal framework to reflect the unique nature of modern technology and issues that
traditional crimes do not address. States have viewed cybercrime as both classic
crime perpetrated through new means and a crime with a distinct character that
necessitates a new legal structure.

Cybercrime has a narrow statutory meaning as used in the Cybercrime Act,

2001 of Australia, which details offences against computer data and systems.
However, a broad meaning is given to cybercrime at an international level. In the
Council of Europe's Cybercrime Treaty134 cybercrime is used as an umbrella term
to refer to an array of criminal activity including offences against computer
data and systems, computer-related offences, content offences, and copyright
offences.135 The U.S Department of Justice, in its manual on computer crime,
defines such crimes as any violations of criminal law that involve a knowledge of
computer technology for their perpetration, investigation, or prosecution.136

Definition of Cyber crimes

The word "cyber crime" is misleading.137 It is a catch-all word for all illicit
operations carried out via computers, the Internet, cyberspace, and the worldwide
web. In India, no law has yet provided a meaning for the word "cyber crime."
Even after being amended by the Information Technology (Amendment) Act,
2008, the Indian Penal Code, 1860, does not utilise the phrase "cyber crime" at
any time.

"In the absence of a common definition of the notion of 'cybercrime' in the

legal framework of the European Union, several measures planned in the
Strategy relating to the fight against 'cybercrime' (such as measures to strengthen
cooperation amongst law enforcement bodies) are not clearly linked to precise
and well-defined offences." 138

EST no. 185

134

Australian Government, Australian Institute of Criminology, Attorney-General's Department,

135

2009, available at: http://www.aic.gov.au/crime_types/cybercrime/definitions.html (visited on

Feb. 22. 2017)
136
“Computer Crime Law and Legal Definition”, available at: https://definitions.uslegal.com
/c/computer-crime/, (visited on March 15, 2017).
137
Parthasarathi Pati, “Cyber Crimes”, available at: http://www.naavi.org/pati/pati_cybercrimes_
dec03.htm (visited on Feb. 13, 2017).
138
“Cyber Crimes”, available at: http://www.naavi.org/pati/pati_cybercrimes_ dec03.htm (visited
on Feb. 13, 2017).
41
 Cyber crime may be defined as “Any illegal act fostered or facilitated by a
computer, whether the computer is an object of a crime, an instrument used to
commit a crime, or a repository of evidence related to a crime.” 139 An online
dictionary defines “cybercrime” as “a crime committed on a computer
network.”140 Cybercrimes can be plainly defined as “crimes directed at a computer
or a computer system.”141 But the complex nature of cybercrimes cannot be
sufficiently expressed in such simple and limited terms.142 According to Pavan
Duggal, Cybercrime refers to all activities done with criminal intent in cyberspace
or using the medium of internet. These could be either the criminal activities in
the conventional sense or activities, newly evolved with the growth of the new
medium. Any activities which basically offend human sensibilities can be
included in the ambit of cybercrimes.143

“Computer crime can entail acts that are classic in nature, such as theft,
fraud, forgery, and mischief, all of which are normally subject to criminal
sanctions everywhere,” according to the United Nations Manual on the
Prevention and Control of Computer-Related Crime. The computer has also
spawned a slew of new possible misuses or abuses, some of which may or should
be illegal in nature.144 As a result, a more accurate definition of cybercrime is the
use of computer technology to commit crime; engaging in conduct that
jeopardises a society's ability to maintain internal order. Traditional and rising
cybercrime are both covered by this concept. It also encompasses any use of
computer technology, not merely the use of networked computer technology.145

Nature of Cyber Crimes

Cybercrime is mushrooming like a fungus.146 Cybercrime includes both

139
Sameer Hinduja, “Computer crime Investigations in the United States: Leveraging Knowledge
from the Past to Address the Future”, International Journal of Cyber Criminology, Vol. 1, No. 1,
January, 2007, available at: http://cybercrimejournal.com/sameer.pdf (visited on Feb. 22. 2017).
140
Susan W. Brenner, “At Light Speed: Attribution and Response to Cybercrime/ Terrorism/
Warfare”, The Journal of Criminal Law & criminology, vol. 97, No. 2, 2007, p. 382, available at:
http://scholarlycommons.law.northwestern.edu/cgi/viewcontent.cgi?article=7260&context=jclc
(visited on Feb. 13, 2017)
141
Peter Stephenson, Investigating Computer – Related Crime, 2000, p. 3.
142
Supra note 19, p.89.
143
Pawan Duggal, Cyberlaw- The Indian Perspective, 2002, p. 256.
144
UN Manual on the Prevention and Control of Computer Related Crime, 1994, para 22,
available at:http://216.55.97.163/wp-content/themes/bcb/bdf/int_regulations/un/
CompCrims_UN_Guide
.pdf (visited on Feb. 22. 2017).
145
Supra note 82, p. 386.
146
Supra note 74.
42
computer-specific crimes like hacking, e-mail spamming, and denial-of-service
assaults, as well as traditional crimes like theft, fraud, and extortion conducted
with a computer. As a result, a cyber crime may be subject to not just the
Information Technology Act of 2000, but also normal criminal law, such as the
Indian Penal Code of 1860. Depending on the nature of the offence, further laws
may be applied.147

Prof. S.T. Viswanathan has explain the nature of cyber crimes as follows:
firstly, any illegal action in which a computer is a tool or object of the crime; in
other words, any crime, the means or purpose of which is to influence the
function of computer. Secondly, any incident associated with computer
technology in which a victim suffered or could have suffered loss and a
perpetrator, by intention, made or could have made a gain. Thirdly, computer
abuse is considered as any illegal, unethical or unauthorized behaviour relating to
the automatic processing and transmission of data.148 According to Loader B.D., a
flexible communications system designed to withstand attack by means of
rerouting message has also proved difficult for governments to control. Sources
of illegal activity often require advanced computer skills to be detected as a
consequence of their anonymous character. 149

The combination of computers and telecommunications capabilities allows

for cybercrime. Our civilization has been fundamentally revolutionised by the
ability to exchange data across communications devices. This data-sending
capability, however, does not work in an ideal environment. An analogy might be
that criminals have been trying to pick locks since the invention of the first lock.
In the information era, it's the same way. Criminals may be attempting to steal or
corrupt data while it is being transferred; use it as ransom; spy on, or copy it
while it is being sent. The FBI believed that cybercrime was becoming prevalent
as early as 1998. These computer criminals, which are anonymous in a virtual
world, will be the next significant wave of crime perpetrators.150 A computer is a
subject matter, it can be victim, it can be the facilitator and it can be the
instrument of a crime. 151

The nature of cybercrime and the legal challenges it raises are international

147
Supra note 8, p. 82.
148
S.T. Viswanathan, The Indian Cyber Laws: with Cyber Glossary, 2001, p. 81.
149
D. Thomas and B.D. Loader, Cyber Crime Law Enforcement, Security and Surveillance in the
Information Age, 2000, p. 3.
150
Supra note 18, p. 47.
151
Supra note 1, p. 9-10.
43
in scope. Efforts have been made to ensure the harmonisation of provision in
particular countries through international organisations such as the G-8 Group,
OAS (Organization of American States), APEC (Asia-Pacific Economic
Cooperation), and the Council of Europe. Ensuring that the dual criminality
requirement is met could lead to more effective global cybercrime prosecution.
An strategy like this is especially important when it comes to investigating and
prosecuting assaults on computer systems and networks' infrastructure. 152 By
nature cyber crimes are different from other types of crimes which are discussed
as follows:

In everyday speech, the terms "cybercrimes" and "computer crimes" are

interchangeable. The term "computer crimes" encompasses not just crimes done
on the Internet, but also crimes conducted in connection with or with the
assistance of computers.153 The distinction between cybercrime and computer
crime is often misunderstood. Even the writers of cybercrime do not always
properly differentiate the concepts.154 As a result, it's critical to distinguish
between cybercrime and computer crime. Computer crimes are those committed
with the use of a computer or computers, whereas cybercrimes are those
committed with the use of a computer network.155

Donn B. Parker distinguishes between the concepts of computer crime and

cyber crime. Computer crime is a crime in which the perpetrator uses special
knowledge about computer technology but in cyber crimes, the perpetrator uses
special knowledge of cyberspace.156 In general, special computer operating skills
are not required to commit cyber crime. For example, in cyber crime, a suspect
and a victim may communicate via Web based chat-rooms, Microsoft Network
Messenger (MSN), or e-mail. Once the criminal gains the potential victim’s trust,
the criminal is in the position to commit a crime against the victim. In this case,
even though the Internet probably assisted the suspect in communicating with the
152
Stein Schjolberg and Amanda Hubbard, “Harmonizing National Legal Approaches on
Cybercrime”, International Telecommunication Union (ITU), Genewa, June 28- July 1, 2005,
available at: https:/
/www.itu.int/osg/spu/cybersecurity/docs/Background_Paper_Harmonizing_
National_and_Legal_Approaches_on_Cybercrime.pdf (visited on April 17, 2010).
153
S.K. Verma and Raman Mittal, Legal Dimensions of Cyberspace, 2004, p. 228.
154
Kyung-shick Choi, “An Empirical Assessment of an Integrated Theory of Computer Crime
Victimization”, International Journal of Cyber Criminology, vol. 21, No. 1, January-June, 2008,
p. 309, available at: http://www.cybercrimejournal.com/Choiijccjan2008.htm (visited on Feb. 22.
2017).
155
Soumyo D. Moitra, “Developing Policies for Cybercrime: Some Empirical Issues”, European
Journal of Crime, vol. 13, No. 3, 2005, p. 439.
156
Steven Furnell, Cybercrime: Vandalizing the Information Society, 2002, p. 21.
44
victim, it does not mean that the technology or the Internet caused the crime.157

Cybercrimes, uniquely different from traditional crimes, are often harder to

detect and prosecute. The Swedish Emergency Management Agency’s 2008 report,
“Information Security in Sweden: Situational Assessment,” observes that criminal
activity on the Internet has become progressively more sophisticated. Perpetrators
carry out cybercrimes through small, targeted Internet attacks, as well as
launching significant attacks using large networks of commercially leased,
hijacked computers.158 Chen Junjiing, researching the legal issues of cybercrime
in China, concludes that these crimes are more widespread than traditional crimes
and are increasing at a faster rate. Furthermore, cybercrime does greater damage
to society than traditional crime and is more difficult to investigate.159

Any criminal conduct involving computers and networks is classified as

cyber crime. Cybercrime also covers typical crimes that are carried out over the
Internet. When illicit behaviours are performed using a computer and the Internet,
such as hate crimes, telemarketing and Internet fraud, identity theft, and credit
card account thefts, these are dubbed cyber crimes. 160 In comparison to typical
crimes, hackers in cybercrime include professional thieves, criminal gangs, angry
employees, professional competition, activists, and disillusioned young and state
foes.

The evidence of the offences is the other distinction between these two
phrases. In classic crimes, criminals normally leave any evidence of the crime,
such as fingerprints or other tangible evidence, after or during the commission of
the crime. However, cybercriminals commit their crimes over the internet, and
there are extremely few chances of leaving any tangible evidence. According to
forensic investigators, it is sometimes difficult to acquire evidence for the
conviction of cybercriminals because they alter their identities after committing
the crime or commit the crime using the false identities of others. But as compare
to traditional criminals it is very difficult to fake their gender, race, or age etc.

On the basis of the use of force, these two terms can be distinguished.
Many conventional crimes, such as rape, murder, and burglary, entail the use of

157
E. Casey, Digital Evidence and Computer Crime, 2000, pp. 8-9.
158
Glenn Curtis, Ronald Dolan, et.al., “Cybercrime: An Annotated Bibliography of select Foreign-
Language Academic Literature”, 2009, pp. 3-4, available at: http://www.ncjrs.gov/pdffiles1/nij/
231832.pdf (visited on Feb.23, 2011)
159
Ibid.
160
“Cybercrime”, available at: http://www.webopedia.com/TERM/C/cyber_crime.html (visited on
Feb. 22, 2017).
45
extreme force, resulting in physical injury to the victim. However, in contrast to
traditional crimes, cybercrime does not necessitate the use of force because the
thieves just use the identities of other people to steal confidential information.

Characteristics of Cyber Crimes

Characteristics are the primary means by which we distinguish one item
from another. Cybercrime, like other types of crime, has some distinguishing
characteristics that set it apart from others. The following are the primary
characteristics of these crimes:

Cybercrime is inherently silent. This crime might be carried out in the

quiet of one's own home, with no need to personally contact the victim and no
eyewitnesses. There are no traces of physical violence or struggle at the murder
site, no cry of anguish, or anything else that would normally be associated with
typical crimes.161 This is the first attribute of cyber crime: a cyber criminal
conducts the crime secretly, without making a sound or fearing getting caught
red-handed. These crimes can be carried out with a single click of the mouse and
without the victim's knowledge. In the majority of these types of crimes, the
victim has no idea what has occurred to him, who has done it to him, or when it
was done. The nature of the crime's stroke would be rapid, silent, and with a
killing punch, as is accurately said.

Cybercrime is a global phenomenon. In this era of liberalisation and

globalisation, cybercrime must be recognised as a serious new phenomenon with
global political, social, and economic implications. Existing organised criminals
can employ sophisticated tactics to communicate between groups and inside a
group to support and expand networks for illicit arms trafficking, money
laundering, drug trafficking, pornography, and other cyber crimes thanks to the
internet's global connectedness.162 Because of the nature of cybercrime, any cyber
criminal can commit a crime from anywhere on the planet. It is not necessary to
go to the victim's location in order to commit a crime against him.

This type of crime creates high impact. In the case of bank robberies, for
example, the quantum of losses is constrained by the weight, and volume of
currency that can be carried away by the burglars. The amount burgled does not
close down the bank operations permanently. The chances of robbery taking place
again in the same bank are remote since it is possible to take suitable

161
Supra note 18, p. 48.
162
Supra note 1, p. 8.
46
precautionary measures and revamp the security of the bank. The loss of goodwill
isn't significant either. On the other hand, the impact of computer crimes is
significant, and it is not a one-time event, but rather a long-term one. It has the
potential to stifle the victim's operations and, in the majority of cases,
permanently disable them. More than the monetary loss, it is the loss of client
trust that will deliver the knockout blow, especially for companies whose primary
operation is dependent on the internet, i.e., e-commerce. Customers may lose faith
in the seller, and all of the efforts done to earn that trust may be lost in the blink
of an eye.163 These are also high-potential and simple-to-commit crimes.

Cyber crimes are also known for their low-risk, high-reward activities.
Cybercrime's most noticeable aspect is that it is relatively easy to commit,
difficult to detect, and even more difficult to prove. Cyber criminals with
rudimentary computer skills and experience can readily destroy valuable
databases, causing significant financial loss or damage to the victims of the
crime.164 As a result, this characteristic distinguishes this crime from others. This
characteristic of low risk, high reward initiatives may be evident in only a few
sorts of crimes.

Many times, the party or organisation that has been harmed by cybercrime
decides not to report it to the police for fear of negative publicity or losing public
faith. The victims' unwillingness and reluctance to come forward and submit a
police report against the cybercriminal exacerbates the scope of the problem of
cybercrime detection and control.

The other characteristic of the cyber crime is the non-existence of physical

evidence in the commission of cybercrime. In case of computer crime, the crime
scene does not yield any such physical evidence to indicate that the crime has
been committed. The place remains clean and tidy and there are no signs of
disturbance.165 This is the plus point in favour of the cyber criminals that by
committing such crimes there is no existence of any physical evidence against
him and as the negative point against the victim because he has to face many
hurdles for proving the crime against him without any physical evidence.

163
Supra note 103.
164
S.K. Bansal, Cyber Crime, 2003, p. 17.
165
Supra note 103.
47
Category of Cyber Criminals
“Amidst the surging excitement and interest, however runs a deep thread
of ambivalence towards connecting to the internet. The internet’s evil twin is the
home of “Bad Guys”-hackers, crackers, snackers, stalkers, phone preaks and
other creepy web crawlers. Business fear that the Infobahn could suddenly veer
into the highway to Hell”166

The impact of emerging information and communication technology on

people's lives in modern times is unavoidable, but the advantages and benefits of
global connectivity have also brought with them certain dangers arising from the
interconnection of information networks, which allow cyber criminals to conduct
criminal activities in cyberspace. 167 A cybercriminal is someone who engages in
cybercrime by using a computer as a tool, a target, or both. Hackers, for example,
were once more likely to be enthusiasts who broke into systems for personal gain.
While white-hat hacking hasn't disappeared, it's much more common now to see
hackers as professionals who sell their services to the highest bidder.168

Cybercriminals attempt to use computers in three ways: first, they use the
computer as a target for attacking other people's computers in order to carry out
malicious activities such as spreading viruses, data theft, identity theft, and so on;
second, they use the computer as a weapon for committing traditional crimes such
as spam, fraud, and illegal gambling.

Unlike traditional offenders, the cyber criminals are hi-tech knowledgeable

persons who invade rights of computer users by unauthorized access to their
computer system or computer network.169 Usually, they indulge in techno-
vandalism by unauthorized access which causing damage to files and programs of
the computer user. They are engaging in this type of activities not necessarily for
monetary gain but also may be prompted by an adventure or may be for the
purpose of harassing the victim.

The age profile of persons arrested in cyber crime cases under the IT Act,
2000 revealed that 62.5 percent of offenders were in the age group 18 years in
2015 and 52.7 percent in 2014, 3,188 out of 5,102 persons in 2015 and 2,238 out
166
Michael Rustard and Lori E. Eisenschmidt, “The Commercial Law of Internet Security”, High
Technology Law Journal, vol.10, No.2, 1995, p. 215, available at: http://scholarship.law.
berkeley.edu/cgi/viewcontent.cgi?article=1129&context=btlj (visited on Feb. 22. 2017)
167
Farooq Ahmed, Cyber Law in India-Law on Internet, 2005, p. 31.
168
Cary Janssen, “Cyber Criminal”, available at: http://www.techopedia.com/definition/ 27435/
cybercriminal (visited on June 19, 2015).
169
Supra note 45, p. 42.
48
of 4,246 persons in 2014 were under 30 years, and 30.08 percent of offenders
were in the age group 30 years in 2015 and 39.1 percent in 2014. A total of 3,502
people were charged in 2015, up to 1,931 in 2014. A total of 250 person during
2015 and 65 persons during 2014 were convicted and 358 persons during 2015
and 165 persons during 2014 were acquitted under cyber crime cases.170

The following are the category of cyber criminals on the basis of the object
because the cyber criminals constitute of various groups or category:

Children and adolescents

Cyber criminals are kids who are unaware that what they are doing is against
the law or a crime. The main causes of delinquent behaviour in children and teenagers
include inquisitiveness, curiosity, and a desire to learn new things. Hacking into
someone's computer system or website is an adventure or enjoyment for them.
Another plausible explanation is that they want to impress their friends and coworkers
by demonstrating their superior intellect. Unauthorized access may also
psychologically stimulate adolescents to investigate new websites without realising
they are engaging in criminal action. 171 The main reason for this delinquent
behaviour which is seen in children these days is mostly due to the willingness to
know and explore the new things through internet. The other reason may be to
prove them to be outstanding amongst other children in their group.

Organised Hackers in Cyberspace

Organized criminal organisations are gradually shifting their focus from
traditional criminal activities to more lucrative and less risky cyberspace operations.
While some traditional criminal organisations are looking for e-criminals with the
required technological skills, emerging forms of criminal networks focused solely on
e-crime have already arisen.172 A large amount of data is safeguarded and maintained
in computers for the purpose of e-business, and the industrial management for storing
data in electronic form has prompted these organisations to hire hackers to steal
credible, dependable, and valuable information for commercial advantage. In this
category, the organised hackers are also employed to crack the system of the
employer as a method for providing it safer by detecting all the ambiguities.

Hackers are mostly organized together to accomplish certain objective.

170
National Crime Records Bureau, Ministry of Home Affairs, cyber Crimes in India, 2015,
available at:http://ncrb.nic.in (visited on Nov. 11, 2016)
171
Supra note 45, p. 43.
172
Tatiana Tropina, “Cyber Crime and Organized Crime”, Freedom From Fear Magazine (F3),
available at: http://f3magazine.unicri.it/?p=310 (visited on Nov. 28, 2016)
49
Hacktivist are the hackers with a particular motive which may be to avenge their
political bias, fundamentalism or an act done for some big business organization for
causing damage to its rival competitors.173 Their work is motivated by the colour
of money. In this category of hackers are mostly employed to hack the site of the
rivals and get credible, reliable and valuable information.

A recent paper sponsored by the RAND Corporation’s National Security

Research Division, titled “Markets for Cybercrime Tools and Stolen Data”, said
the increasing size and complexity of cybercrime black markets is because the
hacker market, “once a varied landscape of discrete, ad hoc networks of
individuals initially motivated by little more than ego and notoriety, has as a
playground of financially driven, highly organized and sophisticated groups”.174
These kinds of hackers are mostly organised together to fulfil certain objective.
The reason may be to fulfil their political bias, fundamentalism, etc. The
Pakistanis are said to be one of the best quality hackers in the world. They mainly
target the Indian government sites with the purpose to fulfil their political
objectives. Further the NASA as well as the Microsoft sites is always under attack
by the hackers. These types of cyber criminals mainly focused on money but there
is always a little mystery about where is the money by using to cyber.

Discontented Employees
Employees who have been fired or ehavior by their employers for their
illegal conduct fall under this category. To avenge their dissatisfaction, these
individuals frequently resort to hacking their employers' computer systems in
order to inflict him financial loss or damage. Because of the widespread use of
computers and automation processes in modern times, it is simpler for unhappy
employees to cause more harm to their employers by hacking the computer,
which can knock the entire system down and so halt the employer's commercial
operations.175 This is due to the lack of trust by the employers on the employees,
poor communication between them and unlawful ehavior to each other is the main
factors responsible for the employees discontented. It will lead for increasing
negative relationship between them and encouraging for involvement in crimes.

173
Bombay Indian Express, July 10, 2001.
174
Taylor Armerding,“Cybercrime: Much more Organized”, (Last Modified on June 23, 2015),
available at: http://www.csoonline.com/article/2938529/cyber-attacks-espionage/cybercrime-
much-more- organized.html (visited on Nov. 28, 2016).
175
Supra note 45, p. 44.
50
The Typical Cybercriminal
Those who use computers and networks to conduct crimes fall into this
group of cyber criminals. There are almost always exceptions to the
characteristics of this category of people, but the majority of cybercriminals share
some characteristics. First, some of them have a measure of technical knowledge,
i.e. they use other people's malicious code. Second, some of them are
unconcerned about the law or rationalisations, and they wonder why certain laws
are in place. and lastly, some of the cyber criminals have the motive to commit
the crime for monetary gain, strong emotions, sexual impulses, political or
religious beliefs, or having the desire for fun and enjoyment.

2.6 Classification of Cyber Crimes

The computer related crime has already become an area of serious concern for
most of the countries of the world, and India is no exception to it. The prime
factor that has to be taken into consideration while deciding whether a particular
computer related activity be reckoned as cyber crime is that a distinction must be
drawn between what is unethical and what is illegal.176 Gabriel Weimann, an
Internet and security expert who teaches in the University of Mainz in Germany
and has studied militant’s use of website for nearly a decade, while addressing the
Internet security personnel said that, “website and chat room used by militant
Islamic Groups like Al-Qaida are not only used for dissemination of propaganda
but also for terrorist education. Al-Qaida has launched a practical website that
shows how to use weapon, how to carry out kidnapping and how to use fertilizers
to make a bomb.177

The level of development made by a country in computer technology is

directly related to the occurrence of cyber crime. According to a United Nations
assessment, more than half of the websites in the United States, Canada, and
Europe have experienced security breaches and threats of cyber terrorism, posing
a severe challenge to law enforcement agencies. In recent years, a new trend has
emerged in which militants are travelling for terror training. For terrorists who
use the Internet to educate recruits in cyber terrorist training camps, it has become
a vital teaching tool.178 Due to the global in nature these types of crime are

176
R.K. Raghvan, “Salutations”, CBI Bulletin, vol.8, No. 2, Feb., 1999, p. 4.
177
Gabriel Weimann , “Internet Security of Germany’s Federal Police Office”, The Times of
India, Nov. 23, 2007.
178
U.N. Report on International Review of Criminal Policy and Prevention & Control of
Computer Crime, Oct., 2005.
51
expanding globally day-by-day and affected the huge amount of peoples at the
same time.

In the absence of an internationally recognized definition of cybercrime or

computer crime, there has been a great deal of debate amongst the legal experts
on the term ‘computer misuse’ practice in vogue in this regard is to hold that the 2
terms have different implications. The criminal law applicable to cybercrime must
make a distinction between incidental misuse of a computer system, negligent
misuse and intentional misuse of computer system and it is the later, which should
be treated as a crime and not the former two.179 This is the misuse of a computer
system which should come under the criminal activities and should be punishable
under law.

In today's modern environment, the majority of individuals are unaware of

the types of offences that fall under the category of cybercrime. When it comes to
cybercrime, there are two sides to the storey. One is the victimisation side, while
the other is the generation side. Finally, they must be harmonised in that the
number of cybercrimes committed should be proportional to the number of
victims. Of course, there will not be a one-tone correlation because a single crime
can result in numerous victimizations and multiple crimes can result in a single
victimisation. Some crimes may not result in any victimisation, or at least no
victimisation that is measurable or recognised. 180

The most typical consequence of this type of crime is a growing threat to

business, and the motivation for these attacks has switched from celebrity to
profit over time.

There are several contentious topics regarding cybercrime. For example,

opinions disagree on whether or not certain prevalent actions should be
considered as criminal acts. All varieties of cybercrime make both the computer
and the person operating it victims; the difference is which of the two is the
primary target.181 The following are some of the broad categories that cybercrime
falls into:

179
Supra note 45, p. 57.
180
B. Muthukumaran, “Cyber Crimes Scenario in India”, Criminal Investigation Department
Review, 2008, p. 17, available at: http://www.gcl.in/downloads/bm_cybercrime.pdf (visited on
April 10, 2016).
181
Harpreet Singh Dalla and Geeta, “Cyber Crime- A Threat to Persons, Property, Government
and Societies”, International Journal of Advanced Research in Computer Science and Software
Engineering, vol. 3, No. 5, 2013, p. 997, available at: http://www.ijarcsse.com/docs/papers/
Volume_3/5_May2013/V3I5-0374.pdf (visited on Dec. 10, 2013)
52
Cybercrimes against Individual
The term crimes against the individual refers to those criminal offences
which are committed against the will of an individual like bodily harm, threat of
bodily harm generally including assault, battery, and domestic violence,
harassment, kidnapping, and stalking etc. but in reference to cyber crime this
category can be in the form of cyber stalking, distributing pornography,
trafficking, cyber bulling, child soliciting and abuse. Such cybercrime affects the
individual’s personality and affect the psychology of younger generation in a
unlawful manner. These are as following:

i. Unauthorized control/access over computer system

ii. Dissemination of obscene material

iii. Cyber-stalking

iv. Indecent exposure

v. E-mail Harassment

vi. Defamation

vii. Cheating & Fraud

viii. Email spoofing

Cybercrimes against individual’s Property

Cybercrime against all sorts of property is the second category of
cybercrime. As international trade expands, firms and consumers are increasingly
adopting computers to create, transfer, and retain information in electronic form
rather than conventional paper papers. Certain offences have a direct impact on a
person's property. Cybercrime against property is the name given to several types
of cybercrimes.

Cyber vandalism to steal databases from other firms with the help of a
corporate cyber spy to spread harm are examples of these types of cyber crimes.
A cyber thief can steal a person's bank details, misuse a credit card for online
purchases, use software to obtain access to an organization's website in order to
disrupt the organization's systems, and so on, much like in the real world.

Cybercrimes against Government or Organization

Certain crimes are committed by groups of people who use the internet to
endanger international governments or businesses, companies, or groups of
53
people. Organizational cybercrime is the name given to certain types of
cybercrimes. Cyber terrorism, in contrast to the other two categories, is defined as
crimes against the government. Cybercrime against the government can take the
form of a cyber attack on a government website, a cyber attack on a military
website, or cyber terrorism, among other things.

These crimes are done with the intent of instilling fear among the
inhabitants of a specific country by disseminating false information. If effective,
this category has the potential to generate panic among civilians. Cyber criminals
hack company websites, government firms, and military websites, or distribute
propaganda under this category of cyber crime. The offenders could be hostile
foreign governments or terrorist groups. This includes:

i. Cyber terrorism

ii. Possession of unauthorized information

iii. Unauthorized control over computer system

iv. Distribution of pirated software

v. Cyber vandalism.

vi. Virus

vii Net-trespass

v. Intellectual Property related crimes

vi. Cyber thefts

Cybercrimes against Society

Cybercrime against society refers to cybercrime that has a broad impact on
society's interests. These illegal acts are carried out with the goal of causing
damage to cyberspace, which will in turn harm a huge number of individuals. The
major goal of these types of crimes is to instill terror in the minds of the public,
which in turn will instill dread in the government. The cyber crimes against
society include the following types of crimes:

i. Cyber Pornography

ii. Online gambling

iii. Financial cyber crimes

iv. Cyber Trafficking

54
v. Cyber Forgery

Computers as a Tool in the Commission of Cybercrimes

A computer is used as a tool to perpetrate cybercrime in this category of
cybercrime. When a person is the primary aim of cybercrime, the computer might
be thought of as a tool rather than a target. The computer plays the same role in
this sort of cybercrime that the telephone does in telephone fraud.

The computer is utilised as the instrument of conducting cybercrime in this

type of cybercrime.Hackers alter computer programmes in order to perpetrate
cyber fraud.

Credit card frauds, online fund transfers and stock transfers, Scams, and
theft are all examples of cyber crime in this area. The following are the
cybercrimes included in this category:

i. Credit Cards Fraud

ii. Electronic funds transfer fraud

iii. Fraudulent use of Automated Teller Machine (ATM) cards and accounts

iv. E-Commerce fraud

v. Telecommunications fraud

vi. Stock transfers fraud etc.

Computers as a target in the Commission of Cybercrimes

When a computer is the target of a crime, the culprit either breaks into the
computer or attacks it from the outside. When comparing the three types of
cybercrime, this is the most professional since the criminal does programming
and uses computer exploits, and he or she always has a good professional
background in computer science.

This sort of cybercrime is only perpetrated by a small handful of

cybercriminals. In comparison to crimes that use a computer as a tool, these
crimes necessitate cyber criminals' technical knowledge. The main goal of these
cyber crimes is to cause direct computer system damage or get access to
important data kept on a computer. This involves stealing data or information
from a computer system, stealing computer software, blackmailing using
information obtained from a computer, and so on.

i) Intellectual Property Theft;

55
ii) Marketable information theft;

iii) Theft of data/information;

iv) Sabotage of computer, computer system or computer networks;

v) Unlawful access to government records and criminal justice etc.

Computers as incidental to Cybercrimes

In this category of cyber crime, a computer has a minor role in committing
the cyber crime. This includes hacking, cyber stalking, spamming, gambling,
insurance frauds, pornography, threats by e-mails etc.

i) Internet Crime are those crimes which includes the group crimes that make the
criminal use of the internet infrastructure like hacking, spamming,
Espionage etc.

ii) Web based Crime are those crimes which includes crimes relating to
website, e-mail, internet chat i.e. cheating, pornography, insurance fraud,
extortion, e-mail bombing, gambling, forgery, spoofing, cyber squatting,
sale of pirated software, defamation, sale of stolen data, cyber stalking,
illegal access etc.

Cyber Crime under Information Technology Act, 2000

Indian Parliament has passed the first legislation which is specifically
deals with cybercrimes. The legislative provisions relating to cyber crimes are
given under Chapter XI of the Information Technology Act, 2000 titled as
‘Offences’ which deals with the various types of offences which is done in the
electronic form or concerning with computers, computer systems, computer
networks. Strangely, the term ‘cyber crime, or ‘cyber offence’ is neither defined
nor this expression is used under the Information Technology Act, 2000.
Hereunder are mentioned those cyber crimes which are punishable under the
Information Technology Act, 2000. These are as follows:

i. Tampering with computer source documents

ii. Computer related offences

iii. Sending offensive messages through communication service

iv. Dishonestly receiving stolen computer resource or communication device

v. Identity Theft

vi. Cheating by personation by using computer resource

56
vii. Violation of privacy

viii. Cyber terrorism against the government organization

ix. Publishing of information, which is obscene in electronic form

x. Failure to comply with the directions given by Controller

xi. Access protected system

xii. Breach of confidentiality and privacy

xiii. Disclosure of information in breach of lawful contract

xiv. Offences related to Electronic Signature Certificate

xv. Offences by Companies

13. Factors Responsible for Cyber Crimes

Professor H.L.A. Hart in his classic work entitled ‘The Concept of Law’
has stated that human beings are vulnerable to unlawful acts which are crimes and
therefore, rules of law are required to protect them against such acts. Applying the
same analogy to cyberspace, the computer systems despite being hi-tech devices,
are extremely vulnerable. By gaining illicit or unauthorised access, this
technology can readily be utilised to fool or exploit a person or his computer. The
victim may have suffered direct or indirect damage as a result of the abuse of
computer systems. Because there is no reliable mechanism in place to prevent and
shield innocent computer users from cyber criminality, cyber criminals continue
to engage in illegal activities through networks without fear of being captured and
prosecuted for the crimes they commit. 182 The following are the causes that have
contributed to the rise of cybercrime.

The first cause for the growth of cybercrime is a large amount of data
storage capacity. The computer can store a large amount of data in a little amount
of space. In a CD-ROM, a little microprocessor computer chip can hold lakhs of
pages. Even if the power is switched off, the data contained in ROM is protected
and will not be lost. In a few of minutes, a cyber criminal can obtain a big amount
of confidential or official data from another person's computer. As a result,
cybercrime is on the rise.

Because computers run through operating systems that are made up of

millions of codes, the complexity of the computer system is the second reason
that contributes to the growth of cybercrime. Because the human mind is flawed,
182
H.L.A. Hart, The Concept of Law, 2012, p. 73.
57
there is always the possibility of a lapse at any stage of processing. Cyber
criminals are continuously on the lookout for opportunities to exploit these flaws
and get access to a computer system. On the internet, these types of criminals are
known as hackers, and they try to exploit flaws in existing operating systems and
security equipment. egligence of Network user is the third reason which is
responsible for the emergence of cybercrimes because negligence is closely
related to human conduct. There is always a probability that there might be any
negligence on the part of network user while he is trying to protect the computer
system. This negligence leads to a chance for the cyber criminal to gain
unauthorized or illegal access or control over the computers and commits
crime. Evidence unavailability or loss is the fourth reason which is responsible for
the emergence of cybercrimes. Now the digital computer processing and network
technology has replaced the traditional methods for producing, storing,
transmitting and disseminating information or records. Due to the emerging
nature of cyber crimes the issue raises before the law enforcement and
investigating agencies is for procuring and preserving evidence against the cyber
criminals. In comparison to traditional crimes, gathering adequate evidence of a
cyber crime to find him guilty beyond a reasonable doubt is extremely difficult.
Because of the anonymity provided by the internet, cyber criminals are motivated
to engage in criminal conduct without leaving any proof, and even if evidence is
left, it is difficult to persuade the authorities to file a case against them.

Due to the inadequacy of traditional methods of evidence and crime

investigation in modern times, it has become necessary to implement a new
techno-legal procedure known as cyber forensics. Forensic professionals play a
significant role in cybercrime investigations, collecting and presenting acceptable
electronic evidence, as well as searching for and seizing material evidence
relevant to the cybercrime under investigation. Instead of putting in the effort,
there are still some grey areas that allow a cyber criminal to tamper with evidence
in order to deceive the investigating agency.

Wider access to information is the fifth reason which is responsible for the
emergence of cybercrimes. Computer is defined as an electronic device which
performs function through complex technology rather than manual actions of
human beings. The wider access to information resources is the greatest
advantage of computer networking in the cyber age. More and more organizations
are resorting to networks for providing easily accessible information to their
employers, customers and parties with which they deal. In the present information

58
age this is the reason why networking and cyber activities are increasing day by
day. Due to the information dissemination through World Wide Web, new
resources have been created for faster and cost effective access to information
throughout the world. This facility leads to involve in crime commission on the
cyber space.

Jurisdictional uncertainty is the last factor which is responsible for the

emergence of cybercrimes. Cybercrimes cut across territorial borders which
undermine the feasibility and legitimacy of applying domestic laws which are
normally based on geographic or territorial jurisdiction. Cybercrimes are
committed through cyberspace network interconnectivity and therefore, they do
not recognize geographical limitations because of their transnational in nature.183
There has been little consistency in the legislation of procedure for dealing with
cyber criminals across countries. Sometimes the issue arises that a specific
internet behaviour is recognised as a crime in one country but not in the country
where the criminal or victim resides. As a result of this gap, the criminal can
easily avoid prosecution under cyber law. In the absence of a single
internationally recognised code of law and procedure governing cybercrime, law
enforcement officials find it extremely difficult to deal with it.

In the field of criminology, it has been argued that a crime will occur when
and only when the chance arises. Previously, we only knew about classic forms of
crimes such as murder, rape, theft, extortion, robbery, and dacoity. However, with
the advent of science and technology, such as computers and internet services,
new forms of crimes have emerged, such as hacking and cyber pornography.
Science, new technology, and the internet have created a new virtual heaven for
good and wicked people to enter and mingle with a wide variety of civilizations
and subcultures.

However, the internet will become a virtual hell for everyone in the future
if it falls into the wrong hands or is utilised or controlled by those with dirty
minds and malevolent motives. Because of the usefulness of information
technology and the internet, cyber criminals and terrorists have turned to
computers as a target or a tool for committing crimes.

183
“State Actor linked to major Cyber Intrusions in India, World: McAfee report says 72
organizations in 14 countries hacked into four years”, The Hindu, Aug. 4, 2011, p. 1.
59
 CHAPTER-III
HISTORICAL DEVELOPMENT OF CYBER CRIMES

3.1 Introduction
“In online, the bounds of acceptable activity, or even ethical behaviour,
have yet to be properly established. There is also no agreement on what sorts of
data can and should be deemed network property, as well as what constitutes theft
or interference with this property.”184

Every subject of study and competence produces a corpus of information

that separates professionals from amateurs. A shared history of major events that
have shaped the field's evolution is one component of that corpus of knowledge.
Newcomers to the profession benefit from learning the names of important people
and events in their field so that they can interpret references from more
experienced people.185 That’s why studying historical background is the first step
towards analyzing any phenomenon.

Cyber crime is an evil having its origin in the growing dependence on

computer in modern life. There is a wide range of offences that can be committed
through communication technology.186 Commonly, the cyber crimes can be
categorized into various forms including firstly, committing new offences by
using new technologies like cyber crimes against computer systems and data and
secondly, committing old offences by using new technology like using computer
network for facilitating the commission of a cyber crime.

The Internet was considered to be a unique medium with the highest speed
of dispersion in human history as early as the early 1990s. There are relatively
few people today whose lives are unaffected by Internet-era technology, both
positively and negatively. On the plus side, the capacity to instantly communicate
and distribute knowledge has brought unparalleled benefits to education, trade,
entertainment, and social contact. On the bad side, it has increased the opportunity
for crime to be committed. Information technology has allowed potential
criminals to commit large-scale crimes for essentially little money and with a

184
Marshall Herbert MeLuhan, “The Promise of Global Networks”, Annual Review of
Institute for Information Studies, 1999, pp. 164-165.
185
M.E. Kabay, A Brief History of Computer Crime, 2008, p. 3 available at:
http://www.mekabay. com/overviews/history.pdf (visited on March 9, 2017)
186
“History of Cyber Crime”, available at: http://www.bezaspeaks.com/cybercrime/history.htm
(visited on March 9, 2017).
60
considerably lower risk of being caught.

Compared to perpetrators of traditional economic-motivated crimes (e.g.,

burglaries, larcenies, bank robberies) online are relatively free of worry from
directly encountering law enforcement and witnesses.187 In the past decade,
technology has altered the way teenagers communicate and interact with their
peers; teenagers’ increased reliance on technology is well documented.188

A computer is a programmable machine designed to sequentially and

automatically carry out a sequence of arithmetic or logical operations. 189 The
history of computer is littered with milestone.190 The birth of computers and
computer law are inexorably intertwined and fixing a date of their origin is
difficult. Blaise Pascal who built the first digital but non electronic computer in
1642 taught to the world the ABC of computer building.191 Charles Babbage is
considered as the father of computers for inventing the first mechanical computer
which eventually led to more complex designs and in 1822 he started again with
the invention of difference engine which is made in keeping mind to compute
values of polynomial functions.

With regard to cyber crimes the evolution of computer can be traced

from1896 when Herman Hollerith invented the first punch card tabulation
machines for the United States of America’s (USA) census bureau for using it in
sorting and analyzing data. But In 1924, it was acquired by IBM. After this in
1946, Dr. J. Presper Eckert and Dr. John Mauchly invented the first-digital
computer which was known as Electronic Numerical Integrator and Computer
(ENIAC) and thereafter they invented the Universal Automatic Computer
(UNIVAC) which was the first commercially marketed computer. Government of
the USA grants him for this invention and in the year 1950, they delivered it to
187
Shun Young Kevin Wang and Wilson Haung, “The Evolutional View of the Types of Identity
Thefts and Online Frauds in the Era of the Internet”, Internet Journal of Criminology (online),
2011, p. 2, available at: http://media.wix.com/ugd/b93dd4_83ceccb58ea64dcd8bd7 a6aa67f082
fe. pdf (visited on March 9, 2017).
188
Kathy Martinez Prather and Donna M. Vandiver, “Sexting among Teenagers in the United
States: A Retrospective analysis of Identifying Motivating Factors, Potential Targets and the Role
of a capable Guardian”, International Journal of Cyber Criminology, vol.8, No.1, January-June,
2014, p. 21, available at:
http://www.cybercrimejournal.com/pratherVandiverijcc2014vol8issue1.pdf (visited on March 9,
2017).
189
“Introduction and Evolution of Computer”, available at: http://fundamentalofcomputing.
blogspot.in/p/introduction-and-evolution-of-computer.html (visited on March 10, 2017).
190
Wayne Williams, “The Evolution of Computer from 1613 to 2013”, available at:
https://betanews.com/2014/09/05/the-evolution-of-the-computer-from-1613-to-2013/ (visited on
March 10, 2017).
191
Talat Fatima, Cyber Crimes, 2011, p. 5.
61
the USA census bureau.

Before 1957 there was no scope to communicate with others through new
technology worldwide. In the year 1957 the then President of the United States of
America Dwight Eisenhower authorized the creation of the Advanced Research
Projects Agency (ARPA) following the Soviet Union’s first artificial earth-
orbiting satellite called sputnik. In the 1960s due to cold war the United States of
America concentrated on communication during war time more than others
concerned. Therefore, in the year 1962, Dr. J.C.R. Licklider was appointed to
administer new technology. He developed network system which is called ARPA
net. The US Defense Department and APRA-Net joined together in the year 1969
and introduced first node for communication as network installation at the
University California, Los Angeles. Other nodes were installed at Stanford research
Institute, University of Utah and UC Santa Barbara; first four computers with
internet with about 50 KBPS circuits and at that time UNIX were developed.192 In
1971, Ray Tomlinson sent the first electronic mail message and the University of
Wisconsin developed system or server for Internet in the year 1983.

In the year 1976 Steve Jobs and Steve Wozniak created the Apple I.193 In
the year1984; Domain Name Server (DNS) was introduced. Meanwhile, Willian
Gibon described online world and communication and coined the name of cyber
world as ‘cyberspace’ in his publication named “Neuromancer”.

The origins of the Internet lie in the military domain. 194 In the year 1990
the internet was introduced ceasing ARPA Net and Tim Berners Lee writes the
first browser which was coined as World Wide Web. By the year 1995 the
internet split globally through World Wide Web with concepts of Local Area
Network (LAN), Network Neighborhood and Data over Cable Service Interface
Specific (DOCSIS). Wireless communication with Wireless Application Protocol
(WAP) and Wireless Markup Language (WML) were introduced in the 20th
century and developed in the year 2001. On April 2002 wireless network was
published on the Extreme Tech website.195 At that time mostly hackers were
motivated for using low cost, speedy and wireless communication device for
remote access connections along with mobile computer systems. With the same
time in the contemporary era of communication convergence and new multimedia
technology period Mobile Technology took their shape worldwide.
192
M.Dasgupta, Cyber Crime in India- A Comparative Study, 2009, pp. 27-28.
193
Supra note 7.
194
Steven Furnell, Cybercrime: Vandalizing the Information Society, 2002, p. 3.
195
Supra note 9, p. 29.
62
3.2 History of Cyber Crimes
It can be said that cybercrime has had a short but highly eventful history.
There are different views regarding the actual status of existence of this new
variety of crime actually. Some says that when the computer came with the
invention of the first abacus since people used calculating machines for wrong
purposes, hence it can be said that cybercrime per se has been around ever.
Actually the history of cyber crimes firstly started with the hackers who trying to
break into computer networks just only for the thrill of accessing high level
security networks or to gain sensitive or secured information or any secret for
personal benefits or for revenge. The brief historical development of cyber crime
in the use of computers and computer networks is discussed as under:

3.3 Early History

It is very difficult to determine when the first crime involving a
computer actually occurred.196 Because gathering of information and mechanical
cryptographic system can be traced more than 5,000 years before.197 Oftenly,
early computer crimes involved the subversion of the long distance telephone
networks and the physical damages to computer systems. In 1900 B.C, the
encryption and decryption system of information was in existence which was
used by an Egyptian. After this Julius Caesar used a normal alphabet in
government communications in 100-44 B.C. for the purpose of maintaining
information security. An attempt has been made to find out the early history of
cyber crimes from the phase of 1820’s. The brief early history of cyber crime in
the use of computers and computer networks is discussed as under:

In the phase of 1820’s to 1970’s- Sabotage and Direct Damage to

Computer systems

In the year 1820, the first cybercrime was documented. That's hardly
unexpected given that the abacus, which is regarded to be the earliest form of
computer, has been used in India, Japan, and China since 3500 B.C. The era of
contemporary computers, on the other hand, began with Charles Babbage's
analytical engine. The loom was invented by Joseph-Marie Jacquard, a French
textile producer, in 1820. This technology allowed a succession of steps in the
weaving of specific fabrics to be repeated. Employees at Jacquard were concerned
196
United Nations Manual on the Prevention and Control of Computer Related Crime, 1994, p. 5,
available at: http://216.55.97.163/wp-content/themes/bcb/bdf/int_regulations/un/
CompCrims_UN_ Guide.pdf, (visited on March 15, 2017).
197
Frederick B. Cohen, Protection and Security on the Information Superhighway, 1995, p. 13.
63
that their traditional jobs and livelihoods might be jeopardised as a result of this.
They carried out acts of sabotage in order to deter Jacquard from using it again. 198
This is known as the first recorded cyber crime in the history. Actually the
physical damages to computer systems and subversion of the long distance
telephone networks were involved in the early computer crimes.

The history of hacking can be traced from 1870’s use of brand new
telephone by teenager’s generally for telephone phreaking.199 It is considered that
with the evolution of computer technology, for the first time in history the
computer related problems are going to evolve with negative result in the form of
computer crime or cyber crime like cyber theft, unauthorized access to computer,
systems and device etc. After this there was the great need of a new technology
which would help in maintaining information stored in computer as well as their
system data base.

U.S. is the birthplace of the Internet and experienced the first computer
facilitated crime in the year 1969.200 After this in the time period of 1960s and
1970s, a litany of early physical attacks on computer systems was catalogued by
Thomas Whiteside. Those cyber criminals who were involved in telephone
phreakers became hackers in the 1960’s because they had an extra curiosity to
know about computer, computer system and its use for their own ends in the early
1960’s. They went on their work with the curiosity to learn the change of
computer code of the system. But in the early stage of this new technology these
crimes were committed by technology experts who directly attack into the
computer, computer system or computer network.

When police were brought in to put an end to a student occupation of

multiple levels of the Hall Building in February 1969, the greatest student riot in
Canada erupted. Students were protesting a professor accused of racism, and
when the cops arrived, a fire broke out, destroying computer data and academic
property. The overall cost of the damage was $2 million, and 97 persons were
detained.201

In the phase of 1970’s to1980’s- Direct Damage to Computer centres

198
Harpreet Singh Dalla and Geeta, “Cyber Crime- A Threat to Persons, Property, Government
and societies”, International Journal of Advanced Research in Computer Science and Software
Engineering , vol.3, No. 5, May, 2013, p. 997, available at: http://www.ijarcsse.com/docs/
papers/Volume_3/5_May2013/V3I5-0374.pdf (visited on March 9, 2017).
199
Supra note 9, p. 29.
200
Supra note 8, p.454.
201
M.E. Kabay, A Brief History of Computer Crime, 2008, p. 5 available at:
http://www.mekabay. com/overviews/history.pdf (visited on March 9, 2017).
64
 In the year 1970, the malicious association became evident with the
purpose of hacking and at that time the early computerized phone system were the
target. They were associated with the purpose to directly damage to computer
centres. Also at that time, Germen state of Hesse enacted the world 1 st computer
specific law in the form of Data Protection Act, 1970 with new cyber technology.
With the passage of time technology also emerged with its misuse and then there
was the need of strict statutory laws for regulating the criminal activities in cyber
world.

By the year 1970, the cyber world and network was open to worldwide
users. And by that time another cyber crime evolved and became legal challenge
worldwide that is cyber pornography. The year of 1970 is the landmark for telephone
tampering by John Draper. He was an U.S. Air Force veteran and engineering
technician for national semi-conductor. He went by the alias of cap’n crunch. In
the year 1971 in Vietnam he found that the cap’n crunch cereal boxes whistle can
reproduce a tone of 2,600 megahertz; by blowing that whistle into a telephone
receiver, phreakers could make free calls at that time. By blowing a precise tone
the accused John Draper used to make long distance call for free of charge into a
telephone. That precise tone used to inform the telephone system to open a line or
connect with line.202 Most of the teenagers were encouraged by magazines and
also with the technical assistance programmes at that time because these consist
with the process of tampering the telephone phreaking.

In 1972, the Inter Networking Working Group is founded to govern the

standards of the Internet. In 1973, teller at New York’s Dime Savings Bank uses a
computer to embezzle over $2 million.203 Whitfield Diffie and Martin Hellman
proposed public key cryptography in 1976 as a way to adopt security standard
software to prevent and regulate computer misuse. Ronald L. Rivest, Leonard M.
Adleman, and Adi Shamir released new software for public key cryptography and
digital signature in 1977 in the United States. Even the concept of personal
computers (PCs) was unknown to them until the late 1980s. As a result,
programmers and hackers were associated with computer centres and cyber cafés
in Russia at the time. They used to collaborate closely to create brand names such
as IBM, DEC, operating systems, and software packaging. Hackers began to use
programme code.204 The Russian Government employed those programmers for
security measures in the late 1960s and 1970s.
202
Supra note 9, p. 31.
203
Supra note 18.
204
Supra note 9, p. 32.
65
 In the year 1978, the primary means of communication for the electronic
underground was appeared and became the first electronic bulletin board system
(BBS). In the year 1981, Ian Murphy, aka known as “captain Zap” broke into AT
& T’s computers and changed the billing clock with the purpose that people can
receive discounted rates during normal business hours and due to this incident he
becomes first felon convicted of a computer crime.

In the year 1981 the first virus exposed to world that came into being
before the experimental work which defines viruses of contemporary world. That
was founded on the Apple II operating system and spread on Appeal II floppy
disk which contains the operating system. In the year 1983 in November, the first
documented experimental virus was conceived to be presented at a weekly
seminar computer security, by the author and the name “virus” by Len Adleman.
In the year 1984 Fred Cohen defines computer virus as “a computer programme
that can affect other computer programmes by modifying them in such a way as
to include a possibly evolved copy of itself”. In the year 1986 Brain and Virdem,
two Pakistani’s, developed a method of infecting it with a virus they dubbed
“Brain” which could infect 360 kb floppy with “© Brain” for a volume
label.205They also widely sped this virus on MS-DOS P system. It is called that
this was the first file virus which was created in this year.

The United Kingdom has enacted several legislations like the Data
Protection Act, 1984; the Access to Personal Files Act 1987, the Copyright
(Computer Software) Amendment Act 1985, the Interception of Communications
Act 1985, the Local Government (Access to Information) Act 1985, the
Electronic Communication Act 2000. The Interception of Communication Act,
1985 which was passed by The Parliament of United Kingdom prohibits forgery,
criminal damage and intentional acts for intercepting a communication in the
course of its transaction by means of a public telecommunications system as
offence.

In the year 1986, the systems administrator at the Lawrence Berkeley

National Laboratory, Clifford Stoll, noted certain irregularities in accounting data.
Inventing the first digital forensic techniques, he determined that an unauthorized
user was hacking into his computer network. Stoll used what is called a “honey
pot tactic”, which lures a hacker back into a network until enough data can be
collected to track the intrusion to its source. Stoll’s effort paid off with the
eventual arrest of Markus Hess and a number of others located in West Germany,
205
Id, p. 42
66
who were stealing and selling

military information, passwords and other data. 206 In the same year the
oldest virus created by Pakistani Brain under unauthorized circumstances with the
purpose of infecting IBM computers. After that the government passed the
Computer Fraud and Abuse Act with the objective to make this a criminal offence
under cyber law. But there was the weakness of this law of not covering juveniles
under its purview.

