Chanderprabhu Jain College of Higher Studies

&
School of Law
An ISO 9001:2015 Certified Quality Institute
(Recognized by Govt. of NCT of Delhi, Affiliated to GGS Indraprastha University, Delhi)

E-Notes

L
Class : B.A.LL.B/ BBA LL.B VII SEMESTER

SO
Paper Code : LLB 405

Subject : LAW & EMERGING TECHNOLOGY

&
Unit-III:
S
CYBER CRIME
H

A. Cyber Crime under Information Technology Act: National Perspective

C

Statuary Provisions (Information Technology Act, 2000)

PJ

The first step in the field of cyber law was the Model Law which was drafted under the United
Nations Commissions on International Trade law, 1986. Then, the United Nations general
assembly on 30th January, 1999 passed a resolution to regulate e-commerce through uniform set
C

of laws applicable to its member ‘s countries. Being a signatory to the resolution, Parliament of
India has a passed the Information Technology Act, 2000 on 17th may, 2000.

The preamble of the Act states that the objectives of the act is to legalese e-commerce and
further amend the Indian Penal Code, 1860, the India Evidence Act,182, the Banker ‘s Book
Evidence Act, 1891and the Reserve Bank of India Act, 1934 to make compatible with this Act.
The Act consists of 13 Chapters and governs laws relating to Electronic Contract, Electronic
Record, Digital Signature and the use of the electronic records and signature in Government
records. It also regulates the activities of the Network Service Providers, Internet Service
Providers (ISPs).
Page 1 of 14
 Chanderprabhu Jain College of Higher Studies
&
School of Law
An ISO 9001:2015 Certified Quality Institute
(Recognized by Govt. of NCT of Delhi, Affiliated to GGS Indraprastha University, Delhi)

Punishments and Offences

L
The main aim of the act is to legalize the digital language so that people can easily and without

SO
fear use the electronic devices for their own purposes like doing business or for entertainment. It
prescribes certain offences and penalties to keep a check on the cybercrime, the main of them
are:

· Section 65: Tampering with Computer Source Documents

· Section 66: Hacking with Computer System

&
S
· Section 67: Publishing of obscene information which is obscene in electronic form.

· Section 70: breach of confidentially and privacy.

H

In addition to above, Section 77 of the Act states that “No penalty imposed or confiscation made
C

under this Act shall prevent the imposition of any other punishment to which the person affected
thereby is liable under any other law for the time being in force.” which means the civil crimes can
also be made as Criminal Act, as
PJ

· Computer Network Breaking and Hacking: - S. 66(2) of I.T. Act and S. 441 of IPC

· Child Pornography: - S. 67 of I.T. Act and S. 294 of IPC

C

· Email- bombing: - S. 43(e) of I.T. Act and S. 425-441 read with S447 of IPC

· Password Sniffing: - S. 43(a), (g) of I.T. Act and S. 419 of IPC

· Credit Card Fraud: - I.T. Act and S. 443 (a) and (g) read with 426, 427 and 447 of IPC.

Jurisdiction Issues

Jurisdiction is one of the debatable issues in the case of cybercrime due to the very universal
nature of the cybercrime. With the ever-growing arm of the cyber space the territorial concept
seems to vanish. New Methods dispute resolution should give way to the conventional methods.
Page 2 of 14
 Chanderprabhu Jain College of Higher Studies
&
School of Law
An ISO 9001:2015 Certified Quality Institute
(Recognized by Govt. of NCT of Delhi, Affiliated to GGS Indraprastha University, Delhi)

Thus, the Information Technology Act, 2000 is silent on these issues. Though S. 75 provides for
extra-territorial operations of this law, but they could be meaningful only when backed with

L
provisions recognizing orders and warrants for Information issued by competent authorities

SO
outside their jurisdiction and measure for cooperation ‘s for exchange of material and evidence
ofcomputers crimes between law enforcement agencies.

B. CYBER JURISDICTION

&
The internet can be seen as a multi-jurisdictional because of the ease which a user can access of
website anywhere in the world. It can be even viewed as a jurisdictional in the sense that from
the user‘s perspective that the state and national borders are essentially transparent. For courts
S
determining jurisdiction situation is more problematic. The court in Zippo mfg. v. Zippo dot
H

com inc said that there is a global revolution looming on the horizon and the development of the
law in dealing with the allowable scope of personal jurisdiction based on internet use in its
C

infancy.
PJ

The developing law of jurisdiction must have addressed whether a particular event in cyber
space is controlled by the law of state or country where the website is located, by the law of the
state or the country where the internet service provider is located. A number of commentators
C

have voiced their opinion that cyber space should be treated as separate jurisdiction. In practice
this view has not been supported or addressed by the law makers

Cyber jurisdictional cases have been dealt with primarily in civil courts. Since the advent of US
v. Thomas, infra and Minnesota v. Granite gate resort, Cyber jurisdictions issues have been
beginning to be examined in criminal courts as well.

