SEMINAR COURSE

SEMESTER & PROGRAM: B.COM, LL.B (TL) –VIII

SEMESTER

Review on Cyber Laws with special emphasis on

Information Technology Act, 2000 and relevant provisions of
IPC, 1860.

UTTARA KUMAR DHAKAD, R129215126, 500047988

Submitted under the guidance of: Ms. Parul Sinha

School of Law
University of Petroleum and Energy Studies
Dehradun

1
 CERTIFICATE

This is to certify that the seminar paper titled “Review on Cyber Laws with special emphasis on
Indian Penal Code, 1860 and Information Technology Act, 2000” is the work done by Uttara
Kumar Dhakad under my guidance and supervision.

Signature & Name of Mentor

Designation

Date

2
 DECLARATION

I declare that the Seminar Paper titled “Review on Cyber Laws with special emphasis on Indian
Penal Code, 1860 and Information Technology Act, 2000” is the outcome of my own work
conducted under the supervision of Ms. Parul Sinha, at School of Law, University of Petroleum
and Energy Studies, Dehradun.

I declare that the Seminar Paper comprises only of my original work and due acknowledgement
has been made in the text to all other material used.

Signature & Name of Student(s)

Date

3
 Table of Contents

1. Abstract…………………………………………….. ………………………………..5
2. Introduction………………………………………………………………………….. 6
3. Historical Background……………………………………………………………….. 7
4. Types of Cyber Crimes……………………………………………………………..…9
4.1. Identity theft
4.2. Cyber bullying
4.3. Cyber Terrorism
4.4. Hacking
4.5. Child Pornography
5. Objectives of ITA, 2000………………………………………………………………11
6. Offences under ITA, 2000…………………………………….....................................13
7. Offences under IPC,1860……………………………………………………………...19
8. Procedure under IEA, 1872……………………………………………………………20
9. Conclusion……………………………………………………………………………..21

4
 ABSTRACT
Introduction

India ranks 3rd in terms of the highest number of internet users in the world after USA and China,
the number has grown 6-folf between 2012-2017 with a compound growth rate of 44% 1. India
secures a spot amongst the top 10 spam-sending countries in the world alongside USA and
ranked among the top five countries to be affected by cybercrime, according to a 22 October
report by online security firm “Symantec Corp”. Various Governments and companies are taking
many measures in order to prevent these cyber crimes. Besides various measures cyber security
is still very big concern to many. Cyber Crime is not defined in Information Technology Act
2000 neither in the National Cyber Security Policy 2013 nor in any other regulation in India. In
fact, it cannot be too. Crime or offence has been dealt with elaborately listing various acts and
the punishments for each, under the Indian Penal Code, 1860 and quite a few other legislations
too. “Hence, to define cyber-crime, one can say, it is basically just a combination of crime and
computer. To put it in simple terms ‘any offence or crime in which a computer is used is a cyber-
crime’. This paper mainly focuses on challenges faces by cyber security on the latest
technologies. It also focuses on latest about the cyber security techniques, ethics and the trends
changing the face of cyber security.” This paper mainly focuses on the provisions given under
Information technology Act, 2000 and Indian Penal Code, 1860 and their punishment
respectively according to the provision of the Acts and various case laws on cyber crimes and
Internet Security laws.

Keywords: Cyber Security, Hacking, Cyber Crimes, offences.

1
www.niti.gov.in

5
 Review on Cyber Laws with special emphasis on Information
Technology Act, 2000 and relevant provisions of IPC, 1860

Introduction

Crime is both a social and economic phenomenon. It is as old as human society. “Many elderly
books right from pre-historic days, and mythological stories have spoken about crimes
committed by individuals be it against another individual like ordinary theft and burglary or
against the nation like spying, treason etc. Kautilya’s Arthashastra written around 350 BC,
considered to be an authentic administrative treatise in India, discusses the various crimes,
security initiatives to be taken by the leaders, possible crimes in a state etc. and also advocates
punishment for the list of some stipulated offences. Crime in any form adversely affects all the
members of the society at large. In developing economies, cyber crime has increased at rapid
strides, due to the rapid diffusion of the Internet and the digitalization of economic activities.”
Thanks to the huge penetration of technology in almost all walks of society right from corporate
governance and state administration, up to the lowest level of petty shop keepers computerizing
their billing system, we find computers and other electronic devices pervading the human life.
The penetration is so deep that man cannot spend a day without computers or a mobile.
Technology became the basic need of the society.