Komsomolskaya Pravda said on December 1987 in the USSR “A hacker is

said to be synonymous with a computer criminal who giants unauthorized access
to distant archives and databases in order to steal secret data, and especially
money from bank accounts and from credit cards; hackers are smart at
mathematics and information technologies, they are mostly outside politics, but
being computer hooligans they might be vulnerable to abuse by this or that political
group”. 207

After 1986, the Lawrence Berkeley lab intrusion was followed by Robert
Morris for the discovery of worm virus. In United States v. Robert Tappan
Morris208 case, Morris was pursuing Ph.D from the Cornell University in
computer science in the year 1988. The Cornell University has given him an
account on the computer to use it and after that he has discovered “worm” called
as one form of “virus” which may be used to demonstrate the inadequacies of
security systems and networks. Then, he released the worm through a computer at
the Massachusetts Institute of Technology (MIT) on 2nd November 1988 which
caused damage and infection very fast to other computers. He then discussed it
with his friend at Harvard and sent an anonymous message from Harvard over
network, instructing clogged, but it was too late because by that time military
sites, medical research sites, installations sites, Universities websites were
infected. The court found him guilty under title, 18 USC s. 1030(a)(5)(A) and was
sentenced to 3 years of probation, 400 hours of community service, a fine of
$10,050 and the costs of his supervision. This was affirmed by the circuit court in
the year 1991 and held that section 1030(a) (5) (A) does not require the
Government to demonstrate that the defendant intentionally prevented authorized
use and thereby caused loss. There was sufficient evidence for the jury to

206
“A Brief History of Cyber Crime”, available at: https://www.floridatechonline.com/blog/
information-technology/a-brief-history-of-cyber-crime/ (visited on March 10, 2017).
207
D. Thomas and B.D. Loader, Cyber Crimes, Law Enforcement, Security and Surveillance in the
Information Age, 1995, p. 59.
208
(1991) 928 F. 2d 504 [Cert. denied, 502 U.S. 917 (1991)].
67
conclude that Morris acted “without authorization” within the meaning of s.
1030(a) (5) (A) and s. 2(d) of the Computer Fraud and Abuse Act 1986. That
conviction was made appropriate by the District Court.

Osama Bin Laden established Al-Qaida to spread their movement of

Qaida-al-Jihad and non military operation worldwide in the year 1988. This Al-
Qaida was evolved from the Maktab-al-Khadamat (MAK) established by Osama
Bin Laden in 1980s to increase financial support and training of members. In the
year 1989 it split significantly. The MAK was invited by Sudan’s National
Islamic Front in the year 1991 in Saudi Arabia to move operations of important
export business, farms, training camps to train in firearms and explosive use. In
the year 1994 Al-Qaida attempted assassination of Egyptian President Hosni
Mubarak in Ethiopia and in the year 1994 they were expelled from Sudan.
However, in 1998 Osama Bin Laden and Ayman-al- Zawahiri of Egyptian Islamic
Jihad worked together to fight against America. In the year 1999 they officially
merged and Al-Zawahiri became the right hand of Osama Bin Laden.209 After this
with the intention of committing cyber threats by using new information
technology, they started jointly to develop their network.

In the Phase of 1990’s- Computer Fraud and Unauthorized Access to

Computer System

The Electronic Frontier Foundation was formed in 1990. For the first time,
dark Avenger released polymorphic virus in the year of 1992 which was called as
first in the history. The United Kingdom has published working papers relating to
data protection, computer hacking, fraud and related crimes from 1990 to 1998.
The federal websites i.e. the US Department of Justice, US Air-force, and NASA
were broken and defaced by the hackers in the late 1990s. Meanwhile, in August
1990, United Kingdom passed the Computer Misuse Act but before this
enactment the Telecommunication Act, 1984 which prohibits the misuse of the
public telecommunications network was very significant in scope. United
Kingdom Parliament has revised this Act in 1994 and amended in the late 1996.
After revision and amendment the Act provides for prohibiting the unauthorized
access for committing espionage, unauthorized access to non-public government
computer, computer fraud, damage to computer, trafficking in passwords, threats
to damage a computer etc.

In R v. Thompson210 case, the accused, a computer programmer employed

209
Supra note 9, pp. 38-39.
210
(1984) 1 WLR 962.
68
by a bank in Kuwait made two plans to defraud the bank by devising a
programme which instructed the computer to transfer sums from these accounts to
his newly opened account. After transferring the amount, then he returned from
Kuwait to England for the purpose of minimizing the risks of detection and
opened a number of accounts with English banks and wrote request letter to the
bank manager in Kuwait to arrange to transfer his balance from Kuwait accounts
English Bank accounts. Then he was arrested by police on the charge of computer
fraud by deception and the court made him liable and was convicted for his act on
cyber space.

In R. v. Gold211 case, two alleged computer hackers who were journalists

by profession gained access into the British Telecom Prestel Gold computer
network without permission and modified the data. One of the accused also
accessed the personal files of the Duke Edinburgh on his personal computer and
left there a message “Good Afternoon Hrh Duke of Edinburgh”. They contended
that they had gained access into the network for the purpose of highlighting the
deficiencies in its security system. But the court rejected their contention and
charged them under section 1 of the Forgery and Counterfeiting Act, 1981, for
making the false instrument with the intention to use it for the purpose of
inducing others. Under section 8(1) of the said Act though the instrument is
recorded or stored on disc, tape, soundtrack or other device but it can be treated as
false instruments. The crown court held them guilty and imposed $ 750 and $ 600
fine respectively. Appeal court quashed their conviction and later on, this was
confirmed by the House of Lords. The House of Lords confirmed this sensible
judgment and declared hacking as not only an illegal act but also a crime which
needs to prevent immediately.

Therefore, after the above mentioned case, the House of Lord’s appointed
the Law Commission for their recommendations and suggestions to make law to
prevent and control hacking in the year 1988. They submitted their report in the
year 1989 with recommendation to enact specific law on Computer Misuse in the
United Kingdom.

After R. v. Gold212 case, the United Kingdom enacted the specific law on
Computer Misuse for the purpose of controlling and preventing the commission
of cyber terrorism on the recommendations and suggestions of Law Commission.
Because in this case, the defendant gained unauthorized access into the network in

211
(1988) 2 WLR 984.
212
(1988) 2 WLR 984; see also (1987) 3 WLR 803.
69
order to highlight the deficiencies in its security system. They hacked Customer
Identification Numbers (CIN) and password. But the Appellate court quashed
their conviction and was confirmed by the House of Lords. The appellate court
observed that the act of accused by using dishonest trick to gain unauthorized
access to the British Telecom files did not come under this type of criminal
offence but they may be convicted for deceiving a computer; and deceiving a
machine which is not possible.

In the year 1995, people of India started using internet and internet surfing
not only confined to departments and corporate sectors rather people started to
use net to access information’s and communications.213 Then in the year 1985 the
Telegraph Act was passed in India. This Act was further amended with the
objective of adopting proper regulations in the cyberspace.

In United States of America v. Jake Barker and Arthur Gonda 214 the
defendant was charged for threatening and kidnapping with objectionable materials
in electronic mail messages through internet. In December, 1994 the messages
through electronic mail were exchanged between J. barker and co-accused A.
Gonda. But J. Barker was then in Michigan and A. Gonda was in some unknown
place with unknown identity. That’s why they exchanged that electronic mail
message through a computer in Ontario, Canada and this exchange began from
November 29, 1994 to January 25, 1995 with the intention of sexual needs and
violence against women and girls. He also posted this story with the real name of
that student on electronic bulletin board so that it could be available for the world
through World Wide Web. But FBI agent’s with affidavit made a complaint
against him and he was arrested on the basis of that complaint where FBI citied
the language used by the accused and posted in internet news group
“alt.sex.stories” and electronic mail to Gonda which are based on torture, rape,
murder of woman citing same name of their classmate at the University of
Michigan. The District Court affirmed the order of his detention as passed by
the Judicial Magistrate on February 10, 1995 by recognizing him as a threat to the
community. But the court on his motion passed an order for his release on bond
and for psychological evaluation on March 8, 1995.

In December 1997, the US Attorney General Janet Reno said that

criminals no longer are restricted by national boundaries. If we are to keep up
with cyber-crimes, we must work together as never before. After meeting at

213
Supra note 9, p. 38.
214
(1995) 890 F.Supp, 1375 (E.D. Mich).
70
Federal Bureau of Investigation’s headquarters of the Justice Ministers of the G-8
countries, the news released for collaboration of these major countries to 215 (i)
assign adequate number of properly trained and equipped law enforcement
personnel to investigate high-tech crimes (ii) Improve ways to track attacks on
computer networks (iii) When extradition is not possible, prosecute criminals in
the country where they are found. (iv) preserve key evidence on computer
networks. (v) Review the legal codes in each nation to ensure that appropriate
crimes for computer wrongdoing are prescribed and to ensure that the language
makes it easier to develop new ways to detect and prevent computer crimes. (vii)
Increase efforts to use new communication technologies, such as video
teleconferencing to obtain testimony from witnesses in other nations. In October
1997, alleged transcript of telephonic conversation about the Tata Tea case
between Ratan Tata, Nusli Wadia and Field Marshal Sam Manek Shaw are
remarkable case of telephone trapping.216

The “yahoo!” internet search engine was attacked by hackers in the year
1997 with the threat that to release from prison Kevin Mitnick 217 the so called
popular hacker, otherwise they will send a “logic bomb” in the personal
computers of yahoo users on December 25, 1997. On January, 1998 thousands of
fake information requests were received by the federal bureau labour statistics
due to cyber attack called “spamming” which was developed as new mode of
attack by hackers.

In United States v. Czubinski218 case related to unauthorized access in

which Richard Czubinski was an employee of taxpayer services division of the
Internet Service Revenue (IRS) in Boston office. He was regularly checked the
information on the IRS’s computer systems for the purpose of performing his
duties. For this task he had a valid password and was authorized to use it to
perform his duties. But side-by-side he also used it for some unauthorized search
of IRS files and knowingly disregarded IRS rules. Section 1030(a) (4) provides
that more than mere unauthorized use is required the ‘thing obtained’ may not
merely be the unauthorized use. It is the showing of some additional end to which
the unauthorized access is a means that is lacking in this case. The evidence did
not also show that his end was anything more than to satisfy his curiosity by
viewing information about friends, acquaintances and political rivals. No
215
W. Boni and G.L.Kovacich, Net Spoinage the Global Threat to Information, 2000, p. 24.
216
The Times of India, Kolkata, Aug. 5, 2005, p. 11.
217
U.S. v. Mitnick, (1999) C.D. Cal.
218
(1997) 106 F.3d 1069 (1st Cir).
71
evidence produced by the plaintiff suggests that he printed out, recorded, or used
the information he browsed. No rational jury could conclude beyond a reasonable
doubt that Czubinski intended to use or disclose that information, and merely
viewing information cannot be deemed the same as obtaining something of value
for the purposes of this statue. That’s why at the end the defendant’s conviction is
reversed.

In the year 1998, the hackers were threatening again by a holocaust that if
Kevin Mitnick was not released from prison they will break into United Nation’s
Children Fund’s website and they will also sell the military satellite system
software to terrorists.219 In the same year one hacker group releases a Trojan
horse program if it was once installed in a Windows 9x machine the program will
allow for unauthorized remote access.

The United States of America in the year 1998 opened 547 computer
intrusion cases, after one year in 1999 that number of cases had jumped to 1154.
In the year 1998 the number of intrusion cases closed was 399 and in the year
1999 the number of other cases closed was 912. The losses traced to denial of
service. (DOS) attacks were only $77,000 in the year 1998 and 1999 had risen to
just $116,250.220 In this year for the demand of release of Kevin Mitnick from
prison hackers break in a “holocaust” of the United Nation’s Children Fund
Website and also they claimed to break Pentagon network by committed cyber
theft of stealing software of a military satellite system and then threatened to sell
it to terrorists.

The US Department of Justice dealt with a cyber crime committed by

juvenile delinquent at Boston on March 18, 1998. A computer hacker at airport
disabled a telephone key of the company computer service for 6 hours and broke
into a pharmacy computer to copy patient records. Hacker was a juvenile criminal
that’s why his name was not published. In this regard the US Attorney Stern said
that “computer and telephone networks are at the heart of vital services provided
by the Government, private industry and critical infrastructure. They are not toys
for the entertainment of teenagers.” It can create a tremendous risk to the public
by hacking a computer or telephone network. 221
So in this case it is necessary to
prosecute juvenile hackers in appropriate manner. Then the US Secret Service
(USSS), Bell Atlantic Telephone Company and postal Inspection Services
219
Supra note 9, p. 38.
220
Statement for the Record of Louis J. Frech, Director FBI, on Cyber Crime, before Senate
Committee on Judiciary, (March 28, 2000).
221
U.S. Department of Justice, (March 18,1998).
72
Massachusetts State Police started investigate this case.

In Davis v. Gracey222 case, the accused sold the obscene CD-ROMs to an

undercover officer. After this a warrant was issued to search his business
premises and the police officers determined that pornographic CD-ROM files
could be accessed through the bulletin board and they seized the computer
equipment used to operate it. Following his criminal conviction and civil
forfeiture of the computer equipment in state court proceedings, Davis, his related
businesses, and several users of email on his bulletin board brought action against
the officers who executed the search, alleging that the seizure of the computer
equipment and email and software stored on the system violated constitutional
and statutory provisions. The Circuit court affirmed and held that the original
warrant was not unconstitutionally and that the incidental temporary seizure of
bulletin board email user files did not invalidate the seizure of the computer
within which they were stored.

In United States v. Thomas223 case the accused were convicted for posting
sexually explicit magazines on an electronic bulletin board. In this regard the
United States of America passed the Electronic Communications Privacy Act,
1999 for the protection of right to privacy. The significant Amendments have
been made for cryptography, security and freedom in cyberspace in the
Constitution of United States of America. Recently certain statute has also been
enacted like the Spy-were Control and Privacy Protection Act, 2000 (USC s.
3180IS) to protect the disclosure of the collection of information through
computer, computer software and other related purposes.

In United States v. Hilton224 case, a federal grand jury charged Hilton for
criminal possession of computer disks containing three or more images of child
pornography in violation of 18 U.S.C. $ 2252A (A)(5)(B). He challenged the state
without denying the charges. He contended to dismiss the charges on grounds that
the act was unconstitutional under the First Amendment. The U.S. district court
was also agreed with his contention regarding the vagueness of the definition of
child pornography but in this case the issue was raised whether the CPPA poses
substantial problems of over breadth and which would sufficient to justify
overturning the judgment of the lawmaking branches. It was held by the court that
the CPPA is not unconstitutionally overbroad and the judgment of the district

222
(1997) 111 F. 3d 1472 (10th Cir).
223
(1997) 4 F. 3d 701, 6th Circuit Court [ Cert. denied 117 S. Ct 74 (1996)].
224
(1999)167 F.3d 61 (1” GR.), [cert. denied, 120 S. Ct. 115].
73
court is reversed.

In the year 1999 on September, the Dig Dirt Inc. files a complaint that an
employee of Steptoe & Johnson LLP of Washington, D.C. hacked into their
system by using password and internet account. Before that the computer hacker
tried to hack their system more than 750 times. The hackers also tried to post
critical message in various internet forums. In Amazon and Alibris case on
November 1999, an online bookseller and internet service provider was fined
$250,000 for intercepting electronic mail sent by amazon.com and other net book
retailer i.e., Alibris. The Hackers allegedly copied customer lists of that
company.225 Alibri was an internet service provider with name ‘valinet’ in the
Greenfield and Massachusetts with Interloc, Inc. who provided the electronic mail
service to the book dealers. He allegedly intercepted electronic mail messages of
amazon.com to Alibris bookseller between January to June 1998. The accused
copied thousands of electronic mail information illegally by that time and
unauthorizedly accessed confidential password and customer lists of amazon. com
which was also one of its competitors and internet service providers. But at the
end Alibris co-operated with the law enforcement agencies and was ready to pay
the fine as was charged. 226

In India, the first case was the Yahoo, Inc v. Akash Arora227 in which an
Indian Court delivered its judgment relating to domain names. In this the plaintiff
Yahoo Inc. filed a suit against the defendants for seeking permanent injunction by
restraining them and their partners, servants and agents from doing any business
on internet under the domain name ‘Yahooindia.com’ or any other domain name
which is identical with the plaintiff’s trademark ‘Yahoo!’ . During the pendency
of the suit, the plaintiff also moved an application seeking temporary injunction
against the defendants. In this case the Court granted an ad interim injunction
restraining the defendants from doing any business on the internet under the
trademark/domain name “Yahooindia.com” or any other trademark/domain name
which is identical with the plaintiff’s trademark “Yahoo!”.

3.4 Modern History

Today, criminals that indulge in cyber crimes are not driven by ego or
expertise. Instead, they want to use their knowledge to gain benefits quickly.
They are using their expertise to steal, deceive and exploit people as they find it
225
Supra note 32.
226
United States Department of Justice, (Nov. 22, 1999).
227
(1999) 19 PTC 229 (Delhi).
74
easy to earn money without having to do an honest day’s work. Modern cyber
crimes are quite different from old- school crimes. These crimes do not require
physical presence of the criminals.228 The brief modern history of cyber crimes in
the use of computers and computer networks is discussed as under:

In the phase of 2000 to 2003 —Notoriety and Personal Challenge

The Information Technology Act (ITA) of 2000 was passed by the Indian
Parliament with the goal of combating cybercrime and providing a legal
framework for e-commerce transactions. This was India's first cyber legislation,
which dealt specifically with cybercrime. It covers a wide range of offences
committed in an electronic format or involving computers, computer systems, and
computer networks. Surprisingly, the terms "cyber crime" and "cyber offence" are
neither defined nor utilised in the Information Technology Act of 2000. This Act
amends many provisions of our existing laws i.e. Indian Penal Code, 1860; the
Indian Evidence Act, 1872; the Bankers Book Evidence Act, 1891 and the
Reserve Bank of India Act, 1934.

In Rediff Communications Ltd. V. Cyberbooth229 case, the Yahoo judgment

was once again reiterated. In this case there are a number of issues involved for
solving the cyber crimes. The first problem is that India does not have
comprehensive legal and regulatory framework for regulating all kinds of
cybercrimes, breach of protected systems, publishing false Digital Signature
Certificates in certain particulars or for fraudulent purposes. Additionally, the IT
Act 2000 has amended the Indian Penal Code, 1860 but the amendments have
been made in such a manner so as to make the ambit of documents stipulated in
various criminal provisions to include therein, electronic records. As a result there
is also a number of cybercrimes which are also not covered under the Indian
Penal Code at all like cyber stalking, cyber harassment, cyber nuisance, etc. In
this case, the plaintiff also filed a suit for seeking permanent injunction by
restraining the defendants from using the domain name ‘RADIFF’ or any other
word or mark or name which is deceptively similar to the plaintiff’s mark/name
“REDIFF’. In this case, the Court granted an injunction against the defendants
and also dismissed the Special Leave petition filed by Cyber booth in the
Supreme Court.

228
“Emerging Cyber Threats and Challenges”, 2014, available at: http://www.mcciorg.com/
AttachFile/EventAttach/backgrounder-emerging-cyber-threats-240414.pdf (visited on March 26,
2015).
229
AIR 2000 Bom 27.
75
 On July 29, 2001, in Jayesh S. Thakkar v. State of Maharashtra case230,
the petitioners wrote a suo moto writ petition for complaining about pornographic
websites on the internet to the Chief Justice of Bombay High Court. On the basis
of this petition, the Division Bench of the Bombay High Court passed an order to
appoint a committee for suggesting and recommending preventive measures for
protecting from pornographic and obscene material on the internet. Then on
January 30, 2002, several recommendations have been given by Bombay High
Court’s Special Committee through the public opinions on internet relating to
Protecting Minors from Unsuitable Internet Material. Reference can be taken
from Antony v. State of Kerala231 case, in which it was held by the court that an
object need not be visible to the naked one to be an obscene object. In C.K.
Karodkar v. State of Maharashtra232 case, the Supreme Court held that standard
of obscenity would differ from country to country depending on the standards of
morals of contemporary society. After this in

Vishakha v. State of Rajasthan233 case a landmark judgment was passed

which is also known as the leading case law on harassment at workplace in India
a. Before this case, there was no law referring to harassment at workplace in
India.

In the year 2001 other crimes evolved in superhighway with modifications

such as cyber terrorism, spamming, worm, phishing which has the same effects.
In March 2000, during a phone tapping operation, New Delhi Police investigated
and found out that South African cricket captain Hansie Cronje was conspiring
with Indian bookmaker Sanjeev Chawla to predetermine performances. And
Cronje later admitted that he took bribes from bookmakers to provide information
and fix matches exposing the extent of corruption scandal in international cricket.
234
Mr. Bharat Shah who was a film financier was found to talk with gangsters
Dawood Ibrahim and Chhota Shakeel and police recorded his conversations and
after this he was taken to trial on the basis of recordings from January to February
2001. This incident was concerning with the movie Chori Chori Chupke
Chupke’s financed by Mr. Shah on behalf of Karachi bases gangster Shakeel and
investigated by using tapping system.

In July, 2005, one telephone conversations was published which contains

230
(2001) Bom H.C., W. P. No. 1611.
231
(1988) 2 Crimes 173 Ker.
232
(1969) 2 SCC 687.
233
(1997) 6 SCC 241.
234
“The Most High Profile Cases, India”, The Times of India, Kolkata, at 11 (Aug. 5, 2005).
76
the allegedly recorded telephone conversation between actor Salman Khan and
then his girl friend Aishwsarya Rai about their underworld links in the year
2001.235 The tapping phone for investigation purpose is allowed under s. 5 of the
Indian Telegraph Act 1885 which permits authority to intercept phones in the
interest of national security or “public emergency”. The authority may have to
grant permission in this regard from Home Department. The same system should
be allowed under the information Technology Act 2000 in India to investigate
cyber crimes by using new information technology in the era of communication
convergence. Then and then only we can avoid attacks e.g., attacks on Indian
Parliament on 13th December 2001, attack on World Trade Centre and Pentagon
in the United States of America. 236

On 18th -19th May 2001 Claude R. Carpenter who was a former employee
of IRS working as systems administrator of hardware and software within the
IRS and unauthorizedly logged in one of the servers of his supervisor’s computer
profile with the intention to modify the profile and inserted several lines of
destructive computer code. 237 After this he intentionally inserted those destructive
codes to three other servers of IRS and then he tried to log out the system for the
purpose of removing the history files tried by him. But the investigative
personnel’s of the treasury inspector general for tax administration traced him. He
was pleaded guilty for intentionally causing damage to a protected computer or
sabotage to Internet Revenue Service (IRS). The U.S. District Judge punished him
with ten years imprisonment and a fine of $250,000.

In the year 2002 more than 400 websites with Arabian and English anti-
war appeals were attacked immediately after military operations in Iraq through
computer virus with e-message “Go USA!!!” for viewing the latest photos of
military events so that damage can be caused to several computers, computer
system and computer network.238 In the latter half of 2002, in the United Kingdom
the cyber hacking cases increased by 32% as compared to 2001 as shown by a
report released by Computer Security Institute and also the unauthorized
modification of data increased eventually because internet has became the prime
source of information in political and economic field around the world after
September 11, 2001 when terrorist attacks on World Trade Centre and Pentagon

235
“The Most High Profile Cases, India”, The Times of India, Kolkata, Aug. 5, 2005, p. 11.
236
Supra note 9, p. 48.
237
United States Department of Justice, Press Release, 2001.
238
Mikhael Crutsaluk, “Fighting Cyber Crime”, Computer Crime Research Centre, 2003,
available at: http://www.crime-research.org/library/Gutsaluk.html (visited on March 10, 2017).
77
in the United States of America.

In 2002, Electronic Crime Congress was held in London to prevent and

control cyber crimes and to develop international strategy. This Congress was
organized by the National Hi-Tech Crime Unit (NHTCU) in the Great Britain.
The Unit has spent about 25 million pounds to prevent and control cyber crime 3
years for corresponding and other development works for this Congress. More
than 400 delegates participated in this congress e.g., from Hong Kong, the USA,
the Russia, Korea, Australia, New Zealand and other countries.239 The Congress
were mainly discussed on rapid growth and causes of cyber crimes like no fear to
be caught and convicted, easily access to net, jurisdiction, place, residence,
nationality, no physical appearance and difficult to identify criminals in
cyberspace etc. By these reasons cyber criminals are easily encouraged to deceive
people. Their main motive can be to hide evidences and to steal property very
easily for causing threat to developed and developing countries.

In the phase of 2004 to 2005 —Lure of Money and Professionalism

In the phase of 2004 to 2005, data breaches happen on a daily basis with
having a negative impact on the attacked business. They can change the security
industry and influence legislation in some cases. At that time the cyber scammers
had proved their skills and for them it was the good time to move for causing
damage and gain money in real sense. By this time the cyber criminals become
professionally experts in doing cyber crimes and also for encouraging others for
their involvement. That’s why this time period is remembered as lure of money
and professionalism.

In 2004, Choice Point, a consumer data broker which has since been
purchased by LexisNexis, was widely criticized for how it handled its breach.
Although the company knew customer data was compromised by a 41-year-old
Nigerian citizen, it only informed 35,000 people about the breach- until scrutiny
from the media urged the company to reveal another 128,000 people had
information compromised. Because so many people were upset by the way the
company handled the incident, many believe it helped improve privacy practices
across many businesses, according to Radware. Choice point eventually settled
the data security breach charges, paid $1o million in civil penalties and $5 million
for consumer redress. But the settlement required choice point to implement new
procedures to ensure that it provides consumer reports only to legitimate
businesses for lawful purposes establish and maintain a comprehensive
239
Supra note 9, pp. 49-50.
78
information security program and to obtain audits by an independent third party
security professional every other year until 2026.240

A clever turn came with the advent of adware, or advertising supported

software, which automatically displays pop-ups or downloads ads to the user’s
computer to get the user to buy products or services. For example, a shopper
searching online for car insurance might encounter an adware pop-up displaying
an ad for a car insurance company, as an attempt to lure them into buying their
insurance. Adware vendors grew their businesses by getting their software
installed on as many systems as they could. One method they used was the pay-
per-install affiliate model. Attackers jumped at the opportunity to install different
adware packages on millions of systems while collecting handsome checks along
the way. Spyware, which tracks which websites we visit, or records what we type,
was another prevalent threat during this time.241 Cybercriminals showed that they
were serious for gaining money and for breaches the privacy with both adware
and spyware.

Another important issue of this phase is that cybercrimes were at the

advance stage with the development of software which could gain privileged
access to a computer while at the same time hiding its presence. Then the cyber
crooks started to use this software with the intention to hide malware by stealing
passwords and to gain credit card information as well as spreading viruses. By
using this trick the cyber crooks could infect and control thousands of computers
with remotely at the same time without the knowledge of computer users.

Stealing physical credit cards and creating fake ones are part of the
criminal technique called “carding”. One of the significant successful
investigations and prosecutions of an international credit card fraud ring of the
2000 decade began with the US Secret Service’s Operation Firewall in the late
2004. The investigators discovered a network of over 4,000 members
communicating through the Internet and conspiring to use phishing, spamming,
forged identity documents, creation of fake plastic credit cards, and resale of gift
cards bought with fake credit cards, fencing of stolen goods via eBay and
interstate or international funds transfers using electronic money such as E- Gold

240
Samantha Murphy, “4 Turning Points in the History of Cyber Crime”, Oct. 15, 2012, p. 2,
available at: http://mashable.com/2012/10/15/corporate-security-attacks/#14cimujMDEq2 (visited
on March 10, 2017).
241
“A Good Decade for Cyber Crime”, McAfee Report, 2011, p. 5, available at: http:// cdn.
bizcommunity.com/f/1106/rp_good_decade_for_cybercrime.pdf (visited on March 10, 2017).
79
and Web Money.242

Meanwhile, customer data breaches became more common as

cybercriminals tapped into large company databases to gain huge amounts of
consumer information. At the same time, ID theft started to grow. Within five
years, it would be a major problem affecting 11.1 million Americans. Facebook
also launched during this period. Like other social networking sites, it would later
prove to be a fertile place for cyber crooks to perpetuate their scams.243

In 2004, in India the landmark case which is considered to be the first case
of conviction under section 67 of Information Technology Act which makes this
section is of the historical importance is State of Tamil Nadu v. Suhas Katti 244. In
this case, some defamatory, obscene and annoying messages were posted about
the victim on a yahoo messaging group which resulted in annoying phone calls to
her. She filed the FIR and the accused was found guilty under the investigation
and was convicted under section 469, 509 of Indian Penal Code and section 67 of
Information Technology Act.

In 2005, in India the first case which was registered under section 65 of
the Information Technology Act is Syed Asifuddin and Ors. v. State of Andhra
Pradesh and Anr.245 In this case the court held that the cell phones fulfilled the
definition of ‘computer’ under the Information Technology Act and the unique
Electronic Serial Numbers which are programmed into each handset like ESN,
SID (System Identification Code), MIN (Mobile Identification Number) are the
‘computer source code’ within the definition under the Information Technology Act
which is required to be kept and maintained by the law.

In Avinash Bajaj v. State (NCT) of Delhi246 case, obscene material was put
up for sale by one person on the website Baazee.com and sold/transmission of
these clip to several people resided in different parts of country which took place
in a very short time period. The issue was raised whether it was a publication
under section 67 before the amendment or website had indirectly published the
material. The court held that the ultimate transmission of the obscene material
wouldn’t have been possible without the initial facilitation by the website and
therefore, the website had liable under the section.
242
Supra note 18, p. 49.
243
Supra note 58.
244
(2004) Cr. Comp 4680, Egmore, available at: http://lawnn.com/tamil-nadu-vs-suhas-kutti/
(visited on April 5, 2017).
245
(2005) Cri LJ 4314.
246
(2005) 3 Comp LJ 364 Del, 116.
80
 In Kumar v. Whiteley247 the accused gained the unauthorized access to the
Joint Academic Network and deleted files and changed the passwords to deny
access to the authorized users. The magistrate, chennai sentenced him to undergo
a rigorous imprisonment for one year with a fine under section 420 of IPC and
section 66 of Information Technology Act for computer related offence through
communication service, etc.

In the phase of 2006 to 2008 —Gangs and Discretion

In the phase of 2006 to 2008, cybercriminals started organizing into gangs

with a growing amount of money at stake. Even some cybercriminals had a
Mafia-like structure with malicious hackers, programmers and data sellers
reporting to managers and that person in turn reported to a boss who was in
charge of distributing cybercrime kits. They could also spread malware just by a
hole that the software maker had not closed for the purpose of taking complete
control over user’s computers. By this time the cyber criminals become
professionally experts in doing cyber crimes through their gangs and also for
encouraging others for their involvement in the gangs. That’s why this time
period is remembered as lure of money through gangs and discretion.

In 2006 the Indian court held that fabrication of an electronic record or

committing forgery by way of interpolations in CD produced as evidence in a
court attract punishment under section 65 of the Information Technology Act in
the case of Bhim Sen Garg v. State of Rajasthan and Others248.

In the case of B.N. Firos v. State of Kerala249, the government of Kerala

had issued a notification declaring an e-government software called ‘FRIENDS’
which was developed by the petitioner under a contract as a protected system. The
petitioner filed a writ petition challenging section 70 of the Information
Technology Act and the notification as being unconstitutional and inconsistent
with the copyright Act. It was held that a notification under section 70 of the
Information Technology Act is a declaration of copyright under section 17 (d) of
the Copyright Act, 1957.250 The court further held that only a computer resource
could be declared to be a protected system under the Information Technology Act
if that amounted to a government work under copyright Act.

247
(2005), available at: https://www.scribd.com/doc/190389306/Case-studies-under-Indian-IT-
Act-200 (visited on April 10, 2017).
248
(2006) Cri LJ 3463 Raj 2411.
249
AIR 2006 Ker 279.
250
Anirudh Rastogi, Cyber Law- Law of Information Technology and Internet, 2014, pp. 118-119.
81
 In 2007, discount retailer TJ Maxx was subject to a huge security data
breach that put more than 45 million credit and debit card users at risk. Over an
18 month period, customers had their personal information stolen by hackers who
infiltrated the company’s computers. This was deemed the largest card hack ever.
Officials have since charged six people in Florida who used stolen credit card
information from the breach. For many, this was the 1st major scare that impacted
consumers and personalized the dinginess that comes with security breaches.251

During this phase, attackers were also looking for ways to manipulate
software features for their own purposes. For instance, a feature in Microsoft
Windows software called Auto run was designed to automatically launch
programs from external devices. By taking advantage of this feature, cyber crooks
could get Microsoft’s flagship operating system to automatically launch malicious
code. By exploiting both software vulnerabilities and features, cybercriminals
were discreetly gaining access to user’s systems while at the same time thumbing
their noses at software makers. Meanwhile Unique services such as Skype and
Twitter launched, offering computer users new ways to keep connected and share
information. Along with Facebook, Twitter would soon become an irresistible
platform for crooks to interact with users, and try to trick them out of money and
information.252 This phase was also known for the period when the iPhone came
to market with huge number of mobile applications and criminal opportunities.

In 2008, serial blasts in Ahmadabad, Delhi, Jaipur and Banglore are the
live examples of the cyber terrorism in India. In 2008 attack on Mumbai Taj
Hotel which is also known as 26/11 and the Varanasi blast in 2010 had the trails
of cyber terrorism. The main purpose of the cyber terrorist is to gather the
restricted information and to spread terror by cyber communications method for
disruption of national security, unity, integrity and peace etc.

The Information Technology Act, 2000 has been proved to be a highly

controversial piece of legislation. The Act has managed to draw considerable
criticism from the legal community and the general public. It is alleged to contain
a whole spectrum of flaws, shortcomings and pitfalls ranging from being
inefficient in tackling cyber crimes to placing unfair curbs on the civil liberties of
citizens.253 Though since 2000 the Information Technology Act is in place in India

251
Supra note 57.
252
Supra note 58.
253
“Supreme Court of India: To Hear Eight IT Act Related Cases on 11 th April 2014- SFLC”,
available at: http://www.medianama.com/2014/03/223-supreme-court-of-india-to-hear-eight-it-
act-related- cases-on-11th-april-2014-sflc/ (visited on June 29, 2016).
82
for curbing cyber crimes, but the problem is that still this statute is more on
papers than on execution because lawyers, police officers, prosecutors and Judges
feel handicapped in understanding its highly technical terminology.254 It was
enacted as the basic law for the cyberspace transactions in India but due to some
weaknesses it was amended in the year 2008.

In the phase of 2009 to 2010 —Social Networking and Engineering

This phase is known for social networking and engineering because the
social networking sites such as Facebook and Twitter started to take off in the
later part of the decade. Cyber criminals started to collect the personal
information of users with a growing amount of money at stake because users post
everything on the sites like from where they lived and worked to their current
location. They have also played the game by employing social engineering by
finding out the topics of Internet user’s interest and then post a message or images
or videos by mentioning or using that topic with a link to a website which was
created with the aims to steal credit card and other personal information for lure of
money. By this time the cyber criminals become more experts in doing cyber crimes
through connecting with social networking sites.

In 2010, Google for the 1st time publicly announced that it was hit with a
cyber attack called Operation Aurora; the search engine giant was hit along with
other major organizations such as Adobe Systems, Yahoo and Symantec and
launched advanced persistent threats (APTs) into the mainstream. APTs typically
refer to a group that persistently targets certain entities and cyber espionage and
intelligence to gather sensitive data.255

In Vinod Kaushik and Ors. v. Madhvika Joshi and Ors. 256 Case, the issue
was raised that whether the wife accessing husband’s and father-in-law’s email
account without their permission in order to acquire evidence in a Dowry
harassment case amounts to be liable under section 66C of Information
Technology Act for unauthorized access and dishonest use of password of any
person. The court held that the wife was liable under this section.

From the Phase of 2011 to till date

254
Samiksha Godara, “Prevention and Control of Cyber Crimes in India: Problems, Issues and
Strategies”, A Thesis submitted to Maharishi Dayanand University, April 1, 2013, p. 2, available
at: http://shodhganga.inflibnet.ac.in/bitstream/10603/7829/12/12_chapter%203.pdf (visited on
May 20, 2016).
255
Supra note 57.
256
(2010) Cr. Comp 2.
83
 In India in the light of a series of arrests made under section 66A of the
Information Technology Act, 2000, Shreya Singhal v. Union of India257 is the
case where the writ petition was filed in public interest under Article 32 of the
Constitution of India for seeking to strike down Section 66A as unconstitutional
by arguing that section 66A is so wide, vague and incapable of being judged on
objective standards that it is susceptible to wanton abuse. It was further argued
that the terms ‘offensive’, ‘menacing’, ‘annoyance’, ‘danger’, ‘obstruction’ and
‘insult’ have not been defined in the Information Technology Act, General
Clauses Act or any other legislation. Citing the arrests made under section 66A,
the petitioner submits that the wide legislative language of the Section severely
disincentives citizens from exercising their Constitutionally protected right to free
speech for fear of frivolous prosecution (the ‘chilling effect’), which violates the
Freedom of Speech and Expression guaranteed under Article 19(1)(a) of the
Constitution. Furthermore, whether or not section 66A meets the test of
‘reasonableness’ laid down under Article 19(2), it is nonetheless violative of
Articles 14 (Right to Equality) and 21 of the Constitution.

Similarly, in Rajeev Chandrashekhar v. Union of India258 and Common

Cause v. Union of India259 case, a writ petition was filed in public interest under
Article 32 of the Constitution of India by challenging section 66A of the
Information Technology Act, 2000 and Rules 3(2), 3(3), 3(4) and 3(7) of the
Information Technology (Intermediaries Guidelines) Rules, 2011 as
unconstitutional. In this case the Petitioner, a serving Member of Parliament
submits that Section 66A contains several words/terms that are undefined, vague,
open to misinterpretation, and thus problematic. This imposes statutory limits on
the exercise of internet freedom which are well beyond the Constitutional
parameters of ‘reasonable restrictions’ enshrined in Article 19(2) and the
Intermediaries Guidelines Rules, Rule 3(2) lists the various types of information
that ought not to be carried on a computer system which violates Article 14 in
being arbitrary and overly broad.

On August 2013, media companies including the New York Times,

Twitter and the Huffington Post lost control of some of their websites after
hackers supporting the Syrian government breached the Australian Internet
Company that manages many major site addresses. The Syrian Electronic Army,
a hacker group that has previously attacked media organizations that it considers
257
AIR 2015 SC 1523.
258
(2013) W.P. (Crl) No. 23.
259
(2013) W.P. (Crl) No. 21.
84
hostile to the regime of Syrian President Bashar al- Assad, claimed credit for the
Twitter and the Huffington Post hacks in a series of Twitter messages. Security
experts said electronic records showed that NYTimes.com, the only site with an
hours-long outage, redirected visitors to a server controlled by the Syrian group
before it went dark.260

The National Crime Records Bureau (NCRB), Ministry of Home Affairs

in India has released Cyber Crime Statistics for the year 2013, which again shows
rapid increase in cyber crime by 50% on year to year basis from 2012- 2013. The
statistics mainly show cases registered under cyber crimes by motives and
suspects. The maximum offenders came from the 18-30 age groups. Among
states, the highest incidents of cyber crime took place in Maharashtra (907)
followed by UP (682) and AP (651). The maximum cyber criminal arrested
under the IT Act in Maharashtra (426) and AP (296) followed by UP (283). In
percentage terms, the most dramatic increase in cases registered under IT Act in
Uttrakhand (475%) followed by Assam (450%). Interestingly, the picture
postcard union territory, Andaman and Nicobar Islands, registered an eye-
popping increase of 800% in the same category. The Delhi city has registered 131
cases of cyber crime which is an increase of 72.4% as compared to last year 2012.
Whereas Lakshadweep, Dadar and Nagar Haveli reported no cyber crime cases
for the year 2013. Also cyber crime activities seem to rare in the north eastern
states. In 2013, only one case each was registered in Nagaland and Mizoram.261

The Hon’ble Supreme Court declared section 66A as unconstitutional in its

entirety and against the freedom of speech and expression and struck it down in
Shreya Singhal and others v. Union of India 262. This section had been misused by
police in various states to arrest the innocent person for posting critical comments
about social and political issues on networking sites. This section had led to the
arrest of many people’s for posting content deemed to be allegedly objectionable
on the internet.

There are a large number of cyber laws passed and amended in India as
well as in United States of America and United Kingdom. But instead of these
laws the cyber crimes are increasing day by day. For example, a total of 8, 045
cases were registered under Information Technology Act during the year 2015 as

260
“Twitter Hacked by Syrian Group”, New York Times, Aug. 28, 2013, available at: http://www.
thedailystar.net/news/new-york-times-twitter-hacked-by-syrian-group (visited on March 11, 2017)
261
National Crime Records Bureau, Ministry of Home Affairs, Cyber Crimes in India, 2013, p.
176, available at: http://ncrb.nic.in (visited on Sep. 22, 2015)
262
AIR 2015 SC 1523.
85
compared to 7, 201 cases during the previous year 2014 and 4,356 cases during
2013, showing an increase of 11.7% in 2015 over 2014 and an increase of 65.3%
in 2014 over 2013.263 As compare to India, in United States of America for the
year 2015, Cost of Data Breach Study by IBM and the Pone mom Institute
revealed that the average total cost of a data breach increased from $ 3.52 million
in 2014 t0 $ 3.79 million. Another study said that cyber crime will become a $ 2.1
trillion problem by 2019.264 The National Crime Agency (NCA) released a report
on July 7, 2016 by highlighting the need for stronger law enforcement and
business partnership to fight cyber crime. According to the NCA cyber crime
emerged as the largest proportion of total crime in the United Kingdom with
“cyber enabled fraud” making up 36 % of all crime reported and computer misuse
accounting for 17%.265 The Office of National Statistics (ONS) estimated that
there were 2.46 million cyber incidents and 2.11 million victims of cyber crime in
the United Kingdom in 2015 and only 16, 349 cyber dependent and
approximately 700, 000 cyber enabled incidents reported to Action Fraud over the
same period.266

On April 2015, United States President Barack Obama released an

executive order with regard to combat cyber crime which empowers the United
States to freeze assets of convicted cybercriminals and block their economic
activities within the United States.267 In 2016, it is estimated by the study of
Juniper Research that the costs of cyber crime could be as high as 2.1 trillion by
2019.268

Thus, the cyber crime is an evil having its origin in the growing
dependence on computer in modern life. There is a wide range of offences that
can be committed through communication technology.269 It is not going to stop
anytime soon and it seems like it will just continue to grow until new methods of
263
Supra note 78, pp. 163-164.
264
Limor Kissem, “2016 Cyber Crime Reloaded: Our Prediction for the Year Ahead”, (Last
Modified on Jan. 15, 2016), available at: https://securityintelligence.com/2016-cybercrime-
reloaded-our- predictions-for-the-year-ahead/ (visited on Dec. 2, 2016).
265
National Crime Agency (UK), Cyber Crime Assessment, 2016, available at:
www.nationalcrimeagency.gov.uk/publications/709-cyber-crime-assessment-2016/file (visited on
Feb. 14, 2017).
266
The Office of National Statistics(UK), Cyber Crime Assessment, 2015, pp. 5-6, available at:
www.nationalcrimeagency.gov.uk/publications/709-cyber-crime-assessment-2016/file (visited on
Feb. 14, 2017)
267
“Cybercrime”, available at: https://en.wikipedia.org/wiki/Cybercrime (visited on March 11,
2017).
268
Ibid.
269
“History of Cyber Crime”, available at: http://www.bezaspeaks.com/cybercrime/history.htm
(visited on March 9, 2017).
86
fighting it are introduced. Because it is found that at some point of time history
become current events.

Today, it is found that due the technology of the Internet era there are very
few people whose lives are not affected whether it is beneficially or harmfully.
There is also the positive side of this technology as well as negative. By the
positive side it is found that there is tremendous increase in the ability to share
and exchange information instantaneously which led to provide unprecedented
benefits in the areas of education, commerce, entertainment and social interaction
and on the negative side, it is felt that there is the increase in opportunities for the
commission of crimes because this latest technology has encouraged the potential
criminals to commit crimes through computer, computer system or computer
network with almost no monetary cost and with lesser risk of being caught.

To compare this latest type of crimes using technology with the

perpetrators of traditional economic-motivated crimes like burglaries, larcenies,
bank robberies etc. it is found that cyber crimes are relatively free from worry of
directly encountering law enforcement and witnesses. Because in the past decade,
this ever growing technology has altered the way of teenagers to communicate and
interact with others like their age friends, youngster, older and parents.

87
 CHAPTER - IV
CYBER CRIMES IN INDIA: LEGISLATIVE AND
JUDICIAL RESPONSE
4.1 Introduction
The internet has a global face. India, too, being a formidable part of the
globe, felt a seism shift in the technological set up when the Information
Technology waves surged ahead and necessitated the formation of the
Information Technology ministry in the country in the year 1999.270 Obviously the
information society offers vast scope and opportunities to human beings to
identify information, to evaluate information, and to exchange information for the
benefits of the citizens the world over. Information technology creates a new
working environment, work culture, commercial connections, and trading
networks. It enables information and knowledge-based work to be carried out
from any location.. It is virtually transforming and revolutionizing the world.271

Cyberspace’s inherent lack of spatiality and temporality has created new

forms of e- commerce that did not previously exist. 272 Cybercrime is quickly
becoming a threat to national and economic security. Many corporations and
institutions, both public and private, are vulnerable, particularly those involved in
critical infrastructure. On the other hand, other businesses have identified
organised cyber criminal networks as their top cyber security concern, and they
are prepared to protect against them.273

The increasing opportunities for productivities, efficiency and worldwide

communications brought additional users in droves.274 The reliability and
availability of the internet are critical operational considerations. Activities that
Talat Fatima, Cyber Crimes, 2011, p. 78.
270

Abhijit Kumar Pandey, “Cyber Crimes in Cyber Age and its Response by Indian Judiciary”,
271

available at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1097695, visited on Jan. 14,

2015 (last modified on Feb. 26, 2008).
272
Christine Conradt, “Online Auction Fraud and Criminological Theories: the Adrian Ghighina
Case”,
International Journal of Cyber Criminology, vol. 6, No. 1, Jan.- June, 2012, p. 912
available at: http://www.cybercrimejournal.com/christine2012janijcc.pdf (visited on Feb. 22.
2017).
273
Atul Bamara, Gajendra Singh, et.al., “Cyber Attacks and Defense Strategies in india: An
Empirical Assessment of Banking Sector”, International Journal of Cyber Criminology, vol. 7 No.
2, Jan.- June, 2013, pp. 49-50 available at :
https://www.researchgate.net/publication/236682638_
Cyber_Attacks_and_Defense_Strategies_in_India_An_Empirical_Assessment_of_Banking_Secto
r (visited on March 6, 2017).
274
R.C. Mishra, Cyber Crime: Impact in The New Millennium, 2002, p. 53.
88
threaten these

attributes like spamming, spoofing etc. have grave impacts on its user
community.275 Lawyers and legal consultants' work is also included in the
improvements. Given the importance of this critical sector and its powerful role in
the judicial system, there has been a growing interest in regulating the legal
profession in what appears to be a genuine drive towards upgrading the
profession. 276

As cyber crime has spread across the globe at an exponential rate, many in
the criminal justice industry have lacked appropriate and up-to-date understanding
about the pedestrian realities of current cyber crime. The popular media has
portrayed cyber crime as a lone hacker breaking through seemingly impenetrable
security barriers to gain access to lucrative secret data. These kind of crimes are
uncommon, but cybercrime is all too widespread. 277 The increasing relevance of
information technology may be shown in the fact that, for the first time in India, a
Delhi-based businessman has created a digital will of the confidential information
stored in his e-mail account. The concept of digital will is a foreign one that is
gaining traction in India as well. 278

The success of the nation's legislative, judicial, and executive powers is the
source of its strength. The judiciary's role is to promote justice and equity through
the effective implementation of laws and regulations, ensuring that everyone gets
their fair share.279 The Legislature and the judiciary is the important organs of any
country for its success in making the good international relations and attracting
investment and sufficient laws. A judicial system whi8ch is fair and modern is
needed for getting the confidence of the international community and for the
collective action on the part of several entities in order to reach the desired end.

The society needs some degree of order and continuity for the purpose of
functioning in a good and orderly way because from the long time safety and
security is a question of protection against dangers from the physical world

275
Supra note 2.
276
Hassan Arab, “The Development of The Judiciary- Challenges and outlook”, available at:
http://www.tamimi.com/en/magazine/law-update/section-7/October-november-1/the-development-
of- the-judiciary-challenges-and-outlook.html (visited on Jan. 1, 2015).
277
Jose R. Agustina, “Exploring Internet Crimes and Criminal Behaviour”, Book Review of Cyber
Criminology, vol. 6 No. 2, July- Dec., 2012, p. 1044, available at: http://www.cybercrime
journal.com/Augustinabookreview2012julyijcc.pdf (visited on March 7, 2013)
278
“Ab E-mail Accounts Ki Bhi Hui Wasiyat”, Navbharat Times, April 5, 2010, p. 5.
89
because from the last century, the cyberspace arose alongside the old world.
With this traditional offline world the better legislative response is required. In
this present chapter an attempt is made to discuss the national laws which are
passed for combating the cyber offences in India. These are discussed as follows:

4.2 Provisons Under Information Technology Act, 2000

International trade through electronic means was spreading day-by-day

and many countries had turned over from traditional paper base commerce to E-
commerce. With this globalization of trade and business, the international
community felt a need of such a law which would set uniform standards for
electronic commerce. This thought led to the adoption of Model Law on
Electronic Commerce by the United Nations Commission on International Trade
Law (UNCITRAL).

Indian Parliament has passed the first legislation in the Fifty-first year of
the Republic of India called as the Information Technology Act 279, 2000 which is
based on the resolution280 adopted by the General Assembly of United Nations
regarding the Model Law on Electronic Commerce on January 30, 1997 which is
earlier adopted by the United Nations Commission on International Trade Law
(UNCITRAL). This resolution recommends that all States must give favorable
consideration to this Model Law when the States are going to enact or revise their
laws with the view of uniformity of law as alternative to paper based methods of
communication and storage of information. India was also the signatory to this
Model Law and had to revise its national laws as per the said Model Law. As a
result, India created the Information Technology Act of 2000 to provide legal
recognition to transactions using electronic data interchange and other forms of
electronic communication, as well as to make the filing of paperwork with
government institutions easier. The Indian Penal Code, 1860, the Indian Evidence
Act, 1872, the Bankers Books Evidence Act, 1891, and the Reserve Bank of India
Act, 1934 are also amended by the Act. Some instruments, such as a negotiable
instrument, a power of attorney, a trust, a will, including any other testamentary
disposition, any contract for the sale or conveyance of immovable property, and
any contract for the sale or conveyance of personal property, are exempt from the
provisions of this Act.

Supra note 7.
279

It received the assent of the President on June 9, 2000 and notified in the Official Gazette on
280

October 17, 2000.

90
 interest in such property and any such class of documents or transactions
as may be notified by the Central Government in the Official Gazette.281

Though since 2000 In India, the Information Technology Act was enacted
to combat cybercrime, but the problem is that it is still more on paper than in
practice since lawyers, police officers, prosecutors, and judges are unable to
comprehend its highly technical wording. 282 Primarily, the IT Act, 2000 is meant
to be a legislation to promote e-commerce which is not very effective in dealing
with several other emerging cyber crimes like cyber harassment, defamation,
stalking etc. There was a need to amend the Information Technology Act, 2000
for the purpose of making it more relevant in today’s context. For this purpose the
Information Technology (Amendment) Bill, 2006 was proposed which was
further amended by Information Technology (Amendment) Bill, 2008 and passed
in Lok Sabha on Dec. 22 and in Rajya Sabha on Dec. 23, 2008. Then the
Information Technology Act, 2000 is amended by Information Technology
(Amendment) Act283, 2008.

4.3 Amendments in Various Legislations through Information

Technology Act, 2000
The Information Technology Act, 2000 also passed with the further
objective to amend the provisions of Indian Penal Code, 1860, the Indian
Evidence Act, 1872, the Bankers Books Evidence Act, 1891 and the Reserve
Bank of India Act, 1934 as mentioned in its statement of objects and reasons. In
order to achieved the objectives of IT Act, consequential amendments were made
in above mentioned Acts because the Model Law requires that there should be
no discrimination between the normal documents and the electronic records. The
following legislations were amended in consequential of IT Act, 2000. These are
mentioned as under:

Amendments in Indian Penal Code, 1860

The Information Technology Act, 2000 has made some amendments in
Indian Penal Code, 1860. These amendments have been made in the manner

281
Resolution No. A/RES/51/162, January 30, 1997.
282
Section 1(4) of Information Technology Act, 2000 (Act No. 21 of 2000).
283
Samiksha Godara, “Prevention and Control of Cyber Crimes in India: Problems, Issues and
Strategies”, A Thesis submitted to Maharishi Dayanand University, 2013, p. 2, available at:
http://shodhganga.inflibnet.ac.in/bitstream/10603/7829/12/12_chapter%203.pdf (visited on May
20, 2016).
91
specified in the First Schedule read with section 91.284 The extra territorial
jurisdiction of the Indian Penal Code, 1860 was also expanded to include all the
offences which targets computer resources in India and various sections which are
relating to a false document were also amended to include a false electronic
record.285 Through these amendments section 29 A which defines the words
“electronic record” has been inserted after section 29 which defines the word
“document” with the purpose to maintain the statutory balance.

