Chapter 6:

Laws in India – III

6.1 PROTECTION OF CONSUMER RIGHTS

6.1.1 Who is a consumer?
Section 2(d) of the Consumer Protection Act defines "consumer" as
a person who buys any goods for a consideration. It can be
observed that:

 The goods or services must have been purchased or hired

or availed of for a consideration which has been paid in
full or in part or under a system of deferred payment, i.e.,
in respect of hire-purchase transactions;
 The goods purchased should not be meant for resale or for
a commercial purpose. Goods purchased by a dealer in the
ordinary course of his business and those which are in the
course of his business to supply would be deemed to be for
re-sale;
 In addition to the purchaser(s) of goods, or hirer(s) or
user(s) of services, any beneficiary of such services, a user
of goods/services with the approval of the purchaser or
hirer or user would also be deemed to be a "consumer"
under the Act.

The notion of consumer protection has been present since the very
beginning of human civilization. Consumer Protection is a pursuit
of socio-economic nature, by the government. Businesses need to
prioritize consumer satisfaction which can be ensured only when
the government steps in to provide protection to all consumers.
The government fulfils that onus through a structure of policies,
regulations, and legislation. To understand the process that led to
the drafting of the Consumer Protection Act 1986, one must
understand that before this act came into force, there were a string
of other laws created for the same objective. However, none of
them successfully shielded the consumers from exploitation to the
degree that was required.

1
In the absence of an effective consumer protection law, the onus of
being careful when assessing the quality of the product was
placed upon the buyer. It helped the sellers shirk their
responsibility. The sellers had the leeway to get away with
substandard or faulty products due to the lack of a legal
framework conceptualized to protect consumers. If a buyer found
a defect in a product, he would simply avoid buying it from the
same brand or shop in the future. This is due to a lack of redressal
mechanisms, as well as limited access to the existing ones. It took
years of activism to generate awareness regarding this issue. This
culminated into the Consumer Protection Act 1986.i

Consumers often face issues if the product is of low quality, not

adhering to MRP, or if there is any adulteration, etc. This is
because the consumer and the company or retailer is rarely on a
level playing field. This unequal power balance tends to give the
seller/company undue authority to exploit the consumer. In view
of these issues, there have been several laws enacted in India to
overcome these issues.ii Before we discuss these, there were
external influences of which the United Nations guidelines are
significant.

6.2.2 UN GUIDELINES FOR CONSUMER PROTECTION

The United Nations Guidelines for Consumer Protection

(UNGCP) are

a valuable set of principles for setting out the main

characteristics of effective consumer protection
legislation, enforcement institutions and redress
systems and for assisting interested Member States
in formulating and enforcing domestic and
regional laws, rules and regulations that are
suitable to their own economic and social and
environmental circumstances, as well as promoting
international enforcement cooperation among
Member States and encouraging the sharing of
experiences in consumer protection.

The guidelines were first adopted by the General Assembly in

resolution 39/248 of 16 April 1985, later expanded by the
Economic and Social Council in resolution E/1999/INF/2/Add.2
of 26 July 1999, and recently revised by the General Assembly in
resolution 70/186 of 22 December 2015.

2
UNCTAD also promotes the guidelines and encourages interested
member States to create awareness of the many ways in which
member States, businesses and civil society can promote
consumer protection in the provision of public and private goods
and services. The Intergovernmental group of experts on
consumer protection law and policy has been established to
monitor the implementation of the guidelines, provide a forum for
consultations, produce research and studies, provide technical
assistance, undertake voluntary peer reviews, and periodically
update the UNGCP. Its first session was held on 17 and 18
October 2016 in Geneva.

These guidelines for consumer protection have the following

objectives:

 To assist countries in achieving or maintaining adequate

protection for their population as consumers.
 To facilitate production and distribution patterns
responsive to the needs and desires of consumers.
 To encourage high levels of ethical conduct for those
engaged in the production and distribution of goods and
services to consumers.
 To assist countries in curbing abusive business practices by
all enterprises at the national and international levels
which adversely affect consumers.
 To facilitate the development of independent consumer
groups.
 To further international cooperation in the field of
consumer protection
 To encourage the development of market conditions which
provide consumers with greater choice at lower prices
 To promote sustainable consumption.
 To enable member states to establish their own consumer
protection policies.iii

CONSUMER PROTECTION LAWS IN INDIA

Consumer Protection laws in India are designed to enable

consumers to make informed choices; ensure fair, equitable and
consistent outcomes for consumers; and facilitate timely and
effective grievance redressal. Its mission is to empower consumers
through awareness and education; enhance consumer protection
and safety through progressive legislations and prevention of