Different kinds of punishments have been prescribed for listed offences and the concept of
restoration of loss to the victims has also been discussed in it. Some major cyber crimes reported
in India are denial of services, defacement of websites, spam, computer virus and worms,
pornography, cyber squatting, cyber stalking and cyber phishing. Given the fact that nearly $120
million worth of mobiles are being lost or stolen in our country every year, the users have to
protect information, contact details and telephone numbers as these could be misused and it can
be tampered easily. Nearly 69% of information theft is carried out by current and ex-employees
and 31% by hackers. India has to go a long way in protecting the vital information. Over 86% of
all attacks, mostly via ‘bots’ were aimed at lay surfers with Mumbai and Delhi emerging as the

6
top two cities for such vulnerability.2 ‘Critical Information Infrastructure Protection Agency’ has
been formed by the Government of India. A Cyber Command in the defence forces to harness
defensive and offensive cyber capabilities for the national security is to be set up. Ongoing
efforts to establish a ‘National Cyber Coordination Centre’ will certainly bring about better
coordination and synergy in the efforts being made by government and private organisations. For
the above, there is a need for controlling the cyber space in India.3

Historical Background

It is simply that the democratization of technology offers the one same gear to folks that might
use them for sick, and lots of us don’t realize just how susceptible we are and how much greater
inclined, we come to be as we tie the entirety to computer systems. “What most people don’t
quite understand is that we are in the first seconds of the first minutes of the first hours of the
internet revolution, and there may be an exquisite change coming in this century.” “These days
some of these computers are hackable, which means that the 21st-century current global that
we’re constructing is a digital residence of playing cards that may come crashing down at any
second. We need to defend it because right now, we do not have a backup plan.” It isn’t always
unusual for teens and younger humans to get worried in cybercrime sports at an early age. Many
do it for a laugh without realizing the consequences in their movements – but the consequences
may be excessive. Cybercrime isn’t a victimless crime and is taken extraordinarily critically
through regulation enforcement. The teens that come to be involved in cybercrime often have an
ability set that would be put to an effective use. Abilities in coding, gaming, computer
programming, cyber safety or whatever it-associated is in excessive demand and there are
numerous careers and possibilities available to all of us with a hobby in those areas.

The United Nation Commission on International Trade Law (UNCITRAL) was created by the
resolution of the General Assembly of the United Nation in December 1996 4 in order to

2
International Journal of Engineering Research, Volume-2, Issue-1, January 2012.
3
Coastal Security Group News Letter published by Tamil Nadu Police October 2015. – ‘How to Secure India’s
Sacred Cyber Space’ article published by Shri.Amaresh Pujari, I.P.S., Inspector General of Police and Director,
Tamil Nadu Police Academy.
4
The UN General Assembly by its resolution 2205 (XXI) of 17 December, 1966 created United Nations
Commission on International Trade Law (UNCITRAL) with a mandate to further the progressive harmonization and
unification of the law of international trade and in that respect to bear in mind the interests of all people, in particular
those of developing countries, in the extensive development of international trade by adopting different Model
Laws.

7
streamline, harmonize and unify the law of International Trade. Some inadequacies and
impediments had crept in the law affecting trade and it was felt necessary to remove those short
comings. A draft of “Model Law” was prepared after debating various proposals in this
connection and examining them threadbare, critically and minutely and a copy of the text of the
Draft Model Law was sent to all governments and International organizations for eliciting their
news on the subjects. After examining the comments of the various governments, the
commission adopted the text of the Modal Law at its 605th meeting on 12 June 1996. 5 A
resolution was passed by the General Assembly6 on the report of 6th committee and the Model
Law on electronic commerce came into being to facilitate the use of electronic commerce that is
acceptable to states with different legal, social and economic system and thus the way was paved
for smooth and harmonious international economic relations. The states were urged to modify
their legislation governing the use of the alternatives to paper form methods of communication
and storage of information and frame similar legislation where no such law is currently in force.