The words "such public worker, charged with the preparation or translation
of any document, frames or translate that document" have been replaced in
section 167 by "such public servant, charged with the preparation or translation of
any document or electronic record.". The Act amends this section which deals
with the framing an incorrect document by a public servant with intent to cause
injury, by substituting the words “electronic record”. By this amendment now a
public servant may be charged for framing an incorrect electronic record with
intent to cause injury.

Section 172 punishes a person who absconds in order to avoid being

served with summon, notice or order and section 173 punishes intentional
prevention of the service of Summons, notice or order. By substituting the words
“electronic record” a person shall be liable under these sections if he fails to
produce a document or electronic record in a Court of Justice. Section 175
punishes a person who refuses to produce documents which he is legally bound to
produce before a public servant or in a Court of Justice. By substituting the words
“electronic record” a person shall be liable under this section if he fails to produce
a document or electronic record before a public servant or in a Court of Justice.

Amendments in Indian Evidence Act, 1872

The Information Technology Act, 2000 has made some amendments in
Indian Evidence Act, 1872. These amendments have been made in the manner
specified in the Second Schedule read with section 92.286 Section 3 of Indian
Evidence Act, 1872 defines the word “evidence” is amended to include electronic
records as an evidence for the inspection of the Court. Section 17 defines the
word “admission” is amended to include admission in electronic form. After
It was notified in the Official Gazette on Feb. 5, 2009.
284

Section 91 and First Schedule has been repealed by the Information Technology (Amendment)
285

Act, 2008
286
Sections 4, 192, 463, 464, 466, 468, 469, 471, 474, 476 and 477A of Indian Penal Code,
1860 (Act
No. 45 of 1860).
92
section 22, section 22A is inserted which provides the circumstances when an oral
admission as to contents of electronic records are relevant.

Section 34 highlights the areas when entries in the books of account are
relevant. This section is amended to include accounts books in electronic form.
Section 35 is amended to maintain the register of births, deaths or marriages, revenue
records etc. in electronic form. Section 39 is amended to take into consideration
the evidentiary value of a statement, which forms the part of an electronic record.
Section 131 is also amended to include production of electronic records which
another person, having possession, could refuse to produce. Some other important
sections are inserted by this Act which is related to opinion as to electronic
signature when relevant287, admissibility of electronic records288, proof290 and
verification of digital signatures291 and lastly, presumptions as to electronic
evidence292.

Amendments in Banker’s Books Evidence Act, 1891

The Information Technology Act, 2000 has made some amendments in
Banker’s Books Evidence Act, 1891. These amendments have been made in the
manner specified in the Third Schedule read with section 93. 289 The definitions of
“banker’s books” as defined under Section 2 (3) and “certified copies” as defined
under Section 2 (8) of Banker’s Books Evidence Act, 1891 are amended to
include data stored in electronic devices and printouts of such data. Section 2A is
also inserted on certifications to accompany such printouts.

Amendments in Reserve Bank of India Act, 1934

The Information Technology Act, 2000 has made some amendments in
Reserve Bank of India Act, 1934. These amendments have been made in the
manner specified in the Fourth Schedule read with section 94.290 In section 58, sub
clause pp is inserted after clause p of subsection 2 with the purpose to introduce
and regulate Electronic Fund Transfer (EFT) mechanism between the banks and
other financial institutions.

4.4 Definition of Cyber Crimes under Information Technology

Act, 2000
287
Section 92 and Second Schedule has been repealed by the Information Technology
(Amendment) Act,
288
Section 47 A of Indian Evidence Act, 1872.
289
Section 65 B of I E Act, 1872.
290
Section 67 A of I E Act, 1872.
93
 This Act is specifically deals with cybercrimes. The legislative provisions
relating to cyber crimes are mentioned under Chapter XI of the Information
Technology Act, 2000 under the heading of ‘Offences’ which deals with the
various types of offences which is done in the electronic form or concerning with
computers, computer systems, computer networks. Strangely, the term ‘cyber
crime, or ‘cyber offence’ is neither defined nor this expression is used under the
Information Technology Act, 2000. The cyber legislative provisions with respect
to various cyber crimes in India are given as follows:

Tampering with Computer Source Documents

This is the first cyber crime which is punishable under the Information
Technology Act, 2000. Section 65 of the Act provides that Any person who
knowingly or intentionally conceals, destroys, or alters any computer source code
used for a computer, computer programme, computer system, or computer
network, or causes another to conceal, destroy, or alter any computer source code
used for a computer, computer programme, computer system, or computer
network, when the computer source code is required to be kept or maintained by
law, shall be subject to a penalty of up to three years in prison for tampering with
computer source documents. The explanation clause added with this provision
explains the meaning of “computer source code” by stating that it means the
listing of programmes, computer commands, design and layout and programme
analysis of computer resource in any form.

This offence is related with the vandalism of information which is residing

in a computer. And the source code was required to be kept by the law and
criminalizes the direct or indirect concealment, destruction or alteration of
computer source code. This act is punishable only when it done either knowingly
or intentionally. The purpose behind this section is to protect the intellectual
property which is invested in

the computer programmes and to protect the copyright violation. The court
of Judicial Magistrate of First Class has jurisdiction over this offence, which is
bailable, cognizable, and triable. The Hon'ble court ruled in a case that cell
phones met the definition of a "computer" under the Information Technology Act,
and that the unique Electronic Serial Numbers (ESNs), SIDs (System
Identification Codes), and MINs (Mobile Identification Numbers) programmed
into each handset are "computer source code" under the Information Technology

94
Act.291 Fabrication of an electronic record or forgery by way of interpolations in a
CD produced as evidence in court is punishable under this section, it was
decided..292

Computer Related Offences

Computer related offences are punishable under this section with
imprisonment for a term which may extend to three years or with fine which may
extend to five lakh rupees or both. The Information Technology (Amendment)
Act of 2008 moves the term "data theft" from section 43 to section 66, making
this section more powerful and removing the term "hacking." Previously, the
offence of ‘Hacking with Computer System' was covered under section 66.
However, hacking has been replaced with computer-related offences, which reads
as follows: If any person commits any act referred to in section 43, dishonestly or
fraudulently, and the section was broad enough to cover all computer-related
offences. However, under section 43 I of the Amendment Act of 2008, hacking is
now covered in principle. It has anything to do with illicit computer access Only
when hacking is done dishonestly or fraudulently is it considered a crime under
Section 66. 293
Section 66 does not make hacking per se as an offence but it
depends on mens rea.294 Under this section, anybody who causes a computer
resource to perform a function with the dishonest or fraudulent goal of securing
access while knowing that the access he seeks to secure is unauthorised is
accountable.

Section 43 of Information Technology Act as amended by Amendment

Act, 2008 states that any person shall be liable to pay damages by way of
compensation not exceeding one crore rupees to the person so affected if the
person without permission accesses or secures access to a computer, computer
system, or computer network or computer resource; downloads, copies, or
extracts any data, computer data base, or information from such computer,
computer system, or computer network, including information or data held or
stored in any removable storage; introduces or causes the introduction of any
computer contaminant or computer virus into any computer, computer system, or
computer network; damages or causes the destruction of any computer, computer
291
Section 73 A of I E Act, 1872.
292
Sections 81 A, 85 A, 85 B, 85 C, 88 A, 90 A of I E Act,.
293
Section 93 and Third Schedule has been repealed by the Information Technology
(Amendment) Act,
294
Section 94 and Fourth Schedule has been repealed by the Information Technology
(Amendment) Act,
95
system, or computer network, data, computer data base, or other programmes
residing in such computer, computer system, or computer network; disrupts or
causes the disruption of any computer, computer system, or computer network in
violation of the requirements of this Act, its rules, and regulations; Tampers with
or manipulates any computer, computer system, or computer network to charge
the services of one person to the account of another; destroys, deletes, or alters
any information residing in a computer resource or diminishes its value or utility
or affects it injuriously by any means; steals, conceals, destroys or alters or causes
any person to steal, conceal, destroy or alter any information residing in a
computer resource; steals, conceals, destroys or alters or causes any person for a
computer resource with an intention to cause damage.

Section 70 (3) of Information Technology Act provides that any person

who secures access or attempts to secure access to a protected system in
contravention of the provisions of this section shall be punished with
imprisonment of either description for a term, which may extend to ten years and
shall also be liable to fine.

In a case, where the accused gained the unauthorized access to the Joint
Academic Network and deleted, added files and changed the passwords to deny
access to the authorized users. It was revealed by the investigations that Kumar
was logging on to the BSNL broadband Internet connection as if he was the
authorized genuine user and made alteration in the computer database pertaining
to broadband Internet user accounts of subscribers. The Additional Chief
Metropolitan Magistrate, Egmore, Chennai sentenced him to undergo a rigorous
imprisonment for one year with a fine under section 420 of Indian Penal Code for
cheating and section 66 of Information Technology Act for computer related
offence through communication service, etc.295

Sending Offensive Messages through Communication Service etc.

computer network in violation of this Act's standards, rules, and

regulations; Tampers with or manipulates any computer, computer system, or
computer network to charge the services of one person to the account of another;
destroys, deletes, or alters any information residing in a computer resource or
diminishes its value or utility or affects it injuriously by any means; steals,
conceals, destroys, or alters or causes anyone else to steal, conceal, destroy, or
alter any information; steals, conceals, destroys, or alters or causes anyone else to

295
Syed Asifuddin and Ors. v. State of Andhra Pradesh and Anr., (2005) Cri LJ 4314 AP.
96
steal, conceal;

a) any information that has menacing character; or is grossly offensive or

b) any information that he knows to be false, but persistently spreads through

the use of a computer resource or a communication device for the purpose
of creating irritation, inconvenience, danger, obstruction, insult, injury,
criminal intimidation, enmity, hatred, or ill will.

c) any electronic mail or electronic mail message sent with the intent to
annoy, inconvenience, or deceive or mislead the addressee or receiver as to
the origin of the message296

The first clause of this section deals with the sending of information which
is ‘grossly offensive’ or having a ‘menacing character’ such as online stalking, online
defamation and text bullying, etc. But these two terms are not defined in the Act
itself. The clause (b) of this section deals with the sending of false messages with
repetition for causing inconvenience like online insult, online intimidation, net
extortion, hate mails etc. The clause (c) of this section deals with spam and
unsolicited mails such as e-mail spoofing and cyber phishing etc. Under this
section the message may be in any form so long as it involves a computer
resource or a communication device like e-mails, SMS’s blogs, tweets, images,
and voice over IP, Skype etc.

However, the Supreme Court ruled that section 66A was unconstitutional
in its entirety and violated the right to freedom of speech and expression, and it
was knocked down.

Shreya Singhal and others v. Union of India 297. Police in several

jurisdictions have utilised this part to falsely arrest people for making critical
remarks about social and political problems on social media sites. This section
had led to the arrest of many people’s for posting content deemed to be allegedly
objectionable on the internet.

Dishonestly receiving stolen computer resource or communication device

Dishonestly accepting stolen computer resources or communication

devices is punishable under Section 66 B of the Information Technology Act of
2000, which was inserted by Amendment Act of 2008. According to this Act,
296
Bhim Sen Garg v. State of Rajasthan and Others, (2006) Cri LJ 3463 Raj 2411.
297
R.K . Chaubey, An Introduction to Cyber Crime and Cyber Law, 2009, p. 45.
97
anyone who dishonestly receives or retains a stolen computer resource or
communication device, knowing or having reason to believe it is a stolen
computer resource or communication device, is punishable by imprisonment for
up to three years, a fine of up to one lakh rupees, or both.

This offence is bailable, cognizable and triable by the court of Judicial

Magistrate of First Class. It would apply to those people who buy or retain stolen
computer resource or any communication device. For the ambit of this section it
includes devices such as mobile phones, laptops, and computers and also in the
other computer resources such as stolen data and software. For example: if A has
purchased a stolen cell phone worth rupees 40,000 for Rs. 3000 where A knows
that it is a stolen property, then A is liable under section 66 B for dishonestly
receiving stolen computer resource or communication device.

Identity Theft
Identity Theft is punishable under Section 66 C of the Information
Technology Act of 2000, which was added by the Amendment Act of 2008.
According to this clause, anyone who uses another person's electronic signature,
password, or other unique identity features fraudulently or dishonestly faces a
three-year prison sentence and a fine of up to one lakh rupees.

This section deals with identity theft i.e. the dishonest or fraudulent use of
a unique identification feature of a person, which includes identifiers like an
electronic signature, a login password, a PIN, a photograph or a biometric
identifier. The terms ‘dishonest’ and ‘fraudulent’ have been explained previously
to mean an intention to cause economic loss or gain to a person, and the intention
to cause loss through deception respectively. This section does not differentiate
between a natural person and legal person like a company.298 This offence is
bailable, cognizable and triable by the court of Judicial Magistrate of First Class.
For example: if A has made a duplicate copy of ATM card of B and withdraws
rupees from his account, then A is liable under section 66C for theft of identity.

Identity theft or Identity fraud may be in the form of Financial Identity

theft, Criminal Identity theft, Commercial Identity theft and Identity Cloning.
Financial Identity theft consists of using stolen identity for financial fraud like
extracted online banking details through phishing and used it to make purchases.
Criminal Identity theft consists of using of identity of other person for doing
criminal activities like using another person’s email for sending spam.
298
H. Chander, Cyber Laws and IT Protection, 2012, p.76.
98
Commercial Identity theft includes the theft of identity of a company, business or
other commercial enterprises for taking benefit or committing crime. Identity
Cloning includes the cloning of identity of a person for creating further accounts
or to take over all his accounts.

In one case, the question was raised as to whether a wife accessing her
husband's and father-in-email law's accounts without their permission in order to
obtain evidence in a Dowry harassment case is liable under section 66C of the
Information Technology Act for unauthorised access and dishonest use of any
person's password. The wife was found to be accountable under this provision by
the court.303

Cheating by personation by using computer resource

The Information Technology (Amendment) Act, 2008 included Section 66
D to provide penalty for cheating by personation utilising a computer resource.
According to this law, anyone who cheats by personation using any
communication device or computer resource is subject to imprisonment of either
sort for a duration of up to three years, as well as a fine of up to one lakh rupees.
The court of Judicial Magistrate of First Class has jurisdiction over this offence,
which is bailable, cognizable, and triable. This section is applied to any case of
cheating by personation which is committed by using a computer resource or a
communication device. Cheating by personation has been defined under section
416 of the IPC which refers to an act of a person who pretends to be another
person or knowingly substituting one person for another or representing that he or
any other person is a person other than he or such other person really is, thereby
deceives another person into performing some act. It is clearly explained that the
offence is committed whether the individual personated is a real or imaginary
person by inserting the explanation clause to the section.

Violation of privacy
Section 66 E is inserted by Information Technology (Amendment) Act,
2008 for providing punishment for violation of privacy. According to this section,
anyone who intentionally or knowingly captures, publishes, or transmits an image
of a person's private area without his or her consent, thereby infringing on that
person's privacy, shall be punished with either imprisonment for a term not
exceeding three years or a fine not exceeding two lakh rupees, or both. The court
of Judicial Magistrate of First Class has jurisdiction over this offence, which is
bailable, cognizable, and triable.
99
 This section covers the three steps of a breach of a person's bodily privacy:
capture, publishing, and transmission. This section makes any of these stages
illegal if they are carried out without the victim's agreement. Capturing include to
capture an image by any means such as videotaping, filming or recording by
using any kind of technology like video recorders, cameras, CCTVs, webcam in a
PC or any other forms of electronic surveillance like spy cameras or any kind of
hidden cameras, smart phones etc. Publication includes the creation of copies
both in print i.e. magazines, books, newspapers and in an electronic form i.e. on
the websites or CDs. Transmission means to deliberate or intentional electronic
transfer of the image via emails, internet, messaging, Bluetooth etc. with the
purpose that it can be viewed instantly by other persons. The offence is complete
immediately on the sending of the mail. It is irrelevant that whether the person to
whom the mail is sent read the mail or not.

Now-a-days Sting operations are very common in many countries like

USA but these operations are not permitted in many countries like Sweden.299 It
is said unlike the U.S. and certain other countries where the sting operation is
recognized as a legal method of law enforcement, though in a limited manner, the
same is not the position in India.300 In court on its own motion v. State301 case, the
Division bench held that where a sting operation made by a private person or an
agency, which may result in violating bodily privacy of another person will fall
under section 66 E of the Act. Such person shall be liable under the Act.

A 24 year old cyber crime accused and his two aides who are wanted in
cyber crime cases, walked into the cyber crime police station, Mumbai, posing as
vigilance officers and tried to conduct a sting operation on the investigation
officer on Feb. 17, 2017. They wanted to blackmail the senior police inspector of
the cyber crime cell to not take any action against the accused. However, their spy
pen camera did them in. Subsequently, the police found that the three men had
fake Central Vigilance Commission (CVC) identity cards and fake letterheads
with the names of CBI officers. The Spy camera has been seized. 302 Then the
police charged him under section 34 (common intention), 170 (personating a
public servant), 174, 419(cheating by personation), 420 and 506 of IPC.

299
N. G. Arun Kumar v. Whiteley, (2005), available at:
https://www.scribd.com/doc/190389306/Case- studies-under-Indian-IT-Act-200 (visited on April
10, 2017).
300
Inserted vide Information Technology (Amendment) Act, 2008.
301
AIR 2015 SC 1523: (2005) 5 SCC.
302
Anirudh Rastogi, Cyber Law- Law of Information Technology and Internet, 2014, p. 109.
100
Cyber Terrorism
“Get ready …. Terrorists are preparing ….cyberspace based attacks….”303
Terrorism is a kind of threat or terror against common people or government
which is not predictable.304 Cyber terrorism is a new form of terrorism, which
exploits the system we have put in place. There is a continual drive to
computerize every process, in order to add remote access, accuracy features and
ease of use.305 Generically, cyber terrorism consists of using computer technology
to engage in terrorist activity.306 This type of cyber crime can involve using the
internet to communicate with other terrorists, to transfer the money needed to
fund a terrorist act or any other related activity.

The intentional employment of disruptive actions, or the threat of such

activities, in cyber space with the goal to achieve social, ideological, religious,
political, or similar objectives, or to terrorise any individual in furtherance of such
objectives, may be characterised as cyber terrorism. 307
The FBI defined Cyber
Terrorism, “the premeditated, politically motivated attack against intonations
computer system, computer programs and data which results in violence against
non combatant targets by sub national groups or clandestine agents”.308 Cyber
terrorism, according to security expert Dorothy Denning, is defined as politically
motivated hacking activities intended to cause grave harm, such as death or
serious economic damage.309

Cyber war and cyber terrorism do not find any mention in the Indian
Cyber law before. But now the Information Technology (Amendment) Act, 2008
made the provision for cyber terrorism under section 66F which provides
punishment for cyber terrorism. This offence is non-bailable, cognizable and
triable by the court of Sessions. The legislative provisions relating to cyber
303
Vinod Kaushik and Ors. v. Madhvika Joshi and Ors., (2010) Cr. Comp 2.
304
“Sting Operation”, Wikipedia, available at: https://en.wikipedia.org/wiki/Sting_operation
(visited on April 6, 2017).
305
The Hindu, New Delhi, June 24, 2016, available at:
http://www.thehindu.com/news/national/sting- operation-not-a-legal-method-of-law-enforcement-
supreme-court/article5944283.ece (visited on April 6, 2017).
306
(2013) WP (C) 162, Del.
307
The Times of India, Mumbai, Feb. 20, 2017, available at: http://timesofindia.indiatimes.
com/city/mumbai/cyber-crime-accused-2-aides-try-sting-op-on-cop/articleshow/57240684.cms
(visited on April 6, 2017).
308
John Arquila, “Waging War Through the Internet”, p. E1 (Last Modified on Jan. 15, 2006),
available at: http://www.sfgate.com/opinion/article/Waging-war-through-the-Internet-
America-is-far- 2506659.php (visited on March 6, 2017).
309
P. Kraber, “Urban Terrorism: Baseline Data and a Conceptual Framework”, Social Science
Quarterly, 1971, p. 52.
101
terrorism is given as follows:

(1) Whoever;

(A) With the purpose to jeopardise India's unity, integrity, security, or

sovereignty, or to terrorise the people or any segment of the population by

(i) preventing or causing the denial of access to any person who has been
given permission to utilise a computer resource; or

(ii) attempting to gain unauthorised access to a computer resource or

exceeding authorised access;; or

(iii) introducing or inducing the introduction of any type of computer

contaminant and, as a result of such behaviour, causes or is likely to cause
death or injury to persons, property damage or destruction, or interrupts or
is likely to disrupt supplies or services vital to the community's life, or
negatively affects the critical information infrastructure described in
section 70,, or

(B) knowingly or intentionally penetrates or accesses a computer resource

without authorization or exceeds authorised access, and obtains access to
information, data, or a computer database that is restricted for reasons of
national security or foreign relations; or any restricted information, data, or
computer database, with reasonable grounds to believe that such
information, data, or database is confidential; or any restricted information,
data, or computer database, with reasonable grounds to believe that such
information, data, or database is confidential; or any restricted information,
data, or computer database, the state's security, friendly relations with
foreign states, public order, decency, or morality, or in relation to
contempt of court, defamation, or incitement to commit a crime, or for the
benefit of any foreign nation, group of individuals, or otherwise commits
cyber terrorism..

(2) Anyone who acts or conspires to commit cyber terrorism faces a sentence
of imprisonment that might last a lifetime.

Clause 1(A) of this section deals with cyber terrorism that directly affects
or threatens to influence the public with the intent of jeopardising the nation's
unity, integrity, or security, and instilling fear in the people's minds. This section's
clause 1(B) deals with cyber terrorism that has a direct impact on the state as a
result of unlawful access to restricted information, data, or a computer database.
102
 A terrorist means a person who indulges in wanton killing of persons or in
violence or in disruption of services or means of communications essential to the
community or in damaging property with the view to putting the public or any
section of the public in fear; or affecting adversely the harmony between different
religious, racial, language or regional groups or castes or communities; or
coercing or overawing the government established by law; or endangering the
sovereignty and integrity of the nation.310 Thus, cyber terrorist is a person who
uses the computer system as a means to achieve the above stated objective and
every act which is done in pursuance thereof is called cyber terrorism. Cyber
terrorists use a various tools for completing their purpose of cyber terrorism
including hacking, cryptography, Trojan attacks, and computer worms, viruses,
denial of service attacks, E-mail related crimes etc.

In a case, the issue was raised before the court that whether an offence of
defamation could reasonably covered under section 499 of I.P.C. or it requires
section 66 F of IT Act. The court has to make the distinction between two and it is
observed that section 499 of I.P.C. covered the offence of defamation with respect
to person and the term ‘person’ does not include a State whereas section 66F
covered the defamation of State.311

In India, the serial blasts in Ahmadabad, Delhi, Jaipur and Banglore are
the live examples of the cyber terrorism in 2008. The Mumbai Taj Hotel attack in
2008, popularly known as 26/11, and the Varanasi blast in 2010 both had cyber
terrorism tracks. 312 The fundamental goal of a cyber terrorist is to obtain sensitive
information and disseminate fear via cyber communications in order to jeopardise
national security, unity, integrity, and peace, among other things.

Publishing or transmitting obscene material in electronic form

(Cyber Pornography)
The term ‘Pornography’ means to describe or to show sexual acts with the
intention to cause sexual excitement through pornographic websites or
pornographic material produced by using computers, internet and also including
to download and transmit pornographic videos, pictures, photos, writings etc.
310
R.K. Tiwari, P.K Sastry, et.al., Computer Crime and Computer Forensics, 2002, p. 99.
311
Susan W. Brenner, “At Light Speed: Attribution and Response to Cybercrime/ Terrorism/
Warfare”, Journal of Criminal Law and Criminology, vol. 97, No. 2, 2007, p. 386,
available at: http://scholarlycommons.law.northwestern.edu/cgi/viewcontent.cgi?
article=7260&context=jclc (visited on Feb. 13, 2017).
312
Parthasarathi Pati, “Cyber Crimes”, available at: http://www.naavi.org/ pati/pati_
cybercrimes_ dec03.htm (visited on April 30, 2015).
103
 Section 67 of the Information Technology Act of 2000, as amended by the
Information Technology (Amendment) Act of 2008, governs the electronic
publication of obscene information. This section provides for the punishment for
publishing or transmitting obscene material in electronic form. Under this Act if
a person who publishes, transmits, or causes to be published in electronic form
any material that is lascivious, or if its effect is such that it tends to deprave and
corrupt persons who are likely to read, see, or hear the matter contained or
embodied in it, shall be punished on first conviction with imprisonment up to
three years and a fine up to five lakh rupees, and in the second conviction with
imprisonment up to three years and a fine up to five lakh rupees, and in the third
The court of JMIC has jurisdiction over this offence, and it is bailable,
cognizable, and triable..

The Information Technology Act of 2000 in India addresses the subject of

cyber pornography. Because the Act does not directly prohibit it, storing or
watching pornography privately is allowed. Transmitting or publishing
pornographic material, on the other hand, is prohibited. Prior to amendment
section 67 was the sole provision of the Information Technology Act which deals
with obscene publications including all forms i.e. pornography and child
pornography. But now after Amendment Act, 2008, at present it deals with
publishing of obscene information only. Section 67A of the Act specifically
prohibits publishing of sexually explicit/ pornographic material and section 67B
of the Act specifically prohibits child pornography. This section only criminalizes
the publication and transmission of sexually explicit/ pornographic material in an
electronic form but viewing, downloading, possession etc. is not an offence under
this section.

Section 67 A of the Information Technology (Amendment) Act of 2008

states that anyone who publishes, transmits, or causes to be published or
transmitted in electronic form any material containing sexually explicit act or
conduct shall be punished on first conviction with imprisonment of either
description for a term up to five years and a fine up to ten thousand dollars.

Section 67 B inserted by Information Technology (Amendment) Act, 2008

has been exclusively dealt with child pornography which provides that if any
person whoever publishes or transmits or causes to be published or transmitted
material in any electronic form which depicts children engaged in sexually
explicit act or conduct or creates text or digital images, collects, seeks, browses,
downloads, advertises, promotes, exchanges or distributes material in any
104
electronic from depicting children in obscene or indecent or sexually explicit
manner or cultivates, entices or induces children to online relationship with one or
more children for and on sexually explicit act or in a manner that may offend a
reasonable adult on the computer resources or facilitates abusing children online
or records in any electronic form own abuse or that of other pertaining to sexually
explicit act with children shall be punished on first conviction with imprisonment
of either description for a term which may extend to five years and with a fine
which may extend to ten lakh rupees and in the event of second or subsequent
conviction with imprisonment of either description for a term which may extend
to seven years and also with fine which may extend to ten lakh rupees.

Section 67A and 67B are the only sections which are non-bailable as per
section 77B of the Act, whereas others are bailable. We also have section 69A of
Information Technology Act, 2000 where Central Government or its officer
appointed can issue directions to other Government Agencies and Intermediaries
to block such information for public access if it is necessary or expedient so to do
in the interest of sovereignty and integrity of India, defense of India, security or
the State, friendly relations with foreign state or for the sake of maintaining public
order or preventing incitement to the commission, or any cognizable offence
relating to above.

Section 67 C inserted by Information Technology (Amendment) Act

provides that when Intermediary intentionally or knowingly contravening the
direction for preservation and retention of information which is specified by the
central government under clause 1 of the section 67 C, shall be punished by
imprisonment for a period of up to three years, as well as a fine. This offence is
also bailable and cognizable.

Failure to comply with the directions given by the Controller

According to section 68 of the Information Technology Act, the controller
has a power to direct the Certifying Authority or any employee to take such
measure or cease carrying on such activities as required for the compliance of the
Act. But any person who intentionally or knowingly fails to comply with such
order shall be guilty of an offence and shall be punished on conviction with an
imprisonment for a term not extending two years or to a fine not extending one
lakh rupees or both. This offence is also bailable and non-cognizable.

It is clear from the wording of this section that the Controller could only
give the directions to a Certifying Authority or any employee of such Authority,
105
but by the virtue of section 18 (1) his power may also be extendable to the
subscribers of a digital signature certificates because this section provides that
Controller has also the power to resolve any conflict of interests between
Certifying Authority and the Subscribers.

Accessing protected system

A protected system means any computer, computer system or computer
network which is to be a protected from the access of unauthorized person by the
appropriate government. The competent authority can declare any computer,
computer system, or computer network a protected system under Section 70 of the
Information Technology Act., by notification in the official gazette. The
Government has also the power to authorize the person who is authorized to
access protected system by order in writing. Any unauthorized person who gains
access to a protected system or attempts to gain access to one is subject to
imprisonment for a term which may extend to ten year and shall also be liable to
fine under this section. This offence is also non-bailable and cognizable.

In one case, the Kerala government issued a notification declaring a

protected system for an e-government software named "FRIENDS," which was
produced by the petitioner under a contract. The petitioner filed a writ petition,
alleging that section 70 of the Information Technology Act and the notification
are unconstitutional and in violation of the copyright act. A notification under
section 70 of the Information Technology Act is deemed to be a copyright
declaration under section 17 (d) of the Copyright Act, 1957. 313 The court further
held that only a computer resource could be declared to be a protected system
under the Information Technology Act if that amounted to a government work
under copyright Act.

Breach of Confidentiality and Privacy

Privacy refers to a person's right to choose when, how, and to what degree his
or her personal information is shared with others. Unauthorized use, dissemination, or
exposure of personal information such as medical data, sexual preferences, or
financial position is considered a breach of privacy. Confidentiality refers to not
disclosing information to unintended or undesirable recipients.

In general, parties sharing information make an agreement under Section

Syed Mohd. Uzair, “Cyber Crime and Cyber Terrorism in India, A thesis submitted to Aligardh
313

Muslim University, 2013, p. 68, available at: http://shodhganga. inflibnet.ac.in/ bitstream/

10603/63591/9/09_chapter%202.pdf (visited on Feb. 13. 2017).
106
72 to maintain the confidentiality of such information by agreeing not to reveal
such information to third parties or to use it in such a way that it would be
divulged to third parties. Furthermore, the employee may a time leak the valuable
information of organization only for the purpose of monetary gains or benefits
and leads to cause the breach of contract of confidentiality

Section 72 of Information Technology Act is inserted for the purpose of

punishing the wrongdoer for breach of privacy and confidentiality relating to data
and information. Other sorts of information are very useful for business, and
leaking such information to others may cause harm to the business or the
individual. Such information should be protected and kept hidden.

This section gives the right of privacy over any information which is
acquired in official capacity. The person shall be liable under this section when he
made the disclosure of information without consent or permission from the
authorized person. This offence is bailable and non-cognizable.

This section states that anyone who obtains access to any electronic record,
book, register, correspondence, information, document, or other material without
the consent of the person concerned, or discloses such electronic record, book,
register, correspondence, information, document, or other material to any other
person is subject to a penalty of up to five years in prison.

Disclosure of information in breach of lawful contract

Section 72 A is inserted by amendment Act Information Technology
(Amendment) Act, 2008 which provides punishment for disclosure of information
in breach of lawful contract. Under this section any person including an
intermediary who, while providing services under the terms of lawful contract,
has secured access to any material containing personal information about
another person, with the intent to cause or knowing that he is likely to cause
wrongful loss or wrongful gain discloses, without the consent of the person
concerned or in breach of a lawful contract, such material to any other person
shall be punished with imprisonment which may extend to three years or with fine
which may extend to five lakh rupees or with both.

Section 72 of the Act criminalizes the mere disclosure of personal

information without consent but this section also requires the intention to cause or
knowledge of likelihood of causing wrongful loss or gain. It also applies to any
person including intermediaries, who discloses information secured through the

107
provisions of services under a lawful contract. This offence is also bailable and
cognizable.

Offences Related to Electronic Signature Certificate

IT Act also makes provision for the offences related to Electronic
Signature Certificate314 under section 73 and 74. Section 73 provides penalty for
publishing Electronic Signature Certificate false in certain particulars and section
74 provides penalty for publication for fraudulent purposes. Section 73punishes
the wrongdoer who publish an Unless such publication is for the purpose of
verifying an Electronic Signature created prior to such suspension, the Certifying
Authority listed in the certificate has not issued it; the Subscriber listed in the
certificate has not accepted it; or the certificate has been revoked or suspended.

Subsection (1) of the above stated section makes it clear that it is an

offence to knowingly publish an Electronic Signature Certificate or otherwise
make it available on any other person, when it has already been revoked or
suspended and it makes the Certifying Authority liable for any failure on their
part to publish a notice of such suspension or revocation in the repository
specified in the Electronic Signature Certificate for the publication of such notice.
This subsection also makes it clear that no offence shall be made out if
publication of an Electronic Signature Certificate is for the purpose verifying the
Electronic Signature created prior to such suspension or revocation.

Section 74 further punishes anybody who intentionally manufactures,

publishes, or otherwise makes available an Electronic Signature Certificate for
any fraudulent or criminal purpose with a maximum sentence of two years in
prison or a maximum fine of one lakh rupees, or both.

The Supreme Court defined the term ‘publication’ in the case of Bennett
Coleman & Co. v. Union of India315. The term ‘publication’ means dissemination
and circulation. The term includes dissemination, storage and transmission of
information or data in electronic form if we talk about in the context of digital
medium.

Offences by Companies

314
Dorothy Denning, Activism, Hactivism and Cyber terrorism: The Internet as a tool for
Influencing Foreign Policy, 2001, p. 241.
315
“White Collar Crimes with special Reference to Cyber Crimes”, Legal Services India,
available at: http://www.legalservicesindia.com/article/article/white-collar_crimes_cyber_crimes-
255-1.html (visited on May 2,, 2012).
108
 Section 85 of the Information Technology Act incorporates the concept of
corporate criminal liability, or the criminal liability imposed on a company for its
contravention of the Act or any rule, direction or order made there under. The
explanation to this section provides that a company is anybody corporate,
including a firm or association of individuals. The company may be corporate or
incorporated.

If a person commits a contravention of any of the provisions of this Act or

any rule, direction, or order made there under, every person who was in charge of
and responsible to the company for the conduct of the company's business as well
as the company at the time the contravention was committed shall be liable to
punishment.

However, if such a person can show that the violations occurred without
his knowledge or that he took reasonable steps to prevent them, he will not be
held accountable under this section. Furthermore, if it is proven that such
contraventions under section 85 occurred with the consent or convenience of, or
are attributable to the negligence of, any director, manager, secretary, or other
officer of the company, such director, manager, secretary, or other officer must be
deemed guilty of the contraventions and must be prosecuted and punished.316

In a case the Hon’ble Court held that “there is no statutory compulsion

that the person-in-charge or an officer of the company may not be prosecuted
unless he is ranged alongside the company. If there is a violation....by the
company, everyone or any of them may be prosecuted separately or along with
the corporation.”317 But this position was overruled in a combined decision by the
Supreme Court in the cases of Aneeta Hada v. M/S Godfather Travels and Tours
Pvt. Ltd.318 and Avinash Bajaj v. State319 which stated that the firm's prosecution
was a prerequisite for the prosecution of those in charge of or responsible for the
company, as well as the director or managing director.

Jurisdictional Legislative Approach

Cyber jurisdiction, also known as cyberspace jurisdiction, refers to the
authority of a real-world government and an usually existing court over internet
users and their acts in the cyber realm. A significant reality is that net users and
316
Krishnan v. Krishnaveni, AIR 1997 SC 9876: 1997 AIR SCW 950: 1997 Cr LJ 1519.
317
Jyoti Rattan, Cyber Laws & Information Technology, 2014, p. 261.
318
B.N. Firos v. State of Kerala, AIR 2006 Ker 279.
319
“Electronic Signature Certificate” has been substituted for the “Digital Signature Certificate”
by IT (Amendment) Act, 2008.
109
hardware users are never virtual, but rather have a physical presence in one or
more countries over which jurisdiction can be exercised, and this jurisdiction is
known as cyber jurisdiction or cyberspace jurisdiction. 320In addition to electronic
contacts, there must be some act purposefully directed toward from state. Thus
courts have focused on the purposeful ailment prong of the due process, minimum
contacts test. Though courts have granted jurisdiction in the lack of any
relationship beyond a web site in unusual situations, this is unlikely to be
sustained in the long run. It is, firstly, impossible to enforce decisions of this
nature in every case, considering that often the website owner may be in a hostile
country, or in a jurisdiction that simply refuses to recognize the jurisdiction of the
court issuing the original decree. 321 The Legislative provisions relating to Cyber
jurisdiction in India are discussed as follows:

Jurisdiction under Criminal Procedure Code, 1973

Cyber jurisdiction was an issue in civil cases only. But in 1996 in U.S. v.
Thomas322 case, cyber jurisdiction became an issue in criminal cases also. 323
Currently, the internet is everywhere, the commission of a cybercrime by an
individual by, for example, posting material to the internet, results in this
criminal act being simultaneously being committed everywhere on the internet.
Thus, defamatory statements posted to newsgroups or social media on the internet
are accessible by persons the world over, who have access to the internet.

Jurisdiction over other cyber crimes, for instance under the Indian Penal
Code, 1860 has to be determined by the provisions of the Criminal Procedure
Code, 1973. The fundamental principle on jurisdiction is the same under the
Information Technology Act324 and the Criminal Procedure Code, 1973, though
stated differently. The basic legal principle of jurisdiction under the code of
Criminal Procedure, 1973 is that every offence shall ordinarily be inquired into
the tried by a court within whose local jurisdiction it was committed.325 Any court
under section 182 within whose jurisdiction such letters or messages were sent or
where they were received may enquire into or try any offence that includes
cheating if the deception is carried out through letters or telecommunication

320
AIR 1972 2 SCC 788.
321
Supra note 48, p. 289.
322
Sheoratan Agarwal v. State of Madhya Pradesh, (1985) SCR (1) 719.
323
AIR 2012 SC 2795.
324
(2009) Crl. Appl. 1483.
325
Supra note 48, p. 345.
110
messages.

Sections 177 to 188 of the Criminal Procedure Code, 1973 deals with
criminal jurisdiction. The jurisdiction of this code is based on the place of inquiry
where the offence or elements of the offence are committed, as well as the place
of trial. Section 177 this code provides that every offence shall ordinarily be
inquired into and tried by a court within whose jurisdiction it was committed. It is
necessary to mention here that this section does not purport to restrict territorial
jurisdiction. It operates as a general provision that sets out where the offence may
be tried ordinarily, without laying down exclusions to jurisdiction.

No finding, sentence, or order of a Criminal Court shall be set aside solely

on the basis that the inquiry, trial, or other proceedings in the course of which it
was reached or passed took place in the wrong session, division, district, sub-
division, or other local area, unless it appears that such error has in fact resulted in
a failure of justice, according to Section 462 of this code..

Section 178 provides the situations where there is uncertainty as to the

local area within which the crime was committed (a) when it is uncertain in
which of several local areas in which an offence is committed, or b) where an
offence is committed partly in one local area and partly in another, or c) where an
offence is a continuing one that is committed in more than one local area, or d)
where it consists of several acts committed in several different local areas, it may
be investigated or tried by a court with jurisdiction over any of these local areas.
According to the preceding rule, the courts within whose jurisdiction the offence
was committed, even if only a part of it, have jurisdiction to try the case. When an
act is an offence by reason of anything that has been done or a consequence that
has ensued under section, the offence may be investigated and tried by a court
within whose local jurisdiction such item has been done or such consequence has
followed. 179
. Where an act is an offence by the reason of its relation to any other act
or which would be an offence if the doer was capable of committing an offence
may be enquired into or tried by a court within whose jurisdiction either of the
acts done under section 180. Certain specified offences have been required by law
to be enquired into or tried in certain places under section 181. An offence of
criminal breach of trust or misappropriation may be tried by or enquired into by
the court within whose local jurisdiction the offence was committed or any part of
the property relating to offence was received or retained or required to be
accounted or returned by the offender.326
326
Amita Verma, Cyber Crimes and Law, 2009, p. 322.
111
 According to section 181, any offence involving cheating may be
investigated or tried by any court within whose local jurisdiction such letters or
messages were sent or received, and any offence involving cheating and
dishonestly inducing delivery of property may be investigated or tried by any court
within whose local jurisdiction such letters or messages were sent or received. If
two or more courts take cognizance of the same offence and the question arises as
to which of the courts has jurisdiction to investigate or try the case, a) the
question will be decided by the High Court under whose jurisdiction both such
courts operate. b) Where two or more courts are not subordinate to the same High
Court, the question of jurisdiction is decided by the High Court whose appellate
criminal jurisdiction the proceedings were originally brought. 327

Section 187 (1) provides that when a magistrate of the first class sees
reason to believe that any person within his local jurisdiction has committed
outside such jurisdiction whether within or outside India an offence which cannot,
under the provisions of sections 177 to 185 (both inclusive), or any other law for
the time being in force, be inquired into or tried within such jurisdiction but is
under some law for the time being in force triable in India, such magistrate may
inquire into the offence, as if it had been committed within such local jurisdiction
and compel such person in the manner hereinbefore provided to appear before
him, and send such person to the Magistrate having jurisdiction to inquire into or
try such offence, or, if such offence is not punishable with death or imprisonment
for life and such person is ready and willing to give bail to the satisfaction of the
Magistrate acting under this section, take a bond with or without sureties for his
appearance before Magistrate having such jurisdiction. Clause (2) of the said
section says that where there are more Magistrates than one having jurisdiction
and the Magistrate acting under this section cannot satisfy himself as to the
Magistrate to or before whom such person should be sent or bound to appear, the
case shall be reported for orders of the High court.

Cyber Jurisdiction under Information Technology Act, 2000

As there is no international instrument relating to cyber jurisdiction, every
state should have its own national law with extraterritorial jurisdiction to cover
the extraterritorial nature of internet activity. In 1996, the United Nations
Commission on International Trade Law adopted a model law on E-Commerce,
which was ratified by the General Assembly through a Resolution. The General
assembly recommended that all states should give favorable consideration to the
327
(1996) 74 F. 3d 701.
112
said model law on commerce. India being the signatory to said model law enacted
The Information Technology Act, 2000 to make law in tune with the said model
law.328 Jurisdiction under the Information Technology Act is prescribed under
sections 1 (2) and 75, 46(1A), 48(2) which are to be read along with the relevant
provisions under the Indian Penal Code.

Section 1(2) of the Information Technology Act, 2000 provides for the
jurisdiction of Indian courts in cyber crimes only. It does not talk about civil
jurisdiction.329 The said Act beings by saying, in clause (2) of section 1 that “it
shall extend to the whole of India and, save as otherwise provided in the Act, it
applies also to any offence or contravention hereunder committed outside India
by any person”. As a result, it is explicitly established that the court's cyber
jurisdiction would apply to cyber crimes committed both within and outside of the
country.

Section 46(1A) empowers the adjudicating officer appointed under the

Information Technology Act, 2000 as amended by Amendment Act, 2008 under
section 46 (1) by the central government to exercise jurisdiction to adjudicate
matters in which the claim for injury or damage does not exceed rupees five
crore. But a proviso is also added with the principal clause which clearly states
that jurisdiction in respect of claim for injury or damage exceeding rupees five
crore shall vest with the competent court. Section 48(2) empowers the Central
Government to specify the matters and places in relation to which the Cyber
Appellate Tribunal may exercise jurisdiction under the Act.

Section 75(2) of the said Act states that it shall apply to an offence or
contravention committed outside India by any person irrespective of his
nationality, if the act or conduct constituting the offence or contravention involves
a computer, computer system or computer network located in India. This section
provides for the extra- territorial jurisdiction of the Indian courts over the
offences or contraventions committed outside India. Under this section, the
jurisdiction of the Act extends to every person having any nationality, who
commits an offence on foreign territory by using a computer situated within India.
This section is restricted only to those offences or contraventions which are
provided therein but not to other offences punishable under other laws.

Section 75 is restricted only to those offences or contraventions provided

therein and not to other offences under other laws such as the Indian Penal Code,
328
Supra note 48, p. 349.
329
Sec. 1(2) and sec. 75 of IT Act, 2000.
113
1860. Jurisdiction over other cyber crimes, for instance under the Indian Penal
Code, 1860 has to be determined by the provisions of the Criminal Procedure
Code, 1973. The fundamental principle on jurisdiction is the same under the
Information Technology Act, 2000330 and the Criminal Procedure Code, 1973,
though stated differently. The basic legal principle of jurisdiction under the code
of Criminal Procedure, 1973 is that every offence shall ordinarily be inquired into
the tried by a court within whose local jurisdiction it was committed.331 These
principles in the Code of Criminal Procedure, 1973 apply for determining
jurisdiction in trial by courts as well as in investigation by the police. When an
offence is committed in more than one location, or partly in one location and
partly in another, or when it is committed in more than one local area and
continues to be committed in more than one local area, or when the offence
consists of several acts committed in different local areas, it may be investigated
or tried by a court with jurisdiction over either of these areas.332

Section 4 of the Indian Penal Code, 1860 provides that the law is assuming
jurisdiction over violators of The Information Technology Act, 2000 outside the
territorial boundaries of India. This provision is explained perhaps by the unique
nature of cyberspace, which knows no boundaries. The Information Technology
Act, 2000 specifically provides that unless otherwise provided in the Act, it also
applies to any offence or contravention there under committed outside India by
any person irrespective of his nationality.333 It is however clarified that the Act
shall apply to an offence or contravention committed outside India by any person
if the act or conduct constituting the offence or contravention, involves a
computer, computer system or computer network, located in India.334

In the event where it is uncertain in which of several areas the offence was
committed, again it may be inquired into or tried by a court having jurisdiction
over either of such areas of uncertainty.335Certain specified offences have been
required by law to be inquired into or tried in certain places. 336 When two or more
courts take cognizance of the same offence and a question arises as to which of
the courts has jurisdiction to inquire into or trial that offence, the question shall be

330
Sec. 177 of Cr.P.C., 1973.
331
Section 181 (4) of Cr. P.C.
332
Section 186 of Cr. P.C.
333
Supra note 48, p. 346.
334
D. Latha, “Jurisdiction Issues in Cyber Crimes”, The Weekly Law Journal, vol. 4, 2008, p. 88.
335
Sec. 1(2) and sec 75 of Information Technology Act, 2000.
336
Sec. 177 of Cr.P.C., 1973.
114
decided by the High Court under whose jurisdiction both such courts operate. 337

The issue of jurisdiction is not settled yet because India is still not a
signatory to the Cyber Crime Convention and the bilateral Extradition Treaties
which it has signed with around 35 countries so far do not mention ‘cyber crime’
as extraditable offences.

However, as the Supreme Court of India held in Rambabu Saxena v. State 338,
“extradition may still be granted if the treaty does not enlist a specific offence for
which extradition is sought, but authorises the Indian government to grant extradition
for some additional offences by inserting a general clause to this effect.”339

4.5 Police Powers of Investigation in Cyber Crime Cases

The computer crime will be the biggest challenge for the police,
investigators, academicians, bar and bench. It would be much more difficult for
the investigating teams to investigate these crimes.340 The experts believe a new
breed of criminals could damage telecommunication or rail links, disrupt power
supplies and harm other important parts of India’s infrastructure.341 The
Information Technology Act establishes a legal framework for conducting
cybercrime investigations, searches, and seizures. Relating to these crimes,
various organizations such as the Central Bureau of Investigation and the Data
Security Council of India have issued many guidelines. Various Cyber Crime
Investigation Cells have been established in India to deal specifically with the
investigation of cybercrime.. The following are the provisions dealing with
powers of police for cybercrime’s investigation under the Information
Technology Act, 2000.

Currently, Maharashtra is the first state in the country which will have a
cyber police station in each district simultaneously.342 Section 28 of the Act gives
the power to the Controller or any other officer authorized by him in this behalf
for the investigation of any contravention of the provision, rules or regulations
made under the Act. They shall also have the like powers which are conferred on
the Income Tax authorities under Chapter XIII of Income Tax Act, 1961 and
under Information Technology Act. Chapter XIII of Income Tax Act, 1961 gives
337
Sec. 178 of Cr.P.C., 1973.
338
Sec. 1(2) of IT Act, 2000.
339
Sec. 75 of IT Act, 2000.
340
Sec. 178(a) of Cr.P.C., 1973.
341
Sec. 180 of Cr.P.C., 1973.
342
Sec. 186 (a) of Cr.P.C., 1973.
115
the power to Controller or any other officer authorized by him in this behalf for
the discovery and inspection of the documents and books of accounts during
search and also empowers to examine a person on oath for the purpose of
collecting evidence in any proceeding. Section 29 of the Act as amended vide
Amendment Act, 2008 empowers the Controller or any other person authorized
by him to access any computer system, an apparatus or data and to make search
for any information which is available in such computer system if he suspects that
there is something which is contrary to the provisions under the Act. Here, in this
Act, the term ‘apparatus’ has not been defined clearly but it may include the
output devices such as scanners, external hard disk, pen drives or other storage
devices.

Section 78 of the Information Technology Act as amended vide

Amendment Act, 2008 provides that a police officer who is not below the rank of
Inspector shall have the power to investigate any offence committed under this
Act; the same would be true notwithstanding anything contained in the Code of
Criminal Procedure, 1973. It seems that this section makes a departure from the
Code of Criminal Procedure, 1973 because this section states that in order to
make investigation in non cognizable offence, a police officer is to obtain the
order of a Magistrate having the power to try such cases or commit the case for
trial under section 155 Code of Criminal Procedure, 1973 and for cognizable
offence, any officer in charge of police station may proceed without the order of a
Magistrate having the power to try such cases or commit the case for trial under
section 156 Code of Criminal Procedure, 1973.

Section 80 of the Act empowers the police officers or other officers to

enter any public place i.e. public conveyance, any hotel, any shop or any other
place intended for use by or accessible to the public and search and arrest any
person without warrant if who is suspected of having committed or being about to
commit or of committing any offence under this Act. This power has been given
to the police officers who are not below the rank of an Inspector or any other
officer authorized by Central Government in this behalf. This section limits the
powers of police officers and other officers to enter search and arrest any accused
from the public place only including any public conveyance, any hotel, any shop
or any other place intended for use by or accessible to the public.

Under 66A of IT Act, 2000, the police have also given excessive powers.
This section had been misused by police in various States to arrest the innocent
person for posting critical comments about social and political issues on
116
networking sites. This section had led to the arrest of many people’s for posting
content deemed to be allegedly objectionable on the internet. Due to this reason,
recently, the Hon’ble Supreme Court has declared section 66A as unconstitutional
in its entirety and against the freedom of speech and expression and struck it
down in Shreya Singhal and others v. Union of India343.

The provisions of Code of Criminal Procedure, 1973 which are relating to

entry, search or arrest will also apply under this section. The police authorities are
likely to abuse the powers granted under this section because they are
unrestricted. Clause 3 of this section states that if any person is arrested by an
officer other than a police officer, that officer must take or convey that person to
the magistrate who has jurisdiction in the matter or to the officer-in-charge of a
police station without delay. This code gives the unfettered powers to the police
for investigation in all cases where they suspect that a cognizable offence is
committed.

“The investigation under this Code, taken in several aspects and stages,
ending ultimately with the formation of an opinion by the police as to whether, on
the material covered and collected, a case is made out to place the accused before
the magistrate for trial, after submission of either a charge sheet or a final rep,”
according to the Supreme Court in Roopchand Lal v. State of Bihar 344 case. The
formation of the opinion that no case against the accused is made out, is a final
step in the investigation, and that final step is to be take only by the police and by
no other authority.”345

On September 9, 2010, the imposter made a fake profile in the name of the
Hon’ble President Pratibha Devi Patil. A complaint was made from Additional
Controller, President Household, President Secretariat regarding the four fake
profiles created in the name of Hon’ble President on social networking website,
Facebook for misleading the general public. The FIR under section 469 of Indian
Penal code and section 66A of Information Technology Act, 2000 was registered
on the basis of said complaint at police station.346

Judicial Response

343
AIR 1950 SC 155: 1950 SCJ 406: 1950 SCR 573.
344
Vakul Sharma, Information Technology- Law and Practice, 2016, pp. 371-372.
345
Mr. Pramod Mahajan, Information Technology Minister(then), address in one day seminar on
“Cyber Law and Police” organized by CBI in Delhi on July 23, 2000.
346
Mr. R.K. Raghvan, CBI Chief (then), address in one day seminar on “Cyber Law and Police”
organized by CBI in Delhi on July 23, 2000.
117
 Cybercrime being of intangible nature, it does not require any physical
violence or the presence of accused at the scene of crime. Under these
circumstances, the traditional adversarial system of litigation would hardly meet
the ends of justice in cases relating to cybercrime. Commenting on the problem
faced by the judiciary and the enforcement agencies in dealing with computer
related crimes, the Supreme Court of India in State of Punjab and Others v. M/S
Amritsar Beverages Ltd. and Others347 observed that:

“Internet and other information technologies have brought with them the
issues which were not foreseen by law. It also did not foresee the difficulties which
may be faced by the officers who may not have any scientific expertise or not have
the sufficient insight to tackle with the new situations. Various new developments
leading to various kinds of crimes unforeseen by our Legislature came to
immediate focus. Although the Information Technology Act of 2000 was updated
to encompass numerous sorts of cybercrimes and punishments for them, it does
not address all of the issues that officers enforcing the Act face.”