3
unfair trade practices; enable quality and quantity assurance
through standards and their conformance; and ensure access to
affordable and effective grievance redressal mechanisms.iv

6.2.3 Consumer Protection Act, 1986

The Consumer Protection Act, 1986 which was one of the first
consumer protection laws sought to provide for better protection
of the interests of consumers and for the purpose, to make
provision for the establishment of Consumer Councils and other
authorities for the settlement of consumer disputes and for matter
connected therewith. It sought, inter alia, to promote and protect
the rights of consumers such as:

 the right to be protected against marketing of goods which

are hazardous to life and property;
 the right to be informed about the quality, quantity,
potency, purity, standard and price of goods to protect the
consumer against unfair trade practices;
 the right to be assured, wherever possible, access to an
authority of goods at competitive prices;
 the right to be heard and to be assured that consumers
interests will receive due consideration at appropriate
forums;
 the right to seek redressal against unfair trade practices or
unscrupulous exploitation of consumers; and
 right to consumer education.

These objects were sought to be promoted and protected by the

Consumer Protection Council to be established at the Central and
State level. Further, to provide speedy and simple redressal to
consumer disputes, a quasi-judicial machinery was sought to be
setup at the district, State and Central levels. These quasi-judicial
bodies would observe the principles of natural justice and were
empowered to give relief of a specific nature and to award,
wherever appropriate, compensation to consumers. Penalties for
noncompliance of the orders given by the quasi-judicial bodies
were also provided in the Act.v Thus, as per the act the main
agencies for the attainment of consumer protection in India are
district consumer disputes redressal forum (District Forum), state
consumer disputes redressal forum (State Commission) and
national consumer disputes redressal forum (National
Commission).

4
6.2.4 The Consumer Protection Act, 2019

Since the notification of the 1986 Consumer Protection Act, the

consumer markets have undergone huge transformation. Some of
these relate to:

 Presence of increasingly complex services in the

marketplace
 The emergence of global supply chains, rise in
international trade and the rapid development of
ecommerce.
 New delivery systems for goods and services and have
provided new opportunities for consumers.
 Increase of consumer vulnerability to new forms of unfair
trade and unethical business practices.
 Misleading advertisements, tele-marketing, multi-level
marketing, direct selling and e-tailing.vi

Due to factors mentioned above, the Consumer Protection Bill,

2019 was passed by the Indian Parliament on Aug 06, 2019, and
later on signed by the President of India. This new act was to
replace the old Consumer Protection Act, 1986.Accordingly, the
new Consumer Protection Act, 2019 came in to force from 20th
July 2020. This new Act will empower consumers and help them
in protecting their rights through its various notified Rules and
provisions like Consumer Protection Councils, Consumer Disputes
Redressal Commissions, Mediation, Product Liability and
punishment for manufacture or sale of products containing
adulterant / spurious goods.

The Act includes establishment of the Central Consumer Protection

Authority (CCPA) to promote, protect and enforce the rights of
consumers. The CCPA will be empowered to conduct
investigations into violations of consumer rights and institute
complaints / prosecution, order recall of unsafe goods and
services, order discontinuance of unfair trade practices and
misleading advertisements, impose penalties on
manufacturers/endorsers/publishers of misleading
advertisements. Further, rules for prevention of unfair trade
practice by e-commerce platforms will also be covered under this
Act. The gazette notification for establishment of the Central
Consumer Protection Authority and rules for prevention of unfair
trade practice in e-commerce were also created under this Act.

5
Under this act every e-commerce entity is required to provide
information relating to return, refund, exchange, warranty and
guarantee, delivery and shipment, modes of payment, grievance
redressal mechanism, payment methods, security of payment
methods, charge-back options, etc. including country of origin
which are necessary for enabling the consumer to make an
informed decision at the pre-purchase stage on its platform. E-
commerce platforms have to acknowledge the receipt of any
consumer complaint within forty-eight hours and redress the
complaint within one month from the date of receipt under this
Act. The New Act introduces the concept of product liability and
brings within its scope, the product manufacturer, product service
provider and product seller, for any claim for compensation.

The new Act provides for simplifying the consumer dispute

adjudication process in the consumer commissions, which
include, among others, empowerment of the State and District
Commissions to review their own orders, enabling a consumer to
file complaints electronically and file complaints in consumer
Commissions that have jurisdiction over the place of his residence,
videoconferencing for hearing and deemed admissibility of
complaints if the question of admissibility is not decided within
the specified period of 21 days.