Needless to say India moved swiftly and promptly in this direction and the Indian Parliament
passed the Information Technology Act, 20007 on the pattern of the Modal Law on electronic
commerce. (UNCITRAL) adopted by the UN committee on International Trade Law and it came
in force on October 17, 2000. This proves the firm determination of the government of India to
make India the IT Super Power by 2008.8 It is worthwhile to emphasize that the Indian
Parliament has taken steps to incorporate the spirit of the General Assembly Recommendation in
the enactment of the Information Technology Act 2000.Moreover the Act has amended the
Indian Penal Code 1860, the Indian Evidence Act, I872, the Banker’s Books Evidence Act, 1891
and the Reserve Bank of India Act, 1934. The Act facilitates the International Trade and also
provides the alternative to paper based method of communication and storage of information.
The Act is in tune with (UNCITRAL) Model of Law on electronic commerce and is capable of
promoting efficient delivery of government services with the help of reliable electronic record.
The Indian Information Technology Act 2000 has fulfilled the International obligation by being
5
http://www.uncitral.org/pdf/english/texts/general/12-57491-Guide-to-UNCITRAL-
e.http://www.uncitral.org/pdf/english/texts/general/12-57491-Guide-to-UNCITRAL-e.pdf
6
Resolution No. A/RES/51/162 dated 30.01.1997
7
Passed by the Parliament on May, 2000 and received the assent of the President on 9th June, 2000, published in the
Gazette of India, Extraordinary, Pt. II, Sec. 1, dated 9th June, 2000.
8
http://deity.gov.in/content/functions-deit.

8
in tune with UNCITRAL’s Model of Law and also contains provision for promoting the national
and municipal needs and requirement of Information Technology.9

Types of Cyber Crimes

 Identity Theft: When personal information of a person is stolen with the purpose of
using their financial resources or to take a loan or credit card in their name then such
crime is known as Identity theft. Identity theft is the crime of obtaining the personal or
financial information of another person for the sole purpose of assuming that person's
name or identity to make transactions or purchases. Identity theft is committed in many
different ways. Some identity thieves sift through trash bins looking for bank account and
credit card statements; other more high-tech methods involve accessing corporate
databases to steal lists of customer information. Once they have the information they are
looking for, identity thieves can ruin a person's credit rating and the standing of other
personal information.
 Cyberbullying: When the teenager or adolescent harass, defame, embarrass or intimidate
somebody else with the use of the internet, phone, chat rooms, instant messaging or any
other social network then the person is said to be committing the crime of Cyberbullying.
When the same crime is done by the adults it is known as Cyberstalking. Cyberbullying is
bullying that takes place over digital devices like cell phones, computers, and tablets.
Cyberbullying can occur through SMS, Text, and apps, or online in social media, forums,
or gaming where people can view, participate in, or share content. Cyberbullying
includes sending, posting, or sharing negative, harmful, false, or mean content about
someone else. It can include sharing personal or private information about someone else
causing embarrassment or humiliation. Some cyberbullying crosses the line into unlawful
or criminal behavior.
 Cyberterrorism: When a threat of extortion or any kind of harm is being subjected
towards a person, organization, group or state, it is known as the crime of Cyber
Terrorism. Generally, it includes the well-planned attack strategies on the Government
and corporate computer system. Recently, though, we have seen a spate of smaller, less
sophisticated, yet no less appalling acts of terrorism across geographies that involve mass