Above all, the Indian Judiciary has played an important role in handling
cyber crimes in cyber age. Because India's Supreme Court has been the final
arbiter of laws for decades. The judicial and law enforcement agencies are fully
aware that the resources available to investigate and punish crimes and terrorist
activities perpetrated against or through computers or computer networks are
almost entirely national in scope at the moment.

The important function of the judiciary is to interpret the laws with the
purpose to find out the real intention of the legislature which is expressed in the
form of language used in the legislation. It is said on the basis that the court does
not legislate but only interprets the existing laws. The Honorable Supreme Court
held in Institute of Chartered Accountants of India v. Price Waterhouse348 case
that a statute is an edict of the legislature. The language used in a statute is
considered as determinative factor of legislative intent. The words and phrases
used are the symbols that stimulate mental references to referents. That’s why the
main purpose of interpreting the laws is to find out the real intention of the
legislature enacting it.

In the case of Grid Corporation of Orissa Ltd. v. AES Corporation, the

Indian court is playing an important role in dealing with such offences by using

347
The Tribune, Chandigarh, Nov. 4, 2016, p. 7.
348
AIR 2015 SC 1523: (2005) 5 SCC.
118
their technological temperament.349 In this case the Hon’ble Supreme Court held
that “when an effective consultation can be achieved by resort to electronic media
and remote conferencing, it is not necessary that the two persons required to act in
consultation with each other must necessarily sit together at one place unless it is
the requirement of law or of the ruling contract between the parties.”350

As a result of the advancement of new technology, the Hon'ble Supreme

Court, in State of Maharashtra v. Dr. Pratful B. Desai 351, allowed video
conferencing, stating that it is an advancement in science and technology that
allows one to hear, see, and talk with someone who is far away as if they were
right in front of them. A similar decision was made in Amitabh Bagchi v.
EnaBagchi352 case and in Bodala Murali Krishan v. Smt. Bodala Prathima353 case.
The Supreme court also approved the principle of updating construction with the
purpose to move towards the fast changing technology based society and held in
Ponds India Ltd. v. Commissioner of Trade Tax, Lucknow354 case that although
Wikipedia is not an authentic source but may be looked at for the purpose of
gathering information.

In Mohammed Ajmal Mohammad Amir Kasab v. State of Maharashtra 355

case, the court appreciated the electronic evidence while delivering the judgment.
The court appreciated it whether in the form of CCTV footage, memory cards,
mobile devices, data storage devices, intercepted communications over VolP, IP
Addresses, etc.

Tampering with computer source documents

The Indian judiciary is playing the important role in dealing with the
cyber crimes relating to the tampering with computer source documents. Syed
Asifuddin and Ors.

v. State of Andhra Pradesh and Anr. 356 is the first case which is related to
section 65 of the Information Technology Act. In this case, the court determined
that cell phones met the definition of "computer" under the Information
349
AIR 1968 SC 117: (1967) 3 SCR 668: 1968 Cr LJ 97.
350
Vakul Sharma, Information Technology- Law and Practice, 2016, p. 278.
351
Case Studies under IT Act, 2000, available at: https://www.scribd.com/doc/190389306/Case-
studies- under-Indian-IT-Act-200 (visited on April 10, 2017).
352
AIR 2006 SC 2820 (Para II).
353
AIR 1998 SC 74: (1997) 6 SCC 312.
354
(2002) 7 SCC 736.
355
Grid Corporation of Orissa Ltd. v. AES Corporation, (2002) 7 SCC 736.
356
AIR 2003 SC 2053: (2003) 4 SCC 601.
119
Technology Act, and that the unique Electronic Serial Numbers (ESNs), SIDs
(System Identification Codes), and MINs (Mobile Identification Numbers)
programmed into each handset are "computer source code" under the Information
Technology Act, which must be kept secret..

In Bhim Sen Garg v. State of Rajasthan and Others357 case, it was held that
fabrication of an electronic record or committing forgery by way of interpolations
in CD produced as evidence in a court attract punishment under this section.

In Sanjay Kumar v. State of Haryana 358 case the petitioner has been
convicted for an offence punishable under section 65 and 66 of IT Act read with
420, 467, 468 and 471 of IPC and sentenced for rigorous imprisonment but the
petitioner filed an appeal against such order which was dismissed by the appellate
court and upheld the trial court judgment. In this case the manager of Vijay Bank,
NIT, Faridabad, filed a complaint to police by stating that the petitioner was
deputed by M/S Virmati Software and Telecommunication Ltd. to maintain the
software system supplied by them to the Bank. But the petitioner has manipulated
the interest entries of computerized bank account and thereby cheated the
complainant bank by forging electronic record in order to cause wrongful loss to
the bank.

Computer related Offences

The Indian judiciary is playing a critical role in combating cybercrime,
which falls under the category of computer-related crimes. In Kumar v.
Whiteley359 case, the accused gained the unauthorized access to the Joint
Academic Network and deleted, added files and changed the passwords to deny
access to the authorized users. It was revealed by the investigations that Kumar
was logging on to the BSNL broadband Internet connection as if he was the
authorized genuine user and made alteration in the computer database pertaining
to broadband Internet user accounts of subscribers. The Additional Chief
Metropolitan Magistrate, Egmore, Chennai sentenced him to undergo a rigorous
imprisonment for one year with a fine under section 420 of Indian Penal Code for
cheating and section 66 of Information Technology Act for computer related
offence through communication service, etc.

In Sanjay Kumar v. State of Haryana360 case, the manager of Vijay Bank,

357
AIR 2005 Cal 11: 2005 (2) Civ LJ 281.
358
AIR 2007 AP 43.
359
(2008) 8 SCC 369.
360
(2012) 9 SCC 1: AIR 2012 SC 3565: 2012 AIR SCW 4942.
120
NIT, Faridabad, filed a complaint to police by stating that the petitioner was
deputed by M/S Virmati Software and Telecommunication Ltd. to maintain the
software system supplied by them to the Bank. But the petitioner has manipulated
the interest entries of computerized bank account and thereby cheated the
complainant bank by forging electronic record in order to cause wrongful loss to
the bank. But the court found him guilty and convicted him for an offence
punishable under section 65 and 66 of IT Act read with 420, 467, 468 and 471 of
IPC and sentenced for rigorous imprisonment but the petitioner filed an appeal
against such order which was dismissed by the appellate court and upheld the trial
court judgment.

In State of A.P v. Prabhakar Sampath361 case, the complainant M/S SIS

Infotech Pvt. Ltd., Hyderabad, carrying the business of research station, filed a
complaint by stating that somebody successfully hacked their server and
downloaded their e-reports through some free public sites. After investigation
made by the police, the accused was found guilty and charged under section 66 of
IT Act for hacking content server of complainant’s company.

Sending Offensive Messages through Communication Service etc.

The Indian judiciary is playing the important role in dealing with the cyber
crimes relating to sending offensive messages through communication service etc.
The Additional District Court and Sessions Court was upheld a lower court’s verdict
in the first cyber case in State v. Ts. Balan and Aneesh Balan362 case in 2006 and
sentenced a Pentecostal priest and his son for morphed photographs and e-mailed
to victims from fake IDs with captions under section 67 of Information
Technology Act, 2000.

In the light of a series of arrests made under section 66A of the

Information Technology Act, 2000, Shreya Singhal v. Union of India363 is the case
where the writ petition was filed in public interest under Article 32 of the
Constitution of India for seeking to strike down Section 66A as unconstitutional
by arguing that section 66A is so wide, vague and incapable of being judged on
objective standards that it is susceptible to wanton abuse. It was further argued
that the terms ‘offensive’, ‘menacing’, ‘annoyance’, ‘danger’, ‘obstruction’ and
‘insult’ have not been defined in the Information Technology Act, General
Clauses Act or any other legislation. It has been held in the case of A. K. Roy v.
361
(2005) Cri LJ 4314.
362
(2006) Cri LJ 3463 Raj 2411.
363
(2013) CRR 66 (O&M) 1.
121
Union of India364 that the impossibility of framing a definition with mathematical
precision does not justify the use of vague expressions. In the said case, a
provision of the National Security Act was held to be violative (due to being
capable of wanton abuse) of the Fundamental Right to Life and Personal Liberty
guaranteed under Article 21 of the Constitution. Citing the arrests made under
section 66A, the petitioner submits that the wide legislative language of the
Section severely disincentives citizens from exercising their Constitutionally
protected right to free speech for fear of frivolous prosecution (the ‘chilling
effect’), which violates the Freedom of Speech and Expression guaranteed under
Article 19(1)(a) of the Constitution. Furthermore, whether or not section 66A
meets the test of ‘reasonableness’ laid down under Article 19(2), it is nonetheless
violative of Articles 14 (Right to Equality) and 21 of the Constitution. The Hon’
SC declared section 66A as unconstitutional in its entirety and against the
freedom of speech and expression and struck it down in Shreya Singhal and
others v. Union of India365. This section had been misused by police in various
states to arrest the innocent person for posting critical comments about social and
political issues on networking sites. This section had led to the arrest of many
people’s for posting content deemed to be allegedly objectionable on the internet.

Additionally, in S. Khushboo v. Kanniammal366, the Supreme Court

observed that the proper course for Magistrates is required to use their statutory
powers to direct an investigation into the allegations before taking cognizance of
the offence alleged where the cases involving the fundamental right of Freedom
of Speech and Expression. Because in this the petitioner prays that Section 66A of
the Information Technology Act shall be struck down as unconstitutional and a
guideline must be issued by the Court that offences involving Freedom of Speech
and Expression be treated as non-cognizable offences.

In Rajeev Chandrashekhar v. Union of India 367 and Common Cause v.

Union of India368case, a writ petition was filed in public interest under Article 32
of the Constitution of India by challenging section 66A of the Information
Technology Act, 2000 and Rules 3(2), 3(3), 3(4) and 3(7) of the Information
Technology (Intermediaries Guidelines) Rules, 2011 as unconstitutional. In this
364
(2005), available at: https://www.scribd.com/doc/190389306/Case-studies-under-Indian-IT-
Act-200 (visited on April 10, 2017).
365
(2013) CRR 66 (O&M) 1.
366
(2015) Cr. Comp 489/2010, Hyderabad.
367
(2006) Additional District Court and Sessions Court, Kerala, for morphed photographs and e-
mailed to victims from fake IDs with captions.
368
AIR 2015 SC 1523: (2005) 5 SCC.
122
case the Petitioner, a serving Member of Parliament submits that Section 66A
contains several words/terms that are undefined, vague, open to misinterpretation,
and thus problematic. This imposes statutory limits on the exercise of internet
freedom which are well beyond the Constitutional parameters of ‘reasonable
restrictions’ enshrined in Article 19(2) and the Intermediaries Guidelines Rules,
Rule 3(2) lists the various types of information that ought not to be carried on a
computer system which violates Article 14 in being arbitrary and overly broad.

In Common Cause v. Union of India 369 case, Common Cause, a registered

society, filed a writ petition under Article 32 of the Constitution of India for the
enforcement of Fundamental Rights under Articles 14, 19 and 21 of the
Constitution of India by challenging the constitutional validity of Articles 66A,
69A and 80 of the Information Technology Act. In this case it is contended that
the restrictions imposed by Section 66A of the IT Act are violative of Article 14
because they restrict free online speech and also the violative of Article 19
because the restrictions on speech causing mere ‘annoyance’ often go beyond the
ambit of reasonable restrictions stipulated under Article 19(2) of the Indian
Constitution. It is also contended that ‘grossly offensive’, ‘danger’ and
‘annoyance’ are vague, arbitrary and constitutionally undefined terms as found
under Section 66A. it is also contended that section 69A of the IT Act is violative
of Articles 14, 19 & 21 of the Constitution of India because it neither provides a
Redressal machinery after blocking of online information of an entity, nor any
provisions for unblocking them while the process of blocking is entirely secret,
and fails to meet constitutional safeguards of natural justice. Similarly, section 80
of Act is violative of Articles 14, 19 and 21 of the Indian Constitution because it
confers unlimited powers to police authorities to arrest without warrant any
person suspected of committing a crime under this Act.

In Dilip Kumar Tulsidas v. Union of India 370 case, the petitioner has also
sought directions against the respondents to carry out widespread awareness
campaigns relating to cyber crime sought to be punishable under Information
Technology Act and other penal law. In the prevalent system of cyber crime
investigation, there is a lack of procedural safeguards. There are also a number of
instances where the police and cooperating private entities have displayed great
negligence towards the innocent citizens and the investigative methods are not
suited to dealing with complex cyber crimes.

369
AIR 1982 SC 710.
370
AIR 2015 SC 1523: (2005) 5 SCC.
123
 In People’s Union for Civil Liberties v. Union of India 371 case, a writ
petition was filed in public interest under Article 32 of the Constitution of India
regarding the misuse of the Rules framed under the IT Act throughout the country
despite the fact that Supreme Court issuing the similar notice in Shreya Singhal v.
U.O.I372 soon before this. The Information Technology (Intermediaries
Guidelines) Rules, 2011 which provide for legal determinations and effective
censorship by private on-line service providers are vague and undefined
categories and contrary to Articles, 14, 19 and 21. The Information Technology
(Procedure and Safeguards for Blocking for Public Access to Information) Rules,
2009, which provide that the blocking process is completely secret, fail to meet
constitutional safeguards of natural justice under Articles 19 and 21, and the
unreasonably restrictive procedure for banning websites also fails to meet
procedural natural justice standards for book banns.

Identity Theft
The Indian judiciary is playing the important role in dealing with the cyber
crimes relating to identity theft. In Vinod Kaushik and Ors. V. Madhvika Joshi
and Ors.373 Case, the issue was raised that whether the wife accessing husband’s
and father-in- law’s email account without their permission in order to acquire
evidence in a Dowry harassment case amounts to be liable under section 66C of
Information Technology Act for unauthorized access and dishonest use of
password of any person. The court held that the wife was liable under this section.

Then India found its first successful cybercrime conviction in May, 2002
in Sony. Sambandh. Com. Case374 in which Asif Azim was found guilty for
cheating and it was found as a first offence in which the sentence was only for
one-year probation and a personal surety bond of Rs.20, 000. In this case Azim,
who had been working in I- Energizer, a call centre in Noida. He took the credit
card details of one of his clients, Barbara Campa and decided to do some
shopping on free basis by creating an e-mail address in Campa’s name. Then on
May 8 he placed an order on Sony India’s website by using Barbara Campa’s
credit card details. The products were delivered to Azim’s residence the very next
week because it was found a valid transaction by the Sony India’s credit card
company, Citibank and a mail was sent to Campa with the photographs of Azim

371
(2010) 4 SCALE 467.
372
(2013) W.P. Crl. No. 23.
373
(2013) W.P. Crl. No. 21.
374
(2013) W.P. Crl. No. 97.
124
receiving the products. Around the end of June, Campa realized that anything had
not been bought and informed about this to the bank. On the basis of this
information the Citibank made the cross-checking and reported that the
transaction was fraudulent and hence, invalid. This matter was reported to the
CBI and the team found that the Internet Protocol address from where the
messages came was not in the US but in Noida. After this the source computer
which was used by Azim was tracked down and he confessed everything to CBI
by saying that he had done it just for the sake of getting something free of charges
nothing else. The court convicted him under sections 418, 419 and 420 of the
Indian Penal Code.

On October, 2016, Bollywood Actress Kareena Kapoor has approached to

police by alleging that someone has filed the income tax return for the financial
year 2015-2016 in her name online without her knowledge. Police registered the
case of identity theft under section 66 C of IT Act and section 419 of IPC for
cheating.375

Violation of Privacy
The Indian judiciary is playing the important role in dealing with the
cyber crimes relating to violation of privacy. In Court on its own Motion v.
State376 case, the Division bench held that where a sting operation made by a
private person or an agency, which may result in violating bodily privacy of
another person will fall under section 66 E of the Act. Such person shall be liable
under the Act.

On Feb. 17, 2017, a 24 year old cyber crime accused and his two aides
who are wanted in cyber crime cases, walked into the cyber crime police station,
Mumbai, posing as vigilance officers and tried to conduct a sting operation on the
investigation officer. They wanted to blackmail the senior police inspector of the
cyber crime cell to not take any action against the accused. However, their spy pen
camera did them in. Subsequently, the police found that the three men had fake
Central Vigilance Commission (CVC) identity cards and fake letterheads with the
names of CBI officers. The Spy camera has been seized.377 Then the police
charged him under section 34 (common intention), 170 (personating a public
servant), 174, 419(cheating by personation), 420 and 506 of IPC.

375
(2013) W.P. Crl. No. 97.
376
(2013) 10 SCC 1.
377
AIR 2015 SC 1523: (2005) 5 SCC.
125
Cyber Terrorism
The Indian judiciary is playing the important role in dealing with the cyber
crimes relating to cyber terrorism. In Krishnan v. Krishnaveni378 case, the issue
was raised before the court that whether an offence of defamation could
reasonably covered under section 499 of I.P.C. or it requires section 66 F of IT
Act. The court has to make the distinction between two and it is observed that
section 499 of I.P.C. covered the offence of defamation with respect to person and
the term ‘person’ does not include a State whereas section 66F covered the
defamation of State.

In 2008, serial blasts in Ahmadabad, Delhi, Jaipur and Banglore are the
live examples of the cyber terrorism in India. In 2008 attack on Mumbai Taj
Hotel which is also known as 26/11 and the Varanasi blast in 2010 had the trails
of cyber terrorism.379 The main purpose of the cyber terrorist is to gather the
restricted information and to spread terror by cyber communications method for
disruption of national security, unity, integrity and peace etc.

In December, 2010 the website of Central Bureau of Investigation (CBI)

was hacked by programmers identifying themselves as “Pakistani Cyber Army”.
From January to June, 2011 a total of 117 government websites had been
defaced.380 At that time some other important websites of National Investigation
Agency were also affected.

Publishing or transmitting obscene material in electronic form (Cyber

Pornography)

Prior to the passage of the Information Technology Act of 2000, the Indian
judiciary played this function in dealing with this type of crime.. In Sukanto v.
State of West Bengal381 case which is relating to a magazine ‘Nara Nari’ as a
obscene publication, the under section 292 of IPC convicted the petitioner for
giving effect to public morality above art, literature. Indian court followed the
principle of obscenity in Ranjit D. Udeshi v. State of Maharastra382 case as given
378
(2010) Cr. Comp 2, available at:
https://it.maharashtra.gov.in/Site/Upload/ACT/Madhvika%20Vs%20Kaushik- Rajesh
%20Aggarwal.pdf (visited on April 6, 2017).
379
(2002), available at: http://www.legalserviceindia.com/lawforum/index.php?topic=2242.0
(visited on April 10, 2017).
380
“Kareena Kapoor and the Curious Case of Identity Theft”, NDTV News, (Oct. 1, 2016),
available at:http://www.ndtv.com/mumbai-news/unknown-person-files-income-tax-return-in-
kareena-kapoor- name-1468962 (visited on April 6, 2017).
381
(2013) WP (C) 162, Del.
382
The Times of India, Mumbai, Feb. 20, 2017, available at: http://timesofindia.indiatimes.com/
126
by the U.S. court in Regina v. Hicklin383 case and the honourable court interpreted
the word “obscene” and stated that obscene may be defined as “offensive to
modesty or decency, lewd, filthy and repulsive”. The court also held in the case
that it constituted the reasonable restriction on the right of freedom of speech and
expression guaranteed under article 19, clause 2 of the Indian Constitution in the
interest of decency or morality. The honourable court in Samaresh Bose v. Amal
Mitra384 case held that depending on the standards of morals of contemporary
society, the concept of “Obscenity” would differ from country to country. In this
case the court also clear a difference between the term “vulgarity” and
“obscenity” by stating that a vulgar writing is not necessarily obscene.

On July 29, 2001, in Jayesh S. Thakkar v. State of Maharashtra case385,

the petitioners wrote a suo moto writ petition for complaining about pornographic
websites on the internet to the Chief Justice of Bombay High Court. On the basis
of this petition, the Division Bench of the Bombay High Court passed an order to
appoint a committee for suggesting and recommending preventive measures for
protecting from pornographic and obscene material on the internet. Then on
January 30, 2002, several recommendations have been given by Bombay High
Court’s Special Committee through the public opinions on internet relating to
Protecting Minors from

Unsuitable Internet Material. Reference can be taken from Antony v. State

of Kerala386 case, in which it was held by the court that an object need not be
visible to the naked one to be an obscene object.

In C.K. Karodkar v. State of Maharashtra387 case, the Supreme Court held

that standard of obscenity would differ from country to country depending on the
standards of morals of contemporary society. After this in Vishakha v. State of
Rajasthan388 case a landmark judgment was passed which is also known as the
leading case law on harassment at workplace in India a. Before this case, there
was no law referring to harassment at workplace in India. In Apparel Export
Promotion Council v. A.K. Chopra389case, it was laid down by the court that
city/ mumbai/cyber-crime-accused-2-aides-try-sting-op-on-cop/articleshow/57240684.cms (visited
on April 6, 2017).
383
AIR 1997 SC 9876: 1997 AIR SCW 950: 1997 Cr LJ 1519.
384
Jyoti Rattan, Cyber Laws & Information Technology, 2014, p. 261.
385
Ibid.
386
AIR 1952 Cal 214.
387
AIR 1965 SC 881: (1965) 2 Cr LJ 8: (1965) 1 SCR 65 (SC).
388
(1868) 3 QB 360.
389
AIR 1986 SC 967: (1985) 4 SCC 289: 1986 Cr LJ 24.
127
sexual harassment at the workplace shall include any action or gesture which
outrages the modesty of a female employee. For a corporate harassment, a
corporate technology policy should state restrictions on computer use for personal
business, excessive web surfing and even gambling.

As regards the Cyber pornography, most of the reported Indian Cases are
disposed of in the lower court at the magisterial level. However, the case of State
of Tamil Nadu v. Suhas Katti390 deserves a special mention in this context because
this case was disposed of within a record period of seven months from the date of
filing of the FIR by the expeditious investigation made by the Chennai Cyber
Crime Cell (CCC). This is a landmark case which is considered to be the first case
of conviction under section 67 of Information Technology Act in India which
makes this section is of the historical importance. In this case, some defamatory,
obscene and annoying messages were posted about the victim on a yahoo
messaging group which resulted in annoying phone calls to her. She filed the FIR
and the accused was found guilty under the investigation and was convicted under
section 469, 509 of IPC and section 67 of Information Technology Act.

In Avinash Bajaj v. State (NCT) of Delhi 391

case which is popularly
known as Bazee.com case, obscene material was put up for sale by one person on
the website Baazee.com and sold/transmission of these clip to several people
resided in different parts of country which took place in a very short time period.
The issue was raised whether it was a publication under section 67 before the
amendment or website had indirectly published the material. The court held that
the ultimate transmission of the obscene material wouldn’t have been possible
without the initial facilitation by the website and therefore, the website had liable
under the section.

In Mohammed v. State392 case the Gujarat High Court analyzed section 67

of IT Act and held that it is not applicable to the cases of threatening email
received by the Chief Minister of Gujarat.

Accessing protected system

The Indian judiciary is playing the important role in dealing with the cyber
crimes relating to accessing protected system. In the case of B.N. Firos v. State of
Kerala393, the government of Kerala had issued a notification declaring an e-
390
(2001) Bom H.C., W.P. 1611.
391
(1988) 2 Cr. 173 Ker.
392
(1969) 2 SCC 687.
393
(1997) 6 SCC 241.
128
government software called ‘FRIENDS’ which was developed by the petitioner
under a contract as a protected system. The petitioner filed a writ petition
challenging section 70 of the Information Technology Act and the notification as
being unconstitutional and inconsistent with the copyright Act. It was held that a
notification under section 70 of the Information Technology Act is a declaration
of copyright under section 17 (d) of the Copyright Act, 1957.394 The court further
held that only a computer resource could be declared to be a protected system
under the Information Technology Act if that amounted to a government work
under copyright Act.

Breach of Confidentiality and Privacy

The Indian judiciary is playing the important role in dealing with the cyber
crimes relating to Breach of Confidentiality and Privacy. In Sharda v.
Dharmpal395 case, the Hon’ble Supreme Court held that the right to privacy under
article 21 of Indian Constitution is not an absolute right. If any dispute rose
between fundamental rights of two parties then that right would prevail which
advances public morality.

Further in District Registrar and Collector v. Canara Bank 396 case, the
Hon’ble Supreme Court held by stating that: “the exclusion of illegitimate
intrusions into the privacy depends on the nature of the right being asserted and
the way in which it is brought into play; it is at this point that the context becomes
crucial, to inform substantive judgment. If these factors are relevant for defining
the right to privacy, they are quite relevant whenever there is invasion of that
right by way of searches and seizures at the instance of the State.”

The Hon’ble Supreme Court observed in Bhavesh Jayanti Lakhani v. State

of Maharastra397 case that in pursuant to a red corner or yellow corner notice (of
Interpol), no such guidelines has been laid down in respect of surveillance
conducted. In our opinion, the Central Government and Ministry of External Affairs
should frame appropriate guidelines in this behalf.

In Ram Jethmalani v. Union of India 398 case, the Hon’ble Supreme Court
has dealt with the right to privacy and elaborately held that right to privacy is the

394
(1999) 1 SCC 759.
395
(2004) Cr. Comp 4680, Egmore, available at: http://lawnn.com/tamil-nadu-vs-suhas-kutti/
(visited on April 5, 2017).
396
(2005) 3 Comp LJ 364 Del: 116 (2005) DLT 427.
397
2010 [SCR. A/1832/2009] Guj.
398
AIR 2006 Ker 279.
129
integral part of right to life and this has a cherished Constitutional value. Here, it
is important to note that human beings be allowed domains of freedom that are
free of public scrutiny unless they act in an unlawful manner.

Offences Related to Electronic Signature Certificate

The Indian judiciary is playing the important role in dealing with the cyber
crimes relating to electronic signature certificate. The Supreme Court defined the
term ‘publication’ in the case of Bennett Coleman & Co. v. Union of India 399. The
term ‘publication’ means dissemination and circulation. The term includes
dissemination, storage and transmission of information or data in electronic form
if we talk about in the context of digital medium.

Offences by Companies
The Indian judiciary is playing the important role in dealing with the cyber
crimes relating to offences committed by companies. In the case of Sheoratan
Agarwal v. State of Madhya Pradesh400, it was held that “there is no statutory
compulsion that the person-in-charge or an officer of the company may not be
prosecuted unless he is ranged alongside the company. Each or any of them may
be separately prosecuted or along with the company if there is a
contravention….by the company.”

But this position was overruled in a combined decision by the Supreme

Court in the cases of Aneeta Hada v. M/S Godfather Travels and Tours Pvt.
Ltd.401 and Avinash Bajaj v. State402 which laid down that prosecution of the
company was a condition precedent for the prosecution of the persons who was in
charge of or responsible to the company and the director or managing director.

Domain Name Disputes

In India, the first case was the Yahoo, Inc v. Akash Arora403 in which an
Indian Court delivered its judgment relating to domain names. In this the plaintiff
Yahoo Inc. filed a suit against the defendants for seeking permanent injunction by
restraining them and their partners, servants and agents from doing any business
on internet under the domain name ‘Yahooindia.com’ or any other domain name
which is identical with the plaintiff’s trademark ‘Yahoo!’ . During the pendency
399
Supra note 33, pp. 118-119.
400
(2003) 4 SCC 493: AIR 2003 SC 3450: 2003 AIR SCW 1950.
401
(2005) 1 SCC 496: AIR 2005 SC 186: 2005 AIR SCW 6455.
402
(2010) 1 SCC (Cri.) 47.
403
AIR 2012 SC (Cri.) 184.
130
of the suit, the plaintiff also moved an application seeking temporary injunction
against the defendants. In this case the Court granted an ad interim injunction
restraining the defendants from doing any business on the internet under the
trademark/domain name “Yahooindia.com” or any other trademark/domain name
which is identical with the plaintiff’s trademark “Yahoo!”.

There has been a landmark judgment on domain dispute in the case of

Rediff Communication Ltd. V. Cyberbooth and another404, Similarly in Yahoo!
Inc. v. Akash Arora and another405 also the issue of domain name is entitled to
equal protection as trademark. In this case there are a number of issues involved
for solving the cyber crimes. The first problem is that India does not have
comprehensive legal and regulatory framework for regulating all kinds of
cybercrimes, breach of protected systems, publishing false Digital Signature
Certificates in certain particulars or for fraudulent purposes. Additionally, the IT
Act 2000 has amended the Indian Penal Code, 1860 but the amendments have
been made in such a manner so as to make the ambit of documents stipulated in
various criminal provisions to include therein, electronic records. As a result there
is also a number of cybercrimes which are also not covered under the Indian Penal
Code at all like cyber stalking, cyber harassment, cyber nuisance, etc.

In Rediff Communications ltd. V. Cyberbooth406 case, the Yahoo judgment

was once again reiterated. In this case, the plaintiff also filed a suit for seeking
permanent injunction by restraining the defendants from using the domain name
‘RADIFF’ or any other word or mark or name which is deceptively similar to the
plaintiff’s mark/name “REDIFF’. In this case, the Court granted an injunction
against the defendants and also dismissed the Special Leave petition filed by
Cyber booth in the Supreme Court.

As regards the Cyber squatting in India, the court in Sony Corporation v.

Park, Kwangsoo Setec407, held that the domain name registered by the respondent,
namely, ‘newssony.com’ is virtually identical and confusingly similar to the
domain name of the complainant ‘sony.com’. In Essel Packaging Limited v.
Sridhar Narra Ltd. & Another408, the Court observed that merely because a party
gets a registration of a domain name does not mean that it also acquires the
proprietary rights over the same. It was held that registration of domain names
404
AIR 1972 2 SCC 788.
405
(1985) SCR (1) 719.
406
AIR 2012 SC 2795.
407
(2009) Crl. Appl. 1483.
408
(1999) 19 PTC 229 Del.
131
does not involve any process of enquiry and registration in bad faith itself is a
ground for injunction.

India enacted the Information Technology Act on June, 2000 and became
part of a select group of countries to have put in place cyber laws. But the internet
is still a dirty place to hand out; beware those viruses and spam mails. Cyber
hooligans are growing in numbers and are very much at large and we are still
wary of using our credit card online. Despite the enactment of cyber laws, a lot
more needs to be done, both online and offline, as well as within the judiciary and
law enforcement agencies, experts feel. However, a number of right steps have
also been taken to make the Information Technology Act more relevant in
today’s context.409 The Information Technology Act, 2000 has been proved to be
a highly controversial piece of legislation. In its sixteen-odd years of operation,
the Act has managed to draw considerable criticism from the legal community
and the general public. It is alleged to contain a whole spectrum of flaws,
shortcomings and pitfalls ranging from being inefficient in tackling cyber crimes
to placing unfair curbs on the civil liberties of citizens.410

It is found that a number of these types of crimes are not registered under
the existing provisions of Indian Penal Code, 1860 which are ineffective and do
not cover the said cyber crimes. Some market players believe that this will
provide an encouragement to electronic fund transfers and also help in promoting
electronic commerce in the country. But the result is not similar as it is. The cyber
crime cells are doing training programmes for its forces and plans to organize
special courses for corporate to combat cyber crime and use the Information
Technology Act effectively.

The Information Technology Act amends some of the provisions of our

existing laws i.e. Indian Penal Code, 1860; the Indian Evidence Act, 1872; the
Bankers Book Evidence Act, 1891 and the Reserve Bank of India Act, 1934.
Though since 2000 the Information Technology Act is in place in India for
curbing cyber crimes, but the problem is that still this statute is more on papers
than on execution because lawyers, police officers, prosecutors and Judges feel
handicapped in understanding its highly technical terminology.411 Primarily, the
IT Act, 2000 is meant to be a legislation to promote e-commerce which is not
very effective in dealing with several other emerging cyber crimes like cyber

409
AIR 2000 Bom 27.
410
(1999) 19 PTC 229 Del.
411
AIR 2000 Bom 27.
132
harassment, defamation, stalking etc. There is a need to take a number of right
steps for the purpose of making the Information Technology Act more relevant
in today’s context.

The current position of Indian cyber cases are increasing day by day. A
total of 8, 045 cases were registered under Information Technology Act during
the year 2015 as compared to 7, 201 cases during the previous year 2014 and
4,356 cases during 2013, showing an increase of 11.7% in 2015 over 2014 and
an increase of 65.3% in 2014 over 2013. 81.6% of the total 8,045 cases in 2015
and 77.0% (5,548 cases) of the total 7,201 cases under IT Act were related to
computer related offences (under section 66A, 66B, 66C, 66D and 66E of the IT
Act) followed by 10.1% in 2015 and followed by 10.5% in under publication/
transmission of obscene/sexually explicit content (under section 67A, 67B and
67C of the Information Technology Act). A total of 14, 121 cases during 2015
and 2,246 cases during 2014 under Information Technology Act were pending for
investigation from previous year. A total of 8,088 at the end of the year 2015 and
6,269 cases at the end of the year 2014 were remained pending for investigation.
A total of 2,396 during 2015 and 1,451cases during 2014 were charge sheeted. A
total of 2,316 remained pending for the trial at the end of the year during 2014.
Uttar Pradesh and Maharashtra has reported the maximum number of persons
arrested under such crimes during 2015 as well as in 2014.412

As a result of the rapid adoption of the internet globally, computer crimes

are multiplying like mushrooms. The law enforcement officials have been
frustrated by the inability of the legislators to keep cyber crime legislation ahead
of the fast moving technological curve. At the same time, the legislators face the
need to balance the competing interests between individual rights such as privacy
and free speech, and the need to protect the integrity of the world’s public and
private networks. Moreover while investigating cyber crimes, the investigating
agencies and law enforcement officials follow the same techniques for collecting,
examining and evaluating the evidence as they do in cases of traditional crimes.413
It is concluded that the due to this Indian legislative as well as judicial framework
is found to be inadequate to face the threats posed by cyber crime, which have
emerged as a challenge to human rights. Because there has been less judicial
response to cybercrimes and insufficient legislations for dealing with these types
of crimes which will be a great challenge for Indian judicial system on
412
WIPO Case No. D2001-0167, available at: http://www.wipo.int/amc/en/domains/decisions/
html/2001/d2001-0167.html(visited on April 6, 2017).
413
(2002) 25 PTC 233 Del.
133
cybercrime in near future.

“This is a very serious threat, as it puts privacy at stake. Most of such

crimes are not reported. Information technology is ruling the world today. It has
brought about substantial erosion in the traditional forms of governance. The
judiciary has little role to play…the area of crime detection lies in the hands of
the police and enforcement agencies.” 414

414
Vipin V. Nair, “Dark Deeds Remain in the Dark”, The Hindus Business, available at:
http://www.thehindubusinessline.com/ew/2003/09/10/stories/2003091000080100.htm (visited on
March 6, 2017).
134
 CHAPTER - V
CYBER CRIMES IN UNITED STATES OF AMERICA:
LEGISLATIVE AND JUDICIAL RESPONSE

5.1 Introduction
Technological advancements in communication have facilitated
conversation between people who reside on opposite sides of the globe. One of
the most important inventions in the field of communication is the internet. The
internet has transformed the entire planet into a global village. It has given people
sufficient opportunity to improve both personal and professional interactions
across borders by creating a virtual world with no limits. 415 Because the rise of
globalization have been largely affected by the socio-economic and cultural facets
of life. For the human civilization the cyberspace is as a blessing. Around the
globe people has been connected by the internet.416

In 1960s, the United States Defence Department started using computer

network; therefore computer network was used by academic and research
institutions and eventually the United States of America invented Internet
Corporation of Assigned Names and Numbers (ICANN) and Protocol system.417
Success in any sector of human endeavour leads to crime, which necessitates the
implementation of control mechanisms. Users should be reassured, law
enforcement authorities should be empowered, and criminals should be deterred
by legal provisions. The law is as strict as the people who implement it. Crime is
no longer confined to a specific location, period of time, or set of individuals. 418
Due to more involvement in Cyber space leads to moral, civil and criminal
wrongs. Presently, the use of internet has given a new way to express criminal
tendencies by the cyber users.419
415
“Supreme Court of India: To Hear Eight IT Act Related Cases on 11th April 2014- SFLC”,
available at: http://www.medianama.com/2014/03/223-supreme-court-of-india-to-hear-eight-it-
act-related-cases- on-11th-april-2014-sflc/ (visited on June 29, 2016).
416
Samiksha Godara, “Prevention and Control of Cyber Crimes in India: Problems, Issues and
Strategies”, A Thesis submitted to Maharishi Dayanand University, 2013, p. 2, available at:
http://shodhganga.inflibnet.ac.in/bitstream/10603/7829/12/12_chapter%203.pdf (visited on May
20, 2016).
417
National Crime Records Bureau, Ministry of Home Affairs, Cyber Crimes in India, 2015, pp.
163-164, available at: http://ncrb.nic.in/StatPublications/CII/CII2015/FILES/Compendium-
15.11.16.pdf (visited on Nov. 11, 2016).
418
“Cyber Thieves are Caught, But conviction is Wobbly”, Hindustan Times, August 9, 2006, p.
18.
419
“Legal Framework Inadequate to Tackle Cyber Crime”, The Hindu, July 27, 2008.
135
 The developments further encompass the work of lawyers and legal
consultants. There has been a growing interest in regulating the legal profession in
what seems to be a serious move towards advancing the profession given the
importance of this vital sector and its influential role in the judicial system. 420 The
progress of legislative, judicial and executive authorities leads to the country’s
strength. The function of the legislature is to make, amends and repeals the laws
and on the other side, the function of the judiciary is to promote justice and equity
through the proper application of laws and regulations in order to give every man
his due. The Legislature and the judiciary are the important organs of any country
for its success in making the good international relations and attracting
investment and sufficient laws. A fair and modern judicial system is needed for
getting the confidence of the international community and for the collective
action on the part of several entities in order to reach the desired end.421

As we know cyber crimes are of current origin and affect the whole world
at large, all regional organizations and State countries have called upon
legislatures to draft laws dealing with these crimes; as a result most of the
countries started to do so. In this chapter an attempt has been made to discuss the
cyber legislations and to find out the role of judiciary for combating these new
types of crime emerging in United States.

5.2 Legislative Response

The country with highest convergence and connectivity remained
susceptible to the cyber crime onslaught. Nevertheless, it responded in the
befitting manner and legally speaking, has a strong defiance to the technology
giant. Act after Act, piecemeal legislation, rigorous surveys, extensive crime
reporting and legal management of the confused cyber society mark the response
of United States of America to the incoming challenges.422 Thereafter, it was
observed that the technology and law will have to go hand in hand if effective
combating measure has not been taken sooner or later. From its humble
beginnings as a network of four computers, the internet has come a long way.

developed by the United States Defence Department in 1969 to a global

420
Tanaya Saha and Akanchs Srivastava, “Indian Women at Risk in the Cyber Space: A
Conceptual Model of Reasons of victimization, International Journal of Cyber Criminology, vol.
8 No. 1, Jan.- June, 2014, pp. 57-58, available at: http://www.cybercrimejournal.
com/sahasrivastavatalijcc 2014vol8issue1.pdf (visited on Feb. 10. 2017).
421
M. Das Gupta, Cyber Crime in India- A Comparative Study, 2009, p. 129.
422
Talwant Singh, Cyber Law & Information Technology, p. 1,
available at: http://delhicourts.nic.in/ejournals/CYBER%20LAW.pdf (visited on Jan. 26, 2017).
136
communication medium.423 United States of America is the birthplace of the
Internet and experienced the first computer facilitated crime in the year 1969. 424 In
its manual on computer crime, the US Department of Justice defines such crimes
as any violations of criminal law that require the use of computer technology for
their perpetration, investigation, or prosecution. 425 The United States Department
of Justice has also classified cyber crimes into three ways, firstly, where the
computer is used as a target to attack other computers like Hacking. Secondly,
where the computer is used as a weapon to commit traditional crime that we see
in the physical world such as Cyber Terrorism, Cyber Frauds and Cyber
Pornography etc. and thirdly, where the computer is used as an accessory to store
illegal or stolen information.

A number of statutes and statutory sections govern the use of computers

and computer technology in the United States Code. The Computer Fraud and
Abuse Act, which was passed in 1984 and was “designed to deal specifically with
unauthorised use of computers and the alteration and destruction of the
documents they contain,” is one of them. 426 In addition to these offences, the Act
forbids using a computer in interstate commerce to “transmit a programme or
command that damages a computer system or network,” or to “interrupt the use of
a cyber system,” “trafficking” in passwords to United States of America's
Government computers, and the use of interstate commerce to transmit passwords
with the intent to defraud.427

The United States Department of Justice recommends that federal court

judges punish computer crime offenders in the same way that they recommend
punishment for all other federal crimes: the United States Sentencing Guidelines
(USSG). The USSG is a thorough sentencing guideline that functions as an
unified sentencing policy for federal courts, with sentencing ranges computed

423
Hassan Arab, “The Development of The Judiciary- Challenges and outlook”, available at:
http://www.tamimi.com/en/magazine/law-update/section-7/October-november-1/the-development-
of- the-judiciary-challenges-and-outlook.html (visited on Jan. 1, 2015).
424
Talat Fatima, Cyber Crimes, 2011, pp. 76-77, see also Donald Brackman’s remarks on the
2009 Annual Report on Cyber crime released by the FBI on March 13, 2010.
425
Ritika Patni and Nihal Joseph, “WTO Ramifications of Internet Censorship: The Google- China
Controversy”, National University of Juridical Sciences Law Review, Vol.3, 2010, p. 337,
available at: http://nujslawreview.org/2016/12/04/1440 (visited on Feb. 10. 2017).
426
Supra note 5, p. 454.
427
“Computer Crime Law and Legal Definition”, available at: https://definitions.uslegal. com/c/
computer-crime/, (visited on March 15, 2017).
137
based on the present offence and prior criminal history. 428 Under the U.S. federal
system each of the fifty states of United States is also permitted, within the
constraint imposed by federal law, to pass additional substantive criminal laws to
regulate computer law at state level. 429 The Youth Internet Safety Survey (YISS),
a nationally representative study of 10 to 17 year old, has researched youth
internet victimization and involvement for multiple years.430

Congress revised the Act in 1986, 1994, 1996, 2001, and 2002 to expand
security for computers and information in the private sector as damage to
corporations escalated as a result of clandestine attempts by individuals outside
the companies and unhappy employees within them. The Act's punishment
provisions were also strengthened, and civil remedies were added.. 431 In 2004, the
Fourth Plenary Session of the Organization of American States General Assembly
passed the resolution on “Adoption of a Comprehensive Inter-American Strategy
to Combat Threats to Cyber security: A Multidimensional and Multidisciplinary
Approach to Creating a Cyber Security Culture,” argues that an effective cyber
security strategy must acknowledge that the security of the Internet's network of
information systems necessitates collaboration between government and
industry.432

On the 9th of February 2009, the President of United State Barack Obama
has directed the National Security and Homeland Security Advisors to conduct a
review of the plan, programs, and activities underway throughout the
government dedicated to cyber security, including new regulations to combat
cyber crime.433 The legislative provisions with respect to various cyber crimes in
428
Davis McCown, “Federal Computer Crimes”, 1995, available at:
https://books.google.co.in/books? id=qZBXcX0ZgZwC&pg=PR5&1pg=
PR5&dg=Federal+Computer+Crimes+by+Davis+McCown&source=bl&ots=JDjoZ5CyyT&sig=J
Yg
XcWqLS13SsX4BnWo0eWlpZDk&hl=en&sa=X&ved=0ahUKEwjA0M26g4bSAhUGpI8KHccO
Be 4Q6AEILjAC#v=onepage&q=Federal%20Computer%20Crimes%20by%20Davis
%20McCown&f=fa lse (visited on Feb. 10, 2017).
429
Tonya L. Putnam and David D. Elliott, “International Responses to Cyber Crime”, University of
Petroleum and Energy Studies Review, Vol. 1, 1999, pp. 39-40, available at:
http://www.hoover.org/sites/default/files/uploads/documents/0817999825_35.pdf (visited on Feb.
13, 2017).
430
Catherine D. Marcum, Goerge E. Higgins, et.al., “Doing Time for Cyber Crime: An
Examination of the Correlates of Sentence Length in the United States”, International Journal of
Cyber Criminology, vol.5, No.2, July.- Dec, 2011, p. 827, available at: http://www.cybercrime
journal.com/marcumetal2011julyijcc.pdf (visited on Feb. 13, 2017).
431
Supra note 10, p. 40.
432
Supra note 11, p. 48.
433
James M. Thomas, “The Computer Fraud and Abuse Act: A Powerful Weapon vs. Unfair
Competitors and Disgruntled Employees”, Employment Law Magazine, 2007, p. 10, available
138
United States of America are given as follows:

Hacking
Hacking is a crime that involves breaking into computer systems and
getting unauthorised access to the data they contain.434 To put it another way,
hacking is equivalent to trespassing. Trespassing has traditionally been considered
a type of crime. Criminal trespass statutes are intended to protect the integrity and
privacy of real properties, such as land and buildings on land, by prohibiting
persons from entering areas where they do not have permission. Hacking is
comparable to trespassing on one's real properties because computers are a type of
property.435 In trespass, there is a strict restriction on the legal or real property
belonging to others but on the other hand in hacking, there is a strict restriction on
the use of computer or computer system or computer network without the
permission of authorized person.

The United State of America enacted several Federal and state laws for the
protection of computer, computer system and computer network from various
forms of cyber crimes i.e. hacking, cracking, cyber fraud, cyber theft etc. The
legislations which deal with ‘Hacking’ are discussed as under:

The Computer Fraud and Abuse Act (CFAA) of 1986 was enacted by
Congress as an amendment to existing computer fraud law (18 USC 1030), which
states that a person is guilty of an offence if he causes a computer to perform any
function with the intent to secure access to any programme or data held in any
computer, or the access he intends to secure is unauthorised; and he knows at the time
when he causes the computer to perform any function that the access he intends to
secure.436 Unauthorized access to a computer or network without a further offense
(e.g. system impairment, obtaining protected information) is per se illegal only
with respect to computers used exclusively by the Government of the United
States. Unauthorized access to all other computers, for instance, those used non
exclusively by the federal government, including computers containing national
security records, and those containing financial and credit records require some

at: http://www.williamskastner.com/uploadedFiles/ThomasIDQ200703.pdf (visited on

Feb. 13, 2017).
434
Ibid.
435
Available at: http://www.whitehouse.gov (visited on May 10, 2016).
436
Ritu Dhanoa, “Cyber- Crime Awareness”, International Journal in Multidisciplinary and
Academic Research, vol.2, No.2, 2014, p. 3, available at: http://ssijmar.in/vol2no2/vol2no2.24.pdf
(visited on Sep. 22, 2014).
139
further act or damage to occur in order for criminal penalties to apply.437 This Act
has been further amended in 1989, 1994, and 1996 and in 2001 by the USA
Patriot Act, 2002 and in 2008 by the Identity Theft Enforcement and Restitution
Act. Further, in January 2015 Barack Obama also proposed for expanding the
CFAA for controlling the cyber crimes.

Then after the Data Protection Act, 1998 was enacted which also control
the use and storage of personal data or information relating to individuals If any
person has knowingly accessed a computer without authorization or exceeding
authorised access, and has obtained information that has been determined by the
United States Government pursuant to an Executive order or statute to require
protection from unauthorised disclosure for reasons of national defence or foreign
relations, or restricted data, as a result of such conduct, as a result of such
conduct, as a result of such conduct, as a result of such conduct, as a result of
such conduct, as a result of such conduct, as a result of such, delivered, or
transmitted the same to any person not entitled to receive it, or willfully retains
the same and fails to deliver it to the officer or employee of the United States
entitled to receive it shall be liable to punishment under Section 1030 (1) of this
Act. Section 1030 (2) of the Act provides that if a person who intentionally
accesses a computer without authorization or in excess of authorised access,
obtaining information from a financial institution's or a card issuer's financial
record, as defined in section 1602 (n) of title 15, or from a consumer reporting
agency's file on a consumer, as defined in the Fair Credit Reporting Act (15
U.S.C. 1681 et seq. ); information from any department or agency of United
States; or information from any protected computer if the conduct involved an
interstate or foreign communication shall be liable to punishment under this Act.

According to this Act, if a person accesses a non-public computer of a

department or agency of the United States without authorization and accesses a
computer of that department or agency that is exclusively for the use of the
Government of the United States or, in the case of a computer that is not
exclusively for such use, is used by or for the Government of the United States
and if a person accesses a computer of that department or agency that is not
exclusively for the use of the Government of this Act.

This Act also provides that if a person who knowingly and with the intent
to defraud, accesses a protected computer without authorization, or exceeds

437
Zhicheng Yang, “A Survey of Cyber crime”, available at:
http://www.cse.wustl.edu/~jain/cse571- 11/ftp/crime.pdf (visited on Jan.25, 2013).
140
authorized access, and by means of such conduct furthers the intended fraud and
the thing obtained consists only the use of the computer and the value of such use
is not more than $ 5,000 in any one-years period shall be liable to punishment
under § 1030 (4) of this Act.

According to this Act, if a person knowingly causes the transmission of a

programme, information, code, or command, and as a result of such conduct,
intentionally causes damage to a protected computer without authorization;
intentionally accesses a protected computer without authorization, and as a result
of such conduct, recklessly causes damage; or intentionally accesses a protected
computer without authorization, and as a result of such conduct, recklessly causes
damage;; intentionally accesses a protected computer without authorization, and
as a result of such conduct, causes damage; and by conduct as described here in
the case of an attempted offense, would, if completed have caused) loss to 1 or
more persons during any 1-year period (and, for purposes of an investigation,
prosecution, or other proceeding brought by the United States only, loss resulting
from a related course of conduct affecting 1 or more other protected computers)
aggregating at least USD 5,000 in value; the modification or impairment, or
potential modification or impairment, of the medical examination, diagnosis,
treatment, or care of 1 or more individuals; physical injury to any person; a threat
to public health or safety; or damage affecting a computer system used by or for a
government entity in furtherance of the administration of justice, national
defence, or national security shall be liable to punishment under Section 1030 (5)
of the Act.

The Act also provides that if a person who knowingly and with intent to
defraud traffics (as defined in section 1029) in any password or similar
information through which a computer may be accessed without authorization, if
such trafficking affects interstate or foreign commerce; or Such computer is used
by or for the Government of the United States shall be liable to punishment under
Section 1030 (6) of the Act. The Act also provides that if a person who with
intent to extort from any person any money or other thing of value, transmits in
interstate or foreign commerce any communication containing any threat to cause
damage to a protected computer; shall be punished Whoever attempts to commit
an offense shall be liable to punishment under Section 1030 (7) of the Act.

After this in 2000, the Spyware Control and Privacy Protection Act is
passed in which there are also provision for preventing and controlling hacking in
the United States of America. This Act prohibits any deceptive activities relating
141
to Spyware in which unauthorized use of protected computer and causing other
crimes are prohibited under section 2(1). According to this section the internet
browser cannot be opened by the authorized user unless closing all the
programmes or turning off the computer or diverting the internet the internet
browser as a kind of Denial of Service (DOS) attack. Unauthorized modification of
computer settings, network and web page is also prohibited under section 2(2) of
the Act.

Cyber terrorism
Cyber terrorism is a new form of terrorism, which exploits the system we
have put in place. There is a continual drive to computerize every process, in
order to add remote access, accuracy features and ease of use.438 Generically,
cyber terrorism consists of using computer technology to engage in terrorist
activity.439 This sort of cybercrime can include using the internet to connect with
other terrorists, transfer funds to fund a terrorist act, or engage in any other related
conduct.

Before Sep. 11, 2001, the United States of America passed the Computer
Fraud and Abuse Act, 1986 and due to some weaknesses it was amended twice in
the years 1994 and 1996. But after Sep. 11, 2001, an attack on World Trade
Centre and Pentagon, the United States of America passed the Patriot Act, 2001
and recognized hacking as cyber terrorism. Section 814 of The Patriot Act is tilted
as ‘Deterrence and Prevention of Cyber terrorism’ amends section 1030(a) (5) of
title 18, United States Code. The amended section punishes any person who
causes unauthorized damage to a protected computer by either knowingly causing
the transmission of a program, information, code, or command, or intentionally
and unauthorizedly accessing a protected computer. This section applies only if
the accused's actions resulted in a loss of at least $5,000 to one or more people
over a one-year period, or the actual or potential modification or impairment of
one or more people's medical examination, diagnosis, treatment, or care, or
physical injury to anyone, or a threat to public health or safety, or damage to the
environment.

The Patriot Act, 2002 empowers the Attorney General under section 816
to establish adequate regional computer forensic laboratories and provide support
to existing computer forensic laboratories, in order that all such computer forensic

438
Section 1(1) of the Computer Fraud and Abuse Act, 1986.
439
Supra note 10.
142
laboratories have the capability to provide forensic assessments of computer
evidence obtained or intercepted in the course of criminal activities (including
cyber terrorism), providing training and teaching to federal, state, and local law
enforcement officers and prosecutors in the areas of computer crime
investigations, forensic analyses, and prosecutions (including cyber terrorism),
assist Federal, State, and local law enforcement in enforcing Federal, State, and
local criminal laws relating to computer-related crime, facilitate and promote the
sharing of Federal law enforcement expertise and information about the
investigation, analysis, and prosecution of computer-related crime with State and
local law enforcement personnel and prosecutors, including use of multi
jurisdictional task forces, and carry out such other activities as the Attorney
General considers appropriate.