An Alternate Dispute Resolution mechanism of “Mediation” has

also been provided in the new Act. This will simplify the
adjudication process. A complaint will be referred by a Consumer
Commission for mediation, wherever scope for early settlement
exists and parties agree for it. Mediation will be held in the
Mediation Cells to be established under the aegis of the Consumer
Commissions. There will be no appeal against settlement through
mediation. As per the Consumer Disputes Redressal Commission
Rules, there will be no fee for filing cases upto Rs. 5 lakh. There are
provisions for filing complaints electronically, credit of amount
due to unidentifiable consumers to Consumer Welfare Fund
(CWF). The State Commissions will furnish information to
Central Government on a quarterly basis on vacancies, disposal,
pendency of cases and other matters. This Act also introduces the
concept of product liability and brings within its scope, the
product manufacturer, product service provider and product
seller, for any claim for compensation. The Act provides for
punishment by a competent court for manufacture or sale of
adulterant/spurious goods. The court may, in case of first

6
conviction, suspend any licence issued to the person for a period
of up to two years, and in case of second or subsequent
conviction, cancel the licence.

Under this new Act, besides general rules, there are Central
Consumer Protection Council Rules, Consumer Disputes
Redressal Commission Rules, Appointment of President &
Members in State/District Commission Rules, Mediation Rules,
Model Rules and E-Commerce Rules and Consumer Commission
Procedure Regulations, Mediation Regulations and
Administrative control over State Commission & District
Commission Regulations.

The Central Consumer Protection Council Rules are provided for

constitution of the Central Consumer Protection Council, an
advisory body on consumer issues, headed by the Union Minister
of Consumer Affairs, Food and Public Distribution with the
Minister of State as Vice Chairperson and 34 other members from
different fields. The Council, which has a three-year tenure, will
have Minister-in-charge of consumer affairs from two States from
each region- North, South, East, West, and North East Region.
There is also provision for having working groups from amongst
the members for specific tasks. In earlier Consumer Protection
Act, 1986 a single point access to justice was given, which is also
time consuming. The new act has been introduced after many
amendments to provide protection to buyers not only from
traditional sellers but also from the new e-commerce
retailers/platforms. It is expected that this Act will prove a
significant tool in protecting consumer rights in the country.vii

6.2 LAWS AGAINST CYBER CRIME

6.2.1 WHAT IS THE ‘CYBERSPACE’ ?

The Cambridge Dictionary defines “cyberspace” simply as

“internet considered as an imaginary area without limits where
you can meet people and discover information about any
subject”.viiiThe term “cyberspace” was initially introduced by
William Gibson in his 1984 book, Neuromancer. Gibson actually
criticized the term in later years, calling it “evocative and
essentially meaningless.”

Nevertheless, the term is still widely used today to describe any

facility or feature that is linked to the Internet. People use the term

7
to describe all kinds of virtual interfaces that create digital
realities. Cyberspace thus, refers to the virtual computer world,
and more specifically, an electronic medium that is used to
facilitate online communication. Cyberspace typically involves a
large computer network made up of many worldwide computer
sub-networks that employ TCP/IP protocol to aid in
communication and data exchange activities. Cyberspace's core
feature is an interactive and virtual environment for a broad range
of participants.ix

According to the Computer Security Resource Centre the word

“cyberspace” can be defined in numerous ways. It can be
understood as a “global domain within the information
environment consisting of the interdependent network of
information systems infrastructures including the Internet,
telecommunications networks, computer systems, and embedded
processors and controllers”. Alternatively, it can also mean the
entirety of “complex environments resulting from the interaction
of people, software and services on the Internet by means of
technology devices and networks connected to it, which does not
exist in any physical form”.x

Cyberspace allows its users to share information, interact, swap

ideas, play games, engage in discussions or social forums, conduct
business and create intuitive media, among many other activities.
One way to talk about cyberspace is related to the use of the
global Internet for diverse purposes, from commerce to
entertainment. Wherever stakeholders set up virtual meeting
spaces or students enter a virtual classroom, we see the
cyberspace existing. Wherever the Internet is used, one could say,
that it creates a cyberspace. The prolific use of both desktop
computers, laptops, tablets and smart phones to access the
Internet means that, in a practical sense, the cyberspace is actually
growing.

To really consider what cyberspace means and what it is, consider

what happens when thousands of people, who may have gathered
together in physical rooms in the past to play a game, do it instead
by each looking into a device from remote locations. As gaming
operators dress up the interface to make it attractive and
appealing, they are, in a sense, bringing interior design to the
cyberspace. In fact, gaming as an example, as well as streaming
video, shows what our societies have largely chosen to do with

8
the cyberspace as a whole. Another prime example of cyberspace
is the online gaming platforms advertised as massive online
player ecosystems. These large communities, playing all together,
create their own cyberspace worlds that exist only in the digital
realm, and not in the physical world, sometimes nicknamed the
“meatspace” or more recently “metaverse”.