9
the UNCITRAL’s Model Law on ECommerce

9
 casualties and fear-inducing events. And the type of threat will continue to change as new
technologies and opportunities reveal themselves to terrorist organizations – cyber
terrorism is an example of a newly developing frontier within the peril. Traditionally,
most cyber-attacks have been carried out by criminal organizations, with the majority of
incidents failing to register on an enterprise risk scale of businesses that faced significant
setbacks. In 2017, this dynamic changed with the WannaCry and NotPetya incidents.
These two attacks affected organizations in more than 150 countries, prompted business
interruption and other losses estimated at well over USD 300 million by some companies,
brought reputational damage, and resulted in loss of customer data. In December 2017,
the U.S. government took a rare step and attributed the WannaCry attack to hackers
backed by North Korea. WannaCry and NotPetya exposed a systemic risk and affected a
broad cross-section of businesses without specific targeting, demonstrating the potential
for escalation in the threat of cyber terrorism.
 Hacking: Hacking comes from the term “hacker”, which is someone who enjoys and is
an expert in computer programming languages and systems. Hacking, in this sense,
means using unusually complex and clever methods to make computers do things. For
some time, however, the popular press has used the word “hacker” and “hacking” in a
negative way to refer to individuals who try to get into computer systems in order to
steal, corrupt, or illegitimately view data. Hackers themselves maintain that the proper
term for such individuals is “cracker”, and that their activities should be called cracking.
However, in order to be consistent with the most common usage of the word, we use
“hacking” here to refer to unauthorized access. The most common cyber crime is
Hacking. In this crime, the person gets access to other person’s computers and passwords
to use it for their own wrongful gain. Using password cracking algorithm to gain access
to a system Computers have become mandatory to run a successful businesses. It is not
enough to have isolated computers systems; they need to be networked to facilitate
communication with external businesses. This exposes them to the outside world and
hacking. Hacking means using computers to commit fraudulent acts such as fraud,
privacy invasion, stealing corporate/personal data, etc. Cyber crimes cost many
organizations millions of dollars every year. Businesses need to protect themselves
against such attacks.

10
  Child pornography: Child pornography and prostitution are two of the most disturbing
issues in the world today. Millions of children, in virtually every country in the world,
become victims of sexual exploitation. Access to child pornography and prostitution in
Southeast Asia has increased during the 1990s due to the lack of government legislation
and enforcement protecting children. Japan is the world global leader of child
pornography on the Internet. Child pornography is the consequence of the exploitation or
sexual abuse against a child. It can be defined as any means of depicting or promoting
sexual abuse of a child, centered on a sexual act or the genital organs of children. It exists
in three main forms, visual, audio and text. It is put to use by pedophiles as a tool to
lower a child inhibitions and by showing other children in pornographic poses, entice that
child into compromising situations. These children range from a few months old to 18
years of age. It is these photographs, videotapes, films and magazines of children in
sexual poses and acts that make up the multimillion dollar global world of child
pornography. Although child prostitution has been around for thousands of years, it has
only achieved widespread recognition in the last few decades. One reason for its
increasing popularity, especially overseas, is the naïve belief that sex with a juvenile
prostitute is safer than sex with an adult prostitute. On the contrary, children are more
prone to sexually transmitted diseases, such as gonorrhea and HIV/AIDS, than adults.
These children are victims of the most overlooked form of child abuse; they are
vulnerable and crave attention, affection and love.

Objects of Information Technology Act, 2000

It is against this background the Government of India enacted its Information Technology Act
2000 with the objectives as follows, stated in the preface to the Act itself.

“to provide legal recognition for transactions carried out by means of electronic data interchange
and other means of electronic communication, commonly referred to as "electronic commerce",
which involve the use of alternatives to paper-based methods of communication and storage of
information, to facilitate electronic filing of documents with the Government agencies and
further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books
Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected
therewith or incidental thereto.”

11
The Information Technology Act, 2000, was thus passed as the Act No.21 of 2000, got President
Assent on 9 June and was made effective from 17 October 2000.

The Act essentially deals with the following issues:10

 Legal recognition of Electronic Documents

 Legal recognition of Digital Signatures
 Offences and Contraventions
 Justice Dispensation System for Cyber Crimes

Amendment Act of 2008

Being the first legislation in the nation on technology, computers and ecommerce and e-
communication, the Act was the subject of extensive debates, elaborate reviews and detailed
criticisms, with one arm of the industry criticizing some sections of the Act to be draconian and
other stating it is too diluted and lenient. There were some conspicuous omissions too resulting
in the investigators relying more and more on the time-tested (one and half century-old) Indian
Penal Code even in technology based cases with the I.T. Act also being referred in the process
and the reliance more on IPC rather on the ITA.