Cyber Pornography
Pornography on the internet can take many different forms. It may include
the hosting of a website containing these banned items, as well as the use of
computers to create these obscene materials and the downloading of obscene
materials via the Internet. These obscene matters can impair an adolescent's
mentality and tend to deprave or corrupt them. 440 taint their minds This term can
also be defined as describing or depicting sexual acts for the purpose of eliciting
sexual excitement through the use of books, films, and pornographic websites, as
well as the use of the internet to download and transmit pornographic videos,
pictures, photos, and writings, among other things.

In United States of America, there are two child pornography laws i.e. The
Child Pornography Prevention Act, 1996 and the Child Online Protection Act,
1998. The former Act prohibits the use of computer technology to knowingly
produce child pornography, that is, depictions of sexually explicit conduct
involving or appearing to involve minors. The latter Act requires commercial site
operators who offer material deemed to harmful to minors to use bonafide
methods to establish the identity of visitors to their site.

The Communication Decency Act, 1996 has been passed to protect minors
from pornography. The CDA states that any person, who knowingly transports
obscene material for sale or distribution either in foreign or interstate commerce
or through the use of an interactive computer service, shall be liable to
imprisonment upto five years for a first offence and up to ten years for each

440
R.K. Tiwari, P.K Sastry, et.al., Computer Crime and Computer Forensics, 2002, p. 99.
143
subsequent offence.

Child Pornography Prevention Act has been passed in 1996 which defines
the ‘Child pornography’ under Section 2256 as any visual depiction of a minor
engaging in sexually explicit conduct, including any photograph, film, video,
picture, or computer or computer-generated images or picture, whether made or
produced by electronic, mechanical, or other means, or sexually explicit conduct,
where the production of such visual depiction involves the use of a minor
engaging in sexually explicit conduct; such visual depiction is, or appears to be,
of a minor engaging in sexually explicit conduct that conveys the impression that
the material is or contains a visual depiction of a minor engaging in sexually
explicit conduct. After this the Child Online Protection Act, 1998 has been passed
which provides for opportunities for minors to access materials through the web,
physical and psychological protection of minors, restrict a minor’s access to
harmful materials, prohibiting the distribution of material harmful to minors,
protection of children from being exposed to harmful materials found on the
internet under sec. 231.

In 1998, the Protection of Children from Sexual Predators Act has been
passed with the ambit of expanding the liability to those persons who attempts to
use the internet for purposes of Child pornography. This Act specifically targets
commercial pornographers and makes it crime to knowingly make a
communication for commercial purposes harmful to minors (16 years old and
younger) or to use the internet for purposes of engaging in sexual activities with
minors.

Cyber Stalking
Stalking is a crime that causes the victim to feel fear, terror, intimidation,
stress, or anxiety.441 The use of the Internet or other technological means to stalk
someone is known as cyber stalking. The terms "online harassment" and "online
abuse" are often used interchangeably. 442 Mostly cyber stalking involves
following a person’s movement across the internet by positing threatening
messages to the victim or by entering the chat-rooms frequented by the victim or

441
Susan W. Brenner, “At Light Speed: Attribution and Response to Cybercrime/ Terrorism/
Warfare”, Journal of Criminal Law and Criminology, vol. 97, No. 2, 2007, p. 386, available at:
http://scholarlycommons.law.northwestern.edu/cgi/viewcontent.cgi?article=7260&context=jclc
(visited on Feb. 13, 2017).
442
Parthasarathi Pati, “Cyber Crimes”, available at: http://www.naavi.org/pati/pati_ cybercrimes_
dec03.htm (visited on Feb. 13, 2017).
144
by constantly bombarding the victim with the e-mails etc.443 In general it may be
defined as the repeated acts of harassment targeting the victim such as following
the victim, making harassing phone calls, vandalizing victims property, leaving
written messages or objects using through computer, computer system or
computer network in the absence of universally accepted definition of cyber
stalking.

Cyber stalking is a criminal offense under American anti-stalking, slander,

and harassment laws. A conviction can result in a restraining order, probation, or
criminal penalties against assailant, including jail. Cyber stalking specifically has
been addressed in recent U.S. federal law. For example, the Violence against
Women Act passed in 2000, made cyber stalking a part of the federal interstate
stalking statute. Still, there remains a lack of federal legislation to specifically
address cyber stalking, leaving the majority of legislative at the state level. A few
states have both stalking and harassment statutes that criminalize threatening and
unwanted electronic communications.444 The first anti-stalking law was enacted in
California in 1990, and while all fifty states soon passed ant-stalking laws, by
2009 only 14 of them had laws specifically addressing “high-tech stalking.445

In United States of America almost every state has laws dealing with cyber
stalking. US federal Code 18 under section 2261 A (2) states that whoever with
the intent uses the mail, any interactive computer service, or any facility of
interstate of foreign commerce to engage in a course of conduct that causes
substantial emotional distress to that person or places that person in reasonable
fear of the death of, or serious bodily injury shall be liable under section 2261 B
(b) for a imprisonment which may extend upto life imprisonment if the death of
the victim results; for not more than 20 years if permanent disfigurement or life
threatening bodily injury to the victim results; for not more than 10 years, if
serious bodily injury to the victim results or if the offender uses a dangerous
weapon during the offense.

In United States of America, the federal law enforcement agencies have

encountered numerous instances in which adult pedophiles have made contact with
443
Steven D. Hazelwood, Sarah Koon Magnin, “Cyber Stalking and Cyber Harassment Legislation
in the United States: A Qualitative Analysis”, International Journal of Cyber Criminology, vol.7,
No. 2, July- Dec., 2013, p. 157, available at: http://www.cybercrimejournal.com/hazelwood
koonmagninijcc2013vol7issue2.pdf (visited on Dec. 19, 2014).
444
B. Muthukumaran, “Cyber Crime Scenario in India”, Criminal Investigation Department
Review, Jan., 2008, p. 18, available at: http://www.gcl.in/downloads/bm_cybercrime.pdf (visited
on Feb. 13. 2017).
445
Supra note 17, p.4.
145
minors through online chat rooms, established a relationship with the child, and
later made contact for the purpose of engaging sexual activities446. Because in the
United States of America the important reasons for cyber stalking are Sexual
attractions and motives.

“Cyber Stalking”, available at: http://en.wikipedia.org/wiki/cyberstalking (visited on April 12,

446

2016).
146
Cyber Defamation
Defamation can be understood as the intentional infringement of another
person’s right to his good name. It is the wrongful and intentional publication
of words or behavior concerning another person’s status, good name, or
reputation in society. It is not defamatory to make a critical statement that does
not have a tendency to cause damage, even if the statement turns out to be
untrue.447 Any derogatory statement, which is designed to injure a person’s
business or reputation, constitutes cyber defamation. Defamation can be
accomplished as libel or slander. Cyber defamation occurs when defamation takes
place with the help of computers and/or the Internet.448 For example if A
publishes a defamatory statement on a website or to send an e-mails containing
defamatory information about B to all his friends.

The United States also has a unique law which governs the accountability
of the acts relates to online defamation. The Communications Decency Act
(CDA), 1996 is one of the most valuable tools for protecting freedom of
expression and innovation on the internet. After Stratton Oakmont Inc. v. Prodigy
Services Co.449 case, the Congress applied the standard publisher/ distributor test
to find an online bulletin board liable for the post by a third party and specially
enacted Communications Decency Act (CDA), 1996 for the purpose of reversing
the Prodigy findings and providing for private blocking screening of offensive
material.

Section 223 of Communications Decency Act (CDA), 1996 lays down that
any person who puts the information on the web which is obscene, lewd,
lascivious, filthy or indecent with intent to annoy, abuse, threaten or harass
another person will be punished either with imprisonment or with fine. Section
230 also provides for protection for private blocking and screening of offensive
material. The section says that no provider or user of an interactive computer
service shall be considered as the publisher or speaker of any information
provided by any other information content provider.

Thereafter, cases such as Zeran v. America Online450 and Blumenthal v.

447
Christa Miller, “High-Tech Stalking”, Investigation Magazine, available at: http://www.
officer.com/article/10233633/high-tech-stalking (visited on Feb. 13, 2017).
448
R.C. Mishra, Cyber Crime: Impact in the New Millennium, 2002, p. 54.
449
Sallie Spilsbury, Media Law, 2000, p. 60.
450
Syed Mohd. Uzair, “Cyber Crime and Cyber Terrorism in India”, A thesis submitted to
Aligardh Muslim University, 2013, p. 50.
147
Drudge451, the court have demonstrated that although applying section 230 of the Act
is expressly uneasy for them and they are also bound to find providers who are
immune like AOL (Initialism of America Online) from defamatory postings. This
immunity applies even if the providers are notified of defamatory material and
neglect to remove it, because provider liability upon notice would likely cause a
burden of complaints on providers and on their right of freedom of speech and
expression.

The Hon’ble court ruled in Obsidian Finance Group, LIC v. Cox452 case
that liability for a defamatory blog post involving a matter of public concern
cannot be imposed without proof of fault and actual damages. Bloggers saying
libelous things about private citizens concerning public matters can only be sued
if they are negligent.

Phishing
Phishing occurs when consumers of financial institutions receive
unsolicited emails demanding their username, password, or other personal
information in order to access their account for whatever purpose. When
customers click on the links in the email to submit their information, they are
directed to a false clone of the actual institution's website, and they are unaware
that they have been duped. The fraudster now has access to the customer's online
bank account, as well as the funds in it. 453
It's simply one of the many types of
internet-based fraud.

On January 26, 2004 the United States Federal Trade Commission filed
the first lawsuit against a suspected phisher. The defendant, a Californian
teenager, allegedly created a webpage designed to look like the America Online
website, and used it to steal credit card information.454 After this, Senator Patrick
Leahy introduced the Anti- Phishing Act in Congress on March, 2005 which
would punish and fined those cyber criminals who created the fake websites and
sent bogus e-mails with the purpose of defrauding consumers. But it did not pass.

In Jan. 2007, Jeffrey Brett Goodin of California was become the first
convicted cyber criminal by a jury under The CAN- SPAM Act, 2003 for
sending thousands of e-mails to America Online users which prompted
customers to submit personal credit card information. In United States of
451
(1995) N.Y. Misc. Lexis 229.
452
(1997) 129 F. 3d 327 (4th Cir).
453
(1998) 992 F. Supp. 44 (D.D.C).
454
(2011) CV- 11- 57- HZ.
148
America, The CAN- SPAM Act, 2003 is the direct response of the growing
number of complaint over spam e-mails and is also the first USA cyber law which
establishes national standards for sending of commercial e-mail. It controlled the
assault of non-solicited pornography and market. A person or a business engaging
in commercial emails can be fined upto $ 11000 for each and every violation of
the Act.

Cyber Fraud
The United States of America enacted the Computer Fraud and Abuse Act,
1996 for prohibiting and punishing computer and internet fraud which was further
amended in the year 1994, 1996 and also amended by the Patriot Act, 2001 and in
2008 by the Identity Theft Enforcement and Restitution Act. U.S Criminal Code’s
provisions are also applicable on the cyber fraud and the violators can be
prosecuted under title 18 i.e. no. 1028 prohibits social security cards fraud and
credit card frauds, no. 1029 prohibits identity fraud including telemarketing fraud,
no. 1341 prohibits mail fraud, no. 1343 prohibits wire fraud etc. The Federal
Statute title 18 U.S. Code s. 1030 also prohibits fraud and other related activities
in connections with computers.

The Computer fraud may be defined as the use of a computer to create a

dishonest misrepresentation of fact with the purpose of inducing another to do or
refrain from doing something which causes loss under the Federal law. The
fraudulent misrepresentation can be done by the criminals in many ways like
altering computer input in an unauthorized way, altering or deleting stored data,
to rewrite software codes and upload them.

Cyber Squatting
The act of registering, selling, or utilising a domain name with the goal of
benefitting on the goodwill of another's trademark is known as cyber squatting. It
refers to the practise of purchasing domain names that contain the names of
existing businesses with the intention of reselling the names to those firms for a
profit.455 United States passed the federal laws on cyber squatting which is
known as Anti-Cyber Squatting Consumer Protection Act in 1999. According to 15
U.S.A s. 1125(d), cyber squatting is registering, trafficking in, or using an internet
domain name with bad faith intent to profit from the goodwill of a trademark

Mohit Goyal, “Ethics and Cyber Crime in India”, International Journal of Engineering and
455

Management Research, vol. 2, No. 1, Jan., 2012, available at: http://www.ijemr.net/Jan2

012/EthicsAndCyberCrimeInINDIA(1-3).pdf (visited on Feb. 13, 2017).
149
belonging to someone else.

E-mail Related Crime

E-mail related crimes are those cyber crimes which are committed by
means of email with malicious purpose by using computer network or internet. In
United States of America, there are many provisions which also cover the email
related crime and the violators can be prosecuted under that law. United States
Criminal Code’s covers this type of cyber crime under Title 18 s. 1037.

Title 18 section 1037 of United States Criminal Code provides that if any
person accesses a protected computer without authorization and intentionally
initiates the transmission of multiple commercial electronic mail messages from
or through such computer, uses a protected computer to relay or retransmit
multiple commercial electronic mail messages with the intent to deceive or
mislead recipients, or any internet access service, as to the origin of such
messages, materially falsifies information in a commercial electronic mail
message or two or more domain names and intentionally initiates the transmission
of multiple commercial electronic mail messages from any combination of such
accounts or domain names, falsely represents oneself to be the registrant or the
legitimate successor in the interest to the registrant of five or more internet
protocol addresses and intentionally initiates the transmission of multiple
commercial electronic mail messages from such addresses or conspires to do so
shall be liable to punishment under this code.

5.3 Jurisdictional Legislative Approach

Jurisdiction, especially the territorial aspect of technological sphere, is a
complex issue in international and transnational cyber crime cases on cyber space.
The Black’s Law Dictionary456 defines jurisdiction as “the power and authority
constitutionally conferred upon (or constitutionally recognized as existing in ) a
court or judge to pronounce the sentence of the law, or to award the remedies
provided by law, upon a state of facts, proved or admitted, referred to the tribunal
for decision and authorized by law to be the subject of investigation or action by
that tribunal and in favor of or against persons (or res) who present themselves or
who are brought before the court in some manner sanctioned by law as proper and
sufficient”.
456
Jeordan Legon, “Phishing scams reel in your identity”, CNN News, Jan. 26, 2004,
available at:
http://edition.cnn.com/2003/TECH/internet/07/21/phishing.scam/index.html?iref=newssearch
(visited on Feb. 13, 2017).
150
 A judicial system's effectiveness is built on a foundation of regulations that
govern every aspect of the system's operation, including, most importantly, its
jurisdiction. In order to hear a matter and give an effective judgement, a court
must have jurisdiction, venue, and proper service of process. 457
Jurisdiction refers
to judicial, legislative, and administrative competence and is a facet of state
sovereignty. Although jurisdiction is a component of sovereignty, it is not
mutually exclusive. The right of a state to exercise jurisdiction is limited by
international law. 458
The jurisdiction, which grants a certain court the authority to
accommodate a specific party, is the bedrock of every justice delivery system.459

In cyber jurisdiction, the Court must address the question of which law
maker has jurisdiction over actions taking place on the Internet. In the few cases
the Courts have adjudicated, they have applied long-arms statutes and personal
jurisdictional principles in making decision.460 The law of cyber jurisdiction
involves determination whether a particular activity in cyberspace is controlled by
the laws of the State or country where website is located, or by the laws of the
State where Internet Service Provider (ISP) is located, or by the laws of the State
where user is located or by all these law. The Internet can be seen as multi-
jurisdictional because of the ease which a user can access a Web site anywhere in
the world.461

In simple terms, cyber jurisdiction is the extension of principles of

international jurisdiction into the cyberspace. It is an ever-growing exponential
and dynamic space. With a click of a mouse one may access any website from
anywhere in the world.462

Cybercrimes have extraterritorial aspect.463 Cyberspace has no

geographical boundaries which lends a ‘transnational’ element to cybercrimes.
Traditional national and international law are not designed to adequately deal

457
“Cyber Squatting: What it is and what can be done about it”, available at:http://www.
nolo.com/legal- encyclopedia/cybersquatting-what-what-can-be-29778.html (visited on Jan. 26,
2017).
458
Anirudh Rastogi, Cyber Law-Law of Information Technology and Internet, 2014, p. 17.
459
Nandan Kamath, Law Relating to Computer Internet & E-Commerce: A Guide to Cyber Law &
IT Act, 2000 with Rules & Regulations, 2000, p. 20.
460
Suryajyoti Gupta, “Civil and Criminal Jurisdiction in the Internet”, Indian Bar Review, vol. 29,
2002, p. 45.
461
Yashraj Vakil, “Jurisdictional Challenges – Cyber Crime Prosecutions”, The Lawyers
Collective, February, 2005, p. 29.
462
“Judicial Response on Cyber Crime”, p. 276, available at: http://shodhganga.inflibnet.ac.in:
8080/jspui/bitstream/10603/70095/6/chapter%205.pdf (visited on June 7, 2016).
463
Id, p. 277.
151
with such a transnational nature of cybercrimes.464 The advent of Internet
overturned the century-old- established theories of jurisdiction which were deeply
rooted in the territorial and physical concept.465 Most of the traditional theories of
jurisdiction are over-inclusive in relation to the Internet because they allow for the
almost unlimited exercise of judicial jurisdiction.466

Due to the Globalization, there is a need felt by international community

that there must be a law which would set uniform standards for electronic
commerce which actually led to the adoption of the United Nations Commission
on International Trade Law (UNCITRAL) Model Law on Electronic Commerce
by the U.N. General Assembly. In 2001, UNCITRAL Model Law on Electronic
Signatures was also adopted for using Electronic Signatures as a substitute for
hand written signatures. In 2005, United Nations Convention on the use of
Electronic Communications in International Contracts was also held in New
York. The convention was made with the object to remove the obstacles which
are faced in the international trade for the use of electronic communications. The
legislative jurisdictional approach may be divided into civil and criminal cases.
These are discussed as under:

Jurisdiction in Criminal Cases

In United States of America, there was the need to assert jurisdiction over
a foreign defendant in a criminal case. For this purpose the two constitutional test
were laid down in International Shoe Co. v. Washington467, case in which the first
test requires that whether the defendant had sufficient minimum contacts with the
forum State for due process to justify assertion of jurisdiction and secondly,
whether assertion of jurisdiction offends traditional notions of fair play and
substantial justice. Thus in this case it was asserted that past, geographical and
terrestrial considerations were the deciding factors for ascertaining the
jurisdiction over a foreign defendant.

In Miller v. California468case, the defendants contended that the internet

provides broad-ranging connections among people in cyber space as a result of
that the obscenity tied to geographic locale. They also contended that there is a
need of more flexible definition because BBS operators could not select who

464
Gray v. American Radiator & Standard Sanitary Corp., (1961) 22 III 2d 432.
465
Supra note 5, p. 339.
466
Supra note 39.
467
Supra note 5, p.21.
468
Adria Allen, Internet Jurisdiction Today, 22 J Int’1 L & Bus 69 (2001).
152
received their material.469 On this the court ruled that the defendants had a
preexisting method of screening potential members and they could protect
themselves from being subjected to liability in jurisdiction with less tolerant
standards by pre-screening their members. The court further ruled the defendants
were free to tailor their messages to the communities on a selective basis.
Accordingly, the court held that there was no need to develop a new definition of
community and the obscenity was to be judged by what the average person
applying the community standards.470

The Hon’ble Court in Asahi Metal Industry Company v. Superior Court471

case directed that where the defendant is a United States citizen then a plaintiff
seeking to hale a foreign citizen into court in the United States must meet a higher
jurisdictional threshold. In this case the court found that even though the plaintiff
had minimum contacts with the forum state, it would be unreasonable and unfair
to find jurisdiction for three reasons firstly, the distance between defendant’s
headquarters in Japan and the Superior Court of California and the unique
burdens of submitting a dispute between two foreign nationals in a foreign legal
system; secondly, Californian’s and the foreign plaintiff’s slight interest in having
the case heard in California; and thirdly, the affect on the procedural and
substantive interests of other nations by California’s assertion of jurisdiction over
a foreign nationals.

In United States v. Robert Tappan Morris 472 case, Morris was pursuing
Ph.D from Cornell University in computer science in the year 1988. Cornell
University provided him an account on the computer for using it. That time by his
hard work he discovered a worm called which is a form of virus used for
demonstrating the inadequacies of security systems and networks. Then he
released that worm in the computer of Massachusetts Institute of Technology
(MIT) on November 2, 1988 which could break into computers and networks and
could cause damage and infection at very fast to other computers. But the speed
of that worm was not known by the accused and then he discussed it with his
friend at Harvard. Then he sent an anonymous message from Harvard over
network, instructing clogged, but it was too late because by that time military
sites, medical research sites, installations sites, Universities websites were
infected. The court found him guilty under title, 18 USC s. 1030(a)(5)(A) and
469
(1977) 326 US 310, 316: 66SCt154, 158:90 L Ed 2d 683.
470
(1973) 413 US 15:37 L.ED 2d 419.
471
(1987) 480 U.S. 102.
472
(1991) 928 F. 2d 504 [cert. denied, 502 U.S. 917].
153
sentenced him 3 years of probation, 400 hours of community service, a fine of
$10,050 and the costs of his supervision. That conviction of his was appropriated
by the District Court.

The United States of America v. Jake Barker and Arthur Gonda 473 was a
case of criminal prosecution under tile 18 U.S.C.s. 875 c. The defendant was
charged with transmitting threats to injure, kidnap another and objectionable
materials in electronic mail messages through internet. In Dec. 1994 the e-mail
messages were exchanged between Jake barker and co-accused A. Gonda. J. Barker
was then in Michigan and A. Gonda was in some unknown place with unknown
identity. They exchanged electronic mail through a computer in Ontario, Canada.
They began this exchange on 29th November 1994 and ended on 25th January
1995. Sexual interest and violence against women and girls were their point of
view. J. Barker was arrested for language used by the accused and posted in
internet news group are based on torture, rape, murder of woman citing same
name of their classmate at the University of Michigan. Barker was arrested and
the Judicial Magistrate recognized him as a threat to the community and ordered
to detain him which was affirmed by the District Court. But on 8th March, 1995
court released accused on bond on his motion.

In a criminal case in United States of America the question of cyber

jurisdiction came to the court in the early of 1996 in the case of United States. v.
Thomas474, when the Sixth Circuit upheld the highly publicized conviction of a
couple operating a pornographic bulletin board from their home. In this case the
defendants began operating the Amateur Action Computer Bulletin Board System
(AABBS) from their home in Milpitas, California in February 1991 which
contained approximately 14,000 Graphic Interchange Format (GIF) files. A U.S.
Magistrate Judge for the Northern District of California issued a search warrant
authorizing a search of the defendant’s home. Because of the evidence found
their computer system was confiscated. The defendant contended that they were
prosecuted under the wrong statute and that their conduct would fell within the
prohibitions of the statute which addresses commercial dial-a-porn operations if
criminal at all. But the court rejected his contention and ruled that the statute must
be construed to affect the intent of Congress, which was to prevent the channels
of interstate commerce from being used to disseminate any obscene matter.

The United States of America also passed the Electronic Communications

473
(1995) 890 F.Supp, 1375 (E.D. Mich).
474
(1996) 74 F.3d 701 (6th Cir).
154
Privacy Act 1999 for the purpose of protecting the right to privacy. In the USA,
Constitutional Amendments are significant for cryptography, security and freedom
in cyberspace. As a result the US has recently passed statute i.e., the Spy-were
Control and Privacy Protection Act 2000 (USC s. 3180IS) to protect the
disclosure of the collection of information through computer, computer software
and other related purposes.

In determining whether jurisdiction exists over a defendant, the U.S.

Federal courts apply the law of the forum state, subject to the limits of the Due
Process Clause of the Fourteenth Amendment.475 In Bensusan Restaurant Corp. v.
Kind476 case, the plaintiff has filed a complaint against the defendant by
contended that he had used its trademark and made the infringement of
trademark. But the defendant argued that there is lack of personal jurisdiction by
the court. In this case, the court held that it is not equivalent to a person selling,
advertising, promoting or otherwise attempting to target that product merely
because someone can access information on the Internet about an allegedly
infringing product and also there was no evidence which can show that the
defendant had directed any infringing activity at New York.

In Martiz, Inc. v. Cyber Gold, Inc.477, case the US District Court for the
Eastern District of Missouri had reached a similar conclusion in finding that it had
jurisdiction over a California defendant in a trademark infringement case, where
the defendant’s only contact with the state was through its California based
website, which was accessible in Missouri.

In McDnough v. Fallon McElligot478 case, the court dismissed the

contention of plaintiff by stating that the web make enables too easy worldwide
access by allowing computer interaction via the web to supply sufficient contact
to establish jurisdiction would eviscerate the personal jurisdiction. Thus, the court
held the fact that defendant has web site used by Californians cannot establish
jurisdiction by itself.

In rem, jurisdiction might apply to the assertion of claims for jurisdiction

based on e- mail storage box or stored file that is located on a computer server in
the forum jurisdiction.479 The rule of lex loci delicti, or the place in which the

475
U.S.C. Constitution Amendment XIV.
476
(1996) 937 F. Supp. 295 (S.D.N.Y).
477
(1996) 96-CV01340 (E.D. Mo).
478
(1997) 95 Cir 4037 (S.D.Ca).
479
Shaffer v. Heitner, (1997) 433 US 186: 53 L Ed 2d 683.
155
injury occurred is the place of trying the case was followed in torts matters. But
now both in civil and criminal matters, the emerged boundaries of the internet
have exposed the cyber criminal under universal jurisdiction.

In Mo Mayo-San Francisco v. Charles Memminger480 case The court was

asked if registering someone else's trademark as a domain name and publishing a
website on the Internet is enough to bring a party domiciled in one state within
the jurisdiction of another. It was found in this case that just registering someone
else's trademark as a domain name and publishing a website on the Internet is
insufficient to subject a party domiciled in one state to the jurisdiction of another.
There must be more evidence to show that the defendant knowingly directed his
activities in a major degree toward the forum state, and this should be decided by
looking at the commercial nature of the exchange and the parties involved.

In Minnesta v. Granite Gate Resorts Inc481 case, the Attorney General

contended that the defendant had explicitly misrepresented its service as lawful
on its Web page. The court rejected his contention to dismiss the case for lack of
jurisdiction. The courts must balance several factors while adjudicating the cases
involving foreign nationals. In the cases where the interests of foreign nationals
are affected by the court’s assertion of jurisdiction, the courts must consider the
procedural and substantive policies of that particular country. The court must
consider the reasonableness of assertion of jurisdiction examined in the light of
the interest of the federal government in its foreign relation policies by keeping
these policies in mind. When extending jurisdiction into the international field
great care and reserve must be exercised 482 because of these sovereignty
concerns, there is a higher jurisdictional barrier when litigating against a foreign
national.483

Playboy Enterprises, Inc. v. Chuckleberry Publishing, Inc. 484 is an

international civil case of trademark infringement. In this case the court sorts out
the issue of cyber jurisdiction at international level by relying on a previous
injunction in 1981 which is passed against the defendant to base its finding of
jurisdiction. The courts now required that the defendants must provide more than
mere accessibility to a Website in order to support personal jurisdiction in
cyberspace. In this case the court indicates on the basis of case laws that they are
480
(1998) US Dist. Lexis 13154.
481
(1996) 65 USLW 2440.
482
Asahi Metal Industry Company v. Superior court, (1987) 480 U.S. 102.
483
Simatra v. National Enquirer, 854 F. 2d at 1119.
484
(1996) 939 F. Supp. 1032 (S.D.N.Y).
156
inclined to expect the information provider to determine where the user is located
and to block access to their site if access would be illegal in the locale of user.

In United States vs. Czubinski485 case, Richard Czubinski was an employee

of taxpayer services division of the IRS in Boston office. He was regularly
checked the information on the IRS’s computer systems for the purpose of
performing his duties. For this task he had a valid password and was authorized to
use it to perform his duties. But side-by-side he also used it for some
unauthorized search of IRS files and knowingly disregarded IRS rules. Though it
was not proved whether he sold or disclosed any information to third parties but
he was convicted on four counts of computer fraud.

In U.S. v. Gorshkov486 case, it was found by the FBI that there has been a
series of breakdown into the computer systems of various businesses in the
United States. The court held in the case that the act of downloading information
from a computer in country by the FBI agents do not constitute a search or seizure
since the copying of the data on the Russian computers did not interfere with the
possessory interest of the defendant in the data.

5.4 Judicial Response

The judiciary is the necessary organs of any country for its success for
enforcement of laws. It has played an important role in handling cyber crimes in
cyber age both at national and international level. The judicial and law
enforcement agencies well understand that the means available to investigate and
prosecute crimes and terrorist acts committed against, or through the medium of
computers or computer networks are at present almost wholly and international in
scope. To be able to function in a good and orderly way, a country needs some
degree of order, laws and continuity. Safety and security laws have long been
merely a question of protection against dangers from the physical world. In this
chapter an attempt has been made to find out and analyses the judicial response in
United States of America (U.S.A).

There have been a number of statutory provisions in the United States

Code to regulate the use of computers and computer technology for the purpose
of preventing and controlling cyber crimes. The United States Department of
Justice advises punishment of computer crime offenders by federal court judges
in the same manner as is advisement for all other federal crimes: the United States

485
(1997) 106 F. 3d 1069, [1st Circuit Court].
486
(2001) W1 1024026.
157
Sentencing Guidelines (USSG). The USSG is a detailed sentencing guideline,
with the ranges of sentencing calculated with current offense and past criminal
history, which acts a uniform sentencing policy for federal court.487

Under the U.S. federal system each of the fifty states of United States is
also permitted, within the constraint imposed by federal law, to pass additional
substantive criminal laws to regulate computer law at state level. 488 The Youth
Internet Safety Survey (YISS), a nationally representative study of 10 to 17 year
old, has researched youth internet victimization and involvement for multiple
years.489 As damage to companies increased due to the clandestine efforts of
individuals outside the companies and disgruntled employees within, Congress
amended the Act in 1986, 1994, 1996, 2001 and 2002 to expand protections to
computers and information in the private sector. Congress also beefed up the
penalty provisions in the Act and added civil remedies.490 In USA, for the year
2015, Cost of Data Breach Study by IBM and the Ponemom Institute revealed
that the average total cost of a data breach increased from $ 3.52 million in 2014
t0 $ 3.79 million. Another study said that cyber crime will become a $ 2.1 trillion
problem by 2019.491

The judiciary response with respect to cybercrimes has been discussed as

under:

Hacking
The United States of America judiciary has played an important role in
dealing with the unauthorized access. The US Department of Justice had
pronounced the punishments for hacking under 18 USC s. 1029 of the Computer
Fraud and Abuse Act, 1986. In United States v. Morris492 case, the Circuit Court
concluded that s. 1030 (a) (5)(A) of the said Act does not require the Government
to demonstrate that the defendant intentionally prevented authorized use and
thereby caused damages.

After this case, in Briggs v. State of Maryland493 case, the Court held that
487
Supra note 11.
488
Supra note 10, p.40.
489
Supra note 11, p .48.
490
Supra note 14.
491
Limor Kissem, “2016 Cyber Crime Reloaded: Our Prediction for the Year Ahead”, (Last
Modified on Jan. 15, 2016), available at: https://securityintelligence.com/2016-cybercrime-
reloaded-our- predictions-for-the-year-ahead/ (visited on Dec. 2, 2016).
492
(1991) 504 F 2d.
493
(1998) 348 MD 470.
158
the statute of the state of Maryland that criminalizes unauthorized access to
computers was intended to prohibit use of computers by those not authorized to
do so in the first place, and may not be used to criminalize the activities of
employees who use employers’ computer system beyond the scope of their
authority to do so.

In United States v. Czubinski494 case related to unauthorized access in

which Richard Czubinski was an employee of taxpayer services division of the
IRS in Boston office. He was regularly checked the information on the IRS’s
computer systems for the purpose of performing his duties. For this task he had a
valid password and was authorized to use it to perform his duties. But side-by-
side he also used it for some unauthorized search of IRS files and knowingly
disregarded IRS rules. Section 1030(a) (4) provides that more than mere
unauthorized use is required the ‘thing obtained’ may not merely be the
unauthorized use. It is the showing of some additional end to which the
unauthorized access is a means that is lacking in this case. The evidence did not
also show that his end was anything more than to satisfy his curiosity by viewing
information about friends, acquaintances and political rivals. No evidence
produced by the plaintiff suggests that he printed out, recorded, or used the
information he browsed. No rational jury could conclude beyond a reasonable
doubt that Czubinski intended to use or disclose that information, and merely
viewing information cannot be deemed the same as obtaining something of value
for the purposes of this statue. That’s why at the end the defendant’s conviction is
reversed.

In another case Regan Gerard Gilmour v. Director of Public

Prosecutions495, the accused was a public servant employed as an Administrative
Services Officer Grade 3 within the Debt Management Section of the Taxation
Office in its Relief Section. The Relief Section considers written applications by
taxpayers for relief from payment of income tax. The issue was raised that
whether the accused had authority to insert data in a Commonwealth computer for
the purpose of section 76C of the Crimes Act, 1914 when the computer would
physically accept his insertion of data, but the accused was not permitted by his
employer to insert the relevant data without specific permission given by the
employer prior to the insertion and but such permission was not given to him.
Section 76C of the Crimes Act, 1914 provides that if a person who intentionally

494
(1997) 106 F.3d 1069 (1st Cir).
495
(1995) Commonwealth No. 60488.
159
and without authority or lawful excuse destroys, erases or alters data is guilty of
an offence. In this case, the Court held that a person commits an offence under
this section if he lacks the authority to insert the particular information into a
computer, notwithstanding that he has general authority to insert other
information into such computer. The Court further held that an entry intentionally
made without lawful excuse and known to be false is made without lawful
authority.

In United States v. Ivanov496 case, the Computer Fraud and Abuse Act was
discussed regarding its extraterritorial applicability. In this case the accused was
charged for illegally accessing the computer systems of a web hosting service
under the Computer Fraud and Abuse Act. He contended that he was in Russia at
the time of commission of offence that’s why he cannot be prosecuted under the
above mentioned Act. But the court rejected his contention and held that he can
be prosecuted under the interstate and foreign commerce of the Act. The Act
applied not only within the boundaries of America but also beyond it.

In United States v. Harris497 case the accused was charged and convicted
by the court under Computer Fraud and Abuse Act for unauthorized access to her
employer’s computer system and obtained the Social Security Numbers of several
people in order to target them in a fraudulent credit card scheme.

On December 2, 2015, the United States Department of Justice498

announced through press release that a northern California man who operated the
Internet’s best known “revenge porn” website was sentenced to 30 months in
federal prison for hiring another man to hack into e-mail accounts to steal nude
photos that were later posted on his website.

On December 15, 2015, it was announced through press release by the

United States Attorney of Department of Justice499 that three men of Florida, New
Jersey and Maryland were arrested and charged for Hacking, Spamming Scheme
and identity theft scheme that have targeted personal information of 60 million
people and generated more than $ 2 million in illegal profits.

496
(2001) 175 F Supp 2d 367 (D. Conn).
497
(2002) 302 F 3d 72 EDNY (2nd Cir Court).
498
United States Department of Justice, Dec. 2, 2015, available at: https://www.justice.gov/usao-
cdca/pr/operator-revenge-porn-website-sentenced-2-years-federal-prison-email-hacking-scheme
(visited on April 9, 2017).
499
United States Department of Justice, District Court of New Jersey, Dec.15, 2015,
available at: https://www.justice.gov/usao-nj/pr/three-men-arrested-hacking-and-spamming-
scheme-targeted- personal-information-60-million (visited on April 9, 2017).
160
Cyber Terrorism
The United States of America judiciary has also played an important role
for combating the cyber terrorism which is emerging in the recent times. In
United States v. Robert Tappan Morris500 case, Morris was pursuing Ph.D from
the Cornell University in computer science in the year 1988. The Cornell
University has given him an account on the computer to use it and after that he
has discovered “worm” called as one form of “virus” which may be used to
demonstrate the inadequacies of security systems and networks. Then, he released
the worm through a computer at the Massachusetts Institute of Technology (MIT)
on 2nd November 1988 which caused damage and infection very fast to other
computers. He then discussed it with his friend at Harvard and sent an anonymous
message from Harvard over network, instructing clogged, but it was too late
because by that time military sites, medical research sites, installations sites,
Universities websites were infected. The court found him guilty under title, 18
USC s. 1030(a) (5) (A) and was sentenced to 3 years of probation, 400 hours of
community service, a fine of $10,050 and the costs of his supervision. This was
affirmed by the circuit court in the year 1991 and held that section 1030(a) (5) (A)
does not require the Government to demonstrate that the defendant intentionally
prevented authorized use and thereby caused loss. There was sufficient evidence
for the jury to conclude that Morris acted “without authorization” within the
meaning of s. 1030(a) (5) (A) and s. 2(d) of the Computer Fraud and Abuse Act
1986. That conviction was made appropriate by the District Court.

In United States v. Racine501 case, the defendant a website designer was

pleaded guilty for the hijacking of the Arabic language news station during the
war in Iraq. He was charged for wire fraud and unlawful interception of an
electronic communication in Los Angeles. The defendant diverted the website and
e-mail traffic of the site that contained images of American war prisoners and
soldiers who were killed during Iraqi operation. He himself informed to FBI
about his act and then was charged for committing cyber crime.

In United States v. Robert Lyttle502 case, the defendant was pleaded guilty
in Federal Court for hacking into government computers and defacing
government websites violating Title 18 U.S.C. s. 1030. The defendant was
admitted his crime that he had unlawfully accessed computer system of various
500
(1991) 928 F. 2d 504 [Cert. denied, 502 U.S. 917 (1991)].
501
US Department of Justice (2003).
502
US Department of Justice (2005).
161
government agencies for obtaining confidential files and data to deface websites
hosted on computers. The court held his conviction and sentenced him for cyber
terrorism under the Act.

In United States v. William Sutcliffe503 case, the defendant was sentenced

for making interstate threats to cause injury, killing and posting thousands of
social security numbers on websites. The United States District Judge imposed
restrictions that after his release he cannot access computer and must not
communicate with victims and witnesses.

Cyber Pornography
The judiciary of United States of America has played an important role to
overcome with the cyber pornography. The test of obscenity was laid down firstly
in the case of Regina v. Hicklin504 as the tendency “to deprave and corrupt those
whose minds are open to such immoral influences and into whose hands a
publication of this sort may fall”. But later on this test of obscenity was slightly
changed in United States v. One Book Entitled “Ulysses”505 case by stating that
the criterion for obscenity was not the content of isolated obscene passages but
rather “publication taken as a whole has a libidinous effect”. Then after the
Hon’ble U.S. Supreme Court redefined the obscenity in Roth v. United States506
case by stating that “whether, to the average person, applying community
standards, the dominant theme of the material taken as a whole appeals to prurient
interests.”

In United State v. Kufrovich507 case, the defendant charged under 18 U.S.C. $

2422(b) and $ 2423(b) for using a means of Interstate Commerce to knowingly
persuade a minor to engage in sexual activity. The Court found that the parts of
the Communications Decency Act were unconstitutional which made internet
speech protected under the First Amendment. The defendant contended that he
had contacted with the victim through the internet which was constitutionally
protected and could not be used as evidence against him. But the court rejected
his contention by holding that the statutes under which the charges were brought
do not impermissible limit speech and also they criminalize the use of means of
interstate commerce for the purpose of luring a minor into sexual activity.

503
US Department of Justice (2007).
504
(1868) 3 QB 360.
505
(1934) 72 NY 705.
506
(1957) 354 US 476.
507
(1997) 997 F. Supp. 246 (D. Conn).
162
 In United States v. Hilton508 case, a federal grand jury charged Hilton for
criminal possession of computer disks containing three or more images of child
pornography in violation of 18 U.S.C. $ 2252A (A)(5)(B). He challenged the state
without denying the charges. He contended to dismiss the charges on grounds that
the act was unconstitutional under the First Amendment. The U.S. district court
was also agreed with his contention regarding the vagueness of the definition of
child pornography but in this case the issue was raised whether the CPPA poses
substantial problems of over breadth and which would sufficient to justify
overturning the judgment of the lawmaking branches. It was held by the court that
the Control and Privacy Protection Act (CPPA), 2000 is not unconstitutionally
overbroad and the judgment of the district court is reversed.

In United States v. Mathews509 case, the court held that under federal law
each transfer of child pornography image by email is a separate offence. The
defendant contended that the successive email transmissions were also the part of
a single online conversation. But the court rejected his contention. The Appellate
court affirmed this decision.

In Davis V. Gracey510 case, the accused sold the obscene CD-ROMs to an

undercover officer. After this a warrant was issued to search his business premises
and the police officers determined that pornographic CD-ROM files could be
accessed through the bulletin board and they seized the computer equipment used
to operate it. Following his criminal conviction and civil forfeiture of the
computer equipment in state court proceedings, Davis, his related businesses, and
several users of email on his bulletin board brought action against the officers
who executed the search, alleging that the seizure of the computer equipment and
email and software stored on the system violated constitutional and statutory
provisions. The Circuit court affirmed and held that the original warrant was not
unconstitutionally and that the incidental temporary seizure of bulletin board
email user files did not invalidate the seizure of the computer within which they
were stored.

In Fedeemer v. Haun511 case, The plaintiff challenged Utah's sex offender

notification law, which would make sex offender registry information freely available
on the internet to the general public. The registry information posted on the Web site

508
(1999) 167 F.3d 61 (1st GR.), [cert. denied, 120 S. Ct. 115].
509
(1998) 11 F. Supp 2d 656 (D. Md).
510
(1997)111 F. 3d 1472 (10th Cir).
511
(1999) 35 F. Supp. 852 (D. Utah).
163
and accessible to a global audience with no chance of encountering the offender was
not reasonably related to the non-punitive goal of preventing additional sex offences,
according to the court, and thus violated the Double Jeopardy and Ex Post Facto
Clauses. The statute did not violate the Equal Protection Clause, according to the
court, because it was logically tied to the purpose of preventing sexual offences. The
Court also held that the Due Process Clause was not violated because the
information to be posted is considered “non private” and therefore there is no
cognizable injury to the plaintiff’s reputation.

In State v. Maxwell512 case, The defendant was charged with introducing

child pornography into the state, despite the fact that both the defendant and the
victim were in Ohio and the service provider's servers were in Virginia. Although
the defendant appeared to be unaware of the fact that the challenged
communication had crossed state borders, the Ohio legislation required
knowledge on the part of the defendant. The conviction was maintained by the
Ohio Supreme Court, which applied the strict liability standard to transmission.

In People v. Cochran513 case, the accused allegedly posted pornographic

material on several Internet newsgroup sites by indicating also that he was
intending to trade in the material. The Hon’ble Supreme Court of California
found him guilty and convicted for posting pornographic material for commercial
purpose.

On December 2, 2015, it was announced through press release by the

United States Department of Justice514 that a northern California man who
operated the Internet’s best known “revenge porn” website was sentenced to 30
months in federal prison for hiring another man to hack into e-mail accounts to
steal nude photos that were later posted on his website.

Cyber Stalking
The stalker's ability to access the victim at any time and from any distance
undermines the victim's sense of security and might lead to the victim's persistent
worry. In July of 2013, New York prosecutors obtained an arrest warrant for
Jessica Parker, a New Zealand woman who had been online stalking a writer
called Melissa Anellin for five years. “You will have much to fear from me in the
future months,” one e-mail from 2009 stated. This isn't over until someone is

512
(2002) 95 Ohio St 3d 254 : 767 NE 2d 242.
513
(2002) 28 Cal 4th 396: 48 P 3d 1148.
514
Supra note 79.
164
bleeding to death on the floor.” Despite the distance, the internet enabled Parker
to stalk, threaten, and terrorise on a regular basis, instilling fear and eroding a
sense of security.515

In a case, an older male stalked a young boy, following him with a

camera and placing updates of his activities on his personal website, including
descriptions of his pedophilia and of his potential dangerousness to those who
threatened him.516 The offender was charged with stalking.

In New Jersey v. Dharun Ravi, a another case of cyber stalking in which a

college student named Ravi secretly made a film of his roommate’s sexual
intimation with another man and then posted this online. By this act of Ravi, she
committed suicide and Ravi was convicted for bias intimidation and invasion of
her privacy. In 2012, the judges ruled that they believe Ravi was acted out of
colossal insensitivity, not hatred and sentenced him for 30 days in jail and also
with fine.

On December 4, 2015, the United States Department of Justice517

announced through press release that Michael Daniel Rubens, formerly of
Tallahassee, Florida, United States pleaded guilty and charged for cyber stalking,
unauthorized access to a protected computer and aggravated identity theft.

On December 9, 2015, it was announced through press release by the

United States Department of Justice518 that a former United States Department
employee pleaded guilty and charged for internationally extensive cyber stalking,
e-mail phishing, computer hacking, and sextortion scheme against hundreds of
victims in the United States.

Cyber Defamation
The judiciary of United States has played an important role in dealing with
the cyber defamation emerged in cyber space day-by-day. In Anderson vs. New
York Telephone co519 case, the Court held a defendant must have had a direct hand
515
Steven D. Hazelwood and Sarah Koon Magnin, “Cyber Stalking and Cyber Harassment
Legislation in the United States: A Qualitative Analysis”, International Journal of Cyber
Criminology, Vol. 7 (2), July- December, 2013, p.157, available at:
http://www.cybercrimejournal.com/hazel woodkoonmagninijcc2013vol7issue2.pdf (visited on
Jan. 27, 2017).
516
R. v. Vose, (1999) VSCA 200.
517
United States Department of Justice, December 4, 2015, available at: https://www.justice.gov/
opa/pr/defendant-pleads-guilty-tallahassee-cyberstalking-case (visited on April 9, 2017).
518
Available at: https://www.justice.gov/opa/pr/former-us-state-department-employee-
pleads-guilty- extensive-computer-hacking-cyberstalking (visited on April 9, 2017).
519
(1974) 35 NY 2d 746.
165
in disseminating the material whether authored by another, or not in order to be
deemed to have published a libel. If Xerox Corporation had no notice then it could
not be held liable.

In Stratton Oakmont, Inc. v. Prodigy Services Company520 case, the

defendant is a publisher which led to the court for holding a finding that it would
be a hurdle for a plaintiff to overcome in pursuit of their claims because one who
repeats or republishes plaintiff filed a case against the defendant for the violation
of trademark for registering the domain name. The defendant contended that there
was the failure to join the domain registrants because they were indispensable
parties. But the court observed that to join the domain registrants is not necessary
where the defendant is a joint tortfeasor. In this case the court also took the notice
that the registrants could be brought into the litigation through the impleader
based on an indemnification agreement.521522523524525526527528529530531532

In the case of Panavision International LP v. Toeppen533, the plaintiff get

registered trademarks for ‘Panavision’ and ‘Panaflex’. But the defendant also
registered the similar domain name i.e. Panavision.com and posted the images of
the city of Pana, Illinois on the sites. The defendant offered to settle the matter for
$ 13000 in exchange for the domain name registration when plaintiff demanded
for desisting the use of the domain name by him. But the plaintiff rejected this
offer and then the defendant registered the other trademark ‘Panaflex’ as a
domain name and posted the word ‘hello’ on the website. After this the plaintiff
brought a suit for trademark infringement, trademark dilution and unfair
competition against the defendant. The District Court held the defendant liable for
dilution and enjoined him from using plaintiff’s marks or marks similar to them in
connection with any commercial activity.
520
(1995) N.Y. Misc. LEXIS 229.
521
(1998) 992 F. Supp. 44.
522
(2002) Asker and Baerum Distt. Court, Norway.
523
(2000) N.Y. Court of Claims.
524
(1991) 504 F 2d.
525
(1986) 160 C 129.
526
(1990) 739 F Supp 414 (ND III).
527
(1997) 106 F.3d 1069.
528
(1999) 99-889M.
529
(2001) 255 F. 3d 728.
530
(1996) 947 F Supp. 1227 (NDIII).
531
(1997) US Dist. LEXIS 3338 (S.D.N.Y.).
532
(1997) US Dist. LEXIS 10314 (C.D. Cal).
533
(1998) 141 F 3d 1316.
166
In Marks & Spencer PLC v. One in A Million Ltd. 534case, the Court observed after
finding the respondent to be guilty of Cyber squatting that any person who
deliberately registers a domain name on account of its similarity to the name,
brand name or trademark of an unconnected commercial organization, must
expect to find himself on the receiving end of an injunction to restrain the threat
of passing off, and the injunction will be in terms which will make the name
commercial useless to the dealer.

Email Related Crime

The United States judiciary is also playing an important role in dealing

with the email related crimes. In United States v. Kammersell535 case, the Court
found that federal interstate jurisdiction was proper where defendant sent a
threatening email via Initialism of America Online, an interstate service, even
though the message was sent from and received in the same state. The Court held
that federal laws prohibiting transmission in interstate commerce of
communications containing threats applied, because the e-mail was sent via a
commercial online service and routed outside the state before reaching its final
destination within the state. The 10 th Circuit Court of Appeals affirmed this
decision.

In State of Washington v. Townsend536 case, the Appellate Court affirmed a

conviction for second-degree rape of a child. In this case, the defendant made an
appeal against the decision of the lower court for admitting into evidence copies
of email messages between himself and a police officer posing as a 13 year old
girl. The defendant contended that the email messages were copied in violation of
the Washington Privacy Act, which prohibits the “copying of private
communication transmitted by telephone, telegraph, radio, or other device….”
The court held that email by its nature must be recorded, and an email user
impliedly consents to the copying by the act of using email. Accordingly, the
court affirmed the lower court’s decision to admit the email messages.

In United States of America, cybercrimes have emerged as a challenge to

human rights. Presently, many efforts are going on to develop the common

534
(1998) FSR 265.
535
(1999) 196 F.3d 1137 (Cri Utah).
536
(2001) 19304-7-III (Wash. Ct. App)
167
agenda of harmonizing the atmosphere between nations for combating cyber
crimes by the international treaties, conventions or commissions i.e. UNCITRAL
Model Law etc. It can also be concluded that United States of America has
enacted several laws for combating cyber crimes; despite this many complicated
legal issues are still unresolved. The legal positions relating to electronic
transactions and civil liability in cyberspace is still confused or not clear by the
reason of not having any adequate laws on globally.

Moreover while investigating cyber crimes, the investigating agencies and

law enforcement officials follow the same techniques for collecting, examining
and evaluating the evidence as they do in cases of traditional crimes. 537 The
judicial and law enforcement agencies well understand that the means available to
investigate and prosecute crimes and terrorist acts committed against, or through
the medium of computers or computer networks are at present almost wholly
international in scope.

There are a large number of cyber laws passed and amended in United
States of America. But instead of these laws the cyber crimes are increasing day
by day. For example, in United States of America for the year 2015, Cost of Data
Breach Study by IBM and the Ponemom Institute revealed that the average total
cost of a data breach increased from $ 3.52 million in 2014 t0 $ 3.79 million.
Another study said that cyber crime will become a $ 2.1 trillion problem by
2019.538

As the National White Collar Crime Centre (NWCC) Director remarked

recently “...with the public’s continued support, law enforcement will be better
able to track down these perpetrators and bring them to justice.” 539

537
“Cyber Thieves are Caught, But conviction is Wobbly”, Hindustan Times, at 18 (August 9,
2006)
538
Supra note 72.
539
Donald Brackman’s remarks on the 2009 Annual Report on Cyber crime released by the
Federal Bureau of Investigation (FBI) on March 13, 2010.
168
 CHAPTER - VI
CYBER CRIMES IN UNITED KINGDOM:
LEGISLATIVE AND JUDICIAL RESPONSE
6.1 Introduction
Digital technology is encompassing in all walks of life, all over the world
and has brought the real meaning of globalization.540 This cyber system is means
for two sided

i.e. at the one side it provides opportunities to communicate and the other
side some cyber criminals use it for the purpose of exploiting others with the
medium of the Internet and other network communications which are
international in scope.

People can visit the entire world, speak with anyone they want, see anyone
they want, even thousands of miles away, have online discussions with each
other, sell and purchase things, access banking facilities, create information, and
exchange information online with a single click of a keyboard and mouse. 541 This
is another problem in cyber space of not having the specific location.

Inventions, discoveries and technologies widen scientific horizons but also

pose new challenges for legal world. Information Technology brought about by
computers; internet and cyber space has also posed new problems in
Jurisprudence. But there has been widespread growth of these crimes today and
has become matter of global concern.542 Cyber crimes like cyber pornography,
hacking, cyber fraud, e-mail related cyber crimes etc. are increasing at every
moment in cyberspace and also emerge both as national and international
challenge which needs intensive study, research and worldwide awareness.