6.2.2 WHAT IS THE ‘METAVERSE’ ?

The word ‘metaverse’ is referred to in fictional stories like Snow

Crash—the 1992 novel that coined the term “metaverse”—or the
movie Ready Player One, which depicts a VR world where
everyone works, plays, and shops. In the recent times it is made
popular by Mark Zuckerberg when he decided to rebrand his
existing social media platforms into “Metaverse”.

Metaverse, however, is a broad term and it generally refers to

shared virtual world environments which people can access via
the internet. The term can refer to digital spaces which are made
more lifelike by the use of virtual reality (VR) or augmented
reality (AR). Some people also use the word metaverse to describe
gaming worlds, in which users have a character that can walk
around and interact with other players. There is also a specific
type of metaverse which uses block-chain technology. In these,
users can buy virtual land and other digital assets using crypto-
currencies. Many science fiction books and films are set in fully-
fledged metaverses – which are alternative digital worlds which
are indistinguishable from the real physical world.

Proponents of the metaverse see it as the next stage in the

development of the internet. At the moment, people interact with
each other online by going to websites such as social media
platforms or using messaging applications. The idea of the
metaverse is that it will create new online spaces in which
people’s interactions can be more multi-dimensional, where users
are able to immerse themselves in digital content rather than
simply viewing it. The accelerated interest in the metaverse can be
seen as a result of the Covid-19 pandemic. As more people have
started working and going to school remotely, there has been an
increased demand for ways to make online interaction more
“lifelike”.xi

The word “metaverse” also translates to a digital economy, where

users can create, buy, and sell goods. And, in the more idealistic

9
visions of the metaverse, it's interoperable, allowing you to take
virtual items like clothes or cars from one platform to another. In
the real world, you can buy a shirt from the mall and then wear it
to a movie theater. Right now, most platforms have virtual
identities, avatars, and inventories that are tied to just one
platform, but a metaverse might allow you to create a persona that
you can take everywhere as easily as you can copy your profile
picture from one social network to another.xii

6.2.3 WHAT IS CYBERCRIME ?

Cybercrime, also called computer crime, is the use of a computer

or other electronic technologies as an instrument to further illegal
ends, such as committing fraud, trafficking in child pornography
and intellectual property, stealing identities, or violating privacy.
Cybercrime, especially through the Internet, has grown in
importance as the computer has become central to commerce,
entertainment, and government. Because of the early and
widespread adoption of computers and the Internet in the United
States, most of the earliest victims and villains of cybercrime were
Americans. However, by the 21st century, though, hardly a
country remained anywhere in the world that had not been
touched by cybercrime in one form or another.

What distinguishes cybercrime from traditional criminal activity?

Obviously, one difference is the use of the digital computer, but
technology alone is insufficient for any distinction that might exist
between different realms of criminal activity. Criminals do not
need a computer to commit fraud, traffic in child pornography
and intellectual property, steal an identity, or violate someone’s
privacy. All those activities existed before the “cyber” prefix
became ubiquitous. Cybercrime, especially involving the Internet,
represents an extension of existing criminal behaviour alongside
some novel illegal activities.

Most cybercrime is an attack on information about individuals,

corporations, or governments. Although the attacks do not take
place on a physical body, they do take place on the personal or
corporate virtual body, which is the set of informational attributes
that define people and institutions on the Internet. In other words,
in the digital age our virtual identities are essential elements of
everyday life: we are a bundle of numbers and identifiers in
multiple computer databases owned by governments and
corporations. Cybercrime highlights the centrality of networked

10
computers in our lives, as well as the fragility of such seemingly
solid facts as individual identity.

An important aspect of cybercrime is its nonlocal character:

actions can occur in jurisdictions separated by vast distances. This
poses severe problems for law enforcement since previously local
or even national crimes now require international cooperation. For
example, if a person accesses child pornography located on a
computer in a country that does not ban child pornography, is
that individual committing a crime in a nation where such
materials are illegal? Where exactly does cybercrime take place?

Cyberspace is simply a richer version of the space where a

telephone conversation takes place, somewhere between the two
people having the conversation. As a planet-spanning network,
the Internet offers criminals multiple hiding places in the real
world as well as in the network itself. However, just as
individuals walking on the ground leave marks that a skilled
tracker can follow, cybercriminals leave clues as to their identity
and location, despite their best efforts to cover their tracks. In
order to follow such clues across national boundaries, though,
international cybercrime treaties must be ratified.