Thus the need for an amendment – a detailed one – was felt for the I.T. Act almost from the year
2003-04 itself. Major industry bodies were consulted and advisory groups were formed to go into
the perceived lacunae in the I.T. Act and comparing it with similar legislations in other nations
and to suggest recommendations. Such recommendations were analysed and subsequently taken
up as a comprehensive Amendment Act and after considerable administrative procedures, the
consolidated amendment called the Information Technology Amendment Act 2008 was placed in
the Parliament and passed without much debate, towards the end of 2008 (by which time the
Mumbai terrorist attack of 26 November 2008 had taken place). This Amendment Act got the
President assent on 5 Feb 2009 and was made effective from 27 October 2009.11

The Act totally has 13 chapters and 90 sections (the last four sections namely sections 91 to 94 in
the ITA 2000 dealt with the amendments to the four Acts namely the Indian Penal Code 1860,
The Indian Evidence Act 1872, The Bankers’ Books Evidence Act 1891 and the Reserve Bank of

10
Book on “IT” Security of IIBF Published by M/s TaxMann Publishers.
11
Book on “IT” Security of IIBF Published by M/s TaxMann Publishers

12
India Act 1934). The Act begins with preliminary and definitions and from there on the chapters
that follow deal with authentication of electronic records, digital signatures, electronic signatures
etc. Elaborate procedures for certifying authorities (for digital certificates as per IT Act -2000
and since replaced by electronic signatures in the ITAA -2008) have been spelt out. The civil
offence of data theft and the process of adjudication and appellate procedures have been
described. Then the Act goes on to define and describe some of the well-known cyber crimes and
lays down the punishments therefore. Then the concept of due diligence, role of intermediaries
and some miscellaneous provisions have been described.

Offences under Information Technology Act, 2000

The provisions of ITA has critically analysed the statutory provisions related to cyber offences
and their prevention, compensation and adjudication in this chapter. The following sections
under the Information Technology Act, 2000 has deals with the offences –

Penalty and Compensation for damage to computer, computer system, etc12

“If any person without permission of the owner or any other person who is incharge of a
computer, computer system or computer network,-

(a) Accesses or secures access to such computer, computer system or computer network or
computer resource13;

(b) downloads, copies or extracts any data, computer data base or information from such
computer, computer system or computer network including information or data held or stored in
any removable storage medium;

(c) Introduces or causes to be introduced any computer contaminant or computer virus into any
computer, computer system or computer network;

(d) damages or causes to be damaged any computer, computer system or computer network,
data, computer data base or any other programmes residing in such computer, computer system
or computer network;

(e) Disrupts or causes disruption of any computer, computer system or computer network;

12
Section 43 of the IT Act, 2000 as amended by ITAA, 2008
13
Inserted by Act 10 of 2009, sec. 21(b).

13
(f) Denies or causes the denial of access to any person authorised to access any computer,
computer system or computer network by any means;14

(g) provides any assistance to any person to facilitate access to a computer, computer system or
computer network in contravention of the provisions of this Act, rules or regulations made
thereunder;

(h) charges the services availed of by a person to the account of another person by tampering
with or manipulating any computer, computer system, or computer network,15

(i) destroy, deletes or alter any information residing in a computer resource or diminish its value
or utility or affect it injuriously by any means16;

(j) steal, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any
computer source code used for a computer resource with an intention to cause damage; he shall
be liable to pay damages by way of compensation to the person so affected.17

Section 43 of the act envisages the penalty for the damages to the computer, computer system,
etc. under this section; clauses have been identified for which the person, so misusing, damaging
or making unauthorized use of a computer, computer system o computer network, may be held
liable for the offences and may be made to pay compensation to the person who has been
adversely affected by his misdeeds.

Compensation to failure to protect data18

“Where a body corporate, possessing, dealing or handling any sensitive personal data or
information in a computer resource which it owns, controls or operates, is negligent in
implementing and maintaining reasonable security practices and procedures and thereby causes
wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages
by way of compensation to the person so affected.