Such tremendous utility of information and communication technology

encouraged the terrorists and other deviants in society to use it sometimes as their
tool and sometimes as target to fulfill their ends. Internet became a way which
may be called superhighway or information way for war. That is why we can call

540
Ajeet Singh Poonia, “Cyber Crimes: Challenges and its Classification”, International Journal
of Emerging Trend & Technology in Computer Science, vol. 3, No. 6, Nov. –Dec. 2014, p. 119,
available at: http://www.ijettcs.org/Volume3Issue6/IJETTCS-2014-12-08-96.pdf (visited on
March 8, 2015).
541
M. Dasgupta, Cyber Crime in India- A Comparative Study, 2009, p. 1.
542
Prafulla Kumar Nayak, “Cyber Attacks More Terrifying Than Terrorists- A Critical Analysis”,
Indian Bar Review, Vol. XL, No.2, 2013.
169
this war as cyber war or net war.543 At present, the internet has become a way to
engage in cyber war like Taiwan against China, Israel against Palestine, India
against Pakistan, China against the United States of America etc.

This change is marked by rapidly advancing computing power, increasingly

pervasive network technologies, and the escalating need to share information, to
learn, and to act quickly.544 There is also the recent change in our education
system, types of working, manufacturing system, sales, marketing, shopping turns
into online, monetary transactions, tourism, entertainment, medical facilities etc.
due to rapid growth of online system through internet and new technology at
national and international level. This is called as a revolution which means the
emergence of new cultures and societies in cyber space which is not bounded by
any geography or time. But indirectly this leads to increasing the gap between the
existing societies and technology based societies at the information age.

The ever-soaring cyber crime graph and the money loss connected thereto,
the unending innovations and the formidable challenges did not spare even the
most advanced nations. The technological strokes were felt even in United
Kingdom and accordingly, it started responding to it.545 Because for every
country’s success legislature and judiciary are important organs for making the
sufficient laws, its enforcement by punishing wrongdoer, maintaining good
international relations and to attract investment. A country needs some degree of
order, laws and continuity and its better and timely enforcement for functioning in
a good and systematic way. Safety and security laws have long been merely a
question of protection against dangers from the physical world. This new cyber
world is increasingly intertwined with the traditional offline world and therefore
safety laws and its enforcement in cyberspace have become a pre-requisite for a
well-functioning country. In this chapter an attempt has been made to discuss the
cyber legislations and to find out the role of judiciary for combating these new
types of crime emerging in United Kingdom.

6.2 Legislative Response

The technological strokes were felt even in United Kingdom and
accordingly, it started responding to it. United Kingdom depicts two phases in
responding to the online infractions. The first phase implies a situation when
543
Supra note 2, p. 221.
544
Sun Tzu and Col. John M. Fabry, Cybercrime, Cyber Terrorism and Network Warfare: The
Next Generation of Concerns for Users of Networked Information Systems, 1999, p. 161.
545
Talat Fatima, Cyber Crimes, 2011, p. 78.
170
traditional laws per se were applied to criminal activities online and in a number of
cases like R.v. Preddy546 and R. v. Gold547, it was difficult for the courts to apply
the real life provisions to automated situations. This led to the second phase when
the need for computer crime specific legislation was hard-pressed.548 And lastly,
the Computer Misuse Act, 1990 has been passed on the basis of the Law
Commission Report on ‘Computer Misuse’ published in October, 1989 and
certain other recommendations.

The General Assembly of the United Nations by resolution dated January 30,
1997 has adopted the Model Law on Electronic Commerce regarding electronic
mail, data interchange, internet etc. to adopt uniform, international, adequate and
effective law.549 The United Nations Model law UNCITRAL provides that there
must be equal legal treatments for users of electronic communication and paper
based manual communication. There are number of offences which have been
emerged in the cyber space like cyber defamation, cyber pornography, child
password sniffing, spoofing, email bombing, spamming, phishing,
telecommunications fraud, Internet pedophilia, computer network break-ins,
industrial espionage, software piracy, the availability of illicit or unlicensed
products and services etc. and also there are various emerging cyber offences
now-a-days like cyber terrorism, cyber hacking, cyber laundering , credit card
fraud etc.

The graph of online criminal activities in United Kingdom was on a

constant rise. The United Kingdom Audit Commission Report showed a
whopping increase from a total of 77 incidents of computer crime in 1984 to a
total of 510 such incidents in 1998. 550 Later, the Data Protection Act, 1998 was
also passed for combating the computer crime and to protect the computer data.

United Nations alerted states about the importance of putting special laws
to deal with cyber crime. Many Resolutions on combating the criminal misuse of
information technologies were adopted by the General Assembly, the 13th of May
2005 resolution included:551
546
(1996) 3 All ER 481.
547
(1987) 3 WLR 803: (1988) 2 All ER 186. In this case, the Court of Appeals, helplessly
applied the Forgery and Counterfeiting Act, 1981 to unauthorised access to password codes of
various mailboxes.
548
Supra note 6.
549
B.B. Nanda and R.K. Tewari, “Cyber Crime- A Challenge to Forensic Science”, The Indian
Journal, 2000, pp. 102-103.
550
Steven Furnell, Cybercrime: Vandalizing the Information Society, 2004, p. 27.
551
S. Schjolberg and A.M. Hubbard, “Harmonizing National Legal Approaches in Cybercrime”,
171
 “International cooperation at all levels should be developed further.
Because of its universal character, the United Nations systems, with improved
internal coordination mechanisms called for by the General Assembly, should
have the leading role in intergovernmental activities to ensure the functioning and
protection of cyberspace so that it is not abused or exploited by criminals or
terrorists.”

The most active UN institution in reaching harmonization on global cyber

security and cyber crime legislation is the International Telecommunication
Union (ITU) in Geneva. A world Summit on the Information Society WSIS (from
16 to 18 November 2005) was held in Tunis, the Tunis Agenda, paragraph 42 and
40, read as follows:552

According to Paragraph 42, “We call upon governments in cooperation

with other stakeholders to develop necessary legislation for the investigation and
prosecution of cyber crime, noting existing frameworks, for example, UNGA
Resolutions 55/63 and 56/121 on “Combating the criminal misuse of information
technologies” and regional initiatives including, but not limited to, the council of
Europe’s Convention on cyber crime.”

Paragraph 42 further states, “we affirm that measures undertaken to

ensure Internet stability and security, to fight cyber crime and to counter spam,
must protect and respect the provisions relating to right of freedom of expression
and privacy which are the relevant parts of the Universal Declaration of Human
Rights and the Geneva Declaration of Principles.”

Unauthorized Access
In the United Kingdom, Professor L. Lloyd says 553, “the stereotypical
depiction of a cyber hacker tends to be that of a male teenager in a greasy T-shirt
and torn jeans who spend hours slumped over a terminal, eyes gazing fixedly at

the green glow of the VDU monitor. Nowhere is safe, no one can keep him out,
no one knows of the scale of the threat, the silent deadly menace stalks the
networks as seen in R v. Gold.”554

After this the United Kingdom Audit Commission has recommended some
International telecommunication Union, WSIS Thematic Meeting on Cyber Security, Geneva,
June 28-July 1, 2005.
552
World Summit on the Information Society, Tunis, Nov. 18, 2005, available at: http://www.itu.
int/net/wsis/docs2/tunis/off/6rev1.html (visited on Feb. 14, 2017).
553
L.J. Lloyd, Information Technology Law, 2000, p. 27.
554
(1988) AC 1060.
172
preventive measures with the British standard for information security
management on the basis of prevention is better than cure. In this reports it was
identified that there are certain security polices which must be followed urgently
including firstly, cyber security which is adequate with business strategy,
secondly, clear statement of the importance of cyber security, thirdly, clear
statement of the adequate and proper law regarding Information Technology
security, fourthly, clear statement of the responsibilities of staff to protect
investment in new Technology and computer data, fifthly, clear statement of the
steps taken by the management to encourage to adopt and maintain high security
standards as well as to enforce it in reality by the management, sixthly, statement
of the steps taken to reduce computer misuse i.e. secure password systems etc.
and lastly, Internal control mechanisms.

In United Kingdom, before the Computer Misuse Act (CMA), 1990, there were
laws like the Theft Act and the Telecommunications Act, 1984 which prohibits
misuse of the public telecommunications. The Interception of Communication
Act, 1985 prohibits forgery and other criminal activities in the course of
transmission by the public telecommunication systems. The Data Protection Act,
1084 was also passed to protect computer data and database from any violations
or damage. But in 1988, the Law commission submitted its report in which
suggestions and recommendations has been made for enacting a specific law on
computer misuse. On these recommendations the Computer Misuse Act (CMA),
1990 has been passed.

By passing the Computer Misuse Act (CMA) in 1990, it introduces the

three new criminal offences, firstly it provides that it is punishable to
unauthorized access with intention or knowledge which has connection with other
computer with 12 months imprisonment and/or a fine not exceeding level 5 on the
standard scale, secondly, it is a punishable offence to unauthorized access to
computer material with intent to commit or facilitate commission of further
crimes with 12 months imprisonment/fine on summery conviction and/or 5 years/
fine on indictment and lastly, unauthorized Modification of computer material is
a punishable offence with 12 months imprisonment/fine on summery conviction
and/or 10 years/ fine on indictment After this, certain amendments has been made
in Computer Misuse Act relating to hacking by the part 2 of Serious Crime Act,
2015 which provides that if any unauthorized act results in serious damage to
human welfare or national security, than the person shall be liable upto the
maximum punishment of life imprisonment and if any unauthorized act results in
173
serious damage to economy or the environment than the maximum sentence is 14
years.

Cyber Terrorism
Generically, cyber terrorism consists of using computer technology to
engage in terrorist activity.555 This type of cyber crime can involve using the
internet to communicate with other terrorists, to transfer the money needed to
fund a terrorist act or any other related activity. Cyber terrorism may be defined
to be the premeditated use of disruptive activities, or the threat thereof, in cyber
space, with the intention to further social, ideological religious, political or similar
objectives, or to intimidate any person in furtherance of such objectives. 556

The Federal Bureau of Investigation (FBI) defined Cyber Terrorism, “the

premeditated, politically motivated attack against intonations computer system,
computer programs and data which results in violence against non combatant
targets by sub national groups or clandestine agents”. 557 Security expert Dorothy
Denning defines cyber terrorism as politically motivated hacking operations
intended to cause grave harm such as loss of life or severe economic damage.558

In the year 1970, politically-motivated crimes were in rising modes in the

United Kingdom. Therefore, the Metropolitan Police Service’s special unit was
constituted in the city of London. After few months “the Angry Brigade” group
caused damage to the Minister of Employment by bombing. 559 After this Anti-
Terrorist Branch was constituted as a result of this and earlier in the year 1976 it
was called as the Metropolitan Police Bomb Squad. At that time there were also
the rise of threats and attacks through superhighway using information technology
to the Government, Government agencies, Departments and people.

Before the Terrorism Act, 2000 United Kingdom enacted the Data
Protection Act, 1984 and in the year 1990 to prevent and control cyber terrorism

555
Susan W. Brenner, “At Light Speed: Attribution and Response to Cybercrime/ Terrorism/
Warfare”, Journal of Criminal Law and Criminology, vol. 97, No. 2, 2007, p. 386,
available at: http://scholarlycommons.law.northwestern.edu/cgi/viewcontent.cgi?
article=7260&context=jclc (visited on Feb. 13, 2017).
556
Parthasarathi Pati, “Cyber Crimes”, available at: http://www.naavi.org/pati/pati_
cybercrimes_ dec03.htm (visited on Feb. 13, 2017).
557
Syed Mohd. Uzair, “Cyber Crime and Cyber Terrorism in India, A thesis submitted to Aligardh
Muslim University, 2013, p. 68, available at: http://shodhganga.inflibnet.ac.in/ bitstream/
10603/63591/9/09_chapter%202.pdf (visited on Feb. 13. 2017).
558
Dorothy Denning, Activism, Hactivism and Cyber terrorism: The Internet as a tool for
Influencing Foreign Policy, 2001, p. 241.
559
Supra note 2, p. 204.
174
and other crimes the Computer Misuse act was passed after R. v. Gold case.560
After this the Terrorism Act, 2000 is passed which defines the term “Terrorism”
which includes the use or threat of action that is designed seriously to interfere
with or seriously to disrupt an electronic system designed; to influence the
government or to intimidate the public or a section of the public, and made for the
purpose of advancing a political, religious or ideological cause”.

The essence of the definition is in section 1(1), which contains three

conjunctive legs, all of which must normally be satisfied (subject to section 1
(3).561 It is clear from section 1 (1) (b) of the Act that terrorism may be suffered
either by the government, it agents like police, or the public. Serious Crime Act,
2015 which provides that if any unauthorized act results in serious damage to
human welfare or national security, than the person shall be liable upto the
maximum punishment of life imprisonment.

Cyber Pornography
Pornography includes hosting the website containing this prohibited
material, use of computers for producing these obscene materials and
downloading through the internet the obscene material. These obscene matters
may cause harm to the minds of adolescent and tend to corrupt their minds. 562 In
simple terms, cyber pornography means to describe or to show sexual acts in
order to cause sexual excitement through e-books, e-films, images, videos etc. by
using internet on cyberspace.

In the traditional United Kingdom legislation, it is not an offence to

possess obscene material in private as long as there is no attempt to publish,
distribute or show it to others. But as regards, child pornography possession as
well as circulation is criminalized.563 But after passing of Criminal Justice Act,
1988 which makes it an offence for a person who have any indecent photograph
of a child in his possession under section 160.

Pornography in the United Kingdom is split into three categories: softcore

pornography, hardcore pornography, and extreme pornography. As of January
2009, even possessing extreme pornography is punishable by a three-year prison
560
(1988) 1 AC 1060.
561
Clive Walker, “Cyber Terrorism: Legal Principle and Law in the United Kingdom”, Penn State
Law Review, vol. 110, No. 3, July 7, 2006, p. 630.
562
Ritu Dhanoa, “Cyber- Crime Awareness”, International Journal in Multidisciplinary and
Academic Research, vol.2, No.2, 2014, p. 4, available at: http://ssijmar.in/vol2no2/vol2no2.24.pdf
(visited on Sep. 22, 2014).
563
Chris Reed, Computer Law, 2003, p. 300.
175
sentence.564 Possessing pornographic photographs that portray acts that risk a
person's life; acts that result in or are likely to result in significant injury to a
person's anus, breasts, or genitals; bestiality; or necrophilia is illegal under
sections 63 to 67 of the Criminal Justice & Immigration Act, 2008. This Act also
exempts classified films and other similar materials from its scope, as well as
providing defences and penalties for such offences.

According to section 1(1) of Obscene Publications Act, 1959 an article

shall be deemed to be obscene if its effect or the effect of any one of its items is,
if taken as a whole, such as to tend to deprave and corrupt persons who are likely,
having regard to all relevant circumstances, to read, see or hear the matter
contained or embodied in it. It is an offence to publish an obscene article or to
have an obscene article for publication for gain under section 2(1). The Act makes
it clear that the ‘articles’ contemplated were such items as computer disks;
however most of the pornography on the internet is now transferred electronically
from one computer to another using telephone lines and modems rather than via
any tangible medium such as discs under section 1(3). Obscene Publications Act,
1959 was further amended in 1964 which makes it an offence565 to have an
obscene article in ownership, possession or control with a view to publishing it
for gain.

Telecommunications Act, 1984 has been passed which makes it an offence

under Section 43 to send by means of a public telecommunications system, a
message or other matter that is grossly offensive or of an indecent, obscene or
menacing character and is an offence with a maximum term of six months.
Criminal Justice Act, 1988 has been passed which explains under section 160 as
amended by section 84(4) of the Criminal Justice and Public Order Act (CJPOA),
1994 that it is an offence for a person to have an indecent photograph or pseudo-
photograph of a child in his possession. This offence is now a serious arrest able
offence with a maximum imprisonment term not exceeding six months.

Cyber Stalking
Cyber stalking is use of the Internet or other electronic means to stalk
someone. This term is used interchangeably with online harassment and online
abuse.566 Mostly cyber stalking involves following a person’s movement across
564
“Cyber Pornography”, available at: http://www.lawyersclubindia.com/articles/Cyber-
Pornography- 6396.asp (visited on April 12, 2016).
565
Section 1(2) of Obscene Publications Act, 1964.
566
B. Muthukumaran, “Cyber Crime Scenario in India”, Criminal Investigation Department
176
the internet by positing threatening messages to the victim or by entering the chat-
rooms frequented by the victim or by constantly bombarding the victim with the
e-mails etc.567 Stalking is defined as persistent acts of harassment directed at a
victim, such as following the victim, making harassing phone calls, killing the
victim's petitioner, vandalising the victim's property, and leaving written
messages or objects. Following stalking, major aggressive acts such as bodily
injury to the victim may occur. Everything is contingent on the stalker's actions. 568

In United Kingdom, there are various laws which deal with stalking and
cyber stalking. The Protection of Freedoms Act, 2012 has been passed which
created two new offences of stalking by inserting sections 2A and 4A into the
Protection from Harassment Act (PHA), 1997. Section 2A creates a specific
offence of stalking and a person guilty of it shall be liable for a imprisonment not
exceeding 51 weeks or with fine not exceeding level 5 of standard scale or both.
Section 4 A creates the offence of stalking involving a fear of violence or serious
alarm or distress and a person guilty of it shall be liable for a imprisonment not
exceeding 5 years or with fine or both on indictment or a imprisonment not
exceeding twelve month or fine not exceeding statutory maximum or both on
summary conviction. Under this Act, stalking element is defined as those acts
which include monitoring a person online, contacting a person, loitering in a
public or private place, interfering with property or spying.

The Malicious Communication Act, 1988 makes it illegal to send or

deliver letters or other articles for the purpose of causing distress or anxiety by
electronic communication. There are other Act’s which deals with stalking
including the Offences against the Persons Act, 1861, Criminal Justice and Public
Order Act, 1994, Wireless Telegraphy Act, 2006.

Cyber Defamation
Any derogatory statement, which is designed to injure a person’s business
or reputation, constitutes cyber defamation. Defamation can be accomplished as
libel or slander. Cyber defamation occurs when defamation takes place with the
help of computers and/or the Internet. E.g. someone publishes defamatory matter
about someone on a website or send e-mails containing defamatory information to

Review, Jan., 2008, p. 18, available at: http://www.gcl.in/downloads/bm_cybercrime.pdf (visited

on Feb. 13. 2017).
567
Supra note 23.
568
Supra note 18, p.49.
177
all that person’s friends.569 It is the wrongful and intentional publication of words
or behavior concerning another person’s status, good name, or reputation in
society. It is not defamatory to make a critical statement that does not have a
tendency to cause damage, even if the statement turns out to be untrue.570

In United Kingdom, before the passing of Defamation Act, 1996, the Malicious
Communication Act, 1988 regulates the electronic communications with serious
consequences through controlling technology if it is abused or used to intimidate,
threaten or harass other people. It also deals with online abuse but now this Act
considered as outdated and needs to be reformed. In United Kingdom, the
Defamation Act, 1996 was passed with an intention to clarify the defence of
innocent dissemination for internet service providers. Section 1 (1) and 1(3) of the
Defamation Act, 1996 states that whoever is not the editor, publisher or author of
the material may have a defence to a defamation action. The provider in the UK
must show that it had no reason to suspect that it was publishing defamatory
material after taking all reasonable care. The liability against overseas publishers
is still exists.

The Defamation Act, 2013 enhancing the scope existing defence for
website operator, public interest and privileged publications. This Act governs the
processes which the website operator must follow when informed about alleged
defamatory comments on their site to avoid of becoming liable for that material
themselves. Under this Act, a statement can be said to be defamatory if its
publication caused or is likely to cause serious harms to individuals or business
reputation. Under the current legal measures, any person who threaten and offend
others on social media shall be liable to a maximum sentence of prison of six
month and a fine of 5,000 pounds or both.

Phishing
The term ‘Phishing’ may be defined as the receipt of unsolicited emails by
customers of financial institutions, requesting them to enter their username,
password or other personal information to access their account for some reason. 571
In this category of cybercrimes the fraudster are remained conscious to
unauthorized access to the customer’s online bank account for the purpose of

569
Id, p. 50.
570
Sallie Spilsbury, Media Law, 2000, p. 60.
571
Mohit Goyal, “Ethics and Cyber Crime in India”, International Journal of Engineering and
Management Research, vol. 2, No. 1, Jan., 2012, available at: http://www.ijemr. net/Jan
2012/Ethics And Cyber Crime In INDIA (1-3).pdf (visited on Feb. 13, 2017).
178
transferring the funds contained in that account in their own accounts. The
customers are directed to aware about the original institutions website when they
want to click on the given links in the email for entering their information for any
transaction.

In United Kingdom, a new Anti Fraud Act has been passed in 2006 for
England, Wales and Northern Ireland which is known as The Fraud Act, 2006. It
came into effect on Jan. 15, 2007. This Act banned the using of phishing kits for
sending and creating bogus e-mails by millions. Before this, there was no proper
law which deals with phishing. This Act punishes fraud by false representation,
fraud by failing to disclose information and fraud by abusing position. It provides
that a person found guilty of fraud was liable to fine or imprisonment upto twelve
months on summary conviction or fine or imprisonment upto ten years on
summary indictment.

The United Kingdom saw a significant rise in phishing attacks during 2015
as cybercriminals increasingly targeted consumers with online scams. Overall, the
number of reported phishing scams reported from November, 2014 to October,
2015 is 95,556 according to figures from Action Fraud, a 21 percent increase over
the same period of the previous year.572

Cyber Fraud
While discussing cyber fraud in the United Kingdom we must refer to
David Bainbridge. He said “as far as the criminal is concerned, the creation of an
account in his own name, followed by instructions via a computer terminal to the
main computer to transfer large sums into that account is much more attractive
than walking into a bank with a shotgun.573 Under the English Law, section 15 of
the Theft Act, 1968 required that deception is the essential element whether
relating to fact or law, whether it is made by words or conduct for liability under
the Act.

In United Kingdom, section 15 of the Theft Act, 1968 could not be

successfully applied to internet fraud. Therefore, in R. v. Preddy574 case, the issue
was raised regarding the application of the traditional legal terminology on the
intangible transactions or situations. In this case the need arose for the first time

572
Michael Moore, “Phishing Scams Cost UK Consumers £ 174m in 2015”, Tech Week Europe,
Jan. 18, 2016, available at: http://www.techweekeurope.co.uk/security/cyberwar/uk-phishing-
attacks-rise- 2015-183964#VH5VOCzvS4mFyS1H.99 (visited on Sep. 19, 2016).
573
David Bainbridge, Introduction to Computer Law, 2000, p. 291.
574
(1996) 3 All ER 481.
179
to abandon the element of ‘deception’ which is the essential ingredients of
traditional fraud. After this case, the Council of Europe Convention on
Cybercrime formulated an offence of fraud without the element of deception
under article 8 under heading ‘Computer related Fraud’.

After this, United Kingdom has taken active initiatives to adopt criminal
law to curb computer misuses. The Scottish Law Commission published a
memorandum in the year 1986 and a report in the year 1987 on computer misuse.
Subsequently, in 1988- 89, the United Kingdom Law Commission published their
report through their working paper.575 And lastly, Computer Misuse Act was
passed in June, 1990 by following their recommendations which came into force
on 1st April, 1990.

In the United Kingdom the Audit Commission has conducted four triennial
surveys of computer related fraud based on a definition referring to ‘any
fraudulent behavior connected with the computerization by which someone
intends to gain financial advantage’.576 The computer Misuse Act, 1990 provides
that a person is guilty of an offence if he intentionally causes a computer to
perform any function to secure access to any computer; he intends to secure
unauthorized access; and he knowingly causes the computer to perform the
function for these two above mentioned purposes. 577 With related to this, section
17 also provides that the access is considered as unauthorized only if a person is
not entitled to control access of the kind in question to the programme or data and
secondly, he does not have consent to access by him of the kind in question to the
programme or data from any person who is so entitled.

Cyber-Squatting
In some countries there are specific cyber squatting laws like the Anti
Cyber squatting Consumer Protection Act in United States of America. In the
United Kingdom, there are not specially domain names laws but the Courts have
extended the existing trademark law to the cases of cyber-squatting in Harrods
plc v. UK Network Services Ltd578., in which the court accepted the principle that
the law relating to trademarks and passing off can be applied to domain names. It
means that if any person who deliberately registers a domain name on account of
its similarity to the name, brand name, or trade mark of an unconnected
575
Supra note 2, p. 110.
576
Amita Verma, Cyber Crimes & Law, 2009, p. 202.
577
Section 1 of Computer Misuse Act, 1990.
578
(1997) 4 EIPR D106.
180
commercial organization must expect to find himself at the receiving end of an
injunction to restrain the threat of passing off, and the injunction will be in terms
which will make the name commercially useless to the dealer. It is further added
that the use of a trademark in the course of a business of a professional dealer for
the purpose of making domain names more valuable and extracting money from
the trade mark owner is a use in the course of trade.

6.3 Jurisdictional Legislative Approach

In United Kingdom, often the question of jurisdiction renders the court
helpless due to difference in various law provisions which are applicable to the
defendant. In criminal matters, the defendant is subject to a particular law only if
he commits the criminal act in the jurisdiction concerned.579 But on the cyber
space the situation is different and it is very difficult to clearly find out the
particular single jurisdiction for criminal act. In United Kingdom, the liability for
the criminal act is based on either possession or distribution of the obscene
material.

In the late 1989, the Trojan virus was distributed via floppy disk by a
computer calling itself ‘PC Cyborg’. The said Trojan encrypted the contents of the
victim’s hard disk after 90 re-boots, leaving just a README file containing a bill
and a Post Office Box address in Panama to which the payment was to be sent.580
The Trojan was later on extradited to United Kingdom to stand trial on charges of
blackmail and damaging computer systems by its the alleged author Dr. Joseph
Popp.

The United Kingdom adheres to the principle of territoriality. However, in

the event that the offence takes place outside of the United Kingdom, it shall still
have jurisdiction to try the perpetrator of the crime under the Computer Misuse
Act, 1990.581 Section 4 and 5 of the said Act provides that so long as the cyber
offence is significantly linked to the United Kingdom, it is not necessary to be
committed within the territory of United Kingdom. The Computer Misuse Act,
1990 may be applied to establish that the offence is significantly linked to it even
579
Supra note 6, p. 346.
580
David Emm, “Cybercrime and the Law: A Review of UK Computer Crime Legislation” (Last
Modified on May 29, 2009), available at: http://securlist.com/analysis/publications/
36253/cybercrime-and-the- law-a-review-of-uk-computer-crime-legislation/ (visited on Feb. 14,
2017).
581
Adel Azzam Saqf Al Hait, “Jurisdiction in Cybercrimes: A Comparative Study”, Journal of
Law, Policy and Globalization, vol. 22, 2014, p. 80, available at:
http://www.iiste.org/Journals/index. php/JLPG/article/viewFile/11050/11351 (visited on Nov. 30,
2016).
181
if the act committed is not a crime in the place of commission but it is a crime in
United Kingdom. The Council of Europe Cybercrime Convention under Article
22 provides that the contracting parties to the treaty are obliged to follow the
certain rules for the purpose of establishing jurisdiction over the criminal offence
and the Unite Kingdom, being the member of the above mentioned convention is
also obliged to follow and abide by these rules which are inserted in the said
convention.

The Computer Misuse Act, 1990 is the relevant law that establishes
jurisdiction on the United Kingdom for the violation of cybercrime. The crimes
covered by the law are various acts of computer misuse which are defined under
sections 1 to 3 which includes unauthorized access with intent to commit or
facilitate of further offence and unauthorized modification of computer material.
This Act was further amended by the Police and Justice Act, 2006 which enhances
the punishment under the Act for committing the cybercrime.

After this, the government of United Kingdom has constituted the

National Hi-Tech Crime Unit in April 2001 which is designed to provide a co-
ordinate response to cybercrime and such unit will closely working with
specialists from the range of agencies like the National Crime Squad, HM
revenue and Customs and the National Criminal Intelligence Service.

In U.K. v. Gary Mckinnon582 case, the defendant hacked into 97 United

States military and NASA computers from the home computer. He deleted all the
confidential data from these computers after hacked the computer. After the
deletion of these confidential files or data from the computer, US become
venerable to intruders for many hours. The United Kingdom National Hi-tech
Crime Unit after making investigation revealed that Gary was responsible for the
intrusions and on that basis he was arrested under the Computer Misuse Act,
1990. But no charge was brought by United Kingdom against Gary. Later on, a
new Extradition treaty was signed between United Kingdom and United States.
Then Gary was extradited on the basis of the said treaty and charged and arrested
in the Virginia and New Jersey. But Gary challenged the extradition and
contended that the location of cyber crime and computer was in United Kingdom.
In this case it was held by the Crown Prosecution Service that United Kingdom
had jurisdiction only when the offence was significantly linked to United
Kingdom.

582
(2010) C 385 W, available at: https://www.publications.parliament.uk/pa/cm201011/
cmhansrd/ cm100615/ text/100615w0011.htm#10061561001632 (visited on April 10, 2017).
182
6.4 Judicial Response
In the United Kingdom, the advent of the computer and internet has given
rise to the cyber crimes. The first recorded cyber crime was in 1960s and the case
of R v. Gol583d is the first cybercrime matter heard in the United Kingdom court.
Before the Computer Misuse Act, 1990, there were laws like the Theft Act, the
Telecomm- unications Act, 1984, prohibiting misuse of the public
telecommunications. The Interception of Communication Act, 1985, prohibits
forgery and other criminal activities in the course of transmission by the public
telecommunications systems. The Data Protection Act, 1984 was passed to protect
computer data and database from any violations or damage.

The National Crime Agency (NCA) released a report on July 7, 2016 by

highlighting the need for stronger law enforcement and business partnership to
fight cyber crime. According to the NCA cyber crime emerged as the largest
proportion of total crime in the U.K. with “cyber enabled fraud” making up 36 %
of all crime reported and computer misuse accounting for 17%.584 The Office of
National Statistics (ONS) estimated that there were 2.46 million cyber incidents
and 2.11 million victims of cyber crime in the UK in 2015 and only 16, 349 cyber
dependent and approximately 700, 000 cyber enabled incidents reported to Action
Fraud over the same period.584

The response by judiciary in United Kingdom with respect to cyber crimes

has been discussed as under:

Unauthorized Access
The judiciary has played an important role in dealing with the cyber crimes
of hacking. In R. v. Gold585 case, two alleged computer hackers who were
journalists by profession gained access into the British Telecom Prestel Gold
computer network without permission and modified the data. One of the accused
also accessed the personal files of the Duke Edinburgh on his personal computer
and left there a message “Good Afternoon Hrh Duke of Edinburgh”. They
contended that they had gained access into the network for the purpose of
highlighting the deficiencies in its security system. But the court rejected their
583
(1988) 1 AC 1063.
584
National Crime Agency (UK), Cyber Crime Assessment, 2016, available at: www.national
crimeagency.gov.uk/publications/709-cyber-crime-assessment-2016/file, (visited on Feb. 14,
2017).
585
The Office of National Statistics(UK), Cyber Crime Assessment, 2016, available at:
www.national crimeagency.gov.uk/publications/709-cyber-crime-assessment-2016/file, (visited
on Feb. 14, 2017).
183
contention and charged them under section 1 of the Forgery and Counterfeiting Act,
1981, for making the false instrument with the intention to use it for the purpose of
inducing others. Under section 8(1) of the said Act though the instrument is
recorded or stored on disc, tape, soundtrack or other device but it can be treated as
false instruments. The crown court held them guilty and imposed $ 750 and $ 600
fine respectively. Appeal court quashed their conviction and later on, this was
confirmed by the House of Lords. The House of Lords confirmed this sensible
judgment and declared hacking as not only an illegal act but also a crime which
needs to prevent immediately.

Therefore, after the above mentioned case, the House of Lord’s appointed
the Law Commission for their recommendations and suggestions to make law to
prevent and control hacking in the year 1988. They submitted their report in the
year 1989 with recommendation to enact specific law on Computer Misuse in the
United Kingdom.

In the another case R. v. Crop586587, the court held that the Computer
Misuse Act, 1990 will be applicable only when one computer is used to access
another computer. In DPP v. Bignell588 case, the issue was raised before the court
that whether a person will be guilty of the unauthorized access where he is
authorized to access computer data but exceeds his authorization for unauthorized
purposes. Here in the present case, two police officers used the computer and took
information from a police database and used this information for their private
purposes. The Divisional Court of Queen’s Bench Division held that their conduct
did not constitute unauthorized access because they were very much authorized to
control access to the material in question.

In R. v. Whiteley589 case, the issue before the court was relating to section 3
of the Computer Misuse Act, 1990, which provides for unauthorized modification
of computer materials by the hackers. In this case, the defendant developed
software which he transferred to complainant. The defendant then, believed that
he had retained the software copyright. Therefore, he also believed that he was
entitled to insert a logic bomb into the software in order to prevent its use. But in
fact there was no contract between the parties to the dispute about the retention of
copyright by the defendant. The court held the defendant guilty of unauthorized

586
(1988) 2 WLR 984.
587
(1992) 3 WLR 432.
588
(1998) 1 Cr App R 1.
589
(1991) 93 Cri App R 25.
184
modification of computer material under section 3 of the Act of 1990.

185
Cyber Terrorism
In United Kingdom, the National Security Council recently says on Cyber
Terrorism “comprise acts of international terrorism, hostile computer attacks on
United Kingdom cyberspace, a major accident or natural hazard such as a flu
pandemic, or an international military crisis between states drawing in the United
Kingdom and its allies.590

After R. v. Gold591 case, the United Kingdom enacted the specific law on
Computer Misuse for the purpose of controlling and preventing the commission
of cyber terrorism on the recommendations and suggestions of Law Commission.
In this case, the defendant gained unauthori1zed access into the network in order
to highlight the deficiencies in its security system. They hacked Customer
Identification Numbers (CIN) and password. But the Appellate court quashed
their conviction and was confirmed by the House of Lords. The appellate court
observed that the act of accused by using dishonest trick to gain unauthorized
access to the British Telecom files did not come under this type of criminal
offence but they may be convicted for deceiving a computer; and deceiving a
machine which is not possible.

In April 2005, one Algerian named Kamel Boungass had allegedly links
with Al- Quida was convicted for poison attack against the United Kingdom.592
But in modern time period apart from these methods the modern terrorists are
trying to access to computer, computer system, computer network of government
unauthorizedly by violating the provisions of the computer Misuse Act, 1990 and
the Data Protection Act, 1984.

Cyber Pornography
The judiciary has played an important role in dealing with the cyber
pornography cases. Though the United Kingdom does not have any written
Constitution, their freedom of speech and expressions is recognized through
several laws but subject to some reasonable restrictions. In R. v. Curl593 case,
obscenity was treated as common law offence in the year of 1727.

590
“Cyber Attacks and Terrorism Head threats facing UK” BBC News, (October 18, 2010),
available at:
www.bbc.com/news/uk-11562969 (visited on Dec. 2, 2016)
591
(1988) 1 AC 1060; see also (1987) 3 WLR 803
592
Supra note 2, p. 206
593
(1727) 2 S 788 KB.
186
 R. v. Fellows594 case was the first of cyber pornography in the United
Kingdom. In this case, an employee of the Birmingham University compiled a
database of pornographic images of children without the consent or knowledge of
the University. The database was stored and maintained on a computer with
internet connection. The Court held him liable for cyber pornography with
reference to section 1 and 7(4) of the Protection of Children Act, 1978; the
Obscene Publications Act, 1959 and the Criminal Justice and Public Order Act,
1994.

In Regina v. Hicklin595 case, the court observed it is not an offence to

possess obscene material in private as long as there is no attempt to publish,
distribute or show it to others in the traditional United Kingdom legislation. But
as regards, child pornography possession as well as circulation is criminalized.
Section 160 of the Criminal Justice Act, 1988 makes it an offence for a person to
have any indecent photograph of a child in his possession.596

Meechie v. Multi Media Marketing597 is a case related to cyber Obscenity.

In this case the defendant opened the Interactive Girls Club for the production of
erotic computer entertainment with the purpose that this would be appreciated
among the broad minded adults. In this club, one item contained a game in which
if anyone completed that game successfully, it would display the obscene images.
This distribution of ‘video nasties’ is prohibited under the Video Recording Act,
1984 as it is without certificate. In this case the court of Magistrates held that the
image will not come under the Video Recording Act, 1984 under section 1
because section 2 provides that video game is not to be the subject of the
classification requirements. But the Divisional Court reversed these two findings
of the magistrate court and held the accused guilty.

In R v. Karl Niklass598 case, the defendant was identified by police at his

home by search for committing the act of posting into a paedophilia news group
on the cyber space. The police also found out services of zip disks, magazines,
videos and nexus of the dates of newsgroup posting and clients software located
on his hard disk as well as telephone logs during the search. Then he was
convicted by the court and sentenced for imprisonment of 9 months.

594
(1997) 2 All ER 548 (CA).
595
(1868) 3 LR QB 360.
596
Supra note 24.
597
(1994) LGR 474.
598
(1998) Bristol Crown Court.
187
 In R. v. Bowden599 case, the court held that downloading and printing
images from the internet fell within the concept of ‘making’ and held liable under
the Act. Similar issue came up before the court in R v. Westgarth and Jayson600
case. In this case the prosecution was able to prove that the defendant was aware
of the caching function within his browser software and the court held that the
mere act of voluntarily downloading an indecent image from a webpage on to
computer screen is an act of ‘making.’

Cyber Stalking
The UK judiciary is playing an important role in dealing with cyber
stalking and harassment cases. The Hon’ble court have ruled in R v. Patel601 and
Lau v. DPP602 cases that it is not just the number of incidents which make up a
course of conduct but whether those incidents could be said to be so connected in
type and context as to justify the conclusion that they could amount to a course of
conduct. The incident could be accepted by the court if it amounting to a course
of conduct as laid down by the court in Pratt v. DPP603 case.

In R v. Curtis604 case, the Hon’ble Court held that it is necessary to prove

that the conduct is unacceptable to a degree which would sustain criminal
liability, and also it must be oppressive in nature. The court earlier held in the
case of C v. CPS605 that it is important to note that matters to constitute the course
of conduct amounting to harassment must be properly particularized in the
information laid or in the indictment.

Cyber Defamation
The judiciary is playing an important role in dealing with the cyber
defamation cases. In Cubby, Inc. v. CompuServe, Inc.606 case, the issue was raised
that whether the service provider exerted enough control over or had knowledge
of or reason to know, the contents of allegedly defamatory statements posted on
one of its bulletin boards. In this case the court held that the service provider was
liable defamatory statements posted on its bulletin boards, notwithstanding the

599
(2000) 1 Cri App R 438, 444.
600
(2002) EWCA Cri 683.
601
(2005) 1 Cr. App. 27.
602
(2000) Cr. L.R. 580.
603
(2001) EWHC 483.
604
(2010) EWCA 123.
605
(2008) EWHC 148.
606
(1991) 776 F. Supp. 135 (S.D.N.Y).
188
fact that the control it exerted over content was intended to improve its service
and keep them free from objectionable material.

In Stratton Oakmont, Inc. v. Prodigy Services Company 607 case, the defendant is a
publisher which led to the court for holding a finding that it would be a hurdle
for a plaintiff to overcome in pursuit of their claims because one who repeats or
republishes a libel is subject to liability as if he had originally published it. In this
case the court clearly indicated and followed the decisions given in cubby case
and held that it would be impossible for the provider to monitor every message
posted.

In Sydney Blumenthal v. Matt Drudge Online Inc.608 case, it was held by

the court that the near instantaneous possibilities for the dissemination of
information by millions of different information providers around the world to
those with access to computers and thus to the internet have created the
opportunities for exchange of information in the cyberspace.

In R. v. Graham Waddon609 case, the defendant was charged and

successfully prosecuted for publishing and transmitting obscene article under
section 3 (1) (b) of the Obscene Publications Act, 1959. He had maintained the
website featuring explicit images in the United States foe commercial purpose.

In United Kingdom, Laurence Godfrey v. Demon Internet Ltd.610 was the

first cyber defamation case in which the defendants carried on the business as an
internet service provider. They received and stored on their news server article
which was called as defamatory to plaintiff which was posted by an unknown
person using another service provider. The plaintiff approached to the defendants
for removing it from their news server due to its defamatory nature. But the
defendants failed to do so and it was continuing visible on the news server for 10
days until its automatic expiry. After this, the plaintiff filed a suit for cyber
defamation against the defendants under Defamation Act, 1996. In this case, the
court granted the application and held the defendants liable on the basis that as the
service provider they took reasonable care in relation to the publication not to
contribute in the defamatory publication.

In another case, Jameed (Yousef) v. Dow Jones & Co. Inc. 611, the foreign
607
(1995) N.Y. Misc. LEXIS 229, 1995 WL 323710 N.Y. Sup Ct. (May 24, 1995).
608
(1998) 992 F. Supp. 44 (D.D.C).
609
(2000) WL 491456: (2000) Court of Appeal (Cr).
610
(2001) QB 201.
611
(2005) QB 946.
189
claimant issued defamation proceedings in England against the publisher of a
United States newspaper in respect of an article posted on an internet website in
the United States of America, which was available to subscribers in England. The
claimant alleged that the article, together with a list of names in an internet
hyperlink referred to in the article,

implied that he had been or was suspected of having been involved in

funding a well known terrorist organization. The publisher averred that only five
subscribers within the jurisdiction had accessed the internet article, that the
claimant had in fact suffered no or minimum damage to his reputation.612 At the
end the appeal was dismissed by the court on the basis of irrebuttable
presumption in English defamation law that the publication of a defamatory
article which damaged the person defamed by it; that the bringing of a defamation
claim by a claimant who had suffered no or minimal damage to his reputation
might constitute an interference with freedom of expression that was not
necessary for the protection of the claimant’s reputation as against striking out of
the defence.

In R v. Courts613 case, the Hon’ble court ruled that in the case of

defamation, the transmission of defamatory material has rendered the online
intermediary liable depending on the basis of situation of the case. This was ruled
by the court in the wake of brutal murder of Jane Longhurst in 2003.

In Bunt v. Tilley and Others614 case, the claimant filed a suit for libel
against the defendants for posting the defamatory statements on websites. But the
defendants pleaded for the dismissal of the claims on the summary basis. In this
case, the issue was raised before the court that whether an internet service
provider could be liable in respect of the material which was simply
communicated via the services they provided. In this case the court held that an
internet service provider could not be deemed to be a publisher at common law
because they performed no more than a passive role in facilitating postings on the
internet.

Cyber Fraud
The judiciary has played an important role for combating with the cyber

612
“Cyber Defamation- The Law, Practice and Future”, pp.17-18, available at: http://www. scribd.
com/document/29692790/Cyber-Defamation-The-Law-Practice-and-Future (visited on Feb. 13,
2017).
613
(2005) EWCA Cri. 52.
614
(2006) 3 All ER 336.
190
fraud cases. In R v. Thompson615 case, the accused, a computer programmer
employed by a bank in Kuwait made two plans to defraud the bank by devising a
programme which instructed the computer to transfer sums from these accounts
to his newly opened

account. After transferring the amount, then he returned from Kuwait to

England for the purpose of minimizing the risks of detection and opened a
number of accounts with English banks and wrote request letter to the bank
manager in Kuwait to arrange to transfer his balance from Kuwait accounts
English Bank accounts. Then he was arrested by police on the charge of computer
fraud by deception and the court made him liable and was convicted for his act on
cyber space.

R v. Bow Street Magistrate616 is a landmark case on cyber fraud. In this

case, the accused modified the contents of the computer system and was charged
for unauthorized access to the American Express computer system to commit
theft or forgery. The court made him liable for this.

In R. v. Gold617 case, one of the accused accessed the files of the Duke
Edinburgh’s personal computer and left there a message. They were charged
under section 1 of the Forgery and Counterfeiting Act, 1981, because they made
the false instrument with intention to use it to induce others to accept it as genuine
one. Under section 8(1) of the said Act though the instrument is recorded or
stored on disc, tape, soundtrack or other device but it can be treated as false
instruments. In this case, the crown court held the accused him liable for his act
and imposed a fine of $ 750 and $ 600 respectively. But the Appellate court
quashed their conviction order and later on this order was confirmed by the House
of Lords. The House of Lords declared that hacking is not only an illegal act but
also a crime which needs to be controlled immediately.

In R. v. Preddy618, the House of Lords acquitted the defendants who were

charged for mortgage fraud on the basis that the process of altering the accounting
data did not constitute to obtain property belonging to another which is recorded
in the accounts of the lending institution. Here in this case, the issue was raised
regarding the application of the traditional legal terminology on the intangible
transactions or situations. In this case the need arose for the first time to abandon
615
(1984) 1 WLR 962.
616
(1994) 4 All ER 1.
617
(1988) 2 WLR 984.
618
(1996) 3 All ER 481.
191
the element of ‘deception’ which is the essential ingredients of traditional fraud.
After this case, the Council of Europe Convention on Cybercrime formulated an
offence of fraud without the element of deception under article 8 under heading
‘Computer related Fraud’.

Cyber-Squatting
In the United Kingdom, the Courts have played an important role in
extending the existing trademark law to the cases of cyber-squatting. The first
case of cyber- squatting in United Kingdom was that of Harrods plc v. UK
Network Services Ltd619., in which the court accepted the principle that the law
relating to trademarks and passing off can be applied to domain names. In
Intermatic Incorporated v. Dennis Toeppen620 case, the Court held that the
defendant’s desire to resell the domain name is sufficient to meet the commercial
use requirement of the Lanham Act. The Court in regard to dilution further held
that the dilution of Intermatic’s mark is likely to occur because the domain name
appears on the web page and is included on every page that is printed from the
web page.

The Court stated that anyone who registers a domain name on the basis of
its similarity to the name, brand name, or trade mark of an unrelated commercial
organisation should expect to be served with an injunction to prevent the threat of
passing off, and that the injunction will be written in such a way that the name
will be rendered commercially useless to the dealer. The court further stated that
using a trademark in the course of a professional dealer's business to increase the
value of domain names and collect money from the trademark owner is a use in
the course of trade. This was held in Marks & Spencer v. One in A Million Ltd.621
case. In this case the Hon’ble High Court in London observed after finding the
respondent to be guilty of Cyber squatting that any person who deliberately
registers a domain name on account of its similarity to the name, brand name or
trademark of an unconnected commercial organization, must expect to find
himself on the receiving end of an injunction to restrain the threat of passing off,
and the injunction will be in terms which will make the name commercial useless
to the dealer and held that registration of domain names for the purpose of resale
to owners of the trademarks is an action preparatory to trademark infringement.

In every day a new technique is being developed for doing the cyber
619
(1997) 4 EIPR D 106.
620
(1996) 947 F Supp. 1227.
621
(1998) FSR 265.
192
crime through using the internet facilities and many a times we are not having the
proper investigating methods or techniques to understand and to tackle that newly
cyber act which is called as cyber crime. United Kingdom has enacted several
laws for combating cyber crimes; despite this many complicated legal issues are
still unresolved and still these laws are only a gap-filler and there are so many
legal issues which have no mentioned yet. And also there are thousands of cases
taking place in the countries but only the few cases are lodged as a complaint.
Because many of the victims due to the threat and fear of getting abused in the
society does not move any complaint against the cyber criminals, some of the
cyber victims accept this incident as nightmare or bad destiny or as wished by
God and moving on the life by forgot all the incidents. But due to this the cyber
criminals are more encouraged to get involved in such type of cyber criminal
activities.

The cyber laws are passed and amended in United Kingdom from time to
time but instead of these laws the cyber crimes are increasing day by day. The
National Crime Agency (NCA) released a report on July 7, 2016 by highlighting
the need for stronger law enforcement and business partnership to fight cyber
crime. According to the NCA cyber crime emerged as the largest proportion of
total crime in the U.K. with “cyber enabled fraud” making up 36 % of all crime
reported and computer misuse accounting for 17%.622 The Office of National
Statistics (ONS) estimated that there were 2.46 million cyber incidents and 2.11
million victims of cyber crime in the UK in 2015 and only 16, 349 cyber
dependent and approximately 700, 000 cyber enabled incidents reported to Action
Fraud over the same period.623

622
Available at: www.nationalcrimeagency.gov.uk/publications/709-cyber-crime-assessment-
2016/file, (visited on Feb. 14, 2017).
623
Ibid.
193
194
 CHAPTER - VII
COMPARATIVE ANALYSIS STUDY OF CYBER
CRIMES BETWEEN US, UK AND INDIA
7.1 Introduction
Cyber world is the combination of computers and other communication
convergence.624 The internet has transformed the entire planet into a global
village. It has established a virtual world with no boundaries, allowing people to
improve both personal and professional interactions beyond national boundaries.
The rise of globalisation has had a significant impact on socioeconomic and
cultural aspects of life. Human civilisation has benefited much from
cyberspace.625 The Internet's main purpose is to link individuals all over the world
who have a desire to learn more about the indispensible human nature that led to
the creation of the cyber world.

In 21st Century, the societies are increasingly getting transformed into

knowledge Societies and their inhabitants into Knowledge Networkers who are
more informed of the events happening locally and globally. Their actions are
based on the strong foundation of knowledge which is universal, objective, timely
and retrieved from various sources.626 Due to this revolution peoples are
becoming more conscious about their rights and opportunities and all the credit
for this revolutionary change goes to computer, internet and information
technology. In fact, due to the globalization in the 21st Century the way of the
people to communicate and interact with each other all over the globe has been
changed and the communication of earlier times which was paper based is being
substituted by electronic communication.

Comparatively some organizations have identified organized cyber

criminal networks as its most potential cyber security threat and some are ready to
defend such security threats.627 The information technology is a double-edged
624
M. Dasgupta, Cyber Crime in India- A Comparative Study, 2009, p. 1.
625
Tanaya Saha and Akanchs Srivastava, “Indian Women at Risk in the Cyber Space: A
Conceptual Model of Reasons of victimization, International Journal of Cyber Criminology, vol.
8 No. 1, Jan.- June, 2014, pp. 57-58 available at: http://www.cybercrimejournal.com/
sahasrivasta vatalijcc2014vol8issue1.pdf (visited on March 6, 2017).
626
Justice T. Ch. Surya Rao, “Cyber Laws- Challenges for the 21 st Century,” Andhra Law Times,
2004, p. 20.
627
Atul Bamara, Gajendra Singh, et.al., “Cyber Attacks and Defense Strategies in india: An
Empirical Assessment of Banking Sector”, International Journal of Cyber Criminology, vol. 7 No.
2, Jan.- June, 2013, p. 49-50, available at :
https://www.researchgate.net/publication/236682638_
Cyber_Attacks_and_Defense_Strategies_in_India_An_Empirical_Assessment_of_Banking_Sector
(visited on March 6, 2017).
195
sword, consistently

presenting us with benefits and disadvantages. The increasing

opportunities for productivities, efficiency and worldwide communications
brought additional users in droves.628 The new medium which has suddenly
confronted humanity does not distinguish between good and evil, between
national and international, between just and unjust, but it only provides a platform
for the activities which take place in human society. Law as the regulator of
human behaviour has made an entry into the cyberspace and is trying to cope with
its manifold challenges.629

For a long time, safety and security have been viewed solely as a means of
avoiding bodily harm. Alongside the old world, ‘cyberspace' evolved in the late
twentieth century. Because this new world is becoming increasingly entwined
with the traditional offline one, internet safety has become a must for a well-
functioning society. A secure cyberspace is one in which no crime is perpetrated
(and from which no crime is committed). 630
There are various issues which need
to be sort out in Cyber law for a comprehensive and systematic comparative
study.

7.2 Comparative Analysis of various Cyber Crimes

Cyber crime has grown tremendously over the world, and criminal justice
professionals have lacked appropriate and up-to-date knowledge of the mundane
realities of modern cyber crime. The popular media has portrayed cyber crime as
a lone hacker breaking through seemingly impenetrable security barriers to gain
access to lucrative secret data. These kind of crimes are uncommon, but
cybercrime is all too widespread. 631 The cyber criminals use the internet for the
purpose of committing fraud, harassment, download illegal pornography, or
download stolen music far more than they use the Internet with the bad intention
to violate the security of countries both at national and international level.

R.C. Mishra, Cyber Crime: Impact in The New Millennium, 2002, p. 53.
628

Justice T. Ch. Surya Rao, “Cyber Laws- Challenges for the 21 st Century,” Andhra Law Times,
629

2004, p. 24.
630
Rutger Leukfeldt, Sander Veenstra, et.al., “High Volume Cyber Crime and the Organization of
the Police: The Results of Two empirical Studies in the Netherlands”, International Journal of
Cyber Criminology, vol. 7 No. 1, Jan.- June, 2013, p. 1, available at:
http://www.cybercrimejournal.com/
Leukfeldtetal2013janijcc.pdf (visited on Oct. 19, 2014).
631
Jose R. Agustina, “Exploring Internet Crimes and Criminal Behaviour”, Book Review of Cyber
Criminology, vol. 6 No. 2, July- Dec., 2012, p. 1044, available at:
http://www.cybercrimejournal.
com/Augustinabookreview2012julyijcc.pdf (visited on March 7, 2013).
196
 Study has shown that the United States of America and the United
Kingdom are the two traditional giants who are giving a tough defiance to the
silicon onslaught. The US bags the highest number of cyber specific legislation
followed by the United Kingdom which apart from having cyber laws, has at the
same time applied traditional laws to the knotty areas, though Judges in United
Kingdom were reluctant to apply the traditional laws to new computer situations
and pressed the need to have a technology specific legislation.632 That’s why these
two countries legal systems have been chosen as the parameters of comparison in
almost studies.