6.2.4 TYPES OF CYBERCRIME

Cybercrime, as noted before, is criminal activity that either targets

or uses a computer, a computer network or a networked device.
Most, but not all, cybercrime is committed by cybercriminals or
hackers who want to make money. Cybercrime is carried out by
individuals or organizations. Some cybercriminals are organized,
use advanced techniques and are highly technically skilled.
Others are novice hackers. Rarely, cybercrime aims to damage
computers for reasons other than profit. These could be political,
professional or even personal.

The various types of cybercrime include:

 Email and internet fraud.

 Invasion of privacy
 Cyberterrorism

11
  Identity theft or fraud (where personal information is
stolen and used).
 Theft of financial or card payment data.
 Theft and sale of corporate data.
 Cyberextortion (demanding money to prevent a
threatened attack).
 Ransomware attacks (a type of cyberextortion).
 Cryptojacking (where hackers mine cryptocurrency using
resources they do not own).
 Cyberespionage (where hackers access government or
company data).
 File sharing and piracy
 Counterfeiting
 Creating/ Sharing Child Pornography

CYBERCRIME LAWS IN INDIA

In India, cyber laws are contained in the Information Technology

Act, 2000 ("IT Act") which came into force on October 17, 2000.
The main purpose of the Act is to provide legal recognition to
electronic commerce and to facilitate filing of electronic records
with the Government. The following Act, Rules and Regulations
are covered under cyber laws:

6.2.5 Information Technology Act, 2000 : Information Technology

Act, 2000 is India’s mother legislation regulating the use of
computers, computer systems and computer networks as also
data and information in the electronic format. This legislation has
touched varied aspects pertaining to electronic authentication,
digital (electronic) signatures, cyber crimes and liability of
network service providers. The Preamble to the Act states that it
aims at providing legal recognition for transactions carried out by
means of electronic data interchange and other means of
electronic communication, commonly referred to as "electronic
commerce", which involve the use of alternatives to paper-based
methods of communication and storage of information and aims
at facilitating electronic filing of documents with the Government
agencies. This Act was amended by Information Technology
Amendment Bill, 2008 which was passed in Lok Sabha on 22nd
December, 2008 and in Rajya Sabha on 23rd December, 2008. It
received the assent of the President on 5th February 2009 and was
notified with effect from 27th October 2009.

12
According to Section 1 (2), the Act extends to the entire country,
which also includes Jammu and Kashmir. In order to include
Jammu and Kashmir, the Act uses Article 253 of the constitution.
Further, it does not take citizenship into account and provides
extra-territorial jurisdiction.

Section 1 (2) along with Section 75, specifies that the Act is
applicable to any offence or contravention committed outside
India as well. If the conduct of person constituting the offence
involves a computer or a computerized system or network located
in India, then irrespective of his/her nationality, the person is
punishable under the Act.

The Act essentially deals with the following issues:

 All electronic contracts made through secure electronic

channels are legally valid.
 Legal recognition for digital signatures.
 Security measures for electronic records and also digital
signatures are in place
 A procedure for the appointment of adjudicating officers
for holding inquiries under the Act is finalized
 Provision for establishing a Cyber Regulatory Appellant
Tribunal under the Act. Further, this tribunal will handle
all appeals made against the order of the Controller or
Adjudicating Officer.
 An appeal against the order of the Cyber Appellant
Tribunal is possible only in the High Court
 Digital Signatures will use an asymmetric cryptosystem
and also a hash function
 Provision for the appointment of the Controller of
Certifying Authorities (CCA) to license and regulate the
working of Certifying Authorities. The Controller to act as
a repository of all digital signatures.
 The Act applies to offences or contraventions committed
outside India
 Senior police officers and other officers can enter any
public place and search and arrest without warrant
 Provisions for the constitution of a Cyber Regulations
Advisory Committee to advise the Central Government
and Controller.

The primary objectives of the IT Act, 2000 are:

13
  Granting legal recognition to all transactions done through
electronic data exchange, other means of electronic
communication or e-commerce in place of the earlier
paper-based communication.
 Providing legal recognition to digital signatures for the
authentication of any information or matters requiring
authentication.
 Facilitating the electronic filing of documents with
different Government departments and also agencies.
 Facilitating the electronic storage of data
 Providing legal sanction and also facilitating the electronic
transfer of funds between banks and financial institutions.
 Granting legal recognition to bankers for keeping the
books of accounts in an electronic form. Further, this is
granted under the Evidence Act, 1891 and the Reserve
Bank of India Act, 1934.