Page 3 of 14
 Chanderprabhu Jain College of Higher Studies
&
School of Law
An ISO 9001:2015 Certified Quality Institute
(Recognized by Govt. of NCT of Delhi, Affiliated to GGS Indraprastha University, Delhi)

Liability of Internet Service Providers

L
Internet service Providers acts a link for the activities that takes place on the internet. He runs the
risk of being liable for information that is transmitted over the information system provide by his

SO
services. S.79 of I.T. Ct, 200 provides the network service providers is not subject to any civil or
criminal liability under this act for any third party information or data made available by him, if,
he proves that the offence was committed without his knowledge., or that he had exercised all
due diligence to prevent the commissioning of such offence. NSPs will be held liable for their
&
consent or third party consent that they adopt or approve of. With transactions occurring over an
open network environment, questions are raised as to the liability of the carriers of their
S
transactions, disputes and problems arise. In the physical world, intermediaries such as
publishers for the content published by the authors. However, in the electronic there are some
H

classes of intermediaries who carry the data and do not exercise the direct control over the
content. For promoting the electronic transaction, it is important to clarify the liability if such
C

NSPs. It is proposed that intermediaries who are ISPs are not responsible for thirds party content
PJ

for which they mere provide access to. It is necessary to insure that providers do not shirk their
responsibilities under the licensing scheme to regulate the undesirable content. The provision
therefore makes it clears that it will absolve ISPs from their licensing obligations.
C

The Information Technology Act, 2000.

The ITAct-2000 defines 'computer' as any electronic magnetic, optical or other high-speed data
processing device or system which performs logical, arithmetic, and memory functions by
manipulations of electronic, magnetic or optical impulses, and includes all input, output,
processing, storage, computer software, or communication facilities which are connected or
related to the computer in a computer system or computer network. The word 'computer' and
'computer system' have been so widely defined and therefore, any high-end programmable
gadgets like even a washing machine or switches and routers used in a network can all be
brought under the definition.
Page 4 of 14
 Chanderprabhu Jain College of Higher Studies
&
School of Law
An ISO 9001:2015 Certified Quality Institute
(Recognized by Govt. of NCT of Delhi, Affiliated to GGS Indraprastha University, Delhi)

The Information Technology Act, 2000 (IT Act- 2000) was enacted by Parliament of India to

L
protect the field of e-commerce, e-governance, e-banking as well as to provide for penalties and

SO
punishments in the field of cybercrimes. The above Act was further amended by the Information
Technology (Amendment) Act, 2008 (ITAAct2008). The word 'communication devices' was
inserted in the definition, to include into its coverage cell phones, personal digital assistance or
such other devices used to transmit any text, video etc. like those which were later being
&
marketed as iPad or other similar devices on Wi-Fi and cellular models.
IT Act- 2000 defined 'digital signature', but the said definition was incapable to cater to needs of
the hour and therefore, the term 'Electronic signature' was introduced and defined in the IT Act -
S
2008 as a legally valid mode of executing signatures. This includes digital signatures as one of
H

the modes of signatures and is far broader in ambit covering biometrics and other new forms of
creating electronic signatures. The new amendment has replaced Section 43 by Section 66. The
C

word "hacking" used in Section 66 of earlier Act of 2000 was removed and named as "data theft"
and consequently widened in the form of Sections 66A to 66F. The section covers the offences
PJ

such as the sending of offensive messages through communication service, misleading the
recipient of the origin of such messages, dishonestly receiving stolen computers or other
communication device, stealing electronic signature or identity such as using another person’s
C

password or electronic signature, cheating by personation through computer resource or a

communication device, publicly publishing the information about any person's location without
prior permission or consent, cyber terrorism, the acts of access to a computer resource without
authorization, such acts which can lead to any injury to any person or result in damage or
destruction of any property, while trying to contaminate the computer through any virus like
Trojan etc. The offences covered under Section 66 are cognizable and nonbailable. It may be
pointed here that the consequence of Section 43 of earlier Act was civil in nature having its
remedy in the form of damages and compensation only Under Section 66 of the Amendment Act,
2008 if an act is done with mens rea i.e. criminal intention, it will attract criminal liability