Explanation -For the purposes of this section,-

14
This clause deals with ‘Denial of Service (DOS)attacks’
15
This clause deals with ‘Internet Time Theft’
16
Inserted by Act 10 of 2009, sec. 21(c).
17
Subs. by Act 10 of 2009, sec. 21(d), for “he shall be liable to pay damages by way of compensation not exceeding
one crore rupees to the person so affected.”
18
Section 43A of the IT Act, 2000, Inserted by Information Technology (Amendment) Act, 2008 (10 of 2009), s. 22
(w.e.f. 27-10-2009).

14
 (i) “Body corporate” means any company and includes a firm, sole proprietorship or
other association of individuals engaged in commercial or professional activities;
(ii) “reasonable security practices and procedures” means security practices and
procedures designed to protect such information from unauthorised access, damage,
use, modification, disclosure or impairment, as may be specified in an agreement
between the parties or as may be specified in any law for the time being in force and
in the absence of such agreement or any law, such reasonable security practices and
procedures, as may be prescribed by the Central Government in consultation with
such professional bodies or associations as it may deem fit;
(iii) “Sensitive personal data or information” means such personal information as may be
prescribed by the Central Government in consultation with such professional bodies
or associations as it may deem fit.”

Penalty to failure to furnish information, returns etc.19

“If any person who is required under this Act or any rules or regulations made thereunder to-

(a) furnish any document, return or report to the Controller or the Certifying Authority fails to
furnish the same, he shall be liable to a penalty not exceeding one lakh and fifty thousand rupees
for each such failure;

(b) file any return or furnish any information, books or other documents within the time specified
therefor in the regulations fails to file return or furnish the same within the time specified
therefor in the regulations, he shall be liable to a penalty not exceeding five thousand rupees for
every day during which such failure continues;

(c) Maintain books of account or records, fails to maintain the same, he shall be liable to a
penalty not exceeding ten thousand rupees for every day during which the failure continues.”

Section 44 deals with the penalty for failure to furnish information, return etc. it imposes heavy
penalties for different lapses on the part of any person who is required to furnish different
information, documents and files, etc. The words “any person” used in this section may be used
for a subscriber, certifying authority, auditor or any person in charge of computer resource. This
expression has very wide connotation. Any company and association or individual or body of
19
Section 44 of the IT Act, 2000.

15
individuals whether they are incorporated or not, or local authority, government organization or
agency may be included in the words “any person”.

Residuary penalty20

“Whoever contravenes any rules or regulations made under this Act, for the contravention of
which no penalty has been separately provided, shall be liable to pay a compensation not
exceeding twenty-five thousand rupees to the person affected by such contravention or a penalty
not exceeding twenty five thousand rupees.”

Section 45 of the Act deals with all such contraventions for which there is no separate provision
for the penalty provided under suctions 43 and 44. According to the provision of this section, if a
person contravenes any rules or regulations made under this Act and no penalty has been
separately provided for such contravention, he shall be held liable to pay compensation of up to
twenty-five thousand of rupees to another person who has been affected because of such
contravention or in the alternative, he will have to pay a penalty up to twenty-five thousand of
rupees. The penalty under this section is known as residuary penalty. The provisions of this
section shall apply only where sections 43 and 44 do not apply.

Thus, from the above, the legislative intent is clear. Question of ‘residuary penalty’ will arise
only when the penalty for damage to computer, computer system, computer network and penalty
for the failure to furnish information, return, etc. are not attracted.

The Supreme Court of India in the case of V. Jagannadha Rao v. State of Andhra Pradesh21 held
that “In the interpretation of statutes, the courts always presume that the legislature inserted
every part thereof for a purpose and the legislative intention is that every part of the statute
should have an effect.”