The IT Act of 2000 was developed to promote the IT industry,

regulate e- commerce, facilitate e-governance and prevent
cybercrime. The Act also sought to foster security practices within
India that would serve the country in a global context. The
Amendment was created to address issues that the original bill
failed to cover and to accommodate further development of IT
and related security concerns since the original law was passed.
The IT Act, 2000 consists of 90 sections spread over 13 chapters
[Sections 91, 92, 93 and 94 of the principal Act were omitted by the
Information Technology (Amendment) Act 2008 and has 2
schedules.[ Schedules III and IV were omitted by the Information
Technology (Amendment) Act 2008].

6.2.6 Information Technology (Amendment) Act, 2008: In this

amendment, the term 'digital signature' has been replaced with
'electronic signature' to make the Act more technology neutral. A
new section has also been inserted to define 'communication
device' to mean cell phones, personal digital assistance or
combination of both or any other device used to communicate,
send or transmit any text video, audio or image. A new section
has been further added to define cyber cafe as any facility from
where the access to the internet is offered by any person in the
ordinary course of business to the members of the public. A new
definition has been inserted for ‘intermediary’ and a new section
10A has been inserted to the effect that contracts concluded

14
electronically shall not be deemed to be unenforceable solely on
the ground that electronic form or means was used.

The amendment also introduced damages of Rs. One Crore

prescribed under section 43 of the earlier Act of 2000 for damage
to computer, computer system etc. has been deleted and the
relevant parts of the section have been substituted by the words,
'he shall be liable to pay damages by way of compensation to the
person so affected'.

A new section 43A has been inserted to protect sensitive personal

data or information possessed, dealt or handled by a body
corporate in a computer resource which such body corporate
owns, controls or operates. If such body corporate is negligent in
implementing and maintaining reasonable security practices and
procedures and thereby causes wrongful loss or wrongful gain to
any person, it shall be liable to pay damages by way of
compensation to the person so affected.

Sections 66A to 66F has been added to Section 66 prescribing

punishment for offences such as obscene electronic message
transmissions, identity theft, cheating by impersonation using
computer resource, violation of privacy and cyber terrorism.
Section 67 of the IT Act, 2000 has been amended to reduce the
term of imprisonment for publishing or transmitting obscene
material in electronic form to three years from five years and
increase the fine thereof from Rs.100,000 to Rs. 500,000.

Sections 67A to 67C have also been inserted. While Sections 67A
and B deals with penal provisions in respect of offences of
publishing or transmitting of material containing sexually explicit
act and child pornography in electronic form, Section 67C deals
with the obligation of an intermediary to preserve and retain such
information as may be specified for such duration and in such
manner and format as the central government may prescribe.

In view of the increasing threat of terrorism in the country, the

new amendments include an amended section 69 giving power to
the state to issue directions for interception or monitoring of
decryption of any information through any computer resource.
Further, sections 69A and B, two new sections, grant power to the
state to issue directions for blocking for public access of any
information through any computer resource and to authorize to

15
monitor and collect traffic data or information through any
computer resource for cyber security.

Section 79 of the Act which exempted intermediaries has been

modified to the effect that an intermediary shall not be liable for
any third party information data or communication link made
available or hosted by him if; (a) The function of the intermediary
is limited to providing access to a communication system over
which information made available by third parties is transmitted
or temporarily stored or hosted; (b) The intermediary does not
initiate the transmission or select the receiver of the transmission
and select or modify the information contained in the
transmission; (c) The intermediary observes due diligence while
discharging his duties.

However, section 79 will not apply to an intermediary if the

intermediary has conspired or abetted or aided or induced
whether by threats or promise or otherwise in the commission of
the unlawful act or upon receiving actual knowledge or on being
notified that any information, data or communication link
residing in or connected to a computer resource controlled by it is
being used to commit an unlawful act, the intermediary fails to
expeditiously remove or disable access to that material on that
resource without vitiating the evidence in any manner.

A proviso has been added to Section 81 which states that the

provisions of the Act shall have overriding effect. The proviso
states that nothing contained in the Act shall restrict any person
from exercising any right conferred under the Copyright Act,
1957.

OTHER ACTS AMENDED BY THE IT ACT

6.2.7 The Indian Penal Code, 1860: Normally referred to as the

IPC, this is a very powerful legislation and probably the most
widely used in criminal jurisprudence, serving as the main
criminal code of India. Enacted originally in 1860 and amended
many time since, it covers almost all substantive aspects of
criminal law and is supplemented by other criminal provisions.
In independent India, many special laws have been enacted with
criminal and penal provisions which are often referred to and
relied upon, as an additional legal provision in cases which refer
to the relevant provisions of IPC as well.