Page 5 of 14
 Chanderprabhu Jain College of Higher Studies
&
School of Law
An ISO 9001:2015 Certified Quality Institute
(Recognized by Govt. of NCT of Delhi, Affiliated to GGS Indraprastha University, Delhi)
resulting in imprisonment or fine or both. The law of defamation under Section 499 got extended
to "Speech" and "Documents" in electronic form with the enactment of the Information

Technology Act, 2000. Section 66A of the Information Technology Act, 2000. Any person who

L
sends, by means of a computer resource or a communication device:- (i) any information that is

SO
grossly offensive or has menacing character; or (ii) any content information which he knows to
be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult,
injury, criminal intimidation, enmity, hatred, or ill will, persistently makes by making use of
such computer resource or a communication device, or (iii) any electronic mail or electronic mail
&
message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the
addressee or recipient about the origin of such messages, shall be punishable with imprisonment
for a term which may extend to three years and with fine. Section 66A of the Information Act,
S
2000 does not specifically deal with the offence of cyber defamation but it makes punishable the
H

act of sending grossly offensive material for causing insult, injury or criminal intimidation.
C

C. CRIME UNDER INFORMATION TECHNOLOGY ACT: INTERNATIONAL

PERSPECTIVE
PJ

 USA:
 The Computer Fraud and Abuse Act, deals with the issue of unauthorized
access in the U S legal system. The legislation was first enacted in 1984, revised in 1994,
C

and last amended made in late 1996. 85 Thus, USA has passed several enactments, which
cover various aspect of cybercrime. The States of USA also pass various federal laws for
the protection of cybercrime. These Federal Acts, however either are to introduced or
amend existing provisions in U.S. Federal Code.
The major provisions of U.S. codes governing criminal activities can broadly have
discussed inthe following heads:
 Federal Criminal Code Concerning computer crimes
 Federal Statutes Governing Intellectual Property Rights:
 Copyright Offences

Page 6 of 14
 Chanderprabhu Jain College of Higher Studies
&
School of Law
An ISO 9001:2015 Certified Quality Institute
(Recognized by Govt. of NCT of Delhi, Affiliated to GGS Indraprastha University, Delhi)
 Copyright Management offences
 Trademark offences.
 Bootlegging offences
 Trade Secret Offences

L
 Offences concerning the integrity of IP System

SO
 Offences concerning the Misuse of Dissemination system
 Cyber Stalking
 Search and seizure of Computers
 Guidelines concerning sentences
&
U.S.A. has successfully enacted provisions relating to offences, there investigation and
S
sentencing. The country is leading in the field of checking cybercrime along through
effective police forces, particularly F.B.I., and people cooperation. The numbers of cyber
H

criminals are also greater in the country because of predominance of internet and cyber
technology in day-to-day life.
C

 The Counterfeit Access Device and Computer Fraud and Abuse Act of 1984
PJ

prohibits various attacks on federal computer systems and on those used by banks and in
interstate and foreign commerce.
 The Electronic Communications Privacy Act of 1986 (ECPA) prohibits
C

unauthorized electronic eavesdropping.

 The Federal Information Security Management Act of 2002 (FISMA).
 United States has a specific CAN-Spam Act 2003, which came into force in
January 2004. Major provisions are:
 False and misleading header information is banned
 Deceptive subject lines are prohibited

Page 7 of 14
 Chanderprabhu Jain College of Higher Studies
&
School of Law
An ISO 9001:2015 Certified Quality Institute
(Recognized by Govt. of NCT of Delhi, Affiliated to GGS Indraprastha University, Delhi)

 UK:

L
 The Computer Misuse Act 1990, 'an Act to make provision for securing
computer material against unauthorized access or modification; and for connected

SO
purposes', set out three computer misuse offences.
 Unauthorized access to computer material
 Unauthorized access with intent to commit or facilitate commission of
further offences.