The apex court in the case of Director of Enforcement v. M.C.T.M. Corporation (P) Ltd22,
observed that the expression “penalty” is a word of wide significance. Sometimes, it means
recovery of an amount as a penal measure even in civil proceeding. An exaction, which is not
compensatory in character, is also termed as a “penalty,” When penalty is imposed by an

20
Section 45 of the IT Act, 2000
21
(2001) 10 SCC 401.
22
(1996) 2 SCC 471

16
adjudicating officer, it is done so in “ad judicatory proceedings” and not by Way of fine as a
result of “prosecution” of an “accused” for commission of an “offence” in a criminal courts.

Under this section of the Act, it is evident that an adjudication officer acts as a Quasi- Judicial
authority. The Supreme Court in the case of State of Maharashtra v. Marwanjee F. Desai,23held
that “Power of the authority to summon witnesses, enforce their attendance, examine them on
oath or require discovery and production of documents show the quasi judicial nature of
proceeding before the authority.”

Tampering with computer source documents24

“Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly

causes another to conceal, destroy, or alter any computer source code used for a computer,
computer programme, computer system or computer network, when the computer source code is
required to be kept or maintained by law for the time being in force, shall be punishable with
imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with
both.

Section 65 makes provision to deal with the cases of tempering with computer source
documents. The aim behind this section is to protect the intellectual property invested in the
computer programmes. It is an attempt to extend the protection of computer source documents
apart from what is available under the copyright laws. This section clearly stresses on two words
i.e. knowingly and tempering. It means a person shall be punished only if he knowingly or
intentionally tempers with the computer source documents. If his act is unintentional, he shall not
be liable to any punishment. As per explanation of to this section, the expression “computer
source code” has been conferred with a very wide meaning which includes not only the listing of
program, computer commands, design and layout, but also software programmes object code.

In the case of Bhim Sen Garg v. State Of Rajasthan And Ors25 - The Complaint against editor of
Newspaper for publication of a scandalous news item with an object to stigmatize image of a
particular Minister. The allegations were that the petitioner editor showed inability in providing
original CD on basis of which newspaper reporting was done. A copy of CD as provided

23
(2002) 2 SCC 318
24
Section 65 of the IT Act, 2000
25
2006 CriLJ 3643, RLW 2006 (3) Raj 2411, 2006 (4) WLC 579

17
allegedly by an employee of the newspaper on analysis was found interpolated. Fabrication of
the electronic record contained on the CD. Contents of FIR clearly indicate that clip disc
continuities out broken AV footage, post production editing. Whether impugned FIR is liable to
be quashed. Mere assertion of malafide alleged against the police officials and the Minister
concerned would not be enough. Whereas the content of FIR clearly indicates that the clips disc
continuities out broken AV footage, post production editing whereas Victim in her statement
deposed before the Magistrate under Section 164, Cr.P.C. categorically has not mentioned the
involvement of the Minister and his PA and this statement has been erased. And since the
petitioner himself has shown the inability to produce original CD, the copy of the same was
obtained and sent to the FSL for examination and the offence made out under Sections 465, 469,
471 and 120-B, IPC, which is cognizable. Thus the police officer is empowered to investigate
into matter under Section 156, Cr.P.C. As referred by the Learned Counsel for the petitioner
Section 465 deals with the punishment for forgery whoever commits forgery shall be punished
with imprisonment of either description for a term which may extend to two years, or with fine,
or with both, and after referring Section 465 of IPC. Learned Counsel for the petitioner tried to
make out the case that the petitioner cannot be liable for forgery until and unless clear allegation
against the petitioner is made out that the petitioner himself has fabricated/ tempered with the
electronic record. As evident by the reply submitted on behalf of the respondent and as not
disputed by the respondent and the petitioner that the copy of the CD was handed over by the
petitioner’s Accountant Shri K.M. Sharma in the office of Mahaka Bharat for which the
petitioner has instructed him on telephone and the allegation can only be established after
conducting the investigation. Now as per the test laid down by Hon’ble the Supreme Court, it is
to be seen that the FIR in question constitute any cognizable offence against the petitioner or not.
Bare perusal of the contents of the FIR and the factual aspect that the news which was published
in the Daily News Paper of the alleged involvement of Cabinet Minister Shri Rajendra Singh
Rathore in sex orgy on 21.09.2005 and during enquiry and after obtaining a copy of CD and the
report submitted by the FSL itself borne out that the CD is found tempered with and fabricated
and thus on the basis of the report of FSL the FIR No. 21/2006 registered by the Police against
the petitioner and in view of the test laid down by Hon’ble Supreme Court in the case of Bhajan

18
Lal26, the first information report at its face value cannot said to be false and prima facie
constitute offence and make out the case against the accused.