16
IT Act 2000 has amended the sections dealing with records and
documents in the IPC by inserting the word ‘electronic’ thereby
treating the electronic records and documents on a par with
physical records and documents. The Sections dealing with false
entry in a record or false document etc (eg. 192, 204, 463, 464, 464,
468 to 470, 471, 474, 476 etc.) have since been amended as
electronic record and electronic document thereby bringing within
the ambit of IPC, all crimes to an electronic record and electronic
documents just like physical acts of forgery or falsification of
physical records. In practice, however, the investigating agencies
file the cases quoting the relevant sections from IPC in addition to
those corresponding in IT Act like offences under IPC 463,464, 468
and 469 read with the IT Act/IT Amendment Act Sections 43 and
66, to ensure the evidence or punishment stated at least in either
of the legislations can be brought about easily.

The Indian Evidence Act 1872: This is another legislation

amended by the IT Act. Prior to the passing of IT Act, all
evidences in a court were in the physical form only. With the ITA
giving recognition to all electronic records and documents, it was
but natural that the evidentiary legislation in the nation be
amended in tune with it. In the definitions part of the Act itself,
the “all documents including electronic records” were substituted.
Words like ‘digital signature’, ‘electronic form’, ‘secure electronic
record’ ‘information’ as used in the IT Act, were all inserted to
make them part of the evidentiary mechanism in legislations.
Admissibility of electronic records as evidence as enshrined in
Section 65B of the Act assumes significance. This is an elaborate
section and a landmark piece of legislation in the area of
evidences produced from a computer or electronic device. Any
information contained in an electronic record which is printed on
a paper, stored, recorded or copied in optical or magnetic media
produced by a computer shall be treated like a document.

The Bankers’ Books Evidence (BBE) Act, 1891: Amendment to

this Act has been included as the third schedule in IT Act. Prior
to the passing of IT Act, any evidence from a bank to be produced
in a court, necessitated production of the original ledger or other
register for verification at some stage with the copy retained in the
court records as exhibits. With the passing of the IT Act the
definitions part of the BBE Act stood amended. Just like in the
Indian Evidence Act, the provisions in Bankers Books Evidence
Act make the printout from a computer system or a floppy or disc

17
or a tape as a valid document and evidence, provided, such print-
out is accompanied by a certificate stating that it is a true extract
from the official records of the bank and that such entries or
records are from a computerised system with proper integrity of
data, wherein data cannot be manipulated or accessed in an
unauthorised manner or is not lost or tamperable due to system
failure or such other reasons.

TYPES OF CYBERCRIMES IN INDIA

In India, cybercrime may be defined as “any unlawful act where

computer or communication device or computer network is used
to commit or facilitate the commission of crime”. According to the
Ministry of Home Affairs, Government of Indiaxiii the following
‘crimes’ are listed as cybercrimes:

Child Pornography: child sexually abusive material (CSAM)

refers to material containing sexual image in any form, of a child
who is abused or sexually exploited. Section 67 (B) of Information
Technology Act (2000) states that “it is punishable for publishing
or transmitting of material depicting children in sexually explicit
act in an electronic form”.

Cyber bullying: a form of harassment or bullying inflicted

through the use of electronic or communication devices such as
computer, mobile phone, laptop or tablet.

Cyber stalking: the use of electronic communication by a person

to follow a person, or attempts to contact a person to foster
personal interaction repeatedly despite a clear indication of
disinterest by such person; or monitors the internet, email or any
other form of electronic communication commits the offence of
stalking.

Cyber Grooming: when a person builds an online relationship

with a young person and tricks or pressures him/ her/them into
doing sexual act.

Online Job Fraud: an attempt to defraud people who are in need

of employment by giving them a false hope/ promise of better
employment with higher wages.

Online Lottery Fraud: Here the fraudster congratulates the victim

for winning a handsome lottery via e-mail/call/SMS. The victim
is delighted and is eager to get the lottery money. The fraudster

18
asks the victim to transfer a token amount and share vital personal
information to get the lottery money. The victim loses his/her
/their money and does not get anything in return.

Online Sextortion: this occurs when someone threatens to

distribute private, obscene and sensitive material using an
electronic medium if he/ she/they don’t provide images of a
sexual nature, sexual favours, or money.

Vishing: this is an attempt where fraudsters try to seek personal

information like Customer ID, Net Banking password, ATM PIN,
OTP, Card expiry date, CVV etc. through a phone call.