&
Unauthorized modification of computer material.
The maximum prison sentences specified by the act for each offence were
S
six months and five years respectively.
H

 The Police and Justice Act 2006: The British Police and Justice (2006) bill was
granted Royal Assent this week with some interesting changes being introduced to the
C

Computer Misuse Act (1990) under Part 5 (Miscellaneous) which could have serious
PJ

implications for those on the murkier side of computing. The Computer Misuse Act
obviously needed updating, as most of the threats in existence today were not possible 16
years ago. Maximum sentencing for unauthorized access to computer.
C

D. INTERNATIONAL CONVENTION ON CYBER CRIME

 Budapest Convention
Budapest Convention on cybercrime provides for the criminalization of conduct, ranging from
illegal access, data and systems interference to computer-related fraud and child pornography;
procedural law tools to make the investigation of cybercrime and the securing of e-evidence in
relation to any crime more effective and international police and judicial cooperation on

Page 9 of 14
 Chanderprabhu Jain College of Higher Studies
&
School of Law
An ISO 9001:2015 Certified Quality Institute
(Recognized by Govt. of NCT of Delhi, Affiliated to GGS Indraprastha University, Delhi)

cybercrime and e-evidence. The Budapest Convention is supplemented by a Protocol on

Xenophobia and Racism committed through computer systems.

In 2014, the Council of Europe established a dedicated Programme Office on Cybercrime (C-

L
PROC) in Bucharest, Romania.

SO
This triangle of common standards (Budapest Convention), follow-up and assessments
(Cybercrime Convention Committee) and capacity building (C-PROC) represents a dynamic
framework under the convention.
Members: 67 states — together with 10 international organizations (such as the Commonwealth
&
Secretariat, INTERPOL, International Telecommunication Union and the UN Office on Drugs
and Crime) participate as members or observers in the Cybercrime Convention Committee.
Significance: Securing e-evidence for criminal justice purposes is particularly challenging in the
S
context of cloud computing where data is distributed over different services, providers, locations
H

and often jurisdictions, and where mutual legal assistance is often not feasible.
India and the Budapest Convention: While membership in the Budapest Convention more
C

than doubled since then, India is yet to join this treaty.

India's concern:
PJ

 As India did not participate in the negotiation of the Convention and thus should
not sign it. India can become a member but we cannot participate in making or changing
the law.
C

 The Budapest Convention allows for trans-border access to data and thus
infringes on national sovereignty.
 It is a criminal justice treaty and thus does not cover state actors or that some of
the states from which most attacks affecting India emanate have not signed the
Convention.

Page 10 of 14
 Chanderprabhu Jain College of Higher Studies
&
School of Law
An ISO 9001:2015 Certified Quality Institute
(Recognized by Govt. of NCT of Delhi, Affiliated to GGS Indraprastha University, Delhi)

 India should promote a treaty at the UN level: India wants a treaty to focus on
terrorism, or to address state-to-state relations and matters of international security.

L
 The Budapest Convention has been validly criticized for its lack of human rights
and legal safeguards.

SO
 Russia-led Resolution
The Russian proposal entitled “Countering the use of information and communications
technologies for criminal purposes” was recently put forth in the United Nations General
Assembly (UNGA).

&
The Russian proposal entitled “Countering the use of information and
S
communications technologies for criminal purposes” passed in the United Nations
General Assembly (UNGA) The proposal, which India voted in favor of, creates a
H

committee to convene in August 2020 in New York to establish a new treaty through
which nation-states can coordinate and share data to prevent cybercrime.
C

 India maintained its status as a non-member of the Europe-led Budapest

PJ

Convention, even as it voted in favor of a Russian-led UN resolution to set up a separate

convention
 This recent UN proposal follows previous Russian initiatives, including the “Draft
C

United Nations Convention on Cooperation in Combating Cybercrime” in 2017 to

develop a UN convention on cybercrime.
India’s Stand
India maintained its status as a non-member of the Europe-led Budapest Convention. Although,
India voted in favor of a Russian-led UN resolution to set up a separate convention.

Page 11 of 14
 Chanderprabhu Jain College of Higher Studies
&
School of Law
An ISO 9001:2015 Certified Quality Institute
(Recognized by Govt. of NCT of Delhi, Affiliated to GGS Indraprastha University, Delhi)

E. MOBILE PHONES CRIMES

Telecommunications in India have evolved up to a great extent starting from its introduction in

L
1882 to the introduction of mobile technology in 1995 and then to the emerging trend of
Smartphone’s post 2005 period. Similarly, with the advancement of technology, crimes over