Offences under Indian Penal Code, 1860

Normally referred to as the IPC, this is a very powerful legislation and probably the most widely
used in criminal jurisprudence, serving as the main criminal code of India. Enacted originally in
1860 and amended many time since, it covers almost all substantive aspects of criminal law and
is supplemented by other criminal provisions. In independent India, many special laws have been
enacted with criminal and penal provisions which are often referred to and relied upon, as an
additional legal provision in cases which refer to the relevant provisions of IPC as well.

ITA 2000 has amended the sections dealing with records and documents in the IPC by inserting
the word ‘electronic’ thereby treating the electronic records and documents on a par with
physical records and documents. The Sections dealing with false entry in a record or false
document etc (eg 192, 204, 463, 464, 464, 468 to 470, 471, 474, 476 etc) have since been
amended as electronic record and electronic document thereby bringing within the ambit of IPC,
all crimes to an electronic record and electronic documents just like physical acts of forgery or
falsification of physical records. In practice, however, the investigating agencies file the cases
quoting the relevant sections from IPC in addition to those corresponding in ITA like offences
under IPC 463,464, 468 and 469 read with the ITA/ITAA Sections 43 and 66, to ensure the
evidence or punishment stated at least in either of the legislations can be brought about easily.

Procedure under Indian Evidence Act, 1872

This is another legislation amended by the ITA. Prior to the passing of ITA, all evidences in a
court were in the physical form only. With the ITA giving recognition to all electronic records
and documents, it was but natural that the evidentiary legislation in the nation be amended in
tune with it. In the definitions part of the Act itself, the “all documents including electronic
records” were substituted. Words like ‘digital signature’, ‘electronic form’, ‘secure electronic
record’ ‘information’ as used in the ITA, were all inserted to make them part of the evidentiary
mechanism in legislations. Admissibility of electronic records as evidence as enshrined in
Section 65B of the Act assumes significance. This is an elaborate section and a landmark piece

26
State of Haryana and Ors. v. Bhajan Lal and Ors. AIR 1992 SC 604.

19
of legislation in the area of evidences produced from a computer or electronic device. Any
information contained in an electronic record which is printed on a paper, stored, recorded or
copied in optical or magnetic media produced by a computer shall be treated like a document,
without further proof or production of the original, if the conditions like these are satisfied:

(a) The computer output containing the information was produced by the computer during the
period over which the computer was used regularly by lawful persons.

(b) The information derived was regularly fed into the computer in the ordinary course of the
said activities;

(c) Throughout the material part of the said period, the computer was operating properly and a
certificate signed by a person responsible etc.

Conclusion

To sum up, though a crime-free society is Utopian and exists only in dreamland, it should be
constant endeavour of rules to keep the crimes lowest. “Especially in a society that is dependent
more and more on technology, crime based on electronic offences are bound to increase and the
20
law makers have to go the extra mile compared to the fraudsters, to keep them at bay.
Technology is always a double-edged sword and can be used for both the purposes – good or
bad. Steganography, Trojan Horse, Scavenging are all technologies and per se not crimes, but
falling into the wrong hands with a criminal intent who are out to capitalize them or misuse
them, they come into the gamut of cyber crime and become punishable offences. 27 Hence, it
should be the persistent efforts of rulers and law makers to ensure that technology grows in a
healthy manner and is used for legal and ethical business growth and not for committing crimes.
It is very clear from the above stated legislations and facts that India doesn’t have very powerful
laws regarding cyber security and Internet Security Laws. There is always need of legislations
which prohibit such heinous acts which affect our society at large”.28

27
Book on “IT” Security of IIBF Published by M/s TaxMann Publishers
28
Book on “IT” Security of IIBF Published by M/s TaxMann Publishers

21