Cyber crimes are of current origin and affect the whole world at large, all
regional organizations and State countries have called upon legislatures to draft
laws dealing with these crimes; as a result most of the countries started to do so.
In this chapter an attempt has been made to compare the Indian current status of
cyber legislation with the legislation of United States and United Kingdom for
exploring the deficiencies and inadequacies of Indian cyber laws. A comparative
study is mentioned as under:

Definition of Cyber Crime

Laws of India, United States of America and United Kingdom have not
defined the term “cybercrimes” yet while the various authors in the respective
countries have attempted to define it. Strangely, the term ‘cyber crime, or ‘cyber
offence’ is neither defined nor this expression is used under the Information
Technology Act, 2000 which was further amended in 2008. In fact, the Indian
Penal Code, 1860 does not use the term ‘cyber crime’ at any point even after its
amendment by the Information Technology (Amendment) Act, 2008.

According to United Nations Manual on the Prevention and Control of

Computer Related Crime that there has been a great deal of debate among experts
on just what constitute a computer crime or a computer-related crime. Even after
several years, there is no internationally recognized definition of those terms.
Indeed throughout this manual the terms computer crime and computer related
crime will be used interchangeably.633 The U.S Department of Justice, in its
manual on computer crime, defines such crimes as any violations of criminal law
that involve a knowledge of computer technology for their perpetration,

Talat Fatima, Cyber Crimes, 2011, p. 453.

632

United Nations Manual on the Prevention and Control of Computer Related Crime, 1994, p. 5,
633

available at: http://216.55.97.163/wp-content/themes/bcb/bdf/int_regulations/un/CompCrims_

UN_Guide.pdf, (visited on March 15, 2017).
197
investigation, or prosecution.634

Taxonomy of Cyber Crimes

United States of America is the birthplace of the Internet and experienced
the first computer facilitated crime in the year 1969. 635 The United States of
America has not provided any statutory categorisation of cyber crimes. In United
Kingdom, the Computer Misuse Act, 1990 has categorised cybercrimes into three
categories:

i. Offences against the confidentiality, integrity and availability of computer

data and systems

ii. Computer Related Offences

iii. Content Related Offences

While in India the cyber crimes are given under Chapter XI of the
Information Technology Act, 2000 under the heading of ‘Offences’ which deals
with the various types of offences which is done in the electronic form or
concerning with computers, computer systems, computer networks. Hereunder
are mentioned those cyber crimes which are punishable under the Information
Technology Act, 2000 under separate sections. These are as follows:

xvi. Tampering with computer source documents

xvii. Computer related offences

xviii. Sending offensive messages through communication service

xix. Dishonestly receiving stolen computer resource or communication device

xx. Identity Theft

xxi. Cheating by personation by using computer resource

xxii. Violation of privacy

xxiii. Cyber terrorism against the government organization

xxiv. Publishing of information, which is obscene in electronic form

xxv. Publishing or Transmitting of Obscene Material in Electronic form

xxvi. Access protected system

xxvii. Breach of confidentiality and privacy

634
“Computer Crime Law and Legal Definition”, available at: https://definitions.uslegal. com/c/
computer-crime/, (visited on March 15, 2017).
635
Supra note 9. p. 454.
198
xxviii. Disclosure of information in breach of lawful contract

xxix. Offences by Companies

Hacking or Unauthorised Access

Hacking in cyberspace is not only national but also international legal
challenge which requires global standard security measures and controlling policy
through worldwide intensive study and research. 636 It is the “least included
offence” in hierarchical series of crimes that become progressively more serious,
as aggravating harms and culpability states are added to the base offense. Penal
provision is of vital importance in protecting and preventing information
technology from criminal activity.637 Many countries have made the unauthorized
access to data or information as a punishable offence on recommendations of the
OECD and the Council of Europe Convention.

Before the Information Technology (Amendment) Act, 2008, the offence

described by section 66 in India was referred to as "Hacking with Computer
System." However, the term "hacking" has been replaced by "computer-related
offences." Only when hacking is done dishonestly or fraudulently is it considered
a crime under section 66. If a person causes a computer resource to execute a
function with the dishonest or fraudulent goal of securing access while knowing
that the access he intends to secure is unlawful, that person faces up to three years
in prison or a fine of up to five lakh rupees, or both.

In Sanjay Kumar v. State of Haryana638 case, the manager of Vijay Bank,

NIT, Faridabad, filed a complaint to police by stating that the petitioner was
deputed by M/S Virmati Software and Telecommunication Ltd. to maintain the
software system supplied by them to the Bank. But the petitioner has manipulated
the interest entries of computerized bank account and thereby cheated the
complainant bank by forging electronic record in order to cause wrongful loss to
the bank. But the court found him guilty and convicted him for an offence
punishable under section 65 and 66 of IT Act read with 420, 467, 468 and 471 of
IPC and sentenced for rigorous imprisonment but

the petitioner filed an appeal against such order which was dismissed by
the appellate court and upheld the trial court judgment.

In State of A.P v. Prabhakar Sampath639 case, the complainant M/S SIS

636
Supra note 1, p. 52.
637
Amita Verma, Cyber Crimes & Law, 2009, p. 67.
638
(2013) CRR 66 (O&M) 1.
639
(2015) Cr. Comp 489/2010, Hyderabad.
199
Infotech Pvt. Ltd., Hyderabad, carrying the business of research station, filed a
complaint by stating that somebody successfully hacked their server and
downloaded their e-reports through some free public sites. After investigation
made by the police, the accused was found guilty and charged under section 66 of
IT Act for hacking content server of complainant’s company.

The Computer Fraud and Abuse Act of 1986 in the United States of
America deals with the crime of "hacking," which is per se criminal only with
respect to systems used exclusively by the US government. All other computers,
such as those utilised by the federal government but not solely, including those
carrying national security records and those containing financial and credit
records, require some additional act or damage before criminal penalties can be
imposed.640 Other statutes, such as the Data Protection Act of 1998, have been
enacted to regulate the use and storage of personal data or information relating to
individuals under sections 1030 and 1031.641

In United States v. Harris642 case, the accused was charged and convicted
by the court under Computer Fraud and Abuse Act for unauthorized access to her
employer’s computer system and obtained the Social Security Numbers of several
people in order to target them in a fraudulent credit card scheme.

On December 2, 2015, the United States Department of Justice643

announced through press release that a northern California man who operated the
Internet’s best known “revenge porn” website was sentenced to 30 months in
federal prison for hiring

another man to hack into e-mail accounts to steal nude photos that were
later posted on his website.

On December 15, 2015, it was announced through press release by the

United States Attorney of Department of Justice644 that three men of Florida, New
Jersey and Maryland were arrested and charged for Hacking, Spamming Scheme
and identity theft scheme that have targeted personal information of 60 million
640
Tonya L. Putnam and David D. Elliott, “International Responses to Cyber Crime”, University of
Petroleum and Energy Studies Review 1, 1999, pp. 39-40, available at: http://www.
hoover.org/sites/default/files/uploads/documents/0817999825_35.pdf (visited on March 6, 2017)
641
Supra note 1, p. 74.
642
(2002) 302 F 3d 72 EDNY (2nd Cir Court).
643
United States Department of Justice, Dec. 2, 2015, available at: https://www.justice.gov/usao-
cdca/pr/operator-revenge-porn-website-sentenced-2-years-federal-prison-email-hacking-scheme
(visited on April 9, 2017).
644
United States Department of Justice, District Court of New Jersey, Dec.15, 2015,
available at: https://www.justice.gov/usao-nj/pr/three-men-arrested-hacking-and-spamming-
scheme-targeted- personal-information-60-million (visited on April 9, 2017).
200
people and generated more than $ 2 million in illegal profits.

But in United Kingdom the term ‘Hacking’ is not used but it covered
under ‘unauthorised access.’ Computer Misuse Act (CMA), 1990 has been passed
in United Kingdom which introduces three new criminal offences under sections
1 to 3; firstly, unauthorized access to computer material means to use a computer
without permission is a punishable offence. Secondly, it is to be called more
malicious hacking or cracking if unauthorized access to computer material is done
with intent to commit or facilitate commission of further crimes. Thirdly,
unauthorized modification of computer material is also a punishable offence. After
this, certain amendments has been made in CMA relating to hacking by the part 2
of Serious Crime Act, 2015 which provides that if any unauthorized act results in
serious damage to human welfare or national security, than the person shall be
liable upto the maximum punishment of life imprisonment and if any unauthorized
act results in serious damage to economy or the environment than the maximum
sentence is 14 years.

In DPP v. Bignell645 case, the issue was raised before the court that
whether a person will be guilty of the unauthorized access where he is authorized
to access computer data but exceeds his authorization for unauthorized purposes.
Here in the present case, two police officers used the computer and took
information from a police database and used this information for their private
purposes. The Divisional Court of Queen’s Bench Division held that their conduct
did not constitute unauthorized access because they were very much authorized to
control access to the material in question.

On October, 2013, the National Crime Agency of United Kingdom

arrested a Computer Science student named Lauri Love 646, under Computer
Misuse Act for associated with a hacking group and charged with
extraterritorially stealing data from United States Government computers
including the Federal Reserve, US Army, Missile Defence Agency and NASA via
Hacking. By a verdict of United Kingdom Court, on September 2016, he was
extradited to United States to face charges for hacking. He could be sentenced
upto 99 years of imprisonment if he found guilty by the United States Court.

Now the Indian law is close to United States of America and United
Kingdom in this respect. Under United States law mens rea is not recognised but

(1998) 1 Cr App R 1.
645

646
“Lauri Love the Student Accused of Hacking the US”, available at: http://www.
computerweekly.com/feature/Lauri-Love-the-student-accused-of-hacking-the-US (visited on April
10, 2017).
201
it is recognised both under United Kingdom and India. Criminal liability is
imputed under United Kingdom and Indian laws but not in United States of
America. In India it is imputed only if it done with dishonest or fraudulent
intention to cause wrongful gain or wrongful loss.

Cyber Terrorism
In India, there was no specific section under the originally IT Act, 2000
under which sending of threatening emails, which may cause harassment, anxiety
nuisance and terror or which may seek to promote instability, have been made a
penal offence. But now the Information Technology (Amendment) Act 2008 for
the first time made provision for cyber terrorism and defines it under section 66F
with the imprisonment of life which is considered as the highest punishment
under this Act. Clause 1(A) of section 66 F deals with cyber terrorism that
directly affects or threatens to affects the people with the purpose to threaten the
unity and integrity or security of the nation and to fill the terror into the mind of
the peoples. Clause 1(B) of this section deals with cyber terrorism that directly
affects the State by unauthorized access to restricted information, data or
computer database. Section 124 A of Indian Penal Code can also be applied
because the damage is caused to national property and as integrity of the nation is
also jeopardised.

For example, in 2008, serial blasts in Ahmadabad, Delhi, Jaipur and

Banglore are the live examples of the cyber terrorism in India. In 2008 attack on
Mumbai Taj Hotel which is also known as 26/11 and the Varanasi blast in 2010
had the trails of cyber terrorism.647 The main purpose of the cyber terrorist is to
gather the restricted information and to spread terror by cyber communications
method for disruption of national security, unity, integrity and peace etc.

In December, 2010 the website of Central Bureau of Investigation (CBI)

was hacked by programmers identifying themselves as “Pakistani Cyber Army”.
From January to June, 2011 a total of 117 government websites had been
defaced.648 At that time some other important websites of National Investigation
Agency were also affected.

On December, 2014, Mehndi Masroor Biswas649, a prominent supporter of the

647
Jyoti Rattan, Cyber Laws & Information Technology, 2014, p. 261.
648
Ibid.
649
“In a first, Pro-Islamic State Twitter Activist to Face Cyber Terrorism Charges”, (Last
Modified on May 13, 2016), available at: http://www.firstpost.com/india/in-a-first-pro-islamic-
state-twitter- activist-to-face-cyber-terrorism-charges-2779982.html (visited on April 10,
2017).
202
Islamic State, on Twitter was charged under section 66 F of Information
Technology Act, 2000 for cyber terrorism and under the Unlawful Activities
(Prevention) Act, 1967 for advocating terrorism, facilitating recruitment for terrorist
and for supporting a terrorist organisation and under Indian Penal Code for waging
war against India and sedition. A special terrorism court in Bangalore has ruled
that the police have sufficient evidence for prosecuting him as reported by the
Indian Express.

In the United States of America, the Computer Fraud and Abuse Act, 1986
has been passed which was further amended in 1994 and 1996. But after Sep. 11,
2001, an attack on World Trade Centre and Pentagon, the United States of
America passed the Patriot Act, 2001 and recognised hacking as cyber terrorism
and for the first time defines the term “cyber terrorism”. It provides that if any
person who causes unauthorized damage to a protected computer by either
knowingly causing the transmission of a program, information, code, or
command, or intentionally and unauthorizedly accessing a protected computer
shall be liable to punishment.

In United States v. William Sutcliffe650 case, the defendant was sentenced

for making interstate threats to cause injury, killing and posting thousands of
social security numbers on websites. The United States District Judge imposed
restrictions that after his release he cannot access computer and must not
communicate with victims and witnesses.

On January 12, 2015, Cyber Caliphate hacking group obtained access to

the Twitter and You Tube accounts for U.S. Central Command and utilized the
accounts to send the message “American soldiers, we are coming, watch your
back, ISIS.” On February 10, 2015, Cyber Caliphate hacking group hacked the
Twitter accounts of Newsweek and Latin Times, and the mobile message provider
for WBOC News. Then they tweeted from the Newsweek Twitter account
“Bloody Valentine’s Day, # Michelle Obama! We’re watching you, your girls,
and your husband!”651

As compare to India and United States of America, the United Kingdom

has enacted the Data Protection Act, 1984 before the Terrorism Act, 2000 and in
the year 1990 to prevent and control cyber terrorism which defines the term

650
US Department of Justice (2007).
651
Central Bureau of Investigation, United States, available at:
http://c.ymcdn.com/sites/
www.issa.org/resource/resmgr/2015_April_CISO_Forum/Cyber_Espionage_and_Cyberter.pdf
(visited on April 10, 2017).
203
“Terrorism” as including the use or threat of action that is designed seriously to
interfere with or seriously to disrupt an electronic system designed; to influence
the government or to intimidate the public or a section of the public, and made for
the purpose of advancing a political, religious or ideological cause. Serious Crime
Act, 2015 provides that if any unauthorized act results in serious damage to
human welfare or national security, than the person shall be liable upto the
maximum punishment of life imprisonment.

In April 2005, one Algerian named Kamel Boungass had allegedly links
with Al- Quida was convicted for poison attack against the United Kingdom.652
But in modern time period apart from these methods the modern terrorists are
trying to access to computer, computer system, computer network of government
unauthorizedly by violating the provisions of the computer Misuse Act, 1990 and
the Data Protection Act, 1984.

Cyber Pornography
In India, section 292 to 294 of IPC contained the Indian law of obscenity.
However, the IT Act, 2000 was deficient in dealing with obscenity before
amendment by IT Amendment Act, 2008. It has reformed the Indian law of
obscenity to a greater extent.

Now, the Information Technology Act, 2000 after amendment states that
storing or private viewing of pornography is legal as it does not specifically
restrict it. On the other hand transmitting or publishing the pornographic material
is illegal. There are some sections of Information Technology Act, 2000 which
prohibit cyber pornography with certain exceptions to Section 67 & 67A. The
combined effect of sections 66 E, 67, 67A and 67 B is to differentiates between
cyber pornography, child pornography and mainstream pornography and to bring the
online pornography within the legal regime. For offence under section 67 the
person shall be punished on first conviction with imprisonment which may extend
to three years and with fine which may extend to five lakh rupees and in the event
of a second or subsequent conviction with imprisonment which may extend to
five years and with fine which may extend to ten lakh rupees.

Under section 67 A if any person whoever publishes or transmits or cause

to be published or transmitted in the electronic form any material which contains
sexually explicit act or conduct shall be punished on first conviction with
imprisonment of either description for a term which may extend to five years and
with fine which may extend to ten lakh rupees and in the event of second or
652
Supra note 1, p. 206.
204
subsequent conviction with imprisonment of either description for a term which
may extend to seven years and also with fine which may extend to ten lakh
rupees. For the offence of child pornography under section 67 B, the person shall
be punished on first conviction with imprisonment of either description for a term
which may extend to five years and with a fine which may extend to ten lakh
rupees and in the event of second or subsequent conviction with imprisonment of
either description for a term which may extend to seven years and also with fine
which may extend to ten lakh rupees.

As regards the Cyber pornography, most of the reported Indian Cases are
disposed of in the lower court at the magisterial level. However, the case of State
of Tamil Nadu v. Suhas Katti653 deserves a special mention in this context because
this case was disposed of within a record period of seven months from the date of
filing of the FIR by the expeditious investigation made by the Chennai Cyber
Crime Cell (CCC). This is a landmark case which is considered to be the first case
of conviction under section 67 of Information Technology Act in India which
makes this section is of the historical importance. In this case, some defamatory,
obscene and annoying messages were posted about the victim on a yahoo
messaging group which resulted in annoying phone calls to her. She filed the FIR
and the accused was found guilty under the investigation and was convicted under
section 469, 509 of IPC and section 67 of Information Technology Act.

In Mohammed v. State654 case the Gujarat High Court analyzed section 67

of IT Act and held that it is not applicable to the cases of threatening email
received by the Chief Minister of Gujarat.

In United States of America, there are two child pornography laws i.e. The
Child Pornography Prevention Act, 1996 and the Child Online Protection Act,
1998. The former Act prohibits the use of computer technology to knowingly
produce child pornography, that is, depictions of sexually explicit conduct
involving or appearing to involve minors. The latter Act requires commercial site
operators who offer material deemed to harmful to minors to use bonafide
methods to establish the identity of visitors to their site. The Communication
Decency Act, 1996 has been passed to protect minors from pornography. The
CDA states that any person, who knowingly transports obscene material for sale
or distribution either in foreign or interstate commerce or through the use of an
interactive computer service, shall be liable to imprisonment upto five years for a
653
(2004) Cr. Comp 4680, Egmore, available at: http://lawnn.com/tamil-nadu-vs-suhas-kutti/
(visited on April 5, 2017).
654
2010 [SCR. A/1832/2009] Guj.
205
first offence and up to ten years for each subsequent offence.

In the case of State v. Maxwell655, the defendant was charged with

introducing child pornography into the state, despite the fact that both the
defendant and the victim were Ohio citizens and the service provider's servers
were in Virginia. Although the defendant appeared to be unaware of the fact that
the challenged communication had crossed state borders, the Ohio legislation
required knowledge on the part of the defendant. The conviction was maintained
by the Ohio Supreme Court, which applied the strict liability standard to
transmission.

On December 2, 2015, it was announced through press release by the

United States Department of Justice656 that a northern California man who
operated the Internet’s best known “revenge porn” website was sentenced to 30
months in federal prison for hiring another man to hack into e-mail accounts to
steal nude photos that were later posted on his website.

In United Kingdom legislation, traditionally, it is not an offence to possess

obscene material in private as long as there is no attempt to publish, distribute or
show it to others. But as regards, child pornography possession as well as
circulation is criminalised. Section 160 of the Criminal Justice Act, 1988 makes it
an offence for a person to have any indecent photograph of a child in his
possession.657 In United Kingdom, pornography has been divided into three parts,
soft-core pornography, hardcore pornography and extreme pornography. Extreme
pornography is illegal to even possess as on January 2009 and carries a three year
imprisonment.658

Sections 63 to 67 of the Criminal Justice & Immigration Act, 2008

provides that it an offence to possess pornographic images that depict acts which
threaten a person’s life; acts which result in or are likely to result in serious injury
to a person’s anus, breasts or genitals; bestiality; or necrophilia. This Act also
excludes classified films etc. from its purview and also provides for defences and
the penalties for the commission of such offences.

After this there are other Act’s which deals with obscenity including the
Obscene Publications Act, 1959 and 1964, Telecommunications Act, 1984 and

655
(2002) 95 Ohio St 3d 254 : 767 NE 2d 242.
656
Available at: https://www.justice.gov/usao-cdca/pr/operator-revenge-porn-website-sentenced-
2-years- federal-prison-email-hacking-scheme (visited on April 9, 2017).
657
Chris Reed, Computer Law, at 300 (2003).
658
“Cyber Pornography”, available at: http://www.lawyersclubindia.com/articles/Cyber-
Pornography- 6396.asp (visited on April 12, 2016).
206
Criminal Justice Act, 1988. Criminal Justice Act, 1988 has been passed which
explains under section 160 as amended by section 84(4) of the Criminal Justice
and Public Order Act (CJPOA), 1994 that it is an offence for a person to have an
indecent photograph or pseudo-photograph of a child in his possession. This
offence is now a serious arrest able offence with a maximum imprisonment term
not exceeding six months.

In R. v. Bowden659 case, the court held that downloading and printing

images from the internet fell within the concept of ‘making’ and held liable under
the Act. Similar issue came up before the court in R v. Westgarth and Jayson660
case. In this case the prosecution was able to prove that the defendant was aware
of the caching function within his browser software and the court held that the
mere act of voluntarily downloading an indecent image from a webpage on to
computer screen is an act of ‘making.’

In 2014, FBI arrested Hunter Moore661, the operator of revenge

pornography website where sexually explicit photos were posted without
subject’s consent, along with his co-defendants Charles Evens who obtained the
photos through hacking the email accounts and charged both of them with
conspiracy as well as seven counts unauthorised access to a protected computer to
obtain information and for identity theft. Revenge porn was legislated against in
the United Kingdom in Criminal Justice and Courts Act, 2015 which hands down
sentences for distributing a private sexual image of someone without consent and
with the intention of causing them distress. Moore has been sentenced to two and
a half years and Evens was sentenced to two years and one month by the United
Kingdom Court.

The Communication Decency Act, 1996 of United States of America and

the Obscene Publications Act, 1959 of United Kingdom both differentiates
between mainstream pornography and child pornography while in India no such
difference exists under section 292 of IPC though the IT Act after amendment in
2008 has regarded obscenity as an offence but separately defined child pornography
with punishment under section 67B. In United States of America possession of
obscene material is not an offence but publishing or transmission of obscene
material is an offence while in United Kingdom and India, mere possession of
obscene material is not an offence. In United States of America, child
659
(2000) 1 Cri App R 438, 444.
660
(2002) EWCA Cri 683.
661
“Hunter Moore gets 2.5 Years for Revenge Porn Hacking” , available at: https://www.
cmagazineuk.com/hunter-moore-gets-25-years-for-revenge-porn-hacking/article/535569/ (visited
on April 10, 2017).
207
accessibility to porn sites is prohibited while in India browsing and downloading
child porn images are punishable offence.

Cyber Stalking
The legislation on cyber stalking are varies from country to country. Prior
to February 2013, there were no legislation in India that specifically regulated
cyber stalking; it was covered under sections 66A, 72, and 72 A of the
Information Technology Act, 2000. By enacting the Criminal Law (Amendment)
Act, 2013, the Indian parliament amended the Indian Penal Code, 1860, to make
internet stalking a criminal offence. Cyber stalking is not directly recognized
cyber crimes in India under Section 66 A by the Information Technology
(Amendment) Act 2008 and under section 72, 72A. Section 66 A provides
punishment for sending offensive messages through communication service etc
and section 72 provides for breach of confidentiality and privacy.

In Shreya Singhal and others v. Union of India 662, the Honble Supreme
Court deemed it unconstitutional and anti-freedom of speech and expression, and
struck it down. Police in several jurisdictions have utilised this part to falsely
arrest people for making critical remarks about social and political problems on
social media sites. Ritu Kohli's case was India's first case of cyber stalking, and it
was filed by the Delhi Police's Economic Offenses Wing under section 509 of the
Indian Penal Code for infringing on a woman's modesty. Stalking and harassment
are both prohibited under Section 503 of the IPC. Further, section 504 provides a
remedy for use of abusive and insulting language. This is another form in which
cyber stalking takes place where abusive words etc. are sent through e-mail.

Cyber stalking is a crime in the United States, according to anti-stalking,

slander, and harassment legislation. A conviction can lead to a restraining order,
probation, or criminal sanctions, including jail time, for the offender. Cyber
stalking has been addressed in a recent federal statute in the United States. The
Violence Against Women Act of 2000, for example, included internet stalking in
the federal interstate stalking legislation. Despite the lack of federal laws to
particularly address cyber stalking, the majority of legislative action is still done
at the state level. Only a few states have stalking and harassment laws that make it
illegal to send threatening or unwanted electronic communications. 663 The first
anti-stalking law was enacted in California in 1990, and while all fifty states soon

AIR 2015 SC 1523.

662

“Cyber Stalking”, available at: http://en.wikipedia.org/wiki/cyberstalking (visited on April 12,

663

2016).
208
passed ant-stalking laws, by 2009 only 14 of them had laws specifically addressing
“high-tech stalking.664

In United States of America almost every state has laws dealing with cyber
stalking. US federal Code 18 under section 2261 A (2) states that whoever with
the intent uses the mail, any interactive computer service, or any facility of
interstate of foreign commerce to engage in a course of conduct that causes
substantial emotional distress to that person or places that person in reasonable
fear of the death of, or serious bodily injury shall be liable under section 2261 B
(b) for a imprisonment which may extend upto life imprisonment if the death of
the victim results; for not more than 20 years if permanent disfigurement or life
threatening bodily injury to the victim results; for not more than 10 years, if
serious bodily injury to the victim results or if the offender uses a dangerous
weapon during the offense.

New Jersey v. Dharun Ravi665, is a case of cyber stalking in which a

college student named Ravi secretly made a film of his roommate’s sexual
intimation with another man and then posted this online. By this act of Ravi, she
committed suicide and Ravi was convicted for bias intimidation and invasion of
her privacy. In 2012, the judges ruled that they believe Ravi was acted out of
colossal insensitivity, not hatred and sentenced him for 30 days in jail and also
with fine.

On December 9, 2015, it was announced through press release by the

United States Department of Justice666 that a former United States Department
employee pleaded guilty and charged for internationally extensive cyber stalking,
e-mail phishing, computer hacking, and sextortion scheme against hundreds of
victims in the United States.

In United Kingdom, there are various laws which deal with stalking and
cyber stalking. The Protection of Freedoms Act, 2012 has been passed which
created two new offences of stalking by inserting sections 2A and 4A into the
Protection from Harassment Act (PHA), 1997. Section 2A creates a specific
offence of stalking and a person guilty of it shall be liable for a imprisonment not
exceeding 51 weeks or with fine not exceeding level 5 of standard scale or both.

664
Christa Miller, “High-Tech Stalking, Law Enforcement Technology”, available at:
http://www. officer.com/article/10233633/high-tech-stalking (visited on March 6, 2017).
665
(March, 2012), SC New Jersey, available at: https://en.wikipedia.org/wiki/New_Jersey_v._
Dharun_Ravi (visited on April 10, 2017).
666
Available at: https://www.justice.gov/opa/pr/former-us-state-department-employee-pleads-
guilty- extensive-computer-hacking-cyberstalking (visited on April 9, 2017).
209
Section 4 A creates the offence of stalking involving a fear of violence or serious
alarm or distress and a person guilty of it shall be liable for a imprisonment not
exceeding 5 years or with fine or both on indictment or a imprisonment not
exceeding twelve month or fine not exceeding statutory maximum or both on
summary conviction. Under this Act, stalking element is defined as those acts
which include monitoring a person online, contacting a person, loitering in a
public or private place, interfering with property or spying. The Malicious
Communication Act, 1988 makes it illegal to send or deliver letters or other
articles for the purpose of causing distress or anxiety by electronic
communication. There are other Act’s which deals with stalking including the
Offences against the Persons Act, 1861, Criminal Justice and Public Order Act,
1994, Wireless Telegraphy Act, 2006.

In R v. Curtis667 case, the Hon’ble Court held that it is necessary to prove

that the conduct is unacceptable to a degree which would sustain criminal
liability, and also it must be oppressive in nature. The court earlier held in the
case of C v. CPS668 that it is important to note that matters to constitute the course
of conduct amounting to harassment must be properly particularized in the
information laid or in the indictment. However, the Hon’ble court has earlier
ruled that the incident could be accepted only when it amounting to a course of
conduct as laid down in Pratt v. DPP669 case.

Cyber defamation
In India, the term ‘cyber defamation’ is not specially used and defined
under section 66A of the IT Act, 2000 but it makes punishable the act of sending
grossly offensive material for causing insult, annoyance or criminal intimidation.
Section 499 of the Indian Penal Code criminalises cyber defamation, which was
expanded by the IT Act of 2000 to include "speech" and "documents" in
electronic form. Section 499 of the Criminal Code defines defamation as the
publication of an imputation about a person with the aim to injure or having
grounds to believe that such imputation would impair that person's reputation.
The defamatory item has been published, that is, it has been communicated to
someone other than the person to whom it is directed. In India, an e-mail that
makes defamatory statements about the person to whom it is addressed is not
considered defamatory if it is not conveyed to a third party. Statements on mailing
lists and the World Wide Web world are defamatory as they would be available to
667
(2010) EWCA 123.
668
(2008) EWHC 148.
669
(2001) EWHC 483.
210
persons other than the person to whom they refer.

On January 30, 2017, the Hon’ble Metropolitan Magistrate Court issued

summons to Delhi Chief Minister Arvind Kejriwal and suspended BJP Parliament
Kirti Azad in a defamation complaint filed by the Vice President of Delhi and
District Cricket Association by alleging them of defaming the cricket association
by passing “scandalous” remarks. The Hon’ble court said “it is prima facie clear
that Chief Minister, Kejriwal has made a serious defamatory remark only on the
basis of hearsay information received from his friend”. The court observed that
“such a drastic statement and that too from the Chief Minister, may have negative
impact and leave an adverse impression in the mind of cricketers, officials and
public at large, impacting reputation of Delhi and District Cricket Association, its
organisational functioning and the transparency of the selection process.” 670 The
court also noted that the above mentioned statement was broadcast by a private
news channel and widely published in all national dailies as well as carried on
internat.

In United States of America, the Communications Decency Act (CDA),

1996 is one of the most valuable tools for protecting freedom of expression and
innovation on the internet. Section 223 of the Act states that anyone who posts
obscene, lewd, lascivious, filthy, or indecent content over the internet with the
intent to annoy, abuse, threaten, or harass another person will be penalised with
either jail or a fine. Private blocking and screening of offensive information is
protected under Section 230 of the Act. According to the section, no interactive
computer service provider or user shall be considered the publisher or speaker of
any information provided by another information content source.

The Hon’ble court ruled in Obsidian Finance Group, LIC v. Cox671 case
that liability for a defamatory blog post involving a matter of public concern
cannot be imposed without proof of fault and actual damages. Bloggers saying
libellous things about private citizens concerning public matters can only be sued
if they are negligent. In Firth v. State of New York case672, the plaintiff claimed that
publication of an alleged libel on the internet was continuous publication, which
would extend the statute of limitations. The court held that the statue would run
from the date of material was first posted not from the continuity. And the
decision was also affirmed by the New York Appellate Division Court.
670
“Court Summons Kejriwal, Azad in DDCA Defamation Case”, Sportz Wiki, Jan. 30, 2017,
available at: http://sportzwiki.com/cricket/court-summons-kejriwal-azad-ddca-defamation-case/
(visited on April 10, 2017).
671
(2011) CV- 11- 57- HZ.
672
(2000) N.Y. Court of Claims.
211
 In United Kingdom, Malicious Communication Act, 1988 regulates the
electronic communication with serious consequences through controlling
technology if it is abused or used to intimidate, threaten or harass other people. It
also deals with online abuse but now this Act considered as outdated and needs to
be reformed. In United Kingdom, the Defamation Act, 1996 was intended to
clarify the defence of innocent dissemination for internet service providers.
Section 1 (1) and 1(3) of the Defamation Act, 1996 states that whoever is not the
editor, publisher or author of the material may have a defence to a defamation
action. The provider in the United Kingdom must show that it had no reason to
suspect that it was publishing defamatory material after taking all reasonable care.
The liability against overseas publishers is still exists. The Defamation Act, 2013
enhancing the scope existing defence for website operator, public interest and
privileged publications. This Act governs the processes which the website
operator must follow when informed about alleged defamatory comments on their
site to avoid of becoming liable for that material themselves. Under this Act, a
statement can be said to be defamatory if its publication caused or is likely to
cause serious harms to individuals or business reputation. Under the current legal
measures, any person who threaten and offend others on social media shall be
liable to a maximum sentence of prison of six month and a fine of 5,000 pounds
or both.

In Bunt v. Tilley and Others673 case, the claimant filed a suit for libel
against the defendants for posting the defamatory statements on websites. But the
defendants pleaded for the dismissal of the claims on the summary basis. In this
case, the issue was raised before the court that whether an internet service
provider could be liable in respect of the material which was simply
communicated via the services they provided. In this case the court held that an
internet service provider could not be deemed to be a publisher at common law
because they performed no more than a passive role in facilitating postings on the
internet.

Phishing
In India, the term ‘Phishing’ is not used anywhere in this section as given
under IT Act, 2000 before or after amended by the amendment Act, 2008. But
now it is a punishable offence under section 66, 66A, 66C, 66 D of IT Act, 2000
and under Indian Penal Code. Section 66 A of Information Technology Act
provides punishment

673
(2006) 3 All ER 336.
212
 for sending offensive messages through communication service etc.
Section 66 C of Information Technology Act, 2000 which is inserted by
Amendment Act, 2008 provides punishment for Identity Theft if any person
whoever fraudulently or dishonestly make use of the electronic signature,
password or any other unique identification features of any other person. Section
66 D is applied to any case of cheating by personation which is committed by
using a computer resource or a communication device which can be used for
phishing but not directly.

In United States of America, on January 26, 2004 the United States

Federal Trade Commission filed the first lawsuit against a suspected phisher. The
defendant, a Californian teenager, allegedly created a webpage designed to look
like the America Online website, and used it to steal credit card information. 674
Following this, in March 2005, Senator Patrick Leahy sponsored the Anti-
Phishing Act in Congress, which would prosecute and fine cyber criminals who
built false websites and sent bogus e-mails with the intent of scamming people.
However, it was not approved. In January 2007, a jury in California found Jeffrey
Brett Goodin to be the first cyber criminal convicted under the CAN- SPAM Act,
2003, for sending thousands of e-mails to America Online consumers requesting
personal credit card information. The CAN- SPAM Act of 2003 in the United
States of America is a direct response to the growing number of complaints about
spam e-mails, and it is also the first United States of America cyber security law.

In United Kingdom, a new Anti Fraud Act has been passed in 2006 for
England, Wales and Northern Ireland which is known as The Fraud Act, 2006. It
came into effect on Jan. 15, 2007. This Act banned the using of phishing kits for
sending and creating bogus e-mails by millions. Before this, there was no proper
law which deals with phishing. This Act punishes fraud by false representation,
fraud by failing to disclose information and fraud by abusing position. It
provides that a person found guilty of fraud was liable to fine or imprisonment
upto twelve months on summary conviction or fine or imprisonment upto ten
years on summary indictment.

Cyber Fraud
In India, the term ‘Fraud’ is neither defined in the Indian Penal Code, 1860
nor in the IT Act. Section 66 D is inserted by the Amendment Act, 2008 for
providing punishment for cheating by personation by using computer resource
674
Jeordan Legon, “Phishing scams reel in your identity”, CNN News, (Jan. 26, 2004), available
at: http://edition.cnn.com/2003/TECH/internet/07/21/phishing.scam/index.html?iref=newssearch
(visited on March 6, 2017).
213
which is also used for cyber fraud but not directly. According to this section if
any person who by means of any communication device or computer resource
cheats by personation, shall be punished with imprisonment of either description
for a term which may extend to three years and shall also be liable to fine which
may extend to one lakh rupees.675 This offence is bailable, cognizable and triable
by the court of Judicial Magistrate of First Class.

The Computer Fraud and Abuse Act of 1996 was enacted in the United
States of America to ban and punish computer and internet fraud. It was updated
in the years 1994 and 1996, as well as by the Patriot Act of 2001 and the Identity
Theft Enforcement and Restitution Act of 2008. The provisions of the United
States Criminal Code apply to cyber fraud, and violators can be prosecuted under
title 18, for example, no. 1028 prohibits social security card and credit card
frauds, no. 1029 prohibits identity fraud, including telemarketing fraud, no. 1341
prohibits mail fraud, no. 1343 prohibits wire fraud, and so on. Fraud is likewise
prohibited under Title 18 U.S. Code s. 1030.

In United State v. Pirello676 case, the defendant Pirello placed four

advertisements on internet classified-ads websites for soliciting the buyers for
computers with the purpose of fraudulently selling it online. By doing this, he
received three orders and then he deposited the entire money received from the
orders in his personal bank account but he did not delivered computers to the
buyers. The court determined the issue that whether USSG 2F1.1 (b) (3), which
instructs courts to enhance a sentence by two levels if the offense was committed
through “mass-marketing,” applied to Pirello’s fraudulent internet advertisements.
The court held that the use of the internet website to solicit orders for non-existent
computers violated the USSG and affirmed the lower court’s enhancement of
Pirello’s sentence.

In United Kingdom, section 15 of the Theft Act, 1968 could not be

successfully applied to internet fraud. Then United Kingdom has passed the
Computer Misuse Act, 1990 which provides that a person is guilty of an offence
under section 1 if he intentionally causes a computer to perform any function to
secure access to any computer; he intends to secure unauthorized access; and he
knowingly causes the computer to perform the function for these two above
mentioned purposes. With related to this, section 17 also provides that the access
is considered as unauthorized only if a person is not entitled to control access of
the kind in question to the programme or data and secondly, he does not have
675
Section 66 D (Inserted Vide Information Technology (Amendment) Act, 2008).
676
(2001) 255 F. 3d 72
214
consent to access by him of the kind in question to the programme or data from
any person who is so entitled.

In R v. Thompson677 case, the accused, a computer programmer employed

by a bank in Kuwait made two plans to defraud the bank by devising a
programme which instructed the computer to transfer sums from these accounts to
his newly opened account. After transferring the amount, then he returned from
Kuwait to England for the purpose of minimizing the risks of detection and
opened a number of accounts with English banks and wrote request letter to the
bank manager in Kuwait to arrange to transfer his balance from Kuwait accounts
English Bank accounts. Then he was arrested by police on the charge of computer
fraud by deception and the court made him liable and was convicted for his act on
cyber space.

Breach of Online Privacy

In India, Section 66 E is inserted in IT Act, 2000 after amendment in 2008
for providing punishment for violation of privacy. This section applies to the
violation of the bodily privacy of any person by three stages i.e. capture,
publication and transmission. This section criminalizes any of these stages that
are done without the consent of the victim. Capturing include to capture an image
by any means such as videotaping, filming or recording by using any kind of
technology like video recorders, cameras, CCTVs, webcam in a PC or any other
forms of electronic surveillance like spy cameras or any kind of hidden
cameras, smart phones etc. Publication includes the creation of copies both in
print i.e. magazines, books, newspapers and in an electronic form i.e. on the
websites or CDs. Transmission means to deliberate or intentional electronic
transfer of the image via emails, internet, messaging, Bluetooth etc. with the
purpose that it can be viewed instantly by other persons. The offence is complete
immediately on the sending of the mail. It is irrelevant that whether the person to
whom the mail is sent read the mail or not.

In United States of America, the Electronic Communication Privacy Act,

1986 (ECPA) a criminal wiretap statute which uses the word “anyone” who
commits the breach and on whom the liability can be fixed under section 2511 (1)
(a). On the basis of the recommendation of the Federal Trade Corporation, the
Online Privacy Protection Act, 2000 has been passed for providing protection to
individual privacy. In United Kingdom the CDA envisages the eight principles
formulated by the Organization for Economic Co-operation and Development for
677
(1984) 1 WLR 962.
215
the protection of personal data.

7.3 Jurisdictional Comparative Approach

Because there is no international instrument relating to cyber jurisdiction,
every state should have its own national law with extraterritorial jurisdiction to
cover the extraterritorial nature of internet activity. In 1996, the United Nations
Commission on International Trade Law adopted a model law on E-Commerce,
which was ratified by the General Assembly through a resolution. The General
Assembly urged that all states give the said model law on commerce serious
attention. India, as a signatory to the model law, enacted The Information
Technology Act, 2000 to legislate in accordance with it. 678 Another attempt has
been made to make the comparative study on the current status of the legislations
on jurisdiction issue at national level as well as international level. The
comparative study is mentioned as under:

In India, jurisdiction under the IT Act is prescribed under sections 1 (2)

and 75, which are to be read along with the relevant provisions under the IPC.
Section 1(2) of the IT Act, 2000 provides for the jurisdiction of Indian courts in
cyber crimes only. It does not talk about civil jurisdiction.679 IT Act is silent on
the point of the State of Jammu Kashmir, which means that the IT Act extends
over the State of Jammu Kashmir. This section provides the extra-territorial
jurisdiction over offence or contraventions committed outside India.

According to Section 4 of the Indian Penal Code, 1860, the law is

assuming jurisdiction over violators of The Information Technology Act, 2000
outside the territorial boundaries of India. This provision is explained perhaps by
the unique nature of cyberspace, which knows no boundaries. The Information
Technology Act, 2000 specifically provides that unless otherwise provided in the
Act, the Act also applies to any offence or contravention there under committed
outside India by any person irrespective of his nationality. 680 It is however
clarified under Section 75 that the Act shall apply to an offence or contravention
committed outside India by any person if the act or conduct constituting the
offence or contravention, involves a computer, computer system or computer
network, located in India. It is also clear that section 75 of the IT Act is restricted
only to those offences or contraventions provided therein and not to other
offences under other laws such as the Indian Penal Code, 1860 etc.

678
Supra note 24, p. 346.
679
D. Latha, Jurisdiction Issues in Cyber Crimes”, The Weekly Law Journal, vol. 4, 2008, p. 88.
680
Section 1(2) of IT Act, 2000.
216
 In United States of America, a number of traditional principles relating to
jurisdiction are being interpreted in the light of borderless world of cyberspace,
jurisdictional problems remain a thorny issue and many lega experts are of
opinion that mere availability of a website is not enough to establish minimum
contact to entrench the cyber criminal.681 In rem, jurisdiction might apply to the
assertion of claims for jurisdiction based on e-mail storage box or stored file that
is located on a computer server in the forum jurisdiction.682 The rule of lex loci
delicti, or the place in which the injury occurred is the place of trying the case
was followed in torts matters. But now both in civil and criminal matters, the
emerged boundaries of the internet have exposed the cyber criminal under
universal jurisdiction.

In United Kingdom, often the question of jurisdiction renders the court

helpless due to difference in various law provisions which are applicable to the
defendant. In criminal matters, the defendant is subject to a particular law only if
he commits the criminal act in the jurisdiction concerned. In the internet scenario,
the situation is a complex one as one criminal act may not clearly fall under a
single jurisdiction.683 However, in the event that the offence takes place outside of
the United Kingdom, it shall still have jurisdiction to try the perpetrator of the
crime under the Computer Misuse Act, 1990. The relevant provision are section 4
and 5 which states that it is not necessary for the cyber crime to be committed
within the territory of United Kingdom so long as the offence is significantly
linked to the United Kingdom. Thus, even the act committed is not a crime in the
place of commission but it is a crime in United Kingdom and it is established that
the offence is significantly linked to it, the Computer Misuse Act, 1990 may be
applied for the purpose of prosecution.684

The Computer Misuse Act, 1990 is the relevant law that establishes
jurisdiction on the United Kingdom for the violation of cybercrime. The crimes
covered by the law are various acts of computer misuse which are defined under
sections 1 to 3 which includes unauthorized access with intent to commit or
facilitate of further offence and unauthorized modification of computer material.
This Act was further amended by the Police and Justice Act, 2006 which enhances
the punishment under the Act for committing the cybercrime.

681
Supra note 9, p. 457.
682
Shaffer v. Heitner, (1997) 433 US 186: 53 L Ed 2d 683.
683
Supra note 9, p. 346
684
Adel Azzam Saqf Al Hait, “Jurisdiction in Cybercrimes: A Comparative Study”, Journal of
Law, Policy and Globalization, vol. 22, at 80 (2014), available at: http://www.iiste.org/Journals/
index.php/JLPG/article/viewFile/11050/11351 (visited on Nov. 30, 2016)
217
7.4 Judicial Comparative Approach
Another attempt has been made to compare the role of judiciary in tackling
the emerging cyber crimes after having the related laws on cyber crime. The
judiciary of India, United States of America and United Kingdom are playing the
important role of dealing with such type of crime. Indian judiciary has followed
the cyber authority of cases of United States of America and United Kingdom for
dealing with cyber crimes in India because there is very less judicial response.
The comparative study has been discussed as under:

Judicial Response in India

Indian judiciary is playing a important role in dealing with cyber crimes
although there is less ligation. India enacted the Information Technology Act and
became part of a select group of countries to have put in place cyber laws.
Because the Information Technology Act, 2000 is primarily meant to be a
legislation to promote e-commerce. In Yahoo! Inc. v. Akash Arora and another685
case, the issue of domain name is entitled to equal protection as trademark which
is considered as the first case where an Indian Court delivered its judgment
relating to domain names. In Rediff Communications ltd. V. Cyberbooth686 case,
the Yahoo judgment was once again reiterated. Vishakha v. State of Rajasthan687
is the leading case law on harassment at workplace in India. Before this case,
there was no law referring to harassment at workplace in India. However, the case
of State of Tamil Nadu v. Suhas Katti 688, deserves a special mention. Further
Shreya Singhal v. Union of India689 is the case in the light of a series of arrests
made under section 66A of the Information Technology Act, 2000, this writ
petition was filed in public interest under Article 32 of the Constitution of India,
Seeking to strike down Section 66A as unconstitutional. Additionally, in S
Khushboo v. Kanniammal690 and Common Cause v. Union of India691, Supreme
Court has said that in cases involving Freedom of Speech and Expression, the
proper course for Magistrates is to use their statutory powers to direct an
investigation into the allegations before taking cognizance of the offence alleged.

685
(1999) 19 PTC 210 Del.
686
AIR 2000 Bom 27.
687
(1997) 6 SCC 241.
688
(2004) Cr. Comp 4680, Egmore, available at: http://lawnn.com/tamil-nadu-vs-suhas-kutti/
(visited on April 5, 2017).
689
AIR 2015 SC 1523: (2005) 5 SCC.
690
(2010) 4 SCALE 467.
691
(2013) W.P. Crl. No. 21.
218
Judicial Response in United States of America
As compare to India, there have been a number of statutory provisions in
the United States Code to regulate the use of computers and computer technology for
the purpose of preventing and controlling cyber crimes. The United States
Department of Justice advises punishment of computer crime offenders by federal
court judges in the same manner as is advisement for all other federal crimes
under the United States

Sentencing Guidelines (USSG).692 United States v. Morris693 case is one of

the landmark cases in the United States which deals with cyber fraud. In United
State v. Pirello694 case, the Ninth Circuit ruled on the application of the US
Sentencing Commission Guidelines (USSG) about a defendant fraudulently
selling computers online. In United States v. Ivanov695 case, the Computer Fraud
and Abuse Act was discussed regarding its extraterritorial applicability. In this
case the accused was charged for illegally accessing the computer systems of a
web hosting service under the Computer Fraud and Abuse Act. He contended that
he was in Russia at the time of commission of offence that’s why he cannot be
prosecuted under the above mentioned Act. But the court rejected his contention
and held that he can be prosecuted under the interstate and foreign commerce of
the Act. The Act applied not only within the boundaries of America but also
beyond it. In People v. Cochran696 case, the accused allegedly posted
pornographic material on several Internet newsgroup sites by indicating also that
he was intending to trade in the material. The Hon’ble Supreme Court of
California found him guilty and convicted for posting pornographic material for
commercial purpose.

In State v. Maxwell697 case, the defendant was charged for act of bringing
child pornography into the State where both the defendant and the victim were the
residents of the State of Ohio while the service provider’s servers were located in
Virginia. According to the Ohio statute knowledge on the part of the defendant
was required, although the defendant was seemed to be ignorant of the fact the

692
Catherine D. Marcum, Goerge E. Higgins, et.al., “Doing Time for Cyber Crime: An
Examination of the Correlates of Sentence Length in the United States”, International Journal of
Cyber Criminology, vol.5, No.2, July.- Dec, 2011, p. 827, available at:
http://www.cybercrimejournal. com/marcumetal2011julyijcc.pdf (visited on April 30, 2015).
693
(1991) 504 F 2d.
694
(2001) 255 F. 3d 728 (9th Cir).
695
(2001) 175 F Supp 2d 367 (D. Conn).
696
(2002) 28 Cal 4th 396: 48 P 3d 1148.
697
(2002) 95 Ohio St 3d 254 : 767 NE 2d 242.
219
disputed transmission crossed the State lines yet. The Hon’ble Supreme Court of
Ohio upheld the conviction by applying the strict liability standard concerning
transmission. In United States v. William Sutcliffe698 case, the defendant was
sentenced for making interstate threats to cause injury, killing and posting
thousands of social security numbers on websites. The United States District
Judge imposed restrictions that after his release he cannot access computer and
must not communicate with victims and witnesses.

Judicial Response in United Kingdom

But, in the United Kingdom, the advent of the computer and internet has
given rise to the cyber crimes. The first recorded cyber crime was in 1960s and
the case of R v. Gold699 is the first cybercrime matter heard in the UK court. After
R. v. Gold700 case, the UK enacted the specific law on Computer Misuse for the
purpose of controlling and preventing the commission of cyber terrorism on the
recommendations and suggestions of Law Commission. In R. v. Crop701 case, the
court held that the Computer Misuse Act, 1990 will be applicable only when one
computer is used to access another computer. R. v. Fellows702 case is the first of
cyber pornography in the UK. In R. v. Bowden703 case, the court held that
downloading and printing images from the internet fell within the concept of
‘making’ and held liable under the Act. Similar issue came up before the court in
R v. Westgarth and Jayson 704 case. In the United Kingdom, the Courts have gone
far in extending the existing trademark law to the cases of cyber-squatting.

The Hon’ble court has ruled in R v. Patel705 case that it is not just the
number of incidents which make up a course of conduct but whether those
incidents could be said to be so connected in type and context as to justify the
conclusion that they could amount to a course of conduct. The incident could be
accepted by the court if it amounting to a course of conduct as laid down by the
court in Pratt v. DPP706 case. In R v. Curtis707 case, the Hon’ble Court held that it
is necessary to prove that the conduct is unacceptable to a degree which would

698
US Department of Justice (2007).
699
(1988) 1 AC 1063.
700
(1988) 1 AC 1060: (1987) 3 WLR 803.
701
R. v. Crop, (1992) 3 WLR 432.
702
(1997) 2 All ER 548 (CA).
703
(2000) 1 Cri App R 438, 444.
704
(2002) EWCA Cri 683.
705
(2005) 1 Cr. App. 27.
706
(2001) EWHC 483.
707
(2010) EWCA 123.
220
sustain criminal liability, and also it must be oppressive in nature. The court
earlier held in the case of C v. CPS708 that it is important to note that matters to
constitute the course of conduct amounting to harassment must be properly
particularized in the information laid or in the indictment.

In India, the basic law for the cyberspace transactions has emerged in the
form of the Information Technology Act, 2000 which was further amended in the
year 2008. The Information Technology Act amends some of the provisions of
our existing laws i.e. Indian Penal Code, 1860; the Indian Evidence Act, 1872; the
Bankers Book Evidence Act, 1891 and the Reserve Bank of India Act, 1934. 709
But the problem is still as it was though since 2000 the Information Technology
Act is working in India for combating cyber crimes. The reality is that the
working of this statute is more on papers than on execution because the police
officers, lawyers, prosecutors and Judges feel handicapped in understanding its
highly technical terminology.

The number of cases of cyber crimes such as cyber defamation, cyber

stalking, and online harassment have been discovered in India, although there is
no formal definition under the Information Technology Act, 2000. A lot of these
types of offences have been discovered to be either unregistered or registered
under ineffective provisions of the Indian Penal Code, 1860, which do not
encompass the aforementioned cyber crimes. The Information Technology Act,
2000 has undergone with some amendments one of them is the recognition of
electronic documents as evidence in a court of law. Some market players believe
that this will provide an encouragement to electronic fund transfers and also help
in promoting electronic commerce in the country. But the result is not similar as it
is. The cyber crime cells are doing training programmes for its forces and plans to
organize special courses for corporate to combat cyber crime and use the
Information Technology Act effectively.

Comparatively, there is no single text available which provides a coherent

and consistent exposition on the various categories of cyber crimes, their nature,
scope, features and essential ingredients. It is fascinating to study cyber offences
like cyber hacking, cyber fraud, cyber pornography, cyber terrorism, cyber
stalking, cyber ragging etc. and also the United States of America, United

708
(2008) EWHC 148.
709
Samiksha Godara, “Prevention and Control of Cyber Crimes in India: Problems, Issues and
Strategies”, A Thesis submitted to Maharishi Dayanand University, April 1, 2013, p. 2, available
at: http://shodhganga.inflibnet.ac.in/bitstream/10603/7829/12/12_chapter%203.pdf (visited on
May 20, 2016).
221
Kingdom and Indian approaches towards these offences.710 Different countries
have the different cyber laws dealing with cyber hacking. United States of
America prescribed the punishment for hacking, United Kingdom prescribed the
punishment for hacking under the name “unauthorised access” while India
replaced it under the computer related crimes or a criminal offence only if it
satisfy the prerequisites condition of dishonestly or fraudulently. It is interesting
to note that United Kingdom and United States of America specifically legislate
to deal with cyber offence of hacking or unauthorised access by avoiding the
definite definition of it.