SO
technological grounds have also evolved.
Mobile technology over the years has evolved up to a large extent be it on grounds of
flexibility or portability. Security measures too have improved, but not at the desired expected
rate to absolutely curb crime rates. The fact that tops the list is that people fail to believe that
they can be victims to such crimes.
&
Crime committed using modern technological tools are generally known as cybercrimes. The
S
broadest way to deliver the true meaning of cybercrime is “any crime wherein computer is either
used as a tool or a weapon.” On general lines, computers are considered to be of laptop or
H

desktop in form. However, as Wikipedia defines it, “a computer is a general purpose device that
can be programmed to carry out a finest set of arithmetic or logical operation.”
C
PJ

Kinds of Mobile Crimes

Mobile Hacking
Hacking in simple terms means an illegal intrusion into a computer system and/or network.
C

There is an equivalent term to hacking i.e. cracking. Every act committed towards breaking into
a mobile, communication devices, computer and/or network is hacking. Hackers write or use
ready-made computer programs to attack the target computer, mobile and/or communication
devices.
Mobile Cyber Defamation
This kind of crime has become widely prevalent across the world today. Criminals send
derogatory, humiliative and obscene SMS or email by using their mobiles, cell phones and

Page 12 of 14
 Chanderprabhu Jain College of Higher Studies
&
School of Law
An ISO 9001:2015 Certified Quality Institute
(Recognized by Govt. of NCT of Delhi, Affiliated to GGS Indraprastha University, Delhi)

communication devices, so as to defame others and lower their reputation in the eyes of those
who hold them in high esteem.

L
Mobile Pornography
The Internet is being highly used by its abusers to reach and abuse children sexually, worldwide.

SO
The internet is very fast becoming a household commodity. As more homes have access to
internet, more children would be using the mobiles, communications devices, internet and more
are the chances of falling victim to the aggression of pedophiles.
Mobile Pornography using mobile phone could be brought specifically within the ambit of
&
section 67B of the amended Indian Information Technology Act 2000. The said act is a crime,
punishable with imprisonment of either description for a term which may extend to 5 years and
S
with fine which may extend to 10 lakh rupees.
Identity Theft:
H

Mobile phone is used for the identity theft and criminals commit the crimes such as subscription
fraud etc. using various communication devices.
C

Cloning or re-chapping of mobile:

PJ

A clone is an analogue mobile phone which has been programmed to impersonate one owned by
a legitimate subscriber by using its ESN and telephone number (these numbers are usually
obtained by interception with a ‘scanner’ radio, theft of a dealer’s or service provider’s records
C

or directly from the impersonated phone). New types of cloned phones are coming to the UK
from the USA and Hong Kong: ‘tumbling’ phones automatically seek an identity from a pre-
programmed list, and the most recent ‘magic’ phones act as their own scanners copying identities
from nearby phones in use.
Mobile Cyber Stalking
Cyber Stalking can be defined as the repeated acts harassment or threatening behavior of the
cyber-criminal towards the victim by using mobiles internet services. Stalking in General terms

Page 13 of 14
 Chanderprabhu Jain College of Higher Studies
&
School of Law
An ISO 9001:2015 Certified Quality Institute
(Recognized by Govt. of NCT of Delhi, Affiliated to GGS Indraprastha University, Delhi)

can be referred to as the repeated acts of harassment targeting the victim such as following the
victim, making harassing phone calls, killing the victims pet, vandalizing victim’s property,

L
leaving written messages or objects. Stalking may be followed by serious violent acts such as
physical harm to the victim and the same has to be treated and viewed seriously. It all depends

SO
on the course of conduct of the stalker.
Denial of service Attack
This is an act by the criminal, who floods the bandwidth of the victim’s network or fills his e-
mail box with spam mail depriving him of the services he is entitled to access or provide.
Mobiles Virus Dissemination
&
A mobile virus is an electronic virus that targets mobile phones or other communication devices.
S
In typical mobile virus dissemination malicious software attaches itself to other software.
Mobile Software Piracy
H

Theft of mobile software through the illegal copying of genuine programs or the counterfeiting
and distribution of products intended to pass for the original.
C

Mobile Credit Card Fraud

PJ

The unauthorized and illegal use of a credit card through mobile to purchase products and /or
services.
Mobile Phishing
C

This refers to the act of targeting mobile phone users by phishing emails that appear to come
from mobile service providers. This further includes the act of sending an e-mail to a user falsely
claiming to be an established legitimate enterprise in an attempt to scam the user into
surrendering private information that will be used for identity theft.

Page 14 of 14