Sexting: this is an act of sending sexually explicit digital images,

videos, text messages, or emails, usually by cell phone.

Smishing: this is a type of fraud that uses mobile phone text

messages to lure victims into calling back on a fraudulent phone
number, visiting fraudulent websites or downloading malicious
content via phone or web.

SIM Swap Scam: this occurs when fraudsters manage to get a

new SIM card issued against a registered mobile number
fraudulently through the mobile service provider. With the help
of this new SIM card, they get One Time Password (OTP) and
alerts, required for making financial transactions through victim's
bank account. Getting a new SIM card against a registered mobile
number fraudulently is known as SIM Swap.

Credit card (or debit card) fraud: this involves an unauthorized

use of another's credit or debit card information for the purpose of
purchases or withdrawing funds from it.

Impersonation and identity theft: this is an act of fraudulently or

dishonestly making use of the electronic signature, password or
any other unique identification feature of any other person.

Phishing: a type of fraud that involves stealing personal

information such as Customer ID, IPIN, Credit/Debit Card
number, Card expiry date, CVV number, etc. through emails that
appear to be from a legitimate source.

Spamming: this occurs when someone receives an unsolicited

commercial messages sent via email, SMS, MMS and any other
similar electronic messaging media. They may try to persuade

19
recipient to buy a product or service, or visit a website where he
can make purchases; or they may attempt to trick him/ her into
divulging bank account or credit card details.

Ransom-ware: this is a type of computer malware that encrypts

the files, storage media on communication devices like desktops,
Laptops, Mobile phones etc., holding data/information as a
hostage. The victim is asked to pay the demanded ransom to get
his/her device decrypts.

Virus, Worms and Trojans: Computer Virus is a program written

to enter to your computer and damage/alter your files/data and
replicate themselves. Worms on the other hand are malicious
programs that make copies of themselves again and again on the
local drive, network shares, etc. A Trojan horse is not a virus per
se but is a destructive program that looks as a genuine
application. Unlike viruses, Trojan horses do not replicate
themselves but they can be just as destructive. Trojans open a
backdoor entry to your computer which gives malicious
users/programs access to your system, allowing confidential and
personal information to be stolen.

Data breach: A data breach is an incident in which information is

accessed or leaked without proper authorization.

Denial of Services (DoS)/ Denial of Service (DDoS): Denial of

Services (DoS) attack is an attack intended for denying access to
computer resource without permission of the owner or any other
person who is in-charge of a computer, computer system or
computer network. A Distributed Denial of Service (DDoS) attack
is an attempt to make an online service unavailable by
overwhelming it with traffic from multiple sources.

Website Defacement: this is an attack intended to change visual

appearance of a website and/ or make it dysfunctional. The
attacker may post indecent, hostile and obscene images, messages,
videos, etc in the website.

Cyber-Squatting: this is an act of registering, trafficking in, or

using a domain name with intent to profit from the goodwill of a
trademark belonging to someone else.

Pharming: this is cyber-attack aiming to redirect a website's traffic

to another, bogus website.

20
Cryptojacking: this is the unauthorized use of computing
resources to mine crypto-currencies.

Online Drug Trafficking: this is a crime of selling, transporting,

or illegally importing unlawful controlled substances, such as
heroin, cocaine, marijuana, or other illegal drugs using electronic
means.

Cyber-Espionage: this is the act or practice of obtaining data and

information without the permission and knowledge of the owner
(corporate or government).

ENDNOTES

21
i
https://www.legalbites.in/history-development-of-consumer-protection-laws/
ii
https://www.legalbites.in/history-development-of-consumer-protection-laws/
iii
https://unctad.org/topic/competition-and-consumer-protection/un-guidelines-for-consumer-protection
iv
https://consumeraffairs.nic.in/vision-and-mission
v
http://ncdrc.nic.in/bare_acts/consumer%20protection%20act-1986.html
vi
http://www.jiwaji.edu/pdf/ecourse/law/Consumer%20Protection%20Act%202019Dr%20J%20K%20Tiwari.pdf
vii
https://pib.gov.in/PressReleasePage.aspx?PRID=1639925
viii
See https://dictionary.cambridge.org/dictionary/english/cyberspace
ix
See https://www.techopedia.com/definition/2493/cyberspace
x
See https://csrc.nist.gov/glossary/term/cyberspace for more details.
xi
See https://nypost.com/2021/10/21/what-is-the-metaverse-meaning-explained/
xii
See https://www.wired.com/story/what-is-the-metaverse/
xiii
See https://cybercrime.gov.in/Webform/CrimeCatDes.aspx