In the United States of America, the Computer Fraud and Misuse Act,
1986 as amended twice in 1994 and 1996 and the Patriot Act, 2001 are very
significant to prevent and control cyber fraud. In the United Kingdom the
Computer Misuse Act, 1990 and the Data Protection Act, 1984 provides world
standard for data protection, security system and to prevent and control cyber
fraud. In India, there is a need to follow the same standard.711 The computer
related fraud or cyber fraud has become one of the most pervasive form of white
collar crime in United State, Canada, United Kingdom., Europe, Australia,
Singapore, India etc. The losses due to misuse of computer or cyber or
information technology or digitised technology have resulted in to billions of
dollars. With the development of global communications networks, computer
fraud as with other forms of computer related crime in increasingly adopting
global dimension.712

The United Kingdom Cyber Laws, however, is criticized for not including
the definition of computer but the Law Commission of United Kingdom found
general support for the view that to attempt such a definition would be so
complex in an endeavour to be all embracing, that they are likely to produce
extensive argument. However, the Indian law on the subject gives the definition
of “computer” in its general clauses definition in section 2(l) of the IT Act,
2000.713 All these three countries i.e. United States of America, United Kingdom
and India does not define the term “cybercrimes” yet.

It can also be said that there is no uniformity around the world in treating
the cyber defamation cases. The major commonwealth countries are following the
710
“Cyber ragging Ki Line Kategi”, Navbharat Times, July 10, 2008, p. 7.
711
Supra note 1, p. 131.
712
Supra note 14, p. 202.
713
Syed Mohd Uzair, “Cyber crime and cyber terrorism in India”, A Thesis submitted to Aligarh
Muslim University, 2013, pp. 126-127, available at: http://shodhganga.inflibnet.ac .in/bitstream/
10603/63591/9/09_chapter%202.pdf (visited on Feb. 13. 2017).
222
different practice relating to cyber defamation cases. In United States of America,
a cyber defamation case is very difficult to prove because of the rigid nature of
first amendment in Constitution law. In United Kingdom, the defendant publisher
has to establish his innocence whereas in India, the specific cyber defamation law
is yet to develop because under IT Act, 2008 a hope in this regard to tackle the
defamatory activities.

The issue of legal jurisdiction further complicates cyber crime

enforcement. Without the assistance of other countries, one country cannot
effectively pass laws that comprehensively address the problem of cyber crimes,
just as one country cannot effectively enact pollution control legislation. While
major international organisations such as the OECD and the G-8 are seriously
discussing cooperative schemes, many countries do not share the urgency to
combat cybercrime for a variety of reasons, including differing values regarding
piracy or espionage or the need to address more pressing social problems.
Inadvertently or not, these countries present the cyber threat. 714 The issue of
jurisdiction in cyberspace is still a global issue which cannot be settled
spontaneously without continuous efforts.

When hackers store information in others computer or in any webpage for

example, in own e-mail address with false identity etc, the law is not clear in such
a situation and needs to be clarified and settled. Hacker’s culture, modes of
hacking are almost synonymous worldwide whether in Russia, United States of
America, United Kingdom, Canada, Australia, and India or anywhere in the
globe.715 There is a need to clarify again the jurisdiction point in the cyberspace.

There are a large number of cyber laws passed and amended in India as
well as in United States of America and United Kingdom. But instead of these
laws the cyber crimes are increasing day by day. For example, a total of 8, 045
cases were registered under Information Technology Act during the year 2015 as
compared to 7, 201 cases during the previous year 2014 and 4,356 cases during
2013, showing an increase of 11.7% in 2015 over 2014 and an increase of 65.3%
in 2014 over 2013.716 As compare to India, in USA for the year 2015, Cost of
Data Breach Study by IBM and the Pone mom Institute revealed that the average

714
Loknath Behera, “Investigating External Network Attacks”, The Indian Police Journal, Jan.-
March, 2004, p. 27.
715
Supra note 1, p. 97.
716
National Crime Records Bureau, Ministry of Home Affairs, cyber Crimes in India, 2015, pp.
163-164
, available at: http://ncrb.nic.in/StatPublications/CII/CII2015/FILES/Compendium-15.11.16.pdf
(visited on Nov. 11, 2016) .
223
total cost of a data breach increased from $ 3.52 million in 2014 t0 $ 3.79
million.

Another study said that cyber crime will become a $ 2.1 trillion problem
by 2019.717 The National Crime Agency (NCA) released a report on July 7, 2016
by highlighting the need for stronger law enforcement and business partnership to
fight cyber crime. According to the NCA cyber crime emerged as the largest
proportion of total crime in the U.K. with “cyber enabled fraud” making up 36 %
of all crime reported and computer misuse accounting for 17%.718 The Office of
National Statistics (ONS) estimated that there were 2.46 million cyber incidents
and 2.11 million victims of cyber crime in the UK in 2015 and only 16, 349 cyber
dependent and approximately 700, 000 cyber enabled incidents reported to Action
Fraud over the same period.719

717
Limor Kissem, “2016 Cyber Crime Reloaded: Our Prediction for the Year Ahead”, (Last
Modified on Jan. 15, 2016), available at: https://securityintelligence.com/2016-cybercrime-
reloaded-our-
predictions-for-the-year-ahead/ (visited on Dec. 2, 2016).
718
National Crime Agency (UK), Cyber Crime Assessment, 2016, available at: www.national
crimeagency.gov.uk/publications/709-cyber-crime-assessment-2016/file (visited on Nov. 11,
2016).
719
The Office of National Statistics(UK), Cyber Crime Assessment, at 5-6 (2015), available at:
www.nationalcrimeagency.gov.uk/publications/709-cyber-crime-assessment-2016/file (visited on
Nov. 11, 2016).
224
 CHAPTER - VIII
CONCLUSION AND SUGGESTIONS

“Crimes have always depended on the force, vigour and movement of public
opinion from time to time and country to country and even in the same country
from decade to decade.”720

Computers do not commit crimes. 721 As the use of computers grew in

popularity, so did the growth of technology, and the term "cyber" became
increasingly familiar to the public. The evolution of information technology (IT)
gave rise to the cyber space, in which the internet gives all individuals with equal
access to any information, data storage, analysis, and other services using high
technology.722 Prior to 10th century peoples were confused crimes with torts
because the family bond was far stronger than that of the community and the
suffered party avenged for the wrong by their self-redress without any legal
remedy which was only considered as an optional alternative at that time.

During the 12th and 13th centuries the Early English society included only
those acts as crimes if committed against the state or the religion not others.
During the early societies, there was no distinction between the law of crimes and
torts, and these communities merely followed the law of wrongs. When an
offence is committed in modern legal systems, the law is applied immediately
regardless of the wishes of the victimised party, but in early cultures, the law was
initiated only when both parties agreed to submit to the judgement. During the
18th century, also known as the "miracle reorientation" period in criminology, it
was thought that only the wrongdoer could confess criminal responsibility for his
conduct, and that no one else, even external agents, had any involvement. At that
time it was clear that the concept of crime is interlinked with social policy of that
time.

The new medium which has suddenly confronted humanity does not
distinguish between good and evil, between national and international, between
just and unjust, but it only provides a platform for the activities which take place
in human society. Law as the regulator of human behaviour has made an entry
into the cyberspace and is trying to cope with its manifold challenges. 723 Due to
720
R.C. Nigam, Law of Crimes in India- Principles of Criminal Law, vol. 1 (1965), p. 3.
721
Donn B. Parker, “Automated Crime in Cyber Crime”, International Conference Course Book,
1997.
722
Farooq Ahmad, Cyber Law In India- Law on Internet, 2008, p. 367.
723
Justice T. Ch. Surya Rao, “Cyber Laws- Challenges for the 21st Century”, Andhra Law Times,
225
the rapid advancements in the functionality of information technologies cyber
crimes offending are becoming technically complex and legally intricate which
leads to disparity between systems of law globally with the first responders,
investigating authorities, forensic interrogators, prosecuting agencies, and
administrators of criminal justice. Because presently the situation is becoming
alarming and the cyber crime is talk of the town in every field of the society or
system. This is because every day a new technique is being developed in the
cyberspace for doing the cyber crime and many times we are not having the
proper investigating methods or techniques to tackle that newly cyber crime. It
becomes critically important to explore factors impending investigation and
prosecution of cyber crime with the purpose of raising awareness and exposing
these barriers to justice.

8.1. Conclusion
Cyberspace has developed since the 1990’s and the impact on societies has
been so fast and enormous, that codes of ethics and the common sense of justice
and penal laws have not kept pace.724 It can be said that cybercrime has had a
short but highly eventful history. There are different views regarding the actual
status of existence of this new variety of crime actually. Some says that when the
computer came with the invention of the first abacus since people used
calculating machines for wrong purposes, hence it can be said that cybercrime per
se has been around ever. Actually, the history of cybercrime began with hackers
attempting to break into computer networks solely for the excitement of gaining
access to high-security networks or obtaining sensitive or secured information or
any secret for personal gain or revenge. In the field of criminology, it has been
argued that a crime will occur when and only when the chance arises. Previously,
we only knew about classic forms of crimes such as murder, rape, theft, extortion,
robbery, and dacoity. But now with the development and advancement of science
and technology i.e. computers and internet facilities, new types of crimes exist
like hacking, cyber pornography, cyber defamation etc.

The term 'Cyber Crime' is a misnomer.725 There is no distinction in

defining a crime in the cyber world and the actual world since cyber crimes are
2004, p. 24.
724
Stein Schjolberg and Amanda Hubbard, “Harmonizing National Legal Approaches on
Cybercrime”, International Telecommunication Union (ITU), Genewa, (June 28- July 1, 2005),
available at:
http://www.itu.in/osg/spu/cybersecurity/docs/Background_Paper_Harmonizing_National_and_Leg
al_ Approaches_on_Cybercrime.pdf (visited on April 17, 2016).
725
Parthasarathi Pati, “Cyber Crimes”, available at: http://www.naavi.org/pati/pati_ cybercrimes_
dec03.htm (visited on Feb. 13, 2017).
226
just real-world crimes perpetrated through the means of a computer. Only the
crime media is different.726 These are "international" or "transnational" there are
‘no cyber-borders between countries'.727 The term computer crime, cyber crime, e-
crime, hi-tech crime or internet crime are synonym to each other and generally
means criminal activity on the cyber space where a computer or network is used
as a source, target and tool to commit crime. In the United States and the United
Kingdom, there is no legal definition. Surprisingly, the word "cyber crime" or
"cyber offence" is not defined in India, nor is it mentioned in the Information
Technology Act of 2000. Even after being amended by the Information
Technology (Amendment) Act, 2008, the Indian Penal Code, 1860, does not
utilise the phrase "cyber crime" at any time..

Cyber crimes are silent in nature and can be committed in the privacy of
one’s home without any need to physically present in front of the victim without
any eye witnesses. At the time of commission of such offences there are no signs
of physical violence or no cry of pain etc. because a cyber criminal silently
commits the crime without any sound or without any afraid of being caught red
handed. These crimes can be committed with a single click on the mouse and
without the knowledge of the victim of such crime. In most of cases of this type
of crimes the victim will not even realise what has happened to him and who have
done it against him and when it was done. It is very hard to identify a cyber
criminal because of lack of effective measures to identify them both at national
and international level.

There are a number of controversies raised regarding the classification of

cybercrimes. But the opinions are differed to each other. Firstly, which activities
on cyber space should be criminalized and identified under the classification of
cyber crimes and secondly, all types of cyber crimes involve both the computer
and the person behind it as victims because in this technological world, most of
the people have no knowledge regarding which types of crimes come under the
category of cyber crime. US have also not provided any such formal categorisation
of cyber crimes. In UK, the Computer Misuse Act, 1990 has categorised
cybercrimes into three categories while in Indian the cyber crimes are given under
Information Technology Act, 2000. These crimes are emerging day-by-day due to
lack of proper and universal classifications of such type of crimes and the

726
D. Latha, “Jurisdiction Issues in Cybercrimes”, Law Weekly Journal, vol.4, 2008, p. 86,
available at:
www.scconline.com, (visited on July 25, 2015).
727
Guillaume Lovet Fortinet, “Fighting Cybercrime: Technical, Juridical and Ethical Challenges”,
Virus Bulletin Conference, 2009.
227
effective counter-measures.

In India, the IT Act is considered as major cyber legislation because it is

the only legislation in the field of information technology which dedicates itself
fully to the electronic situation including e- transactions, e-commerce, e-
governance etc. with slowly covered cyber crimes as well. The Information
Technology Act amends some of the provisions of our existing laws i.e. Indian
Penal Code, 1860; the Indian Evidence Act, 1872; the Bankers Book Evidence
Act, 1891 and the Reserve Bank of India Act, 1934. It was amended in the year
2008 due to some lacuna. But the problem of cybercrimes is still exists and it is
found that the working of this statute is more on papers than on execution because
the reason behind is that the lawyers, police officers, prosecutors and Judges feel
handicapped in understanding its highly technical terminology. The IT Act, 2000
is passed to promote e-commerce but it is found not very effective in dealing with
several other emerging cyber crimes. These crimes are emerging due to the lack
of comprehensive cyber legislation and its proper enforcement to combat the
cyber crimes.

In cases where hackers are outside the territorial boundaries of India

despite the provisions of section 1 (2) and section 75 of the IT Act, 2000, it is
found that Section 66 of IT Act would not prove to be effective remedy and the
offence is bailable in nature which makes it as a matter of right to get release
immediately on bail. The amendment in Section 66 made by the Amendment Act,
2008 which replaced the Hacking with computer related offences has been widely
criticized in 50th Report of the Standing Committee on Information Technology in
2007-2008 on the Information Technology (Amendment) Bill, 2006 on the
ground that it has greatly narrowed the scope of application of the section and it
also creates difficulty for law enforcement agencies to book offenders. The
definition of the hacking before the new amendment had the very wide scope
which covered the most computer related offences and also was enough to include
any newly emerging cyber crimes as well. The main reason of the criticism was
the requirement of the act being done with an intention to defraud or with the
intention of causing wrongful loss or wrongful gain. This implies a much higher
level of mens rea as compare to old section 66 of the Act, where a person could
be held guilty under this Section only if a person had mere knowledge of the
likelihood of injury. But now a person could not be held liable under section 66, if
the act done without an intention to defraud or without the intention of causing
wrongful loss or wrongful gain.

228
 It is also appears that section 66 A was inserted with the purpose of
protecting the person’s reputations and preventing the misuse of the networks.
But the language used in the said section is far beyond the reasonable restrictions
which may be imposed on free speech under Article 19(2) of the Indian
Constitution which may affects the guaranteed fundamental right of free speech in
the social networking media. The nature of offence is cognizable under section
66A and the police authorities based on charges brought under the section were
initially empowered to arrest or investigate without warrants. This will result in a
string of highly publicized arrests of citizens for posting objectionable content
online, where the ‘objectionable’ contents were more often than not, and
dissenting political opinions. The relief provided in the form of advisory by the
Central Government in January, 2013, which said no arrests under 66A were to be
made without prior approval of an officer not below the rank of Inspector General
of Police was mostly ignored by authorities. The Hon’ble Supreme Court declared
section 66 A as unconstitutional and against the freedom of speech and expression
and struck it down in Shreya Singhal and others v. Union of India728 because this
section had been highly misused by police in various states to arrest the innocent
person for posting critical comments about social and political issues on
networking sites.

The Information Technology (Intermediaries Guidelines) Rules, 2011 have

also been criticized on certain basis. These rules water down the exemptions made
under section 79 which exempt intermediaries from liability in certain cases and
found to force intermediaries to screen content and exercise on-line censorship.
Apart from these rules, the Information Technology (Procedure and Safeguards
for Blocking for Access of Information by Public) Rules, 2009 provide for
blocking is found undisclosed and fails to meet Constitutional safeguards of
natural justice.

Terrorists in society were urged to use information technology as a tool

and as targets in order to achieve their goals. Cyber terrorism has evolved into
one of the most difficult national and international concerns of our day, in which
one nation targets another through the use of information. This phrase is still
undefined in the IT Act. International terrorists attack using websites, such as Al-
websites, Qaida's which are linked to Osama Bin Laden's attack on India's
Parliament on December 13, 2001 by creating a false gate pass from the internet,
the September 11, 2001 attack on the World Trade Organization and the
Pentagon, and the December 16, 2005 e-mail threat to attack the Indian
728
AIR 2015 SC 1523.
229
Parliament and US consulate, Aftab Ansari’s attack on American Information
Centre, Kolkata from Dubai, Dawood Ibrahim’s terrorist activities all are the
examples of cyber terrorism also called as cyber war or net war.

In India, there are very less litigation because the corporate sector has been
shy of reporting cyber crimes fearing adverse publicity which results into less
judicial pronouncements. Most of the cases are not registered due to the lack of
knowledge and awareness of peoples. This led to encourage the cyber criminals to
get involved in such types of crimes. These crimes are emerged due to the lack of
multi-threat security systems, technology based programmes or camps and non-
adoption of foolproof computer procedures in organizations both at national and
international level.

No doubt, the Indian legislative as well as judiciary are playing a

significant role in combating such types of crime but in some case these legal
framework is found inadequate to face the threats posed by cyber crime, which
have emerged as a challenge to human rights. In India, there has been less judicial
response to cybercrimes and insufficient legislations for dealing with these types
of crimes which will be a great challenge for Indian judicial system on
cybercrime in near future. It is also found that the decisions and the activities of
the law enforcement relating to investigating cyber crimes are always not perfect.
Because if a law enforcement makes a mistake, then the law abiding citizen might
suffer. The Indian judiciary might be tempted to apply the principles established
by the US Courts due to the easier availability and wider circulation of the US
laws and principles throughout the world.

The law enforcement officials have been frustrated sometime by the

inability of the legislators to keep cyber crime legislation ahead of the fast
moving technological curve. If any time there is such situation the legislators
have to face the need to make a balance between the competing interest with the
individual rights such as privacy and free speech, and the need to protect the
integrity of the world’s public and private networks. It is also found that in the
current era the investigating agencies and law enforcement officials is following
the same techniques for collecting, examining and evaluating the evidence while
investigating cyber crimes as like in cases of traditional crimes. The nature of
these offences under the IT Act is bailable and cognizable; therefore, it will give
the police more freedom to act. This situation is emerged due to the lack of proper
legislation on jurisdictional issues, cyber courts and proper technical training to
investigating officers, prosecutors, judges and advocates both at national and

230
international level.

Justice A.K. Ganguly said that crime in cyber space was intruding into the
privacy of the common man, which was a violation of human rights. He has
rightly said, “This is a very serious threat, as it puts privacy at stake. Most of
such crimes are not reported. Information technology is ruling the world today. It
has brought about substantial erosion in the traditional forms of governance. The
judiciary has little role to play…the area of crime detection lies in the hands of
the police and enforcement agencies.” 729

The US and UK are the two traditional vast countries which are giving a
tough defiance to the silicon onslaught. The US has passed the highest number of
cyber specific legislation which is followed by the UK having apart from cyber
laws, applied the traditional laws to the knotty areas at the same time. But it is
found that the Judges in UK were unwilling to apply these traditional laws to
current cases and make a sound for the need of having specific technology
legislation. The judicial and law enforcement agencies well understand that the
means available to investigate and prosecute crimes and terrorist acts committed
against, or through the medium of computers or computer networks are at present
almost wholly international in scope. That’s why these two countries legal
systems have been chosen as the parameters of comparison in almost studies.

Though both the countries have lots of legislation for dealing with these
crimes but in some situations these are found insufficient which will be a great
challenge for international judicial system on cybercrime in near future. Presently,
many efforts are going on to develop the common agenda of harmonizing the
atmosphere between nations for combating cyber crimes by the international
treaties, conventions or commissions i.e. UNCITRAL Model Law etc. Many
complicated legal issues are still unresolved despite having several laws for
combating cyber crimes in both countries. The legal positions relating to
electronic transactions and civil liability in cyberspace is still confused or not
clear by the reason of not having any adequate laws on globally. This is due to the
lack of co-ordination between three main components namely; law enforcement,
adjudication and correction leads to an insufficient utilization of resources and
retards the process of justice and also these are frequently operate in a
disorganized manner with little knowledge of what the other segments are doing

Cybercrimes as well as the legal issues both are global. So many efforts
have been taken to ensure the harmonization of provision in the individual

729
Justice A.K. Ganguly, “Legal framework inadequate to tackle cyber crime”, The Hindu, 2008.
231
countries by the international organizations, such as the G-8 Group, OAS
(Organization of American States), APEC (Asia-Pacific Economic Cooperation)
and the Council of Europe but such an approach is found vital in the matters of
investigation and prosecution of attacks against the infrastructure of computer
systems and networks. Due to this nature of cyber crimes, any cyber criminal
commits a crime from any place globally. There is no need to go the victim place
for committing crime against him. There is lack of the universal legal framework
which should be adopted globally, backed by specialised and fully equipped law
enforcement mechanisms and appropriate awareness among masses.

The internet is everywhere, the commission of a cybercrime by an

individual by, for example, posting material to the internet, results in this criminal
act being simultaneously being committed everywhere on the internet. Thus,
defamatory statements posted to newsgroups or social media on the internet are
accessible by persons the world over, who have access to the internet. Here, the
other complicating issue for the proper enforcement of cyber crime is relating to
the legal jurisdiction. It is found that one country cannot by itself effectively enact
laws that comprehensively address the problem of internet crimes without
cooperation from other nations like in cases of pollution control legislations. It is
felt that many countries do not want to share the urgency to combat cyber crimes
for many reasons like different values concerning piracy or espionage while the
major international organizations like the OECD (Organization for Economic and
Cooperation and Development) and the G-8, are seriously discussing about the
cooperative schemes. India is still not a signatory to the Cyber Crime Convention
for the purpose of combating cyber crime which was opened at Budapest on
November 23, 2001 for signatures. The issue of jurisdiction in cyberspace is still
unsettled due to the lack of sufficient cyber laws on the issue of jurisdiction and
lack of signing the extradition treaty.

There is lack of proper implementation of existing cyber laws and

awareness among public and law enforcement agencies both at national and
International level because a large number of cyber laws has been passed and
amended in USA, UK and India. But instead of these laws the cyber crimes are
increasing day by day. For example, a total of 8, 045 cases were registered under
Information Technology Act during the year 2015 as compared to 7, 201 cases
during the previous year 2014 and 4,356 cases during 2013, showing an increase
of 11.7% in 2015 over 2014 and an increase of 65.3% in 2014 over 2013.730 As

National Crime Records Bureau, Ministry of Home Affairs, cyber Crimes in India, 2015, pp.
730

163-164, available at: http://ncrb.nic.in/StatPublications/CII/CII2015/FILES/Compendium-

232
compare to India, in USA for the year 2015, Cost of Data Breach Study by IBM
and the Pone mom Institute revealed that the average total cost of a data breach
increased from $ 3.52 million in 2014 t0 $ 3.79 million. Another study said that
cyber crime will become a $ 2.1 trillion problem by 2019. 731 The National Crime
Agency (NCA) released a report on July 7, 2016 by highlighting the need for
stronger law enforcement and business partnership to fight cyber crime.
According to the NCA cyber crime emerged as the largest proportion of total
crime in the U.K. with “cyber enabled fraud” making up 36 % of all crime
reported and computer misuse accounting for 17%. 732The Office of National
Statistics (ONS) estimated that there were 2.46 million cyber incidents and 2.11
million victims of cyber crime in the UK in 2015 and only 16, 349 cyber
dependent and approximately 700, 000 cyber enabled incidents reported to Action
Fraud over the same period.733

At the end it can be concluded that Information technology and internet

have become a very important of our daily life in the contemporary society. For
every purpose we use this technology and internet. In the modern life, we can’t
think to live without the internet. It seems that it is not going to stop anytime soon
and it will just continue to grow until new methods of fighting it are introduced.
Because the science, new technology and internet have opened a new virtual
heaven for the people both good and bad to enter and interact with lot of diverse
cultures and sub-cultures. But in future, it will make a virtual hell for everyone
when the internet gone in wrong hands or when used or controlled by the peoples
having dirty minds and malicious intentions. Due to such utility of information
technology and internet, the cyber criminals and terrorists used the computer as a
target or a tool for committing such types of crimes.

So after going through and analyzing judicial pronouncement , the hypothesis

one is tested positive and also hypothesis two is tested positive .

8.2 Suggestions

15.11.16.pdf (visited on Nov. 11, 2016).

731
Limor Kissem, “2016 Cyber Crime Reloaded: Our Prediction for the Year Ahead”, (Last
Modified on Jan. 15, 2016), available at: https://securityintelligence.com/2016-cybercrime-
reloaded-our-
predictions-for-the-year-ahead/ (visited on Dec. 2, 2016).
732
National Crime Agency (UK), Cyber Crime Assessment, 2016, available at:
www.nationalcrimea gency.gov.uk/publications/709-cyber-crime-assessment-2016/file (visited on
Nov. 11, 2016).
733
The Office of National Statistics(UK), Cyber Crime Assessment, 2015, pp. 5-6, available at:
www.nationalcrimeagency.gov.uk/publications/709-cyber-crime-assessment-2016/file (visited on
Nov. 11, 2016).
233
 In this era of liberalisation and globalisation, cybercrime must be
recognised as a serious new phenomenon with global political, social, and
economic implications. Existing organised criminals can employ sophisticated
tactics to communicate between groups and inside a group to support and expand
networks for illicit arms trafficking, money laundering, drug trafficking,
pornography, and other cyber crimes thanks to the internet's global
connectedness.734 The way to overcome these crimes can broadly be classified
into three categories like Cyber Laws, Education and Policy making. All the
above ways to handle cyber crimes either are having very significant work. This
lack of work requires to improve the existing work or to set new paradigms for
controlling the cyber attacks.

Need to Make the Information Technology Act More Relevant and

Comprehensive in Today’s Context

The preamble of the Information Technology Act 2000 as amended by

Amendment Act, 2008 states that the Act was passed with the objective to give
legal recognition for the transactions carried out by means of electronic data
interchange and other means of e-commerce, further the Act has also made
amendments to the Indian Penal Code, 1860, Indian Evidence Act, 1872, The
Bankers Book of Evidence Act, 1891, and the Reserve Bank of India Act, 1934
for facilitating legal recognition and regulation of the commercial activities. Such
objective of this Act is not to suppress the criminal activity but only to define
certain offences and to provide penalties. The problem of cybercrimes is still
exists and it is found that the working of this statute is more on papers than on
execution because the reason behind is that the lawyers, police officers,
prosecutors and Judges feel handicapped in understanding its highly technical
terminology. There is a need to take a number of right steps for the purpose of
making the Information Technology Act more relevant.

Primarily, the IT Act, 2000 is meant to be a legislation to promote e-

commerce which is not very effective in dealing and defining several other
emerging cyber crimes like domain name infringement or cyber squatting or other
malafide registration of domain names, spamming, chat rooms abuses, watching
porn websites etc. The offences mentioned in the Act are not exhaustive and no
illustration or examples are given for such offences under the Act. There is a need
to give a definite definition of the term cyber crime and other classified crime,
need to add illustrations with the cyber offences for proper understanding, need to

734
M. Dasgupta, Cyber Crime in India- A Comparative Study, 2009, p. 8.
234
enhance punishments for cyber offences keeping in mind the International and
jurisdictional aspects in the era of Global Communication Convergence and
Mobile Technology. The nature of almost all the offences punishable under the
Act is bailable which makes it as a matter of right to get release immediately on
bail. The punishment is also very less for dealing with such crimes except the
punishment for cyber terrorism which is the highest punishment under this Act.
There is a need to take a number of right steps for the purpose of making the
Information Technology Act more relevant and comprehensive in today’s context.

Section 66 of IT Act would not prove to be effective remedy in the cases

where hackers are outside the territorial boundaries of India despite the provisions
of section 1 (2) and section 75 of the IT Act, 2000 and the nature of offence is
cognizable which led to get easily release on bail as a matter of right. This section
was inserted with the objective of protecting the person’s reputations and
preventing the misuse of the networks and the police authorities based on charges
brought under the section were initially empowered to arrest or investigate
without warrants. This will result in a string of highly publicized arrests of
citizens for posting objectionable content online, where the ‘objectionable’
contents were more often than not, and dissenting political opinions. The relief
provided in the form of advisory by the Central Government in January, 2013,
which said no arrests under 66A were to be made without prior approval of an
officer not below the rank of Inspector General of Police was mostly ignored by
authorities. Section 66 A must be amended for the purpose of making the Indian
cyber law effective and in compliance with the freedom of speech and expression
given under Indian Constitution and in consistent with digital media not to strike
down as held in Shreya Singhal case. The cyber crimes which are punishable
under section 66 E must be reported immediately and after investigation of the
crime that person must be punished with maximum punishment so that such
criminals should have deterrent effect on him as well as other criminals. The IT
Act does not clearly define the term cyber terrorism at all.

Section 78 of the Information Technology Act as amended vide

Amendment Act, 2008 provides that a police officer who is not below the rank of
Inspector shall have the power to investigate any offence committed under this
Act. It means that the victims are not easily accessible to them and as a result of
this most of the cases are going unreported and uninvestigated. Therefore, the
rank of police must be brought down to even below the rank of Inspector of
Police.

235
 The Information Technology Act does not have any specific provision for
defining and punishing cyber spamming. In the contemporary time period
spamming is the most threatening act of cyber world. Therefore, there is a need to
adopt the Anti-Spam law for the protection of children. In USA, the CAN- SPAM
Act, 2003 is the direct response of the growing number of complaint over spam e-
mails and is also the first USA cyber law which establishes national standards for
sending of commercial e- mail.

United States passed the federal laws on cyber squatting which is known
as Anti- Cyber Squatting Consumer Protection Act in 1999. In India, the
Information

Technology Act does not have any specific provision for defining and
punishing cyber squatting and these cases are decided under Trade Mark Act,
1999. Therefore, there is a need to adopt the Anti-Squatting law.

Need to Adopt Clarified and Settled Law on Jurisdiction Issues at

international Level

There is a great need of further clarification in two areas of cyber law are
the proper and comprehensive definition of cyber crime and proper law on
jurisdiction both at national and international level. Like in India there are only a
limited number of cases on cyber law and also no main statutory schemes on the
books. The Policy makers and the judiciary who are dealing with cyber crime are
usually confined to refer the scare existing laws and cases.

The Information Technology Act, 2000 is not clear in such a situation

where hackers store information in others computer or in any webpage or in own
e-mail address with false identity etc. There is a needs to clarify and settle this
issue because hackers culture, modes of hacking are almost synonymous
worldwide whether in Russia, USA, UK, Canada, Australia, India or anywhere in
the globe. Cyber jurisdiction in the cyberspace is global issue. Therefore, we need
to adopt uniform law on jurisdiction issue; it must not be so that only a link is
enough to try the case, because there may be link with several countries. Those
companies whose system and websites have been hacked by the professional
hackers or cyber criminals must come forward for assisting the Cyber Crime
Investigative Cell or other organizations for the purpose of its prevention in
future. To combat and control the cyber hacking at worldwide, there is a need to
co-operation at international level between countries.

Need to Sign and Update the Convention on Cyber Crime

236
 Any offence or contravention committed outside India by any person
irrespective of his nationality, if the act or conduct constituting the offence or
contravention involves a computer, computer system or computer network located
in India is also come within the purview of the Information Technology Act, 2000
as extra territorial jurisdiction. If any offence which is punishable under IT Act,
2000 is committed by any foreign national, then cooperation from concerned
authorities in that foreign country will be required for the investigation, search,
seize, arrest, prosecute and extradite of cyber criminals. This becomes impossible in
the absence of convention on Cyber Crime for cooperation in cyber crime matters
because India is still not a signatory to the Cyber Crime Convention which was
opened at Budapest on November 23, 2001 for signatures. The convention on
Cyber Crime has made the cyber offences as extraditable offences and could
address procedure for extradition. The issue of jurisdiction in cyberspace is still
unsettled due to the lack of sufficient cyber laws on the issue of jurisdiction and
lack of signing the extradition convention. There is need to sign the cyber crime
convention.

Even USA and UK has signed this Convention735 which covers a number
of offences as extraditable including firstly, offences against the confidentiality,
integrity and availability of computer data and systems such as illegal access,
illegal interception, data interference, system interference and misuse of devices;
secondly, computer related offences such as computer related r fraud and forgery;
thirdly, content related offences such as child pornography; fourthly, offences
related to infringements of copyrights and related rights, attempt and aiding or
abetting. However, there is need to update or ratify the convention because all
types of cyber crimes are not covered under this. There is also need to update the
list of extradition crimes under Extradition Act, 1962 by including certain other
recent growing cyber crimes which are quite popular with cyber criminals and
which affects the economic and social fabric of a country. International Cyber
Law Treaty is also required.

Convention on Cybercrime, ETS 185, available at: http://www.europarl.europa.eu/meetdocs/

735

2014_ 2019/documents/libe/dv/7_conv_budapest_/7_conv_budapest_en.pdf (visited on April 8,

2017).
237
Need to Frame and Update Mutual Legal Assistance Treaty (MLAT)

India has signed Mutual Legal Assistance Treaty (MLAT) for cooperation
on criminal matters with a number of other countries and presently a signatory to
UN Convention against Transnational Organized Crime. Although India has
signed this MLATs and convention for cooperation and legal assistance on
criminal matters, a cyber crime may not be covered by it in those arrangements
which require dual criminality to be satisfied and there are no time limits for
execution of requests. Proper investigation and prosecution of cyber crimes
requires quick action but it is felt that such treaty may not provide effective
procedure or cooperation framework in dealing with cyber crime matters. There
is need to make efforts for framing MLATs which could expressly deal with
international cooperation on cyber crime matters and also efforts should be made
to update the existing MLATs with effective provisions so that it will bring
harmonization in substantive and procedural laws which govern cooperation from
other countries on legal assistance in cyber crime matters.

Need to Adopt and Enforce the Recommendations Made by Standing

Committee on Information Technology

The Standing Committee on Information Technology issued the fifty second

report on “Cyber Crime, Cyber Security and Right to Privacy” on February 12,
2014 by recommended that there is the urgent need of reform in cyber security
framework of India and also the need of much awaited privacy legislation
comprehensively. The committee further recommended by highlighting the
current inadequacies of privacy provisions in Information Technology Act and
also in Indian policies and practices regarding the governmental projects and
transactions of sensitive data and cyber matters. The committee also emphasized
that the section 43 A of IT Act must be enforced at the organizational level. The
committee also points out the National Security Policy, 2013 that the policy has
certain provisions which may enable the development of a legal framework that
will fill any gaps if exist. The committee also emphasized the need of the
periodical reviews of the IT Act because the Act does not contain certain
provisions for the cyber security and the cyber crime, especially the recent
controversy over section 66A of the said Act and also falls short in a number of
areas. There is also the need of the recognition of the importance of international
cooperation for handling the issues relating to cyber security and cyber crime by
upholding the principle of dual criminality as pointed out by the Centre for
Internet and Society.

238
 Need to Adopt and Enforce the Recommendation Made by the United
Nation General Assembly

It is also suggested to adopt the recommendation as given by the United

Nation General Assembly about the importance of putting special laws to deal
with cyber crime including for United States of America and United Kingdom
that the United Nations system should be instrumental in advancing global
approaches to combating cybercrime and to procedures for international
cooperation, with the purpose of adverting and mitigating the negative impact of
cyber crime on e-commerce, banking and trade, critical infrastructure, sustainable
development and need of protection of privacy. It is also recommended that all
States should be encouraged to update their criminal laws in order to address the
particular nature of cybercrime as soon as possible. It is also suggested regarding
the traditional forms of crime committed by using new technologies that to clarify
or abolish those provisions which are no longer adequate by creating new
provisions for new crimes or by updating them. It is also suggested that in
determining the strength of new legislation, the States should be encouraged to be
inspired by the provisions of the Council of Europe Convention on Cybercrime.

Need to Amend and Proper Implementation of Cyber Laws in United

States of America

United States of America has passed several laws on Cyber Crimes but the
cyber crimes are increasing day-by-day. United States is considered as the
birthplace of cyber crimes. There is a need to amend the laws by removing
defects and need of proper enforcement of cyber laws in the country. The United
States is being criticized for not including the definition of computer crime. There
is not any specific comprehensive law in United States of America which covers
all the cyber crimes in it. There are so many legislations on cyber crimes but
being criticized on any points by the internet activists. Like, the CAN-SPAM Act,
2003 of United States is not found adequate to comprehensively tackle with
spamming cases. This was criticized by internet activists who work to stop spam.
They stated that this Act is appeared to give federal approval to spam practices
and seems to fail to tell the marketers about the spam. There is need to amend the
law. There is also no uniformity around the world in treating the cyber defamation
cases. The major commonwealth countries are following the different practice
relating to cyber defamation cases. In United States of America, a cyber
defamation case is very difficult to prove because of the rigid nature of first
amendment in Constitution law. The Computer Fraud and Abuse Act, 1996 has

239
been criticized for allowing companies to forbid legitimate activities such as
research or remove protection found elsewhere in Law. There is a need to amend
all these laws by removing defects and to consolidate a comprehensive law on
cyber crime cases.

Need to Amend and Proper Implementation of Cyber Laws in United

Kingdom

United Kingdom’s internet economy is considered as one of the strongest

in the world as stated by National Crime Agency (NCA). The United Kingdom
has passed several laws on Cyber Crimes but the cyber crimes are increasing day-
by-day. There is a need to amend the laws by removing defects and need of
proper enforcement of cyber laws in the country. The United Kingdom Cyber
Laws are also being criticized for not including the definition of computer crime.
The Data Protection Act, 1998 of United Kingdom does not itself include privacy.
This Act is very large and complex and interpretation of this Act is not a simple
task. Many companies, organizations and individuals are found very unsure with
the aim, content and principles of this Act. There is need to amend the law by
removing its complexity or by providing technical training to the law enforcement
agencies. The Computer Misuse Act, 1990 is also criticized on the point of
implications for industry practices and need to comply with the European
Convention on Cyber Crime for improving as more relevant. In United Kingdom,
the excessive powers given to police under the Terrorism Act, 2000 is a
controversial issue in today’s context which leave the scope for its abuse and fails
to fulfil the desired standards in all respect. There are aspects where the rights are
probably breached and its mechanisms to ensure democratic accountability and
constitutionalism is even more deficient. There is also no uniformity around the
world in treating the cyber defamation cases. The major commonwealth countries
are following the different practice relating to cyber defamation cases. In United
Kingdom, the defendant publisher has to establish his innocence. There is a need
to amend all these laws by removing defects and to consolidate a comprehensive
law on cyber crime cases.

Need of Proper Implementation of e-Courts Project and e-Learning

Process

The e-Courts project736 is based on the National Policy and Action Plan for
Implementation of information and communication technology in the Indian
736
Ministry of Law & Justice, Government of India, E-Courts Mission Mode Project, Dec. 10,
2015,
available at: http://pib.nic.in/newsite/PrintRelease.aspx?relid=132954 (visited on April 8, 2017).
240
judiciary in 2005 submitted by e-committee of Supreme Court of India with the
vision to transform the Indian judiciary by information and communication
technology enablement of courts and to make justice delivery system more
affordable and cost effective and to provide designated services to litigants,
lawyers, and the judiciary by universal computerization of districts/subordinate
courts, to facilitate e-filing, e- Payment and use of mobile applications. This
Mission Mode project is one of the national e-governance projects being
implemented in High courts and districts/subordinate courts of the country. The
government approved the computerization of 14,249 district and subordinate
courts under this project by March 2014.

United Kingdom and United States of America have also provides this
facility of e- filing. United Kingdom provides this facility of e-filing in Chancery
Division Court since October, 2014 and in Admiralty and Commercial Court
since June, 2015. Maryland737, the US State also provides the facility of e-courts
and upto June, 2017 this facility will extend to Southern Districts and Circuit
Court of Maryland.

On October, 2014, the Hon’ble High Court of Karnataka announced that

two e-courts would be established.738 Still this project in not fully enforced
throughout the India including with cyber crimes and public is unaware about this
facility. There is a need of proper implementation of e-Courts Project and e-
Learning Process both at national and international level in the modern time
period enjoying with the latest technology all over the world and efforts should be
made to aware the public at large.

Need to Amend the Indian Telegraph Act, 1885

The Information Technology Act, 2000 does not contain any specific
provisions for the offence of internet time theft. It has not made any amendments
in the Indian Telegraph Act, 1885 or Sections 378 and 379 of the Indian
Telegraph Act, 1885 that define the offence and provides punishment for theft.
The Indian Telegraph Act was enacted in 1885 with the purpose to give power to
the Government and to any company or person licensed under section 4 of the
Indian Telegraph Act, 1876 and specially empowered in this behalf, to place
telegraph lines under or over property belonging whether to private persons or to
public bodies. IT Act, 2000 amends only the Indian Penal Code, 1860, Indian
737
Maryland Courts, available at: http://mdcourts.gov/mdec/ (visited on April 8, 2017).
738
The Hindu, October 18, 2014 (Last modified on May 24, 2016), available at: http://www.
thehindu.com/todays-paper/tp-national/tp-karnataka/high-court-to-establish-two-ecourts/
article6513535.ece (visited on April 8, 2017).
241
Evidence Act, 1872, The Bankers Book of Evidence Act, 1891, and the
Reserve Bank of India Act, 1934 but not Indian Telegraph Act. So there is a
need to amend the Indian Telegraph Act with the purpose to make it more
relevant in today’s context.

Need to Amend the Penal Laws with Clarity and Specificity without
Relying on Vague Interpretations

Cyberspace which is developed since the 1990’s and having the fast and
negative impact on societies. For the purpose of establishing ethical standards in
cyberspace there is a need to enact the penal laws with as much clarity and
specificity as possible without relying on vague interpretations in the existing
legislation and the perpetrators must be convicted for their explicit acts. This must
be done on both national and international level.

Need to Maintain Balance between Law Enforcement, Adjudication

and Correction Agencies

With the technological developments and globalization, the new medium

has suddenly emerged by which humanity does not able to distinguish between
good and bad, between national and international, between just and unjust, but it
only provides a platform for the activities which take place in human society. Law
is considered as the regulator of human behaviour which has to make an entry into
the cyberspace with the purpose to try to cope with its manifold challenges.
Despite this there is need to do more efforts both online and offline by balancing
with the law enforcement, adjudication and correction agencies. There is need to
maintain the co-ordination between three main components namely; law
enforcement, adjudication and correction both at national and international level
so that resources can be sufficiently utilized and process of justice can work
smoothly and also these can frequently operate in a organized manner with the
proper knowledge of what the other segments are doing.

Need to Encourage Complaints against Cyber Crimes

There are thousands of cases taking place in the countries but only the few
cases are lodged as a complaint. Because many of the victims due to the threat
and fear of getting abused in the society does not move any complaint against the
cyber criminals, some of the cyber victims accept this incident as nightmare or
bad destiny or as wished by God and moving on the life by forgot all the
incidents. But due to this the cyber criminals are more encouraged to get involved
in such type of cyber criminal activities.

242
 There is a great need to encourage litigation both at national and
international level because the corporate sector has been shy of reporting cyber
crimes fearing adverse publicity which results into less judicial pronouncements.
Conviction reinforces the confidence of the people which enhances the capability
of the law enforcement agencies to combat cybercrime and in the Indian judicial
system’s resilience in dealing with new challenges in the cyber age. Public due to
unawareness that a cyber crime has been committed against them, are not able to
approach the police about the commission of cyber crimes. There is a need to take
effective steps for encouraging the public as well as the corporate sector to come
forward for combating with these types of crimes with the assistance of
government.

Need to Increase Cyber Resilience by Major Businesses

There is need to see cyber crime and cyber security as an ever present
challenge by the major businesses which requires continuous investment and
monitoring at management and crucially board level. Major businesses firstly
need to ensure that adequate cyber security is in place in the context of increasing
technically complex attacks. Then after, there is need to increase cyber resilience
in particular the ability to detect, contain and remediate breaches and other cyber
incidents by the businesses. It is critically found that businesses are not interested
to implement and maintain the latest technical and high demanded practices, but
also they did not actively test how well they are prepared for combating cyber
criminal attacks because this testing will encompass both their resistance to
threats and their ability to mitigate the loss or fear caused by cyber attacks.

Need of Partnership Approach between Law Enforcement Agencies and

Businesses

Cyber crime is ever growing threat of complex nature. Neither the law
enforcement agencies nor the businesses will be able to alone mitigate and control
this challenge. There is need of partnership approach between law enforcement
agencies and businesses to control cyber threats and to identify and disrupting the
cyber criminals. Such partnership would be build on existing intelligence sharing
initiatives, including sector based information sharing forums and the
Governments Cyber Security Information Sharing Partnership but would go
further in encouraging and enabling the reporting of cyber crimes as suggested by
National Crime agency (NCA).

243
 Need to Develop the Common Agenda of Harmonizing the
Atmosphere between Nations

The common network is being used by the entire globe at national as well
as international level with the warranties of having existence of international co-
operation. With the purpose to maintain it there is a need for every nation to
develop a common infrastructure for dealing with cyber crimes which is
harmonizing with the legal system of other nations. Presently, many efforts are
going on to develop the common agenda of harmonizing the atmosphere between
nations for combating cyber crimes by the international treaties, conventions or
commissions i.e. UNCITRAL Model Law etc.

Need of Government as well as Public Awareness both at National and

International Level

It is rightly said that prevention is always better than cure. Public should
take certain effective precautions for protecting themselves from such crimes
while operating the internet Government as well as public awareness is highly
required for combating this recent growing cyber crime both at national and
international level because public and government both is the pillar of a nation.
Government will work out on the basis of what the public required or demanded.
If any cyber crime is committed against them then immediately report to police
about this. If the public is aware about their rights and duties then the government
will work properly. For this technology based programmes, education, camps and
other effective means should be adopted by the government for awaking the
public at large to protect themselves from these types of crimes.

Need of Information Technology Education and Training

Programmes & Camps

It is also found that the cyber crimes are causing monetary and non-monetary
losses to the government sector as well as private sector entities, departments,
institutions etc. at national and international level. There is a need to tackle this
problem at both levels with the co-operation of both private and public sector and
also a need to develop the investigation capabilities. Because in India there are
very few institutions that are providing Cyber Crimes Investigation Training, so
there is a need to establish more such institutions and from time to time such type
of camps should be organized. Technical training of the police, cyber authorities,
investigating officers, prosecutors, judges and advocates is highly demanded from
time to time. Indian police force is not qualified in the complex field of
computers, computer networks. It is also suggested that due to the very dynamic
244
nature of information technology there is a need to inculcate the culture of
continuous and learning education among the law enforcement authorities because
the today’s knowledge becomes obsolete in a very short time.

Need to Take Necessary Measures to Ensure Internet Stability and

Multi- Threat Security Systems

States should take necessary measures to ensure Internet stability and

security for fighting cyber crime and to counter spam. There is also the need to
protect and respect the provisions relating to right of freedom of expression and
privacy which are the relevant parts of the Universal Declaration of Human
Rights and the Geneva Declaration of Principles.

The national internet security standards must be strong and of world

standard for the purpose of prevention and control of cyber offences. Specially,
the Government authorities and agencies must choose Local Area Network
(LAN) for internal communications, secrets and confidential matters. There is
also the great need of awareness, information technology education and training
among public, police, lawyers, judges and government as well as private agencies
or institutions. There is need of multi-threat security systems and adoption of
foolproof computer procedures in organizations for combating cyber crimes both
at national and international level.

Need of Uniform Guidelines for the Internet Service Providers and

Cyber Café

There must be uniform guidelines for the internet service providers and
cyber café both at national and international level which expressly mentioned
their liability and accountability such as there must be the provision for
prohibiting them from use of user’s numbers of their clients and for keeping the
secrecy of their personal information which is provided on the basis of utmost
good faith. These guidelines must be updated from time to time according to
change in circumstances.

Need to Legally Recognise Sting Operation for National Security

Now-a-days Sting operations are very common in many countries like

USA but these operations are not permitted in many countries like Sweden.739 It
is said unlike the U.S. and certain other countries where the sting operation is
recognized as a legal method of law enforcement, though in a limited manner, the

739
“Sting Operation”, Wikipedia, available at: https://en.wikipedia.org/wiki/Sting_operation
(visited on April 6, 2017).
245
same is not the position in India.740 In court on its own motion v. State741 case, the
Division bench held that where a sting operation made by a private person or an
agency, which may result in violating bodily privacy of another person will fall
under section 66 E of the Act. Such person shall be liable under the Act. There is
a need to legally adopt this method in certain cases where required in public
interest and national security.

It has been rightly said, “If information technology was going to be the
integral part of life, it would be imperative to ensure that its abuses were curbed
and punished. Information technology’s legitimate and beneficial uses should be
promoted and encouraged in public interest. He said creating an institution
awareness of cyber threats, responsibilities and solutions were essential to
curbing cyber crimes. He also said that the law should necessarily respond to
social changes if it were to fulfil its function as a paramount instrument of social
order.” 742

As the National White Collar Crime Centre (NWCC) Director remarked

recently “...with the public’s continued support, law enforcement will be better
able to track down these perpetrators and bring them to justice.” 743 If the
suggestions mentioned above are implemented and security measures are adopted
properly, we can hope for a cyber world as a place with the wordings of Sh.
Rabindranath Tagore, “where the mind is without fear…”

740
The Hindu, New Delhi, June 24, 2016, available at:
http://www.thehindu.com/news/national/sting- operation-not-a-legal-method-of-law-enforcement-
supreme-court/article5944283.ece (visited on April 6, 2017).
741
(2013) WP (C) 162, Del.
742
Legal framework inadequate to tackle cyber crime” The Hindu, July 27, 2008.
743
Talat Fatima, Cyber Crimes, 2011, p. 77, see also Donald Brackman’s remarks on the 2009
Annual Report on Cyber crime released by the FBI on March 13, 2010.
246
 BIBLIOGRAPHY
 National Crimes Records Bureau, Ministry of Home Affairs, cyber
crimes in India.

 Information Technology Act,2008 N.V Paranjape ,Criminology and

Penology,2007.

 Dr. Amita Verma ,Cyber Crimes & Law(Central Law House

Publications, Allahabad,2009)

 Dr. M. Dasgupta , Cyber Crimes in India: A Comparative Study(Eastern

Law House Pvt . Ltd. Kolkata, 2009)

 Dr. Talat Fatima, Cyber Crimes, (Eastrn Book Company, Lucknow,

2011)

 Justice Yatinder Singh, Cyber Laws, (Universal Law Publishing Co.

Pvt Ltd,2010).

 Dr. Jyoti Rattan, Cyber Laws & Information Technology (Bharat Laws
House Pvt Ltd , New Delhi,2014)

 S.k Verma and Raman Mittal , Legl Dimension of Cyber Space ((India
Law Institute Publications,2004)

 Rodney . D. Ryder , Guide To Cyner Laws(Information Technology

Act,2000, E-Commerce,Data Protection and the Internet), Wadhwa
Publications,(2001)

 R.K Chaubey,An Introduction to Cyber Crime and Law,Kamal Law

House Publications, (2009)

 Dr.Farooq Ahmed,Cyber Law India – Law on Internet ( New Era Law

Publications, Delhi,2008)

 Anirudh Rastogi, Cyber Law , Law of Information Technology and

Internet (LexisNexis, 2014)

 Vivek Sood , Cyber Law Simplified ,(Tata Mcgrew- Hill Publishing

247
 Company Limited, New Delhi,2008)

 Dr. Vishwanath Paranjape , Legal Dimensions of Cyber Crimes and

Preventive Laws with Special Reference to India(Central Law
Publication,2010)

 Pawan Duggal, Text Book on Cyber Laws (Universal Law Publishing

Pvt Ltd ,2013)

 V.D Dudeja , Cyber Crime and Law (Commonwealth Publication ,2002)

 Bary C. Collins, The Future of Cyber Terrorism(University of

Illinois ,Chicago,1996)

 Steven Furnell,Cybercrime:Vandalazing the Information Society,2002

 M. Dasgupta , Cyber Crime in India – A Comparative Study,2009

 S.T. Vishwanathan, The Indian Cyber Laws: with Cyber Glossary,2001

 Pawan Duggal, Cyber –The Indian Perspective,2002

 S.K Verma and Raman Mittal, Legal Dimension of Cyber Space,2004

 Steven Furnell, Cybercrime:Vandalizing the Information Society,2002

 S.K Bansal, Cyber Crime,2003

 H.Chander, Cyber Laws and IT Protection 2012

 R.C. Mishra Cyber Crime:Impact in the New Millenium,2002

 Mohit Goel, “Ethics and Cyber Crimes in India”2012

 Chris Reed ,Computer Law, 2003

 Ritu Dhanoa,”Cyber Crimes Awareness”. International Journal in

Multidisciplinary and Academic Research,2014

 L.J Lloyd,Information Technology Law,2000

 Sallie Spilsbury,Cyber Law,2000

 B. Muthukumaran ,”Cyber Crime Scenario in India”,Criminal

248
 Investigation Department Review,2008

 Parthasathi Pati “Cyber Crimes”2017

 R.K Tiwari ,P.k Tiwari, “Computer Crime and Computer

Forensics”2002

 Talwant SinghCyber Law& Information Technology,2017

 Vakul Sharma,Information Technology-Laws and Practice,2007

249